1016 files changed, 90198 insertions, 61155 deletions
diff --git a/lib/libssl/src/CHANGES b/lib/libssl/src/CHANGES
new file mode 100644
index 00000000000..d0db7eaf61b
--- /dev/null
+++ b/lib/libssl/src/CHANGES
@@ -0,0 +1,1624 @@
+
+ OpenSSL CHANGES
+ _______________
+
+ Changes between 0.9.3a and 0.9.4  [09 Aug 1999]
+  
+  *) Install libRSAglue.a when OpenSSL is built with RSAref.
+     [Ralf S. Engelschall]
+
+  *) A few more ``#ifndef NO_FP_API / #endif'' pairs for consistency.
+     [Andrija Antonijevic <TheAntony2@bigfoot.com>]
+
+  *) Fix -startdate and -enddate (which was missing) arguments to 'ca'
+     program.
+     [Steve Henson]
+
+  *) New function DSA_dup_DH, which duplicates DSA parameters/keys as
+     DH parameters/keys (q is lost during that conversion, but the resulting
+     DH parameters contain its length).
+
+     For 1024-bit p, DSA_generate_parameters followed by DSA_dup_DH is
+     much faster than DH_generate_parameters (which creates parameters
+     where p = 2*q + 1), and also the smaller q makes DH computations
+     much more efficient (160-bit exponentiation instead of 1024-bit
+     exponentiation); so this provides a convenient way to support DHE
+     ciphersuites in SSL/TLS servers (see ssl/ssltest.c).  It is of
+     utter importance to use
+         SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
+     or
+         SSL_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
+     when such DH parameters are used, because otherwise small subgroup
+     attacks may become possible!
+     [Bodo Moeller]
+
+  *) Avoid memory leak in i2d_DHparams.
+     [Bodo Moeller]
+
+  *) Allow the -k option to be used more than once in the enc program:
+     this allows the same encrypted message to be read by multiple recipients.
+     [Steve Henson]
+
+  *) New function OBJ_obj2txt(buf, buf_len, a, no_name), this converts
+     an ASN1_OBJECT to a text string. If the "no_name" parameter is set then
+     it will always use the numerical form of the OID, even if it has a short
+     or long name.
+     [Steve Henson]
+
+  *) Added an extra RSA flag: RSA_FLAG_EXT_PKEY. Previously the rsa_mod_exp
+     method only got called if p,q,dmp1,dmq1,iqmp components were present,
+     otherwise bn_mod_exp was called. In the case of hardware keys for example
+     no private key components need be present and it might store extra data
+     in the RSA structure, which cannot be accessed from bn_mod_exp. By setting
+     RSA_FLAG_EXT_PKEY rsa_mod_exp will always be called for private key
+     operations.
+     [Steve Henson]
+
+  *) Added support for SPARC Linux.
+     [Andy Polyakov]
+
+  *) pem_password_cb function type incompatibly changed from
+          typedef int pem_password_cb(char *buf, int size, int rwflag);
+     to
+          ....(char *buf, int size, int rwflag, void *userdata);
+     so that applications can pass data to their callbacks:
+     The PEM[_ASN1]_{read,write}... functions and macros now take an
+     additional void * argument, which is just handed through whenever
+     the password callback is called.
+     [Damien Miller <dmiller@ilogic.com.au>, with tiny changes by Bodo Moeller]
+
+     New function SSL_CTX_set_default_passwd_cb_userdata.
+
+     Compatibility note: As many C implementations push function arguments
+     onto the stack in reverse order, the new library version is likely to
+     interoperate with programs that have been compiled with the old
+     pem_password_cb definition (PEM_whatever takes some data that
+     happens to be on the stack as its last argument, and the callback
+     just ignores this garbage); but there is no guarantee whatsoever that
+     this will work.
+
+  *) The -DPLATFORM="\"$(PLATFORM)\"" definition and the similar -DCFLAGS=...
+     (both in crypto/Makefile.ssl for use by crypto/cversion.c) caused
+     problems not only on Windows, but also on some Unix platforms.
+     To avoid problematic command lines, these definitions are now in an
+     auto-generated file crypto/buildinf.h (created by crypto/Makefile.ssl
+     for standard "make" builds, by util/mk1mf.pl for "mk1mf" builds).
+     [Bodo Moeller]
+
+  *) MIPS III/IV assembler module is reimplemented.
+     [Andy Polyakov]
+
+  *) More DES library cleanups: remove references to srand/rand and
+     delete an unused file.
+     [Ulf M�ller]
+
+  *) Add support for the the free Netwide assembler (NASM) under Win32,
+     since not many people have MASM (ml) and it can be hard to obtain.
+     This is currently experimental but it seems to work OK and pass all
+     the tests. Check out INSTALL.W32 for info.
+     [Steve Henson]
+
+  *) Fix memory leaks in s3_clnt.c: All non-anonymous SSL3/TLS1 connections
+     without temporary keys kept an extra copy of the server key,
+     and connections with temporary keys did not free everything in case
+     of an error.
+     [Bodo Moeller]
+
+  *) New function RSA_check_key and new openssl rsa option -check
+     for verifying the consistency of RSA keys.
+     [Ulf Moeller, Bodo Moeller]
+
+  *) Various changes to make Win32 compile work: 
+     1. Casts to avoid "loss of data" warnings in p5_crpt2.c
+     2. Change unsigned int to int in b_dump.c to avoid "signed/unsigned
+        comparison" warnings.
+     3. Add sk_<TYPE>_sort to DEF file generator and do make update.
+     [Steve Henson]
+
+  *) Add a debugging option to PKCS#5 v2 key generation function: when
+     you #define DEBUG_PKCS5V2 passwords, salts, iteration counts and
+     derived keys are printed to stderr.
+     [Steve Henson]
+
+  *) Copy the flags in ASN1_STRING_dup().
+     [Roman E. Pavlov <pre@mo.msk.ru>]
+
+  *) The x509 application mishandled signing requests containing DSA
+     keys when the signing key was also DSA and the parameters didn't match.
+
+     It was supposed to omit the parameters when they matched the signing key:
+     the verifying software was then supposed to automatically use the CA's
+     parameters if they were absent from the end user certificate.
+
+     Omitting parameters is no longer recommended. The test was also
+     the wrong way round! This was probably due to unusual behaviour in
+     EVP_cmp_parameters() which returns 1 if the parameters match. 
+     This meant that parameters were omitted when they *didn't* match and
+     the certificate was useless. Certificates signed with 'ca' didn't have
+     this bug.
+     [Steve Henson, reported by Doug Erickson <Doug.Erickson@Part.NET>]
+
+  *) Memory leak checking (-DCRYPTO_MDEBUG) had some problems.
+     The interface is as follows:
+     Applications can use
+         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) aka MemCheck_start(),
+         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) aka MemCheck_stop();
+     "off" is now the default.
+     The library internally uses
+         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) aka MemCheck_off(),
+         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE) aka MemCheck_on()
+     to disable memory-checking temporarily.
+
+     Some inconsistent states that previously were possible (and were
+     even the default) are now avoided.
+
+     -DCRYPTO_MDEBUG_TIME is new and additionally stores the current time
+     with each memory chunk allocated; this is occasionally more helpful
+     than just having a counter.
+
+     -DCRYPTO_MDEBUG_THREAD is also new and adds the thread ID.
+
+     -DCRYPTO_MDEBUG_ALL enables all of the above, plus any future
+     extensions.
+     [Bodo Moeller]
+
+  *) Introduce "mode" for SSL structures (with defaults in SSL_CTX),
+     which largely parallels "options", but is for changing API behaviour,
+     whereas "options" are about protocol behaviour.
+     Initial "mode" flags are:
+
+     SSL_MODE_ENABLE_PARTIAL_WRITE   Allow SSL_write to report success when
+                                     a single record has been written.
+     SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER  Don't insist that SSL_write
+                                     retries use the same buffer location.
+                                     (But all of the contents must be
+                                     copied!)
+     [Bodo Moeller]
+
+  *) Bugfix: SSL_set_mode ignored its parameter, only SSL_CTX_set_mode
+     worked.
+
+  *) Fix problems with no-hmac etc.
+     [Ulf M�ller, pointed out by Brian Wellington <bwelling@tislabs.com>]
+
+  *) New functions RSA_get_default_method(), RSA_set_method() and
+     RSA_get_method(). These allows replacement of RSA_METHODs without having
+     to mess around with the internals of an RSA structure.
+     [Steve Henson]
+
+  *) Fix memory leaks in DSA_do_sign and DSA_is_prime.
+     Also really enable memory leak checks in openssl.c and in some
+     test programs.
+     [Chad C. Mulligan, Bodo Moeller]
+
+  *) Fix a bug in d2i_ASN1_INTEGER() and i2d_ASN1_INTEGER() which can mess
+     up the length of negative integers. This has now been simplified to just
+     store the length when it is first determined and use it later, rather
+     than trying to keep track of where data is copied and updating it to
+     point to the end.
+     [Steve Henson, reported by Brien Wheeler
+      <bwheeler@authentica-security.com>]
+
+  *) Add a new function PKCS7_signatureVerify. This allows the verification
+     of a PKCS#7 signature but with the signing certificate passed to the
+     function itself. This contrasts with PKCS7_dataVerify which assumes the
+     certificate is present in the PKCS#7 structure. This isn't always the
+     case: certificates can be omitted from a PKCS#7 structure and be
+     distributed by "out of band" means (such as a certificate database).
+     [Steve Henson]
+
+  *) Complete the PEM_* macros with DECLARE_PEM versions to replace the
+     function prototypes in pem.h, also change util/mkdef.pl to add the
+     necessary function names. 
+     [Steve Henson]
+
+  *) mk1mf.pl (used by Windows builds) did not properly read the
+     options set by Configure in the top level Makefile, and Configure
+     was not even able to write more than one option correctly.
+     Fixed, now "no-idea no-rc5 -DCRYPTO_MDEBUG" etc. works as intended.
+     [Bodo Moeller]
+
+  *) New functions CONF_load_bio() and CONF_load_fp() to allow a config
+     file to be loaded from a BIO or FILE pointer. The BIO version will
+     for example allow memory BIOs to contain config info.
+     [Steve Henson]
+
+  *) New function "CRYPTO_num_locks" that returns CRYPTO_NUM_LOCKS.
+     Whoever hopes to achieve shared-library compatibility across versions
+     must use this, not the compile-time macro.
+     (Exercise 0.9.4: Which is the minimum library version required by
+     such programs?)
+     Note: All this applies only to multi-threaded programs, others don't
+     need locks.
+     [Bodo Moeller]
+
+  *) Add missing case to s3_clnt.c state machine -- one of the new SSL tests
+     through a BIO pair triggered the default case, i.e.
+     SSLerr(...,SSL_R_UNKNOWN_STATE).
+     [Bodo Moeller]
+
+  *) New "BIO pair" concept (crypto/bio/bss_bio.c) so that applications
+     can use the SSL library even if none of the specific BIOs is
+     appropriate.
+     [Bodo Moeller]
+
+  *) Fix a bug in i2d_DSAPublicKey() which meant it returned the wrong value
+     for the encoded length.
+     [Jeon KyoungHo <khjeon@sds.samsung.co.kr>]
+
+  *) Add initial documentation of the X509V3 functions.
+     [Steve Henson]
+
+  *) Add a new pair of functions PEM_write_PKCS8PrivateKey() and 
+     PEM_write_bio_PKCS8PrivateKey() that are equivalent to
+     PEM_write_PrivateKey() and PEM_write_bio_PrivateKey() but use the more
+     secure PKCS#8 private key format with a high iteration count.
+     [Steve Henson]
+
+  *) Fix determination of Perl interpreter: A perl or perl5
+     _directory_ in $PATH was also accepted as the interpreter.
+     [Ralf S. Engelschall]
+
+  *) Fix demos/sign/sign.c: well there wasn't anything strictly speaking
+     wrong with it but it was very old and did things like calling
+     PEM_ASN1_read() directly and used MD5 for the hash not to mention some
+     unusual formatting.
+     [Steve Henson]
+
+  *) Fix demos/selfsign.c: it used obsolete and deleted functions, changed
+     to use the new extension code.
+     [Steve Henson]
+
+  *) Implement the PEM_read/PEM_write functions in crypto/pem/pem_all.c
+     with macros. This should make it easier to change their form, add extra
+     arguments etc. Fix a few PEM prototypes which didn't have cipher as a
+     constant.
+     [Steve Henson]
+
+  *) Add to configuration table a new entry that can specify an alternative
+     name for unistd.h (for pre-POSIX systems); we need this for NeXTstep,
+     according to Mark Crispin <MRC@Panda.COM>.
+     [Bodo Moeller]
+
+#if 0
+  *) DES CBC did not update the IV. Weird.
+     [Ben Laurie]
+#else
+     des_cbc_encrypt does not update the IV, but des_ncbc_encrypt does.
+     Changing the behaviour of the former might break existing programs --
+     where IV updating is needed, des_ncbc_encrypt can be used.
+#endif
+
+  *) When bntest is run from "make test" it drives bc to check its
+     calculations, as well as internally checking them. If an internal check
+     fails, it needs to cause bc to give a non-zero result or make test carries
+     on without noticing the failure. Fixed.
+     [Ben Laurie]
+
+  *) DES library cleanups.
+     [Ulf M�ller]
+
+  *) Add support for PKCS#5 v2.0 PBE algorithms. This will permit PKCS#8 to be
+     used with any cipher unlike PKCS#5 v1.5 which can at most handle 64 bit
+     ciphers. NOTE: although the key derivation function has been verified
+     against some published test vectors it has not been extensively tested
+     yet. Added a -v2 "cipher" option to pkcs8 application to allow the use
+     of v2.0.
+     [Steve Henson]
+
+  *) Instead of "mkdir -p", which is not fully portable, use new
+     Perl script "util/mkdir-p.pl".
+     [Bodo Moeller]
+
+  *) Rewrite the way password based encryption (PBE) is handled. It used to
+     assume that the ASN1 AlgorithmIdentifier parameter was a PBEParameter
+     structure. This was true for the PKCS#5 v1.5 and PKCS#12 PBE algorithms
+     but doesn't apply to PKCS#5 v2.0 where it can be something else. Now
+     the 'parameter' field of the AlgorithmIdentifier is passed to the
+     underlying key generation function so it must do its own ASN1 parsing.
+     This has also changed the EVP_PBE_CipherInit() function which now has a
+     'parameter' argument instead of literal salt and iteration count values
+     and the function EVP_PBE_ALGOR_CipherInit() has been deleted.
+     [Steve Henson]
+
+  *) Support for PKCS#5 v1.5 compatible password based encryption algorithms
+     and PKCS#8 functionality. New 'pkcs8' application linked to openssl.
+     Needed to change the PEM_STRING_EVP_PKEY value which was just "PRIVATE
+     KEY" because this clashed with PKCS#8 unencrypted string. Since this
+     value was just used as a "magic string" and not used directly its
+     value doesn't matter.
+     [Steve Henson]
+
+  *) Introduce some semblance of const correctness to BN. Shame C doesn't
+     support mutable.
+     [Ben Laurie]
+
+  *) "linux-sparc64" configuration (ultrapenguin).
+     [Ray Miller <ray.miller@oucs.ox.ac.uk>]
+     "linux-sparc" configuration.
+     [Christian Forster <fo@hawo.stw.uni-erlangen.de>]
+
+  *) config now generates no-xxx options for missing ciphers.
+     [Ulf M�ller]
+
+  *) Support the EBCDIC character set (work in progress).
+     File ebcdic.c not yet included because it has a different license.
+     [Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>]
+
+  *) Support BS2000/OSD-POSIX.
+     [Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>]
+
+  *) Make callbacks for key generation use void * instead of char *.
+     [Ben Laurie]
+
+  *) Make S/MIME samples compile (not yet tested).
+     [Ben Laurie]
+
+  *) Additional typesafe stacks.
+     [Ben Laurie]
+
+  *) New configuration variants "bsdi-elf-gcc" (BSD/OS 4.x).
+     [Bodo Moeller]
+
+
+ Changes between 0.9.3 and 0.9.3a  [29 May 1999]
+
+  *) New configuration variant "sco5-gcc".
+
+  *) Updated some demos.
+     [Sean O Riordain, Wade Scholine]
+
+  *) Add missing BIO_free at exit of pkcs12 application.
+     [Wu Zhigang]
+
+  *) Fix memory leak in conf.c.
+     [Steve Henson]
+
+  *) Updates for Win32 to assembler version of MD5.
+     [Steve Henson]
+
+  *) Set #! path to perl in apps/der_chop to where we found it
+     instead of using a fixed path.
+     [Bodo Moeller]
+
+  *) SHA library changes for irix64-mips4-cc.
+     [Andy Polyakov]
+
+  *) Improvements for VMS support.
+     [Richard Levitte]
+
+
+ Changes between 0.9.2b and 0.9.3  [24 May 1999]
+
+  *) Bignum library bug fix. IRIX 6 passes "make test" now!
+     This also avoids the problems with SC4.2 and unpatched SC5.  
+     [Andy Polyakov <appro@fy.chalmers.se>]
+
+  *) New functions sk_num, sk_value and sk_set to replace the previous macros.
+     These are required because of the typesafe stack would otherwise break 
+     existing code. If old code used a structure member which used to be STACK
+     and is now STACK_OF (for example cert in a PKCS7_SIGNED structure) with
+     sk_num or sk_value it would produce an error because the num, data members
+     are not present in STACK_OF. Now it just produces a warning. sk_set
+     replaces the old method of assigning a value to sk_value
+     (e.g. sk_value(x, i) = y) which the library used in a few cases. Any code
+     that does this will no longer work (and should use sk_set instead) but
+     this could be regarded as a "questionable" behaviour anyway.
+     [Steve Henson]
+
+  *) Fix most of the other PKCS#7 bugs. The "experimental" code can now
+     correctly handle encrypted S/MIME data.
+     [Steve Henson]
+
+  *) Change type of various DES function arguments from des_cblock
+     (which means, in function argument declarations, pointer to char)
+     to des_cblock * (meaning pointer to array with 8 char elements),
+     which allows the compiler to do more typechecking; it was like
+     that back in SSLeay, but with lots of ugly casts.
+
+     Introduce new type const_des_cblock.
+     [Bodo Moeller]
+
+  *) Reorganise the PKCS#7 library and get rid of some of the more obvious
+     problems: find RecipientInfo structure that matches recipient certificate
+     and initialise the ASN1 structures properly based on passed cipher.
+     [Steve Henson]
+
+  *) Belatedly make the BN tests actually check the results.
+     [Ben Laurie]
+
+  *) Fix the encoding and decoding of negative ASN1 INTEGERS and conversion
+     to and from BNs: it was completely broken. New compilation option
+     NEG_PUBKEY_BUG to allow for some broken certificates that encode public
+     key elements as negative integers.
+     [Steve Henson]
+
+  *) Reorganize and speed up MD5.
+     [Andy Polyakov <appro@fy.chalmers.se>]
+
+  *) VMS support.
+     [Richard Levitte <richard@levitte.org>]
+
+  *) New option -out to asn1parse to allow the parsed structure to be
+     output to a file. This is most useful when combined with the -strparse
+     option to examine the output of things like OCTET STRINGS.
+     [Steve Henson]
+
+  *) Make SSL library a little more fool-proof by not requiring any longer
+     that SSL_set_{accept,connect}_state be called before
+     SSL_{accept,connect} may be used (SSL_set_..._state is omitted
+     in many applications because usually everything *appeared* to work as
+     intended anyway -- now it really works as intended).
+     [Bodo Moeller]
+
+  *) Move openssl.cnf out of lib/.
+     [Ulf M�ller]
+
+  *) Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall
+     -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes
+     -Wmissing-declarations -Wnested-externs -Winline'' with EGCS 1.1.2+ 
+     [Ralf S. Engelschall]
+
+  *) Various fixes to the EVP and PKCS#7 code. It may now be able to
+     handle PKCS#7 enveloped data properly.
+     [Sebastian Akerman <sak@parallelconsulting.com>, modified by Steve]
+
+  *) Create a duplicate of the SSL_CTX's CERT in SSL_new instead of
+     copying pointers.  The cert_st handling is changed by this in
+     various ways (and thus what used to be known as ctx->default_cert
+     is now called ctx->cert, since we don't resort to s->ctx->[default_]cert
+     any longer when s->cert does not give us what we need).
+     ssl_cert_instantiate becomes obsolete by this change.
+     As soon as we've got the new code right (possibly it already is?),
+     we have solved a couple of bugs of the earlier code where s->cert
+     was used as if it could not have been shared with other SSL structures.
+
+     Note that using the SSL API in certain dirty ways now will result
+     in different behaviour than observed with earlier library versions:
+     Changing settings for an SSL_CTX *ctx after having done s = SSL_new(ctx)
+     does not influence s as it used to.
+     
+     In order to clean up things more thoroughly, inside SSL_SESSION
+     we don't use CERT any longer, but a new structure SESS_CERT
+     that holds per-session data (if available); currently, this is
+     the peer's certificate chain and, for clients, the server's certificate
+     and temporary key.  CERT holds only those values that can have
+     meaningful defaults in an SSL_CTX.
+     [Bodo Moeller]
+
+  *) New function X509V3_EXT_i2d() to create an X509_EXTENSION structure
+     from the internal representation. Various PKCS#7 fixes: remove some
+     evil casts and set the enc_dig_alg field properly based on the signing
+     key type.
+     [Steve Henson]
+
+  *) Allow PKCS#12 password to be set from the command line or the
+     environment. Let 'ca' get its config file name from the environment
+     variables "OPENSSL_CONF" or "SSLEAY_CONF" (for consistency with 'req'
+     and 'x509').
+     [Steve Henson]
+
+  *) Allow certificate policies extension to use an IA5STRING for the
+     organization field. This is contrary to the PKIX definition but
+     VeriSign uses it and IE5 only recognises this form. Document 'x509'
+     extension option.
+     [Steve Henson]
+
+  *) Add PEDANTIC compiler flag to allow compilation with gcc -pedantic,
+     without disallowing inline assembler and the like for non-pedantic builds.
+     [Ben Laurie]
+
+  *) Support Borland C++ builder.
+     [Janez Jere <jj@void.si>, modified by Ulf M�ller]
+
+  *) Support Mingw32.
+     [Ulf M�ller]
+
+  *) SHA-1 cleanups and performance enhancements.
+     [Andy Polyakov <appro@fy.chalmers.se>]
+
+  *) Sparc v8plus assembler for the bignum library.
+     [Andy Polyakov <appro@fy.chalmers.se>]
+
+  *) Accept any -xxx and +xxx compiler options in Configure.
+     [Ulf M�ller]
+
+  *) Update HPUX configuration.
+     [Anonymous]
+  
+  *) Add missing sk_<type>_unshift() function to safestack.h
+     [Ralf S. Engelschall]
+
+  *) New function SSL_CTX_use_certificate_chain_file that sets the
+     "extra_cert"s in addition to the certificate.  (This makes sense
+     only for "PEM" format files, as chains as a whole are not
+     DER-encoded.)
+     [Bodo Moeller]
+
+  *) Support verify_depth from the SSL API.
+     x509_vfy.c had what can be considered an off-by-one-error:
+     Its depth (which was not part of the external interface)
+     was actually counting the number of certificates in a chain;
+     now it really counts the depth.
+     [Bodo Moeller]
+
+  *) Bugfix in crypto/x509/x509_cmp.c: The SSLerr macro was used
+     instead of X509err, which often resulted in confusing error
+     messages since the error codes are not globally unique
+     (e.g. an alleged error in ssl3_accept when a certificate
+     didn't match the private key).
+
+  *) New function SSL_CTX_set_session_id_context that allows to set a default
+     value (so that you don't need SSL_set_session_id_context for each
+     connection using the SSL_CTX).
+     [Bodo Moeller]
+
+  *) OAEP decoding bug fix.
+     [Ulf M�ller]
+
+  *) Support INSTALL_PREFIX for package builders, as proposed by
+     David Harris.
+     [Bodo Moeller]
+
+  *) New Configure options "threads" and "no-threads".  For systems
+     where the proper compiler options are known (currently Solaris
+     and Linux), "threads" is the default.
+     [Bodo Moeller]
+
+  *) New script util/mklink.pl as a faster substitute for util/mklink.sh.
+     [Bodo Moeller]
+
+  *) Install various scripts to $(OPENSSLDIR)/misc, not to
+     $(INSTALLTOP)/bin -- they shouldn't clutter directories
+     such as /usr/local/bin.
+     [Bodo Moeller]
+
+  *) "make linux-shared" to build shared libraries.
+     [Niels Poppe <niels@netbox.org>]
+
+  *) New Configure option no-<cipher> (rsa, idea, rc5, ...).
+     [Ulf M�ller]
+
+  *) Add the PKCS#12 API documentation to openssl.txt. Preliminary support for
+     extension adding in x509 utility.
+     [Steve Henson]
+
+  *) Remove NOPROTO sections and error code comments.
+     [Ulf M�ller]
+
+  *) Partial rewrite of the DEF file generator to now parse the ANSI
+     prototypes.
+     [Steve Henson]
+
+  *) New Configure options --prefix=DIR and --openssldir=DIR.
+     [Ulf M�ller]
+
+  *) Complete rewrite of the error code script(s). It is all now handled
+     by one script at the top level which handles error code gathering,
+     header rewriting and C source file generation. It should be much better
+     than the old method: it now uses a modified version of Ulf's parser to
+     read the ANSI prototypes in all header files (thus the old K&R definitions
+     aren't needed for error creation any more) and do a better job of
+     translating function codes into names. The old 'ASN1 error code imbedded
+     in a comment' is no longer necessary and it doesn't use .err files which
+     have now been deleted. Also the error code call doesn't have to appear all
+     on one line (which resulted in some large lines...).
+     [Steve Henson]
+
+  *) Change #include filenames from <foo.h> to <openssl/foo.h>.
+     [Bodo Moeller]
+
+  *) Change behaviour of ssl2_read when facing length-0 packets: Don't return
+     0 (which usually indicates a closed connection), but continue reading.
+     [Bodo Moeller]
+
+  *) Fix some race conditions.
+     [Bodo Moeller]
+
+  *) Add support for CRL distribution points extension. Add Certificate
+     Policies and CRL distribution points documentation.
+     [Steve Henson]
+
+  *) Move the autogenerated header file parts to crypto/opensslconf.h.
+     [Ulf M�ller]
+
+  *) Fix new 56-bit DES export ciphersuites: they were using 7 bytes instead of
+     8 of keying material. Merlin has also confirmed interop with this fix
+     between OpenSSL and Baltimore C/SSL 2.0 and J/SSL 2.0.
+     [Merlin Hughes <merlin@baltimore.ie>]
+
+  *) Fix lots of warnings.
+     [Richard Levitte <levitte@stacken.kth.se>]
+ 
+  *) In add_cert_dir() in crypto/x509/by_dir.c, break out of the loop if
+     the directory spec didn't end with a LIST_SEPARATOR_CHAR.
+     [Richard Levitte <levitte@stacken.kth.se>]
+ 
+  *) Fix problems with sizeof(long) == 8.
+     [Andy Polyakov <appro@fy.chalmers.se>]
+
+  *) Change functions to ANSI C.
+     [Ulf M�ller]
+
+  *) Fix typos in error codes.
+     [Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>, Ulf M�ller]
+
+  *) Remove defunct assembler files from Configure.
+     [Ulf M�ller]
+
+  *) SPARC v8 assembler BIGNUM implementation.
+     [Andy Polyakov <appro@fy.chalmers.se>]
+
+  *) Support for Certificate Policies extension: both print and set.
+     Various additions to support the r2i method this uses.
+     [Steve Henson]
+
+  *) A lot of constification, and fix a bug in X509_NAME_oneline() that could
+     return a const string when you are expecting an allocated buffer.
+     [Ben Laurie]
+
+  *) Add support for ASN1 types UTF8String and VISIBLESTRING, also the CHOICE
+     types DirectoryString and DisplayText.
+     [Steve Henson]
+
+  *) Add code to allow r2i extensions to access the configuration database,
+     add an LHASH database driver and add several ctx helper functions.
+     [Steve Henson]
+
+  *) Fix an evil bug in bn_expand2() which caused various BN functions to
+     fail when they extended the size of a BIGNUM.
+     [Steve Henson]
+
+  *) Various utility functions to handle SXNet extension. Modify mkdef.pl to
+     support typesafe stack.
+     [Steve Henson]
+
+  *) Fix typo in SSL_[gs]et_options().
+     [Nils Frostberg <nils@medcom.se>]
+
+  *) Delete various functions and files that belonged to the (now obsolete)
+     old X509V3 handling code.
+     [Steve Henson]
+
+  *) New Configure option "rsaref".
+     [Ulf M�ller]
+
+  *) Don't auto-generate pem.h.
+     [Bodo Moeller]
+
+  *) Introduce type-safe ASN.1 SETs.
+     [Ben Laurie]
+
+  *) Convert various additional casted stacks to type-safe STACK_OF() variants.
+     [Ben Laurie, Ralf S. Engelschall, Steve Henson]
+
+  *) Introduce type-safe STACKs. This will almost certainly break lots of code
+     that links with OpenSSL (well at least cause lots of warnings), but fear
+     not: the conversion is trivial, and it eliminates loads of evil casts. A
+     few STACKed things have been converted already. Feel free to convert more.
+     In the fullness of time, I'll do away with the STACK type altogether.
+     [Ben Laurie]
+
+  *) Add `openssl ca -revoke <certfile>' facility which revokes a certificate
+     specified in <certfile> by updating the entry in the index.txt file.
+     This way one no longer has to edit the index.txt file manually for
+     revoking a certificate. The -revoke option does the gory details now.
+     [Massimiliano Pala <madwolf@openca.org>, Ralf S. Engelschall]
+
+  *) Fix `openssl crl -noout -text' combination where `-noout' killed the
+     `-text' option at all and this way the `-noout -text' combination was
+     inconsistent in `openssl crl' with the friends in `openssl x509|rsa|dsa'.
+     [Ralf S. Engelschall]
+
+  *) Make sure a corresponding plain text error message exists for the
+     X509_V_ERR_CERT_REVOKED/23 error number which can occur when a
+     verify callback function determined that a certificate was revoked.
+     [Ralf S. Engelschall]
+
+  *) Bugfix: In test/testenc, don't test "openssl <cipher>" for
+     ciphers that were excluded, e.g. by -DNO_IDEA.  Also, test
+     all available cipers including rc5, which was forgotten until now.
+     In order to let the testing shell script know which algorithms
+     are available, a new (up to now undocumented) command
+     "openssl list-cipher-commands" is used.
+     [Bodo Moeller]
+
+  *) Bugfix: s_client occasionally would sleep in select() when
+     it should have checked SSL_pending() first.
+     [Bodo Moeller]
+
+  *) New functions DSA_do_sign and DSA_do_verify to provide access to
+     the raw DSA values prior to ASN.1 encoding.
+     [Ulf M�ller]
+
+  *) Tweaks to Configure
+     [Niels Poppe <niels@netbox.org>]
+
+  *) Add support for PKCS#5 v2.0 ASN1 PBES2 structures. No other support,
+     yet...
+     [Steve Henson]
+
+  *) New variables $(RANLIB) and $(PERL) in the Makefiles.
+     [Ulf M�ller]
+
+  *) New config option to avoid instructions that are illegal on the 80386.
+     The default code is faster, but requires at least a 486.
+     [Ulf M�ller]
+  
+  *) Got rid of old SSL2_CLIENT_VERSION (inconsistently used) and
+     SSL2_SERVER_VERSION (not used at all) macros, which are now the
+     same as SSL2_VERSION anyway.
+     [Bodo Moeller]
+
+  *) New "-showcerts" option for s_client.
+     [Bodo Moeller]
+
+  *) Still more PKCS#12 integration. Add pkcs12 application to openssl
+     application. Various cleanups and fixes.
+     [Steve Henson]
+
+  *) More PKCS#12 integration. Add new pkcs12 directory with Makefile.ssl and
+     modify error routines to work internally. Add error codes and PBE init
+     to library startup routines.
+     [Steve Henson]
+
+  *) Further PKCS#12 integration. Added password based encryption, PKCS#8 and
+     packing functions to asn1 and evp. Changed function names and error
+     codes along the way.
+     [Steve Henson]
+
+  *) PKCS12 integration: and so it begins... First of several patches to
+     slowly integrate PKCS#12 functionality into OpenSSL. Add PKCS#12
+     objects to objects.h
+     [Steve Henson]
+
+  *) Add a new 'indent' option to some X509V3 extension code. Initial ASN1
+     and display support for Thawte strong extranet extension.
+     [Steve Henson]
+
+  *) Add LinuxPPC support.
+     [Jeff Dubrule <igor@pobox.org>]
+
+  *) Get rid of redundant BN file bn_mulw.c, and rename bn_div64 to
+     bn_div_words in alpha.s.
+     [Hannes Reinecke <H.Reinecke@hw.ac.uk> and Ben Laurie]
+
+  *) Make sure the RSA OAEP test is skipped under -DRSAref because
+     OAEP isn't supported when OpenSSL is built with RSAref.
+     [Ulf Moeller <ulf@fitug.de>]
+
+  *) Move definitions of IS_SET/IS_SEQUENCE inside crypto/asn1/asn1.h 
+     so they no longer are missing under -DNOPROTO. 
+     [Soren S. Jorvang <soren@t.dk>]
+
+
+ Changes between 0.9.1c and 0.9.2b  [22 Mar 1999]
+
+  *) Make SSL_get_peer_cert_chain() work in servers. Unfortunately, it still
+     doesn't work when the session is reused. Coming soon!
+     [Ben Laurie]
+
+  *) Fix a security hole, that allows sessions to be reused in the wrong
+     context thus bypassing client cert protection! All software that uses
+     client certs and session caches in multiple contexts NEEDS PATCHING to
+     allow session reuse! A fuller solution is in the works.
+     [Ben Laurie, problem pointed out by Holger Reif, Bodo Moeller (and ???)]
+
+  *) Some more source tree cleanups (removed obsolete files
+     crypto/bf/asm/bf586.pl, test/test.txt and crypto/sha/asm/f.s; changed
+     permission on "config" script to be executable) and a fix for the INSTALL
+     document.
+     [Ulf Moeller <ulf@fitug.de>]
+
+  *) Remove some legacy and erroneous uses of malloc, free instead of
+     Malloc, Free.
+     [Lennart Bang <lob@netstream.se>, with minor changes by Steve]
+
+  *) Make rsa_oaep_test return non-zero on error.
+     [Ulf Moeller <ulf@fitug.de>]
+
+  *) Add support for native Solaris shared libraries. Configure
+     solaris-sparc-sc4-pic, make, then run shlib/solaris-sc4.sh. It'd be nice
+     if someone would make that last step automatic.
+     [Matthias Loepfe <Matthias.Loepfe@AdNovum.CH>]
+
+  *) ctx_size was not built with the right compiler during "make links". Fixed.
+     [Ben Laurie]
+
+  *) Change the meaning of 'ALL' in the cipher list. It now means "everything
+     except NULL ciphers". This means the default cipher list will no longer
+     enable NULL ciphers. They need to be specifically enabled e.g. with
+     the string "DEFAULT:eNULL".
+     [Steve Henson]
+
+  *) Fix to RSA private encryption routines: if p < q then it would
+     occasionally produce an invalid result. This will only happen with
+     externally generated keys because OpenSSL (and SSLeay) ensure p > q.
+     [Steve Henson]
+
+  *) Be less restrictive and allow also `perl util/perlpath.pl
+     /path/to/bin/perl' in addition to `perl util/perlpath.pl /path/to/bin',
+     because this way one can also use an interpreter named `perl5' (which is
+     usually the name of Perl 5.xxx on platforms where an Perl 4.x is still
+     installed as `perl').
+     [Matthias Loepfe <Matthias.Loepfe@adnovum.ch>]
+
+  *) Let util/clean-depend.pl work also with older Perl 5.00x versions.
+     [Matthias Loepfe <Matthias.Loepfe@adnovum.ch>]
+
+  *) Fix Makefile.org so CC,CFLAG etc are passed to 'make links' add
+     advapi32.lib to Win32 build and change the pem test comparision
+     to fc.exe (thanks to Ulrich Kroener <kroneru@yahoo.com> for the
+     suggestion). Fix misplaced ASNI prototypes and declarations in evp.h
+     and crypto/des/ede_cbcm_enc.c.
+     [Steve Henson]
+
+  *) DES quad checksum was broken on big-endian architectures. Fixed.
+     [Ben Laurie]
+
+  *) Comment out two functions in bio.h that aren't implemented. Fix up the
+     Win32 test batch file so it (might) work again. The Win32 test batch file
+     is horrible: I feel ill....
+     [Steve Henson]
+
+  *) Move various #ifdefs around so NO_SYSLOG, NO_DIRENT etc are now selected
+     in e_os.h. Audit of header files to check ANSI and non ANSI
+     sections: 10 functions were absent from non ANSI section and not exported
+     from Windows DLLs. Fixed up libeay.num for new functions.
+     [Steve Henson]
+
+  *) Make `openssl version' output lines consistent.
+     [Ralf S. Engelschall]
+
+  *) Fix Win32 symbol export lists for BIO functions: Added
+     BIO_get_ex_new_index, BIO_get_ex_num, BIO_get_ex_data and BIO_set_ex_data
+     to ms/libeay{16,32}.def.
+     [Ralf S. Engelschall]
+
+  *) Second round of fixing the OpenSSL perl/ stuff. It now at least compiled
+     fine under Unix and passes some trivial tests I've now added. But the
+     whole stuff is horribly incomplete, so a README.1ST with a disclaimer was
+     added to make sure no one expects that this stuff really works in the
+     OpenSSL 0.9.2 release.  Additionally I've started to clean the XS sources
+     up and fixed a few little bugs and inconsistencies in OpenSSL.{pm,xs} and
+     openssl_bio.xs.
+     [Ralf S. Engelschall]
+
+  *) Fix the generation of two part addresses in perl.
+     [Kenji Miyake <kenji@miyake.org>, integrated by Ben Laurie]
+
+  *) Add config entry for Linux on MIPS.
+     [John Tobey <jtobey@channel1.com>]
+
+  *) Make links whenever Configure is run, unless we are on Windoze.
+     [Ben Laurie]
+
+  *) Permit extensions to be added to CRLs using crl_section in openssl.cnf.
+     Currently only issuerAltName and AuthorityKeyIdentifier make any sense
+     in CRLs.
+     [Steve Henson]
+
+  *) Add a useful kludge to allow package maintainers to specify compiler and
+     other platforms details on the command line without having to patch the
+     Configure script everytime: One now can use ``perl Configure
+     <id>:<details>'', i.e. platform ids are allowed to have details appended
+     to them (seperated by colons). This is treated as there would be a static
+     pre-configured entry in Configure's %table under key <id> with value
+     <details> and ``perl Configure <id>'' is called.  So, when you want to
+     perform a quick test-compile under FreeBSD 3.1 with pgcc and without
+     assembler stuff you can use ``perl Configure "FreeBSD-elf:pgcc:-O6:::"''
+     now, which overrides the FreeBSD-elf entry on-the-fly.
+     [Ralf S. Engelschall]
+
+  *) Disable new TLS1 ciphersuites by default: they aren't official yet.
+     [Ben Laurie]
+
+  *) Allow DSO flags like -fpic, -fPIC, -KPIC etc. to be specified
+     on the `perl Configure ...' command line. This way one can compile
+     OpenSSL libraries with Position Independent Code (PIC) which is needed
+     for linking it into DSOs.
+     [Ralf S. Engelschall]
+
+  *) Remarkably, export ciphers were totally broken and no-one had noticed!
+     Fixed.
+     [Ben Laurie]
+
+  *) Cleaned up the LICENSE document: The official contact for any license
+     questions now is the OpenSSL core team under openssl-core@openssl.org.
+     And add a paragraph about the dual-license situation to make sure people
+     recognize that _BOTH_ the OpenSSL license _AND_ the SSLeay license apply
+     to the OpenSSL toolkit.
+     [Ralf S. Engelschall]
+
+  *) General source tree makefile cleanups: Made `making xxx in yyy...'
+     display consistent in the source tree and replaced `/bin/rm' by `rm'.
+     Additonally cleaned up the `make links' target: Remove unnecessary
+     semicolons, subsequent redundant removes, inline point.sh into mklink.sh
+     to speed processing and no longer clutter the display with confusing
+     stuff. Instead only the actually done links are displayed.
+     [Ralf S. Engelschall]
+
+  *) Permit null encryption ciphersuites, used for authentication only. It used
+     to be necessary to set the preprocessor define SSL_ALLOW_ENULL to do this.
+     It is now necessary to set SSL_FORBID_ENULL to prevent the use of null
+     encryption.
+     [Ben Laurie]
+
+  *) Add a bunch of fixes to the PKCS#7 stuff. It used to sometimes reorder
+     signed attributes when verifying signatures (this would break them), 
+     the detached data encoding was wrong and public keys obtained using
+     X509_get_pubkey() weren't freed.
+     [Steve Henson]
+
+  *) Add text documentation for the BUFFER functions. Also added a work around
+     to a Win95 console bug. This was triggered by the password read stuff: the
+     last character typed gets carried over to the next fread(). If you were 
+     generating a new cert request using 'req' for example then the last
+     character of the passphrase would be CR which would then enter the first
+     field as blank.
+     [Steve Henson]
+
+  *) Added the new `Includes OpenSSL Cryptography Software' button as
+     doc/openssl_button.{gif,html} which is similar in style to the old SSLeay
+     button and can be used by applications based on OpenSSL to show the
+     relationship to the OpenSSL project.  
+     [Ralf S. Engelschall]
+
+  *) Remove confusing variables in function signatures in files
+     ssl/ssl_lib.c and ssl/ssl.h.
+     [Lennart Bong <lob@kulthea.stacken.kth.se>]
+
+  *) Don't install bss_file.c under PREFIX/include/
+     [Lennart Bong <lob@kulthea.stacken.kth.se>]
+
+  *) Get the Win32 compile working again. Modify mkdef.pl so it can handle
+     functions that return function pointers and has support for NT specific
+     stuff. Fix mk1mf.pl and VC-32.pl to support NT differences also. Various
+     #ifdef WIN32 and WINNTs sprinkled about the place and some changes from
+     unsigned to signed types: this was killing the Win32 compile.
+     [Steve Henson]
+
+  *) Add new certificate file to stack functions,
+     SSL_add_dir_cert_subjects_to_stack() and
+     SSL_add_file_cert_subjects_to_stack().  These largely supplant
+     SSL_load_client_CA_file(), and can be used to add multiple certs easily
+     to a stack (usually this is then handed to SSL_CTX_set_client_CA_list()).
+     This means that Apache-SSL and similar packages don't have to mess around
+     to add as many CAs as they want to the preferred list.
+     [Ben Laurie]
+
+  *) Experiment with doxygen documentation. Currently only partially applied to
+     ssl/ssl_lib.c.
+     See http://www.stack.nl/~dimitri/doxygen/index.html, and run doxygen with
+     openssl.doxy as the configuration file.
+     [Ben Laurie]
+  
+  *) Get rid of remaining C++-style comments which strict C compilers hate.
+     [Ralf S. Engelschall, pointed out by Carlos Amengual]
+
+  *) Changed BN_RECURSION in bn_mont.c to BN_RECURSION_MONT so it is not
+     compiled in by default: it has problems with large keys.
+     [Steve Henson]
+
+  *) Add a bunch of SSL_xxx() functions for configuring the temporary RSA and
+     DH private keys and/or callback functions which directly correspond to
+     their SSL_CTX_xxx() counterparts but work on a per-connection basis. This
+     is needed for applications which have to configure certificates on a
+     per-connection basis (e.g. Apache+mod_ssl) instead of a per-context basis
+     (e.g. s_server). 
+        For the RSA certificate situation is makes no difference, but
+     for the DSA certificate situation this fixes the "no shared cipher"
+     problem where the OpenSSL cipher selection procedure failed because the
+     temporary keys were not overtaken from the context and the API provided
+     no way to reconfigure them. 
+        The new functions now let applications reconfigure the stuff and they
+     are in detail: SSL_need_tmp_RSA, SSL_set_tmp_rsa, SSL_set_tmp_dh,
+     SSL_set_tmp_rsa_callback and SSL_set_tmp_dh_callback.  Additionally a new
+     non-public-API function ssl_cert_instantiate() is used as a helper
+     function and also to reduce code redundancy inside ssl_rsa.c.
+     [Ralf S. Engelschall]
+
+  *) Move s_server -dcert and -dkey options out of the undocumented feature
+     area because they are useful for the DSA situation and should be
+     recognized by the users.
+     [Ralf S. Engelschall]
+
+  *) Fix the cipher decision scheme for export ciphers: the export bits are
+     *not* within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within
+     SSL_EXP_MASK.  So, the original variable has to be used instead of the
+     already masked variable.
+     [Richard Levitte <levitte@stacken.kth.se>]
+
+  *) Fix 'port' variable from `int' to `unsigned int' in crypto/bio/b_sock.c
+     [Richard Levitte <levitte@stacken.kth.se>]
+
+  *) Change type of another md_len variable in pk7_doit.c:PKCS7_dataFinal()
+     from `int' to `unsigned int' because it's a length and initialized by
+     EVP_DigestFinal() which expects an `unsigned int *'.
+     [Richard Levitte <levitte@stacken.kth.se>]
+
+  *) Don't hard-code path to Perl interpreter on shebang line of Configure
+     script. Instead use the usual Shell->Perl transition trick.
+     [Ralf S. Engelschall]
+
+  *) Make `openssl x509 -noout -modulus' functional also for DSA certificates
+     (in addition to RSA certificates) to match the behaviour of `openssl dsa
+     -noout -modulus' as it's already the case for `openssl rsa -noout
+     -modulus'.  For RSA the -modulus is the real "modulus" while for DSA
+     currently the public key is printed (a decision which was already done by
+     `openssl dsa -modulus' in the past) which serves a similar purpose.
+     Additionally the NO_RSA no longer completely removes the whole -modulus
+     option; it now only avoids using the RSA stuff. Same applies to NO_DSA
+     now, too.
+     [Ralf S.  Engelschall]
+
+  *) Add Arne Ansper's reliable BIO - this is an encrypted, block-digested
+     BIO. See the source (crypto/evp/bio_ok.c) for more info.
+     [Arne Ansper <arne@ats.cyber.ee>]
+
+  *) Dump the old yucky req code that tried (and failed) to allow raw OIDs
+     to be added. Now both 'req' and 'ca' can use new objects defined in the
+     config file.
+     [Steve Henson]
+
+  *) Add cool BIO that does syslog (or event log on NT).
+     [Arne Ansper <arne@ats.cyber.ee>, integrated by Ben Laurie]
+
+  *) Add support for new TLS ciphersuites, TLS_RSA_EXPORT56_WITH_RC4_56_MD5,
+     TLS_RSA_EXPORT56_WITH_RC2_CBC_56_MD5 and
+     TLS_RSA_EXPORT56_WITH_DES_CBC_SHA, as specified in "56-bit Export Cipher
+     Suites For TLS", draft-ietf-tls-56-bit-ciphersuites-00.txt.
+     [Ben Laurie]
+
+  *) Add preliminary config info for new extension code.
+     [Steve Henson]
+
+  *) Make RSA_NO_PADDING really use no padding.
+     [Ulf Moeller <ulf@fitug.de>]
+
+  *) Generate errors when private/public key check is done.
+     [Ben Laurie]
+
+  *) Overhaul for 'crl' utility. New function X509_CRL_print. Partial support
+     for some CRL extensions and new objects added.
+     [Steve Henson]
+
+  *) Really fix the ASN1 IMPLICIT bug this time... Partial support for private
+     key usage extension and fuller support for authority key id.
+     [Steve Henson]
+
+  *) Add OAEP encryption for the OpenSSL crypto library. OAEP is the improved
+     padding method for RSA, which is recommended for new applications in PKCS
+     #1 v2.0 (RFC 2437, October 1998).
+     OAEP (Optimal Asymmetric Encryption Padding) has better theoretical
+     foundations than the ad-hoc padding used in PKCS #1 v1.5. It is secure
+     against Bleichbacher's attack on RSA.
+     [Ulf Moeller <ulf@fitug.de>, reformatted, corrected and integrated by
+      Ben Laurie]
+
+  *) Updates to the new SSL compression code
+     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
+
+  *) Fix so that the version number in the master secret, when passed
+     via RSA, checks that if TLS was proposed, but we roll back to SSLv3
+     (because the server will not accept higher), that the version number
+     is 0x03,0x01, not 0x03,0x00
+     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
+
+  *) Run extensive memory leak checks on SSL apps. Fixed *lots* of memory
+     leaks in ssl/ relating to new X509_get_pubkey() behaviour. Also fixes
+     in apps/ and an unrelated leak in crypto/dsa/dsa_vrf.c
+     [Steve Henson]
+
+  *) Support for RAW extensions where an arbitrary extension can be
+     created by including its DER encoding. See apps/openssl.cnf for
+     an example.
+     [Steve Henson]
+
+  *) Make sure latest Perl versions don't interpret some generated C array
+     code as Perl array code in the crypto/err/err_genc.pl script.
+     [Lars Weber <3weber@informatik.uni-hamburg.de>]
+
+  *) Modify ms/do_ms.bat to not generate assembly language makefiles since
+     not many people have the assembler. Various Win32 compilation fixes and
+     update to the INSTALL.W32 file with (hopefully) more accurate Win32
+     build instructions.
+     [Steve Henson]
+
+  *) Modify configure script 'Configure' to automatically create crypto/date.h
+     file under Win32 and also build pem.h from pem.org. New script
+     util/mkfiles.pl to create the MINFO file on environments that can't do a
+     'make files': perl util/mkfiles.pl >MINFO should work.
+     [Steve Henson]
+
+  *) Major rework of DES function declarations, in the pursuit of correctness
+     and purity. As a result, many evil casts evaporated, and some weirdness,
+     too. You may find this causes warnings in your code. Zapping your evil
+     casts will probably fix them. Mostly.
+     [Ben Laurie]
+
+  *) Fix for a typo in asn1.h. Bug fix to object creation script
+     obj_dat.pl. It considered a zero in an object definition to mean
+     "end of object": none of the objects in objects.h have any zeros
+     so it wasn't spotted.
+     [Steve Henson, reported by Erwann ABALEA <eabalea@certplus.com>]
+
+  *) Add support for Triple DES Cipher Block Chaining with Output Feedback
+     Masking (CBCM). In the absence of test vectors, the best I have been able
+     to do is check that the decrypt undoes the encrypt, so far. Send me test
+     vectors if you have them.
+     [Ben Laurie]
+
+  *) Correct calculation of key length for export ciphers (too much space was
+     allocated for null ciphers). This has not been tested!
+     [Ben Laurie]
+
+  *) Modifications to the mkdef.pl for Win32 DEF file creation. The usage
+     message is now correct (it understands "crypto" and "ssl" on its
+     command line). There is also now an "update" option. This will update
+     the util/ssleay.num and util/libeay.num files with any new functions.
+     If you do a: 
+     perl util/mkdef.pl crypto ssl update
+     it will update them.
+     [Steve Henson]
+
+  *) Overhauled the Perl interface (perl/*):
+     - ported BN stuff to OpenSSL's different BN library
+     - made the perl/ source tree CVS-aware
+     - renamed the package from SSLeay to OpenSSL (the files still contain
+       their history because I've copied them in the repository)
+     - removed obsolete files (the test scripts will be replaced
+       by better Test::Harness variants in the future)
+     [Ralf S. Engelschall]
+
+  *) First cut for a very conservative source tree cleanup:
+     1. merge various obsolete readme texts into doc/ssleay.txt
+     where we collect the old documents and readme texts.
+     2. remove the first part of files where I'm already sure that we no
+     longer need them because of three reasons: either they are just temporary
+     files which were left by Eric or they are preserved original files where
+     I've verified that the diff is also available in the CVS via "cvs diff
+     -rSSLeay_0_8_1b" or they were renamed (as it was definitely the case for
+     the crypto/md/ stuff).
+     [Ralf S. Engelschall]
+
+  *) More extension code. Incomplete support for subject and issuer alt
+     name, issuer and authority key id. Change the i2v function parameters
+     and add an extra 'crl' parameter in the X509V3_CTX structure: guess
+     what that's for :-) Fix to ASN1 macro which messed up
+     IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED.
+     [Steve Henson]
+
+  *) Preliminary support for ENUMERATED type. This is largely copied from the
+     INTEGER code.
+     [Steve Henson]
+
+  *) Add new function, EVP_MD_CTX_copy() to replace frequent use of memcpy.
+     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
+
+  *) Make sure `make rehash' target really finds the `openssl' program.
+     [Ralf S. Engelschall, Matthias Loepfe <Matthias.Loepfe@adnovum.ch>]
+
+  *) Squeeze another 7% of speed out of MD5 assembler, at least on a P2. I'd
+     like to hear about it if this slows down other processors.
+     [Ben Laurie]
+
+  *) Add CygWin32 platform information to Configure script.
+     [Alan Batie <batie@aahz.jf.intel.com>]
+
+  *) Fixed ms/32all.bat script: `no_asm' -> `no-asm'
+     [Rainer W. Gerling <gerling@mpg-gv.mpg.de>]
+  
+  *) New program nseq to manipulate netscape certificate sequences
+     [Steve Henson]
+
+  *) Modify crl2pkcs7 so it supports multiple -certfile arguments. Fix a
+     few typos.
+     [Steve Henson]
+
+  *) Fixes to BN code.  Previously the default was to define BN_RECURSION
+     but the BN code had some problems that would cause failures when
+     doing certificate verification and some other functions.
+     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
+
+  *) Add ASN1 and PEM code to support netscape certificate sequences.
+     [Steve Henson]
+
+  *) Add ASN1 and PEM code to support netscape certificate sequences.
+     [Steve Henson]
+
+  *) Add several PKIX and private extended key usage OIDs.
+     [Steve Henson]
+
+  *) Modify the 'ca' program to handle the new extension code. Modify
+     openssl.cnf for new extension format, add comments.
+     [Steve Henson]
+
+  *) More X509 V3 changes. Fix typo in v3_bitstr.c. Add support to 'req'
+     and add a sample to openssl.cnf so req -x509 now adds appropriate
+     CA extensions.
+     [Steve Henson]
+
+  *) Continued X509 V3 changes. Add to other makefiles, integrate with the
+     error code, add initial support to X509_print() and x509 application.
+     [Steve Henson]
+
+  *) Takes a deep breath and start addding X509 V3 extension support code. Add
+     files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this
+     stuff is currently isolated and isn't even compiled yet.
+     [Steve Henson]
+
+  *) Continuing patches for GeneralizedTime. Fix up certificate and CRL
+     ASN1 to use ASN1_TIME and modify print routines to use ASN1_TIME_print.
+     Removed the versions check from X509 routines when loading extensions:
+     this allows certain broken certificates that don't set the version
+     properly to be processed.
+     [Steve Henson]
+
+  *) Deal with irritating shit to do with dependencies, in YAAHW (Yet Another
+     Ad Hoc Way) - Makefile.ssls now all contain local dependencies, which
+     can still be regenerated with "make depend".
+     [Ben Laurie]
+
+  *) Spelling mistake in C version of CAST-128.
+     [Ben Laurie, reported by Jeremy Hylton <jeremy@cnri.reston.va.us>]
+
+  *) Changes to the error generation code. The perl script err-code.pl 
+     now reads in the old error codes and retains the old numbers, only
+     adding new ones if necessary. It also only changes the .err files if new
+     codes are added. The makefiles have been modified to only insert errors
+     when needed (to avoid needlessly modifying header files). This is done
+     by only inserting errors if the .err file is newer than the auto generated
+     C file. To rebuild all the error codes from scratch (the old behaviour)
+     either modify crypto/Makefile.ssl to pass the -regen flag to err_code.pl
+     or delete all the .err files.
+     [Steve Henson]
+
+  *) CAST-128 was incorrectly implemented for short keys. The C version has
+     been fixed, but is untested. The assembler versions are also fixed, but
+     new assembler HAS NOT BEEN GENERATED FOR WIN32 - the Makefile needs fixing
+     to regenerate it if needed.
+     [Ben Laurie, reported (with fix for C version) by Jun-ichiro itojun
+      Hagino <itojun@kame.net>]
+
+  *) File was opened incorrectly in randfile.c.
+     [Ulf M�ller <ulf@fitug.de>]
+
+  *) Beginning of support for GeneralizedTime. d2i, i2d, check and print
+     functions. Also ASN1_TIME suite which is a CHOICE of UTCTime or
+     GeneralizedTime. ASN1_TIME is the proper type used in certificates et
+     al: it's just almost always a UTCTime. Note this patch adds new error
+     codes so do a "make errors" if there are problems.
+     [Steve Henson]
+
+  *) Correct Linux 1 recognition in config.
+     [Ulf M�ller <ulf@fitug.de>]
+
+  *) Remove pointless MD5 hash when using DSA keys in ca.
+     [Anonymous <nobody@replay.com>]
+
+  *) Generate an error if given an empty string as a cert directory. Also
+     generate an error if handed NULL (previously returned 0 to indicate an
+     error, but didn't set one).
+     [Ben Laurie, reported by Anonymous <nobody@replay.com>]
+
+  *) Add prototypes to SSL methods. Make SSL_write's buffer const, at last.
+     [Ben Laurie]
+
+  *) Fix the dummy function BN_ref_mod_exp() in rsaref.c to have the correct
+     parameters. This was causing a warning which killed off the Win32 compile.
+     [Steve Henson]
+
+  *) Remove C++ style comments from crypto/bn/bn_local.h.
+     [Neil Costigan <neil.costigan@celocom.com>]
+
+  *) The function OBJ_txt2nid was broken. It was supposed to return a nid
+     based on a text string, looking up short and long names and finally
+     "dot" format. The "dot" format stuff didn't work. Added new function
+     OBJ_txt2obj to do the same but return an ASN1_OBJECT and rewrote 
+     OBJ_txt2nid to use it. OBJ_txt2obj can also return objects even if the
+     OID is not part of the table.
+     [Steve Henson]
+
+  *) Add prototypes to X509 lookup/verify methods, fixing a bug in
+     X509_LOOKUP_by_alias().
+     [Ben Laurie]
+
+  *) Sort openssl functions by name.
+     [Ben Laurie]
+
+  *) Get the gendsa program working (hopefully) and add it to app list. Remove
+     encryption from sample DSA keys (in case anyone is interested the password
+     was "1234").
+     [Steve Henson]
+
+  *) Make _all_ *_free functions accept a NULL pointer.
+     [Frans Heymans <fheymans@isaserver.be>]
+
+  *) If a DH key is generated in s3_srvr.c, don't blow it by trying to use
+     NULL pointers.
+     [Anonymous <nobody@replay.com>]
+
+  *) s_server should send the CAfile as acceptable CAs, not its own cert.
+     [Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
+
+  *) Don't blow it for numeric -newkey arguments to apps/req.
+     [Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
+
+  *) Temp key "for export" tests were wrong in s3_srvr.c.
+     [Anonymous <nobody@replay.com>]
+
+  *) Add prototype for temp key callback functions
+     SSL_CTX_set_tmp_{rsa,dh}_callback().
+     [Ben Laurie]
+
+  *) Make DH_free() tolerate being passed a NULL pointer (like RSA_free() and
+     DSA_free()). Make X509_PUBKEY_set() check for errors in d2i_PublicKey().
+     [Steve Henson]
+
+  *) X509_name_add_entry() freed the wrong thing after an error.
+     [Arne Ansper <arne@ats.cyber.ee>]
+
+  *) rsa_eay.c would attempt to free a NULL context.
+     [Arne Ansper <arne@ats.cyber.ee>]
+
+  *) BIO_s_socket() had a broken should_retry() on Windoze.
+     [Arne Ansper <arne@ats.cyber.ee>]
+
+  *) BIO_f_buffer() didn't pass on BIO_CTRL_FLUSH.
+     [Arne Ansper <arne@ats.cyber.ee>]
+
+  *) Make sure the already existing X509_STORE->depth variable is initialized
+     in X509_STORE_new(), but document the fact that this variable is still
+     unused in the certificate verification process.
+     [Ralf S. Engelschall]
+
+  *) Fix the various library and apps files to free up pkeys obtained from
+     X509_PUBKEY_get() et al. Also allow x509.c to handle netscape extensions.
+     [Steve Henson]
+
+  *) Fix reference counting in X509_PUBKEY_get(). This makes
+     demos/maurice/example2.c work, amongst others, probably.
+     [Steve Henson and Ben Laurie]
+
+  *) First cut of a cleanup for apps/. First the `ssleay' program is now named
+     `openssl' and second, the shortcut symlinks for the `openssl <command>'
+     are no longer created. This way we have a single and consistent command
+     line interface `openssl <command>', similar to `cvs <command>'.
+     [Ralf S. Engelschall, Paul Sutton and Ben Laurie]
+
+  *) ca.c: move test for DSA keys inside #ifndef NO_DSA. Make pubkey
+     BIT STRING wrapper always have zero unused bits.
+     [Steve Henson]
+
+  *) Add CA.pl, perl version of CA.sh, add extended key usage OID.
+     [Steve Henson]
+
+  *) Make the top-level INSTALL documentation easier to understand.
+     [Paul Sutton]
+
+  *) Makefiles updated to exit if an error occurs in a sub-directory
+     make (including if user presses ^C) [Paul Sutton]
+
+  *) Make Montgomery context stuff explicit in RSA data structure.
+     [Ben Laurie]
+
+  *) Fix build order of pem and err to allow for generated pem.h.
+     [Ben Laurie]
+
+  *) Fix renumbering bug in X509_NAME_delete_entry().
+     [Ben Laurie]
+
+  *) Enhanced the err-ins.pl script so it makes the error library number 
+     global and can add a library name. This is needed for external ASN1 and
+     other error libraries.
+     [Steve Henson]
+
+  *) Fixed sk_insert which never worked properly.
+     [Steve Henson]
+
+  *) Fix ASN1 macros so they can handle indefinite length construted 
+     EXPLICIT tags. Some non standard certificates use these: they can now
+     be read in.
+     [Steve Henson]
+
+  *) Merged the various old/obsolete SSLeay documentation files (doc/xxx.doc)
+     into a single doc/ssleay.txt bundle. This way the information is still
+     preserved but no longer messes up this directory. Now it's new room for
+     the new set of documenation files.
+     [Ralf S. Engelschall]
+
+  *) SETs were incorrectly DER encoded. This was a major pain, because they
+     shared code with SEQUENCEs, which aren't coded the same. This means that
+     almost everything to do with SETs or SEQUENCEs has either changed name or
+     number of arguments.
+     [Ben Laurie, based on a partial fix by GP Jayan <gp@nsj.co.jp>]
+
+  *) Fix test data to work with the above.
+     [Ben Laurie]
+
+  *) Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but
+     was already fixed by Eric for 0.9.1 it seems.
+     [Ben Laurie - pointed out by Ulf M�ller <ulf@fitug.de>]
+
+  *) Autodetect FreeBSD3.
+     [Ben Laurie]
+
+  *) Fix various bugs in Configure. This affects the following platforms:
+     nextstep
+     ncr-scde
+     unixware-2.0
+     unixware-2.0-pentium
+     sco5-cc.
+     [Ben Laurie]
+
+  *) Eliminate generated files from CVS. Reorder tests to regenerate files
+     before they are needed.
+     [Ben Laurie]
+
+  *) Generate Makefile.ssl from Makefile.org (to keep CVS happy).
+     [Ben Laurie]
+
+
+ Changes between 0.9.1b and 0.9.1c  [23-Dec-1998]
+
+  *) Added OPENSSL_VERSION_NUMBER to crypto/crypto.h and 
+     changed SSLeay to OpenSSL in version strings.
+     [Ralf S. Engelschall]
+  
+  *) Some fixups to the top-level documents.
+     [Paul Sutton]
+
+  *) Fixed the nasty bug where rsaref.h was not found under compile-time
+     because the symlink to include/ was missing.
+     [Ralf S. Engelschall]
+
+  *) Incorporated the popular no-RSA/DSA-only patches 
+     which allow to compile a RSA-free SSLeay.
+     [Andrew Cooke / Interrader Ldt., Ralf S. Engelschall]
+
+  *) Fixed nasty rehash problem under `make -f Makefile.ssl links'
+     when "ssleay" is still not found.
+     [Ralf S. Engelschall]
+
+  *) Added more platforms to Configure: Cray T3E, HPUX 11, 
+     [Ralf S. Engelschall, Beckmann <beckman@acl.lanl.gov>]
+
+  *) Updated the README file.
+     [Ralf S. Engelschall]
+
+  *) Added various .cvsignore files in the CVS repository subdirs
+     to make a "cvs update" really silent.
+     [Ralf S. Engelschall]
+
+  *) Recompiled the error-definition header files and added
+     missing symbols to the Win32 linker tables.
+     [Ralf S. Engelschall]
+
+  *) Cleaned up the top-level documents;
+     o new files: CHANGES and LICENSE
+     o merged VERSION, HISTORY* and README* files a CHANGES.SSLeay 
+     o merged COPYRIGHT into LICENSE
+     o removed obsolete TODO file
+     o renamed MICROSOFT to INSTALL.W32
+     [Ralf S. Engelschall]
+
+  *) Removed dummy files from the 0.9.1b source tree: 
+     crypto/asn1/x crypto/bio/cd crypto/bio/fg crypto/bio/grep crypto/bio/vi
+     crypto/bn/asm/......add.c crypto/bn/asm/a.out crypto/dsa/f crypto/md5/f
+     crypto/pem/gmon.out crypto/perlasm/f crypto/pkcs7/build crypto/rsa/f
+     crypto/sha/asm/f crypto/threads/f ms/zzz ssl/f ssl/f.mak test/f
+     util/f.mak util/pl/f util/pl/f.mak crypto/bf/bf_locl.old apps/f
+     [Ralf S. Engelschall]
+
+  *) Added various platform portability fixes.
+     [Mark J. Cox]
+
+  *) The Genesis of the OpenSSL rpject:
+     We start with the latest (unreleased) SSLeay version 0.9.1b which Eric A.
+     Young and Tim J. Hudson created while they were working for C2Net until
+     summer 1998.
+     [The OpenSSL Project]
+ 
+
+ Changes between 0.9.0b and 0.9.1b  [not released]
+
+  *) Updated a few CA certificates under certs/
+     [Eric A. Young]
+
+  *) Changed some BIGNUM api stuff.
+     [Eric A. Young]
+
+  *) Various platform ports: OpenBSD, Ultrix, IRIX 64bit, NetBSD, 
+     DGUX x86, Linux Alpha, etc.
+     [Eric A. Young]
+
+  *) New COMP library [crypto/comp/] for SSL Record Layer Compression: 
+     RLE (dummy implemented) and ZLIB (really implemented when ZLIB is
+     available).
+     [Eric A. Young]
+
+  *) Add -strparse option to asn1pars program which parses nested 
+     binary structures 
+     [Dr Stephen Henson <shenson@bigfoot.com>]
+
+  *) Added "oid_file" to ssleay.cnf for "ca" and "req" programs.
+     [Eric A. Young]
+
+  *) DSA fix for "ca" program.
+     [Eric A. Young]
+
+  *) Added "-genkey" option to "dsaparam" program.
+     [Eric A. Young]
+
+  *) Added RIPE MD160 (rmd160) message digest.
+     [Eric A. Young]
+
+  *) Added -a (all) option to "ssleay version" command.
+     [Eric A. Young]
+
+  *) Added PLATFORM define which is the id given to Configure.
+     [Eric A. Young]
+
+  *) Added MemCheck_XXXX functions to crypto/mem.c for memory checking.
+     [Eric A. Young]
+
+  *) Extended the ASN.1 parser routines.
+     [Eric A. Young]
+
+  *) Extended BIO routines to support REUSEADDR, seek, tell, etc.
+     [Eric A. Young]
+
+  *) Added a BN_CTX to the BN library.
+     [Eric A. Young]
+
+  *) Fixed the weak key values in DES library
+     [Eric A. Young]
+
+  *) Changed API in EVP library for cipher aliases.
+     [Eric A. Young]
+
+  *) Added support for RC2/64bit cipher.
+     [Eric A. Young]
+
+  *) Converted the lhash library to the crypto/mem.c functions.
+     [Eric A. Young]
+
+  *) Added more recognized ASN.1 object ids.
+     [Eric A. Young]
+
+  *) Added more RSA padding checks for SSL/TLS.
+     [Eric A. Young]
+
+  *) Added BIO proxy/filter functionality.
+     [Eric A. Young]
+
+  *) Added extra_certs to SSL_CTX which can be used
+     send extra CA certificates to the client in the CA cert chain sending
+     process. It can be configured with SSL_CTX_add_extra_chain_cert().
+     [Eric A. Young]
+
+  *) Now Fortezza is denied in the authentication phase because
+     this is key exchange mechanism is not supported by SSLeay at all.
+     [Eric A. Young]
+
+  *) Additional PKCS1 checks.
+     [Eric A. Young]
+
+  *) Support the string "TLSv1" for all TLS v1 ciphers.
+     [Eric A. Young]
+
+  *) Added function SSL_get_ex_data_X509_STORE_CTX_idx() which gives the
+     ex_data index of the SSL context in the X509_STORE_CTX ex_data.
+     [Eric A. Young]
+
+  *) Fixed a few memory leaks.
+     [Eric A. Young]
+
+  *) Fixed various code and comment typos.
+     [Eric A. Young]
+
+  *) A minor bug in ssl/s3_clnt.c where there would always be 4 0 
+     bytes sent in the client random.
+     [Edward Bishop <ebishop@spyglass.com>]
+
diff --git a/lib/libssl/src/HISTORY.066 b/lib/libssl/src/CHANGES.SSLeay
index f85224977a2..dbb80b003d8 100644
--- a/lib/libssl/src/HISTORY.066
+++ b/lib/libssl/src/CHANGES.SSLeay
@@ -1,4 +1,529 @@
-SSLeay 0.6.5
+This file contains the changes for the SSLeay library up to version
+0.9.0b. For later changes, see the file "CHANGES".
+
+  SSLeay CHANGES
+  ______________
+
+Changes between 0.8.x and 0.9.0b
+
+10-Apr-1998
+
+I said the next version would go out at easter, and so it shall.
+I expect a 0.9.1 will follow with portability fixes in the next few weeks.
+
+This is a quick, meet the deadline.  Look to ssl-users for comments on what
+is new etc.
+
+eric (about to go bushwalking for the 4 day easter break :-)
+
+16-Mar-98
+    - Patch for Cray T90 from Wayne Schroeder <schroede@SDSC.EDU>
+    - Lots and lots of changes
+
+29-Jan-98
+    - ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from
+      Goetz Babin-Ebell <babinebell@trustcenter.de>.
+    - SSL_version() now returns SSL2_VERSION, SSL3_VERSION or
+      TLS1_VERSION.
+
+7-Jan-98
+    - Finally reworked the cipher string to ciphers again, so it
+      works correctly
+    - All the app_data stuff is now ex_data with funcion calls to access.
+      The index is supplied by a function and 'methods' can be setup
+      for the types that are called on XXX_new/XXX_free.  This lets
+      applications get notified on creation and destruction.  Some of
+      the RSA methods could be implemented this way and I may do so.
+    - Oh yes, SSL under perl5 is working at the basic level.
+
+15-Dec-97
+    - Warning - the gethostbyname cache is not fully thread safe,
+      but it should work well enough.
+    - Major internal reworking of the app_data stuff.  More functions
+      but if you were accessing ->app_data directly, things will
+      stop working.
+    - The perlv5 stuff is working.  Currently on message digests,
+      ciphers and the bignum library.
+
+9-Dec-97
+    - Modified re-negotiation so that server initated re-neg
+      will cause a SSL_read() to return -1 should retry.
+      The danger otherwise was that the server and the
+      client could end up both trying to read when using non-blocking
+      sockets.
+
+4-Dec-97
+    - Lots of small changes
+    - Fix for binaray mode in Windows for the FILE BIO, thanks to
+      Bob Denny <rdenny@dc3.com>
+
+17-Nov-97
+    - Quite a few internal cleanups, (removal of errno, and using macros
+      defined in e_os.h).
+    - A bug in ca.c, pointed out by yasuyuki-ito@d-cruise.co.jp, where
+      the automactic naming out output files was being stuffed up.
+
+29-Oct-97
+    - The Cast5 cipher has been added.  MD5 and SHA-1 are now in assember
+      for x86.
+
+21-Oct-97
+    - Fixed a bug in the BIO_gethostbyname() cache.
+
+15-Oct-97
+    - cbc mode for blowfish/des/3des is now in assember.  Blowfish asm
+      has also been improved.  At this point in time, on the pentium,
+      md5 is %80 faster, the unoptimesed sha-1 is %79 faster,
+      des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc
+      is %62 faster.
+
+12-Oct-97
+    - MEM_BUF_grow() has been fixed so that it always sets the buf->length
+      to the value we are 'growing' to.  Think of MEM_BUF_grow() as the
+      way to set the length value correctly.
+
+10-Oct-97
+    - I now hash for certificate lookup on the raw DER encoded RDN (md5).
+      This breaks things again :-(.  This is efficent since I cache
+      the DER encoding of the RDN.
+    - The text DN now puts in the numeric OID instead of UNKNOWN.
+    - req can now process arbitary OIDs in the config file.
+    - I've been implementing md5 in x86 asm, much faster :-).
+    - Started sha1 in x86 asm, needs more work.
+    - Quite a few speedups in the BN stuff.  RSA public operation
+      has been made faster by caching the BN_MONT_CTX structure.
+      The calulating of the Ai where A*Ai === 1 mod m was rather
+      expensive.  Basically a 40-50% speedup on public operations.
+      The RSA speedup is now 15% on pentiums and %20 on pentium
+      pro.
+
+30-Sep-97
+    - After doing some profiling, I added x86 adm for bn_add_words(),
+      which just adds 2 arrays of longs together.  A %10 speedup
+      for 512 and 1024 bit RSA on the pentium pro.
+
+29-Sep-97
+    - Converted the x86 bignum assembler to us the perl scripts
+      for generation.
+
+23-Sep-97
+    - If SSL_set_session() is passed a NULL session, it now clears the
+      current session-id.
+
+22-Sep-97
+    - Added a '-ss_cert file' to apps/ca.c.  This will sign selfsigned
+      certificates.
+    - Bug in crypto/evp/encode.c where by decoding of 65 base64
+      encoded lines, one line at a time (via a memory BIO) would report
+      EOF after the first line was decoded.
+    - Fix in X509_find_by_issuer_and_serial() from
+      Dr Stephen Henson <shenson@bigfoot.com>
+
+19-Sep-97
+    - NO_FP_API and NO_STDIO added.
+    - Put in sh config command.  It auto runs Configure with the correct
+      parameters.
+
+18-Sep-97
+    - Fix x509.c so if a DSA cert has different parameters to its parent,
+      they are left in place.  Not tested yet.
+
+16-Sep-97
+    - ssl_create_cipher_list() had some bugs, fixes from
+      Patrick Eisenacher <eisenach@stud.uni-frankfurt.de>
+    - Fixed a bug in the Base64 BIO, where it would return 1 instead
+      of -1 when end of input was encountered but should retry.
+      Basically a Base64/Memory BIO interaction problem.
+    - Added a HMAC set of functions in preporarion for TLS work.
+
+15-Sep-97
+    - Top level makefile tweak - Cameron Simpson <cs@zip.com.au>
+    - Prime generation spead up %25 (512 bit prime, pentium pro linux)
+      by using montgomery multiplication in the prime number test.
+
+11-Sep-97
+    - Ugly bug in ssl3_write_bytes().  Basically if application land
+      does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code
+      did not check the size and tried to copy the entire buffer.
+      This would tend to cause memory overwrites since SSLv3 has
+      a maximum packet size of 16k.  If your program uses
+      buffers <= 16k, you would probably never see this problem.
+    - Fixed a new errors that were cause by malloc() not returning
+      0 initialised memory..
+    - SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using
+      SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing
+      since this flags stops SSLeay being able to handle client
+      cert requests correctly.
+
+08-Sep-97
+    - SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added.  When switched
+      on, the SSL server routines will not use a SSL_SESSION that is
+      held in it's cache.  This in intended to be used with the session-id
+      callbacks so that while the session-ids are still stored in the
+      cache, the decision to use them and how to look them up can be
+      done by the callbacks.  The are the 'new', 'get' and 'remove'
+      callbacks.  This can be used to determine the session-id
+      to use depending on information like which port/host the connection
+      is coming from.  Since the are also SSL_SESSION_set_app_data() and
+      SSL_SESSION_get_app_data() functions, the application can hold
+      information against the session-id as well.
+
+03-Sep-97
+    - Added lookup of CRLs to the by_dir method,
+      X509_load_crl_file() also added.  Basically it means you can
+      lookup CRLs via the same system used to lookup certificates.
+    - Changed things so that the X509_NAME structure can contain
+      ASN.1 BIT_STRINGS which is required for the unique
+      identifier OID.
+    - Fixed some problems with the auto flushing of the session-id
+      cache.  It was not occuring on the server side.
+
+02-Sep-97
+    - Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size)
+      which is the maximum number of entries allowed in the
+      session-id cache.  This is enforced with a simple FIFO list.
+      The default size is 20*1024 entries which is rather large :-).
+      The Timeout code is still always operating.
+
+01-Sep-97
+    - Added an argument to all the 'generate private key/prime`
+      callbacks.  It is the last parameter so this should not
+      break existing code but it is needed for C++.
+    - Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64()
+      BIO.  This lets the BIO read and write base64 encoded data
+      without inserting or looking for '\n' characters.  The '-A'
+      flag turns this on when using apps/enc.c.
+    - RSA_NO_PADDING added to help BSAFE functionality.  This is a
+      very dangerous thing to use, since RSA private key
+      operations without random padding bytes (as PKCS#1 adds) can
+      be attacked such that the private key can be revealed.
+    - ASN.1 bug and rc2-40-cbc and rc4-40 added by
+      Dr Stephen Henson <shenson@bigfoot.com>
+
+31-Aug-97 (stuff added while I was away)    
+    - Linux pthreads by Tim Hudson (tjh@cryptsoft.com).
+    - RSA_flags() added allowing bypass of pub/priv match check
+      in ssl/ssl_rsa.c - Tim Hudson.
+    - A few minor bugs.
+
+SSLeay 0.8.1 released.
+
+19-Jul-97
+    - Server side initated dynamic renegotiation is broken.  I will fix
+      it when I get back from holidays.
+
+15-Jul-97
+    - Quite a few small changes.
+    - INVALID_SOCKET usage cleanups from Alex Kiernan <alex@hisoft.co.uk>
+
+09-Jul-97
+    - Added 2 new values to the SSL info callback.
+      SSL_CB_START which is passed when the SSL protocol is started
+      and SSL_CB_DONE when it has finished sucsessfully.
+
+08-Jul-97
+    - Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c
+      that related to DSA public/private keys.
+    - Added all the relevent PEM and normal IO functions to support
+      reading and writing RSAPublic keys.
+    - Changed makefiles to use ${AR} instead of 'ar r'
+
+07-Jul-97
+    - Error in ERR_remove_state() that would leave a dangling reference
+      to a free()ed location - thanks to Alex Kiernan <alex@hisoft.co.uk>
+    - s_client now prints the X509_NAMEs passed from the server
+      when requesting a client cert.
+    - Added a ssl->type, which is one of SSL_ST_CONNECT or
+      SSL_ST_ACCEPT.  I had to add it so I could tell if I was
+      a connect or an accept after the handshake had finished.
+    - SSL_get_client_CA_list(SSL *s) now returns the CA names
+      passed by the server if called by a client side SSL.
+
+05-Jul-97
+    - Bug in X509_NAME_get_text_by_OBJ(), looking starting at index
+      0, not -1 :-(  Fix from Tim Hudson (tjh@cryptsoft.com).
+
+04-Jul-97
+    - Fixed some things in X509_NAME_add_entry(), thanks to
+      Matthew Donald <matthew@world.net>.
+    - I had a look at the cipher section and though that it was a
+      bit confused, so I've changed it.
+    - I was not setting up the RC4-64-MD5 cipher correctly.  It is
+      a MS special that appears in exported MS Money.
+    - Error in all my DH ciphers.  Section 7.6.7.3 of the SSLv3
+      spec.  I was missing the two byte length header for the
+      ClientDiffieHellmanPublic value.  This is a packet sent from
+      the client to the server.  The SSL_OP_SSLEAY_080_CLIENT_DH_BUG
+      option will enable SSLeay server side SSLv3 accept either
+      the correct or my 080 packet format.
+    - Fixed a few typos in crypto/pem.org.
+
+02-Jul-97
+    - Alias mapping for EVP_get_(digest|cipher)byname is now
+      performed before a lookup for actual cipher.  This means
+      that an alias can be used to 're-direct' a cipher or a
+      digest.
+    - ASN1_read_bio() had a bug that only showed up when using a
+      memory BIO.  When EOF is reached in the memory BIO, it is
+      reported as a -1 with BIO_should_retry() set to true.
+
+01-Jul-97
+    - Fixed an error in X509_verify_cert() caused by my
+      miss-understanding how 'do { contine } while(0);' works.
+      Thanks to Emil Sit <sit@mit.edu> for educating me :-)
+
+30-Jun-97
+    - Base64 decoding error.  If the last data line did not end with
+      a '=', sometimes extra data would be returned.
+    - Another 'cut and paste' bug in x509.c related to setting up the
+      STDout BIO.
+
+27-Jun-97
+    - apps/ciphers.c was not printing due to an editing error.
+    - Alex Kiernan <alex@hisoft.co.uk> send in a nice fix for
+      a library build error in util/mk1mf.pl
+
+26-Jun-97
+    - Still did not have the auto 'experimental' code removal
+      script correct.
+    - A few header tweaks for Watcom 11.0 under Win32 from
+      Rolf Lindemann <Lindemann@maz-hh.de>
+    - 0 length OCTET_STRING bug in asn1_parse
+    - A minor fix with an non-existent function in the MS .def files.
+    - A few changes to the PKCS7 stuff.
+
+25-Jun-97
+    SSLeay 0.8.0 finally it gets released.
+
+24-Jun-97
+    Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to
+    use a temporary RSA key.  This is experimental and needs some more work.
+    Fixed a few Win16 build problems.
+
+23-Jun-97
+    SSLv3 bug. I was not doing the 'lookup' of the CERT structure
+    correctly. I was taking the SSL->ctx->default_cert when I should
+    have been using SSL->cert. The bug was in ssl/s3_srvr.c
+
+20-Jun-97
+    X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the
+    rest of the library. Even though I had the code required to do
+    it correctly, apps/req.c was doing the wrong thing.  I have fixed
+    and tested everything.
+
+    Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c.
+
+19-Jun-97
+    Fixed a bug in the SSLv2 server side first packet handling. When
+    using the non-blocking test BIO, the ssl->s2->first_packet flag
+    was being reset when a would-block failure occurred when reading
+    the first 5 bytes of the first packet. This caused the checking
+    logic to run at the wrong time and cause an error.
+
+    Fixed a problem with specifying cipher. If RC4-MD5 were used,
+    only the SSLv3 version would be picked up.  Now this will pick
+    up both SSLv2 and SSLv3 versions. This required changing the
+    SSL_CIPHER->mask values so that they only mask the ciphers,
+    digests, authentication, export type and key-exchange algorithms.
+
+    I found that when a SSLv23 session is established, a reused
+    session, of type SSLv3 was attempting to write the SSLv2 
+    ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char 
+    method has been modified so it will only write out cipher which
+    that method knows about.  
+
+
+ Changes between 0.8.0 and 0.8.1
+
+  *) Mostly bug fixes. 
+     There is an Ephemeral DH cipher problem which is fixed.
+
+ SSLeay 0.8.0
+
+This version of SSLeay has quite a lot of things different from the
+previous version.
+
+Basically check all callback parameters, I will be producing documentation
+about how to use things in th future.  Currently I'm just getting 080 out
+the door.  Please not that there are several ways to do everything, and
+most of the applications in the apps directory are hybrids, some using old
+methods and some using new methods.
+
+Have a look in demos/bio for some very simple programs and
+apps/s_client.c and apps/s_server.c for some more advanced versions.
+Notes are definitly needed but they are a week or so away.
+
+Anyway, some quick nots from Tim Hudson (tjh@cryptsoft.com)
+---
+Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to
+get those people that want to move to using the new code base off to
+a quick start.
+
+Note that Eric has tidied up a lot of the areas of the API that were
+less than desirable and renamed quite a few things (as he had to break
+the API in lots of places anyrate). There are a whole pile of additional
+functions for making dealing with (and creating) certificates a lot
+cleaner.
+
+01-Jul-97
+Tim Hudson
+tjh@cryptsoft.com
+
+---8<---
+
+To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could
+use something like the following (assuming you #include "crypto.h" which
+is something that you really should be doing).
+
+#if SSLEAY_VERSION_NUMBER >= 0x0800
+#define SSLEAY8
+#endif
+
+buffer.h -> splits into buffer.h and bio.h so you need to include bio.h
+            too if you are working with BIO internal stuff (as distinct
+        from simply using the interface in an opaque manner)
+
+#include "bio.h"    - required along with "buffer.h" if you write
+              your own BIO routines as the buffer and bio
+              stuff that was intermixed has been separated
+              out 
+            
+envelope.h -> evp.h  (which should have been done ages ago)
+
+Initialisation ... don't forget these or you end up with code that
+is missing the bits required to do useful things (like ciphers):
+
+SSLeay_add_ssl_algorithms()
+(probably also want SSL_load_error_strings() too but you should have
+ already had that call in place)
+
+SSL_CTX_new()   - requires an extra method parameter
+              SSL_CTX_new(SSLv23_method()) 
+              SSL_CTX_new(SSLv2_method()) 
+              SSL_CTX_new(SSLv3_method()) 
+
+          OR to only have the server or the client code
+              SSL_CTX_new(SSLv23_server_method()) 
+              SSL_CTX_new(SSLv2_server_method()) 
+              SSL_CTX_new(SSLv3_server_method()) 
+          or  
+              SSL_CTX_new(SSLv23_client_method()) 
+              SSL_CTX_new(SSLv2_client_method()) 
+              SSL_CTX_new(SSLv3_client_method()) 
+
+SSL_set_default_verify_paths() ... renamed to the more appropriate
+SSL_CTX_set_default_verify_paths()
+
+If you want to use client certificates then you have to add in a bit
+of extra stuff in that a SSLv3 server sends a list of those CAs that
+it will accept certificates from ... so you have to provide a list to
+SSLeay otherwise certain browsers will not send client certs.
+
+SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
+
+
+X509_NAME_oneline(X)    -> X509_NAME_oneline(X,NULL,0)  
+               or provide a buffer and size to copy the
+               result into
+
+X509_add_cert ->  X509_STORE_add_cert (and you might want to read the
+          notes on X509_NAME structure changes too)
+
+
+VERIFICATION CODE
+=================
+
+The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to
+more accurately reflect things.
+
+The verification callback args are now packaged differently so that
+extra fields for verification can be added easily in future without
+having to break things by adding extra parameters each release :-)
+
+X509_cert_verify_error_string -> X509_verify_cert_error_string
+
+
+BIO INTERNALS
+=============
+
+Eric has fixed things so that extra flags can be introduced in
+the BIO layer in future without having to play with all the BIO
+modules by adding in some macros.
+
+The ugly stuff using 
+    b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY)
+becomes
+    BIO_clear_retry_flags(b)
+
+    b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)
+becomes
+    BIO_set_retry_read(b)
+
+Also ... BIO_get_retry_flags(b), BIO_set_flags(b)
+
+
+
+OTHER THINGS
+============
+
+X509_NAME has been altered so that it isn't just a STACK ... the STACK
+is now in the "entries" field ... and there are a pile of nice functions
+for getting at the details in a much cleaner manner.
+
+SSL_CTX has been altered ... "cert" is no longer a direct member of this
+structure ... things are now down under "cert_store" (see x509_vfy.h) and
+things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE.
+If your code "knows" about this level of detail then it will need some 
+surgery.
+
+If you depending on the incorrect spelling of a number of the error codes
+then you will have to change your code as these have been fixed.
+
+ENV_CIPHER "type" got renamed to "nid" and as that is what it actually
+has been all along so this makes things clearer.
+ify_cert_error_string(ctx->error));
+
+SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST
+            and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO
+
+
+
+ Changes between 0.7.x and 0.8.0
+  
+  *) There have been lots of changes, mostly the addition of SSLv3.
+     There have been many additions from people and amongst
+     others, C2Net has assisted greatly.
+ 
+ Changes between 0.7.x and 0.7.x
+
+  *) Internal development version only
+
+SSLeay 0.6.6 13-Jan-1997
+
+The main additions are
+
+- assember for x86 DES improvments.
+  From 191,000 per second on a pentium 100, I now get 281,000.  The inner
+  loop and the IP/FP modifications are from
+  Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>.  Many thanks for his
+  contribution.
+- The 'DES macros' introduced in 0.6.5 now have 3 types.
+  DES_PTR1, DES_PTR2 and 'normal'.  As per before, des_opts reports which
+  is best and there is a summery of mine in crypto/des/options.txt
+- A few bug fixes.
+- Added blowfish.  It is not used by SSL but all the other stuff that
+  deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes.
+  There are 3 options for optimising Blowfish.  BF_PTR, BF_PTR2 and 'normal'.
+  BF_PTR2 is pentium/x86 specific.  The correct option is setup in
+  the 'Configure' script.
+- There is now a 'get client certificate' callback which can be
+  'non-blocking'.  If more details are required, let me know.  It will
+  documented more in SSLv3 when I finish it.
+- Bug fixes from 0.6.5 including the infamous 'ca' bug.  The 'make test'
+  now tests the ca program.
+- Lots of little things modified and tweaked.
+
+ SSLeay 0.6.5
 
 After quite some time (3 months), the new release.  I have been very busy
 for the last few months and so this is mostly bug fixes and improvments.
@@ -57,7 +582,7 @@ The main changes in this release
 - 'ssleay ciphers' added, lists the default cipher list for SSLeay.
 - RC2 key setup is now compatable with Netscape.
 - Modifed server side of SSL implementation, big performance difference when
-	  using session-id reuse.
+      using session-id reuse.
 
 0.6.3
 
@@ -186,16 +711,16 @@ The wrappers are easy to write
 
 function_fp(fp,x)
 FILE *fp;
-	{
-	BIO *b;
-	int ret;
-
-	if ((b=BIO_new(BIO_s_file())) == NULL) error.....
-	BIO_set_fp(b,fp,BIO_NOCLOSE);
-	ret=function_bio(b,x);
-	BIO_free(b);
-	return(ret);
-	}
+    {
+    BIO *b;
+    int ret;
+
+    if ((b=BIO_new(BIO_s_file())) == NULL) error.....
+    BIO_set_fp(b,fp,BIO_NOCLOSE);
+    ret=function_bio(b,x);
+    BIO_free(b);
+    return(ret);
+    }
 Remember, there are no functions that take FILE * in SSLeay when
 compiled for Windows 3.1 DLL's.
 
@@ -236,8 +761,8 @@ The list of things to read and do
 
 dgst -d
 s_client -state (this uses a callback placed in the SSL state loop and
-		will be used else-where to help debug/monitor what
-		is happening.)
+        will be used else-where to help debug/monitor what
+        is happening.)
 
 doc/why.doc
 doc/bio.doc <- hmmm, needs lots of work.
diff --git a/lib/libssl/src/COPYRIGHT b/lib/libssl/src/COPYRIGHT
deleted file mode 100644
index 4faa8c0a46c..00000000000
--- a/lib/libssl/src/COPYRIGHT
+++ /dev/null
@@ -1,65 +0,0 @@
-Copyright (C) 1997 Eric Young (eay@cryptsoft.com)
-All rights reserved.
-
-This package is an SSL implementation written by Eric Young (eay@cryptsoft.com).
-The implementation was written so as to conform with Netscapes SSL.
-
-This library is free for commercial and non-commercial use as long as
-the following conditions are aheared to.  The following conditions
-apply to all code found in this distribution, be it the RC4, RSA,
-lhash, DES, etc., code; not just the SSL code.  The SSL documentation
-included with this distribution is covered by the same copyright terms
-except that the holder is Tim Hudson (tjh@cryptsoft.com).
-
-Please note that MD2, MD5 and IDEA are publically available standards
-that contain sample implementations, I have re-coded them in my own
-way but there is nothing special about those implementations.  The DES
-library is another mater :-).
-
-Copyright remains Eric Young's, and as such any Copyright notices in
-the code are not to be removed.
-If this package is used in a product, Eric Young should be given attribution
-as the author of the parts of the library used.
-This can be in the form of a textual message at program startup or
-in documentation (online or textual) provided with the package.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the copyright
-   notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-3. All advertising materials mentioning features or use of this software
-   must display the following acknowledgement:
-   "This product includes cryptographic software written by
-    Eric Young (eay@cryptsoft.com)"
-   The word 'cryptographic' can be left out if the rouines from the library
-   being used are not cryptographic related :-).
-4. If you include any Windows specific code (or a derivative thereof) from 
-   the apps directory (application code) you must include an acknowledgement:
-   "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
-
-THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
-The licence and distribution terms for any publically available version or
-derivative of this code cannot be changed.  i.e. this code cannot simply be
-copied and put under another distribution licence
-[including the GNU Public Licence.]
-
-The reason behind this being stated in this direct manner is past
-experience in code simply being copied and the attribution removed
-from it and then being distributed as part of other packages. This
-implementation was a non-trivial and unpaid effort.
-
diff --git a/lib/libssl/src/Configure b/lib/libssl/src/Configure
index 8b9ecbcdef2..fdad0c238c1 100644
--- a/lib/libssl/src/Configure
+++ b/lib/libssl/src/Configure
@@ -1,17 +1,37 @@
-#!/usr/bin/perl
+:
+eval 'exec perl -S $0 ${1+"$@"}'
+    if $running_under_some_shell;
+##
+##  Configure -- OpenSSL source tree configuration script
+##
 
-# see PROBLEMS for instructions on what sort of things to do when 
-# tracking a bug --tjh
+require 5.000;
+use strict;
+
+# see INSTALL for instructions.
+
+my $usage="Usage: Configure [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [rsaref] [no-threads] [no-asm] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] os/compiler[:flags]\n";
+
+# Options:
 #
-# extra options
-# -DRSAref	build to use RSAref
-# -DNO_IDEA	build with no IDEA algorithm
-# -DNO_RC4	build with no RC4 algorithm
-# -DNO_RC2	build with no RC2 algorithm
-# -DNO_BF	build with no Blowfish algorithm
-# -DNO_DES	build with no DES/3DES algorithm
-# -DNO_MD2	build with no MD2 algorithm
+# --openssldir  install OpenSSL in OPENSSLDIR (Default: DIR/ssl if the
+#               --prefix option is given; /usr/local/ssl otherwise)
+# --prefix      prefix for the OpenSSL include, lib and bin directories
+#               (Default: the OPENSSLDIR directory)
 #
+# --install_prefix  Additional prefix for package builders (empty by
+#               default).  This needn't be set in advance, you can
+#               just as well use "make INSTALL_PREFIX=/whatever install".
+#
+# rsaref        use RSAref
+# [no-]threads  [don't] try to create a library that is suitable for
+#               multithreaded applications (default is "threads" if we
+#               know how to do it)
+# no-asm        do not use assembler
+# 386           generate 80386 code
+# no-<cipher>   build without specified algorithm (rsa, idea, rc5, ...)
+# -<xxx> +<xxx> compiler options are passed through 
+# 
 # DES_PTR	use pointer lookup vs arrays in the DES in crypto/des/des_locl.h
 # DES_RISC1	use different DES_ENCRYPT macro that helps reduce register
 #		dependancies but needs to more registers, good for RISC CPU's
@@ -32,124 +52,181 @@
 # RC4_INDEX	define RC4_INDEX in crypto/rc4/rc4_locl.h.  This turns on
 #		array lookups instead of pointer use.
 # BF_PTR	use 'pointer arithmatic' for Blowfish (unsafe on Alpha).
-# BF_PTR2	use a pentium/intel specific version.
+# BF_PTR2	intel specific version (generic version is more efficient).
 # MD5_ASM	use some extra md5 assember,
 # SHA1_ASM	use some extra sha1 assember, must define L_ENDIAN for x86
 # RMD160_ASM	use some extra ripemd160 assember,
-# BN_ASM	use some extra bn assember,
 
-$x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
+my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
 
 # MD2_CHAR slags pentium pros
-$x86_gcc_opts="RC4_INDEX MD2_INT BF_PTR2";
+my $x86_gcc_opts="RC4_INDEX MD2_INT";
 
 # MODIFY THESE PARAMETERS IF YOU ARE GOING TO USE THE 'util/speed.sh SCRIPT
 # Don't worry about these normally
 
-$tcc="cc";
-$tflags="-fast -Xa";
-$tbn_mul="";
-$tlib="-lnsl -lsocket";
+my $tcc="cc";
+my $tflags="-fast -Xa";
+my $tbn_mul="";
+my $tlib="-lnsl -lsocket";
 #$bits1="SIXTEEN_BIT ";
 #$bits2="THIRTY_TWO_BIT ";
-$bits1="THIRTY_TWO_BIT ";
-$bits2="SIXTY_FOUR_BIT ";
+my $bits1="THIRTY_TWO_BIT ";
+my $bits2="SIXTY_FOUR_BIT ";
 
-$x86_sol_asm="asm/bn86-sol.o:asm/dx86-sol.o:asm/yx86-sol.o:asm/bx86-sol.o:asm/mx86-sol.o:asm/sx86-sol.o:asm/cx86-sol.o:asm/rx86-sol.o:asm/rm86-sol.o:asm/r586-sol.o";
-$x86_elf_asm="asm/bn86-elf.o:asm/dx86-elf.o asm/yx86-elf.o:asm/bx86-elf.o:asm/mx86-elf.o:asm/sx86-elf.o:asm/cx86-elf.o:asm/rx86-elf.o:asm/rm86-elf.o:asm/r586-elf.o";
-$x86_out_asm="asm/bn86-out.o:asm/dx86-out.o asm/yx86-out.o:asm/bx86-out.o:asm/mx86-out.o:asm/sx86-out.o:asm/cx86-out.o:asm/rx86-out.o:asm/rm86-out.o:asm/r586-out.o";
-$x86_bsdi_asm="asm/bn86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/bx86bsdi.o:asm/mx86bsdi.o:asm/sx86bsdi.o:asm/cx86bsdi.o:asm/rx86bsdi.o:asm/rm86bsdi.o:asm/r586bsdi.o";
+my $x86_sol_asm="asm/bn86-sol.o asm/co86-sol.o:asm/dx86-sol.o asm/yx86-sol.o:asm/bx86-sol.o:asm/mx86-sol.o:asm/sx86-sol.o:asm/cx86-sol.o:asm/rx86-sol.o:asm/rm86-sol.o:asm/r586-sol.o";
+my $x86_elf_asm="asm/bn86-elf.o asm/co86-elf.o:asm/dx86-elf.o asm/yx86-elf.o:asm/bx86-elf.o:asm/mx86-elf.o:asm/sx86-elf.o:asm/cx86-elf.o:asm/rx86-elf.o:asm/rm86-elf.o:asm/r586-elf.o";
+my $x86_out_asm="asm/bn86-out.o asm/co86-out.o:asm/dx86-out.o asm/yx86-out.o:asm/bx86-out.o:asm/mx86-out.o:asm/sx86-out.o:asm/cx86-out.o:asm/rx86-out.o:asm/rm86-out.o:asm/r586-out.o";
+my $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/bx86bsdi.o:asm/mx86bsdi.o:asm/sx86bsdi.o:asm/cx86bsdi.o:asm/rx86bsdi.o:asm/rm86bsdi.o:asm/r586bsdi.o";
 
 # -DB_ENDIAN slows things down on a sparc for md5, but helps sha1.
 # So the md5_locl.h file has an undef B_ENDIAN if sun is defined
 
 #config-string	CC : CFLAGS : LDFLAGS : special header file mods:bn_asm \
 # des_asm:bf_asm
-%table=(
-#"b",		"$tcc:$tflags:$tlib:$bits1:$tbn_mul::",
-#"bl-4c-2c",	"$tcc:$tflags:$tlib:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:$tbn_mul::",
-#"bl-4c-ri",	"$tcc:$tflags:$tlib:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:$tbn_mul::",
-#"b2-is-ri-dp",	"$tcc:$tflags:$tlib:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:$tbn_mul::",
-
-# A few of my development configs
-"purify",	"purify gcc:-g -DPURIFY -Wall:-lsocket -lnsl::::",
-"debug",	"gcc:-DREF_CHECK -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::::",
-"dist",		"cc:-O -DNOPROTO::::",
+my %table=(
+#"b",		"$tcc:$tflags::$tlib:$bits1:$tbn_mul::",
+#"bl-4c-2c",	"$tcc:$tflags::$tlib:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:$tbn_mul::",
+#"bl-4c-ri",	"$tcc:$tflags::$tlib:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:$tbn_mul::",
+#"b2-is-ri-dp",	"$tcc:$tflags::$tlib:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:$tbn_mul::",
+
+# Our development configs
+"purify",	"purify gcc:-g -DPURIFY -Wall::(unknown):-lsocket -lnsl::::",
+"debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown):-lefence::::",
+"debug-ben",	"gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -DPEDANTIC -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
+"debug-ben-debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
+"debug-ben-strict",	"gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown):::::",
+"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"debug-bodo",	"gcc:-DBIO_PAIR_DEBUG -DL_ENDIAN -DREF_CHECK -DCRYPTO_MDEBUG_ALL -g -m486 -Wall::-D_REENTRANT::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"dist",		"cc:-O::(unknown):::::",
 
 # Basic configs that should work on any box
-"gcc",		"gcc:-O3::BN_LLONG:::",
-"cc",		"cc:-O -DNOPROTO -DNOCONST:::::",
-
-
-# My solaris setups
-"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DBN_ASM:-lsocket -lnsl:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_sol_asm:",
-"solaris-sparc-gcc","gcc:-O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:::",
-# DO NOT use /xO[34] on sparc with SC3.0. 
-# It is broken, and will not pass the tests
-"solaris-sparc-cc","cc:-fast -O -Xa -DB_ENDIAN:\
-	-lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_UNROLL BF_PTR:asm/sparc.o::",
-# SC4.0 is ok, better than gcc, except for the bignum stuff.
-# -fast slows things like DES down quite a lot
-"solaris-sparc-sc4","cc:-xO5 -Xa -DB_ENDIAN:-lsocket -lnsl:\
-	BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparc.o::",
-"solaris-usparc-sc4","cc:-xtarget=ultra -xarch=v8plus -Xa -xO5 -DB_ENDIAN:\
-	-lsocket -lnsl:\
-	BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparc.o::",
+"gcc",		"gcc:-O3::(unknown)::BN_LLONG:::",
+"cc",		"cc:-O::(unknown):::::",
+
+#### Solaris x86 setups
+"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN::-D_REENTRANT:-lsocket -lnsl:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_sol_asm",
+
+#### SPARC Solaris with GNU C setups
+"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:::",
+"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8.o::",
+"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:",
+# gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8
+# but keep the assembler modules.
+"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o:",
+####
+"debug-solaris-sparcv8-gcc","gcc:-DREF_CHECK -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:::",
+"debug-solaris-sparcv9-gcc","gcc:-DREF_CHECK -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8plus.o::",
+
+#### SPARC Solaris with Sun C setups
+# DO NOT use /xO[34] on sparc with SC3.0.  It is broken, and will not pass the tests
+"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_UNROLL BF_PTR:::",
+# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
+# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
+# SC5.0 note: Compiler common patch 107357-01 or later is required!
+"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::",
+"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o::",
+"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:",
+"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:SIXTY_FOUR_BIT_LONG RC4_CHAR DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:",
+
+#### SPARC Linux setups
+"linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG RC4_CHAR DES_UNROLL BF_PTR::",
+# Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
+# assisted with debugging of following two configs.
+"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8.o::::",
+# it's a real mess with -mcpu=ultrasparc option under Linux, but
+# -Wa,-Av8plus should do the trick no matter what.
+"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:",
+# !!!Folowing can't be even tested yet!!!
+#    We have to wait till 64-bit glibc for SPARC is operational!!!
+#"linux64-sparcv9","sparc64-linux-gcc:-m64 -mcpu=v9 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:",
 
 # Sunos configs, assuming sparc for the gcc one.
-"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::DES_UNROLL:::",
-"sunos-gcc","gcc:-O3 -mv8::BN_LLONG RC4_CHAR DES_UNROLL DES_PTR DES_RISC1:::",
-
-# SGI configurations.  If the box is rather old (r3000 cpu), you will
-# probably have to remove the '-mips2' flag.  I've only been using
-# IRIX 5.[23].
-#"irix-gcc","gcc:-O2 -mips2::BN_LLONG RC4_INDEX RC4_CHAR:::",
-"irix-gcc","gcc:-O2 -DTERMIOS -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::",
-"irix-cc", "cc:-O2 -DTERMIOS -DB_ENDIAN::DES_PTR DES_RISC2 DES_UNROLL BF_PTR:asm/r3000.o::",
-"debug-irix-cc", "cc:-w2 -g -DCRYPTO_MDEBUG -DTERMIOS -DB_ENDIAN:::asm/r3000.o::",
-
-# HPUX config.  I've been building on HPUX 9, so the options may be
-# different on version 10.  The pa-risc2.o assember file is 2 times
-# faster than the old asm/pa-risc.o version but it may not run on old
-# PA-RISC CPUs.  If you have problems, swap back to the old one.
-# Both were generated by gcc, so use the C version with the PA-RISC specific
-# options turned on if you are using gcc.
-"hpux-cc",	"cc:-DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit +O4 -Wl,-a,archive::DES_PTR DES_UNROLL DES_RISC1:asm/pa-risc2.o::",
-"hpux-kr-cc",	"cc:-DB_ENDIAN -DNOCONST -DNOPROTO -D_HPUX_SOURCE::DES_PTR DES_UNROLL:asm/pa-risc2.o::",
-"hpux-gcc",	"gcc:-DB_ENDIAN -O3::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
-
-# Dec Alpha, OSF/1 - the alpha400-cc is the flags for a 21164A with
+##"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown)::DES_UNROLL:::",
+"sunos-gcc","gcc:-O3 -mv8::(unknown)::BN_LLONG RC4_CHAR DES_UNROLL DES_PTR DES_RISC1:::",
+
+#### IRIX 5.x configs
+# -mips2 flag is added by ./config when appropriate.
+"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::",
+"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:::",
+#### IRIX 6.x configs
+# Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
+# './Configure irix-[g]cc' manually.
+# -mips4 flag is added by ./config when appropriate.
+"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN::(unknown)::MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
+"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown)::DES_PTR DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
+# N64 ABI builds.
+"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN::(unknown)::DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::",
+"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown)::DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::",
+
+# HPUX 9.X config.
+# Don't use the bundled cc.  It is broken.  Use HP ANSI C if possible, or
+# egcs.  gcc 2.8.1 is also broken.
+
+"hpux-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O4 -z::(unknown)::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+# If hpux-cc fails (e.g. during "make test"), try the next one; otherwise,
+# please report your OS and compiler version to the bugs@openssl.org
+# mailing list.
+"hpux-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown)::DES_PTR DES_UNROLL DES_RISC1:::",
+
+"hpux-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+# If hpux-gcc fails, try this one:
+"hpux-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::DES_PTR DES_UNROLL DES_RISC1:::",
+
+# HPUX 10.X config.  Supports threads.
+"hpux10-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O4 -z::-D_REENTRANT::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+# If hpux10-cc fails, try this one (if still fails, try deleting BN_LLONG):
+"hpux10-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+
+"hpux10-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+# If hpux10-gcc fails, try this one:
+"hpux10-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::DES_PTR DES_UNROLL DES_RISC1:::",
+
+# HPUX 11.X from www.globus.org.
+# Only works on PA-RISC 2.0 cpus, and not optimized.  Why?
+"hpux11-32bit-cc","cc:+DA2.0 -DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT::DES_PTR DES_UNROLL DES_RISC1:::",
+"hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::",
+
+# Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with
 # the new compiler
-"alpha-gcc","gcc:-O3::SIXTY_FOUR_BIT_LONGS DES_INT DES_PTR DES_RISC2:asm/alpha.o::",
-"alpha-cc", "cc:-O2::SIXTY_FOUR_BIT_LONGS DES_INT DES_PTR DES_RISC2:asm/alpha.o::",
-"alpha400-cc", "cc:-arch host -tune host -fast -std -O4 -inline speed::SIXTY_FOUR_BIT_LONG:asm/alpha.o::",
+# For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
+"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG DES_UNROLL DES_RISC1:::",
+"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG:::",
+"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG:::",
+"FreeBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:::",
+
+# assembler versions -- currently defunct:
+##"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG DES_UNROLL DES_RISC1:asm/alpha.o::",
+##"alpha-cc", "cc:-tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG:asm/alpha.o::",
+##"alpha164-cc", "cc:-tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG:asm/alpha.o::",
+##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:asm/alpha.o::",
 
 # The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
 # bn86-elf.o file file since it is hand tweaked assembler.
-"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -DBN_ASM -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
-"debug-linux-elf","gcc:-DREF_CHECK -DBN_ASM -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall:-lefence:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
-"linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -DBN_ASM -O3 -fomit-frame-pointer -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
-"NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
-"NetBSD-m86",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
-"NetBSD-x86",	"gcc:-DTERMIOS -DBN_ASM -D_ANSI_SOURCE -O3 -fomit-frame-pointer -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
-"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall::SIXTY_FOUR_BIT_LONGS DES_INT DES_PTR DES_RISC2:::",
-"OpenBSD-x86",   "gcc:-DTERMIOS -DBN_ASM -DL_ENDIAN -D_ANSI_SOURCE -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
-"OpenBSD-bigendian", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
-"OpenBSD-pmax", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DL_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
-"OpenBSD-arc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DL_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
-"FreeBSD",   "gcc:-DTERMIOS -DBN_ASM -DL_ENDIAN -D_ANSI_SOURCE -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
-#"bsdi-gcc",     "gcc:-O3 -ffast-math -DBN_ASM -DL_ENDIAN -DPERL5 -m486::RSA_LLONG $x86_gc_des $x86_gcc_opts:$x86_bsdi_asm",
-"nextstep",	"cc:-O3 -Wall -DBN_ASM::BN_LLONG $x86_gcc_des $x86_gcc_opts:::",
+"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"debug-linux-elf","gcc:-DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+"linux-mips",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
+"linux-ppc",    "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::::",
+"NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
+"NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
+"NetBSD-x86",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
+"FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"FreeBSD",      "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+"bsdi-gcc",     "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown)::RSA_LLONG $x86_gcc_des $x86_gcc_opts:$x86_bsdi_asm",
+"bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"nextstep",	"cc:-O -Wall:<libc.h>:(unknown)::BN_LLONG $x86_gcc_des ${x86_gcc_opts}:::",
+"nextstep3.3",	"cc:-O3 -Wall:<libc.h>:(unknown)::BN_LLONG $x86_gcc_des ${x86_gcc_opts}:::",
 # NCR MP-RAS UNIX ver 02.03.01
-"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw:-lsocket -lnsl:$x86_gcc_des $x86_gcc_opts:::",
+"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown):-lsocket -lnsl:$x86_gcc_des ${x86_gcc_opts}:::",
 
 # UnixWare 2.0
-"unixware-2.0","cc:-O -DFILIO_H:-lsocket -lnsl:$x86_gcc_des $x86_gcc_opts:::",
-"unixware-2.0-pentium","cc:-O -DFILIO_H -Kpentium -Kthread:-lsocket -lnsl:MD2_CHAR RC4_INDEX $x86_des_des::",
+"unixware-2.0","cc:-O -DFILIO_H::(unknown):-lsocket -lnsl:$x86_gcc_des ${x86_gcc_opts}:::",
+"unixware-2.0-pentium","cc:-O -DFILIO_H -Kpentium -Kthread::(unknown):-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
 
 # IBM's AIX.
-"aix-cc",   "cc:-O -DAIX -DB_ENDIAN::BN_LLONG RC4_CHAR:::",
-"aix-gcc",  "gcc:-O2 -DAIX -DB_ENDIAN::BN_LLONG RC4_CHAR:::",
+"aix-cc",   "cc:-O -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::",
+"aix-gcc",  "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::",
 
 #
 # Cray T90 (SDSC)
@@ -162,104 +239,257 @@ $x86_bsdi_asm="asm/bn86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/bx86bsdi.o:asm/m
 #'Taking the address of a bit field is not allowed. '
 #'An expression with bit field exists as the operand of "sizeof" '
 # (written by Wayne Schroeder <schroede@SDSC.EDU>)
-"cray-t90-cc", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::SIXTY_FOUR_BIT_LONG DES_INT:::",
+"cray-t90-cc", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT:::",
+
+#
+# Cray T3E (Research Center Juelich, beckman@acl.lanl.gov)
+#
+# The BIT_FIELD_LIMITS define was written for the C90 (it seems).  I added
+# another use.  Basically, the problem is that the T3E uses some bit fields
+# for some st_addr stuff, and then sizeof and address-of fails
+# I could not use the ams/alpha.o option because the Cray assembler, 'cam'
+# did not like it.
+"cray-t3e", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT:::",
 
 # DGUX, 88100.
-"dgux-R3-gcc",	"gcc:-O3 -fomit-frame-pointer::RC4_INDEX DES_UNROLL:::",
-"dgux-R4-gcc",	"gcc:-O3 -fomit-frame-pointer:-lnsl -lsocket:RC4_INDEX:RC4_INDEX DES_UNROLL:::",
-"dgux-R4-x86-gcc",	"gcc:-O3 -DBN_ASM -fomit-frame-pointer -DL_ENDIAN:-lnsl -lsocket:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"dgux-R3-gcc",	"gcc:-O3 -fomit-frame-pointer::(unknown)::RC4_INDEX DES_UNROLL:::",
+"dgux-R4-gcc",	"gcc:-O3 -fomit-frame-pointer::(unknown):-lnsl -lsocket:RC4_INDEX:RC4_INDEX DES_UNROLL:::",
+"dgux-R4-x86-gcc",	"gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown):-lnsl -lsocket:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
 
-# SCO 5
-"sco5-cc",  "cc:-O:-lsocket:$x86_gcc_des $x86_gcc_opts:::", # des options?
+# SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the
+# SCO cc.
+"sco5-cc",  "cc:::(unknown):-lsocket:$x86_gcc_des ${x86_gcc_opts}:::", # des options?
+"sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown):-lsocket:BN_LLONG $x86_gcc_des ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
 
-# Sinix RM400
-"SINIX-N","/usr/ucb/cc:-O2 -misaligned:-lucb:RC4_INDEX RC4_CHAR:::",
+# Sinix/ReliantUNIX RM400
+# NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g  */
+"ReliantUNIX","cc:-KPIC -g -DSNI -DTERMIOS -DB_ENDIAN::-Kthread:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:::",
+"SINIX","cc:-O -DSNI::(unknown):-lsocket -lnsl -lc -L/usr/ucblib -lucb:RC4_INDEX RC4_CHAR:::",
+"SINIX-N","/usr/ucb/cc:-O2 -misaligned::(unknown):-lucb:RC4_INDEX RC4_CHAR:::",
+
+# SIEMENS BS2000/OSD: an EBCDIC-based mainframe
+"BS2000-OSD","c89:-XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC::(unknown):-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
 
 # Windows NT, Microsoft Visual C++ 4.0
 
-# hmm... bug in perl under NT, I need to concatinate :-(
-"VC-NT","cl:::BN_LLONG RC4_INDEX ".$x86_gcc_opts.":::",
-"VC-WIN32","cl:::BN_LLONG RC4_INDEX ".$x86_gcc_opts.":::",
-"VC-WIN16","cl:::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
-"VC-W31-16","cl:::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
-"VC-W31-32","cl:::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
-"VC-MSDOS","cl:::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
+"VC-NT","cl:::::BN_LLONG RC4_INDEX ${x86_gcc_opts}:::",
+"VC-WIN32","cl:::::BN_LLONG RC4_INDEX ${x86_gcc_opts}:::",
+"VC-WIN16","cl:::(unknown)::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
+"VC-W31-16","cl:::(unknown)::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
+"VC-W31-32","cl:::::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
+"VC-MSDOS","cl:::(unknown)::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
 
 # Borland C++ 4.5
-"BC-32","bcc32:::DES_PTR RC4_INDEX:::",
-"BC-16","bcc:::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::",
-);
+"BC-32","bcc32:::::BN_LLONG DES_PTR RC4_INDEX:::",
+"BC-16","bcc:::(unknown)::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::",
+
+# CygWin32
+# (Note: the real CFLAGS for Windows builds are defined by util/mk1mf.pl
+# and its library files in util/pl/*)
+"CygWin32", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
+"Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
+
+# Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
+"ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown)::::::",
+"ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown)::::::",
+# K&R C is no longer supported; you need gcc on old Ultrix installations
+##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown)::::::",
+
+# Some OpenBSD from Bob Beck <beck@obtuse.com>
+"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:::",
+"OpenBSD-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+"OpenBSD",      "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL:::",
+"OpenBSD-mips","gcc:-O2 -DL_ENDIAN::(unknown):BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::",
 
-$postfix="org";
-$Makefile="Makefile.ssl";
-$des_locl="crypto/des/des_locl.h";
-$des	="crypto/des/des.h";
-$bn	="crypto/bn/bn.h";
-$md2	="crypto/md2/md2.h";
-$rc4	="crypto/rc4/rc4.h";
-$rc4_locl="crypto/rc4/rc4_locl.h";
-$idea	="crypto/idea/idea.h";
-$rc2	="crypto/rc2/rc2.h";
-$bf	="crypto/bf/bf_locl.h";
-$bn_mulw="bn_mulw.o";
-$des_enc="des_enc.o fcrypt_b.o";
-$bf_enc	="bf_enc.o";
-$cast_enc="c_enc.o";
-$rc4_enc="rc4_enc.o";
-$rc5_enc="rc5_enc.o";
-$md5_obj="";
-$sha1_obj="";
-$rmd160_obj="";
-
-if ($#ARGV < 0)
-	{
-	&bad_target;
-	exit(1);
-	}
+);
 
-$flags="";
+my @WinTargets=qw(VC-NT VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS BC-32
+	BC-16 CygWin32 Mingw32);
+
+my $prefix="";
+my $openssldir="";
+my $install_prefix="";
+my $no_threads=0;
+my $threads=0;
+my $no_asm=0;
+my @skip=();
+my $Makefile="Makefile.ssl";
+my $des_locl="crypto/des/des_locl.h";
+my $des	="crypto/des/des.h";
+my $bn	="crypto/bn/bn.h";
+my $md2	="crypto/md2/md2.h";
+my $rc4	="crypto/rc4/rc4.h";
+my $rc4_locl="crypto/rc4/rc4_locl.h";
+my $idea	="crypto/idea/idea.h";
+my $rc2	="crypto/rc2/rc2.h";
+my $bf	="crypto/bf/bf_locl.h";
+my $bn_asm	="bn_asm.o";
+my $des_enc="des_enc.o fcrypt_b.o";
+my $bf_enc	="bf_enc.o";
+my $cast_enc="c_enc.o";
+my $rc4_enc="rc4_enc.o";
+my $rc5_enc="rc5_enc.o";
+my $md5_obj="";
+my $sha1_obj="";
+my $rmd160_obj="";
+my $processor="";
+my $ranlib;
+my $perl;
+
+$ranlib=&which("ranlib") or $ranlib="true";
+$perl=&which("perl5") or $perl=&which("perl") or $perl="perl";
+
+&usage if ($#ARGV < 0);
+
+my $flags="";
+my $depflags="";
+my $libs="";
+my $target="";
+my $options="";
 foreach (@ARGV)
 	{
-	if ($_ =~ /^-/)
+	if (/^no-asm$/)
+	 	{
+		$no_asm=1;
+		$flags .= "-DNO_ASM ";
+		}
+	elsif (/^no-threads$/)
+		{ $no_threads=1; }
+	elsif (/^threads$/)
+		{ $threads=1; }
+	elsif (/^no-(.+)$/)
+		{
+		my $algo=$1;
+		push @skip,$algo;
+		$algo =~ tr/[a-z]/[A-Z]/;
+		$flags .= "-DNO_$algo ";
+		$depflags .= "-DNO_$algo ";
+		if ($algo eq "DES")
+			{
+			$options .= " no-mdc2";
+			$flags .= "-DNO_MDC2 ";
+			$depflags .= "-DNO_MDC2 ";
+			}
+		}
+	elsif (/^386$/)
+		{ $processor=386; }
+	elsif (/^rsaref$/)
+		{
+		$libs.= "-lRSAglue -lrsaref ";
+		$flags.= "-DRSAref ";
+		}
+	elsif (/^[-+]/)
 		{
-		if ($_ =~ /^-[lL](.*)$/)
+		if (/^-[lL](.*)$/)
 			{
 			$libs.=$_." ";
 			}
-		elsif ($_ =~ /^-D(.*)$/)
+		elsif (/^-[^-]/ or /^\+/)
 			{
 			$flags.=$_." ";
 			}
+		elsif (/^--prefix=(.*)$/)
+			{
+			$prefix=$1;
+			}
+		elsif (/^--openssldir=(.*)$/)
+			{
+			$openssldir=$1;
+			}
+		elsif (/^--install.prefix=(.*)$/)
+			{
+			$install_prefix=$1;
+			}
 		else
 			{
-			die "unknown options, only -Dxxx, -Lxxx -lxxx supported\n";
+			print STDERR $usage;
+			exit(1);
 			}
 		}
+	elsif ($_ =~ /^([^:]+):(.+)$/)
+		{
+		eval "\$table{\$1} = \"$2\""; # allow $xxx constructs in the string
+		$target=$1;
+		}
 	else
 		{
 		die "target already defined - $target\n" if ($target ne "");
 		$target=$_;
-		if (!defined($table{$target}))
-			{
-			&bad_target;
-			exit(1);
-			}
+		}
+	unless ($_ eq $target) {
+		if ($options eq "") {
+			$options = $_;
+		} else {
+			$options .= " ".$_;
 		}
 	}
+}
 
-if (!defined($table{$target}))
-	{
-	&bad_target;
-	exit(1);
+if ($target eq "TABLE") {
+	foreach $target (sort keys %table) {
+		print_table_entry($target);
 	}
+	exit 0;
+}
+
+&usage if (!defined($table{$target}));
+
+my $IsWindows=scalar grep /^$target$/,@WinTargets;
+
+$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
+$prefix=$openssldir if $prefix eq "";
+
+chop $openssldir if $openssldir =~ /\/$/;
+chop $prefix if $prefix =~ /\/$/;
 
-($cc,$cflags,$lflags,$bn_ops,$bn_obj,$des_obj,$bf_obj,$md5_obj,$sha1_obj,
-	$cast_obj,$rc4_obj,$rmd160_obj,$rc5_obj)=
-	split(/\s*:\s*/,$table{$target});
+$openssldir=$prefix . "/ssl" if $openssldir eq "";
+$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /^\//;
+
+
+print "IsWindows=$IsWindows\n";
+
+(my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
+ $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj)=
+	split(/\s*:\s*/,$table{$target} . ":" x 20 , -1);
 $cflags="$flags$cflags" if ($flags ne "");
+
+my $thread_cflags;
+if ($thread_cflag ne "(unknown)" && !$no_threads)
+	{
+	# If we know how to do it, support threads by default.
+	$threads = 1;
+	}
+if ($thread_cflag eq "(unknown)")
+	{
+	# If the user asked for "threads", hopefully they also provided
+	# any system-dependent compiler options that are necessary.
+	$thread_cflags="-DTHREADS $cflags" 
+	}
+else
+	{
+	$thread_cflags="-DTHREADS $thread_cflag $cflags" 
+	}	
+
 $lflags="$libs$lflags"if ($libs ne "");
 
-$bn_obj=$bn_mulw	unless ($bn_obj =~ /\.o$/);
+if ($no_asm)
+	{
+	$bn_obj=$des_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj="";
+	$sha1_obj=$md5_obj=$rmd160_obj="";
+	}
+
+if ($threads)
+	{
+		$cflags=$thread_cflags;
+	}
+
+#my ($bn1)=split(/\s+/,$bn_obj);
+#$bn1 = "" unless defined $bn1;
+#$bn1=$bn_asm unless ($bn1 =~ /\.o$/);
+#$bn_obj="$bn1";
+
+$bn_obj = $bn_asm unless $bn_obj ne "";
+
 $des_obj=$des_enc	unless ($des_obj =~ /\.o$/);
 $bf_obj=$bf_enc		unless ($bf_obj =~ /\.o$/);
 $cast_obj=$cast_enc	unless ($cast_obj =~ /\.o$/);
@@ -281,16 +511,50 @@ if ($rmd160_obj =~ /\.o$/)
 	$cflags.=" -DRMD160_ASM";
 	}
 
-$n=&file_new($Makefile);
-open(IN,"<".$Makefile) || die "unable to read $Makefile:$!\n";
-open(OUT,">".$n) || die "unable to read $n:$!\n";
+my $version = "unknown";
+my $major = "unknown";
+my $minor = "unknown";
+
+open(IN,'<crypto/opensslv.h') || die "unable to read opensslv.h:$!\n";
+while (<IN>)
+	{
+	$version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /;
+	}
+close(IN);
+
+if ($version =~ /(^[0-9]*)\.([0-9\.]*)/)
+	{
+	$major=$1;
+	$minor=$2;
+	}
+
+open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
+open(OUT,">$Makefile") || die "unable to create $Makefile:$!\n";
+my $sdirs=0;
 while (<IN>)
 	{
 	chop;
+	$sdirs = 1 if /^SDIRS=/;
+	if ($sdirs) {
+		my $dir;
+		foreach $dir (@skip) {
+			s/$dir//;
+			}
+		}
+	$sdirs = 0 unless /\\$/;
+	s/^VERSION=.*/VERSION=$version/;
+	s/^MAJOR=.*/MAJOR=$major/;
+	s/^MINOR=.*/MINOR=$minor/;
+	s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/;
+	s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/;
+	s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/;
+	s/^PLATFORM=.*$/PLATFORM=$target/;
+	s/^OPTIONS=.*$/OPTIONS=$options/;
 	s/^CC=.*$/CC= $cc/;
 	s/^CFLAG=.*$/CFLAG= $cflags/;
+	s/^DEPFLAG=.*$/DEPFLAG= $depflags/;
 	s/^EX_LIBS=.*$/EX_LIBS= $lflags/;
-	s/^BN_MULW=.*$/BN_MULW= $bn_obj/;
+	s/^BN_ASM=.*$/BN_ASM= $bn_obj/;
 	s/^DES_ENC=.*$/DES_ENC= $des_obj/;
 	s/^BF_ENC=.*$/BF_ENC= $bf_obj/;
 	s/^CAST_ENC=.*$/CAST_ENC= $cast_obj/;
@@ -299,16 +563,18 @@ while (<IN>)
 	s/^MD5_ASM_OBJ=.*$/MD5_ASM_OBJ= $md5_obj/;
 	s/^SHA1_ASM_OBJ=.*$/SHA1_ASM_OBJ= $sha1_obj/;
 	s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/;
+	s/^PROCESSOR=.*/PROCESSOR= $processor/;
+	s/^RANLIB=.*/RANLIB= $ranlib/;
+	s/^PERL=.*/PERL= $perl/;
 	print OUT $_."\n";
 	}
 close(IN);
 close(OUT);
-&Rename($Makefile,&file_old($Makefile));
-&Rename($n,$Makefile);
+
 print "CC            =$cc\n";
 print "CFLAG         =$cflags\n";
 print "EX_LIBS       =$lflags\n";
-print "BN_MULW       =$bn_obj\n";
+print "BN_ASM        =$bn_obj\n";
 print "DES_ENC       =$des_obj\n";
 print "BF_ENC        =$bf_obj\n";
 print "CAST_ENC      =$cast_obj\n";
@@ -317,21 +583,26 @@ print "RC5_ENC       =$rc5_obj\n";
 print "MD5_OBJ_ASM   =$md5_obj\n";
 print "SHA1_OBJ_ASM  =$sha1_obj\n";
 print "RMD160_OBJ_ASM=$rmd160_obj\n";
-
-$des_ptr=0;
-$des_risc1=0;
-$des_risc2=0;
-$des_unroll=0;
-$bn_ll=0;
-$def_int=2;
-$rc4_int=$def_int;
-$md2_int=$def_int;
-$idea_int=$def_int;
-$rc2_int=$def_int;
-$rc4_idx=0;
-$bf_ptr=0;
-@type=("char","short","int","long");
-($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0);
+print "PROCESSOR     =$processor\n";
+print "RANLIB        =$ranlib\n";
+print "PERL          =$perl\n";
+
+my $des_ptr=0;
+my $des_risc1=0;
+my $des_risc2=0;
+my $des_unroll=0;
+my $bn_ll=0;
+my $def_int=2;
+my $rc4_int=$def_int;
+my $md2_int=$def_int;
+my $idea_int=$def_int;
+my $rc2_int=$def_int;
+my $rc4_idx=0;
+my $bf_ptr=0;
+my @type=("char","short","int","long");
+my ($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0);
+
+my $des_int;
 
 foreach (sort split(/\s+/,$bn_ops))
 	{
@@ -359,13 +630,18 @@ foreach (sort split(/\s+/,$bn_ops))
 	($b64l,$b64,$b32,$b16,$b8)=(0,0,0,0,1) if /EIGHT_BIT/;
 	}
 
-(($in=$bn) =~ s/\.([^.]+)/.$postfix/);
-$n=&file_new($bn);
-open(IN,"<".$in) || die "unable to read $bn:$!\n";
-open(OUT,">$n") || die "unable to read $n:$!\n";
+open(IN,'<crypto/opensslconf.h.in') || die "unable to read crypto/opensslconf.h.in:$!\n";
+open(OUT,'>crypto/opensslconf.h') || die "unable to create crypto/opensslconf.h:$!\n";
 while (<IN>)
 	{
-	if	(/^#((define)|(undef))\s+SIXTY_FOUR_BIT_LONG/)
+	if	(/^#define\s+OPENSSLDIR/)
+		{ print OUT "#define OPENSSLDIR \"$openssldir\"\n"; }
+	elsif	(/^#define\s+OPENSSL_UNISTD/)
+		{
+		$unistd = "<unistd.h>" if $unistd eq "";
+		print OUT "#define OPENSSL_UNISTD $unistd\n";
+		}
+	elsif	(/^#((define)|(undef))\s+SIXTY_FOUR_BIT_LONG/)
 		{ printf OUT "#%s SIXTY_FOUR_BIT_LONG\n",($b64l)?"define":"undef"; }
 	elsif	(/^#((define)|(undef))\s+SIXTY_FOUR_BIT/)
 		{ printf OUT "#%s SIXTY_FOUR_BIT\n",($b64)?"define":"undef"; }
@@ -377,38 +653,10 @@ while (<IN>)
 		{ printf OUT "#%s EIGHT_BIT\n",($b8)?"define":"undef"; }
 	elsif	(/^#((define)|(undef))\s+BN_LLONG\s*$/)
 		{ printf OUT "#%s BN_LLONG\n",($bn_ll)?"define":"undef"; }
-	else
-		{ print OUT $_; }
-	}
-close(IN);
-close(OUT);
-&Rename($bn,&file_old($bn));
-&Rename($n,$bn);
-
-(($in=$des) =~ s/\.([^.]+)/.$postfix/);
-$n=&file_new($des);
-open(IN,"<".$in) || die "unable to read $des:$!\n";
-open(OUT,">$n") || die "unable to read $n:$!\n";
-while (<IN>)
-	{
-	if	(/^\#define\s+DES_LONG\s+.*/)
+	elsif	(/^\#define\s+DES_LONG\s+.*/)
 		{ printf OUT "#define DES_LONG unsigned %s\n",
 			($des_int)?'int':'long'; }
-	else
-		{ print OUT $_; }
-	}
-close(IN);
-close(OUT);
-&Rename($des,&file_old($des));
-&Rename($n,$des);
-
-(($in=$des_locl) =~ s/\.([^.]+)/.$postfix/);
-$n=&file_new($des_locl);
-open(IN,"<".$in) || die "unable to read $des_locl:$!\n";
-open(OUT,">$n") || die "unable to read $n:$!\n";
-while (<IN>)
-	{
-	if	(/^\#(define|undef)\s+DES_PTR/)
+	elsif	(/^\#(define|undef)\s+DES_PTR/)
 		{ printf OUT "#%s DES_PTR\n",($des_ptr)?'define':'undef'; }
 	elsif	(/^\#(define|undef)\s+DES_RISC1/)
 		{ printf OUT "#%s DES_RISC1\n",($des_risc1)?'define':'undef'; }
@@ -416,113 +664,33 @@ while (<IN>)
 		{ printf OUT "#%s DES_RISC2\n",($des_risc2)?'define':'undef'; }
 	elsif	(/^\#(define|undef)\s+DES_UNROLL/)
 		{ printf OUT "#%s DES_UNROLL\n",($des_unroll)?'define':'undef'; }
-	else
-		{ print OUT $_; }
-	}
-close(IN);
-close(OUT);
-&Rename($des_locl,&file_old($des_locl));
-&Rename($n,$des_locl);
-
-(($in=$rc4) =~ s/\.([^.]+)/.$postfix/);
-$n=&file_new($rc4);
-open(IN,"<".$in) || die "unable to read $rc4:$!\n";
-open(OUT,">$n") || die "unable to read $n:$!\n";
-while (<IN>)
-	{
-	if	(/^#define\s+RC4_INT\s/)
+	elsif	(/^#define\s+RC4_INT\s/)
 		{ printf OUT "#define RC4_INT unsigned %s\n",$type[$rc4_int]; }
-	else
-		{ print OUT $_; }
-	}
-close(IN);
-close(OUT);
-&Rename($rc4,&file_old($rc4));
-&Rename($n,$rc4);
-
-(($in=$rc4_locl) =~ s/\.([^.]+)/.$postfix/);
-$n=&file_new($rc4_locl);
-open(IN,"<".$in) || die "unable to read $rc4_locl:$!\n";
-open(OUT,">$n") || die "unable to read $n:$!\n";
-while (<IN>)
-	{
-	if	(/^#((define)|(undef))\s+RC4_INDEX/)
+	elsif	(/^#((define)|(undef))\s+RC4_INDEX/)
 		{ printf OUT "#%s RC4_INDEX\n",($rc4_idx)?"define":"undef"; }
-	else
-		{ print OUT $_; }
-	}
-close(IN);
-close(OUT);
-&Rename($rc4_locl,&file_old($rc4_locl));
-&Rename($n,$rc4_locl);
-
-(($in=$md2) =~ s/\.([^.]+)/.$postfix/);
-$n=&file_new($md2);
-open(IN,"<".$in) || die "unable to read $bn:$!\n";
-open(OUT,">$n") || die "unable to read $n:$!\n";
-while (<IN>)
-	{
-	if	(/^#define\s+MD2_INT\s/)
+	elsif (/^#(define|undef)\s+I386_ONLY/)
+		{ printf OUT "#%s I386_ONLY\n", ($processor == 386)?
+			"define":"undef"; }
+	elsif	(/^#define\s+MD2_INT\s/)
 		{ printf OUT "#define MD2_INT unsigned %s\n",$type[$md2_int]; }
-	else
-		{ print OUT $_; }
-	}
-close(IN);
-close(OUT);
-&Rename($md2,&file_old($md2));
-&Rename($n,$md2);
-
-(($in=$idea) =~ s/\.([^.]+)/.$postfix/);
-$n=&file_new($idea);
-open(IN,"<".$in) || die "unable to read $idea:$!\n";
-open(OUT,">$n") || die "unable to read $n:$!\n";
-while (<IN>)
-	{
-	if	(/^#define\s+IDEA_INT\s/)
+	elsif	(/^#define\s+IDEA_INT\s/)
 		{printf OUT "#define IDEA_INT unsigned %s\n",$type[$idea_int];}
-	else
-		{ print OUT $_; }
-	}
-close(IN);
-close(OUT);
-&Rename($idea,&file_old($idea));
-&Rename($n,$idea);
-
-(($in=$rc2) =~ s/\.([^.]+)/.$postfix/);
-$n=&file_new($rc2);
-open(IN,"<".$in) || die "unable to read $rc2:$!\n";
-open(OUT,">$n") || die "unable to read $n:$!\n";
-while (<IN>)
-	{
-	if	(/^#define\s+RC2_INT\s/)
+	elsif	(/^#define\s+RC2_INT\s/)
 		{printf OUT "#define RC2_INT unsigned %s\n",$type[$rc2_int];}
-	else
-		{ print OUT $_; }
-	}
-close(IN);
-close(OUT);
-&Rename($rc2,&file_old($rc2));
-&Rename($n,$rc2);
-
-(($in=$bf) =~ s/\.([^.]+)/.$postfix/);
-$n=&file_new($bf);
-open(IN,"<".$in) || die "unable to read $bf:$!\n";
-open(OUT,">$n") || die "unable to read $n:$!\n";
-while (<IN>)
-	{
-	if (/^#(define|undef)\s+BF_PTR/)
+	elsif (/^#(define|undef)\s+BF_PTR/)
 		{
 		printf OUT "#undef BF_PTR\n" if $bf_ptr == 0;
 		printf OUT "#define BF_PTR\n" if $bf_ptr == 1;
 		printf OUT "#define BF_PTR2\n" if $bf_ptr == 2;
-		}
+	        }
 	else
 		{ print OUT $_; }
 	}
 close(IN);
 close(OUT);
-&Rename($bf,&file_old($bf));
-&Rename($n,$bf);
+
+
+# Fix the date
 
 print "SIXTY_FOUR_BIT_LONG mode\n" if $b64l;
 print "SIXTY_FOUR_BIT mode\n" if $b64;
@@ -542,30 +710,160 @@ print "IDEA uses u$type[$idea_int]\n" if $idea_int != $def_int;
 print "RC2 uses u$type[$rc2_int]\n" if $rc2_int != $def_int;
 print "BF_PTR used\n" if $bf_ptr == 1; 
 print "BF_PTR2 used\n" if $bf_ptr == 2; 
+
+if($IsWindows) {
+	open (OUT,">crypto/buildinf.h") || die "Can't open buildinf.h";
+	printf OUT <<EOF;
+#ifndef MK1MF_BUILD
+  /* auto-generated by Configure for crypto/cversion.c:
+   * for Unix builds, crypto/Makefile.ssl generates functional definitions;
+   * Windows builds (and other mk1mf builds) compile cversion.c with
+   * -DMK1MF_BUILD and use definitions added to this file by util/mk1mf.pl. */
+  #error "Windows builds (PLATFORM=$target) use mk1mf.pl-created Makefiles"
+#endif
+EOF
+	close(OUT);
+
+	system "perl crypto/objects/obj_dat.pl <crypto\\objects\\objects.h >crypto\\objects\\obj_dat.h";
+} else {
+	(system "make -f Makefile.ssl PERL=\'$perl\' links") == 0 or exit $?;
+	### (system 'make depend') == 0 or exit $? if $depflags ne "";
+	# Run "make depend" manually if you want to be able to delete
+	# the source code files of ciphers you left out.
+	&dofile("tools/c_rehash",$openssldir,'^DIR=',	'DIR=%s',);
+	if ( $perl =~ m@^/@) {
+	    &dofile("apps/der_chop",$perl,'^#!/', '#!%s');
+	} else {
+	    # No path for Perl known ...
+	    &dofile("apps/der_chop",'/usr/local/bin/perl','^#!/', '#!%s');
+	}	    
+}
+
+my $pwd;
+
+if($IsWindows) {
+	$pwd="(current directory)";
+} else {
+	$pwd =`pwd`;
+	chop($pwd);
+}
+print <<EOF;
+
+NOTE: The OpenSSL header files have been moved from include/*.h
+to include/openssl/*.h.  To include OpenSSL header files, now
+directives of the form
+     #include <openssl/foo.h>
+should be used instead of #include <foo.h>.
+These new file locations allow installing the OpenSSL header
+files in /usr/local/include/openssl/ and should help avoid
+conflicts with other libraries.
+
+To compile programs that use the old form <foo.h>,
+usually an additional compiler option will suffice: E.g., add
+     -I$prefix/include/openssl
+or
+     -I$pwd/include/openssl
+to the CFLAGS in the Makefile of the program that you want to compile
+(and leave all the original -I...'s in place!).
+
+Please make sure that no old OpenSSL header files are around:
+The include directory should now be empty except for the openssl
+subdirectory.
+
+EOF
+
+print <<\EOF if (!$no_threads && !$threads);
+
+The library could not be configured for supporting multi-threaded
+applications as the compiler options required on this system are not known.
+See file INSTALL for details if you need multi-threading.
+
+EOF
+
 exit(0);
 
-sub bad_target
+sub usage
 	{
-	print STDERR "Usage: Configure [-Dxxx] [-Lxxx] [-lxxx] os/compiler\n";
+	print STDERR $usage;
 	print STDERR "pick os/compiler from:";
-	$j=0;
+	my $j=0;
+	my $i;
+	foreach $i (sort keys %table)
+		{
+		next if $i =~ /^debug/;
+		print STDERR "\n" if ($j++ % 4) == 0;
+		printf(STDERR "%-18s ",$i);
+		}
 	foreach $i (sort keys %table)
 		{
-		next if /^b-/;
+		next if $i !~ /^debug/;
 		print STDERR "\n" if ($j++ % 4) == 0;
 		printf(STDERR "%-18s ",$i);
 		}
 	print STDERR "\n";
+	exit(1);
 	}
 
-sub Rename
+sub which
 	{
-	local($from,$to)=@_;
+	my($name)=@_;
+	my $path;
+	foreach $path (split /:/, $ENV{PATH})
+		{
+		if (-f "$path/$name" and -x _)
+			{
+			return "$path/$name" unless ($name eq "perl" and
+			 system("$path/$name -e " . '\'exit($]<5.0);\''));
+			}
+		}
+	}
+
+sub dofile
+	{
+	my $f; my $p; my %m; my @a; my $k; my $ff;
+	($f,$p,%m)=@_;
 
-	unlink($to);
-#	rename($from,$to) || die "unable to rename $from to $to:$!\n";
-	rename($from,$to) # Don't care if it fails..
+	open(IN,"<$f.in") || open(IN,"<$f") || die "unable to open $f:$!\n";
+	@a=<IN>;
+	close(IN);
+	foreach $k (keys %m)
+		{
+		grep(/$k/ && ($_=sprintf($m{$k}."\n",$p)),@a);
+		}
+	($ff=$f) =~ s/\..*$//;
+	open(OUT,">$ff.new") || die "unable to open $f:$!\n";
+	print OUT @a;
+	close(OUT);
+	rename($f,"$ff.bak") || die "unable to rename $f\n" if -e $f;
+	rename("$ff.new",$f) || die "unable to rename $ff.new\n";
 	}
 
-sub file_new { local($a)=@_; $a =~ s/(\.[^.]+$|$)/.new/; $a; }
-sub file_old { local($a)=@_; $a =~ s/(\.[^.]+$|$)/.old/; $a; }
+sub print_table_entry
+	{
+	my $target = shift;
+
+	(my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,
+	my $bn_obj,my $des_obj,my $bf_obj,
+	$md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj)=
+	split(/\s*:\s*/,$table{$target} . ":" x 20 , -1);
+			
+	print <<EOF
+
+*** $target
+\$cc           = $cc
+\$cflags       = $cflags
+\$unistd       = $unistd
+\$thread_cflag = $thread_cflag
+\$lflags       = $lflags
+\$bn_ops       = $bn_ops
+\$bn_obj       = $bn_obj
+\$des_obj      = $des_obj
+\$bf_obj       = $bf_obj
+\$md5_obj      = $md5_obj
+\$sha1_obj     = $sha1_obj
+\$cast_obj     = $cast_obj
+\$rc4_obj      = $rc4_obj
+\$rmd160_obj   = $rmd160_obj
+\$rc5_obj      = $rc5_obj
+EOF
+	}
diff --git a/lib/libssl/src/HISTORY b/lib/libssl/src/HISTORY
deleted file mode 100644
index 77121000386..00000000000
--- a/lib/libssl/src/HISTORY
+++ /dev/null
@@ -1,316 +0,0 @@
-16-Mar-98
-	- Patch for Cray T90 from Wayne Schroeder <schroede@SDSC.EDU>
-	- Lots and lots of changes
-
-29-Jan-98
-	- ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from
-	  Goetz Babin-Ebell <babinebell@trustcenter.de>.
-	- SSL_version() now returns SSL2_VERSION, SSL3_VERSION or
-	  TLS1_VERSION.
-
-7-Jan-98
-	- Finally reworked the cipher string to ciphers again, so it
-	  works correctly
-	- All the app_data stuff is now ex_data with funcion calls to access.
-	  The index is supplied by a function and 'methods' can be setup
-	  for the types that are called on XXX_new/XXX_free.  This lets
-	  applications get notified on creation and destruction.  Some of
-	  the RSA methods could be implemented this way and I may do so.
-	- Oh yes, SSL under perl5 is working at the basic level.
-
-15-Dec-97
-	- Warning - the gethostbyname cache is not fully thread safe,
-	  but it should work well enough.
-	- Major internal reworking of the app_data stuff.  More functions
-	  but if you were accessing ->app_data directly, things will
-	  stop working.
-	- The perlv5 stuff is working.  Currently on message digests,
-	  ciphers and the bignum library.
-
-9-Dec-97
-	- Modified re-negotiation so that server initated re-neg
-	  will cause a SSL_read() to return -1 should retry.
-	  The danger otherwise was that the server and the
-	  client could end up both trying to read when using non-blocking
-	  sockets.
-
-4-Dec-97
-	- Lots of small changes
-	- Fix for binaray mode in Windows for the FILE BIO, thanks to
-	  Bob Denny <rdenny@dc3.com>
-
-17-Nov-97
-	- Quite a few internal cleanups, (removal of errno, and using macros
-	  defined in e_os.h).
-	- A bug in ca.c, pointed out by yasuyuki-ito@d-cruise.co.jp, where
-	  the automactic naming out output files was being stuffed up.
-
-29-Oct-97
-	- The Cast5 cipher has been added.  MD5 and SHA-1 are now in assember
-	  for x86.
-
-21-Oct-97
-	- Fixed a bug in the BIO_gethostbyname() cache.
-
-15-Oct-97
-	- cbc mode for blowfish/des/3des is now in assember.  Blowfish asm
-	  has also been improved.  At this point in time, on the pentium,
-	  md5 is %80 faster, the unoptimesed sha-1 is %79 faster,
-	  des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc
-	  is %62 faster.
-
-12-Oct-97
-	- MEM_BUF_grow() has been fixed so that it always sets the buf->length
-	  to the value we are 'growing' to.  Think of MEM_BUF_grow() as the
-	  way to set the length value correctly.
-
-10-Oct-97
-	- I now hash for certificate lookup on the raw DER encoded RDN (md5).
-	  This breaks things again :-(.  This is efficent since I cache
-	  the DER encoding of the RDN.
-	- The text DN now puts in the numeric OID instead of UNKNOWN.
-	- req can now process arbitary OIDs in the config file.
-	- I've been implementing md5 in x86 asm, much faster :-).
-	- Started sha1 in x86 asm, needs more work.
-	- Quite a few speedups in the BN stuff.  RSA public operation
-	  has been made faster by caching the BN_MONT_CTX structure.
-	  The calulating of the Ai where A*Ai === 1 mod m was rather
-	  expensive.  Basically a 40-50% speedup on public operations.
-	  The RSA speedup is now 15% on pentiums and %20 on pentium
-	  pro.
-
-30-Sep-97
-	- After doing some profiling, I added x86 adm for bn_add_words(),
-	  which just adds 2 arrays of longs together.  A %10 speedup
-	  for 512 and 1024 bit RSA on the pentium pro.
-
-29-Sep-97
-	- Converted the x86 bignum assembler to us the perl scripts
-	  for generation.
-
-23-Sep-97
-	- If SSL_set_session() is passed a NULL session, it now clears the
-	  current session-id.
-
-22-Sep-97
-	- Added a '-ss_cert file' to apps/ca.c.  This will sign selfsigned
-	  certificates.
-	- Bug in crypto/evp/encode.c where by decoding of 65 base64
-	  encoded lines, one line at a time (via a memory BIO) would report
-	  EOF after the first line was decoded.
-	- Fix in X509_find_by_issuer_and_serial() from
-	  Dr Stephen Henson <shenson@bigfoot.com>
-
-19-Sep-97
-	- NO_FP_API and NO_STDIO added.
-	- Put in sh config command.  It auto runs Configure with the correct
-	  parameters.
-
-18-Sep-97
-	- Fix x509.c so if a DSA cert has different parameters to its parent,
-	  they are left in place.  Not tested yet.
-
-16-Sep-97
-	- ssl_create_cipher_list() had some bugs, fixes from
-	  Patrick Eisenacher <eisenach@stud.uni-frankfurt.de>
-	- Fixed a bug in the Base64 BIO, where it would return 1 instead
-	  of -1 when end of input was encountered but should retry.
-	  Basically a Base64/Memory BIO interaction problem.
-	- Added a HMAC set of functions in preporarion for TLS work.
-
-15-Sep-97
-	- Top level makefile tweak - Cameron Simpson <cs@zip.com.au>
-	- Prime generation spead up %25 (512 bit prime, pentium pro linux)
-	  by using montgomery multiplication in the prime number test.
-
-11-Sep-97
-	- Ugly bug in ssl3_write_bytes().  Basically if application land
-	  does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code
-	  did not check the size and tried to copy the entire buffer.
-	  This would tend to cause memory overwrites since SSLv3 has
-	  a maximum packet size of 16k.  If your program uses
-	  buffers <= 16k, you would probably never see this problem.
-	- Fixed a new errors that were cause by malloc() not returning
-	  0 initialised memory..
-	- SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using
-	  SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing
-	  since this flags stops SSLeay being able to handle client
-	  cert requests correctly.
-
-08-Sep-97
-	- SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added.  When switched
-	  on, the SSL server routines will not use a SSL_SESSION that is
-	  held in it's cache.  This in intended to be used with the session-id
-	  callbacks so that while the session-ids are still stored in the
-	  cache, the decision to use them and how to look them up can be
-	  done by the callbacks.  The are the 'new', 'get' and 'remove'
-	  callbacks.  This can be used to determine the session-id
-	  to use depending on information like which port/host the connection
-	  is coming from.  Since the are also SSL_SESSION_set_app_data() and
-	  SSL_SESSION_get_app_data() functions, the application can hold
-	  information against the session-id as well.
-
-03-Sep-97
-	- Added lookup of CRLs to the by_dir method,
-	  X509_load_crl_file() also added.  Basically it means you can
-	  lookup CRLs via the same system used to lookup certificates.
-	- Changed things so that the X509_NAME structure can contain
-	  ASN.1 BIT_STRINGS which is required for the unique
-	  identifier OID.
-	- Fixed some problems with the auto flushing of the session-id
-	  cache.  It was not occuring on the server side.
-
-02-Sep-97
-	- Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size)
-	  which is the maximum number of entries allowed in the
-	  session-id cache.  This is enforced with a simple FIFO list.
-	  The default size is 20*1024 entries which is rather large :-).
-	  The Timeout code is still always operating.
-
-01-Sep-97
-	- Added an argument to all the 'generate private key/prime`
-	  callbacks.  It is the last parameter so this should not
-	  break existing code but it is needed for C++.
-	- Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64()
-	  BIO.  This lets the BIO read and write base64 encoded data
-	  without inserting or looking for '\n' characters.  The '-A'
-	  flag turns this on when using apps/enc.c.
-	- RSA_NO_PADDING added to help BSAFE functionality.  This is a
-	  very dangerous thing to use, since RSA private key
-	  operations without random padding bytes (as PKCS#1 adds) can
-	  be attacked such that the private key can be revealed.
-	- ASN.1 bug and rc2-40-cbc and rc4-40 added by
-	  Dr Stephen Henson <shenson@bigfoot.com>
-
-31-Aug-97 (stuff added while I was away)	
-	- Linux pthreads by Tim Hudson (tjh@cryptsoft.com).
-	- RSA_flags() added allowing bypass of pub/priv match check
-	  in ssl/ssl_rsa.c - Tim Hudson.
-	- A few minor bugs.
-
-SSLeay 0.8.1 released.
-
-19-Jul-97
-	- Server side initated dynamic renegotiation is broken.  I will fix
-	  it when I get back from holidays.
-
-15-Jul-97
-	- Quite a few small changes.
-	- INVALID_SOCKET usage cleanups from Alex Kiernan <alex@hisoft.co.uk>
-
-09-Jul-97
-	- Added 2 new values to the SSL info callback.
-	  SSL_CB_START which is passed when the SSL protocol is started
-	  and SSL_CB_DONE when it has finished sucsessfully.
-
-08-Jul-97
-	- Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c
-	  that related to DSA public/private keys.
-	- Added all the relevent PEM and normal IO functions to support
-	  reading and writing RSAPublic keys.
-	- Changed makefiles to use ${AR} instead of 'ar r'
-
-07-Jul-97
-	- Error in ERR_remove_state() that would leave a dangling reference
-	  to a free()ed location - thanks to Alex Kiernan <alex@hisoft.co.uk>
-	- s_client now prints the X509_NAMEs passed from the server
-	  when requesting a client cert.
-	- Added a ssl->type, which is one of SSL_ST_CONNECT or
-	  SSL_ST_ACCEPT.  I had to add it so I could tell if I was
-	  a connect or an accept after the handshake had finished.
-	- SSL_get_client_CA_list(SSL *s) now returns the CA names
-	  passed by the server if called by a client side SSL.
-
-05-Jul-97
-	- Bug in X509_NAME_get_text_by_OBJ(), looking starting at index
-	  0, not -1 :-(  Fix from Tim Hudson (tjh@cryptsoft.com).
-
-04-Jul-97
-	- Fixed some things in X509_NAME_add_entry(), thanks to
-	  Matthew Donald <matthew@world.net>.
-	- I had a look at the cipher section and though that it was a
-	  bit confused, so I've changed it.
-	- I was not setting up the RC4-64-MD5 cipher correctly.  It is
-	  a MS special that appears in exported MS Money.
-	- Error in all my DH ciphers.  Section 7.6.7.3 of the SSLv3
-	  spec.  I was missing the two byte length header for the
-	  ClientDiffieHellmanPublic value.  This is a packet sent from
-	  the client to the server.  The SSL_OP_SSLEAY_080_CLIENT_DH_BUG
-	  option will enable SSLeay server side SSLv3 accept either
-	  the correct or my 080 packet format.
-	- Fixed a few typos in crypto/pem.org.
-
-02-Jul-97
-	- Alias mapping for EVP_get_(digest|cipher)byname is now
-	  performed before a lookup for actual cipher.  This means
-	  that an alias can be used to 're-direct' a cipher or a
-	  digest.
-	- ASN1_read_bio() had a bug that only showed up when using a
-	  memory BIO.  When EOF is reached in the memory BIO, it is
-	  reported as a -1 with BIO_should_retry() set to true.
-
-01-Jul-97
-	- Fixed an error in X509_verify_cert() caused by my
-	  miss-understanding how 'do { contine } while(0);' works.
-	  Thanks to Emil Sit <sit@mit.edu> for educating me :-)
-
-30-Jun-97
-	- Base64 decoding error.  If the last data line did not end with
-	  a '=', sometimes extra data would be returned.
-	- Another 'cut and paste' bug in x509.c related to setting up the
-	  STDout BIO.
-
-27-Jun-97
-	- apps/ciphers.c was not printing due to an editing error.
-	- Alex Kiernan <alex@hisoft.co.uk> send in a nice fix for
-	  a library build error in util/mk1mf.pl
-
-26-Jun-97
-	- Still did not have the auto 'experimental' code removal
-	  script correct.
-	- A few header tweaks for Watcom 11.0 under Win32 from
-	  Rolf Lindemann <Lindemann@maz-hh.de>
-	- 0 length OCTET_STRING bug in asn1_parse
-	- A minor fix with an non-existent function in the MS .def files.
-	- A few changes to the PKCS7 stuff.
-
-25-Jun-97
-	SSLeay 0.8.0 finally it gets released.
-
-24-Jun-97
-	Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to
-	use a temporary RSA key.  This is experimental and needs some more work.
-	Fixed a few Win16 build problems.
-
-23-Jun-97
-	SSLv3 bug. I was not doing the 'lookup' of the CERT structure
-	correctly. I was taking the SSL->ctx->default_cert when I should
-	have been using SSL->cert. The bug was in ssl/s3_srvr.c
-
-20-Jun-97
-	X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the
-	rest of the library. Even though I had the code required to do
-	it correctly, apps/req.c was doing the wrong thing.  I have fixed
-	and tested everything.
-
-	Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c.
-
-19-Jun-97
-	Fixed a bug in the SSLv2 server side first packet handling. When
-	using the non-blocking test BIO, the ssl->s2->first_packet flag
-	was being reset when a would-block failure occurred when reading
-	the first 5 bytes of the first packet. This caused the checking
-	logic to run at the wrong time and cause an error.
-
-	Fixed a problem with specifying cipher. If RC4-MD5 were used,
-	only the SSLv3 version would be picked up.  Now this will pick
-	up both SSLv2 and SSLv3 versions. This required changing the
-	SSL_CIPHER->mask values so that they only mask the ciphers,
-	digests, authentication, export type and key-exchange algorithms.
-
-	I found that when a SSLv23 session is established, a reused
-	session, of type SSLv3 was attempting to write the SSLv2 
-	ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char 
-	method has been modified so it will only write out cipher which
-	that method knows about.  
-
diff --git a/lib/libssl/src/INSTALL b/lib/libssl/src/INSTALL
index d394bf8a7b9..6066fddc4a1 100644
--- a/lib/libssl/src/INSTALL
+++ b/lib/libssl/src/INSTALL
@@ -1,6 +1,260 @@
-# Installation of SSLeay.
-# It depends on perl for a few bits but those steps can be skipped and
-# the top level makefile edited by hand
+
+ INSTALLATION ON THE UNIX PLATFORM
+ ---------------------------------
+
+ [See INSTALL.W32 for instructions for compiling OpenSSL on Windows systems,
+  and INSTALL.VMS for installing on OpenVMS systems.]
+
+ To install OpenSSL, you will need:
+
+  * Perl 5
+  * an ANSI C compiler
+  * a supported Unix operating system
+
+ Quick Start
+ -----------
+
+ If you want to just get on with it, do:
+
+  $ ./config
+  $ make
+  $ make test
+  $ make install
+
+ [If any of these steps fails, see section Installation in Detail below.]
+
+ This will build and install OpenSSL in the default location, which is (for
+ historical reasons) /usr/local/ssl. If you want to install it anywhere else,
+ run config like this:
+
+  $ ./config --prefix=/usr/local --openssldir=/usr/local/openssl
+
+
+ Configuration Options
+ ---------------------
+
+ There are several options to ./config to customize the build:
+
+  --prefix=DIR  Install in DIR/bin, DIR/lib, DIR/include/openssl.
+	        Configuration files used by OpenSSL will be in DIR/ssl
+                or the directory specified by --openssldir.
+
+  --openssldir=DIR Directory for OpenSSL files. If no prefix is specified,
+                the library files and binaries are also installed there.
+
+  rsaref        Build with RSADSI's RSAREF toolkit (this assumes that
+                librsaref.a is in the library search path).
+
+  no-threads    Don't try to build with support for multi-threaded
+                applications.
+
+  threads       Build with support for multi-threaded applications.
+                This will usually require additional system-dependent options!
+                See "Note on multi-threading" below.
+
+  no-asm        Do not use assembler code.
+
+  386           Use the 80386 instruction set only (the default x86 code is
+                more efficient, but requires at least a 486).
+
+  no-<cipher>   Build without the specified cipher (bf, cast, des, dh, dsa,
+                hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha).
+                The crypto/<cipher> directory can be removed after running
+                "make depend".
+
+  -Dxxx, -lxxx, -Lxxx, -fxxx, -Kxxx These system specific options will
+                be passed through to the compiler to allow you to
+                define preprocessor symbols, specify additional libraries,
+                library directories or other compiler options.
+
+
+ Installation in Detail
+ ----------------------
+
+ 1a. Configure OpenSSL for your operation system automatically:
+
+       $ ./config [options]
+
+     This guesses at your operating system (and compiler, if necessary) and
+     configures OpenSSL based on this guess. Run ./config -t to see
+     if it guessed correctly. If it did not get it correct or you want to
+     use a different compiler then go to step 1b. Otherwise go to step 2.
+
+     On some systems, you can include debugging information as follows:
+
+       $ ./config -d [options]
+
+ 1b. Configure OpenSSL for your operating system manually
+
+     OpenSSL knows about a range of different operating system, hardware and
+     compiler combinations. To see the ones it knows about, run
+
+       $ ./Configure
+
+     Pick a suitable name from the list that matches your system. For most
+     operating systems there is a choice between using "cc" or "gcc".  When
+     you have identified your system (and if necessary compiler) use this name
+     as the argument to ./Configure. For example, a "linux-elf" user would
+     run:
+
+       $ ./Configure linux-elf [options]
+
+     If your system is not available, you will have to edit the Configure
+     program and add the correct configuration for your system. The
+     generic configurations "cc" or "gcc" should usually work.
+
+     Configure creates the file Makefile.ssl from Makefile.org and
+     defines various macros in crypto/opensslconf.h (generated from
+     crypto/opensslconf.h.in).
+
+  2. Build OpenSSL by running:
+
+       $ make
+
+     This will build the OpenSSL libraries (libcrypto.a and libssl.a) and the
+     OpenSSL binary ("openssl"). The libraries will be built in the top-level
+     directory, and the binary will be in the "apps" directory.
+
+     If "make" fails, please report the problem to <openssl-bugs@openssl.org>.
+     Include the output of "./config -t" and the OpenSSL version
+     number in your message.
+
+     [If you encounter assembler error messages, try the "no-asm"
+     configuration option as an immediate fix.  Note that on Solaris x86
+     (not on Sparcs!) you may have to install the GNU assembler to use
+     OpenSSL assembler code -- /usr/ccs/bin/as won't do.]
+
+     Compiling parts of OpenSSL with gcc and others with the system
+     compiler will result in unresolved symbols on some systems.
+
+  3. After a successful build, the libraries should be tested. Run:
+
+       $ make test
+
+    If a test fails, try removing any compiler optimization flags from
+    the CFLAGS line in Makefile.ssl and run "make clean; make". Please
+    send a bug report to <openssl-bugs@openssl.org>, including the
+    output of "openssl version -a" and of the failed test.
+
+  4. If everything tests ok, install OpenSSL with
+
+       $ make install
+
+     This will create the installation directory (if it does not exist) and
+     then the following subdirectories:
+
+       certs           Initially empty, this is the default location
+                       for certificate files.
+       misc            Various scripts.
+       private         Initially empty, this is the default location
+                       for private key files.
+
+     If you didn't chose a different installation prefix, the
+     following additional subdirectories will be created:
+
+       bin             Contains the openssl binary and a few other 
+                       utility programs. 
+       include/openssl Contains the header files needed if you want to
+                       compile programs with libcrypto or libssl.
+       lib             Contains the OpenSSL library files themselves.
+
+     Package builders who want to configure the library for standard
+     locations, but have the package installed somewhere else so that
+     it can easily be packaged, can use
+
+       $ make INSTALL_PREFIX=/tmp/package-root install
+
+     (or specify "--install_prefix=/tmp/package-root" as a configure
+     option).  The specified prefix will be prepended to all
+     installation target filenames.
+
+
+  NOTE: The header files used to reside directly in the include
+  directory, but have now been moved to include/openssl so that
+  OpenSSL can co-exist with other libraries which use some of the
+  same filenames.  This means that applications that use OpenSSL
+  should now use C preprocessor directives of the form
+
+       #include <openssl/ssl.h>
+
+  instead of "#include <ssl.h>", which was used with library versions
+  up to OpenSSL 0.9.2b.
+
+  If you install a new version of OpenSSL over an old library version,
+  you should delete the old header files in the include directory.
+
+  Compatibility issues:
+
+  *  COMPILING existing applications
+
+     To compile an application that uses old filenames -- e.g.
+     "#include <ssl.h>" --, it will usually be enough to find
+     the CFLAGS definition in the application's Makefile and
+     add a C option such as
+
+          -I/usr/local/ssl/include/openssl
+
+     to it.
+
+     But don't delete the existing -I option that points to
+     the ..../include directory!  Otherwise, OpenSSL header files
+     could not #include each other.
+
+  *  WRITING applications
+
+     To write an application that is able to handle both the new
+     and the old directory layout, so that it can still be compiled
+     with library versions up to OpenSSL 0.9.2b without bothering
+     the user, you can proceed as follows:
+
+     -  Always use the new filename of OpenSSL header files,
+        e.g. #include <openssl/ssl.h>.
+
+     -  Create a directory "incl" that contains only a symbolic
+        link named "openssl", which points to the "include" directory
+        of OpenSSL.
+        For example, your application's Makefile might contain the
+        following rule, if OPENSSLDIR is a pathname (absolute or
+        relative) of the directory where OpenSSL resides:
+
+        incl/openssl:
+        	-mkdir incl
+        	cd $(OPENSSLDIR) # Check whether the directory really exists
+        	-ln -s `cd $(OPENSSLDIR); pwd`/include incl/openssl
+
+        You will have to add "incl/openssl" to the dependencies
+        of those C files that include some OpenSSL header file.
+
+     -  Add "-Iincl" to your CFLAGS.
+
+     With these additions, the OpenSSL header files will be available
+     under both name variants if an old library version is used:
+     Your application can reach them under names like <openssl/foo.h>,
+     while the header files still are able to #include each other
+     with names of the form <foo.h>.
+
+
+ Note on multi-threading
+ -----------------------
+
+ For some systems, the OpenSSL Configure script knows what compiler options
+ are needed to generate a library that is suitable for multi-threaded
+ applications.  On these systems, support for multi-threading is enabled
+ by default; use the "no-threads" option to disable (this should never be
+ necessary).
+
+ On other systems, to enable support for multi-threading, you will have
+ to specify at least two options: "threads", and a system-dependent option.
+ (The latter is "-D_REENTRANT" on various systems.)  The default in this
+ case, obviously, is not to include support for multi-threading (but
+ you can still use "no-threads" to suppress an annoying warning message
+ from the Configure script.)
+
+
+--------------------------------------------------------------------------------
+The orignal Unix build instructions from SSLeay follow. 
+Note: some of this may be out of date and no longer applicable
+--------------------------------------------------------------------------------
 
 # When bringing the SSLeay distribution back from the evil intel world
 # of Windows NT, do the following to make it nice again under unix :-)
@@ -126,3 +380,8 @@ The examples for solaris and windows NT/95 are in the mt directory.
 have fun
 
 eric 25-Jun-1997
+
+IRIX 5.x will build as a 32 bit system with mips1 assember.
+IRIX 6.x will build as a 64 bit system with mips3 assember.  It conforms
+to n32 standards. In theory you can compile the 64 bit assember under
+IRIX 5.x but you will have to have the correct system software installed.
diff --git a/lib/libssl/src/INSTALL.VMS b/lib/libssl/src/INSTALL.VMS
new file mode 100644
index 00000000000..4c01560d3d6
--- /dev/null
+++ b/lib/libssl/src/INSTALL.VMS
@@ -0,0 +1,245 @@
+			VMS Installation instructions
+			written by Richard Levitte
+			<richard@levitte.org>
+
+
+Intro:
+======
+
+This file is divided in the following parts:
+
+  Compilation			- Mandatory reading.
+  Test				- Mandatory reading.
+  Installation			- Mandatory reading.
+  Backward portability		- Read if it's an issue.
+  Possible bugs or quirks	- A few warnings on things that
+				  may go wrong or may surprise you.
+  Report			- How to get in touch with me.
+
+Compilation:
+============
+
+I've used the very good command procedures written by Robert Byer
+<byer@mail.all-net.net>, and just slightly modified them, making
+them slightly more general and easier to maintain.
+
+You can actually compile in almost any directory separately.  Look
+for a command procedure name xxx-LIB.COM (in the library directories)
+or MAKExxx.COM (in the program directories) and read the comments at
+the top to understand how to use them.  However, if you want to
+compile all you can get, the simplest is to use MAKEVMS.COM in the top
+directory.  The syntax is trhe following:
+
+  @MAKEVMS <option> <rsaref-p> <debug-p> [<compiler>]
+
+<option> must be one of the following:
+
+      ALL       Just build "everything".
+      DATE      Just build the "[.INCLUDE]DATE.H" file.
+      SOFTLINKS Just copies some files, to simulate Unix soft links.
+      RSAREF    Just build the "[.xxx.EXE.RSAREF]LIBRSAGLUE.OLB" library.
+      CRYPTO    Just build the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" library.
+      SSL       Just build the "[.xxx.EXE.SSL]LIBSSL.OLB" library.
+      SSL_TASK  Just build the "[.xxx.EXE.SSL]SSL_TASK.EXE" program.
+      TEST      Just build the "test" programs for OpenSSL.
+      APPS      Just build the "application" programs for OpenSSL.
+
+<rsaref-p> must be one of the following:
+
+      RSAREF    compile using the RSAREF Library
+      NORSAREF  compile without using RSAREF
+
+Note: The RSAREF libraries are NOT INCLUDED and you have to
+      download it from "ftp://ftp.rsa.com/rsaref".  You have to
+      get the ".tar-Z" file as the ".zip" file dosen't have the
+      directory structure stored.  You have to extract the file
+      into the [.RSAREF] directory as that is where the scripts
+      will look for the files.
+
+Note 2: I have never done this, so I've no idea if it works or not.
+
+<debug-p> must be one of the following:
+
+      DEBUG     compile with debugging info (will not optimize)
+      NODEBUG   compile without debugging info (will optimize)
+
+<compiler> must be one of the following:
+
+      VAXC      For VAX C.
+      DECC      For DEC C.
+      GNUC      For GNU C.
+
+
+You will find the crypto library in [.xxx.EXE.CRYPTO], called LIBCRYPTO.OLB,
+where xxx is VAX or AXP.  You will find the SSL library in [.xxx.EXE.SSL],
+named LIBSSL.OLB, and you will find a bunch of useful programs in
+[.xxx.EXE.APPS].  However, these shouldn't be used right off unless it's
+just to test them.  For production use, make sure you install first, see
+Installation below.
+
+Note: Some programs in this package require a TCP/IP library.
+
+Note 2: if you want to compile the crypto library only, please make sure
+        you have at least done a @MAKEVMS DATE and a @MAKEVMS SOFTLINKS.
+        A lot of things will break if you don't.
+
+Note 3: Alpha users will get a number of informational messages when
+        compiling the [.asm]vms.mar file in the BN (bignum) part of
+        the crypto library.  These can be safely ignored.
+
+Test:
+=====
+
+Testing is very simple, just do the following:
+
+  @[.TEST]TESTS
+
+If a test fails, try with defining the logical name OPENSSL_NO_ASM (yes,
+it's an ugly hack!) and rebuild. Please send a bug report to
+<openssl-bugs@openssl.org>, including the output of "openssl version -a"
+and of the failed test.
+
+Installation:
+=============
+
+Installation is easy, just do the following:
+
+  @INSTALL <root>
+
+<root> is the directory in which everything will be installed,
+subdirectories, libraries, header files, programs and startup command
+procedures.
+
+N.B.: INSTALL.COM builds a new directory structure, different from
+the directory tree where you have now build OpenSSL.
+
+In the [.VMS] subdirectory of the installation, you will find the
+following command procedures:
+
+  OPENSSL_STARTUP.COM
+
+        defines all needed logical names.  Takes one argument that
+        tells it in what logical name table to insert the logical
+        names.  If you insert if it SYS$MANAGER:SYSTARTUP_VMS.COM, the
+        call should look like this: 
+
+          @openssldev:[openssldir.VMS]OPENSSL_STARTUP "/SYSTEM"
+
+  OPENSSL_UTILS.COM
+
+        sets up the symbols to the applications.  Should be called
+        from for example SYS$MANAGER:SYLOGIN.COM 
+
+The logical names that are set up are the following:
+
+  SSLROOT       a dotted concealed logical name pointing at the
+                root directory.
+
+  SSLCERTS      Initially an empty directory, this is the default
+		location for certificate files.
+  SSLMISC	Various scripts.
+  SSLPRIVATE	Initially an empty directory, this is the default
+		location for private key files.
+
+  SSLEXE        Contains the openssl binary and a few other utility
+		programs.
+  SSLINCLUDE    Contains the header files needed if you want to
+		compile programs with libcrypto or libssl.
+  SSLLIB        Contains the OpenSSL library files (LIBCRYPTO.OLB
+		and LIBSSL.OLB) themselves.
+
+  OPENSSL	Same as SSLINCLUDE.  This is because the standard
+		way to include OpenSSL header files from version
+		0.9.3 and on is:
+
+			#include <openssl/header.h>
+
+		For more info on this issue, see the INSTALL. file
+		(the NOTE in section 4 of "Installation in Detail").
+		You don't need to "deleting old header files"!!!
+
+Backward portability:
+=====================
+
+One great problem when you build a library is making sure it will work
+on as many versions of VMS as possible.  Especially, code compiled on
+OpenVMS version 7.x and above tend to be unusable in version 6.x or
+lower, because some C library routines have changed names internally
+(the C programmer won't usually see it, because the old name is
+maintained through C macros).  One obvious solution is to make sure
+you have a development machine with an old enough version of OpenVMS.
+However, if you are stuck with a bunch of Alphas running OpenVMS version
+7.1, you seem to be out of luck.  Fortunately, the DEC C header files
+are cluttered with conditionals that make some declarations and definitions
+dependent on the OpenVMS version or the C library version, *and* you
+can use those macros to simulate older OpenVMS or C library versions,
+by defining the macros _VMS_V6_SOURCE, __VMS_VER and __CTRL_VER with
+correct values.  In the compilation scripts, I've provided the possibility
+for the user to influense the creation of such macros, through a bunch of
+symbols, all having names starting with USER_.  Here's the list of them:
+
+  USER_CCFLAGS		 - Used to give additional qualifiers to the
+			   compiler.  It can't be used to define macros
+			   since the scripts will do such things as well.
+			   To do such things, use USER_CCDEFS.
+  USER_CCDEFS		 - Used to define macros on the command line.  The
+			   value of this symbol will be inserted inside a
+			   /DEFINE=(...).
+  USER_CCDISABLEWARNINGS - Used to disable some warnings.  The value is
+			   inserted inside a /DISABLE=WARNING=(...).
+
+So, to maintain backward compatibility with older VMS versions, do the
+following before you start compiling:
+
+  $ USER_CCDEFS := _VMS_V6_SOURCE=1,__VMS_VER=60000000,__CRTL_VER=60000000
+  $ USER_CCDISABLEWARNINGS := PREOPTW
+
+The USER_CCDISABLEWARNINGS is there because otherwise, DEC C will complain
+that those macros have been changed.
+
+Note: Currently, this is only usefull for library compilation.  The
+      programs will still be linked with the current version of the
+      C library shareable image, and will thus complain if they are
+      faced with an older version of the same C library shareable image.
+      This will probably be fixed in a future revision of OpenSSL.
+
+
+Possible bugs or quirks:
+========================
+
+I'm not perfectly sure all the programs will use the SSLCERTS:
+directory by default, it may very well be that you have to give them
+extra arguments.  Please experiment.
+
+
+Report:
+=======
+
+I maintain a few mailinglists for bug reports and such on software that
+I develop/port/enhance/destroy.  Please look at http://www.free.lp.se/
+for further info.
+
+
+-- 
+Richard Levitte <richard@levitte.org>
+1999-03-09
+
+
+TODO:
+=====
+
+There are a few things that need to be worked out in the VMS version of
+OpenSSL, still:
+
+- Description files. ("Makefile's" :-))
+- Script code to link an already compiled build tree.
+- A VMSINSTALlable version (way in the future, unless someone else hacks).
+- shareable images (DLL for you Windows folks).
+
+There may be other things that I have missed and that may be desirable.
+Please send mail to <openssl-users@openssl.org> or to me directly if you
+have any ideas.
+
+--
+Richard Levitte <richard@levitte.org>
+1999-05-24
diff --git a/lib/libssl/src/MICROSOFT b/lib/libssl/src/INSTALL.W32
index 54176f0472d..4550aa06215 100644
--- a/lib/libssl/src/MICROSOFT
+++ b/lib/libssl/src/INSTALL.W32
@@ -1,3 +1,180 @@
+ 
+ INSTALLATION ON THE WIN32 PLATFORM
+ ----------------------------------
+
+ Heres a few comments about building OpenSSL in Windows environments. Most of
+ this is tested on Win32 but it may also work in Win 3.1 with some
+ modification.  See the end of this file for Eric's original comments.
+
+ You need Perl for Win32 (available from http://www.activestate.com/ActivePerl)
+ and one of the following C compilers:
+
+  * Visual C++
+  * Borland C
+  * GNU C (Mingw32 or Cygwin32)
+
+ If you want to compile in the assembly language routines with Visual C++ then
+ you will need an assembler. This is worth doing because it will result in
+ faster code: for example it will typically result in a 2 times speedup in the
+ RSA routines. Currently the following assemblers are supported:
+
+  * Microsoft MASM (aka "ml")
+  * Free Netwide Assembler NASM.
+
+ MASM was I believe distributed in the past with VC++ and it is also part of
+ the MSDN SDKs. It is no longer distributed as part of VC++ and can be hard
+ to get hold of. It can be purchased: see Microsoft's site for details at:
+ http://www.microsoft.com/
+
+ NASM is freely available. Version 0.98 was used during testing: other versions
+ may also work. It is available from many places, see for example:
+ http://www.kernel.org/pub/software/devel/nasm/binaries/win32/
+ The NASM binary nasmw.exe needs to be installed anywhere on your PATH.
+
+ If you are compiling from a tarball or a CVS snapshot then the Win32 files
+ may well be not up to date. This may mean that some "tweaking" is required to
+ get it all to work. See the trouble shooting section later on for if (when?)
+ it goes wrong.
+
+ Visual C++
+ ----------
+
+ Firstly you should run Configure:
+
+ > perl Configure VC-WIN32
+
+ Next you need to build the Makefiles and optionally the assembly language
+ files:
+
+ - If you are using MASM then run:
+
+   > ms\do_masm
+
+ - If you are using NASM then run:
+
+   > ms\do_nasm
+
+ - If you don't want to use the assembly language files at all then run:
+
+   > ms\do_ms
+
+ If you get errors about things not having numbers assigned then check the
+ troubleshooting section: you probably wont be able to compile it as it
+ stands.
+
+ Then from the VC++ environment at a prompt do:
+
+ > nmake -f ms\ntdll.mak
+
+ If all is well it should compile and you will have some DLLs and executables
+ in out32dll. If you want to try the tests then do:
+ 
+ > cd out32dll
+ > ..\ms\test
+
+ Tweaks:
+
+ There are various changes you can make to the Win32 compile environment. By
+ default the library is not compiled with debugging symbols. If you add 'debug'
+ to the mk1mk.pl lines in the do_* batch file then debugging symbols will be
+ compiled in.
+
+ The default Win32 environment is to leave out any Windows NT specific
+ features.
+
+ If you want to enable the NT specific features of OpenSSL (currently only the
+ logging BIO) follow the instructions above but call the batch file do_nt.bat
+ instead of do_ms.bat.
+
+ You can also build a static version of the library using the Makefile
+ ms\nt.mak
+
+ Borland C++ builder 3 and 4
+ ---------------------------
+
+ * Setup PATH. First must be GNU make then bcb4/bin 
+
+ * Run ms\bcb4.bat
+
+ * Run make:
+   > make -f bcb.mak
+
+ GNU C (Mingw32)
+ ---------------
+
+ To build OpenSSL, you need the Mingw32 package and GNU make.
+
+ * Compiler installation:
+
+   Mingw32 is available from <ftp://ftp.xraylith.wisc.edu/pub/khan/gnu-win32/
+   mingw32/egcs-1.1.2/egcs-1.1.2-mingw32.zip>. GNU make is at
+   <ftp://agnes.dida.physik.uni-essen.de/home/janjaap/mingw32/binaries/
+   make-3.76.1.zip>. Install both of them in C:\egcs-1.1.2 and run
+   C:\egcs-1.1.2\mingw32.bat to set the PATH.
+
+ * Compile OpenSSL:
+
+   > perl Configure Mingw32
+   > ms\mw.bat
+
+   This will create the library and binaries in out.
+
+   libcrypto.a and libssl.a are the static libraries. To use the DLLs,
+   link with libeay32.a and libssl32.a instead.
+
+   See troubleshooting if you get error messages about functions not having
+   a number assigned.
+
+ * You can now try the tests:
+
+   > cd out
+   > ..\ms\test
+
+ Troubleshooting
+ ---------------
+
+ Since the Win32 build is only occasionally tested it may not always compile
+ cleanly.  If you get an error about functions not having numbers assigned
+ when you run ms\do_ms then this means the Win32 ordinal files are not up to
+ date. You can do:
+
+ > perl util\mkdef.pl crypto ssl update
+
+ then ms\do_XXX should not give a warning any more. However the numbers that
+ get assigned by this technique may not match those that eventually get
+ assigned in the CVS tree: so anything linked against this version of the
+ library may need to be recompiled.
+
+ If you get errors about unresolved externals then this means that either you
+ didn't read the note above about functions not having numbers assigned or
+ someone forgot to add a function to the header file.
+
+ In this latter case check out the header file to see if the function is
+ defined in the header file.
+
+ If you get warnings in the code then the compilation will halt.
+
+ The default Makefile for Win32 halts whenever any warnings occur. Since VC++
+ has its own ideas about warnings which don't always match up to other
+ environments this can happen. The best fix is to edit the file with the
+ warning in and fix it. Alternatively you can turn off the halt on warnings by
+ editing the CFLAG line in the Makefile and deleting the /WX option.
+
+ You might get compilation errors. Again you will have to fix these or report
+ them.
+
+ One final comment about compiling applications linked to the OpenSSL library.
+ If you don't use the multithreaded DLL runtime library (/MD option) your
+ program will almost certainly crash: see the original SSLeay description
+ below for more details.
+
+--------------------------------------------------------------------------------
+The orignal Windows build instructions from SSLeay follow. 
+Note: some of this may be out of date and no longer applicable. In particular
+the Crypto_malloc_init() comment appears to be wrong: you always need to use
+the same runtime library as the DLL itself.
+--------------------------------------------------------------------------------
+
 The Microsoft World.
 
 The good news, to build SSLeay for the Microsft World
diff --git a/lib/libssl/src/crypto/x509/x509pack.c b/lib/libssl/src/LICENSE
index 846f1258595..b9e18d5e7bf 100644
--- a/lib/libssl/src/crypto/x509/x509pack.c
+++ b/lib/libssl/src/LICENSE
@@ -1,4 +1,73 @@
-/* crypto/x509/x509pack.c */
+
+  LICENSE ISSUES
+  ==============
+
+  The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
+  the OpenSSL License and the original SSLeay license apply to the toolkit.
+  See below for the actual license texts. Actually both licenses are BSD-style
+  Open Source licenses. In case of any license issues related to OpenSSL
+  please contact openssl-core@openssl.org.
+
+  OpenSSL License
+  ---------------
+
+/* ====================================================================
+ * Copyright (c) 1998-1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+ Original SSLeay License
+ -----------------------
+
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,102 +125,3 @@
  * [including the GNU Public Licence.]
  */
 
-#include <stdio.h>
-#include "stack.h"
-#include "cryptlib.h"
-#include "asn1.h"
-#include "objects.h"
-#include "evp.h"
-#include "x509.h"
-
-ASN1_OCTET_STRING *X509v3_pack_string(ex,type,bytes,len)
-ASN1_OCTET_STRING **ex;
-int type;
-unsigned char *bytes;
-int len;
-	{
-	ASN1_OCTET_STRING *os;
-	ASN1_STRING str;
-	unsigned char *p;
-	int i;
-
-	if ((ex == NULL) || (*ex == NULL))
-		os=ASN1_OCTET_STRING_new();
-	else
-		os= *ex;
-
-	if (len < 0) len=strlen((char *)bytes);
-	str.length=len;
-	str.type=type;
-	str.data=bytes;
-
-	/* str now holds the data, we just have to copy it into ->value */
-
-	switch (type)
-		{
-	case V_ASN1_BIT_STRING:
-		i=i2d_ASN1_BIT_STRING((ASN1_BIT_STRING *)&str,NULL);
-		if (!ASN1_STRING_set((ASN1_STRING *)os,NULL,i))
-			goto err;
-		p=(unsigned char *)os->data;
-		i2d_ASN1_BIT_STRING((ASN1_BIT_STRING *)&str,&p);
-		break;
-	case V_ASN1_OCTET_STRING:
-		i=i2d_ASN1_OCTET_STRING((ASN1_OCTET_STRING *)&str,NULL);
-		if (!ASN1_STRING_set((ASN1_STRING *)os,NULL,i))
-			goto err;
-		p=(unsigned char *)os->data;
-		i2d_ASN1_OCTET_STRING((ASN1_OCTET_STRING *)&str,&p);
-		break;
-	case V_ASN1_IA5STRING:
-	case V_ASN1_PRINTABLESTRING:
-	case V_ASN1_T61STRING:
-		i=i2d_ASN1_bytes(&str,NULL,type,V_ASN1_UNIVERSAL);
-		if (!ASN1_STRING_set((ASN1_STRING *)os,NULL,i))
-			goto err;
-		p=(unsigned char *)os->data;
-		i=i2d_ASN1_bytes(&str,&p,type,V_ASN1_UNIVERSAL);
-		break;
-	default:
-		X509err(X509_F_X509V3_PACK_STRING,X509_R_UNKNOWN_STRING_TYPE);
-		goto err;
-		}
-	os->length=i;
-
-	if ((ex != NULL) && (os != *ex))
-		*ex=os;
-	return(os);
-err:
-	return(NULL);
-	}
-
-ASN1_STRING *X509v3_unpack_string(ex,type,os)
-ASN1_STRING **ex;
-int type;
-ASN1_OCTET_STRING *os;
-	{
-	unsigned char *p;
-	ASN1_STRING *ret=NULL;
-
-	p=os->data;
-	switch (type)
-		{
-	case V_ASN1_BIT_STRING:
-		ret=(ASN1_STRING *)d2i_ASN1_BIT_STRING(
-			(ASN1_BIT_STRING **)ex,&p,os->length);
-		break;
-	case V_ASN1_OCTET_STRING:
-		ret=(ASN1_STRING *)d2i_ASN1_OCTET_STRING(
-			(ASN1_BIT_STRING **)ex,&p,os->length);
-		break;
-	case V_ASN1_IA5STRING:
-	case V_ASN1_PRINTABLESTRING:
-	case V_ASN1_T61STRING:
-		ret=(ASN1_STRING *)d2i_ASN1_PRINTABLE(ex,&p,os->length);
-		break;
-	default:
-		X509err(X509_F_X509V3_UNPACK_STRING,X509_R_UNKNOWN_STRING_TYPE);
-		}
-	return(ret);
-	}
-
diff --git a/lib/libssl/src/MINFO b/lib/libssl/src/MINFO
deleted file mode 100644
index 0509f336489..00000000000
--- a/lib/libssl/src/MINFO
+++ /dev/null
@@ -1,968 +0,0 @@
-RELATIVE_DIRECTORY=.
-AR=ar r
-BASENAME=SSLeay
-BF_ENC=bf_enc.o
-BN_MULW=bn_mulw.o
-CAST_ENC=c_enc.o
-CC=cc
-CFLAG=-O -DNOPROTO
-DES_ENC=des_enc.o fcrypt_b.o
-DIRS=crypto ssl rsaref apps test tools
-EDIRS=times doc bugs util include certs ms shlib mt demos perl dep
-EXHEADER=e_os.h
-EX_LIBS=
-GENERAL=Makefile
-HEADER=e_os.h
-INSTALLTOP=/usr/local/ssl
-LIBS=libcrypto.a libssl.a
-MAKE=make -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-MAN1=1
-MAN3=3
-MD5_ASM_OBJ=
-MISC=COPYRIGHT Configure HISTORY.066 INSTALL Makefile.ssl Makefile README TODO HISTORY README.066 README.080 README.090 VERSION PROBLEMS MINFO makefile.one e_os.h MICROSOFT makevms.com config PATENTS
-NAME=SSLeay-0.9.0
-ONEDIRS=out tmp
-PEX_LIBS=-L. -L.. -L../.. -L../../..
-RC4_ENC=rc4_enc.o
-RC5_ENC=rc5_enc.o
-RMD160_ASM_OBJ=
-SDIRS=md2 md5 sha mdc2 hmac ripemd des rc2 rc4 rc5 idea bf cast bn rsa dsa dh buffer bio stack lhash rand err objects evp pem asn1 x509 conf txt_db pkcs7
-SHA1_ASM_OBJ=
-SHELL=/bin/sh
-TARFILE=SSLeay-0.9.0.tar
-TOP=.
-VERSION=0.9.0
-WDIRS=windows
-WTARFILE=SSLeay-0.9.0-win.tar
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto
-ALL=Makefile README cryptlib.c mem.c cversion.c ex_data.c cpt_err.c cryptlib.h date.h crypto.h cryptall.h
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I. -I../include -g -DCFLAGS=" \"cc -g\" "
-DIR=crypto
-ERR=crypto
-ERRC=cpt_err
-EXHEADER=crypto.h cryptall.h
-EX_LIBS=
-GENERAL=Makefile README
-HEADER=cryptlib.h date.h crypto.h cryptall.h
-INCLUDE=-I. -I../include
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../libcrypto.a
-LIBOBJ=cryptlib.o mem.o cversion.o ex_data.o cpt_err.o
-LIBS=
-LIBSRC=cryptlib.c mem.c cversion.c ex_data.c cpt_err.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-PEX_LIBS=
-RM=/bin/rm -f
-SDIRS=md2 md5 sha mdc2 hmac ripemd des rc2 rc4 rc5 idea bf cast bn rsa dsa dh buffer bio stack lhash rand err objects evp pem x509 asn1 conf txt_db pkcs7
-SRC=cryptlib.c mem.c cversion.c ex_data.c cpt_err.c
-TOP=..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/md2
-ALL=Makefile md2_dgst.c md5_one.c md2.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-DIR=md
-EXHEADER=md2.h
-GENERAL=Makefile
-HEADER=md2.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=md2_dgst.o md2_one.o
-LIBSRC=md2_dgst.c md5_one.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=md2_dgst.c md5_one.c
-TEST=md2test.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/md5
-ALL=Makefile md5_dgst.c md5_one.c md5_locl.h md5.h
-APPS=md5.c
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-CPP=cc -E
-DIR=md5
-EXHEADER=md5.h
-GENERAL=Makefile
-HEADER=md5_locl.h md5.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=md5_dgst.o md5_one.o 
-LIBSRC=md5_dgst.c md5_one.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-MD5_ASM_OBJ=
-SRC=md5_dgst.c md5_one.c
-TEST=md5test.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/sha
-ALL=Makefile sha_dgst.c sha1dgst.c sha_one.c sha1_one.c sha_locl.h sha.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-DIR=sha
-EXHEADER=sha.h
-GENERAL=Makefile
-HEADER=sha_locl.h sha.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=sha_dgst.o sha1dgst.o sha_one.o sha1_one.o 
-LIBSRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SHA1_ASM_OBJ=
-SRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c
-TEST=shatest.c sha1test.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/mdc2
-ALL=Makefile mdc2dgst.c mdc2_one.c mdc2.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-DIR=mdc2
-EXHEADER=mdc2.h
-GENERAL=Makefile
-HEADER=mdc2.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=mdc2dgst.o mdc2_one.o
-LIBSRC=mdc2dgst.c mdc2_one.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=mdc2dgst.c mdc2_one.c
-TEST=mdc2test.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/hmac
-ALL=Makefile hmac.c hmac.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-DIR=hmac
-EXHEADER=hmac.h
-GENERAL=Makefile
-HEADER=hmac.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=hmac.o
-LIBSRC=hmac.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=hmac.c
-TEST=hmactest.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/ripemd
-ALL=Makefile rmd_dgst.c rmd_one.c rmd_locl.h rmdconst.h ripemd.h
-APPS=rmd160.c
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-CPP=cc -E
-DIR=ripemd
-EXHEADER=ripemd.h
-GENERAL=Makefile
-HEADER=rmd_locl.h rmdconst.h ripemd.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=rmd_dgst.o rmd_one.o 
-LIBSRC=rmd_dgst.c rmd_one.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-RIP_ASM_OBJ=
-SRC=rmd_dgst.c rmd_one.c
-TEST=rmdtest.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/des
-ALL=Makefile des.org des_locl.org cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c ecb3_enc.c ecb_enc.c enc_read.c enc_writ.c fcrypt.c ofb64enc.c ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c read_pwd.c rpc_enc.c set_key.c des_enc.c fcrypt_b.c read2pwd.c fcrypt.c xcbc_enc.c str2key.c cfb64ede.c ofb64ede.c supp.c des_locl.h rpc_des.h podd.h sk.h spr.h des_ver.h des.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-CPP=cc -E
-DES_ENC=des_enc.o fcrypt_b.o
-DIR=des
-EXHEADER=des.h
-GENERAL=Makefile des.org des_locl.org
-HEADER=des_locl.h rpc_des.h podd.h sk.h spr.h des_ver.h des.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=set_key.o ecb_enc.o cbc_enc.o ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o ofb64ede.o enc_read.o enc_writ.o ofb64enc.o ofb_enc.o str2key.o pcbc_enc.o qud_cksm.o rand_key.o des_enc.o fcrypt_b.o read2pwd.o fcrypt.o xcbc_enc.o read_pwd.o rpc_enc.o cbc_cksm.o supp.o
-LIBSRC=cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c ecb3_enc.c ecb_enc.c enc_read.c enc_writ.c fcrypt.c ofb64enc.c ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c read_pwd.c rpc_enc.c set_key.c des_enc.c fcrypt_b.c read2pwd.c fcrypt.c xcbc_enc.c str2key.c cfb64ede.c ofb64ede.c supp.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c ecb3_enc.c ecb_enc.c enc_read.c enc_writ.c fcrypt.c ofb64enc.c ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c read_pwd.c rpc_enc.c set_key.c des_enc.c fcrypt_b.c read2pwd.c fcrypt.c xcbc_enc.c str2key.c cfb64ede.c ofb64ede.c supp.c
-TEST=destest.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/rc2
-ALL=Makefile rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c rc2_locl.h rc2.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-DIR=rc2
-EXHEADER=rc2.h
-GENERAL=Makefile
-HEADER=rc2_locl.h rc2.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=rc2_ecb.o rc2_skey.o rc2_cbc.o rc2cfb64.o rc2ofb64.o
-LIBSRC=rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
-TEST=rc2test.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/rc4
-ALL=Makefile rc4_skey.c rc4_enc.c rc4.h rc4_locl.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-DIR=rc4
-EXHEADER=rc4.h
-GENERAL=Makefile
-HEADER=rc4.h rc4_locl.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=rc4_skey.o rc4_enc.o
-LIBSRC=rc4_skey.c rc4_enc.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-RC4_ENC=rc4_enc.o
-SRC=rc4_skey.c rc4_enc.c
-TEST=rc4test.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/rc5
-ALL=Makefile rc5_skey.c rc5_ecb.c rc5_enc.c rc5cfb64.c rc5ofb64.c rc5_locl.h rc5.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-CPP=cc -E
-DIR=rc5
-EXHEADER=rc5.h
-GENERAL=Makefile
-HEADER=rc5_locl.h rc5.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=rc5_skey.o rc5_ecb.o rc5_enc.o rc5cfb64.o rc5ofb64.o
-LIBSRC=rc5_skey.c rc5_ecb.c rc5_enc.c rc5cfb64.c rc5ofb64.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-RC5_ENC=rc5_enc.o
-SRC=rc5_skey.c rc5_ecb.c rc5_enc.c rc5cfb64.c rc5ofb64.c
-TEST=rc5test.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/idea
-ALL=Makefile i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c idea_lcl.h idea.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-DIR=idea
-EXHEADER=idea.h
-GENERAL=Makefile
-HEADER=idea_lcl.h idea.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=i_cbc.o i_cfb64.o i_ofb64.o i_ecb.o i_skey.o
-LIBSRC=i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c
-TEST=ideatest.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/bf
-ALL=Makefile bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c bf_pi.h bf_locl.h blowfish.h
-APPS=
-AR=ar r
-BF_ENC=bf_enc.o
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-CPP=cc -E
-DIR=bf
-EXHEADER=blowfish.h
-GENERAL=Makefile
-HEADER=bf_pi.h bf_locl.h blowfish.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=bf_skey.o bf_ecb.o bf_enc.o bf_cfb64.o bf_ofb64.o
-LIBSRC=bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c
-TEST=bftest.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/cast
-ALL=Makefile c_skey.c c_ecb.c c_enc.c c_cfb64.c c_ofb64.c cast_s.h cast_lcl.h cast.h
-APPS=
-AR=ar r
-CAST_ENC=c_enc.o
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-CPP=cc -E
-DIR=cast
-EXHEADER=cast.h
-GENERAL=Makefile
-HEADER=cast_s.h cast_lcl.h cast.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=c_skey.o c_ecb.o c_enc.o c_cfb64.o c_ofb64.o
-LIBSRC=c_skey.c c_ecb.c c_enc.c c_cfb64.c c_ofb64.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=c_skey.c c_ecb.c c_enc.c c_cfb64.c c_ofb64.c
-TEST=casttest.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/bn
-ALL=Makefile bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mod.c bn_mul.c bn_print.c bn_rand.c bn_shift.c bn_sub.c bn_word.c bn_blind.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_mulw.c bn_recp.c bn_mont.c bn_mpi.c bn_lcl.h bn_prime.h bn.h
-APPS=
-AR=ar r
-BN_MULW=bn_mulw.o
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=bn
-ERR=bn
-ERRC=bn_err
-EXHEADER=bn.h
-GENERAL=Makefile
-HEADER=bn_lcl.h bn_prime.h bn.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=bn_add.o bn_div.o bn_exp.o bn_lib.o bn_mod.o bn_mul.o bn_print.o bn_rand.o bn_shift.o bn_sub.o bn_word.o bn_blind.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o bn_mulw.o bn_recp.o bn_mont.o bn_mpi.o
-LIBSRC=bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mod.c bn_mul.c bn_print.c bn_rand.c bn_shift.c bn_sub.c bn_word.c bn_blind.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_mulw.c bn_recp.c bn_mont.c bn_mpi.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mod.c bn_mul.c bn_print.c bn_rand.c bn_shift.c bn_sub.c bn_word.c bn_blind.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_mulw.c bn_recp.c bn_mont.c bn_mpi.c
-TEST=bntest.c exptest.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/rsa
-ALL=Makefile rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c rsa_pk1.c rsa_ssl.c rsa_none.c rsa.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=rsa
-ERR=rsa
-ERRC=rsa_err
-EXHEADER=rsa.h
-GENERAL=Makefile
-HEADER=rsa.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o rsa_pk1.o rsa_ssl.o rsa_none.o
-LIBSRC=rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c rsa_pk1.c rsa_ssl.c rsa_none.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c rsa_pk1.c rsa_ssl.c rsa_none.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/dsa
-ALL=Makefile dsa_gen.c dsa_key.c dsa_lib.c dsa_vrf.c dsa_sign.c dsa_err.c dsa.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=dsa
-ERR=dsa
-ERRC=dsa_err
-EXHEADER=dsa.h
-GENERAL=Makefile
-HEADER=dsa.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=dsa_gen.o dsa_key.o dsa_lib.o dsa_vrf.o dsa_sign.o dsa_err.o
-LIBSRC=dsa_gen.c dsa_key.c dsa_lib.c dsa_vrf.c dsa_sign.c dsa_err.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=dsa_gen.c dsa_key.c dsa_lib.c dsa_vrf.c dsa_sign.c dsa_err.c
-TEST=dsatest.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/dh
-ALL=Makefile dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=dh
-ERR=dh
-ERRC=dh_err
-EXHEADER=dh.h
-GENERAL=Makefile
-HEADER=dh.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o
-LIBSRC=dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c
-TEST=dhtest.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/buffer
-ALL=Makefile buffer.c buf_err.c buffer.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=buffer
-ERR=buffer
-ERRC=buf_err
-EXHEADER=buffer.h
-GENERAL=Makefile
-HEADER=buffer.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=buffer.o buf_err.o
-LIBSRC=buffer.c buf_err.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=buffer.c buf_err.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/bio
-ALL=Makefile bio_lib.c bio_cb.c bio_err.c bss_mem.c bss_null.c bss_fd.c bss_file.c bss_sock.c bss_conn.c bf_null.c bf_buff.c b_print.c b_dump.c b_sock.c bss_acpt.c bf_nbio.c bio.h bss_file.c
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=bio
-ERR=bio
-ERRC=bio_err
-EXHEADER=bio.h bss_file.c
-GENERAL=Makefile
-HEADER=bio.h bss_file.c
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=bio_lib.o bio_cb.o bio_err.o bss_mem.o bss_null.o bss_fd.o bss_file.o bss_sock.o bss_conn.o bf_null.o bf_buff.o b_print.o b_dump.o b_sock.o bss_acpt.o bf_nbio.o
-LIBSRC=bio_lib.c bio_cb.c bio_err.c bss_mem.c bss_null.c bss_fd.c bss_file.c bss_sock.c bss_conn.c bf_null.c bf_buff.c b_print.c b_dump.c b_sock.c bss_acpt.c bf_nbio.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=bio_lib.c bio_cb.c bio_err.c bss_mem.c bss_null.c bss_fd.c bss_file.c bss_sock.c bss_conn.c bf_null.c bf_buff.c b_print.c b_dump.c b_sock.c bss_acpt.c bf_nbio.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/stack
-ALL=Makefile stack.c stack.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-DIR=stack
-EXHEADER=stack.h
-GENERAL=Makefile
-HEADER=stack.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=stack.o
-LIBSRC=stack.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=stack.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/lhash
-ALL=Makefile lhash.c lh_stats.c lhash.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-DIR=lhash
-EXHEADER=lhash.h
-GENERAL=Makefile
-HEADER=lhash.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=lhash.o lh_stats.o
-LIBSRC=lhash.c lh_stats.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=lhash.c lh_stats.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/rand
-ALL=Makefile md_rand.c randfile.c rand.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-DIR=rand
-EXHEADER=rand.h
-GENERAL=Makefile
-HEADER=rand.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=md_rand.o randfile.o
-LIBSRC=md_rand.c randfile.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=md_rand.c randfile.c
-TEST=randtest.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/err
-ALL=Makefile err.c err_all.c err_prn.c err.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=err
-EXHEADER=err.h
-GENERAL=Makefile
-HEADER=err.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=err.o err_all.o err_prn.o
-LIBSRC=err.c err_all.c err_prn.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=err.c err_all.c err_prn.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/objects
-ALL=Makefile README obj_dat.c obj_lib.c obj_err.c objects.h obj_dat.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=objects
-ERR=objects
-ERRC=obj_err
-EXHEADER=objects.h
-GENERAL=Makefile README
-HEADER=objects.h obj_dat.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=obj_dat.o obj_lib.o obj_err.o
-LIBSRC=obj_dat.c obj_lib.c obj_err.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=obj_dat.c obj_lib.c obj_err.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/evp
-ALL=Makefile encode.c digest.c evp_enc.c evp_key.c e_ecb_d.c e_cbc_d.c e_cfb_d.c e_ofb_d.c e_ecb_i.c e_cbc_i.c e_cfb_i.c e_ofb_i.c e_ecb_3d.c e_cbc_3d.c e_rc4.c names.c e_cfb_3d.c e_ofb_3d.c e_xcbc_d.c e_ecb_r2.c e_cbc_r2.c e_cfb_r2.c e_ofb_r2.c e_ecb_bf.c e_cbc_bf.c e_cfb_bf.c e_ofb_bf.c e_ecb_c.c e_cbc_c.c e_cfb_c.c e_ofb_c.c e_ecb_r5.c e_cbc_r5.c e_cfb_r5.c e_ofb_r5.c m_null.c m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c m_dss1.c m_mdc2.c m_ripemd.c p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c c_all.c evp_lib.c evp.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=evp
-ERR=evp
-ERRC=evp_err
-EXHEADER=evp.h
-GENERAL=Makefile
-HEADER=evp.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=encode.o digest.o evp_enc.o evp_key.o e_ecb_d.o e_cbc_d.o e_cfb_d.o e_ofb_d.o e_ecb_i.o e_cbc_i.o e_cfb_i.o e_ofb_i.o e_ecb_3d.o e_cbc_3d.o e_rc4.o names.o e_cfb_3d.o e_ofb_3d.o e_xcbc_d.o e_ecb_r2.o e_cbc_r2.o e_cfb_r2.o e_ofb_r2.o e_ecb_bf.o e_cbc_bf.o e_cfb_bf.o e_ofb_bf.o e_ecb_c.o e_cbc_c.o e_cfb_c.o e_ofb_c.o e_ecb_r5.o e_cbc_r5.o e_cfb_r5.o e_ofb_r5.o m_null.o m_md2.o m_md5.o m_sha.o m_sha1.o m_dss.o m_dss1.o m_mdc2.o m_ripemd.o p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o c_all.o evp_lib.o
-LIBSRC=encode.c digest.c evp_enc.c evp_key.c e_ecb_d.c e_cbc_d.c e_cfb_d.c e_ofb_d.c e_ecb_i.c e_cbc_i.c e_cfb_i.c e_ofb_i.c e_ecb_3d.c e_cbc_3d.c e_rc4.c names.c e_cfb_3d.c e_ofb_3d.c e_xcbc_d.c e_ecb_r2.c e_cbc_r2.c e_cfb_r2.c e_ofb_r2.c e_ecb_bf.c e_cbc_bf.c e_cfb_bf.c e_ofb_bf.c e_ecb_c.c e_cbc_c.c e_cfb_c.c e_ofb_c.c e_ecb_r5.c e_cbc_r5.c e_cfb_r5.c e_ofb_r5.c m_null.c m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c m_dss1.c m_mdc2.c m_ripemd.c p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c c_all.c evp_lib.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=encode.c digest.c evp_enc.c evp_key.c e_ecb_d.c e_cbc_d.c e_cfb_d.c e_ofb_d.c e_ecb_i.c e_cbc_i.c e_cfb_i.c e_ofb_i.c e_ecb_3d.c e_cbc_3d.c e_rc4.c names.c e_cfb_3d.c e_ofb_3d.c e_xcbc_d.c e_ecb_r2.c e_cbc_r2.c e_cfb_r2.c e_ofb_r2.c e_ecb_bf.c e_cbc_bf.c e_cfb_bf.c e_ofb_bf.c e_ecb_c.c e_cbc_c.c e_cfb_c.c e_ofb_c.c e_ecb_r5.c e_cbc_r5.c e_cfb_r5.c e_ofb_r5.c m_null.c m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c m_dss1.c m_mdc2.c m_ripemd.c p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c c_all.c evp_lib.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/pem
-ALL=Makefile pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c pem.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-CTX_SIZE=ctx_size
-DIR=pem
-ERR=pem
-ERRC=pem_err
-EXHEADER=pem.h
-GENERAL=Makefile
-HEADER=pem.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=pem_sign.o pem_seal.o pem_info.o pem_lib.o pem_all.o pem_err.o
-LIBSRC=pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/asn1
-ALL=Makefile README a_object.c a_bitstr.c a_utctm.c a_int.c a_octet.c a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_sign.c a_digest.c a_verify.c x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_name.c x_cinf.c x_x509.c x_crl.c x_info.c x_spki.c d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c t_req.c t_x509.c t_pkey.c p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c evp_asn1.c asn1.h asn1_mac.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=asn1
-ERR=asn1
-ERRC=asn1_err
-EXHEADER=asn1.h asn1_mac.h
-GENERAL=Makefile README
-HEADER=asn1.h asn1_mac.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=a_object.o a_bitstr.o a_utctm.o a_int.o a_octet.o a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o a_sign.o a_digest.o a_verify.o x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o x_name.o x_cinf.o x_x509.o x_crl.o x_info.o x_spki.o d2i_r_pr.o i2d_r_pr.o d2i_r_pu.o i2d_r_pu.o d2i_s_pr.o i2d_s_pr.o d2i_s_pu.o i2d_s_pu.o d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o t_req.o t_x509.o t_pkey.o p7_i_s.o p7_signi.o p7_signd.o p7_recip.o p7_enc_c.o p7_evp.o p7_dgst.o p7_s_e.o p7_enc.o p7_lib.o f_int.o f_string.o i2d_dhp.o i2d_dsap.o d2i_dhp.o d2i_dsap.o n_pkey.o a_hdr.o x_pkey.o a_bool.o x_exten.o asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o evp_asn1.o
-LIBSRC=a_object.c a_bitstr.c a_utctm.c a_int.c a_octet.c a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_sign.c a_digest.c a_verify.c x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_name.c x_cinf.c x_x509.c x_crl.c x_info.c x_spki.c d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c t_req.c t_x509.c t_pkey.c p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c evp_asn1.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=a_object.c a_bitstr.c a_utctm.c a_int.c a_octet.c a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_sign.c a_digest.c a_verify.c x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_name.c x_cinf.c x_x509.c x_crl.c x_info.c x_spki.c d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c t_req.c t_x509.c t_pkey.c p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c evp_asn1.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/x509
-ALL=Makefile README x509_def.c x509_d2.c x509_r2x.c x509_cmp.c x509_obj.c x509_req.c x509_vfy.c x509_set.c x509rset.c x509_err.c x509name.c x509_v3.c x509_ext.c x509pack.c x509type.c x509_lu.c x_all.c x509_txt.c by_file.c by_dir.c v3_net.c v3_x509.c x509.h x509_vfy.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=x509
-ERR=x509
-ERRC=x509_err
-EXHEADER=x509.h x509_vfy.h
-GENERAL=Makefile README
-HEADER=x509.h x509_vfy.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=x509_def.o x509_d2.o x509_r2x.o x509_cmp.o x509_obj.o x509_req.o x509_vfy.o x509_set.o x509rset.o x509_err.o x509name.o x509_v3.o x509_ext.o x509pack.o x509type.o x509_lu.o x_all.o x509_txt.o by_file.o by_dir.o v3_net.o v3_x509.o
-LIBSRC=x509_def.c x509_d2.c x509_r2x.c x509_cmp.c x509_obj.c x509_req.c x509_vfy.c x509_set.c x509rset.c x509_err.c x509name.c x509_v3.c x509_ext.c x509pack.c x509type.c x509_lu.c x_all.c x509_txt.c by_file.c by_dir.c v3_net.c v3_x509.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=x509_def.c x509_d2.c x509_r2x.c x509_cmp.c x509_obj.c x509_req.c x509_vfy.c x509_set.c x509rset.c x509_err.c x509name.c x509_v3.c x509_ext.c x509pack.c x509type.c x509_lu.c x_all.c x509_txt.c by_file.c by_dir.c v3_net.c v3_x509.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/conf
-ALL=Makefile conf.c conf_err.c conf_lcl.h conf.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=conf
-ERR=conf
-ERRC=conf_err
-EXHEADER=conf.h
-GENERAL=Makefile
-HEADER=conf_lcl.h conf.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=conf.o conf_err.o
-LIBSRC=conf.c conf_err.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=conf.c conf_err.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/txt_db
-ALL=Makefile txt_db.c txt_db.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-DIR=txt_db
-EXHEADER=txt_db.h
-GENERAL=Makefile
-HEADER=txt_db.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=txt_db.o
-LIBSRC=txt_db.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=txt_db.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/pkcs7
-ALL=Makefile README pk7_lib.c pkcs7err.c pk7_doit.c pkcs7.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=pkcs7
-ERR=pkcs7
-ERRC=pkcs7err
-EXHEADER=pkcs7.h
-GENERAL=Makefile README
-HEADER=pkcs7.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=pk7_lib.o pkcs7err.o pk7_doit.o
-LIBSRC=pk7_lib.c pkcs7err.c pk7_doit.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=pk7_lib.c pkcs7err.c pk7_doit.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=ssl
-ALL=Makefile README s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_enc.c s2_pkt.c s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c s3_pkt.c s3_both.c s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c t1_meth.c t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c ssl_ciph.c ssl_stat.c ssl_rsa.c ssl_asn1.c ssl_txt.c ssl_algs.c bio_ssl.c ssl_err.c ssl.h ssl2.h ssl3.h ssl23.h tls1.h ssl_locl.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I../crypto -I../include -g
-DIR=ssl
-ERR=ssl
-ERRC=ssl_err
-EXHEADER=ssl.h ssl2.h ssl3.h ssl23.h tls1.h
-GENERAL=Makefile README
-HEADER=ssl.h ssl2.h ssl3.h ssl23.h tls1.h ssl_locl.h
-INCLUDES=-I../crypto -I../include
-INSTALLTOP=/usr/local/ssl
-LIB=../libssl.a
-LIBOBJ=s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_enc.o s2_pkt.o s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o s23_pkt.o t1_meth.o t1_srvr.o t1_clnt.o t1_lib.o t1_enc.o ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o ssl_ciph.o ssl_stat.o ssl_rsa.o ssl_asn1.o ssl_txt.o ssl_algs.o bio_ssl.o ssl_err.o
-LIBSRC=s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_enc.c s2_pkt.c s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c s3_pkt.c s3_both.c s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c t1_meth.c t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c ssl_ciph.c ssl_stat.c ssl_rsa.c ssl_asn1.c ssl_txt.c ssl_algs.c bio_ssl.c ssl_err.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_enc.c s2_pkt.c s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c s3_pkt.c s3_both.c s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c t1_meth.c t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c ssl_ciph.c ssl_stat.c ssl_rsa.c ssl_asn1.c ssl_txt.c ssl_algs.c bio_ssl.c ssl_err.c
-TEST=ssltest.c
-TOP=..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=rsaref
-ALL=Makefile rsaref.c rsar_err.c  rsaref.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I../crypto -I../include -g
-DIR=rsaref
-ERR=rsaref
-ERRC=rsar_err
-EXHEADER=
-GENERAL=Makefile
-HEADER= rsaref.h
-INCLUDES=-I../crypto -I../include
-INSTALLTOP=/usr/local/ssl
-LIB=../libRSAglue.a
-LIBOBJ=rsaref.o rsar_err.o
-LIBSRC=rsaref.c rsar_err.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=rsaref.c rsar_err.c
-TEST=
-TOP=..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=apps
-ALL=Makefile verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c pkcs7.c crl2p7.c crl.c rsa.c dsa.c dsaparam.c x509.c genrsa.c s_server.c s_client.c speed.c s_time.c apps.c s_cb.c s_socket.c version.c sess_id.c ciphers.c apps.h progs.h s_apps.h testdsa.h testrsa.h 
-A_OBJ=apps.o
-A_SRC=apps.c
-CC=cc
-CFLAG=-g -static
-CFLAGS=-DMONOLITH -I../include -g -static
-DIR=apps
-DLIBCRYPTO=../libcrypto.a
-DLIBSSL=../libssl.a
-EXE=ssleay
-EXHEADER=
-EX_LIBS=
-E_EXE=verify asn1pars req dgst dh enc gendh errstr ca crl rsa dsa dsaparam x509 genrsa s_server s_client speed s_time version pkcs7 crl2pkcs7 sess_id ciphers
-E_OBJ=verify.o asn1pars.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o dsa.o dsaparam.o x509.o genrsa.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o version.o sess_id.o ciphers.o
-E_SRC=verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c pkcs7.c crl2p7.c crl.c rsa.c dsa.c dsaparam.c x509.c genrsa.c s_server.c s_client.c speed.c s_time.c apps.c s_cb.c s_socket.c version.c sess_id.c ciphers.c
-GENERAL=Makefile
-HEADER=apps.h progs.h s_apps.h testdsa.h testrsa.h 
-INCLUDES=-I../include
-INSTALLTOP=/usr/local/ssl
-LIBCRYPTO=-L.. -lcrypto
-LIBSSL=-L.. -lssl
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-PEX_LIBS=
-PROGS=ssleay.c
-RM=/bin/rm -f
-SCRIPTS=CA.sh der_chop
-SRC=verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c pkcs7.c crl2p7.c crl.c rsa.c dsa.c dsaparam.c x509.c genrsa.c s_server.c s_client.c speed.c s_time.c apps.c s_cb.c s_socket.c version.c sess_id.c ciphers.c
-SSLEAY=ssleay
-S_OBJ=s_cb.o s_socket.o
-S_SRC=s_cb.c s_socket.c
-TOP=..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=test
-ALL=Makefile.ssl bntest.c ideatest.c md2test.c md5test.c hmactest.c rc2test.c rc4test.c rc5test.c destest.c shatest.c sha1test.c mdc2test.c rmdtest.c randtest.c dhtest.c casttest.c bftest.c ssltest.c dsatest.c exptest.c 
-BFTEST=bftest
-BNTEST=bntest
-CASTTEST=casttest
-CC=cc
-CFLAG=-g
-CFLAGS=-I../include -g
-DESTEST=destest
-DHTEST=dhtest
-DIR=test
-DLIBCRYPTO=../libcrypto.a
-DLIBSSL=../libssl.a
-DSATEST=dsatest
-EXE=bntest ideatest md2test md5test hmactest rc2test rc4test rc5test destest shatest sha1test mdc2test rmdtest randtest dhtest bftest casttest ssltest exptest dsatest
-EXHEADER=
-EXPTEST=exptest
-EX_LIBS=
-GENERAL=Makefile.ssl
-HEADER=
-HMACTEST=hmactest
-IDEATEST=ideatest
-INCLUDES=-I../include
-INSTALLTOP=/usr/local/ssl
-LIBCRYPTO=-L.. -lcrypto
-LIBSSL=-L.. -lssl
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -fMakefile.ssl
-MAKEFILE=Makefile.ssl
-MD2TEST=md2test
-MD5TEST=md5test
-MDC2TEST=mdc2test
-METHTEST=methtest
-OBJ=bntest.o ideatest.o md2test.o md5test.o hmactest.o rc2test.o rc4test.o rc5test.o destest.o shatest.o sha1test.o mdc2test.o rmdtest.o randtest.o dhtest.o casttest.o bftest.o ssltest.o dsatest.o exptest.o
-PEX_LIBS=
-RANDTEST=randtest
-RC2TEST=rc2test
-RC4TEST=rc4test
-RC5TEST=rc5test
-RMDTEST=rmdtest
-SHA1TEST=sha1test
-SHATEST=shatest
-SRC=bntest.c ideatest.c md2test.c md5test.c hmactest.c rc2test.c rc4test.c rc5test.c destest.c shatest.c sha1test.c mdc2test.c rmdtest.c randtest.c dhtest.c casttest.c bftest.c ssltest.c dsatest.c exptest.c
-SSLTEST=ssltest
-TOP=..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=tools
-APPS=c_hash c_info c_issuer c_name c_rehash
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=tools
-GENERAL=Makefile.ssl
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-TEST=
-TOP=..
-RELATIVE_DIRECTORY=
diff --git a/lib/libssl/src/Makefile.org b/lib/libssl/src/Makefile.org
new file mode 100644
index 00000000000..2def579c264
--- /dev/null
+++ b/lib/libssl/src/Makefile.org
@@ -0,0 +1,351 @@
+##
+## Makefile for OpenSSL
+##
+
+VERSION=
+MAJOR=
+MINOR=
+PLATFORM=dist
+OPTIONS=
+# INSTALL_PREFIX is for package builders so that they can configure
+# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
+# Normally it is left empty.
+INSTALL_PREFIX=
+INSTALLTOP=/usr/local/ssl
+
+# Do not edit this manually. Use Configure --openssldir=DIR do change this!
+OPENSSLDIR=/usr/local/ssl
+
+# RSAref  - Define if we are to link with RSAref.
+# NO_IDEA - Define to build without the IDEA algorithm
+# NO_RC4  - Define to build without the RC4 algorithm
+# NO_RC2  - Define to build without the RC2 algorithm
+# THREADS - Define when building with threads, you will probably also need any
+#           system defines as well, i.e. _REENTERANT for Solaris 2.[34]
+# TERMIO  - Define the termio terminal subsystem, needed if sgtty is missing.
+# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
+# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
+# DEVRANDOM - Give this the value of the 'random device' if your OS supports
+#           one.  32 bytes will be read from this when the random
+#           number generator is initalised.
+# SSL_ALLOW_ADH - define if you want the server to be able to use the
+#           SSLv3 anon-DH ciphers.
+# SSL_FORBID_ENULL - define if you want the server to be not able to use the
+#           NULL encryption ciphers.
+#
+# LOCK_DEBUG - turns on lots of lock debug output :-)
+# REF_CHECK - turn on some xyz_free() assertions.
+# REF_PRINT - prints some stuff on structure free.
+# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
+# MFUNC - Make all Malloc/Free/Realloc calls call
+#       CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
+#       call application defined callbacks via CRYPTO_set_mem_functions()
+# MD5_ASM needs to be defined to use the x86 assembler for MD5
+# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
+# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
+# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8.  It must
+# equal 4.
+# PKCS1_CHECK - pkcs1 tests.
+
+CC= gcc
+#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
+CFLAG= -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
+DEPFLAG= 
+PEX_LIBS= -L. -L.. -L../.. -L../../..
+EX_LIBS= 
+AR=ar r
+RANLIB= ranlib
+PERL= perl
+
+# Set BN_ASM to bn_asm.o if you want to use the C version
+BN_ASM= bn_asm.o
+#BN_ASM= bn_asm.o
+#BN_ASM= asm/bn86-elf.o	# elf, linux-elf
+#BN_ASM= asm/bn86-sol.o # solaris
+#BN_ASM= asm/bn86-out.o # a.out, FreeBSD
+#BN_ASM= asm/bn86bsdi.o # bsdi
+#BN_ASM= asm/alpha.o    # DEC Alpha
+#BN_ASM= asm/pa-risc2.o # HP-UX PA-RISC
+#BN_ASM= asm/r3000.o    # SGI MIPS cpu
+#BN_ASM= asm/sparc.o    # Sun solaris/SunOS
+#BN_ASM= asm/bn-win32.o # Windows 95/NT
+#BN_ASM= asm/x86w16.o   # 16 bit code for Windows 3.1/DOS
+#BN_ASM= asm/x86w32.o   # 32 bit code for Windows 3.1
+
+# For x86 assembler: Set PROCESSOR to 386 if you want to support
+# the 80386.
+PROCESSOR=
+
+# Set DES_ENC to des_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+DES_ENC= asm/dx86-out.o asm/yx86-out.o
+#DES_ENC= des_enc.o fcrypt_b.o          # C
+#DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf
+#DES_ENC= asm/dx86-sol.o asm/yx86-sol.o # solaris
+#DES_ENC= asm/dx86-out.o asm/yx86-out.o # a.out, FreeBSD
+#DES_ENC= asm/dx86bsdi.o asm/yx86bsdi.o # bsdi
+
+# Set BF_ENC to bf_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+BF_ENC= asm/bx86-out.o
+#BF_ENC= bf_enc.o
+#BF_ENC= asm/bx86-elf.o # elf
+#BF_ENC= asm/bx86-sol.o # solaris
+#BF_ENC= asm/bx86-out.o # a.out, FreeBSD
+#BF_ENC= asm/bx86bsdi.o # bsdi
+
+# Set CAST_ENC to c_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+CAST_ENC= asm/cx86-out.o
+#CAST_ENC= c_enc.o
+#CAST_ENC= asm/cx86-elf.o # elf
+#CAST_ENC= asm/cx86-sol.o # solaris
+#CAST_ENC= asm/cx86-out.o # a.out, FreeBSD
+#CAST_ENC= asm/cx86bsdi.o # bsdi
+
+# Set RC4_ENC to rc4_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+RC4_ENC= asm/rx86-out.o
+#RC4_ENC= rc4_enc.o
+#RC4_ENC= asm/rx86-elf.o # elf
+#RC4_ENC= asm/rx86-sol.o # solaris
+#RC4_ENC= asm/rx86-out.o # a.out, FreeBSD
+#RC4_ENC= asm/rx86bsdi.o # bsdi
+
+# Set RC5_ENC to rc5_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+RC5_ENC= asm/r586-out.o
+#RC5_ENC= rc5_enc.o
+#RC5_ENC= asm/r586-elf.o # elf
+#RC5_ENC= asm/r586-sol.o # solaris
+#RC5_ENC= asm/r586-out.o # a.out, FreeBSD
+#RC5_ENC= asm/r586bsdi.o # bsdi
+
+# Also need MD5_ASM defined
+MD5_ASM_OBJ= asm/mx86-out.o
+#MD5_ASM_OBJ= asm/mx86-elf.o        # elf
+#MD5_ASM_OBJ= asm/mx86-sol.o        # solaris
+#MD5_ASM_OBJ= asm/mx86-out.o        # a.out, FreeBSD
+#MD5_ASM_OBJ= asm/mx86bsdi.o        # bsdi
+
+# Also need SHA1_ASM defined
+SHA1_ASM_OBJ= asm/sx86-out.o
+#SHA1_ASM_OBJ= asm/sx86-elf.o       # elf
+#SHA1_ASM_OBJ= asm/sx86-sol.o       # solaris
+#SHA1_ASM_OBJ= asm/sx86-out.o       # a.out, FreeBSD
+#SHA1_ASM_OBJ= asm/sx86bsdi.o       # bsdi
+
+# Also need RMD160_ASM defined
+RMD160_ASM_OBJ= asm/rm86-out.o
+#RMD160_ASM_OBJ= asm/rm86-elf.o       # elf
+#RMD160_ASM_OBJ= asm/rm86-sol.o       # solaris
+#RMD160_ASM_OBJ= asm/rm86-out.o       # a.out, FreeBSD
+#RMD160_ASM_OBJ= asm/rm86bsdi.o       # bsdi
+
+DIRS=   crypto ssl rsaref apps test tools
+SHLIBDIRS= crypto ssl
+
+# dirs in crypto to build
+SDIRS=  \
+	md2 md5 sha mdc2 hmac ripemd \
+	des rc2 rc4 rc5 idea bf cast \
+	bn rsa dsa dh \
+	buffer bio stack lhash rand err objects \
+	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
+
+MAKEFILE= Makefile.ssl
+MAKE=     make -f Makefile.ssl
+
+MAN1=1
+MAN3=3
+SHELL=/bin/sh
+
+TOP=    .
+ONEDIRS=out tmp
+EDIRS=  times doc bugs util include certs ms shlib mt demos perl sf dep VMS
+WDIRS=  windows
+LIBS=   libcrypto.a libssl.a 
+
+GENERAL=        Makefile
+BASENAME=       openssl
+NAME=           $(BASENAME)-$(VERSION)
+TARFILE=        $(NAME).tar
+WTARFILE=       $(NAME)-win.tar
+EXHEADER=       e_os.h e_os2.h
+HEADER=         e_os.h
+
+all: Makefile.ssl
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i && echo "making all in $$i..." && \
+	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
+	done
+	-@# cd perl; $(PERL) Makefile.PL; make
+
+sub_all:
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i && echo "making all in $$i..." && \
+	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
+	done;
+
+linux-shared:
+	for i in ${SHLIBDIRS}; do \
+	rm -f lib$$i.a lib$$i.so \
+		lib$$i.so.${MAJOR} lib$$i.so.${MAJOR}.${MINOR}; \
+	${MAKE} CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='-fPIC ${CFLAG}' SDIRS='${SDIRS}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' DIRS=$$i clean all || exit 1; \
+	( set -x; ${CC}  -shared -o lib$$i.so.${MAJOR}.${MINOR} \
+		-Wl,-S,-soname=lib$$i.so.${MAJOR} \
+		-Wl,--whole-archive lib$$i.a \
+		-Wl,--no-whole-archive -lc ) || exit 1; \
+	rm -f lib$$i.a; make -C $$i clean || exit 1 ;\
+	done;
+	@set -x; \
+	for i in ${SHLIBDIRS}; do \
+	ln -s lib$$i.so.${MAJOR}.${MINOR} lib$$i.so.${MAJOR}; \
+	ln -s lib$$i.so.${MAJOR} lib$$i.so; \
+	done;
+
+Makefile.ssl: Makefile.org
+	@echo "Makefile.ssl is older than Makefile.org."
+	@echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
+	@false
+
+libclean:
+	rm -f *.a */lib */*/lib
+
+clean:
+	rm -f shlib/*.o *.o core a.out fluff *.map
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i && echo "making clean in $$i..." && \
+	$(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
+	rm -f $(LIBS); \
+	done;
+	rm -f *.a *.o speed.* *.map *.so .pure core
+	rm -f $(TARFILE)
+	@for i in $(ONEDIRS) ;\
+	do \
+	rm -fr $$i/*; \
+	done
+
+makefile.one: files
+	$(PERL) util/mk1mf.pl >makefile.one; \
+	sh util/do_ms.sh
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i && echo "making 'files' in $$i..." && \
+	$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \
+	done;
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
+	@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
+	@for i in $(DIRS); do \
+	(cd $$i && echo "making links in $$i..." && \
+	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \
+	done;
+
+dclean:
+	rm -f *.bak
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i && echo "making dclean in $$i..." && \
+	$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \
+	done;
+
+rehash:
+	@(OPENSSL="`pwd`/apps/openssl"; export OPENSSL; sh tools/c_rehash certs)
+
+test:   tests
+
+tests: rehash
+	@(cd test && echo "testing..." && \
+	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' tests );
+	@apps/openssl version -a
+
+depend:
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i && echo "making dependencies $$i..." && \
+	$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \
+	done;
+
+lint:
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i && echo "making lint $$i..." && \
+	$(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \
+	done;
+
+tags:
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i && echo "making tags $$i..." && \
+	$(MAKE) SDIRS='${SDIRS}' tags ) || exit 1; \
+	done;
+
+errors:
+	perl util/mkerr.pl -recurse -write
+
+util/libeay.num::
+	perl util/mkdef.pl crypto update
+
+util/ssleay.num::
+	perl util/mkdef.pl ssl update
+
+TABLE: Configure
+	(echo 'Output of `Configure TABLE'"':"; \
+	perl Configure TABLE) > TABLE
+
+update: depend errors util/libeay.num util/ssleay.num TABLE
+
+tar:
+	@tar --norecurse -cvf - \
+		`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort` |\
+	tardy --user_number=0  --user_name=openssl \
+	      --group_number=0 --group_name=openssl \
+	      --prefix=openssl-$(VERSION) - |\
+	gzip --best >../$(TARFILE).gz; \
+	ls -l ../$(TARFILE).gz
+
+dist:   
+	$(PERL) Configure dist
+	@$(MAKE) dist_pem_h
+	@$(MAKE) SDIRS='${SDIRS}' clean
+	@$(MAKE) tar
+
+dist_pem_h:
+	(cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
+
+install: all
+	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+		$(INSTALL_PREFIX)$(INSTALLTOP)/lib \
+		$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
+		$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
+		$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
+		$(INSTALL_PREFIX)$(OPENSSLDIR)/private \
+		$(INSTALL_PREFIX)$(OPENSSLDIR)/lib
+	@for i in $(EXHEADER) ;\
+	do \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+	@for i in $(DIRS) ;\
+	do \
+	(cd $$i; echo "installing $$i..."; \
+	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' install ); \
+	done
+	@for i in $(LIBS) ;\
+	do \
+	(       echo installing $$i; \
+		cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+		$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+		chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+	done
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/lib/libssl/src/Makefile.ssl b/lib/libssl/src/Makefile.ssl
deleted file mode 100644
index da7f8859855..00000000000
--- a/lib/libssl/src/Makefile.ssl
+++ /dev/null
@@ -1,331 +0,0 @@
-#
-# Makefile for all the SSL related library routines and utilities
-VERSION = 0.9.0a
-#
-# make install will install:
-#   libraries into $INSTALLTOP/lib
-#   headers   into $INSTALLTOP/include
-#   utilities into $INSTALLTOP/bin
-#
-# By default INSTALLTOP is set to /usr/local/ssl
-# If you want things install elsewere, consider running
-# perl util/ssldir.pl /new/path
-#
-# Interesting Mailing Lists:
-#     ssl-bugs@mincom.oz.au
-#     ssl-users@mincom.oz.au
-#
-# To join the Mailing Lists:
-#     ssl-bugs-request@mincom.oz.au
-#     ssl-users-request@mincom.oz.au
-#
-# If you must get hold of people directly (we much prefer the above
-# lists to be used if the question is of general interest!):
-#       Eric Young <eay@cryptsoft.com>
-#       Tim Hudson <tjh@cryptsoft.com>
-#       or both    <ssleay@cryptsoft.com>
-#
-# The primary distribution of SSLeay is from
-# ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL
-#
-# NOCONST - Define for C compilers that don't like the const key word.
-# NOPROTO - Define in if your compiler does not support prototypes.
-# RSAref  - Define if we are to link with RSAref.
-# NO_IDEA - Define to build without the IDEA algorithm
-# NO_RC4  - Define to build without the RC4 algorithm
-# NO_RC2  - Define to build without the RC2 algorithm
-# THREADS - Define when building with threads, you will probably also need any
-#           system defines as well, i.e. _REENTERANT for Solaris 2.[34]
-# TERMIO  - Define the termio terminal subsystem, needed if sgtty is missing.
-# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
-# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
-# DEVRANDOM - Give this the value of the 'random device' if your OS supports
-#           one.  32 bytes will be read from this when the random
-#           number generator is initalised.
-# SSL_ALLOW_ADH - define if you want the server to be able to use the
-#           SSLv3 anon-DH ciphers.
-# SSL_ALLOW_ENULL - define if you want the server to be able to use the
-#           NULL encryption ciphers.
-#
-# LOCK_DEBUG - turns on lots of lock debug output :-)
-# REF_CHECK - turn on some xyz_free() assertions.
-# REF_PRINT - prints some stuff on structure free.
-# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
-# MFUNC - Make all Malloc/Free/Realloc calls call
-#       CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
-#       call application defined callbacks via CRYPTO_set_mem_functions()
-# MD5_ASM needs to be defined to use the x86 assembler for MD5
-# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
-# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
-
-
-CC= gcc
-#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DMD5_ASM -DSHA1_ASM -DRMD160_ASM
-CFLAG= -DNO_IDEA -DTERMIOS -DBN_ASM -DL_ENDIAN -D_ANSI_SOURCE -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
-PEX_LIBS= -L. -L.. -L../.. -L../../..
-EX_LIBS= 
-AR=ar r
-
-# Set BN_MULW to bn_mulw.o if you want to use the C version
-BN_MULW= asm/bn86-out.o
-#BN_MULW= bn_mulw.o
-#BN_MULW= asm/bn86-elf.o        # elf, linux-elf
-#BN_MULW= asm/bn86-sol.o        # solaris
-#BN_MULW= asm/bn86-out.o        # a.out, FreeBSD
-#BN_MULW= asm/bn86bsdi.o        # bsdi
-#BN_MULW= asm/alpha.o           # DEC Alpha
-#BN_MULW= asm/pa-risc2.o        # HP-UX PA-RISC
-#BN_MULW= asm/r3000.o           # SGI MIPS cpu
-#BN_MULW= asm/sparc.o           # Sun solaris/SunOS
-#BN_MULW= asm/bn-win32.o                # Windows 95/NT
-#BN_MULW= asm/x86w16.o          # 16 bit code for Windows 3.1/DOS
-#BN_MULW= asm/x86w32.o          # 32 bit code for Windows 3.1
-
-# Set DES_ENC to des_enc.o if you want to use the C version
-#There are 4 x86 assember options.
-DES_ENC= asm/dx86-out.o asm/yx86-out.o
-#DES_ENC= des_enc.o fcrypt_b.o          # C
-#DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf
-#DES_ENC= asm/dx86-sol.o asm/yx86-sol.o # solaris
-#DES_ENC= asm/dx86-out.o asm/yx86-out.o # a.out, FreeBSD
-#DES_ENC= asm/dx86bsdi.o asm/yx86bsdi.o # bsdi
-
-# Set BF_ENC to bf_enc.o if you want to use the C version
-#There are 4 x86 assember options.
-BF_ENC= asm/bx86-out.o
-#BF_ENC= bf_enc.o
-#BF_ENC= asm/bx86-elf.o # elf
-#BF_ENC= asm/bx86-sol.o # solaris
-#BF_ENC= asm/bx86-out.o # a.out, FreeBSD
-#BF_ENC= asm/bx86bsdi.o # bsdi
-
-# Set CAST_ENC to c_enc.o if you want to use the C version
-#There are 4 x86 assember options.
-CAST_ENC= asm/cx86-out.o
-#CAST_ENC= c_enc.o
-#CAST_ENC= asm/cx86-elf.o # elf
-#CAST_ENC= asm/cx86-sol.o # solaris
-#CAST_ENC= asm/cx86-out.o # a.out, FreeBSD
-#CAST_ENC= asm/cx86bsdi.o # bsdi
-
-# Set RC4_ENC to rc4_enc.o if you want to use the C version
-#There are 4 x86 assember options.
-RC4_ENC= asm/rx86-out.o
-#RC4_ENC= rc4_enc.o
-#RC4_ENC= asm/rx86-elf.o # elf
-#RC4_ENC= asm/rx86-sol.o # solaris
-#RC4_ENC= asm/rx86-out.o # a.out, FreeBSD
-#RC4_ENC= asm/rx86bsdi.o # bsdi
-
-# Set RC5_ENC to rc5_enc.o if you want to use the C version
-#There are 4 x86 assember options.
-RC5_ENC= asm/r586-out.o
-#RC5_ENC= rc5_enc.o
-#RC5_ENC= asm/r586-elf.o # elf
-#RC5_ENC= asm/r586-sol.o # solaris
-#RC5_ENC= asm/r586-out.o # a.out, FreeBSD
-#RC5_ENC= asm/r586bsdi.o # bsdi
-
-# Also need MD5_ASM defined
-MD5_ASM_OBJ= asm/mx86-out.o
-#MD5_ASM_OBJ= asm/mx86-elf.o        # elf
-#MD5_ASM_OBJ= asm/mx86-sol.o        # solaris
-#MD5_ASM_OBJ= asm/mx86-out.o        # a.out, FreeBSD
-#MD5_ASM_OBJ= asm/mx86bsdi.o        # bsdi
-
-# Also need SHA1_ASM defined
-SHA1_ASM_OBJ= asm/sx86-out.o
-#SHA1_ASM_OBJ= asm/sx86-elf.o       # elf
-#SHA1_ASM_OBJ= asm/sx86-sol.o       # solaris
-#SHA1_ASM_OBJ= asm/sx86-out.o       # a.out, FreeBSD
-#SHA1_ASM_OBJ= asm/sx86bsdi.o       # bsdi
-
-# Also need RMD160_ASM defined
-RMD160_ASM_OBJ= asm/rm86-out.o
-#RMD160_ASM_OBJ= asm/rm86-elf.o       # elf
-#RMD160_ASM_OBJ= asm/rm86-sol.o       # solaris
-#RMD160_ASM_OBJ= asm/rm86-out.o       # a.out, FreeBSD
-#RMD160_ASM_OBJ= asm/rm86bsdi.o       # bsdi
-
-DIRS=   crypto ssl rsaref apps test tools
-# dirs in crypto to build
-SDIRS=  \
-	md2 md5 sha mdc2 hmac ripemd \
-	des rc2 rc4 rc5 idea bf cast \
-	bn rsa dsa dh \
-	buffer bio stack lhash rand err objects \
-	evp pem asn1 x509 conf txt_db pkcs7
-
-# If you change the INSTALLTOP, make sure to also change the values
-# in crypto/location.h
-INSTALLTOP=/usr/ssl
-
-MAKEFILE= Makefile.ssl
-MAKE=     make -f Makefile.ssl
-
-MAN1=1
-MAN3=3
-SHELL=/bin/sh
-
-TOP=    .
-ONEDIRS=out tmp
-EDIRS=  times doc bugs util include certs ms shlib mt demos perl dep
-MISC=   COPYRIGHT Configure HISTORY.066 INSTALL Makefile.ssl Makefile \
-	README TODO HISTORY README.066 README.080 README.090 \
-	VERSION PROBLEMS MINFO makefile.one e_os.h \
-	MICROSOFT makevms.com config PATENTS
-WDIRS=  windows
-LIBS=   libcrypto.a libssl.a 
-
-GENERAL=        Makefile
-BASENAME=       SSLeay
-NAME=           $(BASENAME)-$(VERSION)
-TARFILE=        $(NAME).tar
-WTARFILE=       $(NAME)-win.tar
-EXHEADER=       e_os.h
-HEADER=         e_os.h
-
-all:
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making $$i..."; \
-	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_MULW='${BN_MULW}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' all ); \
-	done;
-
-sub_all:
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making $$i..."; \
-	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_MULW='${BN_MULW}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' all ); \
-	done;
-
-clean:
-	/bin/rm -f shlib/*.o *.o core a.out fluff *.map
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "cleaning $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' clean ); \
-	/bin/rm -f $(LIBS); \
-	done;
-	/bin/rm -f *.a *.o speed.* *.map *.so .pure core
-	/bin/rm -f $(TARFILE)
-	@for i in $(ONEDIRS) ;\
-	do \
-	/bin/rm -fr $$i/*; \
-	done
-
-makefile.one: files
-	perl util/mk1mf.pl >makefile.one; \
-	sh util/do_ms.sh
-
-files:  MINFO
-	perl $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making 'files' in $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' files ); \
-	done;
-
-links:
-	/bin/rm -f Makefile;
-	./util/point.sh Makefile.ssl Makefile;
-	$(TOP)/util/mklink.sh include $(EXHEADER) ;
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making links in $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' links ); \
-	done;
-	# @(cd apps; sh ./mklinks)
-	@( SSLEAY="`pwd`/apps/ssleay"; export SSLEAY; sh tools/c_rehash certs )
-
-dclean:
-	/bin/rm -f *.bak
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "undoing makedepend in $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' dclean ); \
-	done;
-
-rehash:
-	@(PATH="`pwd`/apps:${PATH}"; sh tools/c_rehash certs)
-
-test:   tests
-
-tests:
-	(cd test; echo "testing $$i..."; \
-	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_MULW='${BN_MULW}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' tests );
-	@apps/ssleay version -a
-
-depend:
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making dependancies $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' depend ); \
-	done;
-
-lint:
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making lint $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' lint ); \
-	done;
-
-tags:
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making tags $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' tags ); \
-	done;
-
-errors:
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making errors in $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' errors ); \
-	done;
-
-tar:
-	@(cd ..;\
-	mv $(BASENAME) $(NAME); \
-	export STUFF; \
-	for i in $(MISC) $(DIRS) $(EDIRS) $(ONEDIRS) ;\
-	do \
-		STUFF="$$STUFF $(NAME)/$$i"; \
-	done; \
-	tar cf $(NAME)/$(TARFILE) $$STUFF; \
-	mv $(NAME) $(BASENAME) ) 
-	gzip -f $(TARFILE)
-
-dist:   
-	perl Configure dist
-	perl util/up_ver.pl ${VERSION}
-	@$(MAKE) dist_pem_h
-	@$(MAKE) SDIRS='${SDIRS}' clean
-	@$(MAKE) SDIRS='${SDIRS}' dclean
-	@(cd apps; sh ./rmlinks)
-	@$(MAKE) makefile.one
-	@$(MAKE) tar
-
-dist_pem_h:
-	(cd crypto/pem; $(MAKE) SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
-
-install: all
-	@-mkdir -p $(INSTALLTOP)/bin 2>/dev/null
-	@-mkdir -p $(INSTALLTOP)/lib 2>/dev/null
-	@-mkdir -p $(INSTALLTOP)/include 2>/dev/null
-	@-mkdir -p $(INSTALLTOP)/certs 2>/dev/null
-	@-mkdir -p $(INSTALLTOP)/private 2>/dev/null
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "installing $$i..."; \
-	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' install ); \
-	done
-	@for i in $(LIBS) ;\
-	do \
-	(       echo installing $$i; \
-		cp $$i $(INSTALLTOP)/lib; \
-		sh util/ranlib.sh $(INSTALLTOP)/lib/$$i; \
-		chmod 644 $(INSTALLTOP)/lib/$$i ); \
-	done
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/lib/libssl/src/NEWS b/lib/libssl/src/NEWS
new file mode 100644
index 00000000000..c152b7155d8
--- /dev/null
+++ b/lib/libssl/src/NEWS
@@ -0,0 +1,65 @@
+
+  NEWS
+  ====
+
+  This file gives a brief overview of the major changes between each OpenSSL
+  release. For more details please read the CHANGES file.
+
+  Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4:
+
+      o Transparent support for PKCS#8 format private keys: these are used
+        by several software packages and are more secure than the standard
+        form
+      o PKCS#5 v2.0 implementation
+      o Password callbacks have a new void * argument for application data
+      o Avoid various memory leaks
+      o New pipe-like BIO that allows using the SSL library when actual I/O
+        must be handled by the application (BIO pair)
+
+  Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3:
+      o Lots of enhancements and cleanups to the Configuration mechanism
+      o RSA OEAP related fixes
+      o Added `openssl ca -revoke' option for revoking a certificate
+      o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs
+      o Source tree cleanups: removed lots of obsolete files
+      o Thawte SXNet, certificate policies and CRL distribution points
+        extension support
+      o Preliminary (experimental) S/MIME support
+      o Support for ASN.1 UTF8String and VisibleString
+      o Full integration of PKCS#12 code
+      o Sparc assembler bignum implementation, optimized hash functions
+      o Option to disable selected ciphers
+
+  Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b:
+      o Fixed a security hole related to session resumption
+      o Fixed RSA encryption routines for the p < q case
+      o "ALL" in cipher lists now means "everything except NULL ciphers"
+      o Support for Triple-DES CBCM cipher
+      o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA
+      o First support for new TLSv1 ciphers
+      o Added a few new BIOs (syslog BIO, reliable BIO)
+      o Extended support for DSA certificate/keys.
+      o Extended support for Certificate Signing Requests (CSR)
+      o Initial support for X.509v3 extensions
+      o Extended support for compression inside the SSL record layer
+      o Overhauled Win32 builds
+      o Cleanups and fixes to the Big Number (BN) library
+      o Support for ASN.1 GeneralizedTime
+      o Splitted ASN.1 SETs from SEQUENCEs
+      o ASN1 and PEM support for Netscape Certificate Sequences
+      o Overhauled Perl interface
+      o Lots of source tree cleanups.
+      o Lots of memory leak fixes.
+      o Lots of bug fixes.
+
+  Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c:
+      o Integration of the popular NO_RSA/NO_DSA patches
+      o Initial support for compression inside the SSL record layer
+      o Added BIO proxy and filtering functionality
+      o Extended Big Number (BN) library
+      o Added RIPE MD160 message digest
+      o Addeed support for RC2/64bit cipher
+      o Extended ASN.1 parser routines
+      o Adjustations of the source tree for CVS
+      o Support for various new platforms
+
diff --git a/lib/libssl/src/PATENTS b/lib/libssl/src/PATENTS
deleted file mode 100644
index 61423d03c8b..00000000000
--- a/lib/libssl/src/PATENTS
+++ /dev/null
@@ -1,9 +0,0 @@
-RSA Data Security holds software patents on the RSA and RC5 algorithms.
-If there ciphers are used used inside the USA (and Japan?), you must contact
-RSA Data Security for licencing conditions.
-
-The IDEA algorithm is patented by XXXX and they should be contacted if that
-algorithm is to be used.
-
-RC4 is a trademark of RSA Data Security, so use of this label should perhaps
-only me used with RSA Data Security's permission.
diff --git a/lib/libssl/src/PROBLEMS b/lib/libssl/src/PROBLEMS
deleted file mode 100644
index d78e2d9a23c..00000000000
--- a/lib/libssl/src/PROBLEMS
+++ /dev/null
@@ -1,50 +0,0 @@
-If you have any problems with SSLeay then please take the following 
-steps:
-
-    Remove the ASM version of the BN routines (edit Configure)
-    Remove the compiler optimisation flags
-    Add in the compiler debug flags (-g)
-
-Note: if using gcc then remove -fomit-frame-pointer before you try
-      to debug things.
-
-If you wish to report a bug then please include the following information
-in any bug report:
-
-    SSLeay Details
-	- Version, most of these details can be got from the
-	  'ssleay version -a' command.
-    Operating System Details
-	- OS Name
-	- OS Version
-	- Hardware platform
-    Compiler Details
-	- Name
-	- Version
-    Application Details 
-	- Name 
-	- Version 
-    Problem Description
-	- include steps that will reproduce the problem (if known)
-    Stack Traceback (if the application dumps core)
-
-For example:
-
-    SSLeay-0.5.1a
-    SunOS 5.3, SPARC, SunC 3.0
-    SSLtelnet-0.7
-
-    Core dumps when using telnet with SSL support in bn_mul() with 
-    the following stack trackback 
-	...
-
-
-Report the bug to either
-    ssleay@mincom.oz.au (Eric and Tim)
-or
-    ssl-bugs@mincom.oz.au (mailing list of active developers)
-
-
-Tim Hudson
-tjh@mincom.oz.au
-
diff --git a/lib/libssl/src/README b/lib/libssl/src/README
index eaa77007f0b..d7682e8a2f6 100644
--- a/lib/libssl/src/README
+++ b/lib/libssl/src/README
@@ -1,173 +1,205 @@
-		SSLeay 0.9.0b 29-Jun-1998
-		Copyright (c) 1997, Eric Young
-		All rights reserved.
-
-This directory contains Eric Young's (eay@cryptsoft.com) implementation
-of SSL and supporting libraries.
-
-The current version of this library is available from
-    ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-x.x.x.tar.gz
-
-There are patches to a number of internet applications which can be found in
-    ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps/
-
-A Web page containing the SSLeay FAQ written by Tim Hudson <tjh@cryptsoft.com> 
-can be found at 
-    http://www.psy.uq.oz.au/~ftp/Crypto
-
-Additional documentation is being slowly written by Eric Young, and is being
-added to http://www.cryptsoft.com/ssleay/doc.  It will normally also be
-available on http://www.psy.uq.oz.au/~ftp/Crypto/ssleay
-
-This Library and programs are FREE for commercial and non-commercial
-usage.  The only restriction is that I must be attributed with the
-development of this code.  See the COPYRIGHT file for more details.
-Donations would still be accepted :-).
-
-THIS LIBRARY IS NOT %100 COMPATABLE WITH SSLeay 0.6.6
-
-The package includes
-
-libssl.a:
-	My implementation of SSLv2, SSLv3 and the required code to support
-	both SSLv2 and SSLv3 in the one server.
-
-libcrypto.a:
-	General encryption and X509 stuff needed by SSL but not
-	actually logically part of it.  It includes routines for the following:
-
-  Ciphers
-	libdes - My libdes DES encryption package which has been floating
-		around the net for a few years.  It includes 15
-		'modes/variations' of DES (1, 2 and 3 key versions of ecb,
-		cbc, cfb and ofb; pcbc and a more general form of cfb and ofb)
-		including desx in cbc mode,
-		a fast crypt(3), and routines to read passwords from the
-		keyboard.
-	RC4 encryption,
-	RC2 encryption 		- 4 different modes, ecb, cbc, cfb and ofb.
-	Blowfish encryption	- 4 different modes, ecb, cbc, cfb and ofb.
-	IDEA encryption		- 4 different modes, ecb, cbc, cfb and ofb.
-
-  Digests
-	MD5 and MD2 message digest algorithms, fast implementations,
-	SHA (SHA-0) and SHA-1 message digest algorithms,
-	MDC2 message digest.  A DES based hash that is polular on smart cards.
-
-  Public Key
-	RSA encryption/decryption/generation.  There is no limit
-		on the number of bits.
-	DSA encryption/decryption/generation.   There is no limit on the
-		number of bits.
-	Diffie-Hellman key-exchange/key generation.  There is no limit
-		on the number of bits.
-
-  X509v3 certificates
-	X509 encoding/decoding into/from binary ASN1 and a PEM
-		based ascii-binary encoding which supports encryption with
-		a private key.
-	Program to generate RSA and DSA certificate requests and to
-		generate RSA and DSA certificates.
-
-  Systems
-  	The normal digital envelope routines and base64 encoding.
-	Higher level access to ciphers and digests by name.  New ciphers can be
-		loaded at run time.
-	The BIO io system which is a simple non-blocking IO abstraction.
-		Current methods supported are file descriptors, sockets,
-		socket accept, socket connect, memory buffer, buffering,
-		SSL client/server, file pointer, encryption, digest,
-		non-blocking testing and null.
-  Data structures
-  	A dynamically growing hashing system
-	A simple stack.
-	A Configuration loader that uses a format similar to MS .ini files.
-
-Programs in this package include
-	enc	- a general encryption program that can encrypt/decrypt using
-		one of 17 different cipher/mode combinations.  The
-		input/output can also be converted to/from base64
-		ascii encoding.
-	dgst	- a generate message digesting program that will generate
-		message digests for any of md2, md5, sha (sha-0 or sha-1)
-		or mdc2.
-	asn1parse - parse and display the structure of an asn1 encoded
-		binary file.
-	rsa	- Manipulate RSA private keys.
-	dsa	- Manipulate DSA private keys.
-	dh	- Manipulate Diffie-Hellman parameter files.
-	dsaparam- Manipulate and generate DSA parameter files.
-	crl	- Manipulate certificate revocation lists.
-	crt2pkcs7- Generate a pkcs7 object containing a crl and a certificate.
-	x509	- Manipulate x509 certificates, self-sign certificates.
-	req	- Manipulate PKCS#10 certificate requests and also
-		  generate certificate requests.
-	genrsa  - Generates an arbitrary sized RSA private key.
-	gendh	- Generates a set of Diffie-Hellman parameters, the prime
-		  will be a strong prime.
-	ca	- Create certificates from PKCS#10 certificate requests.
-		  This program also maintains a database of certificates
-		  issued.
-	verify	- Check x509 certificate signatures.
-	speed	- Benchmark SSLeay's ciphers.
-	s_server- A test SSL server.
-	s_client- A test SSL client.
-	s_time	- Benchmark SSL performance of SSL server programs.
-	errstr	- Convert from SSLeay hex error codes to a readable form.
-	
-Documents avaliable are
-	A Postscript and html reference manual
-	(written by Tim Hudson tjh@cryptsoft.com).
-
-	A list of text protocol references I used.
-	An initial version of the library manual.
-
-To install this package, read the INSTALL file.
-For the Microsoft word, read MICROSOFT
-This library has been compiled and tested on Solaris 2.[34] (sparc and x86),
-SunOS 4.1.3, DGUX, OSF1 Alpha, HPUX 9, AIX 3.5(?), IRIX 5.[23],
-LINUX, NeXT (intel), linux, Windows NT, Windows 3.1, MSDOS 6.22.
-
-Multithreading has been tested under Windows NT and Solaris 2.5.1
-
-Due to time constraints, the current release has only be rigorously tested
-on Solaris 2.[45], Linux and Windows NT.
-
-For people in the USA, it is possible to compile SSLeay to use RSA
-Inc.'s public key library, RSAref.  From my understanding, it is
-claimed by RSA Inc. to be illegal to use my public key routines inside the USA.
-Read doc/rsaref.doc on how to build with RSAref.
-
-Read the documentation in the doc directory.  It is quite rough,
-but it lists the functions, you will probably have to look at
-the code to work out how to used them.  I will be working on
-documentation.  Look at the example programs.
-
-There should be a SSL reference manual which is being put together by
-Tim Hudson (tjh@cryptsoft.com) in the same location as this
-distribution.  This contains a lot more information that is very
-useful.  For a description of X509 Certificates, their use, and
-certification, read rfc1421, rfc1422, rfc1423 and rfc1424.  ssl/README
-also goes over the mechanism.
-
-We have setup some mailing lists for use by people that are interested
-in helping develop this code and/or ask questions.
-    ssl-bugs@mincom.oz.au
-    ssl-users@mincom.oz.au
-    ssl-bugs-request@mincom.oz.au
-    ssl-users-request@mincom.oz.au
-
-I have recently read about a new form of software, that which is in
-a permanent state of beta release.  Linux and Netscape are 2 good 
-examples of this, and I would also add SSLeay to this category.
-The Current stable release is 0.6.6.  It has a few minor problems.
-0.8.0 is not call compatable so make sure you have the correct version
-of SSLeay to link with.  
-
-eric (Jun 1997)
-
-Eric Young (eay@cryptsoft.com)
-86 Taunton St.
-Annerley 4103.
-Australia.
 
+ OpenSSL 0.9.4  09 Aug 1999
+
+ Copyright (c) 1998-1999 The OpenSSL Project
+ Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+ All rights reserved.
+
+ DESCRIPTION
+ -----------
+
+ The OpenSSL Project is a collaborative effort to develop a robust,
+ commercial-grade, fully featured, and Open Source toolkit implementing the
+ Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
+ protocols with full-strength cryptography world-wide. The project is managed
+ by a worldwide community of volunteers that use the Internet to communicate,
+ plan, and develop the OpenSSL toolkit and its related documentation. 
+
+ OpenSSL is based on the excellent SSLeay library developed from Eric A. Young
+ and Tim J. Hudson.  The OpenSSL toolkit is licensed under a dual-license (the
+ OpenSSL license plus the SSLeay license) situation, which basically means
+ that you are free to get and use it for commercial and non-commercial
+ purposes as long as you fulfill the conditions of both licenses. 
+
+ OVERVIEW
+ --------
+
+ The OpenSSL toolkit includes:
+
+ libssl.a:
+     Implementation of SSLv2, SSLv3, TLSv1 and the required code to support
+     both SSLv2, SSLv3 and TLSv1 in the one server and client.
+
+ libcrypto.a:
+     General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not
+     actually logically part of it. It includes routines for the following:
+
+     Ciphers
+        libdes - EAY's libdes DES encryption package which has been floating
+                 around the net for a few years.  It includes 15
+                 'modes/variations' of DES (1, 2 and 3 key versions of ecb,
+                 cbc, cfb and ofb; pcbc and a more general form of cfb and
+                 ofb) including desx in cbc mode, a fast crypt(3), and
+                 routines to read passwords from the keyboard.
+        RC4 encryption,
+        RC2 encryption      - 4 different modes, ecb, cbc, cfb and ofb.
+        Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb.
+        IDEA encryption     - 4 different modes, ecb, cbc, cfb and ofb.
+
+     Digests
+        MD5 and MD2 message digest algorithms, fast implementations,
+        SHA (SHA-0) and SHA-1 message digest algorithms,
+        MDC2 message digest. A DES based hash that is popular on smart cards.
+
+     Public Key
+        RSA encryption/decryption/generation.  
+            There is no limit on the number of bits.
+        DSA encryption/decryption/generation.   
+            There is no limit on the number of bits.
+        Diffie-Hellman key-exchange/key generation.  
+            There is no limit on the number of bits.
+
+     X.509v3 certificates
+        X509 encoding/decoding into/from binary ASN1 and a PEM
+             based ascii-binary encoding which supports encryption with a
+             private key.  Program to generate RSA and DSA certificate
+             requests and to generate RSA and DSA certificates.
+
+     Systems
+        The normal digital envelope routines and base64 encoding.  Higher
+        level access to ciphers and digests by name.  New ciphers can be
+        loaded at run time.  The BIO io system which is a simple non-blocking
+        IO abstraction.  Current methods supported are file descriptors,
+        sockets, socket accept, socket connect, memory buffer, buffering, SSL
+        client/server, file pointer, encryption, digest, non-blocking testing
+        and null.
+
+     Data structures
+        A dynamically growing hashing system
+        A simple stack.
+        A Configuration loader that uses a format similar to MS .ini files.
+
+ openssl: 
+     A command line tool which provides the following functions:
+
+     enc     - a general encryption program that can encrypt/decrypt using
+               one of 17 different cipher/mode combinations.  The
+               input/output can also be converted to/from base64
+               ascii encoding.
+     dgst    - a generate message digesting program that will generate
+               message digests for any of md2, md5, sha (sha-0 or sha-1)
+               or mdc2.
+     asn1parse - parse and display the structure of an asn1 encoded
+               binary file.
+     rsa     - Manipulate RSA private keys.
+     dsa     - Manipulate DSA private keys.
+     dh      - Manipulate Diffie-Hellman parameter files.
+     dsaparam- Manipulate and generate DSA parameter files.
+     crl     - Manipulate certificate revocation lists.
+     crt2pkcs7- Generate a pkcs7 object containing a crl and a certificate.
+     x509    - Manipulate x509 certificates, self-sign certificates.
+     req     - Manipulate PKCS#10 certificate requests and also
+               generate certificate requests.
+     genrsa  - Generates an arbitrary sized RSA private key.
+     gendsa  - Generates DSA parameters.
+     gendh   - Generates a set of Diffie-Hellman parameters, the prime
+               will be a strong prime.
+     ca      - Create certificates from PKCS#10 certificate requests.
+               This program also maintains a database of certificates
+               issued.
+     verify  - Check x509 certificate signatures.
+     speed   - Benchmark OpenSSL's ciphers.
+     s_server- A test SSL server.
+     s_client- A test SSL client.
+     s_time  - Benchmark SSL performance of SSL server programs.
+     errstr  - Convert from OpenSSL hex error codes to a readable form.
+     nseq    - Netscape certificate sequence utility
+        
+ PATENTS
+ -------
+
+ Various companies hold various patents for various algorithms in various
+ locations around the world. _YOU_ are responsible for ensuring that your use
+ of any algorithms is legal by checking if there are any patents in your
+ country.  The file contains some of the patents that we know about or are
+ rumoured to exist. This is not a definitive list.
+
+ RSA Data Security holds software patents on the RSA and RC5 algorithms.  If
+ their ciphers are used used inside the USA (and Japan?), you must contact RSA
+ Data Security for licensing conditions. Their web page is
+ http://www.rsa.com/.
+
+ RC4 is a trademark of RSA Data Security, so use of this label should perhaps
+ only be used with RSA Data Security's permission. 
+
+ The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
+ Japan, Netherlands, Spain, Sweden, Switzerland, UK and the USA.  They should
+ be contacted if that algorithm is to be used, their web page is
+ http://www.ascom.ch/.
+
+ INSTALLATION
+ ------------
+
+ To install this package under a Unix derivative, read the INSTALL file.  For
+ a Win32 platform, read the INSTALL.W32 file.  For OpenVMS systems, read
+ INSTALL.VMS.
+
+ For people in the USA, it is possible to compile OpenSSL to use RSA Inc.'s
+ public key library, RSAREF, by configuring OpenSSL with the option "rsaref".
+
+ Read the documentation in the doc/ directory.  It is quite rough, but it
+ lists the functions, you will probably have to look at the code to work out
+ how to used them. Look at the example programs.
+
+ SUPPORT 
+ -------
+
+ If you have any problems with OpenSSL then please take the following steps
+ first:
+
+    - Remove ASM versions of libraries
+    - Remove compiler optimisation flags 
+    - Add compiler debug flags (if using gcc then remove -fomit-frame-pointer
+      before you try to debug things)
+
+ If you wish to report a bug then please include the following information in
+ any bug report:
+
+    OpenSSL Details
+    - Version, most of these details can be got from the
+      'openssl version -a' command.
+    Operating System Details
+    - On Unix systems: Output of './config -t'
+    - OS Name, Version
+    - Hardware platform
+    Compiler Details
+    - Name
+    - Version
+    Application Details 
+    - Name 
+    - Version 
+    Problem Description
+    - include steps that will reproduce the problem (if known)
+    Stack Traceback (if the application dumps core)
+
+ Report the bug to the OpenSSL project at:
+
+    openssl-bugs@openssl.org
+
+ HOW TO CONTRIBUTE TO OpenSSL
+ ----------------------------
+
+ Development is coordinated on the openssl-dev mailing list (see
+ http://www.openssl.org for information on subscribing). If you
+ would like to submit a patch, send it to openssl-dev@openssl.org.
+ Please be sure to include a textual explanation of what your patch
+ does.
+
+ The preferred format for changes is "diff -u" output. You might
+ generate it like this:
+
+ # cd openssl-work
+ # [your changes]
+ # ./Configure dist; make clean
+ # cd ..
+ # diff -urN openssl-orig openssl-work > mydiffs.patch
diff --git a/lib/libssl/src/README.066 b/lib/libssl/src/README.066
deleted file mode 100644
index d8e086d0b4e..00000000000
--- a/lib/libssl/src/README.066
+++ /dev/null
@@ -1,27 +0,0 @@
-
-SSLeay 0.6.6 13-Jan-1997
-
-The main additions are
-
-- assember for x86 DES improvments.
-  From 191,000 per second on a pentium 100, I now get 281,000.  The inner
-  loop and the IP/FP modifications are from
-  Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>.  Many thanks for his
-  contribution.
-- The 'DES macros' introduced in 0.6.5 now have 3 types.
-  DES_PTR1, DES_PTR2 and 'normal'.  As per before, des_opts reports which
-  is best and there is a summery of mine in crypto/des/options.txt
-- A few bug fixes.
-- Added blowfish.  It is not used by SSL but all the other stuff that
-  deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes.
-  There are 3 options for optimising Blowfish.  BF_PTR, BF_PTR2 and 'normal'.
-  BF_PTR2 is pentium/x86 specific.  The correct option is setup in
-  the 'Configure' script.
-- There is now a 'get client certificate' callback which can be
-  'non-blocking'.  If more details are required, let me know.  It will
-  documented more in SSLv3 when I finish it.
-- Bug fixes from 0.6.5 including the infamous 'ca' bug.  The 'make test'
-  now tests the ca program.
-- Lots of little things modified and tweaked.
-
-eric
diff --git a/lib/libssl/src/README.080 b/lib/libssl/src/README.080
deleted file mode 100644
index 155ce1c712c..00000000000
--- a/lib/libssl/src/README.080
+++ /dev/null
@@ -1,147 +0,0 @@
-This version of SSLeay has quite a lot of things different from the
-previous version.
-
-Basically check all callback parameters, I will be producing documentation
-about how to use things in th future.  Currently I'm just getting 080 out
-the door.  Please not that there are several ways to do everything, and
-most of the applications in the apps directory are hybrids, some using old
-methods and some using new methods.
-
-Have a look in demos/bio for some very simple programs and
-apps/s_client.c and apps/s_server.c for some more advanced versions.
-Notes are definitly needed but they are a week or so away.
-
-Anyway, some quick nots from Tim Hudson (tjh@cryptsoft.com)
----
-Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to
-get those people that want to move to using the new code base off to
-a quick start.
-
-Note that Eric has tidied up a lot of the areas of the API that were
-less than desirable and renamed quite a few things (as he had to break
-the API in lots of places anyrate). There are a whole pile of additional
-functions for making dealing with (and creating) certificates a lot
-cleaner.
-
-01-Jul-97
-Tim Hudson
-tjh@cryptsoft.com
-
----8<---
-
-To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could
-use something like the following (assuming you #include "crypto.h" which
-is something that you really should be doing).
-
-#if SSLEAY_VERSION_NUMBER >= 0x0800
-#define SSLEAY8
-#endif
-
-buffer.h -> splits into buffer.h and bio.h so you need to include bio.h
-            too if you are working with BIO internal stuff (as distinct
-	    from simply using the interface in an opaque manner)
-
-#include "bio.h"	- required along with "buffer.h" if you write
-			  your own BIO routines as the buffer and bio
-			  stuff that was intermixed has been separated
-			  out 
-			
-envelope.h -> evp.h  (which should have been done ages ago)
-
-Initialisation ... don't forget these or you end up with code that
-is missing the bits required to do useful things (like ciphers):
-
-SSLeay_add_ssl_algorithms()
-(probably also want SSL_load_error_strings() too but you should have
- already had that call in place)
-
-SSL_CTX_new()	- requires an extra method parameter
-		      SSL_CTX_new(SSLv23_method()) 
-		      SSL_CTX_new(SSLv2_method()) 
-		      SSL_CTX_new(SSLv3_method()) 
-
-		  OR to only have the server or the client code
-		      SSL_CTX_new(SSLv23_server_method()) 
-		      SSL_CTX_new(SSLv2_server_method()) 
-		      SSL_CTX_new(SSLv3_server_method()) 
-		  or  
-		      SSL_CTX_new(SSLv23_client_method()) 
-		      SSL_CTX_new(SSLv2_client_method()) 
-		      SSL_CTX_new(SSLv3_client_method()) 
-
-SSL_set_default_verify_paths() ... renamed to the more appropriate
-SSL_CTX_set_default_verify_paths()
-
-If you want to use client certificates then you have to add in a bit
-of extra stuff in that a SSLv3 server sends a list of those CAs that
-it will accept certificates from ... so you have to provide a list to
-SSLeay otherwise certain browsers will not send client certs.
-
-SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
-
-
-X509_NAME_oneline(X)	-> X509_NAME_oneline(X,NULL,0)	
-			   or provide a buffer and size to copy the
-			   result into
-
-X509_add_cert ->  X509_STORE_add_cert (and you might want to read the
-		  notes on X509_NAME structure changes too)
-
-
-VERIFICATION CODE
-=================
-
-The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to
-more accurately reflect things.
-
-The verification callback args are now packaged differently so that
-extra fields for verification can be added easily in future without
-having to break things by adding extra parameters each release :-)
-
-X509_cert_verify_error_string -> X509_verify_cert_error_string
-
-
-BIO INTERNALS
-=============
-
-Eric has fixed things so that extra flags can be introduced in
-the BIO layer in future without having to play with all the BIO
-modules by adding in some macros.
-
-The ugly stuff using 
-	b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY)
-becomes
-	BIO_clear_retry_flags(b)
-
-	b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)
-becomes
-	BIO_set_retry_read(b)
-
-Also ... BIO_get_retry_flags(b), BIO_set_flags(b)
-
-
-
-OTHER THINGS
-============
-
-X509_NAME has been altered so that it isn't just a STACK ... the STACK
-is now in the "entries" field ... and there are a pile of nice functions
-for getting at the details in a much cleaner manner.
-
-SSL_CTX has been altered ... "cert" is no longer a direct member of this
-structure ... things are now down under "cert_store" (see x509_vfy.h) and
-things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE.
-If your code "knows" about this level of detail then it will need some 
-surgery.
-
-If you depending on the incorrect spelling of a number of the error codes
-then you will have to change your code as these have been fixed.
-
-ENV_CIPHER "type" got renamed to "nid" and as that is what it actually
-has been all along so this makes things clearer.
-ify_cert_error_string(ctx->error));
-
-SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST
-			and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO
-
-
diff --git a/lib/libssl/src/README.090 b/lib/libssl/src/README.090
deleted file mode 100644
index 634870d5f17..00000000000
--- a/lib/libssl/src/README.090
+++ /dev/null
@@ -1,71 +0,0 @@
-10-Apr-1998
-I said the next version would go out at easter, and so it shall.
-I expect a 0.9.1 will follow with portability fixes in the next few weeks.
-
-This is a quick, meet the deadline.  Look to ssl-users for comments on what
-is new etc.
-
-The state of play
-- TLSv1 - I need to do some explaining about how the methods interact.
-  The bad news is that SSLeay 0.8.x application will not roll back to
-  SSLv3, I suffed up.  0.8.x is rather pedantic about the '3.0' version
-  number.  Look at the 'no-tls' options in applications in the apps directory.
-- The perl5 stuff is very rough.  The SSL part does not work due to
-  reference count hassles in the BIO stuff.  I just have not had time to
-  look at it.  The cipher, digest and bignum stuff works though.  I just
-  need to clean up the API.
-- Lots of x86 assember.  I now have it for des, 3des, rc4, rc5, blowfish,
-  cast, md5, sha1 and ripemd160.  It has been tested on win32, linux (elf)
-  and FreeBSD (a.out).
-- As mentioned above, cast, rc5 and ripemd160 have been added.
-- A simple HMAC set of functions.
-- EX_DATA strucutre, which can be used by applications or other libraries
-  to tack arbitarty data against strucutures that include it.
-  You will probably have to see examples to see how to use it, and I will
-  elaberate on the ssl-users mailing list
-- RSA blinding.  If you fear timing attacks on RSA, you can turn on
-  blinding which defeats it.
-- From Tim Hudson, try running 'sh config' instead of 'perl Configure'.
-  I makes an educated guess as to what you are and then runs 'perl Configure'
-- The error stuff has been modified so arbitary strings can be taged
-  against an error message.  It is used in a few places to elaberate on
-  parameters that caused the error.
-
-Areas of work
-- The 16bit big-num assember needs a routine added.  The WIN16 and
-  WIN32 stuff is ok, but MS-DOS or 286 builds need the update.
-- Most of the bignum assember will not work.  There will be a function
-  missing, bn_add_words().  I need people to send me the C compiler output
-  for platforms I don't already have.  Currently, the assember is correct for
-  x86, win32, win16(386+), linux elf, FreeBSD a.out and sparc.
-- PKCS7, I have delusions of s/MIME.  I need to do a BIO interface.
-- perl5, it needs finishing
-- X509v3 extension.  I have some ideas, I just need to
-  implement them :-)
-- Public key methods.  I need to clean up the library internally so
-  public key methods are loaded is a similar way to symetric ciphers
-  and digests.  I also need to seperate out the digests from public
-  key methods.  This stuff is needed to support sortware patents, smaller
-  code size and hardware tokens.
-
-Anyway, this release gets out the bug fixes and TLS, but be warned, until
-all those old SSLeay 0.8.x based server get upgraded, you will need to
-connect with SSLv3 if TLSv1 fails.
-
-eric (about to go bushwalking for the 4 day easter break :-)
-
-PS Common problems
-- For Win32 build, use /MD to specify your libraries, or build SSLeay with
-  the same flags as your application.  Visual C stuffs up the malloc routines
-  if memory allocated by one memory model is freed by another.  FILE pointers
-  are a major cause of these problem.
-- If you are trying to use non-blocking IO and it is not working,
-  try 'ssleay s_client -help' and see if the -nbio option is listed.
-  For unixware, it has the non-block IO define in 'differnt' header file
-  and SSLeay will silently build without non-blocking IO calls (but for
-  unixware, the special header has been included).
-- -DL_ENDIAN.  For the message digests, some code needs to be turned off
-  in the C code when assember is used.  For x86, this means the L_ENDIAN
-  needs to defined when x86 -DSHA1_ASM is defined.  The reasons this is
-  not automagically done is because non-x86 assember could be bigendian.
-  For pure C code builds, the B_ENDIAN/L_ENDIAN flags are optional.
diff --git a/lib/libssl/src/TODO b/lib/libssl/src/TODO
deleted file mode 100644
index 1c3da41cdfc..00000000000
--- a/lib/libssl/src/TODO
+++ /dev/null
@@ -1,28 +0,0 @@
-- The loading of the netscape RC4 encrypted key is a crock of pig pellets.
-  It will be reworked along with a nice general mechanism for encrypting
-  ASN.1 stuff. [ Jun 96 ] I've cleaned up private keys internally but
-  still have not done PKCS#8 support.
-
-- Winsock support in s_client/s_server for windows nt/3.1 is a crock.
-  I will probably not get this fixed for a while, it is just there so
-  I could test things.
-
-- Be able to generate DSS certificates.
-
-- Add CRL to the X509 verification stuff, this will probably be added with
-  SSLv3.
-
-+ X509 callback.  I need to callback the application to retrieve certificates
-  and CRL.
-
-*<- designates the things I'm activly working on.
-+<- designates that which I have next in the queue.
-
-====
-
-X509v3 extensions
-verify certificate chains
-X509 cert lookup methods
-RSA/DSA/DH methods mostly for smart cards
-dsa cert generation
-
diff --git a/lib/libssl/src/VERSION b/lib/libssl/src/VERSION
deleted file mode 100644
index 5555e9a3afd..00000000000
--- a/lib/libssl/src/VERSION
+++ /dev/null
@@ -1,24 +0,0 @@
-SSLeay 0.8.1
-	- Mostly bug fixes.  There is an Ephemeral DH cipher problem which
-	  is fixed.
-
-SSLeay 0.8.0
-	- New release, for those that are wondering what happend to
-	  0.7.x, call it our internal development version :-)
-	- There have been lots of changes, mostly the addition of SSLv3.
-	- There have been many additions from people and amongst
-	  others, C2Net has assisted greatly.
-
-SSLeay 0.6.6
-	SSLeay 0.8.0 is not upward compatable with SSLeay 0.6.6, so
-	if your application requires 0.6.6, use it.  There have been
-	lots of bug fixes to 0.8.x that have not been applied to 0.6.6
-	so use 0.8.0+ in preference.
-
-PORTING 0.6.6 to 0.8.0
-	I'll be documenting this over the next few weeks but as
-	pressures have been increasing for making SSLv3 support
-	available I'm shipping it without this documentation as I
-	basically have not had time to write it (too busy earning a
-	living :-)
-
diff --git a/lib/libssl/src/apps/CA.com b/lib/libssl/src/apps/CA.com
new file mode 100644
index 00000000000..f324788eca1
--- /dev/null
+++ b/lib/libssl/src/apps/CA.com
@@ -0,0 +1,200 @@
+$! CA - wrapper around ca to make it easier to use ... basically ca requires
+$!      some setup stuff to be done before you can use it and this makes
+$!      things easier between now and when Eric is convinced to fix it :-)
+$!
+$! CA -newca ... will setup the right stuff
+$! CA -newreq ... will generate a certificate request 
+$! CA -sign ... will sign the generated request and output 
+$!
+$! At the end of that grab newreq.pem and newcert.pem (one has the key 
+$! and the other the certificate) and cat them together and that is what
+$! you want/need ... I'll make even this a little cleaner later.
+$!
+$!
+$! 12-Jan-96 tjh    Added more things ... including CA -signcert which
+$!                  converts a certificate to a request and then signs it.
+$! 10-Jan-96 eay    Fixed a few more bugs and added the SSLEAY_CONFIG
+$!                 environment variable so this can be driven from
+$!                 a script.
+$! 25-Jul-96 eay    Cleaned up filenames some more.
+$! 11-Jun-96 eay    Fixed a few filename missmatches.
+$! 03-May-96 eay    Modified to use 'openssl cmd' instead of 'cmd'.
+$! 18-Apr-96 tjh    Original hacking
+$!
+$! Tim Hudson
+$! tjh@cryptsoft.com
+$!
+$!
+$! default ssleay.cnf file has setup as per the following
+$! demoCA ... where everything is stored
+$
+$ IF F$TYPE(SSLEAY_CONFIG) .EQS. "" THEN SSLEAY_CONFIG := SSLLIB:SSLEAY.CNF
+$
+$ DAYS   = "-days 365"
+$ REQ    = openssl + " req " + SSLEAY_CONFIG
+$ CA     = openssl + " ca " + SSLEAY_CONFIG
+$ VERIFY = openssl + " verify"
+$ X509   = openssl + " x509"
+$ echo   = "write sys$Output"
+$!
+$ s = F$PARSE(F$ENVIRONMENT("DEFAULT"),"[]") - "].;"
+$ CATOP  := 's'.demoCA
+$ CAKEY  := ]cakey.pem
+$ CACERT := ]cacert.pem
+$
+$ __INPUT := SYS$COMMAND
+$ RET = 1
+$!
+$ i = 1
+$opt_loop:
+$ if i .gt. 8 then goto opt_loop_end
+$
+$ prog_opt = F$EDIT(P'i',"lowercase")
+$
+$ IF (prog_opt .EQS. "?" .OR. prog_opt .EQS. "-h" .OR. prog_opt .EQS. "-help") 
+$ THEN
+$   echo "usage: CA -newcert|-newreq|-newca|-sign|-verify" 
+$   exit
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-input")
+$ THEN
+$   ! Get input from somewhere other than SYS$COMMAND
+$   i = i + 1
+$   __INPUT = P'i'
+$   GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-newcert")
+$ THEN
+$   ! Create a certificate.
+$   DEFINE/USER SYS$INPUT '__INPUT'
+$   REQ -new -x509 -keyout newreq.pem -out newreq.pem 'DAYS'
+$   RET=$STATUS
+$   echo "Certificate (and private key) is in newreq.pem"
+$   GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-newreq")
+$ THEN
+$   ! Create a certificate request
+$   DEFINE/USER SYS$INPUT '__INPUT'
+$   REQ -new -keyout newreq.pem -out newreq.pem 'DAYS'
+$   RET=$STATUS
+$   echo "Request (and private key) is in newreq.pem"
+$   GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-newca")
+$ THEN
+$   ! If explicitly asked for or it doesn't exist then setup the directory
+$   ! structure that Eric likes to manage things.
+$   IF F$SEARCH(CATOP+"]serial.") .EQS. ""
+$   THEN
+$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP']
+$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.certs]
+$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.crl]
+$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.newcerts]
+$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.private]
+$     OPEN   /WRITE ser_file 'CATOP']serial. 
+$     WRITE ser_file "01"
+$     CLOSE ser_file
+$     APPEND/NEW NL: 'CATOP']index.txt
+$   ENDIF
+$!
+$   IF F$SEARCH(CATOP+".private"+CAKEY) .EQS. ""
+$   THEN
+$     READ '__INPUT' FILE -
+	   /PROMT="CA certificate filename (or enter to create)"
+$     IF F$SEARCH(FILE) .NES. ""
+$     THEN
+$       COPY 'FILE' 'CATOP'.private'CAKEY'
+$	RET=$STATUS
+$     ELSE
+$       echo "Making CA certificate ..."
+$       DEFINE/USER SYS$INPUT '__INPUT'
+$       REQ -new -x509 -keyout 'CATOP'.private'CAKEY' -
+		       -out 'CATOP''CACERT' 'DAYS'
+$	RET=$STATUS
+$     ENDIF
+$   ENDIF
+$   GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-xsign")
+$ THEN
+$!
+$   DEFINE/USER SYS$INPUT '__INPUT'
+$   CA -policy policy_anything -infiles newreq.pem
+$   RET=$STATUS
+$   GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF ((prog_opt .EQS. "-sign") .OR. (prog_opt .EQS. "-signreq"))
+$ THEN
+$!   
+$   DEFINE/USER SYS$INPUT '__INPUT'
+$   CA -policy policy_anything -out newcert.pem -infiles newreq.pem
+$   RET=$STATUS
+$   type newcert.pem
+$   echo "Signed certificate is in newcert.pem"
+$   GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-signcert")
+$  THEN
+$!   
+$   echo "Cert passphrase will be requested twice - bug?"
+$   DEFINE/USER SYS$INPUT '__INPUT'
+$   X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
+$   DEFINE/USER SYS$INPUT '__INPUT'
+$   CA -policy policy_anything -out newcert.pem -infiles tmp.pem
+y
+y
+$   type newcert.pem
+$   echo "Signed certificate is in newcert.pem"
+$   GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-verify")
+$ THEN
+$!   
+$   i = i + 1
+$   IF (p'i' .EQS. "")
+$   THEN
+$     DEFINE/USER SYS$INPUT '__INPUT'
+$     VERIFY "-CAfile" 'CATOP''CACERT' newcert.pem
+$   ELSE
+$     j = i
+$    verify_opt_loop:
+$     IF j .GT. 8 THEN GOTO verify_opt_loop_end
+$     IF p'j' .NES. ""
+$     THEN 
+$       DEFINE/USER SYS$INPUT '__INPUT'
+$       __tmp = p'j'
+$       VERIFY "-CAfile" 'CATOP''CACERT' '__tmp'
+$       tmp=$STATUS
+$       IF tmp .NE. 0 THEN RET=tmp
+$     ENDIF
+$     j = j + 1
+$     GOTO verify_opt_loop
+$    verify_opt_loop_end:
+$   ENDIF
+$   
+$   GOTO opt_loop_end
+$ ENDIF
+$!
+$ IF (prog_opt .NES. "")
+$ THEN
+$!   
+$   echo "Unknown argument ''prog_opt'"
+$   
+$   EXIT 3
+$ ENDIF
+$
+$opt_loop_continue:
+$ i = i + 1
+$ GOTO opt_loop
+$
+$opt_loop_end:
+$ EXIT 'RET'
diff --git a/lib/libssl/src/apps/CA.pl b/lib/libssl/src/apps/CA.pl
new file mode 100644
index 00000000000..7c023ae71f6
--- /dev/null
+++ b/lib/libssl/src/apps/CA.pl
@@ -0,0 +1,153 @@
+#!/usr/local/bin/perl
+#
+# CA - wrapper around ca to make it easier to use ... basically ca requires
+#      some setup stuff to be done before you can use it and this makes
+#      things easier between now and when Eric is convinced to fix it :-)
+#
+# CA -newca ... will setup the right stuff
+# CA -newreq ... will generate a certificate request 
+# CA -sign ... will sign the generated request and output 
+#
+# At the end of that grab newreq.pem and newcert.pem (one has the key 
+# and the other the certificate) and cat them together and that is what
+# you want/need ... I'll make even this a little cleaner later.
+#
+#
+# 12-Jan-96 tjh    Added more things ... including CA -signcert which
+#                  converts a certificate to a request and then signs it.
+# 10-Jan-96 eay    Fixed a few more bugs and added the SSLEAY_CONFIG
+#		   environment variable so this can be driven from
+#		   a script.
+# 25-Jul-96 eay    Cleaned up filenames some more.
+# 11-Jun-96 eay    Fixed a few filename missmatches.
+# 03-May-96 eay    Modified to use 'ssleay cmd' instead of 'cmd'.
+# 18-Apr-96 tjh    Original hacking
+#
+# Tim Hudson
+# tjh@cryptsoft.com
+#
+
+# 27-Apr-98 snh    Translation into perl, fix existing CA bug.
+#
+#
+# Steve Henson
+# shenson@bigfoot.com
+
+# default openssl.cnf file has setup as per the following
+# demoCA ... where everything is stored
+
+$DAYS="-days 365";
+$REQ="openssl req $SSLEAY_CONFIG";
+$CA="openssl ca $SSLEAY_CONFIG";
+$VERIFY="openssl verify";
+$X509="openssl x509";
+
+$CATOP="./demoCA";
+$CAKEY="cakey.pem";
+$CACERT="cacert.pem";
+
+$DIRMODE = 0777;
+
+$RET = 0;
+
+foreach (@ARGV) {
+	if ( /^(-\?|-h|-help)$/ ) {
+	    print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
+	    exit 0;
+	} elsif (/^-newcert$/) {
+	    # create a certificate
+	    system ("$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS");
+	    $RET=$?;
+	    print "Certificate (and private key) is in newreq.pem\n"
+	} elsif (/^-newreq$/) {
+	    # create a certificate request
+	    system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");
+	    $RET=$?;
+	    print "Request (and private key) is in newreq.pem\n";
+	} elsif (/^-newca$/) {
+		# if explictly asked for or it doesn't exist then setup the
+		# directory structure that Eric likes to manage things 
+	    $NEW="1";
+	    if ( "$NEW" || ! -f "${CATOP}/serial" ) {
+		# create the directory hierarchy
+		mkdir $CATOP, $DIRMODE;
+		mkdir "${CATOP}/certs", $DIRMODE;
+		mkdir "${CATOP}/crl", $DIRMODE ;
+		mkdir "${CATOP}/newcerts", $DIRMODE;
+		mkdir "${CATOP}/private", $DIRMODE;
+		open OUT, ">${CATOP}/serial";
+		print OUT "01\n";
+		close OUT;
+		open OUT, ">${CATOP}/index.txt";
+		close OUT;
+	    }
+	    if ( ! -f "${CATOP}/private/$CAKEY" ) {
+		print "CA certificate filename (or enter to create)\n";
+		$FILE = <STDIN>;
+
+		chop $FILE;
+
+		# ask user for existing CA certificate
+		if ($FILE) {
+		    cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
+		    cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
+		    $RET=$?;
+		} else {
+		    print "Making CA certificate ...\n";
+		    system ("$REQ -new -x509 -keyout " .
+			"${CATOP}/private/$CAKEY -out ${CATOP}/$CACERT $DAYS");
+		    $RET=$?;
+		}
+	    }
+	} elsif (/^-xsign$/) {
+	    system ("$CA -policy policy_anything -infiles newreq.pem");
+	    $RET=$?;
+	} elsif (/^(-sign|-signreq)$/) {
+	    system ("$CA -policy policy_anything -out newcert.pem " .
+							"-infiles newreq.pem");
+	    $RET=$?;
+	    print "Signed certificate is in newcert.pem\n";
+	} elsif (/^-signcert$/) {
+	    system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
+								"-out tmp.pem");
+	    system ("$CA -policy policy_anything -out newcert.pem " .
+							"-infiles tmp.pem");
+	    $RET = $?;
+	    print "Signed certificate is in newcert.pem\n";
+	} elsif (/^-verify$/) {
+	    if (shift) {
+		foreach $j (@ARGV) {
+		    system ("$VERIFY -CAfile $CATOP/$CACERT $j");
+		    $RET=$? if ($? != 0);
+		}
+		exit $RET;
+	    } else {
+		    system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem");
+		    $RET=$?;
+	    	    exit 0;
+	    }
+	} else {
+	    print STDERR "Unknown arg $_\n";
+	    print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
+	    exit 1;
+	}
+}
+
+exit $RET;
+
+sub cp_pem {
+my ($infile, $outfile, $bound) = @_;
+open IN, $infile;
+open OUT, ">$outfile";
+my $flag = 0;
+while (<IN>) {
+	$flag = 1 if (/^-----BEGIN.*$bound/) ;
+	print OUT $_ if ($flag);
+	if (/^-----END.*$bound/) {
+		close IN;
+		close OUT;
+		return;
+	}
+}
+}
+
diff --git a/lib/libssl/src/apps/CA.sh b/lib/libssl/src/apps/CA.sh
index 1942b985a2b..728f5bf4d84 100644
--- a/lib/libssl/src/apps/CA.sh
+++ b/lib/libssl/src/apps/CA.sh
@@ -27,14 +27,14 @@
 # tjh@cryptsoft.com
 #
 
-# default ssleay.cnf file has setup as per the following
+# default openssl.cnf file has setup as per the following
 # demoCA ... where everything is stored
 
 DAYS="-days 365"
-REQ="ssleay req $SSLEAY_CONFIG"
-CA="ssleay ca $SSLEAY_CONFIG"
-VERIFY="ssleay verify"
-X509="ssleay x509"
+REQ="openssl req $SSLEAY_CONFIG"
+CA="openssl ca $SSLEAY_CONFIG"
+VERIFY="openssl verify"
+X509="openssl x509"
 
 CATOP=./demoCA
 CAKEY=./cakey.pem
diff --git a/lib/libssl/src/apps/Makefile.ssl b/lib/libssl/src/apps/Makefile.ssl
index 1cace40ab70..8363ec90182 100644
--- a/lib/libssl/src/apps/Makefile.ssl
+++ b/lib/libssl/src/apps/Makefile.ssl
@@ -1,5 +1,5 @@
 #
-# SSLeay/apps/Makefile.ssl
+#  apps/Makefile.ssl
 #
 
 DIR=		apps
@@ -7,36 +7,39 @@ TOP=		..
 CC=		cc
 INCLUDES=	-I../include
 CFLAG=		-g -static
+INSTALL_PREFIX=
 INSTALLTOP=	/usr/local/ssl
+OPENSSLDIR=	/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
-RM=		/bin/rm -f
+RM=		rm -f
 
 PEX_LIBS=
 EX_LIBS= 
 
 CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG)
 
-GENERAL=Makefile
+GENERAL=Makefile makeapps.com install.com
 
 DLIBCRYPTO=../libcrypto.a
 DLIBSSL=../libssl.a
 LIBCRYPTO=-L.. -lcrypto
 LIBSSL=-L.. -lssl
 
-SSLEAY= ssleay
+PROGRAM= openssl
 
-SCRIPTS=CA.sh der_chop
+SCRIPTS=CA.sh CA.pl der_chop
 
-EXE= $(SSLEAY)
+EXE= $(PROGRAM)
 
 E_EXE=	verify asn1pars req dgst dh enc gendh errstr ca crl \
 	rsa dsa dsaparam \
-	x509 genrsa s_server s_client speed \
-	s_time version pkcs7 crl2pkcs7 sess_id ciphers
+	x509 genrsa gendsa s_server s_client speed \
+	s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \
+	pkcs8
 
-PROGS= $(SSLEAY).c
+PROGS= $(PROGRAM).c
 
 A_OBJ=apps.o
 A_SRC=apps.c
@@ -46,18 +49,18 @@ S_SRC=	s_cb.c s_socket.c
 E_OBJ=	verify.o asn1pars.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o \
 	pkcs7.o crl2p7.o crl.o \
 	rsa.o dsa.o dsaparam.o \
-	x509.o genrsa.o s_server.o s_client.o speed.o \
+	x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
 	s_time.o $(A_OBJ) $(S_OBJ) version.o sess_id.o \
-	ciphers.o
+	ciphers.o nseq.o pkcs12.o pkcs8.o
 
 #	pem_mail.o
 
 E_SRC=	verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c \
 	pkcs7.c crl2p7.c crl.c \
 	rsa.c dsa.c dsaparam.c \
-	x509.c genrsa.c s_server.c s_client.c speed.c \
+	x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
 	s_time.c $(A_SRC) $(S_SRC) version.c sess_id.c \
-	ciphers.c
+	ciphers.c nseq.c pkcs12.c pkcs8.c
 
 #	pem_mail.c
 
@@ -84,20 +87,23 @@ sreq.o: req.c
 	$(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
-install: mklinks
-	@for i in $(EXE) $(SCRIPTS) mklinks; \
+install:
+	@for i in $(EXE); \
 	do  \
 	(echo installing $$i; \
-	 cp $$i $(INSTALLTOP)/bin/$$i; \
-	 chmod 755 $(INSTALLTOP)/bin/$$i ); \
-	 done; \
-	cp ssleay.cnf $(INSTALLTOP)/lib
-	chmod 644 $(INSTALLTOP)/lib/ssleay.cnf
-	cd $(INSTALLTOP)/bin; \
-	/bin/sh ./mklinks; \
-	/bin/rm -f ./mklinks
+	 cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
+	 chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
+	 done;
+	@for i in $(SCRIPTS); \
+	do  \
+	(echo installing $$i; \
+	 cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i; \
+	 chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
+	 done
+	@cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR); \
+	chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf
 
 tags:
 	ctags $(SRC)
@@ -105,24 +111,21 @@ tags:
 tests:
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
 
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(SRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(SRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
-errors:
-
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
-	/bin/rm -f req
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
+	rm -f req
 
 $(DLIBSSL):
 	(cd ../ssl; $(MAKE))
@@ -130,15 +133,595 @@ $(DLIBSSL):
 $(DLIBCRYPTO):
 	(cd ../crypto; $(MAKE))
 
-$(SSLEAY): progs.h $(E_OBJ) $(SSLEAY).o $(DLIBCRYPTO) $(DLIBSSL)
-	$(RM) $(SSLEAY)
-	$(CC) -o $(SSLEAY) $(CFLAGS) $(SSLEAY).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
+$(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
+	$(RM) $(PROGRAM)
+	$(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
+	@(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; sh tools/c_rehash certs)
 
 progs.h:
-	perl ./g_ssleay.pl $(E_EXE) >progs.h
-	$(RM) $(SSLEAY).o
-
-mklinks:
-	perl ./g_ssleay.pl $(E_EXE) >progs.h
+	$(PERL) ./progs.pl $(E_EXE) >progs.h
+	$(RM) $(PROGRAM).o
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+apps.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+apps.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+apps.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
+apps.o: ../include/openssl/opensslv.h ../include/openssl/stack.h apps.h progs.h
+asn1pars.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+asn1pars.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+asn1pars.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+asn1pars.o: ../include/openssl/crypto.h ../include/openssl/des.h
+asn1pars.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+asn1pars.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+asn1pars.o: ../include/openssl/err.h ../include/openssl/evp.h
+asn1pars.o: ../include/openssl/idea.h ../include/openssl/md2.h
+asn1pars.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+asn1pars.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+asn1pars.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+asn1pars.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+asn1pars.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+asn1pars.o: ../include/openssl/sha.h ../include/openssl/stack.h
+asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+asn1pars.o: progs.h
+ca.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ca.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ca.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ca.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h
+ca.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+ca.o: ../include/openssl/err.h ../include/openssl/evp.h
+ca.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+ca.o: ../include/openssl/md2.h ../include/openssl/md5.h
+ca.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ca.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ca.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ca.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ca.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ca.o: ../include/openssl/stack.h ../include/openssl/txt_db.h
+ca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ca.o: ../include/openssl/x509v3.h apps.h progs.h
+ciphers.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ciphers.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ciphers.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ciphers.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ciphers.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ciphers.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h
+ciphers.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+ciphers.o: ../include/openssl/md2.h ../include/openssl/md5.h
+ciphers.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ciphers.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ciphers.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ciphers.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+ciphers.o: progs.h
+crl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+crl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+crl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+crl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+crl.o: ../include/openssl/des.h ../include/openssl/dh.h
+crl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+crl.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+crl.o: ../include/openssl/evp.h ../include/openssl/idea.h
+crl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+crl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+crl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+crl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+crl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+crl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+crl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+crl.o: ../include/openssl/sha.h ../include/openssl/stack.h
+crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+crl.o: ../include/openssl/x509v3.h apps.h progs.h
+crl2p7.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+crl2p7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+crl2p7.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+crl2p7.o: ../include/openssl/crypto.h ../include/openssl/des.h
+crl2p7.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+crl2p7.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+crl2p7.o: ../include/openssl/err.h ../include/openssl/evp.h
+crl2p7.o: ../include/openssl/idea.h ../include/openssl/md2.h
+crl2p7.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+crl2p7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+crl2p7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+crl2p7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+crl2p7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+crl2p7.o: ../include/openssl/sha.h ../include/openssl/stack.h
+crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+crl2p7.o: progs.h
+dgst.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+dgst.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+dgst.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+dgst.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dgst.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+dgst.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+dgst.o: ../include/openssl/err.h ../include/openssl/evp.h
+dgst.o: ../include/openssl/idea.h ../include/openssl/md2.h
+dgst.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+dgst.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dgst.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dgst.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+dgst.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+dgst.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+dgst.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+dh.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+dh.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+dh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+dh.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dh.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+dh.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+dh.o: ../include/openssl/err.h ../include/openssl/evp.h
+dh.o: ../include/openssl/idea.h ../include/openssl/md2.h
+dh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+dh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+dh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+dh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+dh.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+dsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+dsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+dsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+dsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+dsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+dsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+dsa.o: ../include/openssl/idea.h ../include/openssl/md2.h
+dsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+dsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+dsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+dsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+dsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+dsaparam.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+dsaparam.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+dsaparam.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+dsaparam.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dsaparam.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+dsaparam.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+dsaparam.o: ../include/openssl/err.h ../include/openssl/evp.h
+dsaparam.o: ../include/openssl/idea.h ../include/openssl/md2.h
+dsaparam.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+dsaparam.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dsaparam.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+dsaparam.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+dsaparam.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+dsaparam.o: ../include/openssl/stack.h ../include/openssl/x509.h
+dsaparam.o: ../include/openssl/x509_vfy.h apps.h progs.h
+enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+enc.o: ../include/openssl/crypto.h ../include/openssl/des.h
+enc.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+enc.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+enc.o: ../include/openssl/err.h ../include/openssl/evp.h
+enc.o: ../include/openssl/idea.h ../include/openssl/md2.h
+enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+enc.o: ../include/openssl/sha.h ../include/openssl/stack.h
+enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+errstr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+errstr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+errstr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+errstr.o: ../include/openssl/crypto.h ../include/openssl/des.h
+errstr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+errstr.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+errstr.o: ../include/openssl/err.h ../include/openssl/evp.h
+errstr.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+errstr.o: ../include/openssl/md2.h ../include/openssl/md5.h
+errstr.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+errstr.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+errstr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+errstr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+errstr.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+errstr.o: progs.h
+gendh.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+gendh.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+gendh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+gendh.o: ../include/openssl/crypto.h ../include/openssl/des.h
+gendh.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+gendh.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+gendh.o: ../include/openssl/err.h ../include/openssl/evp.h
+gendh.o: ../include/openssl/idea.h ../include/openssl/md2.h
+gendh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+gendh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+gendh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+gendh.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+gendh.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+gendh.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+gendh.o: ../include/openssl/stack.h ../include/openssl/x509.h
+gendh.o: ../include/openssl/x509_vfy.h apps.h progs.h
+gendsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+gendsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+gendsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+gendsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+gendsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+gendsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+gendsa.o: ../include/openssl/idea.h ../include/openssl/md2.h
+gendsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+gendsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+gendsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+gendsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+gendsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+gendsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+gendsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+gendsa.o: ../include/openssl/stack.h ../include/openssl/x509.h
+gendsa.o: ../include/openssl/x509_vfy.h apps.h progs.h
+genrsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+genrsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+genrsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+genrsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+genrsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+genrsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+genrsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+genrsa.o: ../include/openssl/idea.h ../include/openssl/md2.h
+genrsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+genrsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+genrsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+genrsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+genrsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+genrsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+genrsa.o: ../include/openssl/stack.h ../include/openssl/x509.h
+genrsa.o: ../include/openssl/x509_vfy.h apps.h progs.h
+nseq.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+nseq.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+nseq.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+nseq.o: ../include/openssl/crypto.h ../include/openssl/des.h
+nseq.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+nseq.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+nseq.o: ../include/openssl/err.h ../include/openssl/evp.h
+nseq.o: ../include/openssl/idea.h ../include/openssl/md2.h
+nseq.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+nseq.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+nseq.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+nseq.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+nseq.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+nseq.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+nseq.o: ../include/openssl/sha.h ../include/openssl/stack.h
+nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+openssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+openssl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+openssl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+openssl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+openssl.o: ../include/openssl/des.h ../include/openssl/dh.h
+openssl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+openssl.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+openssl.o: ../include/openssl/evp.h ../include/openssl/idea.h
+openssl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+openssl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+openssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+openssl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+openssl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+openssl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+openssl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+openssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+openssl.o: ../include/openssl/x509_vfy.h apps.h progs.h s_apps.h
+pkcs12.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+pkcs12.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+pkcs12.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+pkcs12.o: ../include/openssl/crypto.h ../include/openssl/des.h
+pkcs12.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+pkcs12.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h
+pkcs12.o: ../include/openssl/idea.h ../include/openssl/md2.h
+pkcs12.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+pkcs12.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+pkcs12.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+pkcs12.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+pkcs12.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+pkcs12.o: ../include/openssl/stack.h ../include/openssl/x509.h
+pkcs12.o: ../include/openssl/x509_vfy.h apps.h progs.h
+pkcs7.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+pkcs7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+pkcs7.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+pkcs7.o: ../include/openssl/crypto.h ../include/openssl/des.h
+pkcs7.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+pkcs7.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h
+pkcs7.o: ../include/openssl/idea.h ../include/openssl/md2.h
+pkcs7.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+pkcs7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+pkcs7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+pkcs7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+pkcs7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+pkcs7.o: ../include/openssl/sha.h ../include/openssl/stack.h
+pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+pkcs8.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+pkcs8.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+pkcs8.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+pkcs8.o: ../include/openssl/crypto.h ../include/openssl/des.h
+pkcs8.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+pkcs8.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h
+pkcs8.o: ../include/openssl/idea.h ../include/openssl/md2.h
+pkcs8.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+pkcs8.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+pkcs8.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+pkcs8.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+pkcs8.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+pkcs8.o: ../include/openssl/stack.h ../include/openssl/x509.h
+pkcs8.o: ../include/openssl/x509_vfy.h apps.h progs.h
+req.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+req.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+req.o: ../include/openssl/des.h ../include/openssl/dh.h
+req.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+req.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+req.o: ../include/openssl/evp.h ../include/openssl/idea.h
+req.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+req.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+req.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+req.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+req.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+req.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+req.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+req.o: ../include/openssl/stack.h ../include/openssl/x509.h
+req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h progs.h
+rsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+rsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+rsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+rsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+rsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+rsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+rsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+rsa.o: ../include/openssl/idea.h ../include/openssl/md2.h
+rsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+rsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+rsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+rsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+rsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+s_cb.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s_cb.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s_cb.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s_cb.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_cb.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_cb.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+s_cb.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_cb.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+s_cb.o: ../include/openssl/md2.h ../include/openssl/md5.h
+s_cb.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s_cb.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s_cb.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_cb.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+s_cb.o: s_apps.h
+s_client.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s_client.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s_client.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s_client.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_client.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_client.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+s_client.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_client.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+s_client.o: ../include/openssl/md2.h ../include/openssl/md5.h
+s_client.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_client.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s_client.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s_client.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_client.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+s_client.o: progs.h s_apps.h
+s_server.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s_server.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s_server.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s_server.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_server.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_server.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+s_server.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_server.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+s_server.o: ../include/openssl/md2.h ../include/openssl/md5.h
+s_server.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_server.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s_server.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s_server.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_server.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+s_server.o: progs.h s_apps.h
+s_socket.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s_socket.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s_socket.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s_socket.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_socket.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_socket.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+s_socket.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s_socket.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s_socket.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s_socket.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s_socket.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_socket.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s_socket.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s_socket.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s_socket.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s_socket.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s_socket.o: ../include/openssl/x509_vfy.h apps.h progs.h s_apps.h
+s_time.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s_time.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s_time.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s_time.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_time.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_time.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+s_time.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_time.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+s_time.o: ../include/openssl/md2.h ../include/openssl/md5.h
+s_time.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_time.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s_time.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s_time.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_time.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+s_time.o: progs.h s_apps.h
+sess_id.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+sess_id.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+sess_id.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+sess_id.o: ../include/openssl/crypto.h ../include/openssl/des.h
+sess_id.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+sess_id.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+sess_id.o: ../include/openssl/err.h ../include/openssl/evp.h
+sess_id.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+sess_id.o: ../include/openssl/md2.h ../include/openssl/md5.h
+sess_id.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+sess_id.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+sess_id.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+sess_id.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+sess_id.o: progs.h
+speed.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+speed.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+speed.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+speed.o: ../include/openssl/crypto.h ../include/openssl/des.h
+speed.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+speed.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+speed.o: ../include/openssl/err.h ../include/openssl/evp.h
+speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h
+speed.o: ../include/openssl/md2.h ../include/openssl/md5.h
+speed.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+speed.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
+speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ./testdsa.h
+speed.o: ./testrsa.h apps.h progs.h
+verify.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+verify.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+verify.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+verify.o: ../include/openssl/crypto.h ../include/openssl/des.h
+verify.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+verify.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+verify.o: ../include/openssl/err.h ../include/openssl/evp.h
+verify.o: ../include/openssl/idea.h ../include/openssl/md2.h
+verify.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+verify.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+verify.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+verify.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+verify.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+verify.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+verify.o: ../include/openssl/sha.h ../include/openssl/stack.h
+verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+verify.o: progs.h
+version.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+version.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+version.o: ../include/openssl/crypto.h ../include/openssl/des.h
+version.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+version.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+version.o: ../include/openssl/evp.h ../include/openssl/idea.h
+version.o: ../include/openssl/md2.h ../include/openssl/md5.h
+version.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+version.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+version.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+version.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+version.o: ../include/openssl/sha.h ../include/openssl/stack.h apps.h progs.h
+x509.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+x509.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+x509.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+x509.o: ../include/openssl/des.h ../include/openssl/dh.h
+x509.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+x509.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+x509.o: ../include/openssl/evp.h ../include/openssl/idea.h
+x509.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+x509.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+x509.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+x509.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+x509.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+x509.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+x509.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+x509.o: ../include/openssl/sha.h ../include/openssl/stack.h
+x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+x509.o: ../include/openssl/x509v3.h apps.h progs.h
diff --git a/lib/libssl/src/apps/apps.c b/lib/libssl/src/apps/apps.c
index 5f0c8fa5390..8fb5e8aaa73 100644
--- a/lib/libssl/src/apps/apps.c
+++ b/lib/libssl/src/apps/apps.c
@@ -69,17 +69,9 @@
 #  include "bss_file.c"
 #endif
 
-#ifndef NOPROTO
 int app_init(long mesgwin);
-#else
-int app_init();
-#endif
-
 #ifdef undef /* never finished - probably never will be :-) */
-int args_from_file(file,argc,argv)
-char *file;
-int *argc;
-char **argv[];
+int args_from_file(char *file, int *argc, char **argv[])
 	{
 	FILE *fp;
 	int num,i;
@@ -157,8 +149,7 @@ char **argv[];
 	}
 #endif
 
-int str2fmt(s)
-char *s;
+int str2fmt(char *s)
 	{
 	if 	((*s == 'D') || (*s == 'd'))
 		return(FORMAT_ASN1);
@@ -173,10 +164,7 @@ char *s;
 	}
 
 #if defined(MSDOS) || defined(WIN32) || defined(WIN16)
-void program_name(in,out,size)
-char *in;
-char *out;
-int size;
+void program_name(char *in, char *out, int size)
 	{
 	int i,n;
 	char *p=NULL;
@@ -213,10 +201,28 @@ int size;
 	out[n]='\0';
 	}
 #else
-void program_name(in,out,size)
-char *in;
-char *out;
-int size;
+#ifdef VMS
+void program_name(char *in, char *out, int size)
+	{
+	char *p=in, *q;
+	char *chars=":]>";
+
+	while(*chars != '\0')
+		{
+		q=strrchr(p,*chars);
+		if (q > p)
+			p = q + 1;
+		chars++;
+		}
+
+	q=strrchr(p,'.');
+	if (q == NULL)
+		q = in+size;
+	strncpy(out,p,q-p);
+	out[q-p]='\0';
+	}
+#else
+void program_name(char *in, char *out, int size)
 	{
 	char *p;
 
@@ -229,24 +235,25 @@ int size;
 	out[size-1]='\0';
 	}
 #endif
+#endif
 
 #ifdef WIN32
-int WIN32_rename(from,to)
-char *from;
-char *to;
+int WIN32_rename(char *from, char *to)
 	{
+#ifdef WINNT
 	int ret;
+/* Note: MoveFileEx() doesn't work under Win95, Win98 */
 
 	ret=MoveFileEx(from,to,MOVEFILE_REPLACE_EXISTING|MOVEFILE_COPY_ALLOWED);
 	return(ret?0:-1);
+#else
+	unlink(to);
+	return MoveFile(from, to);
+#endif
 	}
 #endif
 
-int chopup_args(arg,buf,argc,argv)
-ARGS *arg;
-char *buf;
-int *argc;
-char **argv[];
+int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
 	{
 	int num,len,i;
 	char *p;
@@ -312,8 +319,7 @@ char **argv[];
 	}
 
 #ifndef APP_INIT
-int app_init(mesgwin)
-long mesgwin;
+int app_init(long mesgwin)
 	{
 	return(1);
 	}
diff --git a/lib/libssl/src/apps/apps.h b/lib/libssl/src/apps/apps.h
index 25a9262e037..063f9c65be7 100644
--- a/lib/libssl/src/apps/apps.h
+++ b/lib/libssl/src/apps/apps.h
@@ -59,11 +59,11 @@
 #ifndef HEADER_APPS_H
 #define HEADER_APPS_H
 
-#include "e_os.h"
+#include "openssl/e_os.h"
 
-#include "buffer.h"
-#include "bio.h"
-#include "crypto.h"
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
 #include "progs.h"
 
 #ifdef NO_STDIO
@@ -88,7 +88,7 @@ extern BIO *bio_err;
 #else
 
 #define MAIN(a,v)	PROG(a,v)
-#include "conf.h"
+#include <openssl/conf.h>
 extern LHASH *config;
 extern char *default_config_file;
 extern BIO *bio_err;
@@ -122,25 +122,16 @@ extern BIO *bio_err;
 #endif
 
 typedef struct args_st
-        {
-        char **data;
+	{
+	char **data;
 	int count;
-        } ARGS;
+	} ARGS;
 
-#ifndef NOPROTO
 int should_retry(int i);
 int args_from_file(char *file, int *argc, char **argv[]);
 int str2fmt(char *s);
 void program_name(char *in,char *out,int size);
 int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
-#else
-int should_retry();
-int args_from_file();
-int str2fmt();
-void program_name();
-int chopup_args();
-#endif
-
 #define FORMAT_UNDEF    0
 #define FORMAT_ASN1     1
 #define FORMAT_TEXT     2
diff --git a/lib/libssl/src/apps/asn1pars.c b/lib/libssl/src/apps/asn1pars.c
index 3d382282e41..1b272b29770 100644
--- a/lib/libssl/src/apps/asn1pars.c
+++ b/lib/libssl/src/apps/asn1pars.c
@@ -56,19 +56,18 @@
  * [including the GNU Public Licence.]
  */
 
+/* A nice addition from Dr Stephen Henson <shenson@bigfoot.com> to 
+ * add the -strparse option which parses nested binary structures
+ */
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include "apps.h"
-#include "err.h"
-#include "evp.h"
-#include "x509.h"
-#include "pem.h"
-
-#define FORMAT_UNDEF	0
-#define FORMAT_ASN1	1
-#define FORMAT_TEXT	2
-#define FORMAT_PEM	3
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 /* -inform arg	- input format - default PEM (DER or PEM)
  * -in arg	- input file - default stdin
@@ -81,17 +80,18 @@
 #undef PROG
 #define PROG	asn1parse_main
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
-	int i,badops=0,offset=0,ret=1;
+	int i,badops=0,offset=0,ret=1,j;
 	unsigned int length=0;
-	long num;
-	BIO *in=NULL,*out=NULL,*b64=NULL;
+	long num,tmplen;
+	BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL;
 	int informat,indent=0;
-	char *infile=NULL,*str=NULL,*prog,*oidfile=NULL;
+	char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL;
+	unsigned char *tmpbuf;
 	BUF_MEM *buf=NULL;
+	STACK *osk=NULL;
+	ASN1_TYPE *at=NULL;
 
 	informat=FORMAT_PEM;
 
@@ -104,6 +104,11 @@ char **argv;
 	prog=argv[0];
 	argc--;
 	argv++;
+	if ((osk=sk_new_null()) == NULL)
+		{
+		BIO_printf(bio_err,"Malloc failure\n");
+		goto end;
+		}
 	while (argc >= 1)
 		{
 		if 	(strcmp(*argv,"-inform") == 0)
@@ -116,6 +121,11 @@ char **argv;
 			if (--argc < 1) goto bad;
 			infile= *(++argv);
 			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
+			derfile= *(++argv);
+			}
 		else if (strcmp(*argv,"-i") == 0)
 			{
 			indent=1;
@@ -136,6 +146,11 @@ char **argv;
 			length= atoi(*(++argv));
 			if (length == 0) goto bad;
 			}
+		else if (strcmp(*argv,"-strparse") == 0)
+			{
+			if (--argc < 1) goto bad;
+			sk_push(osk,*(++argv));
+			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -152,11 +167,15 @@ bad:
 		BIO_printf(bio_err,"%s [options] <infile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
-		BIO_printf(bio_err," -in arg       inout file\n");
+		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -offset arg   offset into file\n");
 		BIO_printf(bio_err," -length arg   lenth of section in file\n");
 		BIO_printf(bio_err," -i            indent entries\n");
 		BIO_printf(bio_err," -oid file     file of extra oid definitions\n");
+		BIO_printf(bio_err," -strparse offset\n");
+		BIO_printf(bio_err,"               a series of these can be used to 'dig' into multiple\n");
+		BIO_printf(bio_err,"               ASN1 blob wrappings\n");
+		BIO_printf(bio_err," -out filename output DER encoding to file\n");
 		goto end;
 		}
 
@@ -193,6 +212,14 @@ bad:
 			}
 		}
 
+	if (derfile) {
+		if(!(derout = BIO_new_file(derfile, "wb"))) {
+			BIO_printf(bio_err,"problems opening %s\n",derfile);
+			ERR_print_errors(bio_err);
+			goto end;
+		}
+	}
+
 	if ((buf=BUF_MEM_new()) == NULL) goto end;
 	if (!BUF_MEM_grow(buf,BUFSIZ*8)) goto end; /* Pre-allocate :-) */
 
@@ -218,7 +245,48 @@ bad:
 		}
 	str=buf->data;
 
+	/* If any structs to parse go through in sequence */
+
+	if (sk_num(osk))
+		{
+		tmpbuf=(unsigned char *)str;
+		tmplen=num;
+		for (i=0; i<sk_num(osk); i++)
+			{
+			ASN1_TYPE *atmp;
+			j=atoi(sk_value(osk,i));
+			if (j == 0)
+				{
+				BIO_printf(bio_err,"'%s' is an invalid number\n",sk_value(osk,i));
+				continue;
+				}
+			tmpbuf+=j;
+			tmplen-=j;
+			atmp = at;
+			at = d2i_ASN1_TYPE(NULL,&tmpbuf,tmplen);
+			ASN1_TYPE_free(atmp);
+			if(!at)
+				{
+				BIO_printf(bio_err,"Error parsing structure\n");
+				ERR_print_errors(bio_err);
+				goto end;
+				}
+			/* hmm... this is a little evil but it works */
+			tmpbuf=at->value.asn1_string->data;
+			tmplen=at->value.asn1_string->length;
+			}
+		str=(char *)tmpbuf;
+		num=tmplen;
+		}
+
 	if (length == 0) length=(unsigned int)num;
+	if(derout) {
+		if(BIO_write(derout, str + offset, length) != (int)length) {
+			BIO_printf(bio_err, "Error writing output\n");
+			ERR_print_errors(bio_err);
+			goto end;
+		}
+	}
 	if (!ASN1_parse(out,(unsigned char *)&(str[offset]),length,indent))
 		{
 		ERR_print_errors(bio_err);
@@ -226,12 +294,15 @@ bad:
 		}
 	ret=0;
 end:
+	BIO_free(derout);
 	if (in != NULL) BIO_free(in);
 	if (out != NULL) BIO_free(out);
 	if (b64 != NULL) BIO_free(b64);
 	if (ret != 0)
 		ERR_print_errors(bio_err);
 	if (buf != NULL) BUF_MEM_free(buf);
+	if (at != NULL) ASN1_TYPE_free(at);
+	if (osk != NULL) sk_free(osk);
 	OBJ_cleanup();
 	EXIT(ret);
 	}
diff --git a/lib/libssl/src/apps/ca-cert.srl b/lib/libssl/src/apps/ca-cert.srl
index 75016ea3625..eeee65ec419 100644
--- a/lib/libssl/src/apps/ca-cert.srl
+++ b/lib/libssl/src/apps/ca-cert.srl
@@ -1 +1 @@
-03
+05
diff --git a/lib/libssl/src/apps/ca.c b/lib/libssl/src/apps/ca.c
index a5848366cfe..9ed100dd3c1 100644
--- a/lib/libssl/src/apps/ca.c
+++ b/lib/libssl/src/apps/ca.c
@@ -64,25 +64,41 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "bn.h"
-#include "txt_db.h"
-#include "evp.h"
-#include "x509.h"
-#include "objects.h"
-#include "pem.h"
-#include "conf.h"
+#include <openssl/conf.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/txt_db.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/objects.h>
+#include <openssl/pem.h>
 
 #ifndef W_OK
-#include <sys/file.h>
+#  ifdef VMS
+#    if defined(__DECC)
+#      include <unistd.h>
+#    else
+#      include <unixlib.h>
+#    endif
+#  else
+#    include <sys/file.h>
+#  endif
+#endif
+
+#ifndef W_OK
+#  define F_OK 0
+#  define X_OK 1
+#  define W_OK 2
+#  define R_OK 4
 #endif
 
 #undef PROG
 #define PROG ca_main
 
 #define BASE_SECTION	"ca"
-#define CONFIG_FILE "lib/ssleay.cnf"
+#define CONFIG_FILE "openssl.cnf"
 
 #define ENV_DEFAULT_CA		"default_ca"
 
@@ -98,12 +114,14 @@
 #define ENV_RANDFILE		"RANDFILE"
 #define ENV_DEFAULT_DAYS 	"default_days"
 #define ENV_DEFAULT_STARTDATE 	"default_startdate"
+#define ENV_DEFAULT_ENDDATE 	"default_enddate"
 #define ENV_DEFAULT_CRL_DAYS 	"default_crl_days"
 #define ENV_DEFAULT_CRL_HOURS 	"default_crl_hours"
 #define ENV_DEFAULT_MD		"default_md"
 #define ENV_PRESERVE		"preserve"
 #define ENV_POLICY      	"policy"
 #define ENV_EXTENSIONS      	"x509_extensions"
+#define ENV_CRLEXT      	"crl_extensions"
 #define ENV_MSIE_HACK		"msie_hack"
 
 #define ENV_DATABASE		"database"
@@ -134,7 +152,7 @@ static char *ca_usage[]={
 " -policy arg     - The CA 'policy' to support\n",
 " -keyfile arg    - PEM private key file\n",
 " -key arg        - key to decode the private key if it is encrypted\n",
-" -cert           - The CA certificate\n",
+" -cert file      - The CA certificate\n",
 " -in file        - The input PEM encoded certificate request(s)\n",
 " -out file       - Where to put the output file(s)\n",
 " -outdir dir     - Where to put output certificates\n",
@@ -142,8 +160,9 @@ static char *ca_usage[]={
 " -spkac file     - File contains DN and signed public key and challenge\n",
 " -ss_cert file   - File contains a self signed cert to sign\n",
 " -preserveDN     - Don't re-order the DN\n",
-" -batch	  - Don't ask questions\n",
-" -msie_hack	  - msie modifications to handle all thos universal strings\n",
+" -batch          - Don't ask questions\n",
+" -msie_hack      - msie modifications to handle all those universal strings\n",
+" -revoke file    - Revoke a certificate (given in file)\n",
 NULL
 };
 
@@ -153,10 +172,9 @@ extern int EF_PROTECT_BELOW;
 extern int EF_ALIGNMENT;
 #endif
 
-#ifndef NOPROTO
-static STACK *load_extensions(char *section);
+static int add_oid_section(LHASH *conf);
 static void lookup_fail(char *name,char *tag);
-static int MS_CALLBACK key_callback(char *buf,int len,int verify);
+static int MS_CALLBACK key_callback(char *buf,int len,int verify,void *u);
 static unsigned long index_serial_hash(char **a);
 static int index_serial_cmp(char **a, char **b);
 static unsigned long index_name_hash(char **a);
@@ -165,40 +183,27 @@ static int index_name_cmp(char **a,char **b);
 static BIGNUM *load_serial(char *serialfile);
 static int save_serial(char *serialfile, BIGNUM *serial);
 static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
-	EVP_MD *dgst,STACK *policy,TXT_DB *db,BIGNUM *serial,char *startdate,
-	int days, int batch, STACK *extensions,int verbose);
+		   const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,TXT_DB *db,
+		   BIGNUM *serial, char *startdate,char *enddate, int days,
+		   int batch, char *ext_sect, LHASH *conf,int verbose);
 static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
-	EVP_MD *dgst,STACK *policy,TXT_DB *db,BIGNUM *serial,char *startdate,
-	int days,int batch,STACK *extensions,int verbose);
+			const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
+			TXT_DB *db, BIGNUM *serial,char *startdate,
+			char *enddate, int days, int batch, char *ext_sect,
+			LHASH *conf,int verbose);
 static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
-	EVP_MD *dgst,STACK *policy,TXT_DB *db,BIGNUM *serial,char *startdate,
-	int days,STACK *extensions,int verbose);
+			 const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
+			 TXT_DB *db, BIGNUM *serial,char *startdate,
+			 char *enddate, int days, char *ext_sect,LHASH *conf,
+				int verbose);
 static int fix_data(int nid, int *type);
 static void write_new_certificate(BIO *bp, X509 *x, int output_der);
-static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, EVP_MD *dgst,
-	STACK *policy, TXT_DB *db, BIGNUM *serial, char *startdate,
-	int days, int batch, int verbose, X509_REQ *req, STACK *extensions);
+static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
+	STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,
+	char *startdate, char *enddate, int days, int batch, int verbose,
+	X509_REQ *req, char *ext_sect, LHASH *conf);
+static int do_revoke(X509 *x509, TXT_DB *db);
 static int check_time_format(char *str);
-#else
-static STACK *load_extensions();
-static void lookup_fail();
-static int MS_CALLBACK key_callback();
-static unsigned long index_serial_hash();
-static int index_serial_cmp();
-static unsigned long index_name_hash();
-static int index_name_qual();
-static int index_name_cmp();
-static int fix_data();
-static BIGNUM *load_serial();
-static int save_serial();
-static int certify();
-static int certify_cert();
-static int certify_spkac();
-static void write_new_certificate();
-static int do_body();
-static int check_time_format();
-#endif
-
 static LHASH *conf;
 static char *key=NULL;
 static char *section=NULL;
@@ -206,9 +211,7 @@ static char *section=NULL;
 static int preserve=0;
 static int msie_hack=0;
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	int total=0;
 	int total_done=0;
@@ -217,6 +220,7 @@ char **argv;
 	int req=0;
 	int verbose=0;
 	int gencrl=0;
+	int dorevoke=0;
 	long crldays=0;
 	long crlhours=0;
 	long errorline= -1;
@@ -234,8 +238,10 @@ char **argv;
 	char *outdir=NULL;
 	char *serialfile=NULL;
 	char *extensions=NULL;
+	char *crl_ext=NULL;
 	BIGNUM *serial=NULL;
 	char *startdate=NULL;
+	char *enddate=NULL;
 	int days=0;
 	int batch=0;
 	X509 *x509=NULL;
@@ -249,9 +255,8 @@ char **argv;
 	char **pp,*p,*f;
 	int i,j;
 	long l;
-	EVP_MD *dgst=NULL;
-	STACK *attribs=NULL;
-	STACK *extensions_sk=NULL;
+	const EVP_MD *dgst=NULL;
+	STACK_OF(CONF_VALUE) *attribs=NULL;
 	STACK *cert_sk=NULL;
 	BIO *hex=NULL;
 #undef BSIZE
@@ -266,7 +271,7 @@ EF_ALIGNMENT=0;
 
 	apps_startup();
 
-	X509v3_add_netscape_extensions();
+	X509V3_add_standard_extensions();
 
 	preserve=0;
 	if (bio_err == NULL)
@@ -294,6 +299,11 @@ EF_ALIGNMENT=0;
 			if (--argc < 1) goto bad;
 			startdate= *(++argv);
 			}
+		else if (strcmp(*argv,"-enddate") == 0)
+			{
+			if (--argc < 1) goto bad;
+			enddate= *(++argv);
+			}
 		else if (strcmp(*argv,"-days") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -377,6 +387,12 @@ EF_ALIGNMENT=0;
 			spkac_file = *(++argv);
 			req=1;
 			}
+		else if (strcmp(*argv,"-revoke") == 0)
+			{
+			if (--argc < 1) goto bad;
+			infile= *(++argv);
+			dorevoke=1;
+			}
 		else
 			{
 bad:
@@ -398,12 +414,19 @@ bad:
 	ERR_load_crypto_strings();
 
 	/*****************************************************************/
+	if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
+	if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
 	if (configfile == NULL)
 		{
 		/* We will just use 'buf[0]' as a temporary buffer.  */
+#ifdef VMS
+		strncpy(buf[0],X509_get_default_cert_area(),
+			sizeof(buf[0])-1-sizeof(CONFIG_FILE));
+#else
 		strncpy(buf[0],X509_get_default_cert_area(),
 			sizeof(buf[0])-2-sizeof(CONFIG_FILE));
 		strcat(buf[0],"/");
+#endif
 		strcat(buf[0],CONFIG_FILE);
 		configfile=buf[0];
 		}
@@ -431,6 +454,34 @@ bad:
 			}
 		}
 
+	if (conf != NULL)
+		{
+		p=CONF_get_string(conf,NULL,"oid_file");
+		if (p != NULL)
+			{
+			BIO *oid_bio;
+
+			oid_bio=BIO_new_file(p,"r");
+			if (oid_bio == NULL) 
+				{
+				/*
+				BIO_printf(bio_err,"problems opening %s for extra oid's\n",p);
+				ERR_print_errors(bio_err);
+				*/
+				ERR_clear_error();
+				}
+			else
+				{
+				OBJ_create_objects(oid_bio);
+				BIO_free(oid_bio);
+				}
+			}
+		}
+		if(!add_oid_section(conf)) {
+			ERR_print_errors(bio_err);
+			goto err;
+		}
+
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
 	Sout=BIO_new(BIO_s_file());
@@ -457,10 +508,10 @@ bad:
 		goto err;
 		}
 	if (key == NULL)
-		pkey=PEM_read_bio_PrivateKey(in,NULL,NULL);
+		pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL);
 	else
 		{
-		pkey=PEM_read_bio_PrivateKey(in,NULL,key_callback);
+		pkey=PEM_read_bio_PrivateKey(in,NULL,key_callback,NULL);
 		memset(key,0,strlen(key));
 		}
 	if (pkey == NULL)
@@ -483,13 +534,19 @@ bad:
 		BIO_printf(bio_err,"trying to load CA certificate\n");
 		goto err;
 		}
-	x509=PEM_read_bio_X509(in,NULL,NULL);
+	x509=PEM_read_bio_X509(in,NULL,NULL,NULL);
 	if (x509 == NULL)
 		{
 		BIO_printf(bio_err,"unable to load CA certificate\n");
 		goto err;
 		}
 
+	if (!X509_check_private_key(x509,pkey))
+		{
+		BIO_printf(bio_err,"CA certificate and CA private key do not match\n");
+		goto err;
+		}
+
 	f=CONF_get_string(conf,BASE_SECTION,ENV_PRESERVE);
 	if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
 		preserve=1;
@@ -509,7 +566,12 @@ bad:
 			BIO_printf(bio_err,"there needs to be defined a directory for new certificate to be placed in\n");
 			goto err;
 			}
+#ifdef VMS
+		/* For technical reasons, VMS misbehaves with X_OK */
+		if (access(outdir,R_OK|W_OK) != 0)
+#else
 		if (access(outdir,R_OK|W_OK|X_OK) != 0)
+#endif
 			{
 			BIO_printf(bio_err,"I am unable to acces the %s directory\n",outdir);
 			perror(outdir);
@@ -537,7 +599,7 @@ bad:
 		lookup_fail(section,ENV_DATABASE);
 		goto err;
 		}
-        if (BIO_read_filename(in,dbfile) <= 0)
+	if (BIO_read_filename(in,dbfile) <= 0)
 		{
 		perror(dbfile);
 		BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
@@ -553,13 +615,13 @@ bad:
 		if ((pp[DB_type][0] != DB_TYPE_REV) &&
 			(pp[DB_rev_date][0] != '\0'))
 			{
-			BIO_printf(bio_err,"entry %d: not, revoked yet has a revokation date\n",i+1);
+			BIO_printf(bio_err,"entry %d: not revoked yet, but has a revocation date\n",i+1);
 			goto err;
 			}
 		if ((pp[DB_type][0] == DB_TYPE_REV) &&
 			!check_time_format(pp[DB_rev_date]))
 			{
-			BIO_printf(bio_err,"entry %d: invalid revokation date\n",
+			BIO_printf(bio_err,"entry %d: invalid revocation date\n",
 				i+1);
 			goto err;
 			}
@@ -659,27 +721,42 @@ bad:
 			goto err;
 			}
 
-		if ((extensions=CONF_get_string(conf,section,ENV_EXTENSIONS))
-			!= NULL)
-			{
-			if ((extensions_sk=load_extensions(extensions)) == NULL)
+		extensions=CONF_get_string(conf,section,ENV_EXTENSIONS);
+		if(extensions) {
+			/* Check syntax of file */
+			X509V3_CTX ctx;
+			X509V3_set_ctx_test(&ctx);
+			X509V3_set_conf_lhash(&ctx, conf);
+			if(!X509V3_EXT_add_conf(conf, &ctx, extensions, NULL)) {
+				BIO_printf(bio_err,
+				 "Error Loading extension section %s\n",
+								 extensions);
+				ret = 1;
 				goto err;
 			}
+		}
 
 		if (startdate == NULL)
 			{
-			startdate=(char *)CONF_get_string(conf,section,
+			startdate=CONF_get_string(conf,section,
 				ENV_DEFAULT_STARTDATE);
-			if (startdate == NULL)
-				startdate="today";
-			else
-				{
-				if (!ASN1_UTCTIME_set_string(NULL,startdate))
-					{
-					BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSS\n");
-					goto err;
-					}
-				}
+			}
+		if (startdate && !ASN1_UTCTIME_set_string(NULL,startdate))
+			{
+			BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSSZ\n");
+			goto err;
+			}
+		if (startdate == NULL) startdate="today";
+
+		if (enddate == NULL)
+			{
+			enddate=CONF_get_string(conf,section,
+				ENV_DEFAULT_ENDDATE);
+			}
+		if (enddate && !ASN1_UTCTIME_set_string(NULL,enddate))
+			{
+			BIO_printf(bio_err,"end date is invalid, it should be YYMMDDHHMMSSZ\n");
+			goto err;
 			}
 
 		if (days == 0)
@@ -687,7 +764,7 @@ bad:
 			days=(int)CONF_get_number(conf,section,
 				ENV_DEFAULT_DAYS);
 			}
-		if (days == 0)
+		if (!enddate && (days == 0))
 			{
 			BIO_printf(bio_err,"cannot lookup how many days to certify for\n");
 			goto err;
@@ -700,7 +777,7 @@ bad:
 			}
 		if (verbose)
 			{
-			if ((f=BN_bn2ascii(serial)) == NULL) goto err;
+			if ((f=BN_bn2hex(serial)) == NULL) goto err;
 			BIO_printf(bio_err,"next serial number is %s\n",f);
 			Free(f);
 			}
@@ -720,7 +797,8 @@ bad:
 			{
 			total++;
 			j=certify_spkac(&x,spkac_file,pkey,x509,dgst,attribs,db,
-				serial,startdate,days,extensions_sk,verbose);
+				serial,startdate,enddate, days,extensions,conf,
+				verbose);
 			if (j < 0) goto err;
 			if (j > 0)
 				{
@@ -743,8 +821,8 @@ bad:
 			{
 			total++;
 			j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,attribs,
-				db,serial,startdate,days,batch,
-				extensions_sk,verbose);
+				db,serial,startdate,enddate,days,batch,
+				extensions,conf,verbose);
 			if (j < 0) goto err;
 			if (j > 0)
 				{
@@ -762,8 +840,8 @@ bad:
 			{
 			total++;
 			j=certify(&x,infile,pkey,x509,dgst,attribs,db,
-				serial,startdate,days,batch,
-				extensions_sk,verbose);
+				serial,startdate,enddate,days,batch,
+				extensions,conf,verbose);
 			if (j < 0) goto err;
 			if (j > 0)
 				{
@@ -781,8 +859,8 @@ bad:
 			{
 			total++;
 			j=certify(&x,argv[i],pkey,x509,dgst,attribs,db,
-				serial,startdate,days,batch,
-				extensions_sk,verbose);
+				serial,startdate,enddate,days,batch,
+				extensions,conf,verbose);
 			if (j < 0) goto err;
 			if (j > 0)
 				{
@@ -805,7 +883,7 @@ bad:
 			if (!batch)
 				{
 				BIO_printf(bio_err,"\n%d out of %d certificate requests certified, commit? [y/n]",total_done,total);
-				BIO_flush(bio_err);
+				(void)BIO_flush(bio_err);
 				buf[0][0]='\0';
 				fgets(buf[0],10,stdin);
 				if ((buf[0][0] != 'y') && (buf[0][0] != 'Y'))
@@ -819,12 +897,23 @@ bad:
 			BIO_printf(bio_err,"Write out database with %d new entries\n",sk_num(cert_sk));
 
 			strncpy(buf[0],serialfile,BSIZE-4);
+
+#ifdef VMS
+			strcat(buf[0],"-new");
+#else
 			strcat(buf[0],".new");
+#endif
 
 			if (!save_serial(buf[0],serial)) goto err;
 
 			strncpy(buf[1],dbfile,BSIZE-4);
+
+#ifdef VMS
+			strcat(buf[1],"-new");
+#else
 			strcat(buf[1],".new");
+#endif
+
 			if (BIO_write_filename(out,buf[1]) <= 0)
 				{
 				perror(dbfile);
@@ -848,7 +937,11 @@ bad:
 			p=(char *)x->cert_info->serialNumber->data;
 			
 			strncpy(buf[2],outdir,BSIZE-(j*2)-6);
+
+#ifndef VMS
 			strcat(buf[2],"/");
+#endif
+
 			n=(unsigned char *)&(buf[2][strlen(buf[2])]);
 			if (j > 0)
 				{
@@ -881,7 +974,13 @@ bad:
 			{
 			/* Rename the database and the serial file */
 			strncpy(buf[2],serialfile,BSIZE-4);
+
+#ifdef VMS
+			strcat(buf[2],"-old");
+#else
 			strcat(buf[2],".old");
+#endif
+
 			BIO_free(in);
 			BIO_free(out);
 			in=NULL;
@@ -903,7 +1002,13 @@ bad:
 				}
 
 			strncpy(buf[2],dbfile,BSIZE-4);
+
+#ifdef VMS
+			strcat(buf[2],"-old");
+#else
 			strcat(buf[2],".old");
+#endif
+
 			if (rename(dbfile,buf[2]) < 0)
 				{
 				BIO_printf(bio_err,"unabel to rename %s to %s\n",
@@ -926,6 +1031,20 @@ bad:
 	/*****************************************************************/
 	if (gencrl)
 		{
+		crl_ext=CONF_get_string(conf,section,ENV_CRLEXT);
+		if(crl_ext) {
+			/* Check syntax of file */
+			X509V3_CTX ctx;
+			X509V3_set_ctx_test(&ctx);
+			X509V3_set_conf_lhash(&ctx, conf);
+			if(!X509V3_EXT_add_conf(conf, &ctx, crl_ext, NULL)) {
+				BIO_printf(bio_err,
+				 "Error Loading CRL extension section %s\n",
+								 crl_ext);
+				ret = 1;
+				goto err;
+			}
+		}
 		if ((hex=BIO_new(BIO_s_mem())) == NULL) goto err;
 
 		if (!crldays && !crlhours)
@@ -965,25 +1084,25 @@ bad:
 					strlen(pp[DB_rev_date]));
 				/* strcpy(r->revocationDate,pp[DB_rev_date]);*/
 
-				BIO_reset(hex);
+				(void)BIO_reset(hex);
 				if (!BIO_puts(hex,pp[DB_serial]))
 					goto err;
 				if (!a2i_ASN1_INTEGER(hex,r->serialNumber,
 					buf[0],BSIZE)) goto err;
 
-				sk_push(ci->revoked,(char *)r);
+				sk_X509_REVOKED_push(ci->revoked,r);
 				}
 			}
 		/* sort the data so it will be written in serial
 		 * number order */
-		sk_find(ci->revoked,NULL);
-		for (i=0; i<sk_num(ci->revoked); i++)
+		sk_X509_REVOKED_sort(ci->revoked);
+		for (i=0; i<sk_X509_REVOKED_num(ci->revoked); i++)
 			{
-			r=(X509_REVOKED *)sk_value(ci->revoked,i);
+			r=sk_X509_REVOKED_value(ci->revoked,i);
 			r->sequence=i;
 			}
 
-		/* we how have a CRL */
+		/* we now have a CRL */
 		if (verbose) BIO_printf(bio_err,"signing CRL\n");
 		if (md != NULL)
 			{
@@ -994,45 +1113,125 @@ bad:
 				}
 			}
 		else
+		    {
+#ifndef NO_DSA
+		    if (pkey->type == EVP_PKEY_DSA) 
+			dgst=EVP_dss1();
+		    else
+#endif
 			dgst=EVP_md5();
+		    }
+
+		/* Add any extensions asked for */
+
+		if(crl_ext) {
+		    X509V3_CTX crlctx;
+		    if (ci->version == NULL)
+		    if ((ci->version=ASN1_INTEGER_new()) == NULL) goto err;
+		    ASN1_INTEGER_set(ci->version,1); /* version 2 CRL */
+		    X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
+		    X509V3_set_conf_lhash(&crlctx, conf);
+
+		    if(!X509V3_EXT_CRL_add_conf(conf, &crlctx,
+						 crl_ext, crl)) goto err;
+		}
+
 		if (!X509_CRL_sign(crl,pkey,dgst)) goto err;
 
 		PEM_write_bio_X509_CRL(Sout,crl);
 		}
 	/*****************************************************************/
+	if (dorevoke)
+		{
+		in=BIO_new(BIO_s_file());
+		out=BIO_new(BIO_s_file());
+		if ((in == NULL) || (out == NULL))
+			{
+			ERR_print_errors(bio_err);
+			goto err;
+			}
+		if (infile == NULL) 
+			{
+			BIO_printf(bio_err,"no input files\n");
+			goto err;
+			}
+		else
+			{
+			if (BIO_read_filename(in,infile) <= 0)
+				{
+				perror(infile);
+				BIO_printf(bio_err,"error trying to load '%s' certificate\n",infile);
+				goto err;
+				}
+			x509=PEM_read_bio_X509(in,NULL,NULL,NULL);
+			if (x509 == NULL)
+				{
+				BIO_printf(bio_err,"unable to load '%s' certificate\n",infile);
+				goto err;
+				}
+			j=do_revoke(x509,db);
+
+			strncpy(buf[0],dbfile,BSIZE-4);
+			strcat(buf[0],".new");
+			if (BIO_write_filename(out,buf[0]) <= 0)
+				{
+				perror(dbfile);
+				BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
+				goto err;
+				}
+			j=TXT_DB_write(out,db);
+			if (j <= 0) goto err;
+			BIO_free(in);
+			BIO_free(out);
+			in=NULL;
+			out=NULL;
+			strncpy(buf[1],dbfile,BSIZE-4);
+			strcat(buf[1],".old");
+			if (rename(dbfile,buf[1]) < 0)
+				{
+				BIO_printf(bio_err,"unable to rename %s to %s\n", dbfile, buf[1]);
+				perror("reason");
+				goto err;
+				}
+			if (rename(buf[0],dbfile) < 0)
+				{
+				BIO_printf(bio_err,"unable to rename %s to %s\n", buf[0],dbfile);
+				perror("reason");
+				rename(buf[1],dbfile);
+				goto err;
+				}
+			BIO_printf(bio_err,"Data Base Updated\n"); 
+			}
+		}
+	/*****************************************************************/
 	ret=0;
 err:
-	if (hex != NULL) BIO_free(hex);
-	if (Cout != NULL) BIO_free(Cout);
-	if (Sout != NULL) BIO_free(Sout);
-	if (out != NULL) BIO_free(out);
-	if (in != NULL) BIO_free(in);
+	BIO_free(hex);
+	BIO_free(Cout);
+	BIO_free(Sout);
+	BIO_free(out);
+	BIO_free(in);
 
-	if (cert_sk != NULL) sk_pop_free(cert_sk,X509_free);
-	if (extensions_sk != NULL)
-		sk_pop_free(extensions_sk,X509_EXTENSION_free);
+	sk_pop_free(cert_sk,X509_free);
 
 	if (ret) ERR_print_errors(bio_err);
-	if (serial != NULL) BN_free(serial);
-	if (db != NULL) TXT_DB_free(db);
-	if (pkey != NULL) EVP_PKEY_free(pkey);
-	if (x509 != NULL) X509_free(x509);
-	if (crl != NULL) X509_CRL_free(crl);
-	if (conf != NULL) CONF_free(conf);
-	X509v3_cleanup_extensions();
+	BN_free(serial);
+	TXT_DB_free(db);
+	EVP_PKEY_free(pkey);
+	X509_free(x509);
+	X509_CRL_free(crl);
+	CONF_free(conf);
+	X509V3_EXT_cleanup();
+	OBJ_cleanup();
 	EXIT(ret);
 	}
 
-static void lookup_fail(name,tag)
-char *name;
-char *tag;
+static void lookup_fail(char *name, char *tag)
 	{
 	BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
 	}
 
-static int MS_CALLBACK key_callback(buf,len,verify)
-char *buf;
-int len,verify;
+static int MS_CALLBACK key_callback(char *buf, int len, int verify, void *u)
 	{
 	int i;
 
@@ -1043,8 +1242,7 @@ int len,verify;
 	return(i);
 	}
 
-static unsigned long index_serial_hash(a)
-char **a;
+static unsigned long index_serial_hash(char **a)
 	{
 	char *n;
 
@@ -1053,9 +1251,7 @@ char **a;
 	return(lh_strhash(n));
 	}
 
-static int index_serial_cmp(a,b)
-char **a;
-char **b;
+static int index_serial_cmp(char **a, char **b)
 	{
 	char *aa,*bb;
 
@@ -1064,21 +1260,17 @@ char **b;
 	return(strcmp(aa,bb));
 	}
 
-static unsigned long index_name_hash(a)
-char **a;
+static unsigned long index_name_hash(char **a)
 	{ return(lh_strhash(a[DB_name])); }
 
-static int index_name_qual(a)
-char **a;
+static int index_name_qual(char **a)
 	{ return(a[0][0] == 'V'); }
 
-static int index_name_cmp(a,b)
-char **a;
-char **b;
-	{ return(strcmp(a[DB_name],b[DB_name])); }
+static int index_name_cmp(char **a, char **b)
+	{ return(strcmp(a[DB_name],
+	     b[DB_name])); }
 
-static BIGNUM *load_serial(serialfile)
-char *serialfile;
+static BIGNUM *load_serial(char *serialfile)
 	{
 	BIO *in=NULL;
 	BIGNUM *ret=NULL;
@@ -1116,9 +1308,7 @@ err:
 	return(ret);
 	}
 
-static int save_serial(serialfile,serial)
-char *serialfile;
-BIGNUM *serial;
+static int save_serial(char *serialfile, BIGNUM *serial)
 	{
 	BIO *out;
 	int ret=0;
@@ -1150,21 +1340,10 @@ err:
 	return(ret);
 	}
 
-static int certify(xret,infile,pkey,x509,dgst,policy,db,serial,startdate,days,
-	batch,extensions,verbose)
-X509 **xret;
-char *infile;
-EVP_PKEY *pkey;
-X509 *x509;
-EVP_MD *dgst;
-STACK *policy;
-TXT_DB *db;
-BIGNUM *serial;
-char *startdate;
-int days;
-int batch;
-STACK *extensions;
-int verbose;
+static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
+	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
+	     BIGNUM *serial, char *startdate, char *enddate, int days,
+	     int batch, char *ext_sect, LHASH *lconf, int verbose)
 	{
 	X509_REQ *req=NULL;
 	BIO *in=NULL;
@@ -1178,7 +1357,7 @@ int verbose;
 		perror(infile);
 		goto err;
 		}
-	if ((req=PEM_read_bio_X509_REQ(in,NULL,NULL)) == NULL)
+	if ((req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL)) == NULL)
 		{
 		BIO_printf(bio_err,"Error reading certificate request in %s\n",
 			infile);
@@ -1195,6 +1374,7 @@ int verbose;
 		goto err;
 		}
 	i=X509_REQ_verify(req,pktmp);
+	EVP_PKEY_free(pktmp);
 	if (i < 0)
 		{
 		ok=0;
@@ -1210,8 +1390,8 @@ int verbose;
 	else
 		BIO_printf(bio_err,"Signature ok\n");
 
-	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,
-		days,batch,verbose,req,extensions);
+	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate, enddate,
+		days,batch,verbose,req,ext_sect,lconf);
 
 err:
 	if (req != NULL) X509_REQ_free(req);
@@ -1219,21 +1399,10 @@ err:
 	return(ok);
 	}
 
-static int certify_cert(xret,infile,pkey,x509,dgst,policy,db,serial,startdate,
-	days, batch,extensions,verbose)
-X509 **xret;
-char *infile;
-EVP_PKEY *pkey;
-X509 *x509;
-EVP_MD *dgst;
-STACK *policy;
-TXT_DB *db;
-BIGNUM *serial;
-char *startdate;
-int days;
-int batch;
-STACK *extensions;
-int verbose;
+static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
+	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
+	     BIGNUM *serial, char *startdate, char *enddate, int days,
+	     int batch, char *ext_sect, LHASH *lconf, int verbose)
 	{
 	X509 *req=NULL;
 	X509_REQ *rreq=NULL;
@@ -1248,7 +1417,7 @@ int verbose;
 		perror(infile);
 		goto err;
 		}
-	if ((req=PEM_read_bio_X509(in,NULL,NULL)) == NULL)
+	if ((req=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL)
 		{
 		BIO_printf(bio_err,"Error reading self signed certificate in %s\n",infile);
 		goto err;
@@ -1264,6 +1433,7 @@ int verbose;
 		goto err;
 		}
 	i=X509_verify(req,pktmp);
+	EVP_PKEY_free(pktmp);
 	if (i < 0)
 		{
 		ok=0;
@@ -1273,7 +1443,7 @@ int verbose;
 	if (i == 0)
 		{
 		ok=0;
-		BIO_printf(bio_err,"Signature did not match the certificate request\n");
+		BIO_printf(bio_err,"Signature did not match the certificate\n");
 		goto err;
 		}
 	else
@@ -1282,8 +1452,8 @@ int verbose;
 	if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL)
 		goto err;
 
-	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,days,
-		batch,verbose,rreq,extensions);
+	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,enddate,days,
+		batch,verbose,rreq,ext_sect,lconf);
 
 err:
 	if (rreq != NULL) X509_REQ_free(rreq);
@@ -1292,21 +1462,10 @@ err:
 	return(ok);
 	}
 
-static int do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,days,
-	batch,verbose,req, extensions)
-X509 **xret;
-EVP_PKEY *pkey;
-X509 *x509;
-EVP_MD *dgst;
-STACK *policy;
-TXT_DB *db;
-BIGNUM *serial;
-char *startdate;
-int days;
-int batch;
-int verbose;
-X509_REQ *req;
-STACK *extensions;
+static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
+	     STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,
+	     char *startdate, char *enddate, int days, int batch, int verbose,
+	     X509_REQ *req, char *ext_sect, LHASH *lconf)
 	{
 	X509_NAME *name=NULL,*CAname=NULL,*subject=NULL;
 	ASN1_UTCTIME *tm,*tmptm;
@@ -1316,7 +1475,6 @@ STACK *extensions;
 	X509_CINF *ci;
 	X509_NAME_ENTRY *ne;
 	X509_NAME_ENTRY *tne,*push;
-	X509_EXTENSION *ex=NULL;
 	EVP_PKEY *pktmp;
 	int ok= -1,i,j,last,nid;
 	char *p;
@@ -1421,9 +1579,9 @@ STACK *extensions;
 	if (CAname == NULL) goto err;
 	str=str2=NULL;
 
-	for (i=0; i<sk_num(policy); i++)
+	for (i=0; i<sk_CONF_VALUE_num(policy); i++)
 		{
-		cv=(CONF_VALUE *)sk_value(policy,i); /* get the object id */
+		cv=sk_CONF_VALUE_value(policy,i); /* get the object id */
 		if ((j=OBJ_txt2nid(cv->name)) == NID_undef)
 			{
 			BIO_printf(bio_err,"%s:unknown object type in 'policy' configuration\n",cv->name);
@@ -1530,7 +1688,7 @@ again2:
 		BIO_printf(bio_err,"The subject name apears to be ok, checking data base for clashes\n");
 
 	row[DB_name]=X509_NAME_oneline(subject,NULL,0);
-	row[DB_serial]=BN_bn2ascii(serial);
+	row[DB_serial]=BN_bn2hex(serial);
 	if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
 		{
 		BIO_printf(bio_err,"Malloc failure\n");
@@ -1566,7 +1724,7 @@ again2:
 			p="Valid";
 		else
 			p="\ninvalid type, Data base error\n";
-		BIO_printf(bio_err,"Type          :%s\n",p);;
+		BIO_printf(bio_err,"Type	  :%s\n",p);;
 		if (rrow[DB_type][0] == 'R')
 			{
 			p=rrow[DB_exp_date]; if (p == NULL) p="undef";
@@ -1603,26 +1761,28 @@ again2:
 
 	BIO_printf(bio_err,"Certificate is to be certified until ");
 	if (strcmp(startdate,"today") == 0)
-		{
 		X509_gmtime_adj(X509_get_notBefore(ret),0);
+	else ASN1_UTCTIME_set_string(X509_get_notBefore(ret),startdate);
+
+	if (enddate == NULL)
 		X509_gmtime_adj(X509_get_notAfter(ret),(long)60*60*24*days);
-		}
-	else
-		{
-		/*XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX*/
-		ASN1_UTCTIME_set_string(X509_get_notBefore(ret),startdate);
-		}
+	else ASN1_UTCTIME_set_string(X509_get_notAfter(ret),enddate);
+
 	ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret));
-	BIO_printf(bio_err," (%d days)\n",days);
+	if(days) BIO_printf(bio_err," (%d days)",days);
+	BIO_printf(bio_err, "\n");
 
 	if (!X509_set_subject_name(ret,subject)) goto err;
 
 	pktmp=X509_REQ_get_pubkey(req);
-	if (!X509_set_pubkey(ret,pktmp)) goto err;
+	i = X509_set_pubkey(ret,pktmp);
+	EVP_PKEY_free(pktmp);
+	if (!i) goto err;
 
 	/* Lets add the extensions, if there are any */
-	if ((extensions != NULL) && (sk_num(extensions) > 0))
+	if (ext_sect)
 		{
+		X509V3_CTX ctx;
 		if (ci->version == NULL)
 			if ((ci->version=ASN1_INTEGER_new()) == NULL)
 				goto err;
@@ -1631,26 +1791,23 @@ again2:
 		/* Free the current entries if any, there should not
 		 * be any I belive */
 		if (ci->extensions != NULL)
-			sk_pop_free(ci->extensions,X509_EXTENSION_free);
+			sk_X509_EXTENSION_pop_free(ci->extensions,
+						   X509_EXTENSION_free);
 
-		if ((ci->extensions=sk_new_null()) == NULL)
-			goto err;
+		ci->extensions = NULL;
+
+		X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0);
+		X509V3_set_conf_lhash(&ctx, lconf);
+
+		if(!X509V3_EXT_add_conf(lconf, &ctx, ext_sect, ret)) goto err;
 
-		/* Lets 'copy' in the new ones */
-		for (i=0; i<sk_num(extensions); i++)
-			{
-			ex=X509_EXTENSION_dup((X509_EXTENSION *)
-				sk_value(extensions,i));
-			if (ex == NULL) goto err;
-			if (!sk_push(ci->extensions,(char *)ex)) goto err;
-			}
 		}
 
 
 	if (!batch)
 		{
 		BIO_printf(bio_err,"Sign the certificate? [y/n]:");
-		BIO_flush(bio_err);
+		(void)BIO_flush(bio_err);
 		buf[0]='\0';
 		fgets(buf,sizeof(buf)-1,stdin);
 		if (!((buf[0] == 'y') || (buf[0] == 'Y')))
@@ -1661,11 +1818,14 @@ again2:
 			}
 		}
 
+
 #ifndef NO_DSA
-        pktmp=X509_get_pubkey(ret);
-        if (EVP_PKEY_missing_parameters(pktmp) &&
+	if (pkey->type == EVP_PKEY_DSA) dgst=EVP_dss1();
+	pktmp=X509_get_pubkey(ret);
+	if (EVP_PKEY_missing_parameters(pktmp) &&
 		!EVP_PKEY_missing_parameters(pkey))
 		EVP_PKEY_copy_parameters(pktmp,pkey);
+	EVP_PKEY_free(pktmp);
 #endif
 
 	if (!X509_sign(ret,pkey,dgst))
@@ -1733,10 +1893,7 @@ err:
 	return(ok);
 	}
 
-static void write_new_certificate(bp,x, output_der)
-BIO *bp;
-X509 *x;
-int output_der;
+static void write_new_certificate(BIO *bp, X509 *x, int output_der)
 	{
 	char *f;
 	char buf[256];
@@ -1762,22 +1919,12 @@ int output_der;
 	BIO_puts(bp,"\n");
 	}
 
-static int certify_spkac(xret,infile,pkey,x509,dgst,policy,db,serial,
-	startdate,days,extensions,verbose)
-X509 **xret;
-char *infile;
-EVP_PKEY *pkey;
-X509 *x509;
-EVP_MD *dgst;
-STACK *policy;
-TXT_DB *db;
-BIGNUM *serial;
-char *startdate;
-int days;
-STACK *extensions;
-int verbose;
+static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
+	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
+	     BIGNUM *serial, char *startdate, char *enddate, int days,
+	     char *ext_sect, LHASH *lconf, int verbose)
 	{
-	STACK *sk=NULL;
+	STACK_OF(CONF_VALUE) *sk=NULL;
 	LHASH *parms=NULL;
 	X509_REQ *req=NULL;
 	CONF_VALUE *cv=NULL;
@@ -1806,7 +1953,7 @@ int verbose;
 		}
 
 	sk=CONF_get_section(parms, "default");
-	if (sk_num(sk) == 0)
+	if (sk_CONF_VALUE_num(sk) == 0)
 		{
 		BIO_printf(bio_err, "no name/value pairs found in %s\n", infile);
 		CONF_free(parms);
@@ -1835,9 +1982,9 @@ int verbose;
 
 	for (i = 0; ; i++)
 		{
-		if ((int)sk_num(sk) <= i) break;
+		if (sk_CONF_VALUE_num(sk) <= i) break;
 
-		cv=(CONF_VALUE *)sk_value(sk,i);
+		cv=sk_CONF_VALUE_value(sk,i);
 		type=cv->name;
 		buf=cv->value;
 
@@ -1918,8 +2065,9 @@ int verbose;
 	BIO_printf(bio_err,"Signature ok\n");
 
 	X509_REQ_set_pubkey(req,pktmp);
-	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,
-		days,1,verbose,req,extensions);
+	EVP_PKEY_free(pktmp);
+	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,enddate,
+		   days,1,verbose,req,ext_sect,lconf);
 err:
 	if (req != NULL) X509_REQ_free(req);
 	if (parms != NULL) CONF_free(parms);
@@ -1930,9 +2078,7 @@ err:
 	return(ok);
 	}
 
-static int fix_data(nid,type)
-int nid;
-int *type;
+static int fix_data(int nid, int *type)
 	{
 	if (nid == NID_pkcs9_emailAddress)
 		*type=V_ASN1_IA5STRING;
@@ -1947,110 +2093,140 @@ int *type;
 	return(1);
 	}
 
-
-static STACK *load_extensions(sec)
-char *sec;
+static int check_time_format(char *str)
 	{
-	STACK *ext;
-	STACK *ret=NULL;
-	CONF_VALUE *cv;
-	ASN1_OCTET_STRING *str=NULL;
-	ASN1_STRING *tmp=NULL;
-	X509_EXTENSION *x;
-	BIO *mem=NULL;
-	BUF_MEM *buf=NULL;
-	int i,nid,len;
-	unsigned char *ptr;
-	int pack_type;
-	int data_type;
+	ASN1_UTCTIME tm;
 
-	if ((ext=CONF_get_section(conf,sec)) == NULL)
-		{
-		BIO_printf(bio_err,"unable to find extension section called '%s'\n",sec);
-		return(NULL);
+	tm.data=(unsigned char *)str;
+	tm.length=strlen(str);
+	tm.type=V_ASN1_UTCTIME;
+	return(ASN1_UTCTIME_check(&tm));
+	}
+
+static int add_oid_section(LHASH *hconf)
+{	
+	char *p;
+	STACK_OF(CONF_VALUE) *sktmp;
+	CONF_VALUE *cnf;
+	int i;
+	if(!(p=CONF_get_string(hconf,NULL,"oid_section"))) return 1;
+	if(!(sktmp = CONF_get_section(hconf, p))) {
+		BIO_printf(bio_err, "problem loading oid section %s\n", p);
+		return 0;
+	}
+	for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
+		cnf = sk_CONF_VALUE_value(sktmp, i);
+		if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
+			BIO_printf(bio_err, "problem creating object %s=%s\n",
+							 cnf->name, cnf->value);
+			return 0;
 		}
+	}
+	return 1;
+}
 
-	if ((ret=sk_new_null()) == NULL) return(NULL);
+static int do_revoke(X509 *x509, TXT_DB *db)
+{
+	ASN1_UTCTIME *tm=NULL;
+	char *row[DB_NUMBER],**rrow,**irow;
+	int ok=-1,i;
 
-	for (i=0; i<sk_num(ext); i++)
+	for (i=0; i<DB_NUMBER; i++)
+		row[i]=NULL;
+	row[DB_name]=X509_NAME_oneline(x509->cert_info->subject,NULL,0);
+	row[DB_serial]=BN_bn2hex(ASN1_INTEGER_to_BN(x509->cert_info->serialNumber,NULL));
+	if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
 		{
-		cv=(CONF_VALUE *)sk_value(ext,i); /* get the object id */
-		if ((nid=OBJ_txt2nid(cv->name)) == NID_undef)
+		BIO_printf(bio_err,"Malloc failure\n");
+		goto err;
+		}
+	rrow=TXT_DB_get_by_index(db,DB_name,row);
+	if (rrow == NULL)
+		{
+		BIO_printf(bio_err,"Adding Entry to DB for %s\n", row[DB_name]);
+
+		/* We now just add it to the database */
+		row[DB_type]=(char *)Malloc(2);
+
+		tm=X509_get_notAfter(x509);
+		row[DB_exp_date]=(char *)Malloc(tm->length+1);
+		memcpy(row[DB_exp_date],tm->data,tm->length);
+		row[DB_exp_date][tm->length]='\0';
+
+		row[DB_rev_date]=NULL;
+
+		/* row[DB_serial] done already */
+		row[DB_file]=(char *)Malloc(8);
+
+		/* row[DB_name] done already */
+
+		if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
+			(row[DB_file] == NULL))
 			{
-			BIO_printf(bio_err,"%s:unknown object type in section, '%s'\n",sec,cv->name);
+			BIO_printf(bio_err,"Malloc failure\n");
 			goto err;
 			}
+		strcpy(row[DB_file],"unknown");
+		row[DB_type][0]='V';
+		row[DB_type][1]='\0';
 
-		pack_type=X509v3_pack_type_by_NID(nid);
-		data_type=X509v3_data_type_by_NID(nid);
-
-		/* pack up the input bytes */
-		ptr=(unsigned char *)cv->value;
-		len=strlen((char *)ptr);
-		if ((len > 2) && (cv->value[0] == '0') &&
-			(cv->value[1] == 'x'))
+		if ((irow=(char **)Malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
 			{
-			if (data_type == V_ASN1_UNDEF)
-				{
-				BIO_printf(bio_err,"data type for extension %s is unknown\n",cv->name);
-				goto err;
-				}
-			if (mem == NULL)
-				if ((mem=BIO_new(BIO_s_mem())) == NULL)
-					goto err;
-			if (((buf=BUF_MEM_new()) == NULL) ||
-				!BUF_MEM_grow(buf,128))
-				goto err;
-			if ((tmp=ASN1_STRING_new()) == NULL) goto err;
+			BIO_printf(bio_err,"Malloc failure\n");
+			goto err;
+			}
 
-			BIO_reset(mem);
-			BIO_write(mem,(char *)&(ptr[2]),len-2);
-			if (!a2i_ASN1_STRING(mem,tmp,buf->data,buf->max))
-				goto err;
-			len=tmp->length;
-			ptr=tmp->data;
+		for (i=0; i<DB_NUMBER; i++)
+			{
+			irow[i]=row[i];
+			row[i]=NULL;
 			}
+		irow[DB_NUMBER]=NULL;
 
-		switch (pack_type)
+		if (!TXT_DB_insert(db,irow))
 			{
-		case X509_EXT_PACK_STRING:
-			if ((str=X509v3_pack_string(&str,
-				data_type,ptr,len)) == NULL)
-				goto err;
-			break;
-		case X509_EXT_PACK_UNKNOWN:
-		default:
-			BIO_printf(bio_err,"Don't know how to pack extension %s\n",cv->name);
+			BIO_printf(bio_err,"failed to update database\n");
+			BIO_printf(bio_err,"TXT_DB error number %ld\n",db->error);
 			goto err;
-			break;
 			}
 
-		if ((x=X509_EXTENSION_create_by_NID(NULL,nid,0,str)) == NULL)
-			goto err;
-		sk_push(ret,(char *)x);
-		}
+		/* Revoke Certificate */
+		do_revoke(x509,db);
+
+		ok=1;
+		goto err;
 
-	if (0)
+		}
+	else if (index_serial_cmp(row,rrow))
+		{
+		BIO_printf(bio_err,"ERROR:no same serial number %s\n",
+			   row[DB_serial]);
+		goto err;
+		}
+	else if (rrow[DB_type][0]=='R')
 		{
+		BIO_printf(bio_err,"ERROR:Already revoked, serial number %s\n",
+			   row[DB_serial]);
+		goto err;
+		}
+	else
+		{
+		BIO_printf(bio_err,"Revoking Certificate %s.\n", rrow[DB_serial]);
+		tm=X509_gmtime_adj(tm,0);
+		rrow[DB_type][0]='R';
+		rrow[DB_type][1]='\0';
+		rrow[DB_rev_date]=(char *)Malloc(tm->length+1);
+		memcpy(rrow[DB_rev_date],tm->data,tm->length);
+		rrow[DB_rev_date][tm->length]='\0';
+		}
+	ok=1;
 err:
-		if (ret != NULL) sk_pop_free(ret,X509_EXTENSION_free);
-		ret=NULL;
+	for (i=0; i<DB_NUMBER; i++)
+		{
+		if (row[i] != NULL) 
+			Free(row[i]);
 		}
-	if (str != NULL) ASN1_OCTET_STRING_free(str);
-	if (tmp != NULL) ASN1_STRING_free(tmp);
-	if (buf != NULL) BUF_MEM_free(buf);
-	if (mem != NULL) BIO_free(mem);
-	return(ret);
-	}
-
-static int check_time_format(str)
-char *str;
-	{
-	ASN1_UTCTIME tm;
-
-	tm.data=(unsigned char *)str;
-	tm.length=strlen(str);
-	tm.type=V_ASN1_UTCTIME;
-	return(ASN1_UTCTIME_check(&tm));
-	}
+	ASN1_UTCTIME_free(tm);
+	return(ok);
+}
 
diff --git a/lib/libssl/src/apps/ciphers.c b/lib/libssl/src/apps/ciphers.c
index 867196e393c..08e47be4f78 100644
--- a/lib/libssl/src/apps/ciphers.c
+++ b/lib/libssl/src/apps/ciphers.c
@@ -63,8 +63,12 @@
 #define APPS_WIN16
 #endif
 #include "apps.h"
-#include "err.h"
-#include "ssl.h"
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+#if defined(NO_RSA) && !defined(NO_SSL2)
+#define NO_SSL2
+#endif
 
 #undef PROG
 #define PROG	ciphers_main
@@ -77,19 +81,18 @@ static char *ciphers_usage[]={
 NULL
 };
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	int ret=1,i;
 	int verbose=0;
-	char **pp,*p;
+	char **pp;
+	const char *p;
 	int badops=0;
 	SSL_CTX *ctx=NULL;
 	SSL *ssl=NULL;
 	char *ciphers=NULL;
 	SSL_METHOD *meth=NULL;
-	STACK *sk;
+	STACK_OF(SSL_CIPHER) *sk;
 	char buf[512];
 	BIO *STDout=NULL;
 
@@ -167,10 +170,10 @@ char **argv;
 		{
 		sk=SSL_get_ciphers(ssl);
 
-		for (i=0; i<sk_num(sk); i++)
+		for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
 			{
 			BIO_puts(STDout,SSL_CIPHER_description(
-				(SSL_CIPHER *)sk_value(sk,i),
+				sk_SSL_CIPHER_value(sk,i),
 				buf,512));
 			}
 		}
diff --git a/lib/libssl/src/apps/crl.c b/lib/libssl/src/apps/crl.c
index 2c18374ee0e..f7bdf76676c 100644
--- a/lib/libssl/src/apps/crl.c
+++ b/lib/libssl/src/apps/crl.c
@@ -60,10 +60,11 @@
 #include <stdlib.h>
 #include <string.h>
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/pem.h>
 
 #undef PROG
 #define PROG	crl_main
@@ -71,11 +72,6 @@
 #undef POSTFIX
 #define	POSTFIX	".rvk"
 
-#define FORMAT_UNDEF	0
-#define FORMAT_ASN1	1
-#define FORMAT_TEXT	2
-#define FORMAT_PEM	3
-
 static char *crl_usage[]={
 "usage: crl args\n",
 "\n",
@@ -92,24 +88,17 @@ static char *crl_usage[]={
 NULL
 };
 
-#ifndef NOPROTO
 static X509_CRL *load_crl(char *file, int format);
-#else
-static X509_CRL *load_crl();
-#endif
-
 static BIO *bio_out=NULL;
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	X509_CRL *x=NULL;
 	int ret=1,i,num,badops=0;
 	BIO *out=NULL;
 	int informat,outformat;
 	char *infile=NULL,*outfile=NULL;
-	int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0;
+	int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
 	char **pp,buf[256];
 
 	apps_startup();
@@ -147,10 +136,6 @@ char **argv;
 			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
 			}
-		else if (strcmp(*argv,"-text") == 0)
-			{
-			outformat=FORMAT_TEXT;
-			}
 		else if (strcmp(*argv,"-in") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -161,6 +146,8 @@ char **argv;
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
+		else if (strcmp(*argv,"-text") == 0)
+			text = 1;
 		else if (strcmp(*argv,"-hash") == 0)
 			hash= ++num;
 		else if (strcmp(*argv,"-issuer") == 0)
@@ -181,14 +168,6 @@ char **argv;
 		argv++;
 		}
 
-	if (outformat == FORMAT_TEXT)
-		{
-		num=0;
-		issuer= ++num;
-		lastupdate= ++num;
-		nextupdate= ++num;
-		}
-
 	if (badops)
 		{
 bad:
@@ -198,6 +177,7 @@ bad:
 		}
 
 	ERR_load_crypto_strings();
+	X509V3_add_standard_extensions();
 	x=load_crl(infile,informat);
 	if (x == NULL) { goto end; }
 
@@ -208,34 +188,32 @@ bad:
 			if (issuer == i)
 				{
 				X509_NAME_oneline(x->crl->issuer,buf,256);
-				fprintf(stdout,"issuer= %s\n",buf);
+				BIO_printf(bio_out,"issuer= %s\n",buf);
 				}
 
 			if (hash == i)
 				{
-				fprintf(stdout,"%08lx\n",
+				BIO_printf(bio_out,"%08lx\n",
 					X509_NAME_hash(x->crl->issuer));
 				}
 			if (lastupdate == i)
 				{
-				fprintf(stdout,"lastUpdate=");
-				ASN1_UTCTIME_print(bio_out,x->crl->lastUpdate);
-				fprintf(stdout,"\n");
+				BIO_printf(bio_out,"lastUpdate=");
+				ASN1_TIME_print(bio_out,x->crl->lastUpdate);
+				BIO_printf(bio_out,"\n");
 				}
 			if (nextupdate == i)
 				{
-				fprintf(stdout,"nextUpdate=");
+				BIO_printf(bio_out,"nextUpdate=");
 				if (x->crl->nextUpdate != NULL)
-					ASN1_UTCTIME_print(bio_out,x->crl->nextUpdate);
+					ASN1_TIME_print(bio_out,x->crl->nextUpdate);
 				else
-					fprintf(stdout,"NONE");
-				fprintf(stdout,"\n");
+					BIO_printf(bio_out,"NONE");
+				BIO_printf(bio_out,"\n");
 				}
 			}
 		}
 
-	if (noout) goto end;
-
 	out=BIO_new(BIO_s_file());
 	if (out == NULL)
 		{
@@ -254,27 +232,14 @@ bad:
 			}
 		}
 
+	if (text) X509_CRL_print(out, x);
+
+	if (noout) goto end;
+
 	if 	(outformat == FORMAT_ASN1)
 		i=(int)i2d_X509_CRL_bio(out,x);
 	else if (outformat == FORMAT_PEM)
 		i=PEM_write_bio_X509_CRL(out,x);
-	else if (outformat == FORMAT_TEXT)
-		{
-		X509_REVOKED *r;
-		STACK *sk;
-
-		sk=sk_dup(x->crl->revoked);
-		while ((r=(X509_REVOKED *)sk_pop(sk)) != NULL)
-			{
-			fprintf(stdout,"revoked: serialNumber=");
-			i2a_ASN1_INTEGER(out,r->serialNumber);
-			fprintf(stdout," revocationDate=");
-			ASN1_UTCTIME_print(bio_out,r->revocationDate);
-			fprintf(stdout,"\n");
-			}
-		sk_free(sk);
-		i=1;
-		}
 	else	
 		{
 		BIO_printf(bio_err,"bad output format specified for outfile\n");
@@ -283,15 +248,14 @@ bad:
 	if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; }
 	ret=0;
 end:
-	if (out != NULL) BIO_free(out);
-	if (bio_out != NULL) BIO_free(bio_out);
-	if (x != NULL) X509_CRL_free(x);
+	BIO_free(out);
+	BIO_free(bio_out);
+	X509_CRL_free(x);
+	X509V3_EXT_cleanup();
 	EXIT(ret);
 	}
 
-static X509_CRL *load_crl(infile, format)
-char *infile;
-int format;
+static X509_CRL *load_crl(char *infile, int format)
 	{
 	X509_CRL *x=NULL;
 	BIO *in=NULL;
@@ -316,7 +280,7 @@ int format;
 	if 	(format == FORMAT_ASN1)
 		x=d2i_X509_CRL_bio(in,NULL);
 	else if (format == FORMAT_PEM)
-		x=PEM_read_bio_X509_CRL(in,NULL,NULL);
+		x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
 	else	{
 		BIO_printf(bio_err,"bad input format specified for input crl\n");
 		goto end;
@@ -329,7 +293,7 @@ int format;
 		}
 	
 end:
-	if (in != NULL) BIO_free(in);
+	BIO_free(in);
 	return(x);
 	}
 
diff --git a/lib/libssl/src/apps/crl2p7.c b/lib/libssl/src/apps/crl2p7.c
index 82a78295586..8634e3a1ec0 100644
--- a/lib/libssl/src/apps/crl2p7.c
+++ b/lib/libssl/src/apps/crl2p7.c
@@ -65,19 +65,14 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include "apps.h"
-#include "err.h"
-#include "evp.h"
-#include "x509.h"
-#include "pkcs7.h"
-#include "pem.h"
-#include "objects.h"
-
-#ifndef NOPROTO
-static int add_certs_from_file(STACK *stack, char *certfile);
-#else
-static int add_certs_from_file();
-#endif
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+#include <openssl/objects.h>
 
+static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
 #undef PROG
 #define PROG	crl2pkcs7_main
 
@@ -87,9 +82,7 @@ static int add_certs_from_file();
  * -out arg	- output file - default stdout
  */
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	int i,badops=0;
 	BIO *in=NULL,*out=NULL;
@@ -98,8 +91,9 @@ char **argv;
 	PKCS7 *p7 = NULL;
 	PKCS7_SIGNED *p7s = NULL;
 	X509_CRL *crl=NULL;
-	STACK *crl_stack=NULL;
-	STACK *cert_stack=NULL;
+	STACK *certflst=NULL;
+	STACK_OF(X509_CRL) *crl_stack=NULL;
+	STACK_OF(X509) *cert_stack=NULL;
 	int ret=1,nocrl=0;
 
 	apps_startup();
@@ -112,7 +106,6 @@ char **argv;
 	outfile=NULL;
 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
-	certfile=NULL;
 
 	prog=argv[0];
 	argc--;
@@ -146,7 +139,8 @@ char **argv;
 		else if (strcmp(*argv,"-certfile") == 0)
 			{
 			if (--argc < 1) goto bad;
-			certfile= *(++argv);
+			if(!certflst) certflst = sk_new(NULL);
+			sk_push(certflst,*(++argv));
 			}
 		else
 			{
@@ -165,9 +159,10 @@ bad:
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg    input format - one of DER TXT PEM\n");
 		BIO_printf(bio_err," -outform arg   output format - one of DER TXT PEM\n");
-		BIO_printf(bio_err," -in arg        inout file\n");
+		BIO_printf(bio_err," -in arg        input file\n");
 		BIO_printf(bio_err," -out arg       output file\n");
 		BIO_printf(bio_err," -certfile arg  certificates file of chain to a trusted CA\n");
+		BIO_printf(bio_err,"                (can be used more than once)\n");
 		BIO_printf(bio_err," -nocrl         no crl to load, just certs from '-certfile'\n");
 		EXIT(1);
 		}
@@ -198,7 +193,7 @@ bad:
 		if 	(informat == FORMAT_ASN1)
 			crl=d2i_X509_CRL_bio(in,NULL);
 		else if (informat == FORMAT_PEM)
-			crl=PEM_read_bio_X509_CRL(in,NULL,NULL);
+			crl=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
 		else	{
 			BIO_printf(bio_err,"bad input format specified for input crl\n");
 			goto end;
@@ -218,26 +213,28 @@ bad:
 	p7s->contents->type=OBJ_nid2obj(NID_pkcs7_data);
 
 	if (!ASN1_INTEGER_set(p7s->version,1)) goto end;
-	if ((crl_stack=sk_new(NULL)) == NULL) goto end;
+	if ((crl_stack=sk_X509_CRL_new(NULL)) == NULL) goto end;
 	p7s->crl=crl_stack;
 	if (crl != NULL)
 		{
-		sk_push(crl_stack,(char *)crl);
+		sk_X509_CRL_push(crl_stack,crl);
 		crl=NULL; /* now part of p7 for Freeing */
 		}
 
-	if ((cert_stack=sk_new(NULL)) == NULL) goto end;
+	if ((cert_stack=sk_X509_new(NULL)) == NULL) goto end;
 	p7s->cert=cert_stack;
 
-	if (certfile != NULL) 
-		{
+	if(certflst) for(i = 0; i < sk_num(certflst); i++) {
+		certfile = sk_value(certflst, i);
 		if (add_certs_from_file(cert_stack,certfile) < 0)
 			{
-			BIO_printf(bio_err,"error loading certificates\n");
+			BIO_printf(bio_err, "error loading certificates\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
-		}
+	}
+
+	sk_free(certflst);
 
 	if (outfile == NULL)
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
@@ -284,40 +281,42 @@ end:
  *	number of certs added if successful, -1 if not.
  *----------------------------------------------------------------------
  */
-static int add_certs_from_file(stack,certfile)
-STACK *stack;
-char *certfile;
+static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
 	{
 	struct stat st;
 	BIO *in=NULL;
 	int count=0;
 	int ret= -1;
-	STACK *sk=NULL;
+	STACK_OF(X509_INFO) *sk=NULL;
 	X509_INFO *xi;
 
 	if ((stat(certfile,&st) != 0))
 		{
-		BIO_printf(bio_err,"unable to file the file, %s\n",certfile);
+		BIO_printf(bio_err,"unable to load the file, %s\n",certfile);
 		goto end;
 		}
 
 	in=BIO_new(BIO_s_file());
 	if ((in == NULL) || (BIO_read_filename(in,certfile) <= 0))
 		{
+		BIO_printf(bio_err,"error opening the file, %s\n",certfile);
 		goto end;
 		}
 
 	/* This loads from a file, a stack of x509/crl/pkey sets */
-	sk=PEM_X509_INFO_read_bio(in,NULL,NULL);
-	if (sk == NULL) goto end;
+	sk=PEM_X509_INFO_read_bio(in,NULL,NULL,NULL);
+	if (sk == NULL) {
+		BIO_printf(bio_err,"error reading the file, %s\n",certfile);
+		goto end;
+	}
 
 	/* scan over it and pull out the CRL's */
-	while (sk_num(sk))
+	while (sk_X509_INFO_num(sk))
 		{
-		xi=(X509_INFO *)sk_shift(sk);
+		xi=sk_X509_INFO_shift(sk);
 		if (xi->x509 != NULL)
 			{
-			sk_push(stack,(char *)xi->x509);
+			sk_X509_push(stack,xi->x509);
 			xi->x509=NULL;
 			count++;
 			}
@@ -328,7 +327,7 @@ char *certfile;
 end:
  	/* never need to Free x */
 	if (in != NULL) BIO_free(in);
-	if (sk != NULL) sk_free(sk);
+	if (sk != NULL) sk_X509_INFO_free(sk);
 	return(ret);
 	}
 
diff --git a/lib/libssl/src/apps/der_chop b/lib/libssl/src/apps/der_chop.in
index 4639330c101..9070b032fc3 100644
--- a/lib/libssl/src/apps/der_chop
+++ b/lib/libssl/src/apps/der_chop.in
@@ -42,13 +42,13 @@ $md4_cmd="md4";
 $rsa_cmd="rsa -des -inform der ";
 
 # this was the 0.5.x way of doing things ...
-$cmd="ssleay asn1parse";
-$x509_cmd="ssleay x509";
-$crl_cmd="ssleay crl";
-$rc4_cmd="ssleay rc4";
-$md2_cmd="ssleay md2";
-$md4_cmd="ssleay md4";
-$rsa_cmd="ssleay rsa -des -inform der ";
+$cmd="openssl asn1parse";
+$x509_cmd="openssl x509";
+$crl_cmd="openssl crl";
+$rc4_cmd="openssl rc4";
+$md2_cmd="openssl md2";
+$md4_cmd="openssl md4";
+$rsa_cmd="openssl rsa -des -inform der ";
 
 &Getopts('vd:') || die "usage:$0 [-v] [-d num] file";
 $depth=($opt_d =~ /^\d+$/)?$opt_d:0;
diff --git a/lib/libssl/src/apps/dgst.c b/lib/libssl/src/apps/dgst.c
index eea291db127..5f0506ed8cd 100644
--- a/lib/libssl/src/apps/dgst.c
+++ b/lib/libssl/src/apps/dgst.c
@@ -60,12 +60,12 @@
 #include <string.h>
 #include <stdlib.h>
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 #undef BUFSIZE
 #define BUFSIZE	1024*8
@@ -73,24 +73,17 @@
 #undef PROG
 #define PROG	dgst_main
 
-#ifndef NOPROTO
 void do_fp(unsigned char *buf,BIO *f,int sep);
-#else
-void do_fp();
-#endif
-
-int MAIN(argc,argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	unsigned char *buf=NULL;
 	int i,err=0;
-	EVP_MD *md=NULL,*m;
+	const EVP_MD *md=NULL,*m;
 	BIO *in=NULL,*inp;
 	BIO *bmd=NULL;
-	char *name;
+	const char *name;
 #define PROG_NAME_SIZE  16
-        char pname[PROG_NAME_SIZE];
+	char pname[PROG_NAME_SIZE];
 	int separator=0;
 	int debug=0;
 
@@ -106,13 +99,13 @@ char **argv;
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	/* first check the program name */
-        program_name(argv[0],pname,PROG_NAME_SIZE);
+	program_name(argv[0],pname,PROG_NAME_SIZE);
 
 	md=EVP_get_digestbyname(pname);
 
 	argc--;
 	argv++;
-	for (i=0; i<argc; i++)
+	while (argc > 0)
 		{
 		if ((*argv)[0] != '-') break;
 		if (strcmp(*argv,"-c") == 0)
@@ -146,6 +139,8 @@ char **argv;
 			LN_sha,LN_sha);
 		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
 			LN_mdc2,LN_mdc2);
+		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
+			LN_ripemd160,LN_ripemd160);
 		err=1;
 		goto end;
 		}
@@ -187,7 +182,7 @@ char **argv;
 				}
 			printf("%s(%s)= ",name,argv[i]);
 			do_fp(buf,inp,separator);
-			BIO_reset(bmd);
+			(void)BIO_reset(bmd);
 			}
 		}
 end:
@@ -201,10 +196,7 @@ end:
 	EXIT(err);
 	}
 
-void do_fp(buf,bp,sep)
-unsigned char *buf;
-BIO *bp;
-int sep;
+void do_fp(unsigned char *buf, BIO *bp, int sep)
 	{
 	int len;
 	int i;
diff --git a/lib/libssl/src/apps/dh.c b/lib/libssl/src/apps/dh.c
index bbf445e8456..9efdcd78a36 100644
--- a/lib/libssl/src/apps/dh.c
+++ b/lib/libssl/src/apps/dh.c
@@ -56,17 +56,18 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_DH
 #include <stdio.h>
 #include <stdlib.h>
 #include <time.h>
 #include <string.h>
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "bn.h"
-#include "dh.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 #undef PROG
 #define PROG	dh_main
@@ -81,9 +82,7 @@
  * -C
  */
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	DH *dh=NULL;
 	int i,badops=0,text=0;
@@ -152,10 +151,10 @@ bad:
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
 		BIO_printf(bio_err," -outform arg  output format - one of DER TXT PEM\n");
-		BIO_printf(bio_err," -in arg       inout file\n");
+		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
 		BIO_printf(bio_err," -check        check the DH parameters\n");
-		BIO_printf(bio_err," -text         check the DH parameters\n");
+		BIO_printf(bio_err," -text         print a text form of the DH parameters\n");
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -noout        no output\n");
 		goto end;
@@ -195,7 +194,7 @@ bad:
 	if	(informat == FORMAT_ASN1)
 		dh=d2i_DHparams_bio(in,NULL);
 	else if (informat == FORMAT_PEM)
-		dh=PEM_read_bio_DHparams(in,NULL,NULL);
+		dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL);
 	else
 		{
 		BIO_printf(bio_err,"bad input format specified\n");
@@ -310,3 +309,4 @@ end:
 	if (dh != NULL) DH_free(dh);
 	EXIT(ret);
 	}
+#endif
diff --git a/lib/libssl/src/apps/dsa-ca.pem b/lib/libssl/src/apps/dsa-ca.pem
index 9eb08f3ddd4..cccc14208fc 100644
--- a/lib/libssl/src/apps/dsa-ca.pem
+++ b/lib/libssl/src/apps/dsa-ca.pem
@@ -1,17 +1,14 @@
 -----BEGIN DSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,C5B6C7CC9E1FE2C0
-
-svCXBcBRhMuU22UXOfiKZA+thmz6KYXpt1Yg5Rd+TYQcQ1MdvNy0B0tkP1SxzDq0
-Xh1eMeTML9/9/0rKakgNXXXbpi5RB8t6BmwRSyej89F7nn1mtR3qzoyPRpp15SDl
-Tn67C+2v+HDF3MFk88hiNCYkNbcmi7TWvChsl8N1r7wdZwtIox56yXdgxw6ZIpa/
-par0oUCzN7fiavPgCWz1kfPNSaBQSdxwH7TZi5tMHAr0J3C7a7QRnZfE09R59Uqr
-zslrq+ndIw1BZAxoY0SlBu+iFOVaBVlwToC4AsHkv7j7l8ITtr7f42YbBa44D9TO
-uOhONmkk/v3Fso4RaOEzdKZC+hnmmzvHs6TiTWm6yzJgSFwyOUK0eGmKEeVxpcH5
-rUOlHOwzen+FFtocZDZAfdFnb7QY7L/boQvyA5A+ZbRG4DUpmBQeQsSaICHM5Rxx
-1QaLF413VNPXTLPbW0ilSc2H8x2iZTIVKfd33oSO6NhXPtSYQgfecEF4BvNHY5c4
-HovjT4mckbK95bcBzoCHu43vuSQkmZzdYo/ydSZt6zoPavbBLueTpgSbdXiDi827
-MVqOsYxGCb+kez0FoDSTgw==
+MIIBugIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
+PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
+u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
+Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
+hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
+SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
+Mu0OArgCgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuHvSLw9YUrJahcBHmbpvt4
+94lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUqAylOVFJJJXuirVJ+o+0T
+tOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u3enxhqnDGQIUB78dhW77
+J6zsFbSEHaQGUmfSeoM=
 -----END DSA PRIVATE KEY-----
 -----BEGIN CERTIFICATE REQUEST-----
 MIICUjCCAhECAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
diff --git a/lib/libssl/src/apps/dsa-pca.pem b/lib/libssl/src/apps/dsa-pca.pem
index e3641ad47e6..d23774edd61 100644
--- a/lib/libssl/src/apps/dsa-pca.pem
+++ b/lib/libssl/src/apps/dsa-pca.pem
@@ -1,17 +1,14 @@
 -----BEGIN DSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,F80EEEBEEA7386C4
-
-GZ9zgFcHOlnhPoiSbVi/yXc9mGoj44A6IveD4UlpSEUt6Xbse3Fr0KHIUyQ3oGnS
-mClKoAp/eOTb5Frhto85SzdsxYtac+X1v5XwdzAMy2KowHVk1N8A5jmE2OlkNPNt
-of132MNlo2cyIRYaa35PPYBGNCmUm7YcYS8O90YtkrQZZTf4+2C4kllhMcdkQwkr
-FWSWC8YOQ7w0LHb4cX1FejHHom9Nd/0PN3vn3UyySvfOqoR7nbXkrpHXmPIr0hxX
-RcF0aXcV/CzZ1/nfXWQf4o3+oD0T22SDoVcZY60IzI0oIc3pNCbDV3uKNmgekrFd
-qOUJ+QW8oWp7oefRx62iBfIeC8DZunohMXaWAQCU0sLQOR4yEdeUCnzCSywe0bG1
-diD0KYaEe+Yub1BQH4aLsBgDjardgpJRTQLq0DUvw0/QGO1irKTJzegEDNVBKrVn
-V4AHOKT1CUKqvGNRP1UnccUDTF6miOAtaj/qpzra7sSk7dkGBvIEeFoAg84kfh9h
-hVvF1YyzC9bwZepruoqoUwke/WdNIR5ymOVZ/4Liw0JdIOcq+atbdRX08niqIRkf
-dsZrUj4leo3zdefYUQ7w4N2Ns37yDFq7
+MIIBvAIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
+PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
+u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
+Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
+hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
+SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
+Mu0OArgCgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
+umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
+29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUCFQDNvrBz
+6TicfImU7UFRn9h00j0lJQ==
 -----END DSA PRIVATE KEY-----
 -----BEGIN CERTIFICATE REQUEST-----
 MIICVTCCAhMCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
diff --git a/lib/libssl/src/apps/dsa.c b/lib/libssl/src/apps/dsa.c
index fbd85a467ad..fedecf27397 100644
--- a/lib/libssl/src/apps/dsa.c
+++ b/lib/libssl/src/apps/dsa.c
@@ -56,17 +56,18 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_DSA
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <time.h>
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "dsa.h"
-#include "evp.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/dsa.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 #undef PROG
 #define PROG	dsa_main
@@ -82,14 +83,12 @@
  * -modulus	- print the DSA public key
  */
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	int ret=1;
 	DSA *dsa=NULL;
 	int i,badops=0;
-	EVP_CIPHER *enc=NULL;
+	const EVP_CIPHER *enc=NULL;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,text=0,noout=0;
 	char *infile,*outfile,*prog;
@@ -154,7 +153,7 @@ bad:
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER NET PEM\n");
 		BIO_printf(bio_err," -outform arg  output format - one of DER NET PEM\n");
-		BIO_printf(bio_err," -in arg       inout file\n");
+		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
 		BIO_printf(bio_err," -des          encrypt PEM output with cbc des\n");
 		BIO_printf(bio_err," -des3         encrypt PEM output with ede cbc des using 168 bit key\n");
@@ -192,7 +191,7 @@ bad:
 	if	(informat == FORMAT_ASN1)
 		dsa=d2i_DSAPrivateKey_bio(in,NULL);
 	else if (informat == FORMAT_PEM)
-		dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL);
+		dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL,NULL);
 	else
 		{
 		BIO_printf(bio_err,"bad input format specified for key\n");
@@ -236,7 +235,7 @@ bad:
 	if 	(outformat == FORMAT_ASN1)
 		i=i2d_DSAPrivateKey_bio(out,dsa);
 	else if (outformat == FORMAT_PEM)
-		i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL);
+		i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL,NULL);
 	else	{
 		BIO_printf(bio_err,"bad output format specified for outfile\n");
 		goto end;
@@ -254,4 +253,4 @@ end:
 	if (dsa != NULL) DSA_free(dsa);
 	EXIT(ret);
 	}
-
+#endif
diff --git a/lib/libssl/src/apps/dsaparam.c b/lib/libssl/src/apps/dsaparam.c
index 6e99289bd34..fb8d4711087 100644
--- a/lib/libssl/src/apps/dsaparam.c
+++ b/lib/libssl/src/apps/dsaparam.c
@@ -56,18 +56,19 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_DSA
 #include <stdio.h>
 #include <stdlib.h>
 #include <time.h>
 #include <string.h>
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "bn.h"
-#include "rand.h"
-#include "dsa.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/dsa.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 #undef PROG
 #define PROG	dsaparam_main
@@ -80,24 +81,18 @@
  * -text
  * -C
  * -noout
+ * -genkey
  */
 
-#ifndef NOPROTO
 static void MS_CALLBACK dsa_cb(int p, int n, char *arg);
-#else
-static void MS_CALLBACK dsa_cb();
-#endif
-
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	DSA *dsa=NULL;
 	int i,badops=0,text=0;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,noout=0,C=0,ret=1;
 	char *infile,*outfile,*prog,*inrand=NULL;
-	int numbits= -1,num;
+	int numbits= -1,num,genkey=0;
 	char buffer[200],*randfile=NULL;
 
 	apps_startup();
@@ -140,6 +135,8 @@ char **argv;
 			text=1;
 		else if (strcmp(*argv,"-C") == 0)
 			C=1;
+		else if (strcmp(*argv,"-genkey") == 0)
+			genkey=1;
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -169,7 +166,7 @@ bad:
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
 		BIO_printf(bio_err," -outform arg  output format - one of DER TXT PEM\n");
-		BIO_printf(bio_err," -in arg       inout file\n");
+		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
 		BIO_printf(bio_err," -text         check the DSA parameters\n");
 		BIO_printf(bio_err," -C            Output C code\n");
@@ -223,7 +220,7 @@ bad:
 	else if	(informat == FORMAT_ASN1)
 		dsa=d2i_DSAparams_bio(in,NULL);
 	else if (informat == FORMAT_PEM)
-		dsa=PEM_read_bio_DSAparams(in,NULL,NULL);
+		dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL);
 	else
 		{
 		BIO_printf(bio_err,"bad input format specified\n");
@@ -315,6 +312,22 @@ bad:
 			goto end;
 			}
 		}
+	if (genkey)
+		{
+		DSA *dsakey;
+
+		if ((dsakey=DSAparams_dup(dsa)) == NULL) goto end;
+		if (!DSA_generate_key(dsakey)) goto end;
+		if 	(outformat == FORMAT_ASN1)
+			i=i2d_DSAPrivateKey_bio(out,dsakey);
+		else if (outformat == FORMAT_PEM)
+			i=PEM_write_bio_DSAPrivateKey(out,dsakey,NULL,NULL,0,NULL,NULL);
+		else	{
+			BIO_printf(bio_err,"bad output format specified for outfile\n");
+			goto end;
+			}
+		DSA_free(dsakey);
+		}
 	ret=0;
 end:
 	if (in != NULL) BIO_free(in);
@@ -323,10 +336,7 @@ end:
 	EXIT(ret);
 	}
 
-static void MS_CALLBACK dsa_cb(p, n, arg)
-int p;
-int n;
-char *arg;
+static void MS_CALLBACK dsa_cb(int p, int n, char *arg)
 	{
 	char c='*';
 
@@ -335,8 +345,9 @@ char *arg;
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
 	BIO_write((BIO *)arg,&c,1);
-	BIO_flush((BIO *)arg);
+	(void)BIO_flush((BIO *)arg);
 #ifdef LINT
 	p=n;
 #endif
 	}
+#endif
diff --git a/lib/libssl/src/apps/eay.c b/lib/libssl/src/apps/eay.c
index 37d5dcbd308..a84aa382bde 100644
--- a/lib/libssl/src/apps/eay.c
+++ b/lib/libssl/src/apps/eay.c
@@ -62,33 +62,34 @@
 
 #define MONOLITH
 #define USE_SOCKETS
-#include "../e_os.h"
 
-#include "bio.h"
-#include "stack.h"
-#include "lhash.h"
+#include "openssl/e_os.h"
 
-#include "err.h"
+#include <openssl/bio.h>
+#include <openssl/stack.h>
+#include <openssl/lhash.h>
 
-#include "bn.h"
+#include <openssl/err.h>
 
-#include "evp.h"
+#include <openssl/bn.h>
 
-#include "rand.h"
-#include "conf.h"
-#include "txt_db.h"
+#include <openssl/evp.h>
 
-#include "err.h"
+#include <openssl/rand.h>
+#include <openssl/conf.h>
+#include <openssl/txt_db.h>
 
-#include "x509.h"
-#include "pkcs7.h"
-#include "pem.h"
-#include "asn1.h"
-#include "objects.h"
+#include <openssl/err.h>
+
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
 
 #define MONOLITH
 
-#include "ssleay.c"
+#include "openssl.c"
 #include "apps.c"
 #include "asn1pars.c"
 #ifndef NO_RSA
diff --git a/lib/libssl/src/apps/enc.c b/lib/libssl/src/apps/enc.c
index c00d520b44d..bce936a2fc6 100644
--- a/lib/libssl/src/apps/enc.c
+++ b/lib/libssl/src/apps/enc.c
@@ -60,22 +60,17 @@
 #include <stdlib.h>
 #include <string.h>
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
-#ifdef NO_MD5
-#include "md5.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#ifndef NO_MD5
+#include <openssl/md5.h>
 #endif
-#include "pem.h"
+#include <openssl/pem.h>
 
-#ifndef NOPROTO
 int set_hex(char *in,unsigned char *out,int size);
-#else
-int set_hex();
-#endif
-
 #undef SIZE
 #undef BSIZE
 #undef PROG
@@ -84,9 +79,7 @@ int set_hex();
 #define BSIZE	(8*1024)
 #define	PROG	enc_main
 
-int MAIN(argc,argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	char *strbuf=NULL;
 	unsigned char *buff=NULL,*bufsize=NULL;
@@ -97,11 +90,11 @@ char **argv;
 	char *hkey=NULL,*hiv=NULL;
 	int enc=1,printkey=0,i,base64=0;
 	int debug=0,olb64=0;
-	EVP_CIPHER *cipher=NULL,*c;
+	const EVP_CIPHER *cipher=NULL,*c;
 	char *inf=NULL,*outf=NULL;
 	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
 #define PROG_NAME_SIZE  16
-        char pname[PROG_NAME_SIZE];
+	char pname[PROG_NAME_SIZE];
 
 	apps_startup();
 
@@ -110,7 +103,7 @@ char **argv;
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
 	/* first check the program name */
-        program_name(argv[0],pname,PROG_NAME_SIZE);
+	program_name(argv[0],pname,PROG_NAME_SIZE);
 	if (strcmp(pname,"base64") == 0)
 		base64=1;
 
@@ -239,7 +232,7 @@ bad:
 #ifndef NO_RC4
 			BIO_printf(bio_err,"rc2     :128 bit key RC2 encryption\n");
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 			BIO_printf(bio_err,"bf      :128 bit key BlowFish encryption\n");
 #endif
 #ifndef NO_RC4
@@ -277,19 +270,19 @@ bad:
 				LN_rc2_cfb64, LN_rc2_ofb64);
 			BIO_printf(bio_err," -%-4s (%s)\n","rc2", LN_rc2_cbc);
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
 				LN_bf_ecb, LN_bf_cbc,
 				LN_bf_cfb64, LN_bf_ofb64);
 			BIO_printf(bio_err," -%-4s (%s)\n","bf", LN_bf_cbc);
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_CAST
 			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
 				LN_cast5_ecb, LN_cast5_cbc,
 				LN_cast5_cfb64, LN_cast5_ofb64);
 			BIO_printf(bio_err," -%-4s (%s)\n","cast", LN_cast5_cbc);
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_RC5
 			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
 				LN_rc5_ecb, LN_rc5_cbc,
 				LN_rc5_cfb64, LN_rc5_ofb64);
@@ -521,10 +514,7 @@ end:
 	EXIT(ret);
 	}
 
-int set_hex(in,out,size)
-char *in;
-unsigned char *out;
-int size;
+int set_hex(char *in, unsigned char *out, int size)
 	{
 	int i,n;
 	unsigned char j;
diff --git a/lib/libssl/src/apps/errstr.c b/lib/libssl/src/apps/errstr.c
index d2b2b3fcea1..c86b5d940bc 100644
--- a/lib/libssl/src/apps/errstr.c
+++ b/lib/libssl/src/apps/errstr.c
@@ -60,17 +60,15 @@
 #include <stdlib.h>
 #include <string.h>
 #include "apps.h"
-#include "bio.h"
-#include "lhash.h"
-#include "err.h"
-#include "ssl.h"
+#include <openssl/bio.h>
+#include <openssl/lhash.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
 
 #undef PROG
 #define PROG	errstr_main
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	int i,ret=0;
 	char buf[256];
diff --git a/lib/libssl/src/apps/ext.v3 b/lib/libssl/src/apps/ext.v3
deleted file mode 100644
index 87ee8e61734..00000000000
--- a/lib/libssl/src/apps/ext.v3
+++ /dev/null
@@ -1,2 +0,0 @@
-2.99999.3	SET.ex3		SET x509v3 extension 3
-
diff --git a/lib/libssl/src/apps/gendh.c b/lib/libssl/src/apps/gendh.c
index 2790f179fdc..3d509485800 100644
--- a/lib/libssl/src/apps/gendh.c
+++ b/lib/libssl/src/apps/gendh.c
@@ -56,34 +56,27 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_DH
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include "apps.h"
-#include "bio.h"
-#include "rand.h"
-#include "err.h"
-#include "bn.h"
-#include "dh.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 #define DEFBITS	512
 #undef PROG
 #define PROG gendh_main
 
-#ifndef NOPROTO
-static void MS_CALLBACK dh_cb(int p, int n, char *arg);
+static void MS_CALLBACK dh_cb(int p, int n, void *arg);
 static long dh_load_rand(char *names);
-#else
-static void MS_CALLBACK dh_cb();
-static long dh_load_rand();
-#endif
-
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	char buffer[200];
 	DH *dh=NULL;
@@ -171,7 +164,7 @@ bad:
 
 	BIO_printf(bio_err,"Generating DH parameters, %d bit long strong prime, generator of %d\n",num,g);
 	BIO_printf(bio_err,"This is going to take a long time\n");
-	dh=DH_generate_parameters(num,g,dh_cb,(char *)bio_err);
+	dh=DH_generate_parameters(num,g,dh_cb,bio_err);
 		
 	if (dh == NULL) goto end;
 
@@ -191,10 +184,7 @@ end:
 	EXIT(ret);
 	}
 
-static void MS_CALLBACK dh_cb(p,n,arg)
-int p;
-int n;
-char *arg;
+static void MS_CALLBACK dh_cb(int p, int n, void *arg)
 	{
 	char c='*';
 
@@ -203,14 +193,13 @@ char *arg;
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
 	BIO_write((BIO *)arg,&c,1);
-	BIO_flush((BIO *)arg);
+	(void)BIO_flush((BIO *)arg);
 #ifdef LINT
 	p=n;
 #endif
 	}
 
-static long dh_load_rand(name)
-char *name;
+static long dh_load_rand(char *name)
 	{
 	char *p,*n;
 	int last;
@@ -231,5 +220,4 @@ char *name;
 		}
 	return(tot);
 	}
-
-
+#endif
diff --git a/lib/libssl/src/apps/gendsa.c b/lib/libssl/src/apps/gendsa.c
index e0e5afa400b..5f00b89bb0e 100644
--- a/lib/libssl/src/apps/gendsa.c
+++ b/lib/libssl/src/apps/gendsa.c
@@ -56,39 +56,34 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_DSA
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include "apps.h"
-#include "bio.h"
-#include "rand.h"
-#include "err.h"
-#include "bn.h"
-#include "dsa.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 #define DEFBITS	512
 #undef PROG
 #define PROG gendsa_main
 
-#ifndef NOPROTO
 static long dsa_load_rand(char *names);
-#else
-static long dsa_load_rand();
-#endif
-
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	char buffer[200];
 	DSA *dsa=NULL;
-	int ret=1,num=DEFBITS;
+	int ret=1;
 	char *outfile=NULL;
 	char *inrand=NULL,*randfile,*dsaparams=NULL;
 	BIO *out=NULL,*in=NULL;
+	EVP_CIPHER *enc=NULL;
 
 	apps_startup();
 
@@ -113,9 +108,19 @@ char **argv;
 			}
 		else if (strcmp(*argv,"-") == 0)
 			goto bad;
-		else if (dsaparams == NULL)
+#ifndef NO_DES
+		else if (strcmp(*argv,"-des") == 0)
+			enc=EVP_des_cbc();
+		else if (strcmp(*argv,"-des3") == 0)
+			enc=EVP_des_ede3_cbc();
+#endif
+#ifndef NO_IDEA
+		else if (strcmp(*argv,"-idea") == 0)
+			enc=EVP_idea_cbc();
+#endif
+		else if (**argv != '-' && dsaparams == NULL)
 			{
-			dsaparams= *argv;
+			dsaparams = *argv;
 			}
 		else
 			goto bad;
@@ -126,22 +131,31 @@ char **argv;
 	if (dsaparams == NULL)
 		{
 bad:
-		BIO_printf(bio_err,"usage: gendsa [args] [numbits]\n");
-		BIO_printf(bio_err," -out file - output the key to 'file\n");
+		BIO_printf(bio_err,"usage: gendsa [args] dsaparam-file\n");
+		BIO_printf(bio_err," -out file - output the key to 'file'\n");
+#ifndef NO_DES
+		BIO_printf(bio_err," -des      - encrypt the generated key with DES in cbc mode\n");
+		BIO_printf(bio_err," -des3     - encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
+#endif
+#ifndef NO_IDEA
+		BIO_printf(bio_err," -idea     - encrypt the generated key with IDEA in cbc mode\n");
+#endif
 		BIO_printf(bio_err," -rand file:file:...\n");
 		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
+		BIO_printf(bio_err," dsaparam-file\n");
+		BIO_printf(bio_err,"           - a DSA parameter file as generated by the dsaparam command\n");
 		goto end;
 		}
 
 	in=BIO_new(BIO_s_file());
-	if (!(BIO_read_filename(in,"dsaparams")))
+	if (!(BIO_read_filename(in,dsaparams)))
 		{
 		perror(dsaparams);
 		goto end;
 		}
 
-	if ((dsa=PEM_read_bio_DSAparams(in,NULL,NULL)) == NULL)
+	if ((dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL)) == NULL)
 		{
 		BIO_printf(bio_err,"unable to load DSA parameter file\n");
 		goto end;
@@ -174,8 +188,8 @@ bad:
 			dsa_load_rand(inrand));
 		}
 
-	BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
-	BIO_printf(bio_err,"This could take some time\n");
+	BIO_printf(bio_err,"Generating DSA key, %d bits\n",
+							BN_num_bits(dsa->p));
 	if (!DSA_generate_key(dsa)) goto end;
 
 	if (randfile == NULL)
@@ -183,7 +197,7 @@ bad:
 	else
 		RAND_write_file(randfile);
 
-	if (!PEM_write_bio_DSAPrivateKey(out,dsa,EVP_des_ede3_cbc(),NULL,0,NULL))
+	if (!PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL,NULL))
 		goto end;
 	ret=0;
 end:
@@ -194,8 +208,7 @@ end:
 	EXIT(ret);
 	}
 
-static long dsa_load_rand(name)
-char *name;
+static long dsa_load_rand(char *name)
 	{
 	char *p,*n;
 	int last;
@@ -216,5 +229,4 @@ char *name;
 		}
 	return(tot);
 	}
-
-
+#endif
diff --git a/lib/libssl/src/apps/genrsa.c b/lib/libssl/src/apps/genrsa.c
index cdba6189ad6..67382065fb9 100644
--- a/lib/libssl/src/apps/genrsa.c
+++ b/lib/libssl/src/apps/genrsa.c
@@ -56,35 +56,28 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_RSA
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include "apps.h"
-#include "bio.h"
-#include "rand.h"
-#include "err.h"
-#include "bn.h"
-#include "rsa.h"
-#include "evp.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 #define DEFBITS	512
 #undef PROG
 #define PROG genrsa_main
 
-#ifndef NOPROTO
-static void MS_CALLBACK genrsa_cb(int p, int n, char *arg);
+static void MS_CALLBACK genrsa_cb(int p, int n, void *arg);
 static long gr_load_rand(char *names);
-#else
-static void MS_CALLBACK genrsa_cb();
-static long gr_load_rand();
-#endif
-
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	int ret=1;
 	char buffer[200];
@@ -201,7 +194,7 @@ bad:
 
 	BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n",
 		num);
-	rsa=RSA_generate_key(num,f4,genrsa_cb,(char *)bio_err);
+	rsa=RSA_generate_key(num,f4,genrsa_cb,bio_err);
 		
 	if (randfile == NULL)
 		BIO_printf(bio_err,"unable to write 'random state'\n");
@@ -222,7 +215,7 @@ bad:
 		l+=rsa->e->d[i];
 		}
 	BIO_printf(bio_err,"e is %ld (0x%lX)\n",l,l);
-	if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL))
+	if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL,NULL))
 		goto err;
 
 	ret=0;
@@ -234,10 +227,7 @@ err:
 	EXIT(ret);
 	}
 
-static void MS_CALLBACK genrsa_cb(p, n, arg)
-int p;
-int n;
-char *arg;
+static void MS_CALLBACK genrsa_cb(int p, int n, void *arg)
 	{
 	char c='*';
 
@@ -246,14 +236,13 @@ char *arg;
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
 	BIO_write((BIO *)arg,&c,1);
-	BIO_flush((BIO *)arg);
+	(void)BIO_flush((BIO *)arg);
 #ifdef LINT
 	p=n;
 #endif
 	}
 
-static long gr_load_rand(name)
-char *name;
+static long gr_load_rand(char *name)
 	{
 	char *p,*n;
 	int last;
@@ -274,5 +263,4 @@ char *name;
 		}
 	return(tot);
 	}
-
-
+#endif
diff --git a/lib/libssl/src/apps/install.com b/lib/libssl/src/apps/install.com
new file mode 100644
index 00000000000..f927dc29f5d
--- /dev/null
+++ b/lib/libssl/src/apps/install.com
@@ -0,0 +1,69 @@
+$! INSTALL.COM -- Installs the files in a given directory tree
+$!
+$! Author: Richard Levitte <richard@levitte.org>
+$! Time of creation: 22-MAY-1998 10:13
+$!
+$! P1	root of the directory tree
+$!
+$	IF P1 .EQS. ""
+$	THEN
+$	    WRITE SYS$OUTPUT "First argument missing."
+$	    WRITE SYS$OUTPUT "Should be the directory where you want things installed."
+$	    EXIT
+$	ENDIF
+$
+$	ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
+$	ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
+$	ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
+		   - "[000000." - "][" - "[" - "]"
+$	ROOT = ROOT_DEV + "[" + ROOT_DIR
+$
+$	DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
+$	DEFINE/NOLOG WRK_SSLVEXE WRK_SSLROOT:[VAX_EXE]
+$	DEFINE/NOLOG WRK_SSLAEXE WRK_SSLROOT:[ALPHA_EXE]
+$	DEFINE/NOLOG WRK_SSLLIB WRK_SSLROOT:[LIB]
+$
+$	IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLROOT:[000000]
+$	IF F$PARSE("WRK_SSLVEXE:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLVEXE:
+$	IF F$PARSE("WRK_SSLAEXE:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLAEXE:
+$	IF F$PARSE("WRK_SSLLIB:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLLIB:
+$
+$	EXE := openssl
+$
+$	VEXE_DIR := [-.VAX.EXE.APPS]
+$	AEXE_DIR := [-.AXP.EXE.APPS]
+$
+$	I = 0
+$ LOOP_EXE: 
+$	E = F$EDIT(F$ELEMENT(I, ",", EXE),"TRIM")
+$	I = I + 1
+$	IF E .EQS. "," THEN GOTO LOOP_EXE_END
+$	SET NOON
+$	IF F$SEARCH(VEXE_DIR+E+".EXE") .NES. ""
+$	THEN
+$	  COPY 'VEXE_DIR''E'.EXE WRK_SSLVEXE:'E'.EXE/log
+$	  SET FILE/PROT=W:RE WRK_SSLVEXE:'E'.EXE
+$	ENDIF
+$	IF F$SEARCH(AEXE_DIR+E+".EXE") .NES. ""
+$	THEN
+$	  COPY 'AEXE_DIR''E'.EXE WRK_SSLAEXE:'E'.EXE/log
+$	  SET FILE/PROT=W:RE WRK_SSLAEXE:'E'.EXE
+$	ENDIF
+$	SET ON
+$	GOTO LOOP_EXE
+$ LOOP_EXE_END:
+$
+$	SET NOON
+$	COPY CA.COM WRK_SSLAEXE:CA.COM/LOG
+$	SET FILE/PROT=W:RE WRK_SSLAEXE:CA.COM
+$	COPY CA.COM WRK_SSLVEXE:CA.COM/LOG
+$	SET FILE/PROT=W:RE WRK_SSLVEXE:CA.COM
+$	COPY OPENSSL-VMS.CNF WRK_SSLROOT:[000000]OPENSSL.CNF/LOG
+$	SET FILE/PROT=W:R WRK_SSLROOT:[000000]OPENSSL.CNF
+$	SET ON
+$
+$	EXIT
diff --git a/lib/libssl/src/apps/makeapps.com b/lib/libssl/src/apps/makeapps.com
new file mode 100644
index 00000000000..8a15a130ed0
--- /dev/null
+++ b/lib/libssl/src/apps/makeapps.com
@@ -0,0 +1,1138 @@
+$!
+$!  MAKEAPPS.COM
+$!  Written By:  Robert Byer
+$!               Vice-President
+$!               A-Com Computing, Inc.
+$!               byer@mail.all-net.net
+$!
+$!  Changes by Richard Levitte <richard@levitte.org>
+$!
+$!  This command files compiles and creates all the various different
+$!  "application" programs for the different types of encryption for OpenSSL.
+$!  The EXE's are placed in the directory [.xxx.EXE.APPS] where "xxx" denotes
+$!  either AXP or VAX depending on your machine architecture.
+$!
+$!  It was written so it would try to determine what "C" compiler to
+$!  use or you can specify which "C" compiler to use.
+$!
+$!  Specify RSAREF as P1 to compile with the RSAREF library instead of
+$!  the regular one.  If you specify NORSAREF it will compile with the
+$!  regular RSAREF routines.  (Note: If you are in the United States
+$!  you MUST compile with RSAREF unless you have a license from RSA).
+$!
+$!  Note: The RSAREF libraries are NOT INCLUDED and you have to
+$!        download it from "ftp://ftp.rsa.com/rsaref".  You have to
+$!        get the ".tar-Z" file as the ".zip" file dosen't have the
+$!        directory structure stored.  You have to extract the file
+$!        into the [.RSAREF] directory under the root directory as that
+$!        is where the scripts will look for the files.
+$!
+$!  Specify DEBUG or NODEBUG as P2 to compile with or without debugger
+$!  information.
+$!
+$!  Specify which compiler at P3 to try to compile under.
+$!
+$!	   VAXC	 For VAX C.
+$!	   DECC	 For DEC C.
+$!	   GNUC	 For GNU C.
+$!
+$!  If you don't speficy a compiler, it will try to determine which
+$!  "C" compiler to use.
+$!
+$!  P4, if defined, sets a TCP/IP library to use, through one of the following
+$!  keywords:
+$!
+$!	UCX		for UCX
+$!	SOCKETSHR	for SOCKETSHR+NETLIB
+$!
+$!  P5, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
+$!
+$!  P6, if defined, sets a choice of programs to compile.
+$!
+$!
+$! Define A TCP/IP Library That We Will Need To Link To.
+$! (That Is, If We Need To Link To One.)
+$!
+$ TCPIP_LIB = ""
+$!
+$! Check What Architecture We Are Using.
+$!
+$ IF (F$GETSYI("CPU").GE.128)
+$ THEN
+$!
+$!  The Architecture Is AXP.
+$!
+$   ARCH := AXP
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  The Architecture Is VAX.
+$!
+$   ARCH := VAX
+$!
+$! End The Architecture Check.
+$!
+$ ENDIF
+$!
+$! Define what programs should be compiled
+$!
+$ PROGRAMS := OPENSSL
+$!$ PROGRAMS := VERIFY,ASN1PARS,REQ,DGST,DH,ENC,GENDH,ERRSTR,CA,CRL,-
+$!	      RSA,DSA,DSAPARAM,-
+$!	      X509,GENRSA,GENDSA,S_SERVER,S_CLIENT,SPEED,-
+$!	      S_TIME,VERSION,PKCS7,CRL2P7,SESS_ID,CIPHERS,NSEQ,
+$!
+$! Check To Make Sure We Have Valid Command Line Parameters.
+$!
+$ GOSUB CHECK_OPTIONS
+$!
+$! Initialise logical names and such
+$!
+$ GOSUB INITIALISE
+$!
+$! Tell The User What Kind of Machine We Run On.
+$!
+$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
+$!
+$! Define The CRYPTO Library.
+$!
+$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.OLB
+$!
+$! Define The RSAREF Library.
+$!
+$ RSAREF_LIB := SYS$DISK:[-.'ARCH'.EXE.RSAREF]LIBRSAGLUE.OLB
+$!
+$! Define The SSL Library.
+$!
+$ SSL_LIB := SYS$DISK:[-.'ARCH'.EXE.SSL]LIBSSL.OLB
+$!
+$! Define The OBJ Directory.
+$!
+$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.APPS]
+$!
+$! Check To See If The OBJ Directory Exists.
+$!
+$ IF (F$PARSE(OBJ_DIR).EQS."")
+$ THEN
+$!
+$!  It Dosen't Exist, So Create It.
+$!
+$   CREATE/DIRECTORY 'OBJ_DIR'
+$!
+$! End The OBJ Directory Check.
+$!
+$ ENDIF
+$!
+$! Define The EXE Directory.
+$!
+$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.APPS]
+$!
+$! Check To See If The EXE Directory Exists.
+$!
+$ IF (F$PARSE(EXE_DIR).EQS."")
+$ THEN
+$!
+$!  It Dosen't Exist, So Create It.
+$!
+$   CREATE/DIRECTORY 'EXE_DIR'
+$!
+$! End The EXE Directory Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Have The Proper Libraries.
+$!
+$ GOSUB LIB_CHECK
+$!
+$! Check To See If We Have A Linker Option File.
+$!
+$ GOSUB CHECK_OPT_FILE
+$!
+$! Define The Application Files.
+$!
+$ LIB_FILES = "VERIFY;ASN1PARS;REQ;DGST;DH;ENC;GENDH;"+-
+	      "ERRSTR;CA;"+-
+	      "PKCS7;CRL2P7;CRL;"+-
+	      "RSA;DSA;DSAPARAM;"+-
+	      "X509;GENRSA;GENDSA;S_SERVER;S_CLIENT;SPEED;"+-
+	      "S_TIME;APPS;S_CB;S_SOCKET;VERSION;SESS_ID;"+-
+	      "CIPHERS;NSEQ;PKCS12;PKCS8"
+$ APP_FILES := OPENSSL,'OBJ_DIR'VERIFY.OBJ,ASN1PARS.OBJ,REQ.OBJ,DGST.OBJ,DH.OBJ,ENC.OBJ,GENDH.OBJ,-
+	       ERRSTR.OBJ,CA.OBJ,-
+	       PKCS7.OBJ,CRL2P7.OBJ,CRL.OBJ,-
+	       RSA.OBJ,DSA.OBJ,DSAPARAM.OBJ,-
+	       X509.OBJ,GENRSA.OBJ,GENDSA.OBJ,S_SERVER.OBJ,S_CLIENT.OBJ,SPEED.OBJ,-
+	       S_TIME.OBJ,APPS.OBJ,S_CB.OBJ,S_SOCKET.OBJ,VERSION.OBJ,SESS_ID.OBJ,-
+	       CIPHERS.OBJ,NSEQ.OBJ,PKCS12.OBJ,PKCS8.OBJ
+$ TCPIP_PROGRAMS = ",,"
+$ IF COMPILER .EQS. "VAXC" THEN -
+     TCPIP_PROGRAMS = ",OPENSSL,"
+$!$ APP_FILES := VERIFY;ASN1PARS;REQ;DGST;DH;ENC;GENDH;ERRSTR;CA;-
+$!	       PKCS7;CRL2P7;CRL;-
+$!	       RSA;DSA;DSAPARAM;-
+$!	       X509;GENRSA;GENDSA;-
+$!	       S_SERVER,'OBJ_DIR'S_SOCKET.OBJ,'OBJ_DIR'S_CB.OBJ;-
+$!	       S_CLIENT,'OBJ_DIR'S_SOCKET.OBJ,'OBJ_DIR'S_CB.OBJ;-
+$!	       SPEED;-
+$!	       S_TIME,'OBJ_DIR'S_CB.OBJ;VERSION;SESS_ID;CIPHERS;NSEQ
+$!$ TCPIP_PROGRAMS = ",,"
+$!$ IF COMPILER .EQS. "VAXC" THEN -
+$!     TCPIP_PROGRAMS = ",S_SERVER,S_CLIENT,SESS_ID,CIPHERS,S_TIME,"
+$!
+$! Setup exceptional compilations
+$!
+$ COMPILEWITH_CC2 = ",S_SOCKET,S_SERVER,S_CLIENT,"
+$!
+$ PHASE := LIB
+$!
+$ RESTART: 
+$!
+$!  Define A File Counter And Set It To "0".
+$!
+$ FILE_COUNTER = 0
+$!
+$! Top Of The File Loop.
+$!
+$ NEXT_FILE:
+$!
+$! O.K, Extract The File Name From The File List.
+$!
+$ FILE_NAME0 = F$EDIT(F$ELEMENT(FILE_COUNTER,";",'PHASE'_FILES),"TRIM")
+$ FILE_NAME = F$EDIT(F$ELEMENT(0,",",FILE_NAME0),"TRIM")
+$ EXTRA_OBJ = FILE_NAME0 - FILE_NAME
+$!
+$! Check To See If We Are At The End Of The File List.
+$!
+$ IF (FILE_NAME0.EQS.";")
+$ THEN
+$   IF (PHASE.EQS."LIB")
+$   THEN
+$     PHASE := APP
+$     GOTO RESTART
+$   ELSE
+$     GOTO FILE_DONE
+$   ENDIF
+$ ENDIF
+$!
+$! Increment The Counter.
+$!
+$ FILE_COUNTER = FILE_COUNTER + 1
+$!
+$! Check to see if this program should actually be compiled
+$!
+$ IF PHASE .EQS. "APP" .AND. -
+     ","+PROGRAMS+"," - (","+F$EDIT(FILE_NAME,"UPCASE")+",") .EQS. ","+PROGRAMS+","
+$ THEN
+$   GOTO NEXT_FILE
+$ ENDIF
+$!
+$! Create The Source File Name.
+$!
+$ SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME + ".C"
+$!
+$! Create The Object File Name.
+$!
+$ OBJECT_FILE = OBJ_DIR + FILE_NAME + ".OBJ"
+$!
+$! Create The Executable File Name.
+$!
+$ EXE_FILE = EXE_DIR + FILE_NAME + ".EXE"
+$ ON WARNING THEN GOTO NEXT_FILE
+$!
+$! Check To See If The File We Want To Compile Actually Exists.
+$!
+$ IF (F$SEARCH(SOURCE_FILE).EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Dosen't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Dosen't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   GOTO EXIT
+$!
+$! End The File Exist Check.
+$!
+$ ENDIF
+$!
+$! Tell The User What We Are Building.
+$!
+$ IF (PHASE.EQS."LIB")
+$ THEN
+$   WRITE SYS$OUTPUT "Compiling The ",FILE_NAME,".C File."
+$ ELSE
+$   WRITE SYS$OUTPUT "Building The ",FILE_NAME," Application Program."
+$ ENDIF
+$!
+$! Compile The File.
+$!
+$ ON ERROR THEN GOTO NEXT_FILE
+$ IF COMPILEWITH_CC2 - FILE_NAME .NES. COMPILEWITH_CC2
+$ THEN
+$   CC2/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$ ELSE
+$   CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$ ENDIF
+$!
+$ ON WARNING THEN GOTO NEXT_FILE
+$!
+$ IF (PHASE.EQS."LIB") 
+$ THEN 
+$   GOTO NEXT_FILE
+$ ENDIF
+$!
+$!  Check if this program works well without a TCPIP library
+$!
+$ IF TCPIP_LIB .EQS. "" .AND. TCPIP_PROGRAMS - FILE_NAME .NES. TCPIP_PROGRAMS
+$ THEN
+$   WRITE SYS$OUTPUT FILE_NAME," needs a TCP/IP library.  Can't link.  Skipping..."
+$   GOTO NEXT_FILE
+$ ENDIF
+$!
+$! Link The Program, Check To See If We Need To Link With RSAREF Or Not.
+$!
+$ IF (RSAREF.EQS."TRUE")
+$ THEN
+$!
+$!  Check To See If We Are To Link With A Specific TCP/IP Library.
+$!
+$   IF (TCPIP_LIB.NES."")
+$   THEN
+$!
+$!    Link With The RSAREF Library And A Specific TCP/IP Library.
+$!
+$     LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' -
+	  'OBJECT_FILE''EXTRA_OBJ', -
+          'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY,'RSAREF_LIB'/LIBRARY, -
+          'TCPIP_LIB','OPT_FILE'/OPTION
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Link With The RSAREF Library And NO TCP/IP Library.
+$!
+$     LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' -
+	  'OBJECT_FILE''EXTRA_OBJ', -
+          'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY,'RSAREF_LIB'/LIBRARY, -
+          'OPT_FILE'/OPTION
+$!
+$!  End The TCP/IP Library Check.
+$!
+$   ENDIF
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  Don't Link With The RSAREF Routines.
+$!
+$!
+$!  Check To See If We Are To Link With A Specific TCP/IP Library.
+$!
+$   IF (TCPIP_LIB.NES."")
+$   THEN
+$!
+$!    Don't Link With The RSAREF Routines And TCP/IP Library.
+$!
+$       LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' -
+	    'OBJECT_FILE''EXTRA_OBJ', -
+            'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, -
+            'TCPIP_LIB','OPT_FILE'/OPTION
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Don't Link With The RSAREF Routines And Link With A TCP/IP Library.
+$!
+$       LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' -
+	    'OBJECT_FILE''EXTRA_OBJ', -
+            'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, -
+            'OPT_FILE'/OPTION
+$!
+$!  End The TCP/IP Library Check.
+$!
+$   ENDIF
+$!
+$! End The RSAREF Link Check.
+$!
+$ ENDIF
+$!
+$! Go Back And Do It Again.
+$!
+$ GOTO NEXT_FILE
+$!
+$! All Done With This File.
+$!
+$ FILE_DONE:
+$ EXIT:
+$!
+$! All Done, Time To Clean Up And Exit.
+$!
+$ GOSUB CLEANUP
+$ EXIT
+$!
+$! Check For The Link Option FIle.
+$!
+$ CHECK_OPT_FILE:
+$!
+$! Check To See If We Need To Make A VAX C Option File.
+$!
+$ IF (COMPILER.EQS."VAXC")
+$ THEN
+$!
+$!  Check To See If We Already Have A VAX C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    We Need A VAX C Linker Option File.
+$!
+$     CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable VAX C Runtime Library.
+!
+SYS$SHARE:VAXCRTL.EXE/SHARE
+$EOD
+$!
+$!  End The Option File Check.
+$!
+$   ENDIF
+$!
+$! End The VAXC Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A GNU C Option File.
+$!
+$ IF (COMPILER.EQS."GNUC")
+$ THEN
+$!
+$!  Check To See If We Already Have A GNU C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    We Need A GNU C Linker Option File.
+$!
+$     CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable C Runtime Library.
+!
+GNU_CC:[000000]GCCLIB/LIBRARY
+SYS$SHARE:VAXCRTL/SHARE
+$EOD
+$!
+$!  End The Option File Check.
+$!
+$   ENDIF
+$!
+$! End The GNU C Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A DEC C Option File.
+$!
+$ IF (COMPILER.EQS."DECC")
+$ THEN
+$!
+$!  Check To See If We Already Have A DEC C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    Figure Out If We Need An AXP Or A VAX Linker Option File.
+$!
+$     IF ARCH.EQS."VAX"
+$     THEN
+$!
+$!      We Need A DEC C Linker Option File For VAX.
+$!
+$       CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable DEC C Runtime Library.
+!
+SYS$SHARE:DECC$SHR.EXE/SHARE
+$EOD
+$!
+$!    Else...
+$!
+$     ELSE
+$!
+$!      Create The AXP Linker Option File.
+$!
+$       CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File For AXP To Link Agianst 
+! The Sharable C Runtime Library.
+!
+SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
+SYS$SHARE:CMA$OPEN_RTL/SHARE
+$EOD
+$!
+$!    End The VAX/AXP DEC C Option File Check.
+$!
+$     ENDIF
+$!
+$!  End The Option File Search.
+$!
+$   ENDIF
+$!
+$! End The DEC C Check.
+$!
+$ ENDIF
+$!
+$!  Tell The User What Linker Option File We Are Using.
+$!
+$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"."	
+$!
+$! Time To RETURN.
+$!
+$ RETURN
+$!
+$! Check To See If We Have The Appropiate Libraries.
+$!
+$ LIB_CHECK:
+$!
+$! Look For The Library LIBCRYPTO.OLB.
+$!
+$ IF (F$SEARCH(CRYPTO_LIB).EQS."")
+$ THEN
+$!
+$!  Tell The User We Can't Find The LIBCRYPTO.OLB Library.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "Can't Find The Library ",CRYPTO_LIB,"."
+$   WRITE SYS$OUTPUT "We Can't Link Without It."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Since We Can't Link Without It, Exit.
+$!
+$   EXIT
+$!
+$! End The Crypto Library Check.
+$!
+$ ENDIF
+$!
+$! See If We Need The RSAREF Library.
+$!
+$ IF (RSAREF.EQS."TRUE")
+$ THEN
+$!
+$!  Look For The Library LIBRSAGLUE.OLB.
+$!
+$   IF (F$SEARCH(RSAREF_LIB).EQS."")
+$   THEN
+$!
+$!    Tell The User We Can't Find The LIBRSAGLUE.OLB Library.
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "Can't Find The Library ",RSAREF_LIB,"."
+$     WRITE SYS$OUTPUT "We Can't Link Without It."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Since We Can't Link Without It, Exit.
+$!
+$     EXIT
+$   ENDIF
+$!
+$! End The RSAREF Library Check.
+$!
+$ ENDIF
+$!
+$! Look For The Library LIBSSL.OLB.
+$!
+$ IF (F$SEARCH(SSL_LIB).EQS."")
+$ THEN
+$!
+$!  Tell The User We Can't Find The LIBSSL.OLB Library.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "Can't Find The Library ",SSL_LIB,"."
+$   WRITE SYS$OUTPUT "Some Of The Test Programs Need To Link To It."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Since We Can't Link Without It, Exit.
+$!
+$   EXIT
+$!
+$! End The SSL Library Check.
+$!
+$ ENDIF
+$!
+$! Time To Return.
+$!
+$ RETURN
+$!
+$! Check The User's Options.
+$!
+$ CHECK_OPTIONS:
+$!
+$! Check To See If P1 Is Blank.
+$!
+$ IF (P1.EQS."NORSAREF")
+$ THEN
+$!
+$!   P1 Is NORSAREF, So Compile With The Regular RSA Libraries.
+$!
+$    RSAREF = "FALSE"
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  Check To See If We Are To Use The RSAREF Library.
+$!
+$   IF (P1.EQS."RSAREF")
+$   THEN
+$!
+$!    Check To Make Sure We Have The RSAREF Source Code Directory.
+$!
+$     IF (F$SEARCH("SYS$DISK:[-.RSAREF]SOURCE.DIR").EQS."")
+$     THEN
+$!
+$!      We Don't Have The RSAREF Souce Code Directory, So Tell The
+$!      User This.
+$!
+$       WRITE SYS$OUTPUT ""
+$       WRITE SYS$OUTPUT "It appears that you don't have the RSAREF Souce Code."
+$       WRITE SYS$OUTPUT "You need to go to 'ftp://ftp.rsa.com/rsaref'.  You have to"
+$       WRITE SYS$OUTPUT "get the '.tar-Z' file as the '.zip' file dosen't have the"
+$       WRITE SYS$OUTPUT "directory structure stored.  You have to extract the file"
+$       WRITE SYS$OUTPUT "into the [.RSAREF] directory under the root directory"
+$       WRITE SYS$OUTPUT "as that is where the scripts will look for the files."
+$       WRITE SYS$OUTPUT ""
+$!
+$!      Time To Exit.
+$!
+$       EXIT
+$!
+$!    Else...
+$!
+$     ELSE
+$!
+$!      Compile Using The RSAREF Library.
+$!
+$       RSAREF = "TRUE"
+$!
+$!    End The RSAREF Soure Directory Check.
+$!
+$     ENDIF
+$!
+$!  Else...
+$!
+$   ELSE 
+$!
+$!    They Entered An Invalid Option..
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ",P1," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "     RSAREF   :  Compile With The RSAREF Library."
+$     WRITE SYS$OUTPUT "     NORSAREF :  Compile With The Regular RSA Library."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$!
+$!  End The Valid Arguement Check.
+$!
+$   ENDIF
+$!
+$! End P1 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If P2 Is Blank.
+$!
+$ IF (P2.EQS."NODEBUG")
+$ THEN
+$!
+$!   P2 Is NODEBUG, So Compile Without Debugger Information.
+$!
+$    DEBUGGER  = "NODEBUG"
+$    TRACEBACK = "NOTRACEBACK" 
+$    GCC_OPTIMIZE = "OPTIMIZE"
+$    CC_OPTIMIZE = "OPTIMIZE"
+$    WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
+$    WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  Check To See If We Are To Compile With Debugger Information.
+$!
+$   IF (P2.EQS."DEBUG")
+$   THEN
+$!
+$!    Compile With Debugger Information.
+$!
+$     DEBUGGER  = "DEBUG"
+$     TRACEBACK = "TRACEBACK"
+$     GCC_OPTIMIZE = "NOOPTIMIZE"
+$     CC_OPTIMIZE = "NOOPTIMIZE"
+$     WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
+$     WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
+$   ELSE
+$!
+$!    Tell The User Entered An Invalid Option..
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ",P2," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "    DEBUG    :  Compile With The Debugger Information."
+$     WRITE SYS$OUTPUT "    NODEBUG  :  Compile Without The Debugger Information."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$!
+$!  End The Valid Arguement Check.
+$!
+$   ENDIF
+$!
+$! End The P2 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If P3 Is Blank.
+$!
+$ IF (P3.EQS."")
+$ THEN
+$!
+$!  O.K., The User Didn't Specify A Compiler, Let's Try To
+$!  Find Out Which One To Use.
+$!
+$!  Check To See If We Have GNU C.
+$!
+$   IF (F$TRNLNM("GNU_CC").NES."")
+$   THEN
+$!
+$!    Looks Like GNUC, Set To Use GNUC.
+$!
+$     P3 = "GNUC"
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!  Check To See If We Have VAXC Or DECC.
+$!
+$     IF (ARCH.EQS."AXP").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
+$     THEN 
+$!
+$!      Looks Like DECC, Set To Use DECC.
+$!
+$       P3 = "DECC"
+$!
+$!    Else...
+$!
+$     ELSE
+$!
+$!      Looks Like VAXC, Set To Use VAXC.
+$!
+$       P3 = "VAXC"
+$!
+$!    End The VAXC Compiler Check.
+$!
+$     ENDIF
+$!
+$!  End The DECC & VAXC Compiler Check.
+$!
+$   ENDIF
+$!
+$!  End The Compiler Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Have A Option For P4.
+$!
+$ IF (P4.EQS."")
+$ THEN
+$!
+$!  Find out what socket library we have available
+$!
+$   IF F$PARSE("SOCKETSHR:") .NES. ""
+$   THEN
+$!
+$!    We have SOCKETSHR, and it is my opinion that it's the best to use.
+$!
+$     P4 = "SOCKETSHR"
+$!
+$!    Tell the user
+$!
+$     WRITE SYS$OUTPUT "Using SOCKETSHR for TCP/IP"
+$!
+$!    Else, let's look for something else
+$!
+$   ELSE
+$!
+$!    Like UCX (the reason to do this before Multinet is that the UCX
+$!    emulation is easier to use...)
+$!
+$     IF F$TRNLNM("UCX$IPC_SHR") .NES. "" -
+	 .OR. F$PARSE("SYS$SHARE:UCX$IPC_SHR.EXE") .NES. "" -
+	 .OR. F$PARSE("SYS$LIBRARY:UCX$IPC.OLB") .NES. ""
+$     THEN
+$!
+$!	Last resort: a UCX or UCX-compatible library
+$!
+$	P4 = "UCX"
+$!
+$!      Tell the user
+$!
+$       WRITE SYS$OUTPUT "Using UCX or an emulation thereof for TCP/IP"
+$!
+$!	That was all...
+$!
+$     ENDIF
+$   ENDIF
+$ ENDIF
+$!
+$! Set Up Initial CC Definitions, Possibly With User Ones
+$!
+$ CCDEFS = "VMS=1,MONOLITH"
+$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
+$ CCEXTRAFLAGS = ""
+$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
+$ CCDISABLEWARNINGS = ""
+$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
+	CCDISABLEWARNINGS = USER_CCDISABLEWARNINGS
+$!
+$!  Check To See If The User Entered A Valid Paramter.
+$!
+$ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC")
+$ THEN
+$!
+$!  Check To See If The User Wanted DECC.
+$!
+$   IF (P3.EQS."DECC")
+$   THEN
+$!
+$!    Looks Like DECC, Set To Use DECC.
+$!
+$     COMPILER = "DECC"
+$!
+$!    Tell The User We Are Using DECC.
+$!
+$     WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
+$!
+$!    Use DECC...
+$!
+$     CC = "CC"
+$     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
+	 THEN CC = "CC/DECC"
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
+           "/NOLIST/PREFIX=ALL" + CCEXTRAFLAGS
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT"
+$!
+$!  End DECC Check.
+$!
+$   ENDIF
+$!
+$!  Check To See If We Are To Use VAXC.
+$!
+$   IF (P3.EQS."VAXC")
+$   THEN
+$!
+$!    Looks Like VAXC, Set To Use VAXC.
+$!
+$     COMPILER = "VAXC"
+$!
+$!    Tell The User We Are Using VAX C.
+$     WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
+$!
+$!    Compile Using VAXC.
+$!
+$     CC = "CC"
+$     IF ARCH.EQS."AXP"
+$     THEN
+$	WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
+$	EXIT
+$     ENDIF
+$     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS
+$     CCDEFS = CCDEFS + ",""VAXC"""
+$!
+$!    Define <sys> As SYS$COMMON:[SYSLIB]
+$!
+$     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT"
+$!
+$!  End VAXC Check
+$!
+$   ENDIF
+$!
+$!  Check To See If We Are To Use GNU C.
+$!
+$   IF (P3.EQS."GNUC")
+$   THEN
+$!
+$!    Looks Like GNUC, Set To Use GNUC.
+$!
+$     COMPILER = "GNUC"
+$!
+$!    Tell The User We Are Using GNUC.
+$!
+$     WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
+$!
+$!    Use GNU C...
+$!
+$     IF F$TYPE(GCC) .EQS. "" THEN GCC := GCC
+$     CC = GCC+"/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT"
+$!
+$!  End The GNU C Check.
+$!
+$   ENDIF
+$!
+$!  Set up default defines
+$!
+$   CCDEFS = """FLAT_INC=1""," + CCDEFS
+$!
+$!  Check To See If We Are To Compile With RSAREF Routines.
+$!
+$   IF (RSAREF.EQS."TRUE")
+$   THEN
+$!
+$!    Compile With RSAREF.
+$!
+$     CCDEFS = CCDEFS + ",""RSAref=1"""
+$!
+$!    Tell The User This.
+$!
+$     WRITE SYS$OUTPUT "Compiling With RSAREF Routines."
+$!
+$!    Else, We Don't Care.  Compile Without The RSAREF Library.
+$!
+$   ELSE
+$!
+$!    Tell The User We Are Compile Without The RSAREF Routines.
+$!
+$     WRITE SYS$OUTPUT "Compiling Without The RSAREF Routines.
+$!
+$!  End The RSAREF Check.
+$!
+$   ENDIF
+$!
+$!  Else The User Entered An Invalid Arguement.
+$!
+$ ELSE
+$!
+$!  Tell The User We Don't Know What They Want.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The Option ",P3," Is Invalid.  The Valid Options Are:"
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "    VAXC  :  To Compile With VAX C."
+$   WRITE SYS$OUTPUT "    DECC  :  To Compile With DEC C."
+$   WRITE SYS$OUTPUT "    GNUC  :  To Compile With GNU C."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Time To EXIT.
+$!
+$   EXIT
+$ ENDIF
+$!
+$! Time to check the contents, and to make sure we get the correct library.
+$!
+$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX"
+$ THEN
+$!
+$!  Check to see if SOCKETSHR was chosen
+$!
+$   IF P4.EQS."SOCKETSHR"
+$   THEN
+$!
+$!    Set the library to use SOCKETSHR
+$!
+$     TCPIP_LIB = "[-.VMS]SOCKETSHR_SHR.OPT/OPT"
+$!
+$!    Done with SOCKETSHR
+$!
+$   ENDIF
+$!
+$!  Check to see if MULTINET was chosen
+$!
+$   IF P4.EQS."MULTINET"
+$   THEN
+$!
+$!    Set the library to use UCX emulation.
+$!
+$     P4 = "UCX"
+$!
+$!    Done with MULTINET
+$!
+$   ENDIF
+$!
+$!  Check to see if UCX was chosen
+$!
+$   IF P4.EQS."UCX"
+$   THEN
+$!
+$!    Set the library to use UCX.
+$!
+$     TCPIP_LIB = "[-.VMS]UCX_SHR_DECC.OPT/OPT"
+$     IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
+$     THEN
+$       TCPIP_LIB = "[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT"
+$     ELSE
+$       IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
+	  TCPIP_LIB = "[-.VMS]UCX_SHR_VAXC.OPT/OPT"
+$     ENDIF
+$!
+$!    Done with UCX
+$!
+$   ENDIF
+$!
+$!  Add TCP/IP type to CC definitions.
+$!
+$   CCDEFS = CCDEFS + ",TCPIP_TYPE_''P4'"
+$!
+$!  Print info
+$!
+$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
+$!
+$!  Else The User Entered An Invalid Arguement.
+$!
+$ ELSE
+$!
+$!  Tell The User We Don't Know What They Want.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The Option ",P4," Is Invalid.  The Valid Options Are:"
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "    SOCKETSHR  :  To link with SOCKETSHR TCP/IP library."
+$   WRITE SYS$OUTPUT "    UCX        :  To link with UCX TCP/IP library."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Time To EXIT.
+$!
+$   EXIT
+$!
+$!  Done with TCP/IP libraries
+$!
+$ ENDIF
+$!
+$! Finish up the definition of CC.
+$!
+$ IF COMPILER .EQS. "DECC"
+$ THEN
+$   IF CCDISABLEWARNINGS .NES. ""
+$   THEN
+$     CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
+$   ENDIF
+$ ELSE
+$   CCDISABLEWARNINGS = ""
+$ ENDIF
+$ CC2 = CC + "/DEFINE=(" + CCDEFS + ",_POSIX_C_SOURCE)" + CCDISABLEWARNINGS
+$ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
+$!
+$! Show user the result
+$!
+$ WRITE SYS$OUTPUT "Main Compiling Command: ",CC
+$!
+$! Special Threads For OpenVMS v7.1 Or Later
+$!
+$! Written By:  Richard Levitte
+$!              richard@levitte.org
+$!
+$!
+$! Check To See If We Have A Option For P5.
+$!
+$ IF (P5.EQS."")
+$ THEN
+$!
+$!  Get The Version Of VMS We Are Using.
+$!
+$   ISSEVEN :=
+$   TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION")))
+$   TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))
+$!
+$!  Check To See If The VMS Version Is v7.1 Or Later.
+$!
+$   IF (TMP.GE.71)
+$   THEN
+$!
+$!    We Have OpenVMS v7.1 Or Later, So Use The Special Threads.
+$!
+$     ISSEVEN := ,PTHREAD_USE_D4
+$!
+$!  End The VMS Version Check.
+$!
+$   ENDIF
+$!
+$! End The P5 Check.
+$!
+$ ENDIF
+$!
+$! Check if the user wanted to compile just a subset of all the programs.
+$!
+$ IF P6 .NES. ""
+$ THEN
+$   PROGRAMS = P6
+$ ENDIF
+$!
+$!  Time To RETURN...
+$!
+$ RETURN
+$!
+$ INITIALISE:
+$!
+$! Save old value of the logical name OPENSSL
+$!
+$ __SAVE_OPENSSL = F$TRNLNM("OPENSSL","LNM$PROCESS_TABLE")
+$!
+$! Save directory information
+$!
+$ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;"
+$ __TOP = __HERE - "APPS]"
+$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
+$!
+$! Set up the logical name OPENSSL to point at the include directory
+$!
+$ DEFINE OPENSSL/NOLOG '__INCLUDE'
+$!
+$! Done
+$!
+$ RETURN
+$!
+$ CLEANUP:
+$!
+$! Restore the logical name OPENSSL if it had a value
+$!
+$ IF __SAVE_OPENSSL .EQS. ""
+$ THEN
+$   DEASSIGN OPENSSL
+$ ELSE
+$   DEFINE/NOLOG OPENSSL '__SAVE_OPENSSL'
+$ ENDIF
+$!
+$! Done
+$!
+$ RETURN
diff --git a/lib/libssl/src/apps/mklinks b/lib/libssl/src/apps/mklinks
deleted file mode 100644
index 55a56b399e4..00000000000
--- a/lib/libssl/src/apps/mklinks
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/sh
-for i in verify asn1parse req dgst dh enc gendh errstr ca crl rsa dsa dsaparam x509 genrsa s_server s_client speed s_time version pkcs7 crl2pkcs7 sess_id ciphers md2 md5 sha sha1 mdc2 base64 des des3 desx idea rc4 rc2 bf cast rc5 des-ecb des-ede des-ede3 des-cbc des-ede-cbc des-ede3-cbc des-cfb des-ede-cfb des-ede3-cfb des-ofb des-ede-ofb des-ede3-ofb idea-cbc idea-ecb idea-cfb idea-ofb rc2-cbc rc2-ecb rc2-cfb rc2-ofb bf-cbc bf-ecb bf-cfb bf-ofb cast5-cbc cast5-ecb cast5-cfb cast5-ofb cast-cbc rc5-cbc rc5-ecb rc5-cfb rc5-ofb 
-do
-echo making symlink for $i
-/bin/rm -f $i
-ln -s ssleay $i
-done
diff --git a/lib/libssl/src/apps/nseq.c b/lib/libssl/src/apps/nseq.c
new file mode 100644
index 00000000000..d9d01659e78
--- /dev/null
+++ b/lib/libssl/src/apps/nseq.c
@@ -0,0 +1,174 @@
+/* nseq.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include "apps.h"
+
+#undef PROG
+#define PROG nseq_main
+
+static int dump_cert_text(BIO *out, X509 *x);
+
+int MAIN(int argc, char **argv)
+{
+	char **args, *infile = NULL, *outfile = NULL;
+	BIO *in = NULL, *out = NULL;
+	int toseq = 0;
+	X509 *x509 = NULL;
+	NETSCAPE_CERT_SEQUENCE *seq = NULL;
+	int i, ret = 1;
+	int badarg = 0;
+	if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
+	ERR_load_crypto_strings();
+	args = argv + 1;
+	while (!badarg && *args && *args[0] == '-') {
+		if (!strcmp (*args, "-toseq")) toseq = 1;
+		else if (!strcmp (*args, "-in")) {
+			if (args[1]) {
+				args++;
+				infile = *args;
+			} else badarg = 1;
+		} else if (!strcmp (*args, "-out")) {
+			if (args[1]) {
+				args++;
+				outfile = *args;
+			} else badarg = 1;
+		} else badarg = 1;
+		args++;
+	}
+
+	if (badarg) {
+		BIO_printf (bio_err, "Netscape certificate sequence utility\n");
+		BIO_printf (bio_err, "Usage nseq [options]\n");
+		BIO_printf (bio_err, "where options are\n");
+		BIO_printf (bio_err, "-in file  input file\n");
+		BIO_printf (bio_err, "-out file output file\n");
+		BIO_printf (bio_err, "-toseq    output NS Sequence file\n");
+		EXIT(1);
+	}
+
+	if (infile) {
+		if (!(in = BIO_new_file (infile, "r"))) {
+			BIO_printf (bio_err,
+				 "Can't open input file %s\n", infile);
+			goto end;
+		}
+	} else in = BIO_new_fp(stdin, BIO_NOCLOSE);
+
+	if (outfile) {
+		if (!(out = BIO_new_file (outfile, "w"))) {
+			BIO_printf (bio_err,
+				 "Can't open output file %s\n", outfile);
+			goto end;
+		}
+	} else out = BIO_new_fp(stdout, BIO_NOCLOSE);
+
+	if (toseq) {
+		seq = NETSCAPE_CERT_SEQUENCE_new();
+		seq->certs = sk_X509_new(NULL);
+		while((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL))) 
+		    sk_X509_push(seq->certs,x509);
+
+		if(!sk_X509_num(seq->certs))
+		{
+			BIO_printf (bio_err, "Error reading certs file %s\n", infile);
+			ERR_print_errors(bio_err);
+			goto end;
+		}
+		PEM_write_bio_NETSCAPE_CERT_SEQUENCE(out, seq);
+		ret = 0;
+		goto end;
+	}
+
+	if (!(seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL, NULL))) {
+		BIO_printf (bio_err, "Error reading sequence file %s\n", infile);
+		ERR_print_errors(bio_err);
+		goto end;
+	}
+
+	for(i = 0; i < sk_X509_num(seq->certs); i++) {
+		x509 = sk_X509_value(seq->certs, i);
+		dump_cert_text(out, x509);
+		PEM_write_bio_X509(out, x509);
+	}
+	ret = 0;
+end:
+	BIO_free(in);
+	BIO_free(out);
+	NETSCAPE_CERT_SEQUENCE_free(seq);
+
+	EXIT(ret);
+}
+
+static int dump_cert_text(BIO *out, X509 *x)
+{
+	char buf[256];
+	X509_NAME_oneline(X509_get_subject_name(x),buf,256);
+	BIO_puts(out,"subject=");
+	BIO_puts(out,buf);
+
+	X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
+	BIO_puts(out,"\nissuer= ");
+	BIO_puts(out,buf);
+	BIO_puts(out,"\n");
+	return 0;
+}
+
diff --git a/lib/libssl/src/apps/oid.cnf b/lib/libssl/src/apps/oid.cnf
new file mode 100644
index 00000000000..faf425a156b
--- /dev/null
+++ b/lib/libssl/src/apps/oid.cnf
@@ -0,0 +1,6 @@
+2.99999.1       SET.ex1         SET x509v3 extension 1
+2.99999.2       SET.ex2         SET x509v3 extension 2
+2.99999.3       SET.ex3         SET x509v3 extension 3
+2.99999.4       SET.ex4         SET x509v3 extension 4
+2.99999.5       SET.ex5         SET x509v3 extension 5
+2.99999.6       SET.ex6         SET x509v3 extension 6
diff --git a/lib/libssl/src/apps/openssl-vms.cnf b/lib/libssl/src/apps/openssl-vms.cnf
new file mode 100644
index 00000000000..13d10f21ed0
--- /dev/null
+++ b/lib/libssl/src/apps/openssl-vms.cnf
@@ -0,0 +1,214 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+RANDFILE		= $ENV::HOME/.rnd
+oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= sys\$disk:[.demoCA	# Where everything is kept
+certs		= $dir.certs]		# Where the issued certs are kept
+crl_dir		= $dir.crl]		# Where the issued crl are kept
+database	= $dir]index.txt	# database index file.
+new_certs_dir	= $dir.newcerts]	# default place for new certs.
+
+certificate	= $dir]cacert.pem 	# The CA certificate
+serial		= $dir]serial.		# The current serial number
+crl		= $dir]crl.pem 		# The current CRL
+private_key	= $dir.private]cakey.pem# The private key
+RANDFILE	= $dir.private].rand	# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 365			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= md5			# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= 1024
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= AU
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= Some-State
+
+localityName			= Locality Name (eg, city)
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, YOUR name)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_max		= 40
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_ca]
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# RAW DER hex encoding of an extension: beware experts only!
+# 1.2.3.5=RAW:02:03
+# You can even override a supported extension:
+# basicConstraints= critical, RAW:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
diff --git a/lib/libssl/src/apps/ssleay.c b/lib/libssl/src/apps/openssl.c
index eac411b8540..9a337fb316e 100644
--- a/lib/libssl/src/apps/ssleay.c
+++ b/lib/libssl/src/apps/openssl.c
@@ -1,4 +1,4 @@
-/* apps/ssleay.c */
+/* apps/openssl.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -63,19 +63,19 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#include "bio.h"
-#include "crypto.h"
-#include "lhash.h"
-#include "conf.h"
-#include "x509.h"
-#include "pem.h"
-#include "ssl.h"
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
+#include <openssl/lhash.h>
+#include <openssl/conf.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
 #define SSLEAY	/* turn off a few special case MONOLITH macros */
 #define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
 #define SSLEAY_SRC
 #include "apps.h"
 #include "s_apps.h"
-#include "err.h"
+#include <openssl/err.h>
 
 /*
 #ifdef WINDOWS
@@ -83,24 +83,15 @@
 #endif
 */
 
-#ifndef NOPROTO
 static unsigned long MS_CALLBACK hash(FUNCTION *a);
 static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
 static LHASH *prog_init(void );
 static int do_cmd(LHASH *prog,int argc,char *argv[]);
-#else
-static unsigned long MS_CALLBACK hash();
-static int MS_CALLBACK cmp();
-static LHASH *prog_init();
-static int do_cmd();
-#endif
-
 LHASH *config=NULL;
 char *default_config_file=NULL;
 
 #ifdef DEBUG
-static void sig_stop(i)
-int i;
+static void sig_stop(int i)
 	{
 	char *a=NULL;
 
@@ -113,9 +104,7 @@ int i;
 BIO *bio_err=NULL;
 #endif
 
-int main(Argc,Argv)
-int Argc;
-char *Argv[];
+int main(int Argc, char *Argv[])
 	{
 	ARGS arg;
 #define PROG_NAME_SIZE	16
@@ -152,12 +141,16 @@ char *Argv[];
 	ERR_load_crypto_strings();
 
 	/* Lets load up our environment a little */
-	p=getenv("SSLEAY_CONF");
+	p=getenv("OPENSSL_CONF");
+	if (p == NULL)
+		p=getenv("SSLEAY_CONF");
 	if (p == NULL)
 		{
 		strcpy(config_name,X509_get_default_cert_area());
-		strcat(config_name,"/lib/");
-		strcat(config_name,SSLEAY_CONF);
+#ifndef VMS
+		strcat(config_name,"/");
+#endif
+		strcat(config_name,OPENSSL_CONF);
 		p=config_name;
 		}
 
@@ -191,7 +184,7 @@ char *Argv[];
 		goto end;
 		}
 
-	/* ok, lets enter the old 'SSLeay>' mode */
+	/* ok, lets enter the old 'OpenSSL>' mode */
 	
 	for (;;)
 		{
@@ -204,7 +197,7 @@ char *Argv[];
 			p[0]='\0';
 			if (i++)
 				prompt=">";
-			else	prompt="SSLeay>";
+			else	prompt="OpenSSL> ";
 			fputs(prompt,stdout);
 			fflush(stdout);
 			fgets(p,n,stdin);
@@ -226,7 +219,7 @@ char *Argv[];
 			}
 		if (ret != 0)
 			BIO_printf(bio_err,"error in %s\n",argv[0]);
-		BIO_flush(bio_err);
+		(void)BIO_flush(bio_err);
 		}
 	BIO_printf(bio_err,"bad exit\n");
 	ret=1;
@@ -241,6 +234,7 @@ end:
 	ERR_remove_state(0);
 
 	EVP_cleanup();
+	ERR_free_strings();
 
 	CRYPTO_mem_leaks(bio_err);
 	if (bio_err != NULL)
@@ -251,10 +245,11 @@ end:
 	EXIT(ret);
 	}
 
-static int do_cmd(prog,argc,argv)
-LHASH *prog;
-int argc;
-char *argv[];
+#define LIST_STANDARD_COMMANDS "list-standard-commands"
+#define LIST_MESSAGE_DIGEST_COMMANDS "list-message-digest-commands"
+#define LIST_CIPHER_COMMANDS "list-cipher-commands"
+
+static int do_cmd(LHASH *prog, int argc, char *argv[])
 	{
 	FUNCTION f,*fp;
 	int i,ret=1,tp,nl;
@@ -275,12 +270,34 @@ char *argv[];
 		ret= -1;
 		goto end;
 		}
+	else if ((strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0) ||
+		(strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0) ||
+		(strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0))
+		{
+		int list_type;
+		BIO *bio_stdout;
+
+		if (strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0)
+			list_type = FUNC_TYPE_GENERAL;
+		else if (strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0)
+			list_type = FUNC_TYPE_MD;
+		else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */
+			list_type = FUNC_TYPE_CIPHER;
+		bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
+		
+		for (fp=functions; fp->name != NULL; fp++)
+			if (fp->type == list_type)
+				BIO_printf(bio_stdout, "%s\n", fp->name);
+		BIO_free(bio_stdout);
+		ret=0;
+		goto end;
+		}
 	else
 		{
-		BIO_printf(bio_err,"'%s' is a bad command, valid commands are",
+		BIO_printf(bio_err,"openssl:Error: '%s' is an invalid command.\n",
 			argv[0]);
+		BIO_printf(bio_err, "\nStandard commands");
 		i=0;
-		fp=functions;
 		tp=0;
 		for (fp=functions; fp->name != NULL; fp++)
 			{
@@ -298,27 +315,43 @@ char *argv[];
 					{
 					i=1;
 					BIO_printf(bio_err,
-						"Message Digest commands - see the dgst command for more details\n");
+						"\nMessage Digest commands (see the `dgst' command for more details)\n");
 					}
 				else if (tp == FUNC_TYPE_CIPHER)
 					{
 					i=1;
-					BIO_printf(bio_err,"Cipher commands - see the enc command for more details\n");
+					BIO_printf(bio_err,"\nCipher commands (see the `enc' command for more details)\n");
 					}
 				}
 			BIO_printf(bio_err,"%-15s",fp->name);
 			}
-		BIO_printf(bio_err,"\nquit\n");
+		BIO_printf(bio_err,"\n\n");
 		ret=0;
 		}
 end:
 	return(ret);
 	}
 
-static LHASH *prog_init()
+static int SortFnByName(const void *_f1,const void *_f2)
+    {
+    const FUNCTION *f1=_f1;
+    const FUNCTION *f2=_f2;
+
+    if(f1->type != f2->type)
+	return f1->type-f2->type;
+    return strcmp(f1->name,f2->name);
+    }
+
+static LHASH *prog_init(void)
 	{
 	LHASH *ret;
 	FUNCTION *f;
+	int i;
+
+	/* Purely so it looks nice when the user hits ? */
+	for(i=0,f=functions ; f->name != NULL ; ++f,++i)
+	    ;
+	qsort(functions,i,sizeof *functions,SortFnByName);
 
 	if ((ret=lh_new(hash,cmp)) == NULL) return(NULL);
 
@@ -327,14 +360,12 @@ static LHASH *prog_init()
 	return(ret);
 	}
 
-static int MS_CALLBACK cmp(a,b)
-FUNCTION *a,*b;
+static int MS_CALLBACK cmp(FUNCTION *a, FUNCTION *b)
 	{
 	return(strncmp(a->name,b->name,8));
 	}
 
-static unsigned long MS_CALLBACK hash(a)
-FUNCTION *a;
+static unsigned long MS_CALLBACK hash(FUNCTION *a)
 	{
 	return(lh_strhash(a->name));
 	}
diff --git a/lib/libssl/src/apps/openssl.cnf b/lib/libssl/src/apps/openssl.cnf
new file mode 100644
index 00000000000..d70dd25622b
--- /dev/null
+++ b/lib/libssl/src/apps/openssl.cnf
@@ -0,0 +1,214 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+RANDFILE		= $ENV::HOME/.rnd
+oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= ./demoCA		# Where everything is kept
+certs		= $dir/certs		# Where the issued certs are kept
+crl_dir		= $dir/crl		# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir/newcerts		# default place for new certs.
+
+certificate	= $dir/cacert.pem 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/private/cakey.pem# The private key
+RANDFILE	= $dir/private/.rand	# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 365			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= md5			# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= 1024
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= AU
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= Some-State
+
+localityName			= Locality Name (eg, city)
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, YOUR name)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_max		= 40
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_ca ]
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# RAW DER hex encoding of an extension: beware experts only!
+# 1.2.3.5=RAW:02:03
+# You can even override a supported extension:
+# basicConstraints= critical, RAW:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
diff --git a/lib/libssl/src/apps/pem_mail.c b/lib/libssl/src/apps/pem_mail.c
index 64e04acb527..f85c7b1c831 100644
--- a/lib/libssl/src/apps/pem_mail.c
+++ b/lib/libssl/src/apps/pem_mail.c
@@ -56,13 +56,14 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_RSA
 #include <stdio.h>
-#include "rsa.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
-#include "err.h"
-#include "pem.h"
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
 #include "apps.h"
 
 #undef PROG
@@ -87,9 +88,7 @@ typedef struct lines_St
 	struct lines_st *next;
 	} LINES;
 
-int main(argc, argv)
-int argc;
-char **argv;
+int main(int argc, char **argv)
 	{
 	FILE *in;
 	RSA *rsa=NULL;
@@ -168,3 +167,4 @@ err:
 	ERR_print_errors(bio_err);
 	EXIT(1);
 	}
+#endif
diff --git a/lib/libssl/src/apps/pkcs12.c b/lib/libssl/src/apps/pkcs12.c
new file mode 100644
index 00000000000..5defddeb320
--- /dev/null
+++ b/lib/libssl/src/apps/pkcs12.c
@@ -0,0 +1,703 @@
+/* pkcs12.c */
+#if !defined(NO_DES) && !defined(NO_SHA1)
+
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/des.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+
+#include "apps.h"
+#define PROG pkcs12_main
+
+EVP_CIPHER *enc;
+
+
+#define NOKEYS		0x1
+#define NOCERTS 	0x2
+#define INFO		0x4
+#define CLCERTS		0x8
+#define CACERTS		0x10
+
+int get_cert_chain(X509 *cert, STACK_OF(X509) **chain);
+int dump_cert_text (BIO *out, X509 *x);
+int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options);
+int dump_certs_pkeys_bags(BIO *out, STACK *bags, char *pass, int passlen, int options);
+int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options);
+int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name);
+void hex_prin(BIO *out, unsigned char *buf, int len);
+int alg_print(BIO *x, X509_ALGOR *alg);
+int cert_load(BIO *in, STACK_OF(X509) *sk);
+int MAIN(int argc, char **argv)
+{
+    char *infile=NULL, *outfile=NULL, *keyname = NULL;	
+    char *certfile=NULL;
+    BIO *in=NULL, *out = NULL, *inkey = NULL, *certsin = NULL;
+    char **args;
+    char *name = NULL;
+    PKCS12 *p12 = NULL;
+    char pass[50], macpass[50];
+    int export_cert = 0;
+    int options = 0;
+    int chain = 0;
+    int badarg = 0;
+    int iter = PKCS12_DEFAULT_ITER;
+    int maciter = 1;
+    int twopass = 0;
+    int keytype = 0;
+    int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
+    int ret = 1;
+    int macver = 1;
+    int noprompt = 0;
+    STACK *canames = NULL;
+    char *cpass = NULL, *mpass = NULL;
+
+    apps_startup();
+
+    enc = EVP_des_ede3_cbc();
+    if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
+
+    args = argv + 1;
+
+
+    while (*args) {
+	if (*args[0] == '-') {
+		if (!strcmp (*args, "-nokeys")) options |= NOKEYS;
+		else if (!strcmp (*args, "-keyex")) keytype = KEY_EX;
+		else if (!strcmp (*args, "-keysig")) keytype = KEY_SIG;
+		else if (!strcmp (*args, "-nocerts")) options |= NOCERTS;
+		else if (!strcmp (*args, "-clcerts")) options |= CLCERTS;
+		else if (!strcmp (*args, "-cacerts")) options |= CACERTS;
+		else if (!strcmp (*args, "-noout")) options |= (NOKEYS|NOCERTS);
+		else if (!strcmp (*args, "-info")) options |= INFO;
+		else if (!strcmp (*args, "-chain")) chain = 1;
+		else if (!strcmp (*args, "-twopass")) twopass = 1;
+		else if (!strcmp (*args, "-nomacver")) macver = 0;
+		else if (!strcmp (*args, "-descert"))
+    			cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+		else if (!strcmp (*args, "-export")) export_cert = 1;
+		else if (!strcmp (*args, "-des")) enc=EVP_des_cbc();
+#ifndef NO_IDEA
+		else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc();
+#endif
+		else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc();
+		else if (!strcmp (*args, "-noiter")) iter = 1;
+		else if (!strcmp (*args, "-maciter"))
+					 maciter = PKCS12_DEFAULT_ITER;
+		else if (!strcmp (*args, "-nodes")) enc=NULL;
+		else if (!strcmp (*args, "-inkey")) {
+		    if (args[1]) {
+			args++;	
+			keyname = *args;
+		    } else badarg = 1;
+		} else if (!strcmp (*args, "-certfile")) {
+		    if (args[1]) {
+			args++;	
+			certfile = *args;
+		    } else badarg = 1;
+		} else if (!strcmp (*args, "-name")) {
+		    if (args[1]) {
+			args++;	
+			name = *args;
+		    } else badarg = 1;
+		} else if (!strcmp (*args, "-caname")) {
+		    if (args[1]) {
+			args++;	
+			if (!canames) canames = sk_new(NULL);
+			sk_push(canames, *args);
+		    } else badarg = 1;
+		} else if (!strcmp (*args, "-in")) {
+		    if (args[1]) {
+			args++;	
+			infile = *args;
+		    } else badarg = 1;
+		} else if (!strcmp (*args, "-out")) {
+		    if (args[1]) {
+			args++;	
+			outfile = *args;
+		    } else badarg = 1;
+		} else if (!strcmp (*args, "-envpass")) {
+		    if (args[1]) {
+			args++;	
+			if(!(cpass = getenv(*args))) {
+				BIO_printf(bio_err,
+				 "Can't read environment variable %s\n", *args);
+				goto end;
+			}
+			noprompt = 1;
+		    } else badarg = 1;
+		} else if (!strcmp (*args, "-password")) {
+		    if (args[1]) {
+			args++;	
+			cpass = *args;
+		    	noprompt = 1;
+		    } else badarg = 1;
+		} else badarg = 1;
+
+	} else badarg = 1;
+	args++;
+    }
+
+    if (badarg) {
+	BIO_printf (bio_err, "Usage: pkcs12 [options]\n");
+	BIO_printf (bio_err, "where options are\n");
+	BIO_printf (bio_err, "-export       output PKCS12 file\n");
+	BIO_printf (bio_err, "-chain        add certificate chain\n");
+	BIO_printf (bio_err, "-inkey file   private key if not infile\n");
+	BIO_printf (bio_err, "-certfile f   add all certs in f\n");
+	BIO_printf (bio_err, "-name \"name\"  use name as friendly name\n");
+	BIO_printf (bio_err, "-caname \"nm\"  use nm as CA friendly name (can be used more than once).\n");
+	BIO_printf (bio_err, "-in  infile   input filename\n");
+	BIO_printf (bio_err, "-out outfile  output filename\n");
+	BIO_printf (bio_err, "-noout        don't output anything, just verify.\n");
+	BIO_printf (bio_err, "-nomacver     don't verify MAC.\n");
+	BIO_printf (bio_err, "-nocerts      don't output certificates.\n");
+	BIO_printf (bio_err, "-clcerts      only output client certificates.\n");
+	BIO_printf (bio_err, "-cacerts      only output CA certificates.\n");
+	BIO_printf (bio_err, "-nokeys       don't output private keys.\n");
+	BIO_printf (bio_err, "-info         give info about PKCS#12 structure.\n");
+	BIO_printf (bio_err, "-des          encrypt private keys with DES\n");
+	BIO_printf (bio_err, "-des3         encrypt private keys with triple DES (default)\n");
+#ifndef NO_IDEA
+	BIO_printf (bio_err, "-idea         encrypt private keys with idea\n");
+#endif
+	BIO_printf (bio_err, "-nodes        don't encrypt private keys\n");
+	BIO_printf (bio_err, "-noiter       don't use encryption iteration\n");
+	BIO_printf (bio_err, "-maciter      use MAC iteration\n");
+	BIO_printf (bio_err, "-twopass      separate MAC, encryption passwords\n");
+	BIO_printf (bio_err, "-descert      encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");
+	BIO_printf (bio_err, "-keyex        set MS key exchange type\n");
+	BIO_printf (bio_err, "-keysig       set MS key signature type\n");
+	BIO_printf (bio_err, "-password p   set import/export password (NOT RECOMMENDED)\n");
+	BIO_printf (bio_err, "-envpass p    set import/export password from environment\n");
+    	goto end;
+    }
+
+    if(cpass) mpass = cpass;
+    else {
+	cpass = pass;
+	mpass = macpass;
+    }
+
+    ERR_load_crypto_strings();
+
+    if (!infile) in = BIO_new_fp(stdin, BIO_NOCLOSE);
+    else in = BIO_new_file(infile, "rb");
+    if (!in) {
+	    BIO_printf(bio_err, "Error opening input file %s\n",
+						infile ? infile : "<stdin>");
+	    perror (infile);
+	    goto end;
+   }
+
+   if (certfile) {
+    	if(!(certsin = BIO_new_file(certfile, "r"))) {
+	    BIO_printf(bio_err, "Can't open certificate file %s\n", certfile);
+	    perror (certfile);
+	    goto end;
+	}
+    }
+
+    if (keyname) {
+    	if(!(inkey = BIO_new_file(keyname, "r"))) {
+	    BIO_printf(bio_err, "Can't key certificate file %s\n", keyname);
+	    perror (keyname);
+	    goto end;
+	}
+     }
+
+    if (!outfile) out = BIO_new_fp(stdout, BIO_NOCLOSE);
+    else out = BIO_new_file(outfile, "wb");
+    if (!out) {
+	BIO_printf(bio_err, "Error opening output file %s\n",
+						outfile ? outfile : "<stdout>");
+	perror (outfile);
+	goto end;
+    }
+    if (twopass) {
+	if(EVP_read_pw_string (macpass, 50, "Enter MAC Password:", export_cert))
+	{
+    	    BIO_printf (bio_err, "Can't read Password\n");
+    	    goto end;
+       	}
+    }
+
+if (export_cert) {
+	EVP_PKEY *key;
+	STACK *bags, *safes;
+	PKCS12_SAFEBAG *bag;
+	PKCS8_PRIV_KEY_INFO *p8;
+	PKCS7 *authsafe;
+	X509 *cert = NULL, *ucert = NULL;
+	STACK_OF(X509) *certs;
+	char *catmp;
+	int i;
+	unsigned char keyid[EVP_MAX_MD_SIZE];
+	unsigned int keyidlen = 0;
+	key = PEM_read_bio_PrivateKey(inkey ? inkey : in, NULL, NULL, NULL);
+	if (!inkey) (void) BIO_reset(in);
+	if (!key) {
+		BIO_printf (bio_err, "Error loading private key\n");
+		ERR_print_errors(bio_err);
+		goto end;
+	}
+
+	certs = sk_X509_new(NULL);
+
+	/* Load in all certs in input file */
+	if(!cert_load(in, certs)) {
+		BIO_printf(bio_err, "Error loading certificates from input\n");
+		ERR_print_errors(bio_err);
+		goto end;
+	}
+
+	for(i = 0; i < sk_X509_num(certs); i++) {
+		ucert = sk_X509_value(certs, i);
+		if(X509_check_private_key(ucert, key)) {
+			X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
+			break;
+		}
+	}
+
+	if(!keyidlen) {
+		BIO_printf(bio_err, "No certificate matches private key\n");
+		goto end;
+	}
+	
+	bags = sk_new (NULL);
+
+	/* Add any more certificates asked for */
+	if (certsin) {
+		if(!cert_load(certsin, certs)) {
+			BIO_printf(bio_err, "Error loading certificates from certfile\n");
+			ERR_print_errors(bio_err);
+			goto end;
+		}
+	    	BIO_free(certsin);
+ 	}
+
+	/* If chaining get chain from user cert */
+	if (chain) {
+        	int vret;
+		STACK_OF(X509) *chain2;
+		vret = get_cert_chain (ucert, &chain2);
+		if (vret) {
+			BIO_printf (bio_err, "Error %s getting chain.\n",
+					X509_verify_cert_error_string(vret));
+			goto end;
+		}
+		/* Exclude verified certificate */
+		for (i = 1; i < sk_X509_num (chain2) ; i++) 
+				 sk_X509_push(certs, sk_X509_value (chain2, i));
+		sk_X509_free(chain2);
+			
+    	}
+
+	/* We now have loads of certificates: include them all */
+	for(i = 0; i < sk_X509_num(certs); i++) {
+		cert = sk_X509_value(certs, i);
+		bag = M_PKCS12_x5092certbag(cert);
+		/* If it matches private key set id */
+		if(cert == ucert) {
+			if(name) PKCS12_add_friendlyname(bag, name, -1);
+			PKCS12_add_localkeyid(bag, keyid, keyidlen);
+		} else if((catmp = sk_shift(canames))) 
+				PKCS12_add_friendlyname(bag, catmp, -1);
+		sk_push(bags, (char *)bag);
+	}
+
+	if (canames) sk_free(canames);
+
+	if(!noprompt &&
+		EVP_read_pw_string(pass, 50, "Enter Export Password:", 1)) {
+	    BIO_printf (bio_err, "Can't read Password\n");
+	    goto end;
+        }
+	if (!twopass) strcpy(macpass, pass);
+	/* Turn certbags into encrypted authsafe */
+	authsafe = PKCS12_pack_p7encdata(cert_pbe, cpass, -1, NULL, 0,
+								 iter, bags);
+	sk_pop_free(bags, PKCS12_SAFEBAG_free);
+
+	if (!authsafe) {
+		ERR_print_errors (bio_err);
+		goto end;
+	}
+
+	safes = sk_new (NULL);
+	sk_push (safes, (char *)authsafe);
+
+	/* Make a shrouded key bag */
+	p8 = EVP_PKEY2PKCS8 (key);
+	EVP_PKEY_free(key);
+	if(keytype) PKCS8_add_keyusage(p8, keytype);
+	bag = PKCS12_MAKE_SHKEYBAG(NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
+			cpass, -1, NULL, 0, iter, p8);
+	PKCS8_PRIV_KEY_INFO_free(p8);
+        if (name) PKCS12_add_friendlyname (bag, name, -1);
+	PKCS12_add_localkeyid (bag, keyid, keyidlen);
+	bags = sk_new(NULL);
+	sk_push (bags, (char *)bag);
+	/* Turn it into unencrypted safe bag */
+	authsafe = PKCS12_pack_p7data (bags);
+	sk_pop_free(bags, PKCS12_SAFEBAG_free);
+	sk_push (safes, (char *)authsafe);
+
+	p12 = PKCS12_init (NID_pkcs7_data);
+
+	M_PKCS12_pack_authsafes (p12, safes);
+
+	sk_pop_free(safes, PKCS7_free);
+
+	PKCS12_set_mac (p12, mpass, -1, NULL, 0, maciter, NULL);
+
+	i2d_PKCS12_bio (out, p12);
+
+	PKCS12_free(p12);
+
+	ret = 0;
+	goto end;
+	
+    }
+
+    if (!(p12 = d2i_PKCS12_bio (in, NULL))) {
+	ERR_print_errors(bio_err);
+	goto end;
+    }
+
+    if(!noprompt && EVP_read_pw_string(pass, 50, "Enter Import Password:", 0)) {
+	BIO_printf (bio_err, "Can't read Password\n");
+	goto end;
+    }
+
+    if (!twopass) strcpy(macpass, pass);
+
+    if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
+    if(macver) {
+	if (!PKCS12_verify_mac (p12, mpass, -1)) {
+	    BIO_printf (bio_err, "Mac verify errror: invalid password?\n");
+	    ERR_print_errors (bio_err);
+	    goto end;
+	} else BIO_printf (bio_err, "MAC verified OK\n");
+    }
+
+    if (!dump_certs_keys_p12 (out, p12, cpass, -1, options)) {
+	BIO_printf(bio_err, "Error outputting keys and certificates\n");
+	ERR_print_errors (bio_err);
+	goto end;
+    }
+    PKCS12_free(p12);
+    ret = 0;
+    end:
+    BIO_free(out);
+    EXIT(ret);
+}
+
+int dump_cert_text (BIO *out, X509 *x)
+{
+	char buf[256];
+	X509_NAME_oneline(X509_get_subject_name(x),buf,256);
+	BIO_puts(out,"subject=");
+	BIO_puts(out,buf);
+
+	X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
+	BIO_puts(out,"\nissuer= ");
+	BIO_puts(out,buf);
+	BIO_puts(out,"\n");
+        return 0;
+}
+
+int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
+	     int passlen, int options)
+{
+	STACK *asafes, *bags;
+	int i, bagnid;
+	PKCS7 *p7;
+	if (!( asafes = M_PKCS12_unpack_authsafes (p12))) return 0;
+	for (i = 0; i < sk_num (asafes); i++) {
+		p7 = (PKCS7 *) sk_value (asafes, i);
+		bagnid = OBJ_obj2nid (p7->type);
+		if (bagnid == NID_pkcs7_data) {
+			bags = M_PKCS12_unpack_p7data (p7);
+			if (options & INFO) BIO_printf (bio_err, "PKCS7 Data\n");
+		} else if (bagnid == NID_pkcs7_encrypted) {
+			if (options & INFO) {
+				BIO_printf (bio_err, "PKCS7 Encrypted data: ");
+				alg_print (bio_err, 
+					p7->d.encrypted->enc_data->algorithm);
+			}
+			bags = M_PKCS12_unpack_p7encdata (p7, pass, passlen);
+		} else continue;
+		if (!bags) return 0;
+	    	if (!dump_certs_pkeys_bags (out, bags, pass, passlen, 
+							 options)) {
+			sk_pop_free (bags, PKCS12_SAFEBAG_free);
+			return 0;
+		}
+		sk_pop_free (bags, PKCS12_SAFEBAG_free);
+	}
+	sk_pop_free (asafes, PKCS7_free);
+	return 1;
+}
+
+int dump_certs_pkeys_bags (BIO *out, STACK *bags, char *pass,
+	     int passlen, int options)
+{
+	int i;
+	for (i = 0; i < sk_num (bags); i++) {
+		if (!dump_certs_pkeys_bag (out,
+			 (PKCS12_SAFEBAG *)sk_value (bags, i), pass, passlen,
+					 		options)) return 0;
+	}
+	return 1;
+}
+
+int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
+	     int passlen, int options)
+{
+	EVP_PKEY *pkey;
+	PKCS8_PRIV_KEY_INFO *p8;
+	X509 *x509;
+	
+	switch (M_PKCS12_bag_type(bag))
+	{
+	case NID_keyBag:
+		if (options & INFO) BIO_printf (bio_err, "Key bag\n");
+		if (options & NOKEYS) return 1;
+		print_attribs (out, bag->attrib, "Bag Attributes");
+		p8 = bag->value.keybag;
+		if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;
+		print_attribs (out, p8->attributes, "Key Attributes");
+		PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, NULL);
+		EVP_PKEY_free(pkey);
+	break;
+
+	case NID_pkcs8ShroudedKeyBag:
+		if (options & INFO) {
+			BIO_printf (bio_err, "Shrouded Keybag: ");
+			alg_print (bio_err, bag->value.shkeybag->algor);
+		}
+		if (options & NOKEYS) return 1;
+		print_attribs (out, bag->attrib, "Bag Attributes");
+		if (!(p8 = M_PKCS12_decrypt_skey (bag, pass, passlen)))
+				return 0;
+		if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;
+		print_attribs (out, p8->attributes, "Key Attributes");
+		PKCS8_PRIV_KEY_INFO_free(p8);
+		PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, NULL);
+		EVP_PKEY_free(pkey);
+	break;
+
+	case NID_certBag:
+		if (options & INFO) BIO_printf (bio_err, "Certificate bag\n");
+		if (options & NOCERTS) return 1;
+                if (PKCS12_get_attr(bag, NID_localKeyID)) {
+			if (options & CACERTS) return 1;
+		} else if (options & CLCERTS) return 1;
+		print_attribs (out, bag->attrib, "Bag Attributes");
+		if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
+								 return 1;
+		if (!(x509 = M_PKCS12_certbag2x509(bag))) return 0;
+		dump_cert_text (out, x509);
+		PEM_write_bio_X509 (out, x509);
+		X509_free(x509);
+	break;
+
+	case NID_safeContentsBag:
+		if (options & INFO) BIO_printf (bio_err, "Safe Contents bag\n");
+		print_attribs (out, bag->attrib, "Bag Attributes");
+		return dump_certs_pkeys_bags (out, bag->value.safes, pass,
+							    passlen, options);
+					
+	default:
+		BIO_printf (bio_err, "Warning unsupported bag type: ");
+		i2a_ASN1_OBJECT (bio_err, bag->type);
+		BIO_printf (bio_err, "\n");
+		return 1;
+	break;
+	}
+	return 1;
+}
+
+/* Given a single certificate return a verified chain or NULL if error */
+
+/* Hope this is OK .... */
+
+int get_cert_chain (X509 *cert, STACK_OF(X509) **chain)
+{
+	X509_STORE *store;
+	X509_STORE_CTX store_ctx;
+	STACK_OF(X509) *chn;
+	int i;
+	X509 *x;
+	store = X509_STORE_new ();
+	X509_STORE_set_default_paths (store);
+	X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
+	if (X509_verify_cert(&store_ctx) <= 0) {
+		i = X509_STORE_CTX_get_error (&store_ctx);
+		goto err;
+	}
+	chn =  sk_X509_dup(X509_STORE_CTX_get_chain (&store_ctx));
+	for (i = 0; i < sk_X509_num(chn); i++) {
+		x = sk_X509_value(chn, i);
+		CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
+	}
+	i = 0;
+	*chain = chn;
+err:
+	X509_STORE_CTX_cleanup(&store_ctx);
+	X509_STORE_free(store);
+	
+	return i;
+}	
+
+int alg_print (BIO *x, X509_ALGOR *alg)
+{
+	PBEPARAM *pbe;
+	unsigned char *p;
+	p = alg->parameter->value.sequence->data;
+	pbe = d2i_PBEPARAM (NULL, &p, alg->parameter->value.sequence->length);
+	BIO_printf (bio_err, "%s, Iteration %d\n", 
+	OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)), ASN1_INTEGER_get(pbe->iter));
+	PBEPARAM_free (pbe);
+	return 0;
+}
+
+/* Load all certificates from a given file */
+
+int cert_load(BIO *in, STACK_OF(X509) *sk)
+{
+	int ret;
+	X509 *cert;
+	ret = 0;
+	while((cert = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
+		ret = 1;
+		sk_X509_push(sk, cert);
+	}
+	if(ret) ERR_clear_error();
+	return ret;
+}
+
+/* Generalised attribute print: handle PKCS#8 and bag attributes */
+
+int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name)
+{
+	X509_ATTRIBUTE *attr;
+	ASN1_TYPE *av;
+	char *value;
+	int i, attr_nid;
+	if(!attrlst) {
+		BIO_printf(out, "%s: <No Attributes>\n", name);
+		return 1;
+	}
+	if(!sk_X509_ATTRIBUTE_num(attrlst)) {
+		BIO_printf(out, "%s: <Empty Attributes>\n", name);
+		return 1;
+	}
+	BIO_printf(out, "%s\n", name);
+	for(i = 0; i < sk_X509_ATTRIBUTE_num(attrlst); i++) {
+		attr = sk_X509_ATTRIBUTE_value(attrlst, i);
+		attr_nid = OBJ_obj2nid(attr->object);
+		BIO_printf(out, "    ");
+		if(attr_nid == NID_undef) {
+			i2a_ASN1_OBJECT (out, attr->object);
+			BIO_printf(out, ": ");
+		} else BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid));
+
+		if(sk_ASN1_TYPE_num(attr->value.set)) {
+			av = sk_ASN1_TYPE_value(attr->value.set, 0);
+			switch(av->type) {
+				case V_ASN1_BMPSTRING:
+        			value = uni2asc(av->value.bmpstring->data,
+                                	       av->value.bmpstring->length);
+				BIO_printf(out, "%s\n", value);
+				Free(value);
+				break;
+
+				case V_ASN1_OCTET_STRING:
+				hex_prin(out, av->value.bit_string->data,
+					av->value.bit_string->length);
+				BIO_printf(out, "\n");	
+				break;
+
+				case V_ASN1_BIT_STRING:
+				hex_prin(out, av->value.octet_string->data,
+					av->value.octet_string->length);
+				BIO_printf(out, "\n");	
+				break;
+
+				default:
+					BIO_printf(out, "<Unsupported tag %d>\n", av->type);
+				break;
+			}
+		} else BIO_printf(out, "<No Values>\n");
+	}
+	return 1;
+}
+
+void hex_prin(BIO *out, unsigned char *buf, int len)
+{
+	int i;
+	for (i = 0; i < len; i++) BIO_printf (out, "%02X ", buf[i]);
+}
+
+#endif
diff --git a/lib/libssl/src/apps/pkcs7.c b/lib/libssl/src/apps/pkcs7.c
index 4105dbd9efb..0e1427cc315 100644
--- a/lib/libssl/src/apps/pkcs7.c
+++ b/lib/libssl/src/apps/pkcs7.c
@@ -61,12 +61,12 @@
 #include <string.h>
 #include <time.h>
 #include "apps.h"
-#include "err.h"
-#include "objects.h"
-#include "evp.h"
-#include "x509.h"
-#include "pkcs7.h"
-#include "pem.h"
+#include <openssl/err.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
 
 #undef PROG
 #define PROG	pkcs7_main
@@ -81,9 +81,7 @@
  * -print_certs
  */
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	PKCS7 *p7=NULL;
 	int i,badops=0;
@@ -161,7 +159,7 @@ bad:
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
 		BIO_printf(bio_err," -outform arg  output format - one of DER TXT PEM\n");
-		BIO_printf(bio_err," -in arg       inout file\n");
+		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
 		BIO_printf(bio_err," -print_certs  print any certs or crl in the input\n");
 		BIO_printf(bio_err," -des          encrypt PEM output with cbc des\n");
@@ -197,7 +195,7 @@ bad:
 	if	(informat == FORMAT_ASN1)
 		p7=d2i_PKCS7_bio(in,NULL);
 	else if (informat == FORMAT_PEM)
-		p7=PEM_read_bio_PKCS7(in,NULL,NULL);
+		p7=PEM_read_bio_PKCS7(in,NULL,NULL,NULL);
 	else
 		{
 		BIO_printf(bio_err,"bad input format specified for pkcs7 object\n");
@@ -223,8 +221,8 @@ bad:
 
 	if (print_certs)
 		{
-		STACK *certs=NULL;
-		STACK *crls=NULL;
+		STACK_OF(X509) *certs=NULL;
+		STACK_OF(X509_CRL) *crls=NULL;
 
 		i=OBJ_obj2nid(p7->type);
 		switch (i)
@@ -245,9 +243,9 @@ bad:
 			{
 			X509 *x;
 
-			for (i=0; i<sk_num(certs); i++)
+			for (i=0; i<sk_X509_num(certs); i++)
 				{
-				x=(X509 *)sk_value(certs,i);
+				x=sk_X509_value(certs,i);
 
 				X509_NAME_oneline(X509_get_subject_name(x),
 					buf,256);
@@ -268,18 +266,18 @@ bad:
 			{
 			X509_CRL *crl;
 
-			for (i=0; i<sk_num(crls); i++)
+			for (i=0; i<sk_X509_CRL_num(crls); i++)
 				{
-				crl=(X509_CRL *)sk_value(crls,i);
+				crl=sk_X509_CRL_value(crls,i);
 
 				X509_NAME_oneline(crl->crl->issuer,buf,256);
 				BIO_puts(out,"issuer= ");
 				BIO_puts(out,buf);
 
 				BIO_puts(out,"\nlast update=");
-				ASN1_UTCTIME_print(out,crl->crl->lastUpdate);
+				ASN1_TIME_print(out,crl->crl->lastUpdate);
 				BIO_puts(out,"\nnext update=");
-				ASN1_UTCTIME_print(out,crl->crl->nextUpdate);
+				ASN1_TIME_print(out,crl->crl->nextUpdate);
 				BIO_puts(out,"\n");
 
 				PEM_write_bio_X509_CRL(out,crl);
diff --git a/lib/libssl/src/apps/pkcs8.c b/lib/libssl/src/apps/pkcs8.c
new file mode 100644
index 00000000000..a05388300ad
--- /dev/null
+++ b/lib/libssl/src/apps/pkcs8.c
@@ -0,0 +1,274 @@
+/* pkcs8.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <string.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/pkcs12.h>
+
+#include "apps.h"
+#define PROG pkcs8_main
+
+
+int MAIN(int argc, char **argv)
+{
+	char **args, *infile = NULL, *outfile = NULL;
+	BIO *in = NULL, *out = NULL;
+	int topk8 = 0;
+	int pbe_nid = -1;
+	const EVP_CIPHER *cipher = NULL;
+	int iter = PKCS12_DEFAULT_ITER;
+	int informat, outformat;
+	int p8_broken = PKCS8_OK;
+	int nocrypt = 0;
+	X509_SIG *p8;
+	PKCS8_PRIV_KEY_INFO *p8inf;
+	EVP_PKEY *pkey;
+	char pass[50];
+	int badarg = 0;
+	if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
+	informat=FORMAT_PEM;
+	outformat=FORMAT_PEM;
+	ERR_load_crypto_strings();
+	SSLeay_add_all_algorithms();
+	args = argv + 1;
+	while (!badarg && *args && *args[0] == '-') {
+		if (!strcmp(*args,"-v2")) {
+			if (args[1]) {
+				args++;
+				cipher=EVP_get_cipherbyname(*args);
+				if(!cipher) {
+					BIO_printf(bio_err,
+						 "Unknown cipher %s\n", *args);
+					badarg = 1;
+				}
+			} else badarg = 1;
+		} else if (!strcmp(*args,"-inform")) {
+			if (args[1]) {
+				args++;
+				informat=str2fmt(*args);
+			} else badarg = 1;
+		} else if (!strcmp(*args,"-outform")) {
+			if (args[1]) {
+				args++;
+				outformat=str2fmt(*args);
+			} else badarg = 1;
+		} else if (!strcmp (*args, "-topk8")) topk8 = 1;
+		else if (!strcmp (*args, "-noiter")) iter = 1;
+		else if (!strcmp (*args, "-nocrypt")) nocrypt = 1;
+		else if (!strcmp (*args, "-nooct")) p8_broken = PKCS8_NO_OCTET;
+		else if (!strcmp (*args, "-in")) {
+			if (args[1]) {
+				args++;
+				infile = *args;
+			} else badarg = 1;
+		} else if (!strcmp (*args, "-out")) {
+			if (args[1]) {
+				args++;
+				outfile = *args;
+			} else badarg = 1;
+		} else badarg = 1;
+		args++;
+	}
+
+	if (badarg) {
+		BIO_printf (bio_err, "Usage pkcs8 [options]\n");
+		BIO_printf (bio_err, "where options are\n");
+		BIO_printf (bio_err, "-in file   input file\n");
+		BIO_printf (bio_err, "-inform X  input format (DER or PEM)\n");
+		BIO_printf (bio_err, "-outform X output format (DER or PEM)\n");
+		BIO_printf (bio_err, "-out file  output file\n");
+		BIO_printf (bio_err, "-topk8     output PKCS8 file\n");
+		BIO_printf (bio_err, "-nooct     use (broken) no octet form\n");
+		BIO_printf (bio_err, "-noiter    use 1 as iteration count\n");
+		BIO_printf (bio_err, "-nocrypt   use or expect unencrypted private key\n");
+		BIO_printf (bio_err, "-v2 alg    use PKCS#5 v2.0 and cipher \"alg\"\n");
+		return (1);
+	}
+
+	if ((pbe_nid == -1) && !cipher) pbe_nid = NID_pbeWithMD5AndDES_CBC;
+
+	if (infile) {
+		if (!(in = BIO_new_file (infile, "rb"))) {
+			BIO_printf (bio_err,
+				 "Can't open input file %s\n", infile);
+			return (1);
+		}
+	} else in = BIO_new_fp (stdin, BIO_NOCLOSE);
+
+	if (outfile) {
+		if (!(out = BIO_new_file (outfile, "wb"))) {
+			BIO_printf (bio_err,
+				 "Can't open output file %s\n", outfile);
+			return (1);
+		}
+	} else out = BIO_new_fp (stdout, BIO_NOCLOSE);
+
+	if (topk8) {
+		if (!(pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL))) {
+			BIO_printf (bio_err, "Error reading key\n", outfile);
+			ERR_print_errors(bio_err);
+			return (1);
+		}
+		BIO_free(in);
+		if (!(p8inf = EVP_PKEY2PKCS8(pkey))) {
+			BIO_printf (bio_err, "Error converting key\n", outfile);
+			ERR_print_errors(bio_err);
+			return (1);
+		}
+		PKCS8_set_broken(p8inf, p8_broken);
+		if(nocrypt) {
+			if(outformat == FORMAT_PEM) 
+				PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);
+			else if(outformat == FORMAT_ASN1)
+				i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);
+			else {
+				BIO_printf(bio_err, "Bad format specified for key\n");
+				return (1);
+			}
+		} else {
+			EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1);
+			if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
+					pass, strlen(pass),
+					NULL, 0, iter, p8inf))) {
+				BIO_printf (bio_err, "Error encrypting key\n",
+								 outfile);
+				ERR_print_errors(bio_err);
+				return (1);
+			}
+			if(outformat == FORMAT_PEM) 
+				PEM_write_bio_PKCS8 (out, p8);
+			else if(outformat == FORMAT_ASN1)
+				i2d_PKCS8_bio(out, p8);
+			else {
+				BIO_printf(bio_err, "Bad format specified for key\n");
+				return (1);
+			}
+			X509_SIG_free(p8);
+		}
+		PKCS8_PRIV_KEY_INFO_free (p8inf);
+		EVP_PKEY_free(pkey);
+		BIO_free(out);
+		return (0);
+	}
+
+	if(nocrypt) {
+		if(informat == FORMAT_PEM) 
+			p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in,NULL,NULL, NULL);
+		else if(informat == FORMAT_ASN1)
+			p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);
+		else {
+			BIO_printf(bio_err, "Bad format specified for key\n");
+			return (1);
+		}
+	} else {
+		if(informat == FORMAT_PEM) 
+			p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL);
+		else if(informat == FORMAT_ASN1)
+			p8 = d2i_PKCS8_bio(in, NULL);
+		else {
+			BIO_printf(bio_err, "Bad format specified for key\n");
+			return (1);
+		}
+
+		if (!p8) {
+			BIO_printf (bio_err, "Error reading key\n", outfile);
+			ERR_print_errors(bio_err);
+			return (1);
+		}
+		EVP_read_pw_string(pass, 50, "Enter Password:", 0);
+		p8inf = M_PKCS8_decrypt(p8, pass, strlen(pass));
+		X509_SIG_free(p8);
+	}
+
+	if (!p8inf) {
+		BIO_printf(bio_err, "Error decrypting key\n", outfile);
+		ERR_print_errors(bio_err);
+		return (1);
+	}
+
+	if (!(pkey = EVP_PKCS82PKEY(p8inf))) {
+		BIO_printf(bio_err, "Error converting key\n", outfile);
+		ERR_print_errors(bio_err);
+		return (1);
+	}
+	
+	if (p8inf->broken) {
+		BIO_printf(bio_err, "Warning: broken key encoding: ");
+		switch (p8inf->broken) {
+			case PKCS8_NO_OCTET:
+			BIO_printf(bio_err, "No Octet String\n");
+			break;
+
+			default:
+			BIO_printf(bio_err, "Unknown broken type\n");
+			break;
+		}
+	}
+	
+	PKCS8_PRIV_KEY_INFO_free(p8inf);
+
+	PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, NULL);
+
+	EVP_PKEY_free(pkey);
+	BIO_free(out);
+	BIO_free(in);
+
+	return (0);
+}
diff --git a/lib/libssl/src/apps/privkey.pem b/lib/libssl/src/apps/privkey.pem
index b567e411b20..0af46474a7e 100644
--- a/lib/libssl/src/apps/privkey.pem
+++ b/lib/libssl/src/apps/privkey.pem
@@ -1,11 +1,18 @@
------BEGIN DSA PRIVATE KEY-----
+-----BEGIN RSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,1BF8E9CE60B9941C
+DEK-Info: DES-EDE3-CBC,BA26229A1653B7FF
 
-JuhgIvVRrxCRedTTC9ABlIByMsq6IcpqyDZwOPS4rxTtVWvjj1BMHtoCebK7CKMZ
-dLsvztfSkdAYmTGK62C73RwlmnMxB4JXhTLaoAX2eL9iylojTWRg+/0Y4rbIKmUe
-hrmwrHld7vnfE9XHL8OoaFp6aJ8BB9B8HIfdJMnrNcTWJSGS6gYPTWPdm7ZCykEV
-2fFEX6IqWjBjaRm36Esj5mHLRVhBbi2n/jy5IhZeqjEsQ8adYGUulzPSe5xc2JZa
-+OO4ch/RRqWTFP59eNPfdke3UE7uNlUhPnYDAOXhSdMJBzI+T9RQXU2y/tMOrYYK
-3+jNQcQ9q1Xy1s5dz/BOvw==
------END DSA PRIVATE KEY-----
+6nhWG8PKhTPO/s3ZvjUa6226NlKdvPDZFsNXOOoSUs9ejxpb/aj5huhs6qRYzsz9
+Year47uaAZYhGD0vAagnNiBnYmjWEpN9G/wQxG7pgZThK1ZxDi63qn8aQ8UjuGHo
+F6RpnnBQIAnWTWqr/Qsybtc5EoNkrj/Cpx0OfbSr6gZsFBCxwX1R1hT3/mhJ45f3
+XMofY32Vdfx9/vtw1O7HmlHXQnXaqnbd9/nn1EpvFJG9+UjPoW7gV4jCOLuR4deE
+jS8hm+cpkwXmFtk3VGjT9tQXPpMv3JpYfBqgGQoMAJ5Toq0DWcHi6Wg08PsD8lgy
+vmTioPsRg+JGkJkJ8GnusgLpQdlQJbjzd7wGE6ElUFLfOxLo8bLlRHoriHNdWYhh
+JjY0LyeTkovcmWxVjImc6ZyBz5Ly4t0BYf1gq3OkjsV91Q1taBxnhiavfizqMCAf
+PPB3sLQnlXG77TOXkNxpqbZfEYrVZW2Nsqqdn8s07Uj4IMONZyq2odYKWFPMJBiM
+POYwXjMAOcmFMTHYsVlhcUJuV6LOuipw/FEbTtPH/MYMxLe4zx65dYo1rb4iLKLS
+gMtB0o/Wl4Xno3ZXh1ucicYnV2J7NpVcjVq+3SFiCRu2SrSkZHZ23EPS13Ec6fcz
+8X/YGA2vTJ8MAOozAzQUwHQYvLk7bIoQVekqDq4p0AZQbhdspHpArCk0Ifqqzg/v
+Uyky/zZiQYanzDenTSRVI/8wac3olxpU8QvbySxYqmbkgq6bTpXJfYFQfnAttEsC
+dA4S5UFgyOPZluxCAM4yaJF3Ft6neutNwftuJQMbgCUi9vYg2tGdSw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/libssl/src/apps/progs.h b/lib/libssl/src/apps/progs.h
index ec00396ed7f..df067182bc4 100644
--- a/lib/libssl/src/apps/progs.h
+++ b/lib/libssl/src/apps/progs.h
@@ -1,4 +1,5 @@
-#ifndef NOPROTO
+/* This file was generated by progs.pl. */
+
 extern int verify_main(int argc,char *argv[]);
 extern int asn1parse_main(int argc,char *argv[]);
 extern int req_main(int argc,char *argv[]);
@@ -14,6 +15,7 @@ extern int dsa_main(int argc,char *argv[]);
 extern int dsaparam_main(int argc,char *argv[]);
 extern int x509_main(int argc,char *argv[]);
 extern int genrsa_main(int argc,char *argv[]);
+extern int gendsa_main(int argc,char *argv[]);
 extern int s_server_main(int argc,char *argv[]);
 extern int s_client_main(int argc,char *argv[]);
 extern int speed_main(int argc,char *argv[]);
@@ -23,34 +25,11 @@ extern int pkcs7_main(int argc,char *argv[]);
 extern int crl2pkcs7_main(int argc,char *argv[]);
 extern int sess_id_main(int argc,char *argv[]);
 extern int ciphers_main(int argc,char *argv[]);
-#else
-extern int verify_main();
-extern int asn1parse_main();
-extern int req_main();
-extern int dgst_main();
-extern int dh_main();
-extern int enc_main();
-extern int gendh_main();
-extern int errstr_main();
-extern int ca_main();
-extern int crl_main();
-extern int rsa_main();
-extern int dsa_main();
-extern int dsaparam_main();
-extern int x509_main();
-extern int genrsa_main();
-extern int s_server_main();
-extern int s_client_main();
-extern int speed_main();
-extern int s_time_main();
-extern int version_main();
-extern int pkcs7_main();
-extern int crl2pkcs7_main();
-extern int sess_id_main();
-extern int ciphers_main();
-#endif
+extern int nseq_main(int argc,char *argv[]);
+extern int pkcs12_main(int argc,char *argv[]);
+extern int pkcs8_main(int argc,char *argv[]);
 
-#ifdef SSLEAY_SRC
+#ifdef SSLEAY_SRC  /* Defined only in openssl.c. */
 
 #define FUNC_TYPE_GENERAL	1
 #define FUNC_TYPE_MD		2
@@ -65,9 +44,7 @@ typedef struct {
 FUNCTION functions[] = {
 	{FUNC_TYPE_GENERAL,"verify",verify_main},
 	{FUNC_TYPE_GENERAL,"asn1parse",asn1parse_main},
-#ifndef NO_RSA
 	{FUNC_TYPE_GENERAL,"req",req_main},
-#endif
 	{FUNC_TYPE_GENERAL,"dgst",dgst_main},
 #ifndef NO_DH
 	{FUNC_TYPE_GENERAL,"dh",dh_main},
@@ -77,9 +54,7 @@ FUNCTION functions[] = {
 	{FUNC_TYPE_GENERAL,"gendh",gendh_main},
 #endif
 	{FUNC_TYPE_GENERAL,"errstr",errstr_main},
-#ifndef NO_RSA
 	{FUNC_TYPE_GENERAL,"ca",ca_main},
-#endif
 	{FUNC_TYPE_GENERAL,"crl",crl_main},
 #ifndef NO_RSA
 	{FUNC_TYPE_GENERAL,"rsa",rsa_main},
@@ -90,12 +65,13 @@ FUNCTION functions[] = {
 #ifndef NO_DSA
 	{FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main},
 #endif
-#ifndef NO_RSA
 	{FUNC_TYPE_GENERAL,"x509",x509_main},
-#endif
 #ifndef NO_RSA
 	{FUNC_TYPE_GENERAL,"genrsa",genrsa_main},
 #endif
+#ifndef NO_DSA
+	{FUNC_TYPE_GENERAL,"gendsa",gendsa_main},
+#endif
 #if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))
 	{FUNC_TYPE_GENERAL,"s_server",s_server_main},
 #endif
@@ -110,14 +86,20 @@ FUNCTION functions[] = {
 	{FUNC_TYPE_GENERAL,"pkcs7",pkcs7_main},
 	{FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main},
 	{FUNC_TYPE_GENERAL,"sess_id",sess_id_main},
-#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))
+#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))
 	{FUNC_TYPE_GENERAL,"ciphers",ciphers_main},
 #endif
+	{FUNC_TYPE_GENERAL,"nseq",nseq_main},
+#if !defined(NO_DES) && !defined(NO_SHA1)
+	{FUNC_TYPE_GENERAL,"pkcs12",pkcs12_main},
+#endif
+	{FUNC_TYPE_GENERAL,"pkcs8",pkcs8_main},
 	{FUNC_TYPE_MD,"md2",dgst_main},
 	{FUNC_TYPE_MD,"md5",dgst_main},
 	{FUNC_TYPE_MD,"sha",dgst_main},
 	{FUNC_TYPE_MD,"sha1",dgst_main},
 	{FUNC_TYPE_MD,"mdc2",dgst_main},
+	{FUNC_TYPE_MD,"rmd160",dgst_main},
 	{FUNC_TYPE_CIPHER,"base64",enc_main},
 #ifndef NO_DES
 	{FUNC_TYPE_CIPHER,"des",enc_main},
@@ -137,7 +119,7 @@ FUNCTION functions[] = {
 #ifndef NO_RC2
 	{FUNC_TYPE_CIPHER,"rc2",enc_main},
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 	{FUNC_TYPE_CIPHER,"bf",enc_main},
 #endif
 #ifndef NO_CAST
@@ -206,16 +188,16 @@ FUNCTION functions[] = {
 #ifndef NO_RC2
 	{FUNC_TYPE_CIPHER,"rc2-ofb",enc_main},
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 	{FUNC_TYPE_CIPHER,"bf-cbc",enc_main},
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 	{FUNC_TYPE_CIPHER,"bf-ecb",enc_main},
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 	{FUNC_TYPE_CIPHER,"bf-cfb",enc_main},
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 	{FUNC_TYPE_CIPHER,"bf-ofb",enc_main},
 #endif
 #ifndef NO_CAST
diff --git a/lib/libssl/src/apps/g_ssleay.pl b/lib/libssl/src/apps/progs.pl
index bd5621dcab8..7a69fc7b18d 100644
--- a/lib/libssl/src/apps/g_ssleay.pl
+++ b/lib/libssl/src/apps/progs.pl
@@ -1,23 +1,15 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 
-$mkprog='mklinks';
-$rmprog='rmlinks';
-
-print "#ifndef NOPROTO\n";
+print "/* This file was generated by progs.pl. */\n\n";
 
 grep(s/^asn1pars$/asn1parse/,@ARGV);
 
 foreach (@ARGV)
 	{ printf "extern int %s_main(int argc,char *argv[]);\n",$_; }
-print "#else\n";
-foreach (@ARGV)
-	{ printf "extern int %s_main();\n",$_; }
-print "#endif\n";
-
 
 print <<'EOF';
 
-#ifdef SSLEAY_SRC
+#ifdef SSLEAY_SRC  /* Defined only in openssl.c. */
 
 #define FUNC_TYPE_GENERAL	1
 #define FUNC_TYPE_MD		2
@@ -38,8 +30,7 @@ foreach (@ARGV)
 	$str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
 	if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
 		{ print "#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))\n${str}#endif\n"; } 
-	elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) ||
-		($_ =~ /^req$/) || ($_ =~ /^ca$/) || ($_ =~ /^x509$/))
+	elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) ) 
 		{ print "#ifndef NO_RSA\n${str}#endif\n";  }
 	elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/))
 		{ print "#ifndef NO_DSA\n${str}#endif\n"; }
@@ -49,7 +40,7 @@ foreach (@ARGV)
 		{ print $str; }
 	}
 
-foreach ("md2","md5","sha","sha1","mdc2")
+foreach ("md2","md5","sha","sha1","mdc2","rmd160")
 	{
 	push(@files,$_);
 	printf "\t{FUNC_TYPE_MD,\"%s\",dgst_main},\n",$_;
@@ -75,7 +66,7 @@ foreach (
 	elsif ($_ =~ /idea/) { $t="#ifndef NO_IDEA\n${t}#endif\n"; }
 	elsif ($_ =~ /rc4/)  { $t="#ifndef NO_RC4\n${t}#endif\n"; }
 	elsif ($_ =~ /rc2/)  { $t="#ifndef NO_RC2\n${t}#endif\n"; }
-	elsif ($_ =~ /bf/)   { $t="#ifndef NO_BLOWFISH\n${t}#endif\n"; }
+	elsif ($_ =~ /bf/)   { $t="#ifndef NO_BF\n${t}#endif\n"; }
 	elsif ($_ =~ /cast/) { $t="#ifndef NO_CAST\n${t}#endif\n"; }
 	elsif ($_ =~ /rc5/)  { $t="#ifndef NO_RC5\n${t}#endif\n"; }
 	print $t;
@@ -84,31 +75,3 @@ foreach (
 print "\t{0,NULL,NULL}\n\t};\n";
 print "#endif\n\n";
 
-open(OUT,">$mkprog") || die "unable to open '$prog':$!\n";
-print OUT "#!/bin/sh\nfor i in ";
-foreach (@files)
-	{ print OUT $_." "; }
-print OUT <<'EOF';
-
-do
-echo making symlink for $i
-/bin/rm -f $i
-ln -s ssleay $i
-done
-EOF
-close(OUT);
-chmod(0755,$mkprog);
-
-open(OUT,">$rmprog") || die "unable to open '$prog':$!\n";
-print OUT "#!/bin/sh\nfor i in ";
-foreach (@files)
-	{ print OUT $_." "; }
-print OUT <<'EOF';
-
-do
-echo removing $i
-/bin/rm -f $i
-done
-EOF
-close(OUT);
-chmod(0755,$rmprog);
diff --git a/lib/libssl/src/apps/req.c b/lib/libssl/src/apps/req.c
index f51345f5a28..463ac156ea4 100644
--- a/lib/libssl/src/apps/req.c
+++ b/lib/libssl/src/apps/req.c
@@ -64,15 +64,16 @@
 #define APPS_WIN16
 #endif
 #include "apps.h"
-#include "bio.h"
-#include "evp.h"
-#include "rand.h"
-#include "conf.h"
-#include "err.h"
-#include "asn1.h"
-#include "x509.h"
-#include "objects.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/conf.h>
+#include <openssl/err.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/objects.h>
+#include <openssl/pem.h>
 
 #define SECTION		"req"
 
@@ -80,6 +81,7 @@
 #define KEYFILE		"default_keyfile"
 #define DISTINGUISHED_NAME	"distinguished_name"
 #define ATTRIBUTES	"attributes"
+#define V3_EXTENSIONS	"x509_extensions"
 
 #define DEFAULT_KEY_LENGTH	512
 #define MIN_KEY_LENGTH		384
@@ -105,22 +107,16 @@
  *		  require.  This format is wrong
  */
 
-#ifndef NOPROTO
 static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,int attribs);
-static int add_attribute_object(STACK *n, char *text, char *def, 
-	char *value, int nid,int min,int max);
+static int add_attribute_object(STACK_OF(X509_ATTRIBUTE) *n, char *text,
+				char *def, char *value, int nid, int min,
+				int max);
 static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
 	int nid,int min,int max);
-static void MS_CALLBACK req_cb(int p,int n,char *arg);
+static void MS_CALLBACK req_cb(int p,int n,void *arg);
 static int req_fix_data(int nid,int *type,int len,int min,int max);
-#else
-static int make_REQ();
-static int add_attribute_object();
-static int add_DN_object();
-static void MS_CALLBACK req_cb();
-static int req_fix_data();
-#endif
-
+static int check_end(char *str, char *end);
+static int add_oid_section(LHASH *conf);
 #ifndef MONOLITH
 static char *default_config_file=NULL;
 static LHASH *config=NULL;
@@ -131,9 +127,7 @@ static LHASH *req_conf=NULL;
 #define TYPE_DSA	2
 #define TYPE_DH		3
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 #ifndef NO_DSA
 	DSA *dsa_params=NULL;
@@ -147,10 +141,11 @@ char **argv;
 	int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
 	int nodes=0,kludge=0;
 	char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
+	char *extensions = NULL;
 	EVP_CIPHER *cipher=NULL;
 	int modulus=0;
 	char *p;
-	EVP_MD *md_alg=NULL,*digest=EVP_md5();
+	const EVP_MD *md_alg=NULL,*digest=EVP_md5();
 #ifndef MONOLITH
 	MS_STATIC char config_name[256];
 #endif
@@ -221,13 +216,16 @@ char **argv;
 			}
 		else if (strcmp(*argv,"-newkey") == 0)
 			{
+			int is_numeric;
+
 			if (--argc < 1) goto bad;
 			p= *(++argv);
-			if ((strncmp("rsa:",p,4) == 0) ||
-				((p[0] >= '0') && (p[0] <= '9')))
+			is_numeric = p[0] >= '0' && p[0] <= '9';
+			if (strncmp("rsa:",p,4) == 0 || is_numeric)
 				{
 				pkey_type=TYPE_RSA;
-				p+=4;
+				if(!is_numeric)
+				    p+=4;
 				newkey= atoi(p);
 				}
 			else
@@ -244,21 +242,20 @@ char **argv;
 					perror(p);
 					goto end;
 					}
-				if ((dsa_params=PEM_read_bio_DSAparams(in,NULL,NULL)) == NULL)
+				if ((dsa_params=PEM_read_bio_DSAparams(in,NULL,NULL,NULL)) == NULL)
 					{
 					ERR_clear_error();
-					BIO_reset(in);
-					if ((xtmp=PEM_read_bio_X509(in,NULL,NULL)) == NULL)
+					(void)BIO_reset(in);
+					if ((xtmp=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL)
 						{
 						BIO_printf(bio_err,"unable to load DSA parameters from file\n");
 						goto end;
 						}
 
-					/* This will 'disapear'
-					 * when we free xtmp */
 					dtmp=X509_get_pubkey(xtmp);
 					if (dtmp->type == EVP_PKEY_DSA)
 						dsa_params=DSAparams_dup(dtmp->pkey.dsa);
+					EVP_PKEY_free(dtmp);
 					X509_free(xtmp);
 					if (dsa_params == NULL)
 						{
@@ -329,7 +326,7 @@ bad:
 		BIO_printf(bio_err,"where options  are\n");
 		BIO_printf(bio_err," -inform arg    input format - one of DER TXT PEM\n");
 		BIO_printf(bio_err," -outform arg   output format - one of DER TXT PEM\n");
-		BIO_printf(bio_err," -in arg        inout file\n");
+		BIO_printf(bio_err," -in arg        input file\n");
 		BIO_printf(bio_err," -out arg       output file\n");
 		BIO_printf(bio_err," -text          text form of request\n");
 		BIO_printf(bio_err," -noout         do not output REQ\n");
@@ -343,7 +340,7 @@ bad:
 		BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
 
 		BIO_printf(bio_err," -[digest]      Digest to sign with (md5, sha1, md2, mdc2)\n");
-		BIO_printf(bio_err," -config file   request templace file.\n");
+		BIO_printf(bio_err," -config file   request template file.\n");
 		BIO_printf(bio_err," -new           new request.\n");
 		BIO_printf(bio_err," -x509          output a x509 structure instead of a cert. req.\n");
 		BIO_printf(bio_err," -days          number of days a x509 generated by -x509 is valid for.\n");
@@ -354,15 +351,20 @@ bad:
 		}
 
 	ERR_load_crypto_strings();
+	X509V3_add_standard_extensions();
 
 #ifndef MONOLITH
 	/* Lets load up our environment a little */
-	p=getenv("SSLEAY_CONF");
+	p=getenv("OPENSSL_CONF");
+	if (p == NULL)
+		p=getenv("SSLEAY_CONF");
 	if (p == NULL)
 		{
 		strcpy(config_name,X509_get_default_cert_area());
-		strcat(config_name,"/lib/");
-		strcat(config_name,SSLEAY_CONF);
+#ifndef VMS
+		strcat(config_name,"/");
+#endif
+		strcat(config_name,OPENSSL_CONF);
 		p=config_name;
 		}
         default_config_file=p;
@@ -392,6 +394,30 @@ bad:
 			}
 		}
 
+	if (req_conf != NULL)
+		{
+		p=CONF_get_string(req_conf,NULL,"oid_file");
+		if (p != NULL)
+			{
+			BIO *oid_bio;
+
+			oid_bio=BIO_new_file(p,"r");
+			if (oid_bio == NULL) 
+				{
+				/*
+				BIO_printf(bio_err,"problems opening %s for extra oid's\n",p);
+				ERR_print_errors(bio_err);
+				*/
+				}
+			else
+				{
+				OBJ_create_objects(oid_bio);
+				BIO_free(oid_bio);
+				}
+			}
+		}
+		if(!add_oid_section(req_conf)) goto end;
+
 	if ((md_alg == NULL) &&
 		((p=CONF_get_string(req_conf,SECTION,"default_md")) != NULL))
 		{
@@ -399,6 +425,19 @@ bad:
 			digest=md_alg;
 		}
 
+	extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
+	if(extensions) {
+		/* Check syntax of file */
+		X509V3_CTX ctx;
+		X509V3_set_ctx_test(&ctx);
+		X509V3_set_conf_lhash(&ctx, req_conf);
+		if(!X509V3_EXT_add_conf(req_conf, &ctx, extensions, NULL)) {
+			BIO_printf(bio_err,
+			 "Error Loading extension section %s\n", extensions);
+			goto end;
+		}
+	}
+
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
 	if ((in == NULL) || (out == NULL))
@@ -416,7 +455,7 @@ bad:
 			rsa=d2i_RSAPrivateKey_bio(in,NULL);
 		else */
 		if (keyform == FORMAT_PEM)
-			pkey=PEM_read_bio_PrivateKey(in,NULL,NULL);
+			pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL);
 		else
 			{
 			BIO_printf(bio_err,"bad input format specified for X509 request\n");
@@ -474,7 +513,7 @@ bad:
 			{
 			if (!EVP_PKEY_assign_RSA(pkey,
 				RSA_generate_key(newkey,0x10001,
-					req_cb,(char *)bio_err)))
+					req_cb,bio_err)))
 				goto end;
 			}
 		else
@@ -521,7 +560,7 @@ bad:
 		i=0;
 loop:
 		if (!PEM_write_bio_PrivateKey(out,pkey,cipher,
-			NULL,0,NULL))
+			NULL,0,NULL,NULL))
 			{
 			if ((ERR_GET_REASON(ERR_peek_error()) ==
 				PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3))
@@ -555,7 +594,7 @@ loop:
 		if	(informat == FORMAT_ASN1)
 			req=d2i_X509_REQ_bio(in,NULL);
 		else if (informat == FORMAT_PEM)
-			req=PEM_read_bio_X509_REQ(in,NULL,NULL);
+			req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL);
 		else
 			{
 			BIO_printf(bio_err,"bad input format specified for X509 request\n");
@@ -599,12 +638,12 @@ loop:
 			}
 		if (x509)
 			{
+			EVP_PKEY *tmppkey;
+			X509V3_CTX ext_ctx;
 			if ((x509ss=X509_new()) == NULL) goto end;
 
-			/* don't set the version number, for starters
-			 * the field is null and second, null is v0 
-			 * if (!ASN1_INTEGER_set(ci->version,0L)) goto end;
-			 */
+			/* Set version to V3 */
+			if(!X509_set_version(x509ss, 2)) goto end;
 			ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L);
 
 			X509_set_issuer_name(x509ss,
@@ -614,7 +653,24 @@ loop:
 				(long)60*60*24*days);
 			X509_set_subject_name(x509ss,
 				X509_REQ_get_subject_name(req));
-			X509_set_pubkey(x509ss,X509_REQ_get_pubkey(req));
+			tmppkey = X509_REQ_get_pubkey(req);
+			X509_set_pubkey(x509ss,tmppkey);
+			EVP_PKEY_free(tmppkey);
+
+			/* Set up V3 context struct */
+
+			X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, 0);
+			X509V3_set_conf_lhash(&ext_ctx, req_conf);
+
+			/* Add extensions */
+			if(extensions && !X509V3_EXT_add_conf(req_conf, 
+				 	&ext_ctx, extensions, x509ss))
+			    {
+			    BIO_printf(bio_err,
+				       "Error Loading extension section %s\n",
+				       extensions);
+			    goto end;
+			    }
 
 			if (!(i=X509_sign(x509ss,pkey,digest)))
 				goto end;
@@ -638,7 +694,10 @@ loop:
 			}
 
 		i=X509_REQ_verify(req,pkey);
-		if (tmp) pkey=NULL;
+		if (tmp) {
+			EVP_PKEY_free(pkey);
+			pkey=NULL;
+		}
 
 		if (i < 0)
 			{
@@ -695,9 +754,11 @@ loop:
 			goto end; 
 			}
 		fprintf(stdout,"Modulus=");
+#ifndef NO_RSA
 		if (pubkey->type == EVP_PKEY_RSA)
 			BN_print(out,pubkey->pkey.rsa->n);
 		else
+#endif
 			fprintf(stdout,"Wrong Algorithm type");
 		fprintf(stdout,"\n");
 		}
@@ -741,29 +802,28 @@ end:
 		ERR_print_errors(bio_err);
 		}
 	if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf);
-	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free(out);
-	if (pkey != NULL) EVP_PKEY_free(pkey);
-	if (req != NULL) X509_REQ_free(req);
-	if (x509ss != NULL) X509_free(x509ss);
+	BIO_free(in);
+	BIO_free(out);
+	EVP_PKEY_free(pkey);
+	X509_REQ_free(req);
+	X509_free(x509ss);
+	X509V3_EXT_cleanup();
+	OBJ_cleanup();
 #ifndef NO_DSA
 	if (dsa_params != NULL) DSA_free(dsa_params);
 #endif
 	EXIT(ex);
 	}
 
-static int make_REQ(req,pkey,attribs)
-X509_REQ *req;
-EVP_PKEY *pkey;
-int attribs;
+static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
 	{
-	int ret=0,i,j;
-	unsigned char *p,*q;
+	int ret=0,i;
+	char *p,*q;
 	X509_REQ_INFO *ri;
 	char buf[100];
 	int nid,min,max;
 	char *type,*def,*tmp,*value,*tmp_attr;
-	STACK *sk,*attr=NULL;
+	STACK_OF(CONF_VALUE) *sk, *attr=NULL;
 	CONF_VALUE *v;
 	
 	tmp=CONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);
@@ -806,53 +866,32 @@ int attribs;
 	/* setup version number */
 	if (!ASN1_INTEGER_set(ri->version,0L)) goto err; /* version 1 */
 
-	if (sk_num(sk))
+	if (sk_CONF_VALUE_num(sk))
 		{
 		i= -1;
 start:		for (;;)
 			{
 			i++;
-			if ((int)sk_num(sk) <= i) break;
+			if (sk_CONF_VALUE_num(sk) <= i) break;
 
-			v=(CONF_VALUE *)sk_value(sk,i);
+			v=sk_CONF_VALUE_value(sk,i);
 			p=q=NULL;
 			type=v->name;
-			/* Allow for raw OIDs */
-			/* [n.mm.ooo.ppp] */
-			for (j=0; type[j] != '\0'; j++)
-				{
-				if (	(type[j] == ':') ||
-					(type[j] == ',') ||
-					(type[j] == '.'))
-					p=(unsigned char *)&(type[j+1]);
-				if (type[j] == '[')
-					{
-					p=(unsigned char *)&(type[j+1]);
-					for (j++; type[j] != '\0'; j++)
-						if (type[j] == ']')
-							{
-							q=(unsigned char *)&(type[j]);
-							break;
-							}
+			if(!check_end(type,"_min") || !check_end(type,"_max") ||
+				!check_end(type,"_default") ||
+					 !check_end(type,"_value")) continue;
+			/* Skip past any leading X. X: X, etc to allow for
+			 * multiple instances 
+			 */
+			for(p = v->name; *p ; p++) 
+				if ((*p == ':') || (*p == ',') ||
+							 (*p == '.')) {
+					p++;
+					if(*p) type = p;
 					break;
-					}
-				}
-			if (p != NULL)
-				type=(char *)p;
-			if ((nid=OBJ_txt2nid(type)) == NID_undef)
-				{
-				/* Add a new one if possible */
-				if ((p != NULL) && (q != NULL) && (*q == ']'))
-					{
-					*q='\0';
-					nid=OBJ_create((char *)p,NULL,NULL);
-					*q=']';
-					if (nid == NID_undef) goto start;
-					}
-				else
-					goto start;
 				}
-
+			/* If OBJ not recognised ignore it */
+			if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
 			sprintf(buf,"%s_default",v->name);
 			if ((def=CONF_get_string(req_conf,tmp,buf)) == NULL)
 				def="";
@@ -871,7 +910,7 @@ start:		for (;;)
 				min,max))
 				goto err;
 			}
-		if (sk_num(ri->subject->entries) == 0)
+		if (sk_X509_NAME_ENTRY_num(ri->subject->entries) == 0)
 			{
 			BIO_printf(bio_err,"error, no objects specified in config file\n");
 			goto err;
@@ -879,7 +918,7 @@ start:		for (;;)
 
 		if (attribs)
 			{
-			if ((attr != NULL) && (sk_num(attr) > 0))
+			if ((attr != NULL) && (sk_CONF_VALUE_num(attr) > 0))
 				{
 				BIO_printf(bio_err,"\nPlease enter the following 'extra' attributes\n");
 				BIO_printf(bio_err,"to be sent with your certificate request\n");
@@ -889,10 +928,11 @@ start:		for (;;)
 start2:			for (;;)
 				{
 				i++;
-				if ((attr == NULL) || ((int)sk_num(attr) <= i))
+				if ((attr == NULL) ||
+					    (sk_CONF_VALUE_num(attr) <= i))
 					break;
 
-				v=(CONF_VALUE *)sk_value(attr,i);
+				v=sk_CONF_VALUE_value(attr,i);
 				type=v->name;
 				if ((nid=OBJ_txt2nid(type)) == NID_undef)
 					goto start2;
@@ -932,21 +972,15 @@ err:
 	return(ret);
 	}
 
-static int add_DN_object(n,text,def,value,nid,min,max)
-X509_NAME *n;
-char *text;
-char *def;
-char *value;
-int nid;
-int min;
-int max;
+static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
+	     int nid, int min, int max)
 	{
 	int i,j,ret=0;
 	X509_NAME_ENTRY *ne=NULL;
 	MS_STATIC char buf[1024];
 
 	BIO_printf(bio_err,"%s [%s]:",text,def);
-	BIO_flush(bio_err);
+	(void)BIO_flush(bio_err);
 	if (value != NULL)
 		{
 		strcpy(buf,value);
@@ -980,6 +1014,9 @@ int max;
 	j=ASN1_PRINTABLE_type((unsigned char *)buf,-1);
 	if (req_fix_data(nid,&j,i,min,max) == 0)
 		goto err;
+#ifdef CHARSET_EBCDIC
+	ebcdic2ascii(buf, buf, i);
+#endif
 	if ((ne=X509_NAME_ENTRY_create_by_NID(NULL,nid,j,(unsigned char *)buf,
 		strlen(buf)))
 		== NULL) goto err;
@@ -992,14 +1029,9 @@ err:
 	return(ret);
 	}
 
-static int add_attribute_object(n,text,def,value,nid,min,max)
-STACK *n;
-char *text;
-char *def;
-char *value;
-int nid;
-int min;
-int max;
+static int add_attribute_object(STACK_OF(X509_ATTRIBUTE) *n, char *text,
+				char *def, char *value, int nid, int min,
+				int max)
 	{
 	int i,z;
 	X509_ATTRIBUTE *xa=NULL;
@@ -1009,7 +1041,7 @@ int max;
 
 start:
 	BIO_printf(bio_err,"%s [%s]:",text,def);
-	BIO_flush(bio_err);
+	(void)BIO_flush(bio_err);
 	if (value != NULL)
 		{
 		strcpy(buf,value);
@@ -1043,7 +1075,7 @@ start:
 	/* add object plus value */
 	if ((xa=X509_ATTRIBUTE_new()) == NULL)
 		goto err;
-	if ((xa->value.set=sk_new_null()) == NULL)
+	if ((xa->value.set=sk_ASN1_TYPE_new_null()) == NULL)
 		goto err;
 	xa->set=1;
 
@@ -1069,12 +1101,12 @@ start:
 		{ BIO_printf(bio_err,"Malloc failure\n"); goto err; }
 
 	ASN1_TYPE_set(at,bs->type,(char *)bs);
-	sk_push(xa->value.set,(char *)at);
+	sk_ASN1_TYPE_push(xa->value.set,at);
 	bs=NULL;
 	at=NULL;
 	/* only one item per attribute */
 
-	if (!sk_push(n,(char *)xa)) goto err;
+	if (!sk_X509_ATTRIBUTE_push(n,xa)) goto err;
 	return(1);
 err:
 	if (xa != NULL) X509_ATTRIBUTE_free(xa);
@@ -1083,10 +1115,7 @@ err:
 	return(0);
 	}
 
-static void MS_CALLBACK req_cb(p,n,arg)
-int p;
-int n;
-char *arg;
+static void MS_CALLBACK req_cb(int p, int n, void *arg)
 	{
 	char c='*';
 
@@ -1095,16 +1124,13 @@ char *arg;
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
 	BIO_write((BIO *)arg,&c,1);
-	BIO_flush((BIO *)arg);
+	(void)BIO_flush((BIO *)arg);
 #ifdef LINT
 	p=n;
 #endif
 	}
 
-static int req_fix_data(nid,type,len,min,max)
-int nid;
-int *type;
-int len,min,max;
+static int req_fix_data(int nid, int *type, int len, int min, int max)
 	{
 	if (nid == NID_pkcs9_emailAddress)
 		*type=V_ASN1_IA5STRING;
@@ -1135,3 +1161,37 @@ int len,min,max;
 		}
 	return(1);
 	}
+
+/* Check if the end of a string matches 'end' */
+static int check_end(char *str, char *end)
+{
+	int elen, slen;	
+	char *tmp;
+	elen = strlen(end);
+	slen = strlen(str);
+	if(elen > slen) return 1;
+	tmp = str + slen - elen;
+	return strcmp(tmp, end);
+}
+
+static int add_oid_section(LHASH *conf)
+{	
+	char *p;
+	STACK_OF(CONF_VALUE) *sktmp;
+	CONF_VALUE *cnf;
+	int i;
+	if(!(p=CONF_get_string(conf,NULL,"oid_section"))) return 1;
+	if(!(sktmp = CONF_get_section(conf, p))) {
+		BIO_printf(bio_err, "problem loading oid section %s\n", p);
+		return 0;
+	}
+	for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
+		cnf = sk_CONF_VALUE_value(sktmp, i);
+		if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
+			BIO_printf(bio_err, "problem creating object %s=%s\n",
+							 cnf->name, cnf->value);
+			return 0;
+		}
+	}
+	return 1;
+}
diff --git a/lib/libssl/src/apps/rmlinks b/lib/libssl/src/apps/rmlinks
deleted file mode 100644
index 7c4f8983ba0..00000000000
--- a/lib/libssl/src/apps/rmlinks
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/sh
-for i in verify asn1parse req dgst dh enc gendh errstr ca crl rsa dsa dsaparam x509 genrsa s_server s_client speed s_time version pkcs7 crl2pkcs7 sess_id ciphers md2 md5 sha sha1 mdc2 base64 des des3 desx idea rc4 rc2 bf cast rc5 des-ecb des-ede des-ede3 des-cbc des-ede-cbc des-ede3-cbc des-cfb des-ede-cfb des-ede3-cfb des-ofb des-ede-ofb des-ede3-ofb idea-cbc idea-ecb idea-cfb idea-ofb rc2-cbc rc2-ecb rc2-cfb rc2-ofb bf-cbc bf-ecb bf-cfb bf-ofb cast5-cbc cast5-ecb cast5-cfb cast5-ofb cast-cbc rc5-cbc rc5-ecb rc5-cfb rc5-ofb 
-do
-echo removing $i
-/bin/rm -f $i
-done
diff --git a/lib/libssl/src/apps/rsa.c b/lib/libssl/src/apps/rsa.c
index 267b12b15e1..9b723ee406c 100644
--- a/lib/libssl/src/apps/rsa.c
+++ b/lib/libssl/src/apps/rsa.c
@@ -56,17 +56,18 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_RSA
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <time.h>
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "rsa.h"
-#include "evp.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 #undef PROG
 #define PROG	rsa_main
@@ -80,18 +81,17 @@
  * -idea	- encrypt output if PEM format
  * -text	- print a text version
  * -modulus	- print the RSA key modulus
+ * -check	- verify key consistency
  */
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	int ret=1;
 	RSA *rsa=NULL;
 	int i,badops=0;
-	EVP_CIPHER *enc=NULL;
+	const EVP_CIPHER *enc=NULL;
 	BIO *in=NULL,*out=NULL;
-	int informat,outformat,text=0,noout=0;
+	int informat,outformat,text=0,check=0,noout=0;
 	char *infile,*outfile,*prog;
 	int modulus=0;
 
@@ -137,6 +137,8 @@ char **argv;
 			text=1;
 		else if (strcmp(*argv,"-modulus") == 0)
 			modulus=1;
+		else if (strcmp(*argv,"-check") == 0)
+			check=1;
 		else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -154,7 +156,7 @@ bad:
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER NET PEM\n");
 		BIO_printf(bio_err," -outform arg  output format - one of DER NET PEM\n");
-		BIO_printf(bio_err," -in arg       inout file\n");
+		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
 		BIO_printf(bio_err," -des          encrypt PEM output with cbc des\n");
 		BIO_printf(bio_err," -des3         encrypt PEM output with ede cbc des using 168 bit key\n");
@@ -164,6 +166,7 @@ bad:
 		BIO_printf(bio_err," -text         print the key in text\n");
 		BIO_printf(bio_err," -noout        don't print key out\n");
 		BIO_printf(bio_err," -modulus      print the RSA key modulus\n");
+		BIO_printf(bio_err," -check        verify key consistency\n");
 		goto end;
 		}
 
@@ -219,7 +222,7 @@ bad:
 		}
 #endif
 	else if (informat == FORMAT_PEM)
-		rsa=PEM_read_bio_RSAPrivateKey(in,NULL,NULL);
+		rsa=PEM_read_bio_RSAPrivateKey(in,NULL,NULL,NULL);
 	else
 		{
 		BIO_printf(bio_err,"bad input format specified for key\n");
@@ -258,6 +261,33 @@ bad:
 		fprintf(stdout,"\n");
 		}
 
+	if (check)
+		{
+		int r = RSA_check_key(rsa);
+
+		if (r == 1)
+			BIO_printf(out,"RSA key ok\n");
+		else if (r == 0)
+			{
+			long e;
+
+			while ((e = ERR_peek_error()) != 0 &&
+				ERR_GET_LIB(e) == ERR_LIB_RSA &&
+				ERR_GET_FUNC(e) == RSA_F_RSA_CHECK_KEY &&
+				ERR_GET_REASON(e) != ERR_R_MALLOC_FAILURE)
+				{
+				BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(e));
+				ERR_get_error(); /* remove e from error stack */
+				}
+			}
+		
+		if (r == -1 || ERR_peek_error() != 0) /* should happen only if r == -1 */
+			{
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+		}
+		
 	if (noout) goto end;
 	BIO_printf(bio_err,"writing RSA private key\n");
 	if 	(outformat == FORMAT_ASN1)
@@ -282,7 +312,7 @@ bad:
 		}
 #endif
 	else if (outformat == FORMAT_PEM)
-		i=PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL);
+		i=PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL,NULL);
 	else	{
 		BIO_printf(bio_err,"bad output format specified for outfile\n");
 		goto end;
@@ -300,4 +330,4 @@ end:
 	if (rsa != NULL) RSA_free(rsa);
 	EXIT(ret);
 	}
-
+#endif
diff --git a/lib/libssl/src/apps/s_apps.h b/lib/libssl/src/apps/s_apps.h
index ba320946bef..1a0e9f9f92f 100644
--- a/lib/libssl/src/apps/s_apps.h
+++ b/lib/libssl/src/apps/s_apps.h
@@ -56,13 +56,36 @@
  * [including the GNU Public Licence.]
  */
 
+#include <sys/types.h>
+#if (defined(VMS) || defined(__VMS)) && !defined(FD_SET)
+/* VAX C does not defined fd_set and friends, but it's actually quite simple */
+/* These definitions are borrowed from SOCKETSHR.	/Richard Levitte */
+#define MAX_NOFILE	32
+#define	NBBY		 8		/* number of bits in a byte	*/
+
+#ifndef	FD_SETSIZE
+#define	FD_SETSIZE	MAX_NOFILE
+#endif	/* FD_SETSIZE */
+
+/* How many things we'll allow select to use. 0 if unlimited */
+#define MAXSELFD	MAX_NOFILE
+typedef int	fd_mask;	/* int here! VMS prototypes int, not long */
+#define NFDBITS	(sizeof(fd_mask) * NBBY)	/* bits per mask (power of 2!)*/
+#define NFDSHIFT 5				/* Shift based on above */
+
+typedef fd_mask fd_set;
+#define	FD_SET(n, p)	(*(p) |= (1 << ((n) % NFDBITS)))
+#define	FD_CLR(n, p)	(*(p) &= ~(1 << ((n) % NFDBITS)))
+#define	FD_ISSET(n, p)	(*(p) & (1 << ((n) % NFDBITS)))
+#define FD_ZERO(p)	memset((char *)(p), 0, sizeof(*(p)))
+#endif
+
 #define PORT            4433
 #define PORT_STR        "4433"
 #define PROTOCOL        "tcp"
 
-#ifndef NOPROTO
 int do_accept(int acc_sock, int *sock, char **host);
-int do_server(int port, int *ret, int (*cb) ());
+int do_server(int port, int *ret, int (*cb) (), char *context);
 #ifdef HEADER_X509_H
 int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
 #else
@@ -86,7 +109,7 @@ int extract_port(char *str, short *port_ptr);
 int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
 int host_ip(char *str, unsigned char ip[4]);
 
-long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, char *argp,
+long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp,
 	int argi, long argl, long ret);
 
 #ifdef HEADER_SSL_H
@@ -95,25 +118,3 @@ void MS_CALLBACK apps_ssl_info_callback(SSL *s, int where, int ret);
 void MS_CALLBACK apps_ssl_info_callback(char *s, int where, int ret);
 #endif
 
-#else
-int do_accept();
-int do_server();
-int MS_CALLBACK verify_callback();
-int set_cert_stuff();
-int init_client();
-int init_client_ip();
-int nbio_init_client_ip();
-int nbio_sock_error();
-int spawn();
-int init_server();
-int should_retry();
-void sock_cleanup();
-int extract_port();
-int extract_host_port();
-int host_ip();
-
-long MS_CALLBACK bio_dump_cb();
-void MS_CALLBACK apps_ssl_info_callback();
-
-#endif
-
diff --git a/lib/libssl/src/apps/s_cb.c b/lib/libssl/src/apps/s_cb.c
index cd086bb93ed..fdb11a1d11d 100644
--- a/lib/libssl/src/apps/s_cb.c
+++ b/lib/libssl/src/apps/s_cb.c
@@ -63,17 +63,15 @@
 #include "apps.h"
 #undef NON_MAIN
 #undef USE_SOCKETS
-#include "err.h"
-#include "x509.h"
-#include "ssl.h"
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
 #include "s_apps.h"
 
 int verify_depth=0;
 int verify_error=X509_V_OK;
 
-int MS_CALLBACK verify_callback(ok, ctx)
-int ok;
-X509_STORE_CTX *ctx;
+int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
 	{
 	char buf[256];
 	X509 *err_cert;
@@ -109,13 +107,13 @@ X509_STORE_CTX *ctx;
 	case X509_V_ERR_CERT_NOT_YET_VALID:
 	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
 		BIO_printf(bio_err,"notBefore=");
-		ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
+		ASN1_TIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
 		BIO_printf(bio_err,"\n");
 		break;
 	case X509_V_ERR_CERT_HAS_EXPIRED:
 	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
 		BIO_printf(bio_err,"notAfter=");
-		ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
+		ASN1_TIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
 		BIO_printf(bio_err,"\n");
 		break;
 		}
@@ -123,15 +121,14 @@ X509_STORE_CTX *ctx;
 	return(ok);
 	}
 
-int set_cert_stuff(ctx, cert_file, key_file)
-SSL_CTX *ctx;
-char *cert_file;
-char *key_file;
+int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
 	{
 	if (cert_file != NULL)
 		{
+		/*
 		SSL *ssl;
 		X509 *x509;
+		*/
 
 		if (SSL_CTX_use_certificate_file(ctx,cert_file,
 			SSL_FILETYPE_PEM) <= 0)
@@ -149,13 +146,20 @@ char *key_file;
 			return(0);
 			}
 
+		/*
+		In theory this is no longer needed 
 		ssl=SSL_new(ctx);
 		x509=SSL_get_certificate(ssl);
 
-		if (x509 != NULL)
-			EVP_PKEY_copy_parameters(X509_get_pubkey(x509),
-				SSL_get_privatekey(ssl));
+		if (x509 != NULL) {
+			EVP_PKEY *pktmp;
+			pktmp = X509_get_pubkey(x509);
+			EVP_PKEY_copy_parameters(pktmp,
+						SSL_get_privatekey(ssl));
+			EVP_PKEY_free(pktmp);
+		}
 		SSL_free(ssl);
+		*/
 
 		/* If we are using DSA, we can copy the parameters from
 		 * the private key */
@@ -172,13 +176,8 @@ char *key_file;
 	return(1);
 	}
 
-long MS_CALLBACK bio_dump_cb(bio,cmd,argp,argi,argl,ret)
-BIO *bio;
-int cmd;
-char *argp;
-int argi;
-long argl;
-long ret;
+long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi,
+	     long argl, long ret)
 	{
 	BIO *out;
 
@@ -201,10 +200,7 @@ long ret;
 	return(ret);
 	}
 
-void MS_CALLBACK apps_ssl_info_callback(s,where,ret)
-SSL *s;
-int where;
-int ret;
+void MS_CALLBACK apps_ssl_info_callback(SSL *s, int where, int ret)
 	{
 	char *str;
 	int w;
diff --git a/lib/libssl/src/apps/s_client.c b/lib/libssl/src/apps/s_client.c
index e783eb723c4..b06104130e5 100644
--- a/lib/libssl/src/apps/s_client.c
+++ b/lib/libssl/src/apps/s_client.c
@@ -56,20 +56,42 @@
  * [including the GNU Public Licence.]
  */
 
+#ifdef APPS_CRLF
+# include <assert.h>
+#endif
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#define USE_SOCKETS
 #ifdef NO_STDIO
 #define APPS_WIN16
 #endif
+
+/* With IPv6, it looks like Digital has mixed up the proper order of
+   recursive header file inclusion, resulting in the compiler complaining
+   that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
+   is needed to have fileno() declared correctly...  So let's define u_int */
+#if defined(VMS) && defined(__DECC) && !defined(__U_INT)
+#define __U_INT
+typedef unsigned int u_int;
+#endif
+
+#define USE_SOCKETS
 #include "apps.h"
-#include "x509.h"
-#include "ssl.h"
-#include "err.h"
-#include "pem.h"
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
 #include "s_apps.h"
 
+#if (defined(VMS) && __VMS_VER < 70000000)
+/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
+#undef FIONBIO
+#endif
+
+#if defined(NO_RSA) && !defined(NO_SSL2)
+#define NO_SSL2
+#endif
+
 #undef PROG
 #define PROG	s_client_main
 
@@ -90,21 +112,16 @@ static int c_nbio=0;
 #endif
 static int c_Pause=0;
 static int c_debug=0;
+static int c_showcerts=0;
 
-#ifndef NOPROTO
 static void sc_usage(void);
 static void print_stuff(BIO *berr,SSL *con,int full);
-#else
-static void sc_usage();
-static void print_stuff();
-#endif
-
 static BIO *bio_c_out=NULL;
 static int c_quiet=0;
 
-static void sc_usage()
+static void sc_usage(void)
 	{
-	BIO_printf(bio_err,"usage: client args\n");
+	BIO_printf(bio_err,"usage: s_client args\n");
 	BIO_printf(bio_err,"\n");
 	BIO_printf(bio_err," -host host     - use -connect instead\n");
 	BIO_printf(bio_err," -port port     - use -connect instead\n");
@@ -118,26 +135,28 @@ static void sc_usage()
 	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
 	BIO_printf(bio_err," -reconnect    - Drop and re-make the connection with the same Session-ID\n");
 	BIO_printf(bio_err," -pause        - sleep(1) after each read(2) and write(2) system call\n");
+	BIO_printf(bio_err," -showcerts    - show all certificates in the chain\n");
 	BIO_printf(bio_err," -debug        - extra output\n");
 	BIO_printf(bio_err," -nbio_test    - more ssl protocol testing\n");
 	BIO_printf(bio_err," -state        - print the 'ssl' states\n");
 #ifdef FIONBIO
 	BIO_printf(bio_err," -nbio         - Run with non-blocking IO\n");
 #endif
+#ifdef APPS_CRLF /* won't be #ifdef'd in next release */
+	BIO_printf(bio_err," -crlf         - convert LF from terminal into CRLF\n");
+#endif
 	BIO_printf(bio_err," -quiet        - no s_client output\n");
 	BIO_printf(bio_err," -ssl2         - just use SSLv2\n");
 	BIO_printf(bio_err," -ssl3         - just use SSLv3\n");
 	BIO_printf(bio_err," -tls1         - just use TLSv1\n");
 	BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
 	BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
-	BIO_printf(bio_err," -cipher       - prefered cipher to use, use the 'ssleay ciphers'\n");
-	BIO_printf(bio_err,"                 command to se what is available\n");
+	BIO_printf(bio_err," -cipher       - prefered cipher to use, use the 'openssl ciphers'\n");
+	BIO_printf(bio_err,"                 command to see what is available\n");
 
 	}
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	int off=0;
 	SSL *con=NULL,*con2=NULL;
@@ -152,7 +171,10 @@ char **argv;
 	char *cert_file=NULL,*key_file=NULL;
 	char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
 	int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
-	int write_tty,read_tty,write_ssl,read_ssl,tty_on;
+#ifdef APPS_CRLF
+	int crlf=0;
+#endif
+	int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
 	SSL_CTX *ctx=NULL;
 	int ret=1,in_init=1,i,nbio_test=0;
 	SSL_METHOD *meth=NULL;
@@ -171,6 +193,7 @@ char **argv;
 	c_Pause=0;
 	c_quiet=0;
 	c_debug=0;
+	c_showcerts=0;
 
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
@@ -221,12 +244,18 @@ char **argv;
 			if (--argc < 1) goto bad;
 			cert_file= *(++argv);
 			}
+#ifdef APPS_CRLF
+		else if	(strcmp(*argv,"-crlf") == 0)
+			crlf=1;
+#endif
 		else if	(strcmp(*argv,"-quiet") == 0)
 			c_quiet=1;
 		else if	(strcmp(*argv,"-pause") == 0)
 			c_Pause=1;
 		else if	(strcmp(*argv,"-debug") == 0)
 			c_debug=1;
+		else if	(strcmp(*argv,"-showcerts") == 0)
+			c_showcerts=1;
 		else if	(strcmp(*argv,"-nbio_test") == 0)
 			nbio_test=1;
 		else if	(strcmp(*argv,"-state") == 0)
@@ -434,31 +463,43 @@ re_start:
 				}
 			}
 
-#ifndef WINDOWS
-		if (tty_on)
-			{
-			if (read_tty)  FD_SET(fileno(stdin),&readfds);
-			if (write_tty) FD_SET(fileno(stdout),&writefds);
-			}
-#endif
-		if (read_ssl)
-			FD_SET(SSL_get_fd(con),&readfds);
-		if (write_ssl)
-			FD_SET(SSL_get_fd(con),&writefds);
-
-/*		printf("mode tty(%d %d%d) ssl(%d%d)\n",
-			tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
+		ssl_pending = read_ssl && SSL_pending(con);
 
-		i=select(width,&readfds,&writefds,NULL,NULL);
-		if ( i < 0)
+		if (!ssl_pending)
 			{
-			BIO_printf(bio_err,"bad select %d\n",
+#ifndef WINDOWS
+			if (tty_on)
+				{
+				if (read_tty)  FD_SET(fileno(stdin),&readfds);
+				if (write_tty) FD_SET(fileno(stdout),&writefds);
+				}
+#endif
+			if (read_ssl)
+				FD_SET(SSL_get_fd(con),&readfds);
+			if (write_ssl)
+				FD_SET(SSL_get_fd(con),&writefds);
+
+/*			printf("mode tty(%d %d%d) ssl(%d%d)\n",
+				tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
+
+			/* Note: under VMS with SOCKETSHR the second parameter
+			 * is currently of type (int *) whereas under other
+			 * systems it is (void *) if you don't have a cast it
+			 * will choke the compiler: if you do have a cast then
+			 * you can either go for (int *) or (void *).
+			 */
+			i=select(width,(void *)&readfds,(void *)&writefds,
+				 NULL,NULL);
+			if ( i < 0)
+				{
+				BIO_printf(bio_err,"bad select %d\n",
 				get_last_socket_error());
-			goto shut;
-			/* goto end; */
+				goto shut;
+				/* goto end; */
+				}
 			}
 
-		if (FD_ISSET(SSL_get_fd(con),&writefds))
+		if (!ssl_pending && FD_ISSET(SSL_get_fd(con),&writefds))
 			{
 			k=SSL_write(con,&(cbuf[cbuf_off]),
 				(unsigned int)cbuf_len);
@@ -526,8 +567,11 @@ re_start:
 				}
 			}
 #ifndef WINDOWS
-		else if (FD_ISSET(fileno(stdout),&writefds))
+		else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds))
 			{
+#ifdef CHARSET_EBCDIC
+			ascii2ebcdic(&(sbuf[sbuf_off]),&(sbuf[sbuf_off]),sbuf_len);
+#endif
 			i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len);
 
 			if (i <= 0)
@@ -546,12 +590,20 @@ re_start:
 				}
 			}
 #endif
-		else if (FD_ISSET(SSL_get_fd(con),&readfds))
+		else if (ssl_pending || FD_ISSET(SSL_get_fd(con),&readfds))
 			{
 #ifdef RENEG
 { static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } }
 #endif
+#if 1
 			k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ );
+#else
+/* Demo for pending and peek :-) */
+			k=SSL_read(con,sbuf,16);
+{ char zbuf[10240]; 
+printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240));
+}
+#endif
 
 			switch (SSL_get_error(con,k))
 				{
@@ -588,14 +640,39 @@ re_start:
 			case SSL_ERROR_SSL:
 				ERR_print_errors(bio_err);
 				goto shut;
-				break;
+				/* break; */
 				}
 			}
 
 #ifndef WINDOWS
 		else if (FD_ISSET(fileno(stdin),&readfds))
 			{
-			i=read(fileno(stdin),cbuf,BUFSIZZ);
+#ifdef APPS_CRLF
+			if (crlf)
+				{
+				int j, lf_num;
+
+				i=read(fileno(stdin),cbuf,BUFSIZZ/2);
+				lf_num = 0;
+				/* both loops are skipped when i <= 0 */
+				for (j = 0; j < i; j++)
+					if (cbuf[j] == '\n')
+						lf_num++;
+				for (j = i-1; j >= 0; j--)
+					{
+					cbuf[j+lf_num] = cbuf[j];
+					if (cbuf[j] == '\n')
+						{
+						lf_num--;
+						i++;
+						cbuf[j+lf_num] = '\r';
+						}
+					}
+				assert(lf_num == 0);
+				}
+			else
+#endif
+				i=read(fileno(stdin),cbuf,BUFSIZZ);
 
 			if ((!c_quiet) && ((i <= 0) || (cbuf[0] == 'Q')))
 				{
@@ -605,18 +682,21 @@ re_start:
 
 			if ((!c_quiet) && (cbuf[0] == 'R'))
 				{
+				BIO_printf(bio_err,"RENEGOTIATING\n");
 				SSL_renegotiate(con);
-				read_tty=0;
-				write_ssl=1;
+				cbuf_len=0;
 				}
 			else
 				{
 				cbuf_len=i;
 				cbuf_off=0;
+#ifdef CHARSET_EBCDIC
+				ebcdic2ascii(cbuf, cbuf, i);
+#endif
 				}
 
-			read_tty=0;
 			write_ssl=1;
+			read_tty=0;
 			}
 #endif
 		}
@@ -639,34 +719,38 @@ end:
 	}
 
 
-static void print_stuff(bio,s,full)
-BIO *bio;
-SSL *s;
-int full;
+static void print_stuff(BIO *bio, SSL *s, int full)
 	{
 	X509 *peer=NULL;
 	char *p;
 	static char *space="                ";
 	char buf[BUFSIZ];
-	STACK *sk;
+	STACK_OF(X509) *sk;
+	STACK_OF(X509_NAME) *sk2;
 	SSL_CIPHER *c;
 	X509_NAME *xn;
 	int j,i;
 
 	if (full)
 		{
+		int got_a_chain = 0;
+
 		sk=SSL_get_peer_cert_chain(s);
 		if (sk != NULL)
 			{
-			BIO_printf(bio,"---\nCertficate chain\n");
-			for (i=0; i<sk_num(sk); i++)
+			got_a_chain = 1; /* we don't have it for SSL2 (yet) */
+
+			BIO_printf(bio,"---\nCertificate chain\n");
+			for (i=0; i<sk_X509_num(sk); i++)
 				{
-				X509_NAME_oneline(X509_get_subject_name((X509 *)
-					sk_value(sk,i)),buf,BUFSIZ);
+				X509_NAME_oneline(X509_get_subject_name(
+					sk_X509_value(sk,i)),buf,BUFSIZ);
 				BIO_printf(bio,"%2d s:%s\n",i,buf);
-				X509_NAME_oneline(X509_get_issuer_name((X509 *)
-					sk_value(sk,i)),buf,BUFSIZ);
+				X509_NAME_oneline(X509_get_issuer_name(
+					sk_X509_value(sk,i)),buf,BUFSIZ);
 				BIO_printf(bio,"   i:%s\n",buf);
+				if (c_showcerts)
+					PEM_write_bio_X509(bio,sk_X509_value(sk,i));
 				}
 			}
 
@@ -675,7 +759,8 @@ int full;
 		if (peer != NULL)
 			{
 			BIO_printf(bio,"Server certificate\n");
-			PEM_write_bio_X509(bio,peer);
+			if (!(c_showcerts && got_a_chain)) /* Redundant if we showed the whole chain */
+				PEM_write_bio_X509(bio,peer);
 			X509_NAME_oneline(X509_get_subject_name(peer),
 				buf,BUFSIZ);
 			BIO_printf(bio,"subject=%s\n",buf);
@@ -686,13 +771,13 @@ int full;
 		else
 			BIO_printf(bio,"no peer certificate available\n");
 
-		sk=SSL_get_client_CA_list(s);
-		if ((sk != NULL) && (sk_num(sk) > 0))
+		sk2=SSL_get_client_CA_list(s);
+		if ((sk2 != NULL) && (sk_X509_NAME_num(sk2) > 0))
 			{
 			BIO_printf(bio,"---\nAcceptable client certificate CA names\n");
-			for (i=0; i<sk_num(sk); i++)
+			for (i=0; i<sk_X509_NAME_num(sk2); i++)
 				{
-				xn=(X509_NAME *)sk_value(sk,i);
+				xn=sk_X509_NAME_value(sk2,i);
 				X509_NAME_oneline(xn,buf,sizeof(buf));
 				BIO_write(bio,buf,strlen(buf));
 				BIO_write(bio,"\n",1);
@@ -705,6 +790,11 @@ int full;
 		p=SSL_get_shared_ciphers(s,buf,BUFSIZ);
 		if (p != NULL)
 			{
+			/* This works only for SSL 2.  In later protocol
+			 * versions, the client does not know what other
+			 * ciphers (in addition to the one to be used
+			 * in the current connection) the server supports. */
+
 			BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n");
 			j=i=0;
 			while (*p)
@@ -735,9 +825,13 @@ int full;
 	BIO_printf(bio,"%s, Cipher is %s\n",
 		SSL_CIPHER_get_version(c),
 		SSL_CIPHER_get_name(c));
-	if (peer != NULL)
+	if (peer != NULL) {
+		EVP_PKEY *pktmp;
+		pktmp = X509_get_pubkey(peer);
 		BIO_printf(bio,"Server public key is %d bit\n",
-			EVP_PKEY_bits(X509_get_pubkey(peer)));
+							 EVP_PKEY_bits(pktmp));
+		EVP_PKEY_free(pktmp);
+	}
 	SSL_SESSION_print(bio,SSL_get_session(s));
 	BIO_printf(bio,"---\n");
 	if (peer != NULL)
diff --git a/lib/libssl/src/apps/s_server.c b/lib/libssl/src/apps/s_server.c
index 5012ef254da..9a81418cda8 100644
--- a/lib/libssl/src/apps/s_server.c
+++ b/lib/libssl/src/apps/s_server.c
@@ -56,6 +56,9 @@
  * [including the GNU Public Licence.]
  */
 
+#ifdef APPS_CRLF
+# include <assert.h>
+#endif
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -64,20 +67,40 @@
 #ifdef NO_STDIO
 #define APPS_WIN16
 #endif
-#include "lhash.h"
-#include "bn.h"
+
+/* With IPv6, it looks like Digital has mixed up the proper order of
+   recursive header file inclusion, resulting in the compiler complaining
+   that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
+   is needed to have fileno() declared correctly...  So let's define u_int */
+#if defined(VMS) && defined(__DECC) && !defined(__U_INT)
+#define __U_INT
+typedef unsigned int u_int;
+#endif
+
+#include <openssl/lhash.h>
+#include <openssl/bn.h>
 #define USE_SOCKETS
 #include "apps.h"
-#include "err.h"
-#include "pem.h"
-#include "x509.h"
-#include "ssl.h"
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
 #include "s_apps.h"
 
-#ifndef NOPROTO
-static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export);
-static int sv_body(char *hostname, int s);
-static int www_body(char *hostname, int s);
+#if (defined(VMS) && __VMS_VER < 70000000)
+/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
+#undef FIONBIO
+#endif
+
+#if defined(NO_RSA) && !defined(NO_SSL2)
+#define NO_SSL2
+#endif
+
+#ifndef NO_RSA
+static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
+#endif
+static int sv_body(char *hostname, int s, unsigned char *context);
+static int www_body(char *hostname, int s, unsigned char *context);
 static void close_accept_socket(void );
 static void sv_usage(void);
 static int init_ssl_connection(SSL *s);
@@ -87,24 +110,13 @@ static DH *load_dh_param(void );
 static DH *get_dh512(void);
 #endif
 /* static void s_server_init(void);*/
-#else
-static RSA MS_CALLBACK *tmp_rsa_cb();
-static int sv_body();
-static int www_body();
-static void close_accept_socket();
-static void sv_usage();
-static int init_ssl_connection();
-static void print_stats();
-#ifndef NO_DH
-static DH *load_dh_param();
-static DH *get_dh512();
-#endif
-/* static void s_server_init(); */
-#endif
-
 
 #ifndef S_ISDIR
-#define S_ISDIR(a)	(((a) & _S_IFMT) == _S_IFDIR)
+# if defined(_S_IFMT) && defined(_S_IFDIR)
+#  define S_ISDIR(a)	(((a) & _S_IFMT) == _S_IFDIR)
+# else
+#  define S_ISDIR(a)	(((a) & S_IFMT) == S_IFDIR)
+# endif
 #endif
 
 #ifndef NO_DH
@@ -120,7 +132,7 @@ static unsigned char dh512_g[]={
 	0x02,
 	};
 
-static DH *get_dh512()
+static DH *get_dh512(void)
 	{
 	DH *dh=NULL;
 
@@ -136,7 +148,8 @@ static DH *get_dh512()
 /* static int load_CA(SSL_CTX *ctx, char *file);*/
 
 #undef BUFSIZZ
-#define BUFSIZZ	8*1024
+#define BUFSIZZ	16*1024
+static int bufsize=32;
 static int accept_socket= -1;
 
 #define TEST_CERT	"server.pem"
@@ -149,12 +162,16 @@ extern int verify_depth;
 
 static char *cipher=NULL;
 static int s_server_verify=SSL_VERIFY_NONE;
+static int s_server_session_id_context = 1; /* anything will do */
 static char *s_cert_file=TEST_CERT,*s_key_file=NULL;
 static char *s_dcert_file=NULL,*s_dkey_file=NULL;
 #ifdef FIONBIO
 static int s_nbio=0;
 #endif
 static int s_nbio_test=0;
+#ifdef APPS_CRLF /* won't be #ifdef'd in next release */
+int s_crlf=0;
+#endif
 static SSL_CTX *ctx=NULL;
 static int www=0;
 
@@ -163,7 +180,7 @@ static int s_debug=0;
 static int s_quiet=0;
 
 #if 0
-static void s_server_init()
+static void s_server_init(void)
 	{
 	cipher=NULL;
 	s_server_verify=SSL_VERIFY_NONE;
@@ -184,27 +201,33 @@ static void s_server_init()
 	}
 #endif
 
-static void sv_usage()
+static void sv_usage(void)
 	{
 	BIO_printf(bio_err,"usage: s_server [args ...]\n");
 	BIO_printf(bio_err,"\n");
-	BIO_printf(bio_err," -accept arg   - port to accept on (default is %d\n",PORT);
+	BIO_printf(bio_err," -accept arg   - port to accept on (default is %d)\n",PORT);
+	BIO_printf(bio_err," -context arg  - set session ID context\n");
 	BIO_printf(bio_err," -verify arg   - turn on peer certificate verification\n");
 	BIO_printf(bio_err," -Verify arg   - turn on peer certificate verification, must have a cert.\n");
 	BIO_printf(bio_err," -cert arg     - certificate file to use, PEM format assumed\n");
 	BIO_printf(bio_err,"                 (default is %s)\n",TEST_CERT);
 	BIO_printf(bio_err," -key arg      - RSA file to use, PEM format assumed, in cert file if\n");
 	BIO_printf(bio_err,"                 not specified (default is %s)\n",TEST_CERT);
+	BIO_printf(bio_err," -dcert arg    - second certificate file to use (usually for DSA)\n");
+	BIO_printf(bio_err," -dkey arg     - second private key file to use (usually for DSA)\n");
 #ifdef FIONBIO
 	BIO_printf(bio_err," -nbio         - Run with non-blocking IO\n");
 #endif
 	BIO_printf(bio_err," -nbio_test    - test with the non-blocking test bio\n");
+#ifdef APPS_CRLF
+	BIO_printf(bio_err," -crlf         - convert LF from terminal into CRLF\n");
+#endif
 	BIO_printf(bio_err," -debug        - Print more output\n");
 	BIO_printf(bio_err," -state        - Print the SSL states\n");
 	BIO_printf(bio_err," -CApath arg   - PEM format directory of CA's\n");
 	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
 	BIO_printf(bio_err," -nocert       - Don't use any certificates (Anon-DH)\n");
-	BIO_printf(bio_err," -cipher arg   - play with 'ssleay ciphers' to see what goes here\n");
+	BIO_printf(bio_err," -cipher arg   - play with 'openssl ciphers' to see what goes here\n");
 	BIO_printf(bio_err," -quiet        - No server output\n");
 	BIO_printf(bio_err," -no_tmp_rsa   - Do not generate a tmp RSA key\n");
 	BIO_printf(bio_err," -ssl2         - Just talk SSLv2\n");
@@ -213,25 +236,177 @@ static void sv_usage()
 	BIO_printf(bio_err," -no_ssl2      - Just disable SSLv2\n");
 	BIO_printf(bio_err," -no_ssl3      - Just disable SSLv3\n");
 	BIO_printf(bio_err," -no_tls1      - Just disable TLSv1\n");
+#ifndef NO_DH
+	BIO_printf(bio_err," -no_dhe       - Disable ephemeral DH\n");
+#endif
 	BIO_printf(bio_err," -bugs         - Turn on SSL bug compatability\n");
 	BIO_printf(bio_err," -www          - Respond to a 'GET /' with a status page\n");
-	BIO_printf(bio_err," -WWW          - Returns requested page from to a 'GET <path> HTTP/1.0'\n");
+	BIO_printf(bio_err," -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
 	}
 
 static int local_argc=0;
 static char **local_argv;
 static int hack=0;
 
-int MAIN(argc, argv)
-int argc;
-char *argv[];
+#ifdef CHARSET_EBCDIC
+static int ebcdic_new(BIO *bi);
+static int ebcdic_free(BIO *a);
+static int ebcdic_read(BIO *b, char *out, int outl);
+static int ebcdic_write(BIO *b, char *in, int inl);
+static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr);
+static int ebcdic_gets(BIO *bp, char *buf, int size);
+static int ebcdic_puts(BIO *bp, char *str);
+
+#define BIO_TYPE_EBCDIC_FILTER	(18|0x0200)
+static BIO_METHOD methods_ebcdic=
+	{
+	BIO_TYPE_EBCDIC_FILTER,
+	"EBCDIC/ASCII filter",
+	ebcdic_write,
+	ebcdic_read,
+	ebcdic_puts,
+	ebcdic_gets,
+	ebcdic_ctrl,
+	ebcdic_new,
+	ebcdic_free,
+	};
+
+typedef struct
+{
+	size_t	alloced;
+	char	buff[1];
+} EBCDIC_OUTBUFF;
+
+BIO_METHOD *BIO_f_ebcdic_filter()
+{
+	return(&methods_ebcdic);
+}
+
+static int ebcdic_new(BIO *bi)
+{
+	EBCDIC_OUTBUFF *wbuf;
+
+	wbuf = (EBCDIC_OUTBUFF *)Malloc(sizeof(EBCDIC_OUTBUFF) + 1024);
+	wbuf->alloced = 1024;
+	wbuf->buff[0] = '\0';
+
+	bi->ptr=(char *)wbuf;
+	bi->init=1;
+	bi->flags=0;
+	return(1);
+}
+
+static int ebcdic_free(BIO *a)
+{
+	if (a == NULL) return(0);
+	if (a->ptr != NULL)
+		Free(a->ptr);
+	a->ptr=NULL;
+	a->init=0;
+	a->flags=0;
+	return(1);
+}
+	
+static int ebcdic_read(BIO *b, char *out, int outl)
+{
+	int ret=0;
+
+	if (out == NULL || outl == 0) return(0);
+	if (b->next_bio == NULL) return(0);
+
+	ret=BIO_read(b->next_bio,out,outl);
+	if (ret > 0)
+		ascii2ebcdic(out,out,ret);
+	return(ret);
+}
+
+static int ebcdic_write(BIO *b, char *in, int inl)
+{
+	EBCDIC_OUTBUFF *wbuf;
+	int ret=0;
+	int num;
+	unsigned char n;
+
+	if ((in == NULL) || (inl <= 0)) return(0);
+	if (b->next_bio == NULL) return(0);
+
+	wbuf=(EBCDIC_OUTBUFF *)b->ptr;
+
+	if (inl > (num = wbuf->alloced))
+	{
+		num = num + num;  /* double the size */
+		if (num < inl)
+			num = inl;
+		Free((char*)wbuf);
+		wbuf=(EBCDIC_OUTBUFF *)Malloc(sizeof(EBCDIC_OUTBUFF) + num);
+
+		wbuf->alloced = num;
+		wbuf->buff[0] = '\0';
+
+		b->ptr=(char *)wbuf;
+	}
+
+	ebcdic2ascii(wbuf->buff, in, inl);
+
+	ret=BIO_write(b->next_bio, wbuf->buff, inl);
+
+	return(ret);
+}
+
+static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr)
+{
+	long ret;
+
+	if (b->next_bio == NULL) return(0);
+	switch (cmd)
+	{
+	case BIO_CTRL_DUP:
+		ret=0L;
+		break;
+	default:
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	}
+	return(ret);
+}
+
+static int ebcdic_gets(BIO *bp, char *buf, int size)
+{
+	int i, ret;
+	if (bp->next_bio == NULL) return(0);
+/*	return(BIO_gets(bp->next_bio,buf,size));*/
+	for (i=0; i<size-1; ++i)
+	{
+		ret = ebcdic_read(bp,&buf[i],1);
+		if (ret <= 0)
+			break;
+		else if (buf[i] == '\n')
+		{
+			++i;
+			break;
+		}
+	}
+	if (i < size)
+		buf[i] = '\0';
+	return (ret < 0 && i == 0) ? ret : i;
+}
+
+static int ebcdic_puts(BIO *bp, char *str)
+{
+	if (bp->next_bio == NULL) return(0);
+	return ebcdic_write(bp, str, strlen(str));
+}
+#endif
+
+int MAIN(int argc, char *argv[])
 	{
 	short port=PORT;
 	char *CApath=NULL,*CAfile=NULL;
+	char *context = NULL;
 	int badop=0,bugs=0;
 	int ret=1;
 	int off=0;
-	int no_tmp_rsa=0,nocert=0;
+	int no_tmp_rsa=0,no_dhe=0,nocert=0;
 	int state=0;
 	SSL_METHOD *meth=NULL;
 #ifndef NO_DH
@@ -289,6 +464,11 @@ char *argv[];
 			verify_depth=atoi(*(++argv));
 			BIO_printf(bio_err,"verify depth is %d, must return a certificate\n",verify_depth);
 			}
+		else if	(strcmp(*argv,"-context") == 0)
+			{
+			if (--argc < 1) goto bad;
+			context= *(++argv);
+			}
 		else if	(strcmp(*argv,"-cert") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -345,12 +525,18 @@ char *argv[];
 			{ hack=1; }
 		else if	(strcmp(*argv,"-state") == 0)
 			{ state=1; }
+#ifdef APPS_CRLF
+		else if	(strcmp(*argv,"-crlf") == 0)
+			{ s_crlf=1; }
+#endif
 		else if	(strcmp(*argv,"-quiet") == 0)
 			{ s_quiet=1; }
 		else if	(strcmp(*argv,"-bugs") == 0)
 			{ bugs=1; }
 		else if	(strcmp(*argv,"-no_tmp_rsa") == 0)
 			{ no_tmp_rsa=1; }
+		else if	(strcmp(*argv,"-no_dhe") == 0)
+			{ no_dhe=1; }
 		else if	(strcmp(*argv,"-www") == 0)
 			{ www=1; }
 		else if	(strcmp(*argv,"-WWW") == 0)
@@ -453,21 +639,24 @@ bad:
 		}
 
 #ifndef NO_DH
-	/* EAY EAY EAY evil hack */
-	dh=load_dh_param();
-	if (dh != NULL)
+	if (!no_dhe)
 		{
-		BIO_printf(bio_s_out,"Setting temp DH parameters\n");
-		}
-	else
-		{
-		BIO_printf(bio_s_out,"Using default temp DH parameters\n");
-		dh=get_dh512();
-		}
-	BIO_flush(bio_s_out);
+		/* EAY EAY EAY evil hack */
+		dh=load_dh_param();
+		if (dh != NULL)
+			{
+			BIO_printf(bio_s_out,"Setting temp DH parameters\n");
+			}
+		else
+			{
+			BIO_printf(bio_s_out,"Using default temp DH parameters\n");
+			dh=get_dh512();
+			}
+		(void)BIO_flush(bio_s_out);
 
-	SSL_CTX_set_tmp_dh(ctx,dh);
-	DH_free(dh);
+		SSL_CTX_set_tmp_dh(ctx,dh);
+		DH_free(dh);
+		}
 #endif
 	
 	if (!set_cert_stuff(ctx,s_cert_file,s_key_file))
@@ -478,6 +667,7 @@ bad:
 			goto end;
 		}
 
+#ifndef NO_RSA
 #if 1
 	SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
 #else
@@ -499,18 +689,21 @@ bad:
 		BIO_printf(bio_s_out,"\n");
 		}
 #endif
+#endif
 
 	if (cipher != NULL)
 		SSL_CTX_set_cipher_list(ctx,cipher);
 	SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);
+	SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context,
+		sizeof s_server_session_id_context);
 
-	SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
+	SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
 
 	BIO_printf(bio_s_out,"ACCEPT\n");
 	if (www)
-		do_server(port,&accept_socket,www_body);
+		do_server(port,&accept_socket,www_body, context);
 	else
-		do_server(port,&accept_socket,sv_body);
+		do_server(port,&accept_socket,sv_body, context);
 	print_stats(bio_s_out,ctx);
 	ret=0;
 end:
@@ -523,9 +716,7 @@ end:
 	EXIT(ret);
 	}
 
-static void print_stats(bio,ssl_ctx)
-BIO *bio;
-SSL_CTX *ssl_ctx;
+static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
 	{
 	BIO_printf(bio,"%4ld items in the session cache\n",
 		SSL_CTX_sess_number(ssl_ctx));
@@ -550,9 +741,7 @@ SSL_CTX *ssl_ctx;
 		SSL_CTX_sess_get_cache_size(ssl_ctx));
 	}
 
-static int sv_body(hostname, s)
-char *hostname;
-int s;
+static int sv_body(char *hostname, int s, unsigned char *context)
 	{
 	char *buf=NULL;
 	fd_set readfds;
@@ -562,7 +751,7 @@ int s;
 	SSL *con=NULL;
 	BIO *sbio;
 
-	if ((buf=Malloc(BUFSIZZ)) == NULL)
+	if ((buf=Malloc(bufsize)) == NULL)
 		{
 		BIO_printf(bio_err,"out of memory\n");
 		goto err;
@@ -579,8 +768,12 @@ int s;
 		}
 #endif
 
-	if (con == NULL)
+	if (con == NULL) {
 		con=(SSL *)SSL_new(ctx);
+		if(context)
+		      SSL_set_session_id_context(con, context,
+						 strlen((char *)context));
+	}
 	SSL_clear(con);
 
 	sbio=BIO_new_socket(s,BIO_NOCLOSE);
@@ -610,11 +803,42 @@ int s;
 		FD_SET(fileno(stdin),&readfds);
 #endif
 		FD_SET(s,&readfds);
-		i=select(width,&readfds,NULL,NULL,NULL);
+		/* Note: under VMS with SOCKETSHR the second parameter is
+		 * currently of type (int *) whereas under other systems
+		 * it is (void *) if you don't have a cast it will choke
+		 * the compiler: if you do have a cast then you can either
+		 * go for (int *) or (void *).
+		 */
+		i=select(width,(void *)&readfds,NULL,NULL,NULL);
 		if (i <= 0) continue;
 		if (FD_ISSET(fileno(stdin),&readfds))
 			{
-			i=read(fileno(stdin),buf,128/*BUFSIZZ*/);
+#ifdef APPS_CRLF
+			if (s_crlf)
+				{
+				int j, lf_num;
+
+				i=read(fileno(stdin), buf, bufsize/2);
+				lf_num = 0;
+				/* both loops are skipped when i <= 0 */
+				for (j = 0; j < i; j++)
+					if (buf[j] == '\n')
+						lf_num++;
+				for (j = i-1; j >= 0; j--)
+					{
+					buf[j+lf_num] = buf[j];
+					if (buf[j] == '\n')
+						{
+						lf_num--;
+						i++;
+						buf[j+lf_num] = '\r';
+						}
+					}
+				assert(lf_num == 0);
+				}
+			else
+#endif
+				i=read(fileno(stdin),buf,bufsize);
 			if (!s_quiet)
 				{
 				if ((i <= 0) || (buf[0] == 'Q'))
@@ -641,10 +865,10 @@ int s;
 					printf("SSL_do_handshake -> %d\n",i);
 					i=0; /*13; */
 					continue;
-					strcpy(buf,"server side RE-NEGOTIATE\n");
+					/* strcpy(buf,"server side RE-NEGOTIATE\n"); */
 					}
 				if ((buf[0] == 'R') &&
-					((buf[1] == '\0') || (buf[1] == '\r')))
+					((buf[1] == '\n') || (buf[1] == '\r')))
 					{
 					SSL_set_verify(con,
 						SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL);
@@ -653,7 +877,7 @@ int s;
 					printf("SSL_do_handshake -> %d\n",i);
 					i=0; /* 13; */
 					continue;
-					strcpy(buf,"server side RE-NEGOTIATE asking for client cert\n");
+					/* strcpy(buf,"server side RE-NEGOTIATE asking for client cert\n"); */
 					}
 				if (buf[0] == 'P')
 					{
@@ -665,6 +889,9 @@ int s;
 					print_stats(bio_s_out,SSL_get_SSL_CTX(con));
 					}
 				}
+#ifdef CHARSET_EBCDIC
+			ebcdic2ascii(buf,buf,i);
+#endif
 			l=k=0;
 			for (;;)
 				{
@@ -688,7 +915,7 @@ int s;
 					ERR_print_errors(bio_err);
 					ret=1;
 					goto err;
-					break;
+					/* break; */
 				case SSL_ERROR_ZERO_RETURN:
 					BIO_printf(bio_s_out,"DONE\n");
 					ret=1;
@@ -718,12 +945,17 @@ int s;
 				}
 			else
 				{
-				i=SSL_read(con,(char *)buf,128 /*BUFSIZZ */);
+again:	
+				i=SSL_read(con,(char *)buf,bufsize);
 				switch (SSL_get_error(con,i))
 					{
 				case SSL_ERROR_NONE:
+#ifdef CHARSET_EBCDIC
+					ascii2ebcdic(buf,buf,i);
+#endif
 					write(fileno(stdout),buf,
 						(unsigned int)i);
+					if (SSL_pending(con)) goto again;
 					break;
 				case SSL_ERROR_WANT_WRITE:
 				case SSL_ERROR_WANT_READ:
@@ -755,7 +987,7 @@ err:
 	BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
 	if (buf != NULL)
 		{
-		memset(buf,0,BUFSIZZ);
+		memset(buf,0,bufsize);
 		Free(buf);
 		}
 	if (ret >= 0)
@@ -763,7 +995,7 @@ err:
 	return(ret);
 	}
 
-static void close_accept_socket()
+static void close_accept_socket(void)
 	{
 	BIO_printf(bio_err,"shutdown accept socket\n");
 	if (accept_socket >= 0)
@@ -772,11 +1004,10 @@ static void close_accept_socket()
 		}
 	}
 
-static int init_ssl_connection(con)
-SSL *con;
+static int init_ssl_connection(SSL *con)
 	{
 	int i;
-	char *str;
+	const char *str;
 	X509 *peer;
 	long verify_error;
 	MS_STATIC char buf[BUFSIZ];
@@ -820,18 +1051,22 @@ SSL *con;
 	str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
 	BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
 	if (con->hit) BIO_printf(bio_s_out,"Reused session-id\n");
+	if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &
+		TLS1_FLAGS_TLS_PADDING_BUG)
+		BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n");
+
 	return(1);
 	}
 
 #ifndef NO_DH
-static DH *load_dh_param()
+static DH *load_dh_param(void)
 	{
 	DH *ret=NULL;
 	BIO *bio;
 
 	if ((bio=BIO_new_file(DH_PARAM,"r")) == NULL)
 		goto err;
-	ret=PEM_read_bio_DHparams(bio,NULL,NULL);
+	ret=PEM_read_bio_DHparams(bio,NULL,NULL,NULL);
 err:
 	if (bio != NULL) BIO_free(bio);
 	return(ret);
@@ -839,9 +1074,7 @@ err:
 #endif
 
 #if 0
-static int load_CA(ctx,file)
-SSL_CTX *ctx;
-char *file;
+static int load_CA(SSL_CTX *ctx, char *file)
 	{
 	FILE *in;
 	X509 *x=NULL;
@@ -861,11 +1094,9 @@ char *file;
 	}
 #endif
 
-static int www_body(hostname, s)
-char *hostname;
-int s;
+static int www_body(char *hostname, int s, unsigned char *context)
 	{
-	char buf[1024];
+	char *buf=NULL;
 	int ret=1;
 	int i,j,k,blank,dot;
 	struct stat st_buf;
@@ -874,6 +1105,8 @@ int s;
 	BIO *io,*ssl_bio,*sbio;
 	long total_bytes;
 
+	buf=Malloc(bufsize);
+	if (buf == NULL) return(0);
 	io=BIO_new(BIO_f_buffer());
 	ssl_bio=BIO_new(BIO_f_ssl());
 	if ((io == NULL) || (ssl_bio == NULL)) goto err;
@@ -891,9 +1124,11 @@ int s;
 #endif
 
 	/* lets make the output buffer a reasonable size */
-	if (!BIO_set_write_buffer_size(io,253 /*16*1024*/)) goto err;
+	if (!BIO_set_write_buffer_size(io,bufsize)) goto err;
 
 	if ((con=(SSL *)SSL_new(ctx)) == NULL) goto err;
+	if(context) SSL_set_session_id_context(con, context,
+					       strlen((char *)context));
 
 	sbio=BIO_new_socket(s,BIO_NOCLOSE);
 	if (s_nbio_test)
@@ -909,6 +1144,9 @@ int s;
 	/* SSL_set_fd(con,s); */
 	BIO_set_ssl(ssl_bio,con,BIO_CLOSE);
 	BIO_push(io,ssl_bio);
+#ifdef CHARSET_EBCDIC
+	io = BIO_push(BIO_new(BIO_f_ebcdic_filter()),io);
+#endif
 
 	if (s_debug)
 		{
@@ -937,14 +1175,14 @@ int s;
 			case SSL_ERROR_ZERO_RETURN:
 				ret=1;
 				goto err;
-				break;
+				/* break; */
 				}
 
 			SSL_renegotiate(con);
 			SSL_write(con,NULL,0);
 			}
 
-		i=BIO_gets(io,buf,sizeof(buf)-1);
+		i=BIO_gets(io,buf,bufsize-1);
 		if (i < 0) /* error */
 			{
 			if (!BIO_should_retry(io))
@@ -974,11 +1212,11 @@ int s;
 			{
 			char *p;
 			X509 *peer;
-			STACK *sk;
+			STACK_OF(SSL_CIPHER) *sk;
 			static char *space="                          ";
 
 			BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
-			BIO_puts(io,"<HTML><BODY BGCOLOR=ffffff>\n");
+			BIO_puts(io,"<HTML><BODY BGCOLOR=\"#ffffff\">\n");
 			BIO_puts(io,"<pre>\n");
 /*			BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/
 			BIO_puts(io,"\n");
@@ -993,10 +1231,10 @@ int s;
 			 * be done */
 			BIO_printf(io,"Ciphers supported in s_server binary\n");
 			sk=SSL_get_ciphers(con);
-			j=sk_num(sk);
+			j=sk_SSL_CIPHER_num(sk);
 			for (i=0; i<j; i++)
 				{
-				c=(SSL_CIPHER *)sk_value(sk,i);
+				c=sk_SSL_CIPHER_value(sk,i);
 				BIO_printf(io,"%-11s:%-25s",
 					SSL_CIPHER_get_version(c),
 					SSL_CIPHER_get_name(c));
@@ -1004,7 +1242,7 @@ int s;
 					BIO_puts(io,"\n");
 				}
 			BIO_puts(io,"\n");
-			p=SSL_get_shared_ciphers(con,buf,sizeof(buf));
+			p=SSL_get_shared_ciphers(con,buf,bufsize);
 			if (p != NULL)
 				{
 				BIO_printf(io,"---\nCiphers common between both SSL end points:\n");
@@ -1050,7 +1288,7 @@ int s;
 			BIO_puts(io,"</BODY></HTML>\r\n\r\n");
 			break;
 			}
-		else if ((www == 2) && (strncmp("GET ",buf,4) == 0))
+		else if ((www == 2) && (strncmp("GET /",buf,5) == 0))
 			{
 			BIO *file;
 			char *p,*e;
@@ -1129,9 +1367,10 @@ int s;
 			total_bytes=0;
 			for (;;)
 				{
-				i=BIO_read(file,buf,1024);
+				i=BIO_read(file,buf,bufsize);
 				if (i <= 0) break;
 
+#ifdef RENEG
 				total_bytes+=i;
 				fprintf(stderr,"%d\n",i);
 				if (total_bytes > 3*1024)
@@ -1140,6 +1379,7 @@ int s;
 					fprintf(stderr,"RENEGOTIATE\n");
 					SSL_renegotiate(con);
 					}
+#endif
 
 				for (j=0; j<i; )
 					{
@@ -1194,14 +1434,14 @@ err:
 	if (ret >= 0)
 		BIO_printf(bio_s_out,"ACCEPT\n");
 
+	if (buf != NULL) Free(buf);
 	if (io != NULL) BIO_free_all(io);
 /*	if (ssl_bio != NULL) BIO_free(ssl_bio);*/
 	return(ret);
 	}
 
-static RSA MS_CALLBACK *tmp_rsa_cb(s,export)
-SSL *s;
-int export;
+#ifndef NO_RSA
+static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
 	{
 	static RSA *rsa_tmp=NULL;
 
@@ -1209,17 +1449,16 @@ int export;
 		{
 		if (!s_quiet)
 			{
-			BIO_printf(bio_err,"Generating temp (512 bit) RSA key...");
-			BIO_flush(bio_err);
+			BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
+			(void)BIO_flush(bio_err);
 			}
-#ifndef NO_RSA
-		rsa_tmp=RSA_generate_key(512,RSA_F4,NULL,NULL);
-#endif
+		rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL);
 		if (!s_quiet)
 			{
 			BIO_printf(bio_err,"\n");
-			BIO_flush(bio_err);
+			(void)BIO_flush(bio_err);
 			}
 		}
 	return(rsa_tmp);
 	}
+#endif
diff --git a/lib/libssl/src/apps/s_socket.c b/lib/libssl/src/apps/s_socket.c
index 4bc3fde9252..888b66df18e 100644
--- a/lib/libssl/src/apps/s_socket.c
+++ b/lib/libssl/src/apps/s_socket.c
@@ -61,22 +61,34 @@
 #include <string.h>
 #include <errno.h>
 #include <signal.h>
+
+/* With IPv6, it looks like Digital has mixed up the proper order of
+   recursive header file inclusion, resulting in the compiler complaining
+   that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
+   is needed to have fileno() declared correctly...  So let's define u_int */
+#if defined(VMS) && defined(__DECC) && !defined(__U_INT)
+#define __U_INT
+typedef unsigned int u_int;
+#endif
+
 #define USE_SOCKETS
 #define NON_MAIN
 #include "apps.h"
 #undef USE_SOCKETS
 #undef NON_MAIN
 #include "s_apps.h"
-#include "ssl.h"
+#include <openssl/ssl.h>
 
-#ifndef NOPROTO
-static struct hostent *GetHostByName(char *name);
-int sock_init(void );
-#else
-static struct hostent *GetHostByName();
-int sock_init();
+#ifdef VMS
+#if (__VMS_VER < 70000000) /* FIONBIO used as a switch to enable ioctl,
+			      and that isn't in VMS < 7.0 */
+#undef FIONBIO
+#endif
+#include <processes.h> /* for vfork() */
 #endif
 
+static struct hostent *GetHostByName(char *name);
+int sock_init(void );
 #ifdef WIN16
 #define SOCKET_PROTOCOL	0 /* more microsoft stupidity */
 #else
@@ -93,11 +105,8 @@ static FARPROC lpTopWndProc=NULL;
 static FARPROC lpTopHookProc=NULL;
 extern HINSTANCE _hInstance;  /* nice global CRT provides */
 
-static LONG FAR PASCAL topHookProc(hwnd,message,wParam,lParam)
-HWND hwnd;
-UINT message;
-WPARAM wParam;
-LPARAM lParam;
+static LONG FAR PASCAL topHookProc(HWND hwnd, UINT message, WPARAM wParam,
+	     LPARAM lParam)
 	{
 	if (hwnd == topWnd)
 		{
@@ -122,7 +131,7 @@ static BOOL CALLBACK enumproc(HWND hwnd,LPARAM lParam)
 #endif /* WIN32 */
 #endif /* WINDOWS */
 
-void sock_cleanup()
+void sock_cleanup(void)
 	{
 #ifdef WINDOWS
 	if (wsa_init_done)
@@ -134,7 +143,7 @@ void sock_cleanup()
 #endif
 	}
 
-int sock_init()
+int sock_init(void)
 	{
 #ifdef WINDOWS
 	if (!wsa_init_done)
@@ -165,10 +174,7 @@ int sock_init()
 	return(1);
 	}
 
-int init_client(sock, host, port)
-int *sock;
-char *host;
-int port;
+int init_client(int *sock, char *host, int port)
 	{
 	unsigned char ip[4];
 	short p=0;
@@ -181,10 +187,7 @@ int port;
 	return(init_client_ip(sock,ip,port));
 	}
 
-int init_client_ip(sock, ip, port)
-int *sock;
-unsigned char ip[4];
-int port;
+int init_client_ip(int *sock, unsigned char ip[4], int port)
 	{
 	unsigned long addr;
 	struct sockaddr_in them;
@@ -215,23 +218,25 @@ int port;
 	return(1);
 	}
 
-int nbio_sock_error(sock)
-int sock;
+int nbio_sock_error(int sock)
 	{
-	int j,i,size;
+	int j,i;
+	int size;
 
 	size=sizeof(int);
-	i=getsockopt(sock,SOL_SOCKET,SO_ERROR,(char *)&j,&size);
+	/* Note: under VMS with SOCKETSHR the third parameter is currently
+	 * of type (int *) whereas under other systems it is (void *) if
+	 * you don't have a cast it will choke the compiler: if you do
+	 * have a cast then you can either go for (int *) or (void *).
+	 */
+	i=getsockopt(sock,SOL_SOCKET,SO_ERROR,(char *)&j,(void *)&size);
 	if (i < 0)
 		return(1);
 	else
 		return(j);
 	}
 
-int nbio_init_client_ip(sock, ip, port)
-int *sock;
-unsigned char ip[4];
-int port;
+int nbio_init_client_ip(int *sock, unsigned char ip[4], int port)
 	{
 	unsigned long addr;
 	struct sockaddr_in them;
@@ -251,7 +256,9 @@ int port;
 
 	if (*sock <= 0)
 		{
+#ifdef FIONBIO
 		unsigned long l=1;
+#endif
 
 		s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
 		if (s == INVALID_SOCKET) { perror("socket"); return(0); }
@@ -280,10 +287,7 @@ int port;
 		return(1);
 	}
 
-int do_server(port, ret, cb)
-int port;
-int *ret;
-int (*cb)();
+int do_server(int port, int *ret, int (*cb)(), char *context)
 	{
 	int sock;
 	char *name;
@@ -304,7 +308,7 @@ int (*cb)();
 			SHUTDOWN(accept_socket);
 			return(0);
 			}
-		i=(*cb)(name,sock);
+		i=(*cb)(name,sock, context);
 		if (name != NULL) Free(name);
 		SHUTDOWN2(sock);
 		if (i < 0)
@@ -315,10 +319,7 @@ int (*cb)();
 		}
 	}
 
-int init_server_long(sock, port, ip)
-int *sock;
-int port;
-char *ip;
+int init_server_long(int *sock, int port, char *ip)
 	{
 	int ret=0;
 	struct sockaddr_in server;
@@ -332,10 +333,22 @@ char *ip;
 	if (ip == NULL)
 		server.sin_addr.s_addr=INADDR_ANY;
 	else
+/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
+#ifndef BIT_FIELD_LIMITS
 		memcpy(&server.sin_addr.s_addr,ip,4);
+#else
+		memcpy(&server.sin_addr,ip,4);
+#endif
 	s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
 
 	if (s == INVALID_SOCKET) goto err;
+#if defined SOL_SOCKET && defined SO_REUSEADDR
+		{
+		int j = 1;
+		setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
+			   (void *) &j, sizeof j);
+		}
+#endif
 	if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
 		{
 #ifndef WINDOWS
@@ -356,17 +369,12 @@ err:
 	return(ret);
 	}
 
-int init_server(sock,port)
-int *sock;
-int port;
+int init_server(int *sock, int port)
 	{
 	return(init_server_long(sock, port, NULL));
 	}
 
-int do_accept(acc_sock, sock, host)
-int acc_sock;
-int *sock;
-char **host;
+int do_accept(int acc_sock, int *sock, char **host)
 	{
 	int ret,i;
 	struct hostent *h1,*h2;
@@ -382,7 +390,12 @@ redoit:
 
 	memset((char *)&from,0,sizeof(from));
 	len=sizeof(from);
-	ret=accept(acc_sock,(struct sockaddr *)&from,&len);
+	/* Note: under VMS with SOCKETSHR the fourth parameter is currently
+	 * of type (int *) whereas under other systems it is (void *) if
+	 * you don't have a cast it will choke the compiler: if you do
+	 * have a cast then you can either go for (int *) or (void *).
+	 */
+	ret=accept(acc_sock,(struct sockaddr *)&from,(void *)&len);
 	if (ret == INVALID_SOCKET)
 		{
 #ifdef WINDOWS
@@ -452,11 +465,8 @@ end:
 	return(1);
 	}
 
-int extract_host_port(str,host_ptr,ip,port_ptr)
-char *str;
-char **host_ptr;
-unsigned char *ip;
-short *port_ptr;
+int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
+	     short *port_ptr)
 	{
 	char *h,*p;
 
@@ -480,14 +490,12 @@ err:
 	return(0);
 	}
 
-int host_ip(str,ip)
-char *str;
-unsigned char ip[4];
+int host_ip(char *str, unsigned char ip[4])
 	{
 	unsigned int in[4]; 
 	int i;
 
-	if (sscanf(str,"%d.%d.%d.%d",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
+	if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
 		{
 		for (i=0; i<4; i++)
 			if (in[i] > 255)
@@ -528,9 +536,7 @@ err:
 	return(0);
 	}
 
-int extract_port(str,port_ptr)
-char *str;
-short *port_ptr;
+int extract_port(char *str, short *port_ptr)
 	{
 	int i;
 	struct servent *s;
@@ -562,8 +568,7 @@ static struct ghbn_cache_st
 static unsigned long ghbn_hits=0L;
 static unsigned long ghbn_miss=0L;
 
-static struct hostent *GetHostByName(name)
-char *name;
+static struct hostent *GetHostByName(char *name)
 	{
 	struct hostent *ret;
 	int i,lowi=0;
@@ -603,11 +608,7 @@ char *name;
 	}
 
 #ifndef MSDOS
-int spawn(argc, argv, in, out)
-int argc;
-char **argv;
-int *in;
-int *out;
+int spawn(int argc, char **argv, int *in, int *out)
 	{
 	int pid;
 #define CHILD_READ	p1[0]
@@ -618,7 +619,11 @@ int *out;
 
 	if ((pipe(p1) < 0) || (pipe(p2) < 0)) return(-1);
 
+#ifdef VMS
+	if ((pid=vfork()) == 0)
+#else
 	if ((pid=fork()) == 0)
+#endif
 		{ /* child */
 		if (dup2(CHILD_WRITE,fileno(stdout)) < 0)
 			perror("dup2");
diff --git a/lib/libssl/src/apps/s_time.c b/lib/libssl/src/apps/s_time.c
index 7571c208d4b..a529e2a1190 100644
--- a/lib/libssl/src/apps/s_time.c
+++ b/lib/libssl/src/apps/s_time.c
@@ -59,7 +59,7 @@
 #define NO_SHUTDOWN
 
 /*-----------------------------------------
-   cntime - SSL client connection timer program
+   s_time - SSL client connection timer program
    Written and donated by Larry Streepy <streepy@healthcare.com>
   -----------------------------------------*/
 
@@ -67,26 +67,29 @@
 #include <stdlib.h>
 #include <string.h>
 
+#if defined(NO_RSA) && !defined(NO_SSL2)
+#define NO_SSL2
+#endif
+
 #ifdef NO_STDIO
 #define APPS_WIN16
 #endif
-#include "x509.h"
-#include "ssl.h"
-#include "pem.h"
 #define USE_SOCKETS
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/pem.h>
 #include "apps.h"
 #include "s_apps.h"
-#include "err.h"
+#include <openssl/err.h>
 #ifdef WIN32_STUFF
 #include "winmain.h"
 #include "wintext.h"
 #endif
 
-#ifndef MSDOS
+#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
 #define TIMES
 #endif
 
-#ifndef VMS
 #ifndef _IRIX
 #include <time.h>
 #endif
@@ -94,15 +97,15 @@
 #include <sys/types.h>
 #include <sys/times.h>
 #endif
-#else /* VMS */
-#include <types.h>
-struct tms {
-	time_t tms_utime;
-	time_t tms_stime;
-	time_t tms_uchild;	/* I dunno...  */
-	time_t tms_uchildsys;	/* so these names are a guess :-) */
-	}
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#undef TIMES
 #endif
+
 #ifndef TIMES
 #include <sys/timeb.h>
 #endif
@@ -111,7 +114,8 @@ struct tms {
 #include <sys/select.h>
 #endif
 
-#ifdef sun
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
 #include <limits.h>
 #include <sys/param.h>
 #endif
@@ -120,11 +124,7 @@ struct tms {
 */
 #ifndef HZ
 #ifndef CLK_TCK
-#ifndef VMS
 #define HZ      100.0
-#else /* VMS */
-#define HZ      100.0
-#endif
 #else /* CLK_TCK */
 #define HZ ((double)CLK_TCK)
 #endif
@@ -133,6 +133,7 @@ struct tms {
 #undef PROG
 #define PROG s_time_main
 
+#undef ioctl
 #define ioctl ioctlsocket
 
 #define SSL_CONNECT_NAME	"localhost:4433"
@@ -150,18 +151,10 @@ struct tms {
 extern int verify_depth;
 extern int verify_error;
 
-#ifndef NOPROTO
 static void s_time_usage(void);
 static int parseArgs( int argc, char **argv );
 static SSL *doConnection( SSL *scon );
 static void s_time_init(void);
-#else
-static void s_time_usage();
-static int parseArgs();
-static SSL *doConnection();
-static void s_time_init();
-#endif
-
 
 /***********************************************************************
  * Static data declarations
@@ -189,7 +182,7 @@ static int t_nbio=0;
 static int exitNow = 0;		/* Set when it's time to exit main */
 #endif
 
-static void s_time_init()
+static void s_time_init(void)
 	{
 	host=SSL_CONNECT_NAME;
 	t_cert_file=NULL;
@@ -217,19 +210,19 @@ static void s_time_init()
 /***********************************************************************
  * usage - display usage message
  */
-static void s_time_usage()
+static void s_time_usage(void)
 {
 	static char umsg[] = "\
 -time arg     - max number of seconds to collect data, default %d\n\
 -verify arg   - turn on peer certificate verification, arg == depth\n\
 -cert arg     - certificate file to use, PEM format assumed\n\
--key arg      - RSA file to use, PEM format assumed, in cert file if\n\
-                not specified but cert fill is.\n\
+-key arg      - RSA file to use, PEM format assumed, key is in cert file\n\
+                file if not specified by this option\n\
 -CApath arg   - PEM format directory of CA's\n\
 -CAfile arg   - PEM format file of CA's\n\
--cipher       - prefered cipher to use, play with 'ssleay ciphers'\n\n";
+-cipher       - prefered cipher to use, play with 'openssl ciphers'\n\n";
 
-	printf( "usage: client <args>\n\n" );
+	printf( "usage: s_time <args>\n\n" );
 
 	printf("-connect host:port - host:port to connect to (default is %s)\n",SSL_CONNECT_NAME);
 #ifdef FIONBIO
@@ -249,9 +242,7 @@ static void s_time_usage()
  *
  * Returns 0 if ok, -1 on bad args
  */
-static int parseArgs(argc,argv)
-int argc;
-char **argv;
+static int parseArgs(int argc, char **argv)
 {
     int badop = 0;
 
@@ -376,8 +367,7 @@ bad:
 #define START	0
 #define STOP	1
 
-static double tm_Time_F(s)
-int s;
+static double tm_Time_F(int s)
 	{
 	static double ret;
 #ifdef TIMES
@@ -411,10 +401,7 @@ int s;
  * MAIN - main processing area for client
  *			real name depends on MONOLITH
  */
-int
-MAIN(argc,argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	double totalTime = 0.0;
 	int nConn = 0;
@@ -638,9 +625,7 @@ end:
  * Returns:
  *		SSL *	= the connection pointer.
  */
-static SSL *
-doConnection(scon)
-SSL *scon;
+static SSL *doConnection(SSL *scon)
 	{
 	BIO *conn;
 	SSL *serverCon;
@@ -679,7 +664,13 @@ SSL *scon;
 			width=i+1;
 			FD_ZERO(&readfds);
 			FD_SET(i,&readfds);
-			select(width,&readfds,NULL,NULL,NULL);
+			/* Note: under VMS with SOCKETSHR the 2nd parameter
+			 * is currently of type (int *) whereas under other
+			 * systems it is (void *) if you don't have a cast it
+			 * will choke the compiler: if you do have a cast then
+			 * you can either go for (int *) or (void *).
+			 */
+			select(width,(void *)&readfds,NULL,NULL,NULL);
 			continue;
 			}
 		break;
diff --git a/lib/libssl/src/apps/server.pem b/lib/libssl/src/apps/server.pem
index eabb927036f..c57b32507d0 100644
--- a/lib/libssl/src/apps/server.pem
+++ b/lib/libssl/src/apps/server.pem
@@ -1,17 +1,17 @@
 issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
 subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)
 -----BEGIN CERTIFICATE-----
-MIIB6TCCAVICAQAwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
+MIIB6TCCAVICAQQwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
 BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
-VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzQ2WhcNOTgwNjA5
-MTM1NzQ2WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
+VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTgwNjI5MjM1MjQwWhcNMDAwNjI4
+MjM1MjQwWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
 A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl
 cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP
 Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2//
-Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB4TMR2CvacKE9wAsu9jyCX8YiW
-mgCM+YoP6kt4Zkj2z5IRfm7WrycKsnpnOR+tGeqAjkCeZ6/36o9l91RvPnN1VJ/i
-xQv2df0KFeMr00IkDdTNAdIWqFkSsZTAY2QAdgenb7MB1joejquYzO2DQIO7+wpH
-irObpESxAZLySCmPPg==
+Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCVvvfkGSe2GHgDFfmOua4Isjb9
+JVhImWMASiOClkZlMESDJjsszg/6+d/W+8TrbObhazpl95FivXBVucbj9dudh7AO
+IZu1h1MAPlyknc9Ud816vz3FejB4qqUoaXjnlkrIgEbr/un7jSS86WOe0hRhwHkJ
+FUGcPZf9ND22Etc+AQ==
 -----END CERTIFICATE-----
 -----BEGIN RSA PRIVATE KEY-----
 MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD
diff --git a/lib/libssl/src/apps/sess_id.c b/lib/libssl/src/apps/sess_id.c
index 2fad36a4951..8ac118d4a1e 100644
--- a/lib/libssl/src/apps/sess_id.c
+++ b/lib/libssl/src/apps/sess_id.c
@@ -60,48 +60,37 @@
 #include <stdlib.h>
 #include <string.h>
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "x509.h"
-#include "pem.h"
-#include "ssl.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
 
 #undef PROG
 #define PROG	sess_id_main
 
-#define FORMAT_UNDEF	0
-#define FORMAT_ASN1	1
-#define FORMAT_TEXT	2
-#define FORMAT_PEM	3
-
 static char *sess_id_usage[]={
-"usage: crl args\n",
+"usage: sess_id args\n",
 "\n",
 " -inform arg     - input format - default PEM (one of DER, TXT or PEM)\n",
 " -outform arg    - output format - default PEM\n",
 " -in arg         - input file - default stdin\n",
 " -out arg        - output file - default stdout\n",
 " -text           - print ssl session id details\n",
-" -cert           - output certificaet \n",
+" -cert           - output certificate \n",
 " -noout          - no CRL output\n",
+" -context arg    - set the session ID context\n",
 NULL
 };
 
-#ifndef NOPROTO
 static SSL_SESSION *load_sess_id(char *file, int format);
-#else
-static SSL_SESSION *load_sess_id();
-#endif
-
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	SSL_SESSION *x=NULL;
 	int ret=1,i,num,badops=0;
 	BIO *out=NULL;
 	int informat,outformat;
-	char *infile=NULL,*outfile=NULL;
+	char *infile=NULL,*outfile=NULL,*context=NULL;
 	int cert=0,noout=0,text=0;
 	char **pp;
 
@@ -145,6 +134,11 @@ char **argv;
 			cert= ++num;
 		else if (strcmp(*argv,"-noout") == 0)
 			noout= ++num;
+		else if (strcmp(*argv,"-context") == 0)
+		    {
+		    if(--argc < 1) goto bad;
+		    context=*++argv;
+		    }
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -167,6 +161,17 @@ bad:
 	x=load_sess_id(infile,informat);
 	if (x == NULL) { goto end; }
 
+	if(context)
+	    {
+	    x->sid_ctx_length=strlen(context);
+	    if(x->sid_ctx_length > SSL_MAX_SID_CTX_LENGTH)
+		{
+		BIO_printf(bio_err,"Context too long\n");
+		goto end;
+		}
+	    memcpy(x->sid_ctx,context,x->sid_ctx_length);
+	    }
+
 #ifdef undef
 	/* just testing for memory leaks :-) */
 	{
@@ -259,9 +264,7 @@ end:
 	EXIT(ret);
 	}
 
-static SSL_SESSION *load_sess_id(infile, format)
-char *infile;
-int format;
+static SSL_SESSION *load_sess_id(char *infile, int format)
 	{
 	SSL_SESSION *x=NULL;
 	BIO *in=NULL;
@@ -286,7 +289,7 @@ int format;
 	if 	(format == FORMAT_ASN1)
 		x=d2i_SSL_SESSION_bio(in,NULL);
 	else if (format == FORMAT_PEM)
-		x=PEM_read_bio_SSL_SESSION(in,NULL,NULL);
+		x=PEM_read_bio_SSL_SESSION(in,NULL,NULL,NULL);
 	else	{
 		BIO_printf(bio_err,"bad input format specified for input crl\n");
 		goto end;
diff --git a/lib/libssl/src/apps/speed.c b/lib/libssl/src/apps/speed.c
index 00039342475..3cfb4dbea2e 100644
--- a/lib/libssl/src/apps/speed.c
+++ b/lib/libssl/src/apps/speed.c
@@ -60,8 +60,8 @@
 
 #undef SECONDS
 #define SECONDS		3	
-#define RSA_SECONDS	10	
-#define DSA_SECONDS	10	
+#define RSA_SECONDS	10
+#define DSA_SECONDS	10
 
 /* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
 /* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
@@ -78,15 +78,14 @@
 #ifdef NO_STDIO
 #define APPS_WIN16
 #endif
-#include "crypto.h"
-#include "rand.h"
-#include "err.h"
+#include <openssl/crypto.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
 
-#ifndef MSDOS
+#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
 #define TIMES
 #endif
 
-#ifndef VMS
 #ifndef _IRIX
 #include <time.h>
 #endif
@@ -94,67 +93,70 @@
 #include <sys/types.h>
 #include <sys/times.h>
 #endif
-#else /* VMS */
-#include <types.h>
-struct tms {
-	time_t tms_utime;
-	time_t tms_stime;
-	time_t tms_uchild;	/* I dunno...  */
-	time_t tms_uchildsys;	/* so these names are a guess :-) */
-	}
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#undef TIMES
 #endif
+
 #ifndef TIMES
 #include <sys/timeb.h>
 #endif
 
-#ifdef sun
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
 #include <limits.h>
 #include <sys/param.h>
 #endif
 
 #ifndef NO_DES
-#include "des.h"
+#include <openssl/des.h>
 #endif
 #ifndef NO_MD2
-#include "md2.h"
+#include <openssl/md2.h>
 #endif
 #ifndef NO_MDC2
-#include "mdc2.h"
+#include <openssl/mdc2.h>
 #endif
 #ifndef NO_MD5
-#include "md5.h"
-#include "hmac.h"
-#include "evp.h"
+#include <openssl/md5.h>
+#endif
+#ifndef NO_HMAC
+#include <openssl/hmac.h>
 #endif
-#ifndef NO_SHA1
-#include "sha.h"
+#include <openssl/evp.h>
+#ifndef NO_SHA
+#include <openssl/sha.h>
 #endif
-#ifndef NO_RMD160
-#include "ripemd.h"
+#ifndef NO_RIPEMD
+#include <openssl/ripemd.h>
 #endif
 #ifndef NO_RC4
-#include "rc4.h"
+#include <openssl/rc4.h>
 #endif
 #ifndef NO_RC5
-#include "rc5.h"
+#include <openssl/rc5.h>
 #endif
 #ifndef NO_RC2
-#include "rc2.h"
+#include <openssl/rc2.h>
 #endif
 #ifndef NO_IDEA
-#include "idea.h"
+#include <openssl/idea.h>
 #endif
-#ifndef NO_BLOWFISH
-#include "blowfish.h"
+#ifndef NO_BF
+#include <openssl/blowfish.h>
 #endif
 #ifndef NO_CAST
-#include "cast.h"
+#include <openssl/cast.h>
 #endif
 #ifndef NO_RSA
-#include "rsa.h"
-#endif
-#include "x509.h"
+#include <openssl/rsa.h>
 #include "./testrsa.h"
+#endif
+#include <openssl/x509.h>
 #ifndef NO_DSA
 #include "./testdsa.h"
 #endif
@@ -163,11 +165,7 @@ struct tms {
 #ifndef HZ
 # ifndef CLK_TCK
 #  ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
-#   ifndef VMS
-#    define HZ	100.0
-#   else /* VMS */
-#    define HZ	100.0
-#   endif
+#   define HZ	100.0
 #  else /* _BSD_CLK_TCK_ */
 #   define HZ ((double)_BSD_CLK_TCK_)
 #  endif
@@ -180,16 +178,9 @@ struct tms {
 #define BUFSIZE	((long)1024*8+1)
 int run=0;
 
-#ifndef NOPROTO
 static double Time_F(int s);
 static void print_message(char *s,long num,int length);
 static void pkey_print_message(char *str,char *str2,long num,int bits,int sec);
-#else
-static double Time_F();
-static void print_message();
-static void pkey_print_message();
-#endif
-
 #ifdef SIGALRM
 #if defined(__STDC__) || defined(sgi) || defined(_AIX)
 #define SIGRETTYPE void
@@ -197,14 +188,8 @@ static void pkey_print_message();
 #define SIGRETTYPE int
 #endif 
 
-#ifndef NOPROTO
 static SIGRETTYPE sig_done(int sig);
-#else
-static SIGRETTYPE sig_done();
-#endif
-
-static SIGRETTYPE sig_done(sig)
-int sig;
+static SIGRETTYPE sig_done(int sig)
 	{
 	signal(SIGALRM,sig_done);
 	run=0;
@@ -217,8 +202,7 @@ int sig;
 #define START	0
 #define STOP	1
 
-static double Time_F(s)
-int s;
+static double Time_F(int s)
 	{
 	double ret;
 #ifdef TIMES
@@ -254,9 +238,7 @@ int s;
 #endif
 	}
 
-int MAIN(argc,argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	unsigned char *buf=NULL,*buf2=NULL;
 	int ret=1;
@@ -276,10 +258,10 @@ char **argv;
 	unsigned char md5[MD5_DIGEST_LENGTH];
 	unsigned char hmac[MD5_DIGEST_LENGTH];
 #endif
-#ifndef NO_SHA1
+#ifndef NO_SHA
 	unsigned char sha[SHA_DIGEST_LENGTH];
 #endif
-#ifndef NO_RMD160
+#ifndef NO_RIPEMD
 	unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
 #endif
 #ifndef NO_RC4
@@ -294,7 +276,7 @@ char **argv;
 #ifndef NO_IDEA
 	IDEA_KEY_SCHEDULE idea_ks;
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 	BF_KEY bf_ks;
 #endif
 #ifndef NO_CAST
@@ -305,6 +287,7 @@ char **argv;
 		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
 	unsigned char iv[8];
 #ifndef NO_DES
+	des_cblock *buf_as_des_cblock = NULL;
 	static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
 	static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
 	static des_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
@@ -338,9 +321,9 @@ char **argv;
 #define	R_RSA_1024	1
 #define	R_RSA_2048	2
 #define	R_RSA_4096	3
+#ifndef NO_RSA
 	RSA *rsa_key[RSA_NUM];
 	long rsa_c[RSA_NUM][2];
-#ifndef NO_RSA
 	double rsa_results[RSA_NUM][2];
 	static unsigned int rsa_bits[RSA_NUM]={512,1024,2048,4096};
 	static unsigned char *rsa_data[RSA_NUM]=
@@ -361,19 +344,28 @@ char **argv;
 	int pr_header=0;
 
 	apps_startup();
+#ifndef NO_DSA
+	memset(dsa_key,0,sizeof(dsa_key));
+#endif
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+#ifndef NO_RSA
+	memset(rsa_key,0,sizeof(rsa_key));
 	for (i=0; i<RSA_NUM; i++)
 		rsa_key[i]=NULL;
+#endif
 
 	if ((buf=(unsigned char *)Malloc((int)BUFSIZE)) == NULL)
 		{
 		BIO_printf(bio_err,"out of memory\n");
 		goto end;
 		}
+#ifndef NO_DES
+	buf_as_des_cblock = (des_cblock *)buf;
+#endif
 	if ((buf2=(unsigned char *)Malloc((int)BUFSIZE)) == NULL)
 		{
 		BIO_printf(bio_err,"out of memory\n");
@@ -411,13 +403,13 @@ char **argv;
 			if (strcmp(*argv,"hmac") == 0) doit[D_HMAC]=1;
 		else
 #endif
-#ifndef NO_SHA1
+#ifndef NO_SHA
 			if (strcmp(*argv,"sha1") == 0) doit[D_SHA1]=1;
 		else
 			if (strcmp(*argv,"sha") == 0) doit[D_SHA1]=1;
 		else
 #endif
-#ifndef NO_RMD160
+#ifndef NO_RIPEMD
 			if (strcmp(*argv,"ripemd") == 0) doit[D_RMD160]=1;
 		else
 			if (strcmp(*argv,"rmd160") == 0) doit[D_RMD160]=1;
@@ -443,7 +435,7 @@ char **argv;
 			}
 		else
 #endif
-			if (strcmp(*argv,"ssleay") == 0) 
+			if (strcmp(*argv,"openssl") == 0) 
 			{
 			RSA_set_default_method(RSA_PKCS1_SSLeay());
 			j--;
@@ -473,7 +465,7 @@ char **argv;
 		else if (strcmp(*argv,"idea") == 0) doit[D_CBC_IDEA]=1;
 		else
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 		     if (strcmp(*argv,"bf-cbc") == 0) doit[D_CBC_BF]=1;
 		else if (strcmp(*argv,"blowfish") == 0) doit[D_CBC_BF]=1;
 		else if (strcmp(*argv,"bf") == 0) doit[D_CBC_BF]=1;
@@ -523,10 +515,10 @@ char **argv;
 #ifndef NO_RC5
 			BIO_printf(bio_err,"rc5-cbc  ");
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 			BIO_printf(bio_err,"bf-cbc");
 #endif
-#if !defined(NO_IDEA) && !defined(NO_RC2) && !defined(NO_BLOWFISH) && !defined(NO_RC5)
+#if !defined(NO_IDEA) && !defined(NO_RC2) && !defined(NO_BF) && !defined(NO_RC5)
 			BIO_printf(bio_err,"\n");
 #endif
 			BIO_printf(bio_err,"des-cbc  des-ede3 ");
@@ -594,9 +586,9 @@ char **argv;
 #endif
 
 #ifndef NO_DES
-	des_set_key((C_Block *)key,sch);
-	des_set_key((C_Block *)key2,sch2);
-	des_set_key((C_Block *)key3,sch3);
+	des_set_key(&key,sch);
+	des_set_key(&key2,sch2);
+	des_set_key(&key3,sch3);
 #endif
 #ifndef NO_IDEA
 	idea_set_encrypt_key(key16,&idea_ks);
@@ -610,14 +602,15 @@ char **argv;
 #ifndef NO_RC5
 	RC5_32_set_key(&rc5_ks,16,key16,12);
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 	BF_set_key(&bf_ks,16,key16);
 #endif
 #ifndef NO_CAST
 	CAST_set_key(&cast_ks,16,key16);
 #endif
-
+#ifndef NO_RSA
 	memset(rsa_c,0,sizeof(rsa_c));
+#endif
 #ifndef SIGALRM
 	BIO_printf(bio_err,"First we calculate the approximate speed ...\n");
 	count=10;
@@ -626,7 +619,7 @@ char **argv;
 		count*=2;
 		Time_F(START);
 		for (i=count; i; i--)
-			des_ecb_encrypt((C_Block *)buf,(C_Block *)buf,
+			des_ecb_encrypt(buf_as_des_cblock,buf_as_des_cblock,
 				&(sch[0]),DES_ENCRYPT);
 		d=Time_F(STOP);
 		} while (d <3);
@@ -669,6 +662,7 @@ char **argv;
 		c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1;
 		c[D_CBC_CAST][i]=c[D_CBC_CAST][i-1]*l0/l1;
 		}
+#ifndef NO_RSA
 	rsa_c[R_RSA_512][0]=count/2000;
 	rsa_c[R_RSA_512][1]=count/400;
 	for (i=1; i<RSA_NUM; i++)
@@ -679,13 +673,14 @@ char **argv;
 			rsa_doit[i]=0;
 		else
 			{
-			if (rsa_c[i] == 0)
+			if (rsa_c[i][0] == 0)
 				{
 				rsa_c[i][0]=1;
 				rsa_c[i][1]=20;
 				}
 			}				
 		}
+#endif
 
 	dsa_c[R_DSA_512][0]=count/1000;
 	dsa_c[R_DSA_512][1]=count/1000/2;
@@ -763,7 +758,7 @@ char **argv;
 		}
 #endif
 
-#ifndef NO_MD5
+#if !defined(NO_MD5) && !defined(NO_HMAC)
 	if (doit[D_HMAC])
 		{
 		HMAC_CTX hctx;
@@ -787,7 +782,7 @@ char **argv;
 			}
 		}
 #endif
-#ifndef NO_SHA1
+#ifndef NO_SHA
 	if (doit[D_SHA1])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -803,7 +798,7 @@ char **argv;
 			}
 		}
 #endif
-#ifndef NO_RMD160
+#ifndef NO_RIPEMD
 	if (doit[D_RMD160])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -844,10 +839,8 @@ char **argv;
 			print_message(names[D_CBC_DES],c[D_CBC_DES][j],lengths[j]);
 			Time_F(START);
 			for (count=0,run=1; COND(c[D_CBC_DES][j]); count++)
-				des_ncbc_encrypt((C_Block *)buf,
-					(C_Block *)buf,
-					(long)lengths[j],sch,
-					(C_Block *)&(iv[0]),DES_ENCRYPT);
+				des_ncbc_encrypt(buf,buf,lengths[j],sch,
+						 &iv,DES_ENCRYPT);
 			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_CBC_DES],d);
@@ -862,10 +855,9 @@ char **argv;
 			print_message(names[D_EDE3_DES],c[D_EDE3_DES][j],lengths[j]);
 			Time_F(START);
 			for (count=0,run=1; COND(c[D_EDE3_DES][j]); count++)
-				des_ede3_cbc_encrypt((C_Block *)buf,
-					(C_Block *)buf,
-					(long)lengths[j],sch,sch2,sch3,
-					(C_Block *)&(iv[0]),DES_ENCRYPT);
+				des_ede3_cbc_encrypt(buf,buf,lengths[j],
+						     sch,sch2,sch3,
+						     &iv,DES_ENCRYPT);
 			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_EDE3_DES],d);
@@ -883,7 +875,7 @@ char **argv;
 			for (count=0,run=1; COND(c[D_CBC_IDEA][j]); count++)
 				idea_cbc_encrypt(buf,buf,
 					(unsigned long)lengths[j],&idea_ks,
-					(unsigned char *)&(iv[0]),IDEA_ENCRYPT);
+					iv,IDEA_ENCRYPT);
 			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_CBC_IDEA],d);
@@ -901,7 +893,7 @@ char **argv;
 			for (count=0,run=1; COND(c[D_CBC_RC2][j]); count++)
 				RC2_cbc_encrypt(buf,buf,
 					(unsigned long)lengths[j],&rc2_ks,
-					(unsigned char *)&(iv[0]),RC2_ENCRYPT);
+					iv,RC2_ENCRYPT);
 			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_CBC_RC2],d);
@@ -919,7 +911,7 @@ char **argv;
 			for (count=0,run=1; COND(c[D_CBC_RC5][j]); count++)
 				RC5_32_cbc_encrypt(buf,buf,
 					(unsigned long)lengths[j],&rc5_ks,
-					(unsigned char *)&(iv[0]),RC5_ENCRYPT);
+					iv,RC5_ENCRYPT);
 			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_CBC_RC5],d);
@@ -927,7 +919,7 @@ char **argv;
 			}
 		}
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 	if (doit[D_CBC_BF])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -937,7 +929,7 @@ char **argv;
 			for (count=0,run=1; COND(c[D_CBC_BF][j]); count++)
 				BF_cbc_encrypt(buf,buf,
 					(unsigned long)lengths[j],&bf_ks,
-					(unsigned char *)&(iv[0]),BF_ENCRYPT);
+					iv,BF_ENCRYPT);
 			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_CBC_BF],d);
@@ -955,7 +947,7 @@ char **argv;
 			for (count=0,run=1; COND(c[D_CBC_CAST][j]); count++)
 				CAST_cbc_encrypt(buf,buf,
 					(unsigned long)lengths[j],&cast_ks,
-					(unsigned char *)&(iv[0]),CAST_ENCRYPT);
+					iv,CAST_ENCRYPT);
 			d=Time_F(STOP);
 			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
 				count,names[D_CBC_CAST],d);
@@ -969,6 +961,8 @@ char **argv;
 	for (j=0; j<RSA_NUM; j++)
 		{
 		if (!rsa_doit[j]) continue;
+		rsa_num=RSA_private_encrypt(30,buf,buf2,rsa_key[j],
+			RSA_PKCS1_PADDING);
 		pkey_print_message("private","rsa",rsa_c[j][0],rsa_bits[j],
 			RSA_SECONDS);
 /*		RSA_blinding_on(rsa_key[j],NULL); */
@@ -992,6 +986,8 @@ char **argv;
 		rsa_count=count;
 
 #if 1
+		rsa_num2=RSA_public_decrypt(rsa_num,buf2,buf,rsa_key[j],
+			RSA_PKCS1_PADDING);
 		pkey_print_message("public","rsa",rsa_c[j][1],rsa_bits[j],
 			RSA_SECONDS);
 		Time_F(START);
@@ -1031,6 +1027,8 @@ char **argv;
 		if (!dsa_doit[j]) continue;
 		DSA_generate_key(dsa_key[j]);
 /*		DSA_sign_setup(dsa_key[j],NULL); */
+		rsa_num=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
+			&kk,dsa_key[j]);
 		pkey_print_message("sign","dsa",dsa_c[j][0],dsa_bits[j],
 			DSA_SECONDS);
 		Time_F(START);
@@ -1052,6 +1050,8 @@ char **argv;
 		dsa_results[j][0]=d/(double)count;
 		rsa_count=count;
 
+		rsa_num2=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
+			kk,dsa_key[j]);
 		pkey_print_message("verify","dsa",dsa_c[j][1],dsa_bits[j],
 			DSA_SECONDS);
 		Time_F(START);
@@ -1097,7 +1097,7 @@ char **argv;
 #ifndef NO_IDEA
 	printf("%s ",idea_options());
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 	printf("%s ",BF_options());
 #endif
 	fprintf(stdout,"\n%s\n",SSLeay_version(SSLEAY_CFLAGS));
@@ -1134,7 +1134,7 @@ char **argv;
 			printf("%18ssign    verify    sign/s verify/s\n"," ");
 			j=0;
 			}
-		fprintf(stdout,"rsa %4d bits %8.4fs %8.4fs %8.1f %8.1f",
+		fprintf(stdout,"rsa %4u bits %8.4fs %8.4fs %8.1f %8.1f",
 			rsa_bits[k],rsa_results[k][0],rsa_results[k][1],
 			1.0/rsa_results[k][0],1.0/rsa_results[k][1]);
 		fprintf(stdout,"\n");
@@ -1149,7 +1149,7 @@ char **argv;
 			printf("%18ssign    verify    sign/s verify/s\n"," ");
 			j=0;
 			}
-		fprintf(stdout,"dsa %4d bits %8.4fs %8.4fs %8.1f %8.1f",
+		fprintf(stdout,"dsa %4u bits %8.4fs %8.4fs %8.1f %8.1f",
 			dsa_bits[k],dsa_results[k][0],dsa_results[k][1],
 			1.0/dsa_results[k][0],1.0/dsa_results[k][1]);
 		fprintf(stdout,"\n");
@@ -1172,38 +1172,31 @@ end:
 	EXIT(ret);
 	}
 
-static void print_message(s,num,length)
-char *s;
-long num;
-int length;
+static void print_message(char *s, long num, int length)
 	{
 #ifdef SIGALRM
 	BIO_printf(bio_err,"Doing %s for %ds on %d size blocks: ",s,SECONDS,length);
-	BIO_flush(bio_err);
+	(void)BIO_flush(bio_err);
 	alarm(SECONDS);
 #else
 	BIO_printf(bio_err,"Doing %s %ld times on %d size blocks: ",s,num,length);
-	BIO_flush(bio_err);
+	(void)BIO_flush(bio_err);
 #endif
 #ifdef LINT
 	num=num;
 #endif
 	}
 
-static void pkey_print_message(str,str2,num,bits,tm)
-char *str;
-char *str2;
-long num;
-int bits;
-int tm;
+static void pkey_print_message(char *str, char *str2, long num, int bits,
+	     int tm)
 	{
 #ifdef SIGALRM
 	BIO_printf(bio_err,"Doing %d bit %s %s's for %ds: ",bits,str,str2,tm);
-	BIO_flush(bio_err);
+	(void)BIO_flush(bio_err);
 	alarm(RSA_SECONDS);
 #else
 	BIO_printf(bio_err,"Doing %ld %d bit %s %s's: ",num,bits,str,str2);
-	BIO_flush(bio_err);
+	(void)BIO_flush(bio_err);
 #endif
 #ifdef LINT
 	num=num;
diff --git a/lib/libssl/src/apps/ssleay.cnf b/lib/libssl/src/apps/ssleay.cnf
deleted file mode 100644
index 0b3bfa64f86..00000000000
--- a/lib/libssl/src/apps/ssleay.cnf
+++ /dev/null
@@ -1,116 +0,0 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-RANDFILE		= $ENV::HOME/.rnd
-
-####################################################################
-[ ca ]
-default_ca	= CA_default		# The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir		= ./demoCA		# Where everything is kept
-certs		= $dir/certs		# Where the issued certs are kept
-crl_dir		= $dir/crl		# Where the issued crl are kept
-database	= $dir/index.txt	# database index file.
-new_certs_dir	= $dir/newcerts		# default place for new certs.
-
-certificate	= $dir/cacert.pem 	# The CA certificate
-serial		= $dir/serial 		# The current serial number
-crl		= $dir/crl.pem 		# The current CRL
-private_key	= $dir/private/cakey.pem# The private key
-RANDFILE	= $dir/private/.rand	# private random number file
-
-x509_extensions	= x509v3_extensions	# The extentions to add to the cert
-default_days	= 365			# how long to certify for
-default_crl_days= 30			# how long before next CRL
-default_md	= md5			# which md to use.
-preserve	= no			# keep passed DN ordering
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy		= policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName		= match
-stateOrProvinceName	= match
-organizationName	= match
-organizationalUnitName	= optional
-commonName		= supplied
-emailAddress		= optional
-
-# For the 'anything' policy
-# At this point in time, you must list all acceptable 'object'
-# types.
-[ policy_anything ]
-countryName		= optional
-stateOrProvinceName	= optional
-localityName		= optional
-organizationName	= optional
-organizationalUnitName	= optional
-commonName		= supplied
-emailAddress		= optional
-
-####################################################################
-[ req ]
-default_bits		= 1024
-default_keyfile 	= privkey.pem
-distinguished_name	= req_distinguished_name
-attributes		= req_attributes
-
-[ req_distinguished_name ]
-countryName			= Country Name (2 letter code)
-countryName_default		= AU
-countryName_min			= 2
-countryName_max			= 2
-
-stateOrProvinceName		= State or Province Name (full name)
-stateOrProvinceName_default	= Some-State
-
-localityName			= Locality Name (eg, city)
-
-0.organizationName		= Organization Name (eg, company)
-0.organizationName_default	= Internet Widgits Pty Ltd
-
-# we can do this but it is not needed normally :-)
-#1.organizationName		= Second Organization Name (eg, company)
-#1.organizationName_default	= CryptSoft Pty Ltd
-
-organizationalUnitName		= Organizational Unit Name (eg, section)
-#organizationalUnitName_default	=
-
-commonName			= Common Name (eg, YOUR name)
-commonName_max			= 64
-
-emailAddress			= Email Address
-emailAddress_max		= 40
-
-[ req_attributes ]
-challengePassword		= A challenge password
-challengePassword_min		= 4
-challengePassword_max		= 20
-
-unstructuredName		= An optional company name
-
-[ x509v3_extensions ]
-
-nsCaRevocationUrl		= http://www.cryptsoft.com/ca-crl.pem
-nsComment			= "This is a comment"
-
-# under ASN.1, the 0 bit would be encoded as 80
-nsCertType			= 0x40
-
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-#nsCertSequence
-#nsCertExt
-#nsDataType
-
diff --git a/lib/libssl/src/apps/testdsa.h b/lib/libssl/src/apps/testdsa.h
index 8e8aea617a2..a322978f8c2 100644
--- a/lib/libssl/src/apps/testdsa.h
+++ b/lib/libssl/src/apps/testdsa.h
@@ -1,14 +1,7 @@
 /* NOCW */
-#ifndef NOPROTO
 DSA *get_dsa512(void );
 DSA *get_dsa1024(void );
 DSA *get_dsa2048(void );
-#else
-DSA *get_dsa512();
-DSA *get_dsa1024();
-DSA *get_dsa2048();
-#endif
-
 static unsigned char dsa512_p[]={
 	0x9D,0x1B,0x69,0x8E,0x26,0xDB,0xF2,0x2B,0x11,0x70,0x19,0x86,
 	0xF6,0x19,0xC8,0xF8,0x19,0xF2,0x18,0x53,0x94,0x46,0x06,0xD0,
diff --git a/lib/libssl/src/apps/verify.c b/lib/libssl/src/apps/verify.c
index 8cd675ff0ab..093fe09f2c2 100644
--- a/lib/libssl/src/apps/verify.c
+++ b/lib/libssl/src/apps/verify.c
@@ -60,27 +60,19 @@
 #include <stdlib.h>
 #include <string.h>
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 #undef PROG
 #define PROG	verify_main
 
-#ifndef NOPROTO
 static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx);
 static int check(X509_STORE *ctx,char *file);
-#else
-static int MS_CALLBACK cb();
-static int check();
-#endif
-
 static int v_verbose=0;
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	int i,ret=1;
 	char *CApath=NULL,*CAfile=NULL;
@@ -141,6 +133,7 @@ char **argv;
 		X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
 
 
+	ERR_clear_error();
 	if (argc < 1) check(cert_ctx,NULL);
 	else
 		for (i=0; i<argc; i++)
@@ -153,9 +146,7 @@ end:
 	EXIT(ret);
 	}
 
-static int check(ctx,file)
-X509_STORE *ctx;
-char *file;
+static int check(X509_STORE *ctx, char *file)
 	{
 	X509 *x=NULL;
 	BIO *in=NULL;
@@ -180,7 +171,7 @@ char *file;
 			}
 		}
 
-	x=PEM_read_bio_X509(in,NULL,NULL);
+	x=PEM_read_bio_X509(in,NULL,NULL,NULL);
 	if (x == NULL)
 		{
 		fprintf(stdout,"%s: unable to load certificate file\n",
@@ -209,9 +200,7 @@ end:
 	return(ret);
 	}
 
-static int MS_CALLBACK cb(ok,ctx)
-int ok;
-X509_STORE_CTX *ctx;
+static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)
 	{
 	char buf[256];
 
diff --git a/lib/libssl/src/apps/version.c b/lib/libssl/src/apps/version.c
index fcf1f08cfb3..a567f34094c 100644
--- a/lib/libssl/src/apps/version.c
+++ b/lib/libssl/src/apps/version.c
@@ -60,18 +60,16 @@
 #include <stdlib.h>
 #include <string.h>
 #include "apps.h"
-#include "evp.h"
-#include "crypto.h"
+#include <openssl/evp.h>
+#include <openssl/crypto.h>
 
 #undef PROG
 #define PROG	version_main
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	int i,ret=0;
-	int cflags=0,version=0,date=0,options=0;
+	int cflags=0,version=0,date=0,options=0,platform=0;
 
 	apps_startup();
 
@@ -90,11 +88,13 @@ char **argv;
 			cflags=1;
 		else if (strcmp(argv[i],"-o") == 0)
 			options=1;
+		else if (strcmp(argv[i],"-p") == 0)
+			platform=1;
 		else if (strcmp(argv[i],"-a") == 0)
-			date=version=cflags=options=1;
+			date=version=cflags=options=platform=1;
 		else
 			{
-			BIO_printf(bio_err,"usage:version [-a] [-v] [-b] [-o] [-f]\n");
+			BIO_printf(bio_err,"usage:version -[avbofp]\n");
 			ret=1;
 			goto end;
 			}
@@ -102,9 +102,10 @@ char **argv;
 
 	if (version) printf("%s\n",SSLeay_version(SSLEAY_VERSION));
 	if (date)    printf("%s\n",SSLeay_version(SSLEAY_BUILT_ON));
+	if (platform) printf("%s\n",SSLeay_version(SSLEAY_PLATFORM));
 	if (options) 
 		{
-		printf("options:");
+		printf("options:  ");
 		printf("%s ",BN_options());
 #ifndef NO_MD2
 		printf("%s ",MD2_options());
@@ -118,7 +119,7 @@ char **argv;
 #ifndef NO_IDEA
 		printf("%s ",idea_options());
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 		printf("%s ",BF_options());
 #endif
 		printf("\n");
diff --git a/lib/libssl/src/apps/x509.c b/lib/libssl/src/apps/x509.c
index f5e8be10686..2e2d18bea4d 100644
--- a/lib/libssl/src/apps/x509.c
+++ b/lib/libssl/src/apps/x509.c
@@ -63,14 +63,15 @@
 #define APPS_WIN16
 #endif
 #include "apps.h"
-#include "bio.h"
-#include "asn1.h"
-#include "err.h"
-#include "bn.h"
-#include "evp.h"
-#include "x509.h"
-#include "objects.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/asn1.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/objects.h>
+#include <openssl/pem.h>
 
 #undef PROG
 #define PROG x509_main
@@ -79,17 +80,12 @@
 #define	POSTFIX	".srl"
 #define DEF_DAYS	30
 
-#define FORMAT_UNDEF	0
-#define FORMAT_ASN1	1
-#define FORMAT_TEXT	2
-#define FORMAT_PEM	3
-
 #define CERT_HDR	"certificate"
 
 static char *x509_usage[]={
 "usage: x509 args\n",
 " -inform arg     - input format - default PEM (one of DER, NET or PEM)\n",
-" -outform arg    - output format - default PEM (one of DER, NET or PEM\n",
+" -outform arg    - output format - default PEM (one of DER, NET or PEM)\n",
 " -keyform arg    - private key format - default PEM\n",
 " -CAform arg     - CA format - default PEM\n",
 " -CAkeyform arg  - CA key format - default PEM\n",
@@ -115,32 +111,24 @@ static char *x509_usage[]={
 "                   missing, it is asssumed to be in the CA file.\n",
 " -CAcreateserial - create serial number file if it does not exist\n",
 " -CAserial       - serial file\n",
-" -text           - print the certitificate in text form\n",
+" -text           - print the certificate in text form\n",
 " -C              - print out C code forms\n",
 " -md2/-md5/-sha1/-mdc2 - digest to do an RSA sign with\n",
+" -extfile        - configuration file with X509V3 extensions to add\n",
 NULL
 };
 
-#ifndef NOPROTO
 static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);
 static EVP_PKEY *load_key(char *file, int format);
 static X509 *load_cert(char *file, int format);
-static int sign (X509 *x, EVP_PKEY *pkey,int days,EVP_MD *digest);
-static int x509_certify (X509_STORE *ctx,char *CAfile, EVP_MD *digest,X509 *x,
-	X509 *xca, EVP_PKEY *pkey,char *serial, int create, int days);
-#else
-static int MS_CALLBACK callb();
-static EVP_PKEY *load_key();
-static X509 *load_cert();
-static int sign ();
-static int x509_certify ();
-#endif
-
+static int sign (X509 *x, EVP_PKEY *pkey,int days,const EVP_MD *digest,
+						LHASH *conf, char *section);
+static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest,
+			 X509 *x,X509 *xca,EVP_PKEY *pkey,char *serial,
+			 int create,int days, LHASH *conf, char *section);
 static int reqfile=0;
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	int ret=1;
 	X509_REQ *req=NULL;
@@ -161,7 +149,9 @@ char **argv;
 	X509_REQ *rq=NULL;
 	int fingerprint=0;
 	char buf[256];
-	EVP_MD *md_alg,*digest=EVP_md5();
+	const EVP_MD *md_alg,*digest=EVP_md5();
+	LHASH *extconf = NULL;
+	char *extsect = NULL, *extfile = NULL;
 
 	reqfile=0;
 
@@ -219,10 +209,15 @@ char **argv;
 			days=atoi(*(++argv));
 			if (days == 0)
 				{
-				BIO_printf(bio_err,"bad number of days\n");
+				BIO_printf(STDout,"bad number of days\n");
 				goto bad;
 				}
 			}
+		else if (strcmp(*argv,"-extfile") == 0)
+			{
+			if (--argc < 1) goto bad;
+			extfile= *(++argv);
+			}
 		else if (strcmp(*argv,"-in") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -310,6 +305,7 @@ bad:
 		}
 
 	ERR_load_crypto_strings();
+	X509V3_add_standard_extensions();
 
 	if (!X509_STORE_set_default_paths(ctx))
 		{
@@ -325,6 +321,34 @@ bad:
 		goto end;
 		}
 
+	if (extfile) {
+		long errorline;
+		X509V3_CTX ctx2;
+		if (!(extconf=CONF_load(NULL,extfile,&errorline))) {
+			if (errorline <= 0)
+				BIO_printf(bio_err,
+					"error loading the config file '%s'\n",
+								extfile);
+                	else
+                        	BIO_printf(bio_err,
+				       "error on line %ld of config file '%s'\n"
+							,errorline,extfile);
+			goto end;
+		}
+		if(!(extsect = CONF_get_string(extconf, "default",
+					 "extensions"))) extsect = "default";
+		X509V3_set_ctx_test(&ctx2);
+		X509V3_set_conf_lhash(&ctx2, extconf);
+		if(!X509V3_EXT_add_conf(extconf, &ctx2, extsect, NULL)) {
+			BIO_printf(bio_err,
+				"Error Loading extension section %s\n",
+								 extsect);
+			ERR_print_errors(bio_err);
+			goto end;
+                }
+	} 
+
+
 	if (reqfile)
 		{
 		EVP_PKEY *pkey;
@@ -353,7 +377,7 @@ bad:
 				goto end;
 				}
 			}
-		req=PEM_read_bio_X509_REQ(in,NULL,NULL);
+		req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL);
 		BIO_free(in);
 
 		if (req == NULL) { perror(infile); goto end; }
@@ -373,6 +397,7 @@ bad:
 	                goto end;
 	                }
 		i=X509_REQ_verify(req,pkey);
+		EVP_PKEY_free(pkey);
 		if (i < 0)
 			{
 			BIO_printf(bio_err,"Signature verification error\n");
@@ -400,9 +425,15 @@ bad:
 		X509_gmtime_adj(X509_get_notBefore(x),0);
 	        X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
 
+#if 0
 		X509_PUBKEY_free(ci->key);
 		ci->key=req->req_info->pubkey;
 	        req->req_info->pubkey=NULL;
+#else
+		pkey = X509_REQ_get_pubkey(req);
+		X509_set_pubkey(x,pkey);
+		EVP_PKEY_free(pkey);
+#endif
 		}
 	else
 		x=load_cert(infile,informat);
@@ -445,27 +476,25 @@ bad:
 				{
 				X509_NAME_oneline(X509_get_issuer_name(x),
 					buf,256);
-				fprintf(stdout,"issuer= %s\n",buf);
+				BIO_printf(STDout,"issuer= %s\n",buf);
 				}
 			else if (subject == i) 
 				{
 				X509_NAME_oneline(X509_get_subject_name(x),
 					buf,256);
-				fprintf(stdout,"subject=%s\n",buf);
+				BIO_printf(STDout,"subject=%s\n",buf);
 				}
 			else if (serial == i)
 				{
-				fprintf(stdout,"serial=");
+				BIO_printf(STDout,"serial=");
 				i2a_ASN1_INTEGER(STDout,x->cert_info->serialNumber);
-				fprintf(stdout,"\n");
+				BIO_printf(STDout,"\n");
 				}
 			else if (hash == i)
 				{
-				fprintf(stdout,"%08lx\n",
-					X509_subject_name_hash(x));
+				BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x));
 				}
 			else
-#ifndef NO_RSA
 				if (modulus == i)
 				{
 				EVP_PKEY *pkey;
@@ -473,19 +502,26 @@ bad:
 				pkey=X509_get_pubkey(x);
 				if (pkey == NULL)
 					{
-					fprintf(stdout,"Modulus=unavailable\n");
+					BIO_printf(bio_err,"Modulus=unavailable\n");
 					ERR_print_errors(bio_err);
 					goto end;
 					}
-				fprintf(stdout,"Modulus=");
+				BIO_printf(STDout,"Modulus=");
+#ifndef NO_RSA
 				if (pkey->type == EVP_PKEY_RSA)
 					BN_print(STDout,pkey->pkey.rsa->n);
 				else
-					fprintf(stdout,"Wrong Algorithm type");
-				fprintf(stdout,"\n");
+#endif
+#ifndef NO_DSA
+				if (pkey->type == EVP_PKEY_DSA)
+					BN_print(STDout,pkey->pkey.dsa->pub_key);
+				else
+#endif
+					BIO_printf(STDout,"Wrong Algorithm type");
+				BIO_printf(STDout,"\n");
+				EVP_PKEY_free(pkey);
 				}
 			else
-#endif
 				if (C == i)
 				{
 				unsigned char *d;
@@ -494,47 +530,49 @@ bad:
 
 				X509_NAME_oneline(X509_get_subject_name(x),
 					buf,256);
-				printf("/* subject:%s */\n",buf);
+				BIO_printf(STDout,"/* subject:%s */\n",buf);
 				m=X509_NAME_oneline(
 					X509_get_issuer_name(x),buf,256);
-				printf("/* issuer :%s */\n",buf);
+				BIO_printf(STDout,"/* issuer :%s */\n",buf);
 
 				z=i2d_X509(x,NULL);
 				m=Malloc(z);
 
 				d=(unsigned char *)m;
 				z=i2d_X509_NAME(X509_get_subject_name(x),&d);
-				printf("unsigned char XXX_subject_name[%d]={\n",z);
+				BIO_printf(STDout,"unsigned char XXX_subject_name[%d]={\n",z);
 				d=(unsigned char *)m;
 				for (y=0; y<z; y++)
 					{
-					printf("0x%02X,",d[y]);
-					if ((y & 0x0f) == 0x0f) printf("\n");
+					BIO_printf(STDout,"0x%02X,",d[y]);
+					if ((y & 0x0f) == 0x0f) BIO_printf(STDout,"\n");
 					}
-				if (y%16 != 0) printf("\n");
-				printf("};\n");
+				if (y%16 != 0) BIO_printf(STDout,"\n");
+				BIO_printf(STDout,"};\n");
 
 				z=i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x),&d);
-				printf("unsigned char XXX_public_key[%d]={\n",z);
+				BIO_printf(STDout,"unsigned char XXX_public_key[%d]={\n",z);
 				d=(unsigned char *)m;
 				for (y=0; y<z; y++)
 					{
-					printf("0x%02X,",d[y]);
-					if ((y & 0x0f) == 0x0f) printf("\n");
+					BIO_printf(STDout,"0x%02X,",d[y]);
+					if ((y & 0x0f) == 0x0f)
+						BIO_printf(STDout,"\n");
 					}
-				if (y%16 != 0) printf("\n");
-				printf("};\n");
+				if (y%16 != 0) BIO_printf(STDout,"\n");
+				BIO_printf(STDout,"};\n");
 
 				z=i2d_X509(x,&d);
-				printf("unsigned char XXX_certificate[%d]={\n",z);
+				BIO_printf(STDout,"unsigned char XXX_certificate[%d]={\n",z);
 				d=(unsigned char *)m;
 				for (y=0; y<z; y++)
 					{
-					printf("0x%02X,",d[y]);
-					if ((y & 0x0f) == 0x0f) printf("\n");
+					BIO_printf(STDout,"0x%02X,",d[y]);
+					if ((y & 0x0f) == 0x0f)
+						BIO_printf(STDout,"\n");
 					}
-				if (y%16 != 0) printf("\n");
-				printf("};\n");
+				if (y%16 != 0) BIO_printf(STDout,"\n");
+				BIO_printf(STDout,"};\n");
 
 				Free(m);
 				}
@@ -545,13 +583,13 @@ bad:
 			else if (startdate == i)
 				{
 				BIO_puts(STDout,"notBefore=");
-				ASN1_UTCTIME_print(STDout,X509_get_notBefore(x));
+				ASN1_TIME_print(STDout,X509_get_notBefore(x));
 				BIO_puts(STDout,"\n");
 				}
 			else if (enddate == i)
 				{
 				BIO_puts(STDout,"notAfter=");
-				ASN1_UTCTIME_print(STDout,X509_get_notAfter(x));
+				ASN1_TIME_print(STDout,X509_get_notAfter(x));
 				BIO_puts(STDout,"\n");
 				}
 			else if (fingerprint == i)
@@ -565,10 +603,10 @@ bad:
 					BIO_printf(bio_err,"out of memory\n");
 					goto end;
 					}
-				fprintf(stdout,"MD5 Fingerprint=");
+				BIO_printf(STDout,"MD5 Fingerprint=");
 				for (j=0; j<(int)n; j++)
 					{
-					fprintf(stdout,"%02X%c",md[j],
+					BIO_printf(STDout,"%02X%c",md[j],
 						(j+1 == (int)n)
 						?'\n':':');
 					}
@@ -588,7 +626,8 @@ bad:
 		                        digest=EVP_dss1();
 #endif
 
-				if (!sign(x,Upkey,days,digest)) goto end;
+				if (!sign(x,Upkey,days,digest,
+						 extconf, extsect)) goto end;
 				}
 			else if (CA_flag == i)
 				{
@@ -602,9 +641,10 @@ bad:
 		                if (CApkey->type == EVP_PKEY_DSA)
 		                        digest=EVP_dss1();
 #endif
+				
 				if (!x509_certify(ctx,CAfile,digest,x,xca,
-					CApkey,
-					CAserial,CA_createserial,days))
+					CApkey, CAserial,CA_createserial,days,
+					extconf, extsect))
 					goto end;
 				}
 			else if (x509req == i)
@@ -678,28 +718,23 @@ bad:
 	ret=0;
 end:
 	OBJ_cleanup();
-	if (out != NULL) BIO_free(out);
-	if (STDout != NULL) BIO_free(STDout);
-	if (ctx != NULL) X509_STORE_free(ctx);
-	if (req != NULL) X509_REQ_free(req);
-	if (x != NULL) X509_free(x);
-	if (xca != NULL) X509_free(xca);
-	if (Upkey != NULL) EVP_PKEY_free(Upkey);
-	if (CApkey != NULL) EVP_PKEY_free(CApkey);
-	if (rq != NULL) X509_REQ_free(rq);
+	CONF_free(extconf);
+	BIO_free(out);
+	BIO_free(STDout);
+	X509_STORE_free(ctx);
+	X509_REQ_free(req);
+	X509_free(x);
+	X509_free(xca);
+	EVP_PKEY_free(Upkey);
+	EVP_PKEY_free(CApkey);
+	X509_REQ_free(rq);
+	X509V3_EXT_cleanup();
 	EXIT(ret);
 	}
 
-static int x509_certify(ctx,CAfile,digest,x,xca,pkey,serialfile,create,days)
-X509_STORE *ctx;
-char *CAfile;
-EVP_MD *digest;
-X509 *x;
-X509 *xca;
-EVP_PKEY *pkey;
-char *serialfile;
-int create;
-int days;
+static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
+	     X509 *x, X509 *xca, EVP_PKEY *pkey, char *serialfile, int create,
+	     int days, LHASH *conf, char *section)
 	{
 	int ret=0;
 	BIO *io=NULL;
@@ -710,7 +745,9 @@ int days;
 	X509_STORE_CTX xsc;
 	EVP_PKEY *upkey;
 
-	EVP_PKEY_copy_parameters(X509_get_pubkey(xca),pkey);
+	upkey = X509_get_pubkey(xca);
+	EVP_PKEY_copy_parameters(upkey,pkey);
+	EVP_PKEY_free(upkey);
 
 	X509_STORE_CTX_init(&xsc,ctx,x,NULL);
 	buf=(char *)Malloc(EVP_PKEY_size(pkey)*2+
@@ -802,6 +839,12 @@ int days;
 	if (!reqfile && !X509_verify_cert(&xsc))
 		goto end;
 
+	if (!X509_check_private_key(xca,pkey))
+		{
+		BIO_printf(bio_err,"CA certificate and CA private key do not match\n");
+		goto end;
+		}
+
 	if (!X509_set_issuer_name(x,X509_get_subject_name(xca))) goto end;
 	if (!X509_set_serialNumber(x,bs)) goto end;
 
@@ -812,16 +855,13 @@ int days;
 	if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL)
 		goto end;
 
-	/* don't save DSA parameters in child if parent has them
-	 * and the parents and the childs are the same. */
-	upkey=X509_get_pubkey(x);
-	if (!EVP_PKEY_missing_parameters(pkey) &&
-		(EVP_PKEY_cmp_parameters(pkey,upkey) == 0))
-		{
-		EVP_PKEY_save_parameters(upkey,0);
-		/* Force a re-write */
-		X509_set_pubkey(x,upkey);
-		}
+	if(conf) {
+		X509V3_CTX ctx2;
+		X509_set_version(x,2); /* version 3 certificate */
+                X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
+                X509V3_set_conf_lhash(&ctx2, conf);
+                if(!X509V3_EXT_add_conf(conf, &ctx2, section, x)) goto end;
+	}
 
 	if (!X509_sign(x,pkey,digest)) goto end;
 	ret=1;
@@ -836,9 +876,7 @@ end:
 	return(ret);
 	}
 
-static int MS_CALLBACK callb(ok, ctx)
-int ok;
-X509_STORE_CTX *ctx;
+static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
 	{
 	char buf[256];
 	int err;
@@ -856,24 +894,22 @@ X509_STORE_CTX *ctx;
 	 * DEPTH_ZERO_SELF_.... */
 	if (ok)
 		{
-		printf("error with certificate to be certified - should be self signed\n");
+		BIO_printf(bio_err,"error with certificate to be certified - should be self signed\n");
 		return(0);
 		}
 	else
 		{
 		err_cert=X509_STORE_CTX_get_current_cert(ctx);
 		X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
-		printf("%s\n",buf);
-		printf("error with certificate - error %d at depth %d\n%s\n",
+		BIO_printf(bio_err,"%s\n",buf);
+		BIO_printf(bio_err,"error with certificate - error %d at depth %d\n%s\n",
 			err,X509_STORE_CTX_get_error_depth(ctx),
 			X509_verify_cert_error_string(err));
 		return(1);
 		}
 	}
 
-static EVP_PKEY *load_key(file, format)
-char *file;
-int format;
+static EVP_PKEY *load_key(char *file, int format)
 	{
 	BIO *key=NULL;
 	EVP_PKEY *pkey=NULL;
@@ -912,7 +948,7 @@ int format;
 #endif
 		if (format == FORMAT_PEM)
 		{
-		pkey=PEM_read_bio_PrivateKey(key,NULL,NULL);
+		pkey=PEM_read_bio_PrivateKey(key,NULL,NULL,NULL);
 		}
 	else
 		{
@@ -926,9 +962,7 @@ end:
 	return(pkey);
 	}
 
-static X509 *load_cert(file, format)
-char *file;
-int format;
+static X509 *load_cert(char *file, int format)
 	{
 	ASN1_HEADER *ah=NULL;
 	BUF_MEM *buf=NULL;
@@ -997,7 +1031,7 @@ int format;
 		ah->data=NULL;
 		}
 	else if (format == FORMAT_PEM)
-		x=PEM_read_bio_X509(cert,NULL,NULL);
+		x=PEM_read_bio_X509(cert,NULL,NULL,NULL);
 	else	{
 		BIO_printf(bio_err,"bad input format specified for input cert\n");
 		goto end;
@@ -1015,15 +1049,16 @@ end:
 	}
 
 /* self sign */
-static int sign(x, pkey, days, digest)
-X509 *x;
-EVP_PKEY *pkey;
-int days;
-EVP_MD *digest;
+static int sign(X509 *x, EVP_PKEY *pkey, int days, const EVP_MD *digest, 
+						LHASH *conf, char *section)
 	{
 
-	EVP_PKEY_copy_parameters(X509_get_pubkey(x),pkey);
-	EVP_PKEY_save_parameters(X509_get_pubkey(x),1);
+	EVP_PKEY *pktmp;
+
+	pktmp = X509_get_pubkey(x);
+	EVP_PKEY_copy_parameters(pktmp,pkey);
+	EVP_PKEY_save_parameters(pktmp,1);
+	EVP_PKEY_free(pktmp);
 
 	if (!X509_set_issuer_name(x,X509_get_subject_name(x))) goto err;
 	if (X509_gmtime_adj(X509_get_notBefore(x),0) == NULL) goto err;
@@ -1036,6 +1071,13 @@ EVP_MD *digest;
 		goto err;
 
 	if (!X509_set_pubkey(x,pkey)) goto err;
+	if(conf) {
+		X509V3_CTX ctx;
+		X509_set_version(x,2); /* version 3 certificate */
+                X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
+                X509V3_set_conf_lhash(&ctx, conf);
+                if(!X509V3_EXT_add_conf(conf, &ctx, section, x)) goto err;
+	}
 	if (!X509_sign(x,pkey,digest)) goto err;
 	return(1);
 err:
diff --git a/lib/libssl/src/bugs/sgiccbug.c b/lib/libssl/src/bugs/sgiccbug.c
index 48bd0605df8..178239d492a 100644
--- a/lib/libssl/src/bugs/sgiccbug.c
+++ b/lib/libssl/src/bugs/sgiccbug.c
@@ -7,6 +7,8 @@
 /* This compiler bug it present on IRIX 5.3, 5.1 and 4.0.5 (these are
  * the only versions of IRIX I have access to.
  * defining FIXBUG removes the bug.
+ * (bug is still present in IRIX 6.3 according to
+ * Gage <agage@forgetmenot.Mines.EDU>
  */
  
 /* Compare the output from
diff --git a/lib/libssl/src/bugs/stream.c b/lib/libssl/src/bugs/stream.c
index 50a3884995c..d2967c837d8 100644
--- a/lib/libssl/src/bugs/stream.c
+++ b/lib/libssl/src/bugs/stream.c
@@ -57,11 +57,11 @@
  */
 
 #include <stdio.h>
-#include "rc4.h"
+#include <openssl/rc4.h>
 #ifdef NO_DES
 #include <des.h>
 #else
-#include "des.h"
+#include <openssl/des.h>
 #endif
 
 /* show how stream ciphers are not very good.  The mac has no affect
diff --git a/lib/libssl/src/bugs/ultrixcc.c b/lib/libssl/src/bugs/ultrixcc.c
new file mode 100644
index 00000000000..7ba75b140f1
--- /dev/null
+++ b/lib/libssl/src/bugs/ultrixcc.c
@@ -0,0 +1,45 @@
+#include <stdio.h>
+
+/* This is a cc optimiser bug for ultrix 4.3, mips CPU.
+ * What happens is that the compiler, due to the (a)&7,
+ * does
+ * i=a&7;
+ * i--;
+ * i*=4;
+ * Then uses i as the offset into a jump table.
+ * The problem is that a value of 0 generates an offset of
+ * 0xfffffffc.
+ */
+
+main()
+	{
+	f(5);
+	f(0);
+	}
+
+int f(a)
+int a;
+	{
+	switch(a&7)
+		{
+	case 7:
+		printf("7\n");
+	case 6:
+		printf("6\n");
+	case 5:
+		printf("5\n");
+	case 4:
+		printf("4\n");
+	case 3:
+		printf("3\n");
+	case 2:
+		printf("2\n");
+	case 1:
+		printf("1\n");
+#ifdef FIX_BUG
+	case 0:
+		;
+#endif
+		}
+	}	
+
diff --git a/lib/libssl/src/certs/vsign1.pem b/lib/libssl/src/certs/vsign1.pem
index 08c70f26742..277894d1ff1 100644
--- a/lib/libssl/src/certs/vsign1.pem
+++ b/lib/libssl/src/certs/vsign1.pem
@@ -1,15 +1,17 @@
+subject=/C=US/O=VeriSign, Inc./OU=Class 1 Public Primary Certification Authority
+notBefore=Jan 29 00:00:00 1996 GMT
+notAfter=Jan  7 23:59:59 2020 GMT
 -----BEGIN CERTIFICATE-----
-MIAwgKADAgECAgEAMA0GCSqGSIb3DQEBBAUAMGIxETAPBgNVBAcTCEludGVybmV0
-MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh
-c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw05NjA0MDgxMDIwMjda
-Fw05NzA0MDgxMDIwMjdaMGIxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5W
-ZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIElu
-ZGl2aWR1YWwgU3Vic2NyaWJlcjCAMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2
-FKbPTdAFDdjKI9BvqrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7j
-W80GqLd5HUQq7XPysVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cari
-QPJUObwW7s987LrbP2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABAAAAADANBgkqhkiG
-9w0BAQQFAAOBgQA+1nJryNt8VBRjRr07ArDAV/3jAH7GjDc9jsrxZS68ost9v06C
-TvTNKGL+LISNmFLXl+JXhgGB0JZ9fvyYzNgHQ46HBUng1H6voalfJgS2KdEo50wW
-8EFZYMDkT1k4uynwJqkVN2QJK/2q4/A/VCov5h6SlM8Affg2W+1TLqvqkwAA
+MIICPDCCAaUCEDJQM89Q0VbzXIGtZVxPyCUwDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
+cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
+MDEyOTAwMDAwMFoXDTIwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
+BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt
+YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f
+zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi
+TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G
+CSqGSIb3DQEBAgUAA4GBAEtEZmBoZOSYG/OwcuaViXzde7OVwB0u2NgZ0C00PcZQ
+mhCGjKo/O6gE/DdSlcPZydvN8oYGxLEb8IKIMEKOF1AcZHq4PplJdJf8rAJD+5YM
+VgQlDHx8h50kp9jwMim1pN9dokzFFjKoQvZFprY2ueC/ZTaTwtLXa9zeWdaiNfhF
 -----END CERTIFICATE-----
-
diff --git a/lib/libssl/src/certs/vsign2.pem b/lib/libssl/src/certs/vsign2.pem
index 2386e149d0b..d8bdd8c812f 100644
--- a/lib/libssl/src/certs/vsign2.pem
+++ b/lib/libssl/src/certs/vsign2.pem
@@ -1,31 +1,18 @@
- subject=/L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
- issuer= /L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
-
+subject=/C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority
+notBefore=Jan 29 00:00:00 1996 GMT
+notAfter=Jan  7 23:59:59 2004 GMT
 -----BEGIN CERTIFICATE-----
-MIIEkzCCA/ygAwIBAgIRANDTUpSRL3nTFeMrMayFSPAwDQYJKoZIhvcNAQECBQAw
-YjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQw
-MgYDVQQLEytWZXJpU2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3Jp
-YmVyMB4XDTk2MDYwNDAwMDAwMFoXDTk4MDYwNDIzNTk1OVowYjERMA8GA1UEBxMI
-SW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJp
-U2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMIGfMA0GCSqG
-SIb3DQEBAQUAA4GNADCBiQKBgQC6A+2czKGRcYMfm8gdnk+0de99TDDzsqo0v5nb
-RsbUmMcdRQ7nsMbRWe0SAb/9QoLTZ/cJ0iOBqdrkz7UpqqKarVoTSdlSMVM92tWp
-3bJncZHQD1t4xd6lQVdI1/T6R+5J0T1ukOdsI9Jmf+F28S6g3R3L1SFwiHKeZKZv
-z+793wIDAQABo4ICRzCCAkMwggIpBgNVHQMBAf8EggIdMIICGTCCAhUwggIRBgtg
-hkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0ZXMg
-YnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0IHRv
-LCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQg
-KENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQ
-Uy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBv
-ciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1v
-dW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04ODMw
-IENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0cyBS
-ZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJQUJJ
-TElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQECMC8w
-LRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMDAU
-BglghkgBhvhCAQEBAf8EBAMCAgQwDQYJKoZIhvcNAQECBQADgYEApRJRkNBqLLgs
-53IR/d18ODdLOWMTZ+QOOxBrq460iBEdUwgF8vmPRX1ku7UiDeNzaLlurE6eFqHq
-2zPyK5j60zfTLVJMWKcQWwTJLjHtXrW8pxhNtFc6Fdvy5ZkHnC/9NIl7/t4U6WqB
-p4y+p7SdMIkEwIZfds0VbnQyX5MRUJY=
+MIICPTCCAaYCEQC6WslMBTuS1qe2307QU5INMA0GCSqGSIb3DQEBAgUAMF8xCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh
+c3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05
+NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD
+VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMiBQdWJsaWMgUHJp
+bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB
+jQAwgYkCgYEAtlqLow1qI4OAa885h/QhEzMGTCWi7VUSl8WngLn6g8EgoPovFQ18
+oWBrfnks+gYPOq72G2+x0v8vKFJfg31LxHq3+GYfgFT8t8KOWUoUV0bRmpO+QZED
+uxWAk1zr58wIbD8+s0r8/0tsI9VQgiZEGY4jw3HqGSRHBJ51v8imAB8CAwEAATAN
+BgkqhkiG9w0BAQIFAAOBgQC2AB+TV6QHp0DOZUA/VV7t7/pUSaUw1iF8YYfug5ML
+v7Qz8pisnwa/TqjOFIFMywROWMPPX+5815pvy0GKt3+BuP+EYcYnQ2UdDOyxAArd
+G6S7x3ggKLKi3TaVLuFUT79guXdoEZkj6OpS6KoATmdOu5C1RZtG644W78QzWzM9
+1Q==
 -----END CERTIFICATE-----
-
diff --git a/lib/libssl/src/certs/vsign3.pem b/lib/libssl/src/certs/vsign3.pem
index e6e31879c1c..aa5bb4c1f32 100644
--- a/lib/libssl/src/certs/vsign3.pem
+++ b/lib/libssl/src/certs/vsign3.pem
@@ -1,16 +1,18 @@
- subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
- issuer= /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
+subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
+notBefore=Jan 29 00:00:00 1996 GMT
+notAfter=Jan  7 23:59:59 2004 GMT
 -----BEGIN CERTIFICATE-----
-MIICMTCCAZoCBQKhAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
-FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMg
-UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
-Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
-biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
-Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyVxZ
-nvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqoRAWq7AMfeH+ek7ma
-AKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4rCNfcCk2pMmG57Ga
-IMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATANBgkqhkiG9w0BAQIF
-AAOBgQB1Zmw+0c2B27X4LzZRtvdCvM1Cr9wO+hVs+GeTVzrrtpLotgHKjLeOQ7RJ
-Zfk+7r11Ri7J/CVdqMcvi5uPaM+0nJcYwE3vH9mvgrPmZLiEXIqaB1JDYft0nls6
-NvxMsvwaPxUupVs8G5DsiCnkWRb5zget7Ond2tIxik/W2O8XjQ==
+MIICPTCCAaYCEQDknv3zOugOz6URPhmkJAIyMA0GCSqGSIb3DQEBAgUAMF8xCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh
+c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05
+NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD
+VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp
+bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB
+jQAwgYkCgYEAyVxZnvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqo
+RAWq7AMfeH+ek7maAKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4
+rCNfcCk2pMmG57GaIMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATAN
+BgkqhkiG9w0BAQIFAAOBgQBhcOwvP579K+ZoVCGwZ3kIDCCWMYoNer62Jt95LCJp
+STbjl3diYaIy13pUITa6Ask05yXaRDWw0lyAXbOU+Pms7qRgdSoflUkjsUp89LNH
+ciFbfperVKxi513srpvSybIk+4Kt6WcVS7qqpvCXoPawl1cAyAw8CaCCBLpB2veZ
+pA==
 -----END CERTIFICATE-----
diff --git a/lib/libssl/src/certs/vsign4.pem b/lib/libssl/src/certs/vsign4.pem
deleted file mode 100644
index b5bcef4d0d7..00000000000
--- a/lib/libssl/src/certs/vsign4.pem
+++ /dev/null
@@ -1,16 +0,0 @@
- subject=/C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
- issuer= /C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
------BEGIN CERTIFICATE-----
-MIICMTCCAZoCBQKmAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
-FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMg
-UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
-Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
-biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
-Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LJ1
-9njQrlpQ9OlQqZ+M1++RlHDo0iSQdomF1t+s5gEXMoDwnZNHvJplnR+Xrr/phnVj
-IIm9gFidBAydqMEk6QvlMXi9/C0MN2qeeIDpRnX57aP7E3vIwUzSo+/1PLBij0pd
-O92VZ48TucE81qcmm+zDO3rZTbxtm+gVAePwR6kCAwEAATANBgkqhkiG9w0BAQIF
-AAOBgQBT3dPwnCR+QKri/AAa19oM/DJhuBUNlvP6Vxt/M3yv6ZiaYch6s7f/sdyZ
-g9ysEvxwyR84Qu1E9oAuW2szaayc01znX1oYx7EteQSWQZGZQbE8DbqEOcY7l/Am
-yY7uvcxClf8exwI/VAx49byqYHwCaejcrOICdmHEPgPq0ook0Q==
------END CERTIFICATE-----
diff --git a/lib/libssl/src/certs/vsignss.pem b/lib/libssl/src/certs/vsignss.pem
new file mode 100644
index 00000000000..5de48bfcf97
--- /dev/null
+++ b/lib/libssl/src/certs/vsignss.pem
@@ -0,0 +1,17 @@
+subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+notBefore=Nov  9 00:00:00 1994 GMT
+notAfter=Jan  7 23:59:59 2010 GMT
+-----BEGIN CERTIFICATE-----
+MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
+VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0
+MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV
+BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy
+dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ
+ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII
+0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI
+uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI
+hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3
+YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc
+1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA==
+-----END CERTIFICATE-----
diff --git a/lib/libssl/src/certs/vsigntca.pem b/lib/libssl/src/certs/vsigntca.pem
new file mode 100644
index 00000000000..05acf76e66c
--- /dev/null
+++ b/lib/libssl/src/certs/vsigntca.pem
@@ -0,0 +1,18 @@
+subject=/O=VeriSign, Inc/OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD./OU=For VeriSign authorized testing only. No assurances (C)VS1997
+notBefore=Mar  4 00:00:00 1997 GMT
+notAfter=Mar  4 23:59:59 2025 GMT
+-----BEGIN CERTIFICATE-----
+MIICTTCCAfcCEEdoCqpuXxnoK27q7d58Qc4wDQYJKoZIhvcNAQEEBQAwgakxFjAU
+BgNVBAoTDVZlcmlTaWduLCBJbmMxRzBFBgNVBAsTPnd3dy52ZXJpc2lnbi5jb20v
+cmVwb3NpdG9yeS9UZXN0Q1BTIEluY29ycC4gQnkgUmVmLiBMaWFiLiBMVEQuMUYw
+RAYDVQQLEz1Gb3IgVmVyaVNpZ24gYXV0aG9yaXplZCB0ZXN0aW5nIG9ubHkuIE5v
+IGFzc3VyYW5jZXMgKEMpVlMxOTk3MB4XDTk3MDMwNDAwMDAwMFoXDTI1MDMwNDIz
+NTk1OVowgakxFjAUBgNVBAoTDVZlcmlTaWduLCBJbmMxRzBFBgNVBAsTPnd3dy52
+ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9UZXN0Q1BTIEluY29ycC4gQnkgUmVmLiBM
+aWFiLiBMVEQuMUYwRAYDVQQLEz1Gb3IgVmVyaVNpZ24gYXV0aG9yaXplZCB0ZXN0
+aW5nIG9ubHkuIE5vIGFzc3VyYW5jZXMgKEMpVlMxOTk3MFwwDQYJKoZIhvcNAQEB
+BQADSwAwSAJBAMak6xImJx44jMKcbkACy5/CyMA2fqXK4PlzTtCxRq5tFkDzne7s
+cI8oFK/J+gFZNE3bjidDxf07O3JOYG9RGx8CAwEAATANBgkqhkiG9w0BAQQFAANB
+ADT523tENOKrEheZFpsJx1UUjPrG7TwYc/C4NBHrZI4gZJcKVFIfNulftVS6UMYW
+ToLEMaUojc3DuNXHG21PDG8=
+-----END CERTIFICATE-----
diff --git a/lib/libssl/src/config b/lib/libssl/src/config
index 7643930ee0d..93e2317c3f6 100644
--- a/lib/libssl/src/config
+++ b/lib/libssl/src/config
@@ -1,14 +1,11 @@
 #!/bin/sh
 #
-# config - this is a merge of minarch and GuessOS from the Apache Group
-#          which then automatically runs Configure from SSLeay after
-#	   mapping the Apache names for OSs into SSLeay names
+# OpenSSL config: determine the operating system and run ./Configure
 #
-# 16-Sep-97 tjh		first cut of merged version
-#
-# Tim Hudson
-# tjh@cryptsoft.com
+# "config -h" for usage information.
 #
+#          this is a merge of minarch and GuessOS from the Apache Group.
+#          Originally written by Tim Hudson <tjh@cryptsoft.com>.
 
 # Original Apache Group comments on GuessOS
 
@@ -30,7 +27,6 @@ RELEASE=`(uname -r) 2>/dev/null` || RELEASE="unknown"
 SYSTEM=`(uname -s) 2>/dev/null`  || SYSTEM="unknown"
 VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown"
 
-
 # Now test for ISC and SCO, since it is has a braindamaged uname.
 #
 # We need to work around FreeBSD 1.1.5.1 
@@ -86,8 +82,11 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
     HP-UX:*)
 	HPUXVER=`echo ${RELEASE}|sed -e 's/[^.]*.[0B]*//'`
 	case "$HPUXVER" in
+	    11.*)
+		echo "${MACHINE}-hp-hpux11"; exit 0
+		;;
 	    10.*)
-		echo "${MACHINE}-hp-hpux10."; exit 0
+		echo "${MACHINE}-hp-hpux10"; exit 0
 		;;
 	    *)
 		echo "${MACHINE}-hp-hpux"; exit 0
@@ -95,12 +94,16 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	esac
 	;;
 
-    IRIX:*)
-	echo "${MACHINE}-sgi-irix"; exit 0
+    IRIX:5.*)
+	echo "mips2-sgi-irix"; exit 0
+	;;
+
+    IRIX:6.*)
+	echo "mips3-sgi-irix"; exit 0
 	;;
 
     IRIX64:*)
-	echo "${MACHINE}-sgi-irix64"; exit 0
+	echo "mips4-sgi-irix64"; exit 0
 	;;
 
     Linux:[2-9].*)
@@ -115,24 +118,45 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "${MACHINE}-lynx-lynxos"; exit 0
 	;;
 
+    BSD/OS:4.*)  # BSD/OS always says 386
+	echo "i486-whatever-bsdi4"; exit 0
+	;;
+
     BSD/386:*:*:*486*|BSD/OS:*:*:*:*486*)
-	echo "i486-whatever-bsdi"; exit 0
+        case `/sbin/sysctl -n hw.model` in
+	    Pentium*)
+                echo "i586-whatever-bsdi"; exit 0
+                ;;
+            *)
+                echo "i386-whatever-bsdi"; exit 0
+                ;;
+            esac;
 	;;
 
     BSD/386:*|BSD/OS:*)
 	echo "${MACHINE}-whatever-bsdi"; exit 0
 	;;
 
-    FreeBSD:*:*:*486*)
-	echo "i486-whatever-freebsd"; exit 0
-	;;
-
     FreeBSD:*)
-	echo "${MACHINE}-whatever-freebsd"; exit 0
-	;;
-
-    NetBSD:*:*:*486*)
-	echo "i486-whatever-netbsd"; exit 0
+        VERS=`echo ${RELEASE} | sed -e 's/[-(].*//'`
+        MACH=`sysctl -n hw.model`
+        ARCH='whatever'
+        case ${MACH} in
+           *386*       ) MACH="i386"     ;;
+           *486*       ) MACH="i486"     ;;
+           Pentium\ II*) MACH="i686"     ;;
+           Pentium*    ) MACH="i586"     ;;
+           Alpha*      ) MACH="alpha"    ;;
+           *           ) MACH="$MACHINE" ;;
+        esac
+        case ${MACH} in
+           i[0-9]86 ) ARCH="pc" ;;
+        esac
+        echo "${MACH}-${ARCH}-freebsd${VERS}"; exit 0
+        ;;
+
+    NetBSD:*:*:*386*)
+        echo "`sysctl -n hw.model | sed 's,.*\(.\)86-class.*,i\186,'`-whateve\r-netbsd"; exit 0
 	;;
 
     NetBSD:*)
@@ -191,8 +215,12 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "${MACHINE}-unknown-ultrix"; exit 0
 	;;
 
-    SINIX*)
-	echo "${MACHINE}-sni-sysv4"; exit 0
+    SINIX*|ReliantUNIX*)
+	echo "${MACHINE}-siemens-sysv4"; exit 0
+	;;
+
+    POSIX-BC*)
+	echo "${MACHINE}-siemens-sysv4"; exit 0   # Here, $MACHINE == "BS2000"
 	;;
 
     machten:*)
@@ -225,6 +253,9 @@ fi
 # Now NeXT
 ISNEXT=`hostinfo 2>/dev/null`
 case "$ISNEXT" in
+    *'NeXT Mach 3.3'*)
+	echo "whatever-next-nextstep3.3"; exit 0
+	;;
     *NeXT*)
 	echo "whatever-next-nextstep"; exit 0
 	;;
@@ -233,7 +264,7 @@ esac
 # At this point we gone through all the one's
 # we know of: Punt
 
-echo "${MACHINE}-whatever-${SYSTEM}|${RELEASE}|${VERSION}" 
+echo "${MACHINE}-whatever-${SYSTEM}" 
 exit 0
 ) 2>/dev/null | (
 
@@ -243,7 +274,6 @@ exit 0
 
 PREFIX=""
 SUFFIX=""
-VERBOSE="false"
 TEST="false"
 
 # pick up any command line args to config
@@ -251,77 +281,226 @@ for i
 do
 case "$i" in 
 -d*) PREFIX="debug-";;
--v*) VERBOSE="true";;
--n*|-t*) TEST="true";;
+-t*) TEST="true";;
+-h*) TEST="true"; cat <<EOF
+Usage: config [options]
+ -d	Add a debug- prefix to machine choice.
+ -t	Test mode, do not run the Configure perl script.
+ -h	This help.
+
+Any other text will be passed to the Configure perl script.
+See INSTALL for instructions.
+
+EOF
+;;
+*) options=$options" $i" ;;
 esac
 done
 
 # figure out if gcc is available and if so we use it otherwise
 # we fallback to whatever cc does on the system
-GCCVER=`gcc -v 2>&1`
-if [ $? = "0" ]; then
+GCCVER=`(gcc --version) 2>/dev/null`
+if [ "$GCCVER" != "" ]; then
   CC=gcc
+  # then strip off whatever prefix Cygnus prepends the number with...
+  GCCVER=`echo $GCCVER | sed 's/^[a-z]*\-//'`
+  # peak single digit before and after first dot, e.g. 2.95.1 gives 29
+  GCCVER=`echo $GCCVER | sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/'`
 else
   CC=cc
 fi
 
+if [ "$SYSTEM" = "SunOS" ]; then
+  # assume output is "blah-blah C x.x"
+  CCVER=`(cc -V 2>&1) 2>/dev/null | \
+  	egrep -e '^cc: .* C [0-9]\.[0-9]' | \
+	sed 's/.* C \([0-9]\)\.\([0-9]\).*/\1\2/'`
+  CCVER=${CCVER:-0}
+  if [ $CCVER -gt 40 ]; then
+    CC=cc	# overrides gcc!!!
+    if [ $CCVER -eq 50 ]; then
+      echo "WARNING! Detected WorkShop C 5.0. Do make sure you have"
+      echo "         patch #107357-01 or later applied."
+      sleep 5
+    fi
+  elif [ "$CC" = "cc" -a $CCVER -gt 0 ]; then
+    CC=sc3
+  fi
+fi
+
+GCCVER=${GCCVER:-0}
+CCVER=${CCVER:-0}
+
 # read the output of the embedded GuessOS 
 read GUESSOS
 
-if [ "$VERBOSE" = "true" ]; then
-  echo GUESSOS $GUESSOS
-fi
+echo Operating system: $GUESSOS
 
 # now map the output into SSLeay terms ... really should hack into the
 # script above so we end up with values in vars but that would take
 # more time that I want to waste at the moment
 case "$GUESSOS" in
+  alpha-*-linux2) OUT="alpha-gcc" ;;
+  ppc-*-linux2) OUT="linux-ppc" ;;
+  mips-*-linux?) OUT="linux-mips" ;;
+  mips2-sgi-irix)
+	CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+	CPU=${CPU:-0}
+	if [ $CPU -ge 4000 ]; then
+		options="$options -mips2"
+	fi
+	OUT="irix-$CC"
+	;;
+  mips3-sgi-irix)
+	CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+	CPU=${CPU:-0}
+	if [ $CPU -ge 5000 ]; then
+		options="$options -mips4"
+	else
+		options="$options -mips3"
+	fi
+	OUT="irix-mips3-$CC"
+	;;
+  mips4-sgi-irix64)
+	echo "WARNING! If you wish to build 64-bit library, then you have to"
+	echo "         invoke './Configre irix64-mips4-$CC' *manually*."
+	echo "         Type Ctrl-C if you don't want to continue."
+	read waste < /dev/tty
+	options="$options -mips4"
+	OUT="irix-mips3-$CC"
+	;;
+  sparc64-*-linux2)
+	#Before we can uncomment following lines we have to wait at least
+	#till 64-bit glibc for SPARC is operational:-(
+	#echo "WARNING! If you wish to build 64-bit library, then you have to"
+	#echo "         invoke './Configure linux64-sparcv9' *manually*."
+	#echo "         Type Ctrl-C if you don't want to continue."
+	#read waste < /dev/tty
+	OUT="linux-sparcv9" ;;
+  sparc-*-linux2)
+	KARCH=`awk '/type/{print$3}' /proc/cpuinfo`
+	case ${KARCH:-sun4} in
+	sun4u*)	OUT="linux-sparcv9" ;;
+	sun4m)	OUT="linux-sparcv8" ;;
+	sun4d)	OUT="linux-sparcv8" ;;
+	*)	OUT="linux-sparcv7" ;;
+	esac ;;
   *-*-linux2) OUT="linux-elf" ;;
-  *-*-linux) OUT="linux-aout" ;;
-  sun4*-sun-solaris2) OUT="solaris-sparc-$CC" ;;
+  *-*-linux1) OUT="linux-aout" ;;
+  sun4u*-sun-solaris2)
+	ISA64=`(isalist) 2>/dev/null | grep sparcv9`
+	if [ "$ISA64" != "" -a "$CC" = "cc" -a $CCVER -ge 50 ]; then
+		echo "WARNING! If you wish to build 64-bit library, then you have to"
+		echo "         invoke './Configure solaris64-sparcv9-cc' *manually*."
+		echo "         Type Ctrl-C if you don't want to continue."
+		read waste < /dev/tty
+	fi
+	OUT="solaris-sparcv9-$CC" ;;
+  sun4m-sun-solaris2)	OUT="solaris-sparcv8-$CC" ;;
+  sun4d-sun-solaris2)	OUT="solaris-sparcv8-$CC" ;;
+  sun4*-sun-solaris2)	OUT="solaris-sparcv7-$CC" ;;
   *86*-sun-solaris2) OUT="solaris-x86-$CC" ;;
   *-*-sunos4) OUT="sunos-$CC" ;;
-  *-freebsd) OUT="FreeBSD" ;;
+  alpha*-*-freebsd*) OUT="FreeBSD-alpha" ;;
+  *-freebsd[3-9]*) OUT="FreeBSD-elf" ;;
+  *-freebsd[1-2]*) OUT="FreeBSD" ;;
   *86*-*-netbsd) OUT="NetBSD-x86" ;;
   sun3*-*-netbsd) OUT="NetBSD-m68" ;;
   *-*-netbsd) OUT="NetBSD-sparc" ;;
   *86*-*-openbsd) OUT="OpenBSD-x86" ;;
   alpha*-*-openbsd) OUT="OpenBSD-alpha" ;;
-  *-*-openbsd) OUT="OpenBSD-bigendian" ;;
-  *-*-osf) OUT="alpha-$CC" ;;
+  pmax*-*-openbsd) OUT="OpenBSD-mips" ;;
+  *-*-openbsd) OUT="OpenBSD" ;;
+  *86*-*-bsdi4) OUT="bsdi-elf-gcc" ;;
+  *-*-osf) OUT="alpha-cc" ;;
   *-*-unixware*) OUT="unixware-2.0" ;;
-  *-sni-sysv4) OUT="SINIX" ;;
+  BS2000-siemens-sysv4) OUT="BS2000-OSD" ;;
+  RM*-siemens-sysv4) OUT="ReliantUNIX" ;;
+  *-siemens-sysv4) OUT="SINIX" ;;
   # these are all covered by the catchall below
-  # *-hpux) OUT="hpux-$CC" ;;
+  # *-hpux*) OUT="hpux-$CC" ;;
   # *-aix) OUT="aix-$CC" ;;
   # *-dgux) OUT="dgux" ;;
   *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
 esac
 
+# gcc < 2.8 does not support -mcpu=ultrasparc
+if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
+then
+  echo "WARNING! Do consider upgrading to gcc-2.8 or later."
+  sleep 5
+  OUT=solaris-sparcv9-gcc27
+fi
+if [ "$OUT" = "linux-sparcv9" -a $GCCVER -lt 28 ]
+then
+  echo "WARNING! Falling down to 'linux-sparcv8'."
+  echo "         Upgrade to gcc-2.8 or later."
+  sleep 5
+  OUT=linux-sparcv8
+fi
+
+case "$GUESSOS" in
+  i386-*) options="$options 386" ;;
+esac
+
+for i in bf cast des dh dsa hmac md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa sha
+do
+  if [ ! -d crypto/$i ]
+  then
+    options="$options no-$i"
+  fi
+done
+
 if [ -z "$OUT" ]; then
   OUT="$CC"
 fi
 
+if [ ".$PERL" = . ] ; then
+	for i in . `echo $PATH | sed 's/:/ /g'`; do
+		if [ -f "$i/perl5" ] ; then
+			PERL="$i/perl5"
+			break;
+		fi;
+	done
+fi
+
+if [ ".$PERL" = . ] ; then
+	for i in . `echo $PATH | sed 's/:/ /g'`; do
+		if [ -f "$i/perl" ] ; then
+			if "$i/perl" -e 'exit($]<5.0)'; then
+				PERL="$i/perl"
+				break;
+			fi;
+		fi;
+	done
+fi
+
+if [ ".$PERL" = . ] ; then
+	echo "You need Perl 5."
+	exit 1
+fi
+
 # run Configure to check to see if we need to specify the 
 # compiler for the platform ... in which case we add it on
 # the end ... otherwise we leave it off
-./Configure 2>&1 | grep '$OUT-$CC' > /dev/null
+
+$PERL ./Configure 2>&1 | grep "$OUT-$CC" > /dev/null
 if [ $? = "0" ]; then
   OUT="$OUT-$CC"
 fi
 
 OUT="$PREFIX$OUT"
 
-# at this point we have the answer ... which we could check again
-# and then fallback to a vanilla SSLeay build but then this script
-# wouldn't get updated
-echo Configuring for $OUT
+$PERL ./Configure 2>&1 | grep "$OUT" > /dev/null
+if [ $? = "0" ]; then
+  echo Configuring for $OUT
 
-if [ "$TEST" = "true" ]; then
-  echo ./Configure -DNO_IDEA $OUT
+  if [ "$TEST" = "true" ]; then
+    echo $PERL ./Configure $OUT $options
+  else
+    $PERL ./Configure $OUT $options
+  fi
 else
-  ./Configure -DNO_IDEA $OUT
+  echo "This system ($OUT) is not supported. See file INSTALL for details."
 fi
-
 )
-
diff --git a/lib/libssl/src/crypto/Makefile b/lib/libssl/src/crypto/Makefile
index eb49323ad52..37aaac15280 100644
--- a/lib/libssl/src/crypto/Makefile
+++ b/lib/libssl/src/crypto/Makefile
@@ -1,133 +1,179 @@
-LIB=	crypto
-CFLAGS+= -DNO_IDEA -DTERMIOS -DL_ENDIAN -DANSI_SOURCE 
-CFLAGS+= -I${.CURDIR}/../include
-SRCS+=	cryptlib.c mem.c cversion.c ex_data.c cpt_err.c			
-CFLAGS+= -I${.CURDIR}/md2
-SRCS+=	md2_dgst.c md2_one.c 					
-CFLAGS+= -I${.CURDIR}/md5
-SRCS+=	md5_dgst.c md5_one.c 					
-CFLAGS+= -I${.CURDIR}/sha
-SRCS+=	sha_dgst.c sha1dgst.c sha_one.c sha1_one.c	
-CFLAGS+= -I${.CURDIR}/mdc2
-SRCS+=	mdc2dgst.c mdc2_one.c					
-CFLAGS+= -I${.CURDIR}/hmac
-SRCS+=	hmac.c							
-CFLAGS+= -I${.CURDIR}/ripemd
-SRCS+=	rmd_dgst.c rmd_one.c				
-CFLAGS+= -I${.CURDIR}/des
-SRCS+=	set_key.c ecb_enc.c cbc_enc.c ecb3_enc.c 	
-SRCS+=	cfb64enc.c cfb64ede.c cfb_enc.c ofb64ede.c 	
-SRCS+=	enc_read.c enc_writ.c ofb64enc.c ofb_enc.c 	
-SRCS+=	str2key.c pcbc_enc.c qud_cksm.c rand_key.c	
-SRCS+=	read2pwd.c fcrypt.c xcbc_enc.c read_pwd.c	
-SRCS+=	rpc_enc.c cbc_cksm.c supp.c				
-CFLAGS+= -I${.CURDIR}/rc2
-SRCS+=	rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c 	
-SRCS+=	rc2ofb64.c							
-CFLAGS+= -I${.CURDIR}/rc4
-SRCS+=	rc4_skey.c							
-CFLAGS+= -I${.CURDIR}/rc5
-SRCS+=	rc5_skey.c rc5_ecb.c rc5cfb64.c rc5cfb64.c 	
-SRCS+=	rc5ofb64.c							
-CFLAGS+= -I${.CURDIR}/idea
-SRCS+=	i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c		
-SRCS+=	i_skey.c							
-CFLAGS+= -I${.CURDIR}/bf
-SRCS+=	bf_skey.c bf_ecb.c bf_cfb64.c bf_ofb64.c		
-CFLAGS+= -I${.CURDIR}/cast
-SRCS+=	c_skey.c c_ecb.c c_cfb64.c c_ofb64.c	
-CFLAGS+= -I${.CURDIR}/bn
-SRCS+=	bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mod.c	
-SRCS+=	bn_mul.c bn_print.c bn_rand.c bn_shift.c bn_sub.c
-SRCS+=	bn_word.c bn_blind.c bn_gcd.c bn_prime.c bn_err.c
-SRCS+=	bn_sqr.c bn_recp.c bn_mont.c bn_mpi.c		
-CFLAGS+= -I${.CURDIR}/rsa
-SRCS+=	rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c 	
-SRCS+=	rsa_saos.c rsa_err.c rsa_pk1.c rsa_ssl.c 	
-SRCS+=	rsa_none.c							
-CFLAGS+= -I${.CURDIR}/dsa
-SRCS+=	dsa_gen.c dsa_key.c dsa_lib.c dsa_vrf.c 	
-SRCS+=	dsa_sign.c dsa_err.c 					
-CFLAGS+= -I${.CURDIR}/dh
-SRCS+=	dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c	
-CFLAGS+= -I${.CURDIR}/buffer
-SRCS+=	buffer.c buf_err.c				
-CFLAGS+= -I${.CURDIR}/bio
-SRCS+=	bio_lib.c bio_cb.c bio_err.c bss_mem.c 		
-SRCS+=	bss_null.c bss_fd.c bss_file.c bss_sock.c	
-SRCS+=	bss_conn.c bf_null.c bf_buff.c 
-SRCS+=	b_print.c b_dump.c b_sock.c bss_acpt.c 		
-SRCS+=	bf_nbio.c							
-CFLAGS+= -I${.CURDIR}/stack
-SRCS+=	stack.c							
-CFLAGS+= -I${.CURDIR}/lhash
-SRCS+=	lhash.c lh_stats.c					
-CFLAGS+= -I${.CURDIR}/rand
-SRCS+=	md_rand.c randfile.c					
-CFLAGS+= -I${.CURDIR}/err
-SRCS+=	err.c err_all.c err_prn.c				
-CFLAGS+= -I${.CURDIR}/objects
-SRCS+=	obj_dat.c obj_lib.c obj_err.c
-CFLAGS+= -I${.CURDIR}/evp
-SRCS+=	encode.c digest.c evp_enc.c evp_key.c 		
-SRCS+=	e_ecb_d.c e_cbc_d.c e_cfb_d.c e_ofb_d.c		
-SRCS+=	e_ecb_i.c e_cbc_i.c e_cfb_i.c e_ofb_i.c		
-SRCS+=	e_ecb_3d.c e_cbc_3d.c e_rc4.c names.c		
-SRCS+=	e_cfb_3d.c e_ofb_3d.c e_xcbc_d.c e_ecb_r2.c	
-SRCS+=	e_cbc_r2.c e_cfb_r2.c e_ofb_r2.c e_ecb_bf.c	
-SRCS+=	e_cbc_bf.c e_cfb_bf.c e_ofb_bf.c e_ecb_c.c	
-SRCS+=	e_cbc_c.c e_cfb_c.c e_ofb_c.c e_ecb_r5.c	
-SRCS+=	e_cbc_r5.c e_cfb_r5.c e_ofb_r5.c m_null.c	
-SRCS+=	m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c	
-SRCS+=	m_dss1.c m_mdc2.c m_ripemd.c p_open.c 		
-SRCS+=	p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c
-SRCS+=	p_dec.c bio_md.c bio_b64.c bio_enc.c		
-SRCS+=	evp_err.c e_null.c c_all.c evp_lib.c
-CFLAGS+= -I${.CURDIR}/pem
-SRCS+=	pem_sign.c pem_seal.c pem_info.c pem_lib.c	
-SRCS+=	pem_all.c pem_err.c					
-CFLAGS+= -I${.CURDIR}/asn1
-SRCS+=	a_object.c a_bitstr.c a_utctm.c a_int.c	
-SRCS+=	a_octet.c a_print.c a_type.c a_set.c	
-SRCS+=	a_dup.c a_d2i_fp.c a_i2d_fp.c a_sign.c	
-SRCS+=	a_digest.c a_verify.c x_algor.c x_val.c	
-SRCS+=	x_pubkey.c x_sig.c x_req.c x_attrib.c	
-SRCS+=	x_name.c x_cinf.c x_x509.c x_crl.c		
-SRCS+=	x_info.c x_spki.c d2i_r_pr.c i2d_r_pr.c	
-SRCS+=	d2i_r_pu.c i2d_r_pu.c d2i_s_pr.c i2d_s_pr.c	
-SRCS+=	d2i_s_pu.c i2d_s_pu.c d2i_pu.c d2i_pr.c 	
-SRCS+=	i2d_pu.c i2d_pr.c t_req.c t_x509.c 		
-SRCS+=	t_pkey.c p7_i_s.c p7_signi.c p7_signd.c	
-SRCS+=	p7_recip.c p7_enc_c.c p7_evp.c p7_dgst.c	
-SRCS+=	p7_s_e.c p7_enc.c p7_lib.c f_int.c 		
-SRCS+=	f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c	
-SRCS+=	d2i_dsap.c n_pkey.c a_hdr.c x_pkey.c 	
-SRCS+=	a_bool.c x_exten.c asn1_par.c asn1_lib.c	
-SRCS+=	asn1_err.c a_meth.c a_bytes.c evp_asn1.c	
-CFLAGS+= -I${.CURDIR}/x509
-SRCS+=	x509_def.c x509_d2.c x509_r2x.c x509_cmp.c	
-SRCS+=	x509_obj.c x509_req.c x509_vfy.c x509_set.c	
-SRCS+=	x509rset.c x509_err.c x509name.c x509_v3.c	
-SRCS+=	x509_ext.c x509pack.c x509type.c x509_lu.c	
-SRCS+=	x_all.c x509_txt.c by_file.c by_dir.c	
-SRCS+=	v3_net.c v3_x509.c					
-CFLAGS+= -I${.CURDIR}/conf
-SRCS+=	conf.c conf_err.c					
-CFLAGS+= -I${.CURDIR}/txt_db
-SRCS+=	txt_db.c							
-CFLAGS+= -I${.CURDIR}/pkcs7
-SRCS+=	pk7_lib.c pkcs7err.c pk7_doit.c
-
-.PATH:	${.CURDIR}/md2 ${.CURDIR}/md5 ${.CURDIR}/sha ${.CURDIR}/mdc2	\
-	${.CURDIR}/hmac ${.CURDIR}/ripemd ${.CURDIR}/des  ${.CURDIR}/rc2 \
-	${.CURDIR}/rc4 ${.CURDIR}/rc5 ${.CURDIR}/idea ${.CURDIR}/bf    \
-	${.CURDIR}/cast ${.CURDIR}/bn  ${.CURDIR}/rsa ${.CURDIR}/dsa   \
-	${.CURDIR}/dh ${.CURDIR}/buffer ${.CURDIR}/bio ${.CURDIR}/stack \
-   	${.CURDIR}/lhash ${.CURDIR}/rand ${.CURDIR}/err ${.CURDIR}/objects \
-	${.CURDIR}/evp ${.CURDIR}/pem ${.CURDIR}/asn1  ${.CURDIR}/asn1 \
-	${.CURDIR}/x509 ${.CURDIR}/conf txt_db/txt_db.c ${.CURDIR}/pkcs7 \
-	${.CURDIR}/txt_db
-
-.include <bsd.lib.mk>
+#
+# SSLeay/crypto/Makefile
+#
 
+DIR=		crypto
+TOP=		..
+CC=		cc
+INCLUDE=	-I. -I../include
+INCLUDES=	-I.. -I../../include
+CFLAG=		-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=	/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEFILE=       Makefile.ssl
+RM=             rm -f
+AR=		ar r
 
+PEX_LIBS=
+EX_LIBS=
+ 
+CFLAGS= $(INCLUDE) $(CFLAG)
+
+
+LIBS=
+
+SDIRS=	md2 md5 sha mdc2 hmac ripemd \
+	des rc2 rc4 rc5 idea bf cast \
+	bn rsa dsa dh \
+	buffer bio stack lhash rand err objects \
+	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
+
+GENERAL=Makefile README crypto-lib.com install.com
+
+LIB= $(TOP)/libcrypto.a
+LIBSRC=	cryptlib.c mem.c cversion.c ex_data.c tmdiff.c cpt_err.c
+LIBOBJ= cryptlib.o mem.o cversion.o ex_data.o tmdiff.o cpt_err.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h
+HEADER=	cryptlib.h buildinf.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	@(cd ..; $(MAKE) DIRS=$(DIR) all)
+
+all: buildinf.h lib subdirs
+
+buildinf.h: ../Makefile.ssl
+	( echo "#ifndef MK1MF_BUILD"; \
+	echo "  /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */"; \
+	echo "  #define CFLAGS \"$(CC) $(CFLAG)\""; \
+	echo "  #define PLATFORM \"$(PLATFORM)\""; \
+	echo "  #define DATE \"`date`\""; \
+	echo "#endif" ) >buildinf.h
+
+subdirs:
+	@for i in $(SDIRS) ;\
+	do \
+	(cd $$i && echo "making all in crypto/$$i..." && \
+	$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
+	done;
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	@for i in $(SDIRS) ;\
+	do \
+	(cd $$i; echo "making 'files' in crypto/$$i..."; \
+	$(MAKE) PERL='${PERL}' files ); \
+	done;
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@for i in $(SDIRS); do \
+	(cd $$i; echo "making links in crypto/$$i..."; \
+	$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PERL='${PERL}' links ); \
+	done;
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+libs:
+	@for i in $(SDIRS) ;\
+	do \
+	(cd $$i; echo "making libs in crypto/$$i..."; \
+	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' lib ); \
+	done;
+
+tests:
+	@for i in $(SDIRS) ;\
+	do \
+	(cd $$i; echo "making tests in crypto/$$i..."; \
+	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' tests ); \
+	done;
+
+install:
+	@for i in $(EXHEADER) ;\
+	do \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+	@for i in $(SDIRS) ;\
+	do \
+	(cd $$i; echo "making install in crypto/$$i..."; \
+	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}'  INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' install ); \
+	done;
+
+lint:
+	@for i in $(SDIRS) ;\
+	do \
+	(cd $$i; echo "making lint in crypto/$$i..."; \
+	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' lint ); \
+	done;
+
+depend:
+	if [ ! -e buildinf.h ]; then touch buildinf.h; fi # fake buildinf.h if it does not exist
+	$(MAKEDEPEND) $(INCLUDE) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	if [ ! -s buildinf.h ]; then rm buildinf.h; fi
+	@for i in $(SDIRS) ;\
+	do \
+	(cd $$i; echo "making depend in crypto/$$i..."; \
+	$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' DEPFLAG='${DEPFLAG}' depend ); \
+	done;
+
+clean:
+	rm -f buildinf.h *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+	@for i in $(SDIRS) ;\
+	do \
+	(cd $$i; echo "making clean in crypto/$$i..."; \
+	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' clean ); \
+	done;
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+	@for i in $(SDIRS) ;\
+	do \
+	(cd $$i; echo "making dclean in crypto/$$i..."; \
+	$(MAKE) PERL='${PERL}' CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' dclean ); \
+	done;
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+cpt_err.o: ../include/openssl/crypto.h ../include/openssl/err.h
+cpt_err.o: ../include/openssl/opensslv.h ../include/openssl/stack.h
+cryptlib.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+cryptlib.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+cryptlib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+cryptlib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+cryptlib.o: ../include/openssl/stack.h cryptlib.h
+cversion.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+cversion.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+cversion.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+cversion.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+cversion.o: ../include/openssl/stack.h buildinf.h cryptlib.h
+ex_data.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+ex_data.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ex_data.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+ex_data.o: ../include/openssl/opensslv.h ../include/openssl/stack.h cryptlib.h
+mem.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+mem.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+mem.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+mem.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+mem.o: ../include/openssl/opensslv.h ../include/openssl/stack.h cryptlib.h
+tmdiff.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+tmdiff.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+tmdiff.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+tmdiff.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+tmdiff.o: ../include/openssl/stack.h ../include/openssl/tmdiff.h cryptlib.h
diff --git a/lib/libssl/src/crypto/Makefile.ssl b/lib/libssl/src/crypto/Makefile.ssl
index efdbba38aca..37aaac15280 100644
--- a/lib/libssl/src/crypto/Makefile.ssl
+++ b/lib/libssl/src/crypto/Makefile.ssl
@@ -8,24 +8,20 @@ CC=		cc
 INCLUDE=	-I. -I../include
 INCLUDES=	-I.. -I../../include
 CFLAG=		-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=	/usr/local/ssl
 MAKE=           make -f Makefile.ssl
-MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=       Makefile.ssl
-RM=             /bin/rm -f
+RM=             rm -f
 AR=		ar r
 
-MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
-MAKEFILE=	Makefile.ssl
-
 PEX_LIBS=
 EX_LIBS=
  
-CFLAGS= $(INCLUDE) $(CFLAG) -DCFLAGS=" \"$(CC) $(CFLAG)\" "
+CFLAGS= $(INCLUDE) $(CFLAG)
 
-ERR=crypto
-ERRC=cpt_err
 
 LIBS=
 
@@ -33,129 +29,151 @@ SDIRS=	md2 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
 	bn rsa dsa dh \
 	buffer bio stack lhash rand err objects \
-	evp pem x509 \
-	asn1 conf txt_db pkcs7
+	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
 
-GENERAL=Makefile README
+GENERAL=Makefile README crypto-lib.com install.com
 
 LIB= $(TOP)/libcrypto.a
-LIBSRC=	cryptlib.c mem.c cversion.c ex_data.c $(ERRC).c
-LIBOBJ= cryptlib.o mem.o cversion.o ex_data.o $(ERRC).o
+LIBSRC=	cryptlib.c mem.c cversion.c ex_data.c tmdiff.c cpt_err.c
+LIBOBJ= cryptlib.o mem.o cversion.o ex_data.o tmdiff.o cpt_err.o
 
 SRC= $(LIBSRC)
 
-EXHEADER= crypto.h cryptall.h
-HEADER=	cryptlib.h date.h $(EXHEADER)
+EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h
+HEADER=	cryptlib.h buildinf.h $(EXHEADER)
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
 
 top:
 	@(cd ..; $(MAKE) DIRS=$(DIR) all)
 
-all: date.h lib subdirs
+all: buildinf.h lib subdirs
 
-date.h: ../Makefile.ssl ../VERSION
-	echo "#define DATE	\"`date`\"" >date.h
+buildinf.h: ../Makefile.ssl
+	( echo "#ifndef MK1MF_BUILD"; \
+	echo "  /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */"; \
+	echo "  #define CFLAGS \"$(CC) $(CFLAG)\""; \
+	echo "  #define PLATFORM \"$(PLATFORM)\""; \
+	echo "  #define DATE \"`date`\""; \
+	echo "#endif" ) >buildinf.h
 
 subdirs:
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i; echo "making all in $$i..."; \
-	$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_MULW='${BN_MULW}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' all ); \
+	(cd $$i && echo "making all in crypto/$$i..." && \
+	$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
 	done;
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i; echo "making 'files' in $$i..."; \
-	$(MAKE) files ); \
+	(cd $$i; echo "making 'files' in crypto/$$i..."; \
+	$(MAKE) PERL='${PERL}' files ); \
 	done;
 
 links:
-	/bin/rm -f Makefile 
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../include $(HEADER) ;
-	$(TOP)/util/mklink.sh ../test $(TEST) ;
-	$(TOP)/util/mklink.sh ../apps $(APPS) ;
-	$(TOP)/util/point.sh Makefile.ssl Makefile;
-	@for i in $(SDIRS) ;\
-	do \
-	(cd $$i; echo "making links in $$i..."; \
-	$(MAKE) links ); \
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@for i in $(SDIRS); do \
+	(cd $$i; echo "making links in crypto/$$i..."; \
+	$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PERL='${PERL}' links ); \
 	done;
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 	@touch lib
 
 libs:
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i; echo "making libs in $$i..."; \
-	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' lib ); \
+	(cd $$i; echo "making libs in crypto/$$i..."; \
+	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' lib ); \
 	done;
 
 tests:
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i; echo "making tests in $$i..."; \
+	(cd $$i; echo "making tests in crypto/$$i..."; \
 	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' tests ); \
 	done;
 
 install:
 	@for i in $(EXHEADER) ;\
 	do \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i; echo "making install in $$i..."; \
-	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' install ); \
+	(cd $$i; echo "making install in crypto/$$i..."; \
+	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}'  INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' install ); \
 	done;
 
 lint:
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i; echo "making lint in $$i..."; \
+	(cd $$i; echo "making lint in crypto/$$i..."; \
 	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' lint ); \
 	done;
 
 depend:
-	$(MAKEDEPEND) $(INCLUDE) $(PROGS) $(LIBSRC)
+	if [ ! -e buildinf.h ]; then touch buildinf.h; fi # fake buildinf.h if it does not exist
+	$(MAKEDEPEND) $(INCLUDE) $(DEPFLAG) $(PROGS) $(LIBSRC)
+	if [ ! -s buildinf.h ]; then rm buildinf.h; fi
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i; echo "making depend in $$i..."; \
-	$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' MAKEDEPEND='${MAKEDEPEND}' depend ); \
+	(cd $$i; echo "making depend in crypto/$$i..."; \
+	$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' DEPFLAG='${DEPFLAG}' depend ); \
 	done;
 
 clean:
-	/bin/rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+	rm -f buildinf.h *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i; echo "making clean in $$i..."; \
+	(cd $$i; echo "making clean in crypto/$$i..."; \
 	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' clean ); \
 	done;
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i; echo "making dclean in $$i..."; \
-	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' dclean ); \
-	done;
-
-errors:
-	perl ./err/err_code.pl -conf err/ssleay.ec *.c */*.c ../ssl/*.c ../rsaref/*.c
-	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl err/err_genc.pl -s $(ERR).h $(ERRC).c
-	@for i in $(SDIRS) ;\
-	do \
-	(cd $$i; echo "making errors in $$i..."; \
-	$(MAKE) errors ); \
+	(cd $$i; echo "making dclean in crypto/$$i..."; \
+	$(MAKE) PERL='${PERL}' CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' dclean ); \
 	done;
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+cpt_err.o: ../include/openssl/crypto.h ../include/openssl/err.h
+cpt_err.o: ../include/openssl/opensslv.h ../include/openssl/stack.h
+cryptlib.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+cryptlib.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+cryptlib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+cryptlib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+cryptlib.o: ../include/openssl/stack.h cryptlib.h
+cversion.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+cversion.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+cversion.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+cversion.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+cversion.o: ../include/openssl/stack.h buildinf.h cryptlib.h
+ex_data.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+ex_data.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ex_data.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+ex_data.o: ../include/openssl/opensslv.h ../include/openssl/stack.h cryptlib.h
+mem.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+mem.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+mem.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+mem.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+mem.o: ../include/openssl/opensslv.h ../include/openssl/stack.h cryptlib.h
+tmdiff.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+tmdiff.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+tmdiff.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+tmdiff.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+tmdiff.o: ../include/openssl/stack.h ../include/openssl/tmdiff.h cryptlib.h
diff --git a/lib/libssl/src/crypto/asn1/Makefile.ssl b/lib/libssl/src/crypto/asn1/Makefile.ssl
index 30751bd156a..541d1dac4a4 100644
--- a/lib/libssl/src/crypto/asn1/Makefile.ssl
+++ b/lib/libssl/src/crypto/asn1/Makefile.ssl
@@ -7,51 +7,51 @@ TOP=	../..
 CC=	cc
 INCLUDES= -I.. -I../../include
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
-ERR=asn1
-ERRC=asn1_err
 GENERAL=Makefile README
 TEST=
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=	a_object.c a_bitstr.c a_utctm.c a_int.c a_octet.c a_print.c \
-	a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c \
-	a_sign.c a_digest.c a_verify.c \
+LIBSRC=	a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
+	a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_bmp.c \
+	a_enum.c a_vis.c a_utf8.c a_sign.c a_digest.c a_verify.c \
 	x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c \
-	x_name.c x_cinf.c x_x509.c x_crl.c x_info.c x_spki.c \
+	x_name.c x_cinf.c x_x509.c x_crl.c x_info.c x_spki.c nsseq.c \
 	d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c \
 	d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c \
 	d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
-	t_req.c t_x509.c t_pkey.c \
+	t_req.c t_x509.c t_crl.c t_pkey.c \
 	p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c \
 	p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c \
 	f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c \
-	a_hdr.c x_pkey.c a_bool.c x_exten.c \
-	asn1_par.c asn1_lib.c $(ERRC).c a_meth.c a_bytes.c \
-	evp_asn1.c
-LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_int.o a_octet.o a_print.o \
-	a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o \
-	a_sign.o a_digest.o a_verify.o \
+	f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c \
+	asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c \
+	evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c
+LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
+	a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o a_bmp.o \
+	a_enum.o a_vis.o a_utf8.o a_sign.o a_digest.o a_verify.o \
 	x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o \
-	x_name.o x_cinf.o x_x509.o x_crl.o x_info.o x_spki.o \
+	x_name.o x_cinf.o x_x509.o x_crl.o x_info.o x_spki.o nsseq.o \
 	d2i_r_pr.o i2d_r_pr.o d2i_r_pu.o i2d_r_pu.o \
 	d2i_s_pr.o i2d_s_pr.o d2i_s_pu.o i2d_s_pu.o \
 	d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
-	t_req.o t_x509.o t_pkey.o \
+	t_req.o t_x509.o t_crl.o t_pkey.o \
 	p7_i_s.o p7_signi.o p7_signd.o p7_recip.o p7_enc_c.o p7_evp.o \
 	p7_dgst.o p7_s_e.o p7_enc.o p7_lib.o \
 	f_int.o f_string.o i2d_dhp.o i2d_dsap.o d2i_dhp.o d2i_dsap.o n_pkey.o \
-	a_hdr.o x_pkey.o a_bool.o x_exten.o \
-	asn1_par.o asn1_lib.o $(ERRC).o a_meth.o a_bytes.o \
-	evp_asn1.o
+	f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o \
+	asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o \
+	evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o
 
 SRC= $(LIBSRC)
 
@@ -75,24 +75,23 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -104,17 +103,988 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
-errors:
-	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+a_bitstr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_bitstr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_bitstr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_bitstr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_bitstr.o: ../../include/openssl/opensslconf.h
+a_bitstr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_bitstr.o: ../../include/openssl/stack.h ../cryptlib.h
+a_bmp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_bmp.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_bmp.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_bmp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_bmp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_bmp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_bmp.o: ../cryptlib.h
+a_bool.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_bool.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_bool.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_bool.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_bool.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_bool.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_bool.o: ../cryptlib.h
+a_bytes.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+a_bytes.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_bytes.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_bytes.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_bytes.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+a_bytes.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_bytes.o: ../../include/openssl/stack.h ../cryptlib.h
+a_d2i_fp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+a_d2i_fp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_d2i_fp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_d2i_fp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_d2i_fp.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+a_d2i_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_d2i_fp.o: ../../include/openssl/stack.h ../cryptlib.h
+a_digest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_digest.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+a_digest.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+a_digest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+a_digest.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+a_digest.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+a_digest.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+a_digest.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+a_digest.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+a_digest.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+a_digest.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+a_digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+a_digest.o: ../../include/openssl/stack.h ../cryptlib.h
+a_dup.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+a_dup.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_dup.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_dup.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_dup.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+a_dup.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_dup.o: ../../include/openssl/stack.h ../cryptlib.h
+a_enum.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_enum.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_enum.o: ../cryptlib.h
+a_gentm.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_gentm.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_gentm.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_gentm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_gentm.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_gentm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_gentm.o: ../cryptlib.h
+a_hdr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+a_hdr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_hdr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_hdr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_hdr.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+a_hdr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_hdr.o: ../../include/openssl/stack.h ../cryptlib.h
+a_i2d_fp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+a_i2d_fp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_i2d_fp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_i2d_fp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_i2d_fp.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+a_i2d_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_i2d_fp.o: ../../include/openssl/stack.h ../cryptlib.h
+a_int.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_int.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_int.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_int.o: ../cryptlib.h
+a_meth.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_meth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_meth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_meth.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_meth.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_meth.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_meth.o: ../cryptlib.h
+a_object.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_object.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_object.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_object.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_object.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_object.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_object.o: ../../include/openssl/stack.h ../cryptlib.h
+a_octet.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_octet.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_octet.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_octet.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_octet.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_octet.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_octet.o: ../cryptlib.h
+a_print.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_print.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_print.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_print.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_print.o: ../cryptlib.h
+a_set.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+a_set.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_set.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_set.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_set.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+a_set.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_set.o: ../../include/openssl/stack.h ../cryptlib.h
+a_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+a_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+a_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+a_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+a_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+a_sign.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+a_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+a_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+a_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+a_sign.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+a_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+a_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+a_sign.o: ../cryptlib.h
+a_time.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_time.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_time.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_time.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_time.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_time.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_time.o: ../cryptlib.h
+a_type.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+a_type.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_type.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_type.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_type.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+a_type.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+a_type.o: ../../include/openssl/stack.h ../cryptlib.h
+a_utctm.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_utctm.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_utctm.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_utctm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_utctm.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_utctm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_utctm.o: ../cryptlib.h
+a_utf8.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_utf8.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_utf8.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_utf8.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_utf8.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_utf8.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_utf8.o: ../cryptlib.h
+a_verify.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_verify.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+a_verify.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+a_verify.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+a_verify.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+a_verify.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+a_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+a_verify.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+a_verify.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+a_verify.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+a_verify.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+a_verify.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+a_verify.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+a_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+a_verify.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+a_verify.o: ../cryptlib.h
+a_vis.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_vis.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_vis.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+a_vis.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_vis.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_vis.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_vis.o: ../cryptlib.h
+asn1_err.o: ../../include/openssl/asn1.h ../../include/openssl/bn.h
+asn1_err.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+asn1_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn1_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+asn1_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+asn1_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+asn1_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+asn1_lib.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+asn1_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+asn1_lib.o: ../../include/openssl/stack.h ../cryptlib.h
+asn1_par.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+asn1_par.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+asn1_par.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+asn1_par.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+asn1_par.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+asn1_par.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+asn1_par.o: ../../include/openssl/stack.h ../cryptlib.h
+asn_pack.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+asn_pack.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+asn_pack.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+asn_pack.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+asn_pack.o: ../../include/openssl/opensslconf.h
+asn_pack.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+asn_pack.o: ../../include/openssl/stack.h ../cryptlib.h
+d2i_dhp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+d2i_dhp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+d2i_dhp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+d2i_dhp.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
+d2i_dhp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+d2i_dhp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+d2i_dhp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+d2i_dhp.o: ../../include/openssl/stack.h ../cryptlib.h
+d2i_dsap.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+d2i_dsap.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+d2i_dsap.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+d2i_dsap.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+d2i_dsap.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+d2i_dsap.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+d2i_dsap.o: ../../include/openssl/opensslconf.h
+d2i_dsap.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+d2i_dsap.o: ../../include/openssl/stack.h ../cryptlib.h
+d2i_pr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+d2i_pr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+d2i_pr.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+d2i_pr.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+d2i_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+d2i_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+d2i_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+d2i_pr.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+d2i_pr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+d2i_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+d2i_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+d2i_pr.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+d2i_pr.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+d2i_pr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+d2i_pr.o: ../../include/openssl/stack.h ../cryptlib.h
+d2i_pu.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+d2i_pu.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+d2i_pu.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+d2i_pu.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+d2i_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+d2i_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+d2i_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+d2i_pu.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+d2i_pu.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+d2i_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+d2i_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+d2i_pu.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+d2i_pu.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+d2i_pu.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+d2i_pu.o: ../../include/openssl/stack.h ../cryptlib.h
+d2i_r_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+d2i_r_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+d2i_r_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+d2i_r_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+d2i_r_pr.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+d2i_r_pr.o: ../../include/openssl/opensslconf.h
+d2i_r_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
+d2i_r_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+d2i_r_pr.o: ../cryptlib.h
+d2i_r_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+d2i_r_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+d2i_r_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+d2i_r_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+d2i_r_pu.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+d2i_r_pu.o: ../../include/openssl/opensslconf.h
+d2i_r_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
+d2i_r_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+d2i_r_pu.o: ../cryptlib.h
+d2i_s_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+d2i_s_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+d2i_s_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+d2i_s_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+d2i_s_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+d2i_s_pr.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+d2i_s_pr.o: ../../include/openssl/opensslconf.h
+d2i_s_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+d2i_s_pr.o: ../../include/openssl/stack.h ../cryptlib.h
+d2i_s_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+d2i_s_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+d2i_s_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+d2i_s_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+d2i_s_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+d2i_s_pu.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+d2i_s_pu.o: ../../include/openssl/opensslconf.h
+d2i_s_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+d2i_s_pu.o: ../../include/openssl/stack.h ../cryptlib.h
+evp_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+evp_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+evp_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+evp_asn1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+evp_asn1.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+evp_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+evp_asn1.o: ../../include/openssl/stack.h ../cryptlib.h
+f_enum.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+f_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+f_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+f_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+f_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+f_enum.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+f_enum.o: ../cryptlib.h
+f_int.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+f_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+f_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+f_int.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+f_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+f_int.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+f_int.o: ../cryptlib.h
+f_string.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+f_string.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+f_string.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+f_string.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+f_string.o: ../../include/openssl/opensslconf.h
+f_string.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+f_string.o: ../../include/openssl/stack.h ../cryptlib.h
+i2d_dhp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+i2d_dhp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+i2d_dhp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+i2d_dhp.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
+i2d_dhp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+i2d_dhp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+i2d_dhp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+i2d_dhp.o: ../cryptlib.h
+i2d_dsap.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+i2d_dsap.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+i2d_dsap.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+i2d_dsap.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+i2d_dsap.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+i2d_dsap.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+i2d_dsap.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+i2d_dsap.o: ../../include/openssl/stack.h ../cryptlib.h
+i2d_pr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+i2d_pr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+i2d_pr.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+i2d_pr.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+i2d_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+i2d_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+i2d_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+i2d_pr.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+i2d_pr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+i2d_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+i2d_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+i2d_pr.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+i2d_pr.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+i2d_pr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+i2d_pr.o: ../../include/openssl/stack.h ../cryptlib.h
+i2d_pu.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+i2d_pu.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+i2d_pu.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+i2d_pu.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+i2d_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+i2d_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+i2d_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+i2d_pu.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+i2d_pu.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+i2d_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+i2d_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+i2d_pu.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+i2d_pu.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+i2d_pu.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+i2d_pu.o: ../../include/openssl/stack.h ../cryptlib.h
+i2d_r_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+i2d_r_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+i2d_r_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+i2d_r_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+i2d_r_pr.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+i2d_r_pr.o: ../../include/openssl/opensslconf.h
+i2d_r_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
+i2d_r_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+i2d_r_pr.o: ../cryptlib.h
+i2d_r_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+i2d_r_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+i2d_r_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+i2d_r_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+i2d_r_pu.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+i2d_r_pu.o: ../../include/openssl/opensslconf.h
+i2d_r_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
+i2d_r_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+i2d_r_pu.o: ../cryptlib.h
+i2d_s_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+i2d_s_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+i2d_s_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+i2d_s_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+i2d_s_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+i2d_s_pr.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+i2d_s_pr.o: ../../include/openssl/opensslconf.h
+i2d_s_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+i2d_s_pr.o: ../../include/openssl/stack.h ../cryptlib.h
+i2d_s_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+i2d_s_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+i2d_s_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+i2d_s_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+i2d_s_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+i2d_s_pu.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+i2d_s_pu.o: ../../include/openssl/opensslconf.h
+i2d_s_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+i2d_s_pu.o: ../../include/openssl/stack.h ../cryptlib.h
+n_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+n_pkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+n_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+n_pkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+n_pkey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+n_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+n_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+n_pkey.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+n_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+n_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+n_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+n_pkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+n_pkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+n_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+n_pkey.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+n_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+nsseq.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+nsseq.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+nsseq.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+nsseq.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+nsseq.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+nsseq.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+nsseq.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+nsseq.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+nsseq.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+nsseq.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+nsseq.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+nsseq.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+nsseq.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+nsseq.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+nsseq.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+nsseq.o: ../../include/openssl/x509_vfy.h
+p5_pbe.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+p5_pbe.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p5_pbe.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p5_pbe.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p5_pbe.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+p5_pbe.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+p5_pbe.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p5_pbe.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p5_pbe.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+p5_pbe.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+p5_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p5_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p5_pbe.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p5_pbe.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p5_pbe.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p5_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p5_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p5_pbe.o: ../cryptlib.h
+p5_pbev2.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+p5_pbev2.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p5_pbev2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p5_pbev2.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p5_pbev2.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+p5_pbev2.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+p5_pbev2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p5_pbev2.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p5_pbev2.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+p5_pbev2.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+p5_pbev2.o: ../../include/openssl/opensslconf.h
+p5_pbev2.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+p5_pbev2.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+p5_pbev2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p5_pbev2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p5_pbev2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p5_pbev2.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p5_pbev2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p7_dgst.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+p7_dgst.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p7_dgst.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p7_dgst.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p7_dgst.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+p7_dgst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+p7_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p7_dgst.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p7_dgst.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+p7_dgst.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+p7_dgst.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p7_dgst.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p7_dgst.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p7_dgst.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p7_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p7_dgst.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p7_dgst.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p7_enc.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+p7_enc.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p7_enc.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p7_enc.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p7_enc.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+p7_enc.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+p7_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p7_enc.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p7_enc.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+p7_enc.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+p7_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p7_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p7_enc.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p7_enc.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p7_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p7_enc.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p7_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p7_enc_c.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+p7_enc_c.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p7_enc_c.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p7_enc_c.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p7_enc_c.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+p7_enc_c.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+p7_enc_c.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p7_enc_c.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p7_enc_c.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+p7_enc_c.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+p7_enc_c.o: ../../include/openssl/opensslconf.h
+p7_enc_c.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+p7_enc_c.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p7_enc_c.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p7_enc_c.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p7_enc_c.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p7_enc_c.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p7_enc_c.o: ../cryptlib.h
+p7_evp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+p7_evp.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p7_evp.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p7_evp.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p7_evp.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+p7_evp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+p7_evp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p7_evp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p7_evp.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+p7_evp.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+p7_evp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p7_evp.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p7_evp.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p7_evp.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p7_evp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p7_evp.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p7_evp.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p7_i_s.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+p7_i_s.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p7_i_s.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p7_i_s.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p7_i_s.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+p7_i_s.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+p7_i_s.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p7_i_s.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p7_i_s.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+p7_i_s.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+p7_i_s.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p7_i_s.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p7_i_s.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p7_i_s.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p7_i_s.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p7_i_s.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p7_i_s.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p7_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+p7_lib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p7_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p7_lib.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p7_lib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+p7_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+p7_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p7_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p7_lib.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+p7_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+p7_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p7_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p7_lib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p7_lib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p7_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p7_lib.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p7_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p7_recip.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+p7_recip.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p7_recip.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p7_recip.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p7_recip.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+p7_recip.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+p7_recip.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p7_recip.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p7_recip.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+p7_recip.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+p7_recip.o: ../../include/openssl/opensslconf.h
+p7_recip.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+p7_recip.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p7_recip.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p7_recip.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p7_recip.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p7_recip.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p7_recip.o: ../cryptlib.h
+p7_s_e.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+p7_s_e.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p7_s_e.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p7_s_e.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p7_s_e.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+p7_s_e.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+p7_s_e.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p7_s_e.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p7_s_e.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+p7_s_e.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+p7_s_e.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p7_s_e.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p7_s_e.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p7_s_e.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p7_s_e.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p7_s_e.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p7_s_e.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p7_signd.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+p7_signd.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p7_signd.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p7_signd.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p7_signd.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+p7_signd.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+p7_signd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p7_signd.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p7_signd.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+p7_signd.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+p7_signd.o: ../../include/openssl/opensslconf.h
+p7_signd.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+p7_signd.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p7_signd.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p7_signd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p7_signd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p7_signd.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p7_signd.o: ../cryptlib.h
+p7_signi.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+p7_signi.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p7_signi.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p7_signi.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p7_signi.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+p7_signi.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+p7_signi.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p7_signi.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p7_signi.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+p7_signi.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+p7_signi.o: ../../include/openssl/opensslconf.h
+p7_signi.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+p7_signi.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p7_signi.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p7_signi.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p7_signi.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p7_signi.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p7_signi.o: ../cryptlib.h
+p8_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+p8_pkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p8_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p8_pkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p8_pkey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+p8_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+p8_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p8_pkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p8_pkey.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+p8_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+p8_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p8_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p8_pkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p8_pkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p8_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p8_pkey.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p8_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+t_crl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_crl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+t_crl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+t_crl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+t_crl.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+t_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+t_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+t_crl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+t_crl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+t_crl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+t_crl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+t_crl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+t_crl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_crl.o: ../../include/openssl/x509v3.h ../cryptlib.h
+t_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+t_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+t_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+t_pkey.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+t_pkey.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+t_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
+t_pkey.o: ../../include/openssl/stack.h ../cryptlib.h
+t_req.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_req.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+t_req.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+t_req.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+t_req.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+t_req.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+t_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_req.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+t_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_req.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+t_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+t_req.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+t_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_req.o: ../cryptlib.h
+t_x509.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_x509.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+t_x509.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+t_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+t_x509.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+t_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+t_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+t_x509.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+t_x509.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+t_x509.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+t_x509.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+t_x509.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+t_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h
+x_algor.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+x_algor.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_algor.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_algor.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_algor.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+x_algor.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x_algor.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_algor.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_algor.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+x_algor.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x_algor.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_algor.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_algor.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_algor.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_algor.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_algor.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+x_algor.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x_attrib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+x_attrib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_attrib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_attrib.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_attrib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+x_attrib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x_attrib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_attrib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_attrib.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+x_attrib.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x_attrib.o: ../../include/openssl/opensslconf.h
+x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x_attrib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_attrib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_attrib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_attrib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_attrib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_attrib.o: ../cryptlib.h
+x_cinf.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+x_cinf.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_cinf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_cinf.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_cinf.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+x_cinf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x_cinf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_cinf.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_cinf.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+x_cinf.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x_cinf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_cinf.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_cinf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_cinf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_cinf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_cinf.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+x_cinf.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x_crl.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+x_crl.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_crl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_crl.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_crl.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+x_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_crl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_crl.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+x_crl.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_crl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_crl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_crl.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+x_crl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x_exten.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+x_exten.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_exten.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_exten.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_exten.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+x_exten.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x_exten.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_exten.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_exten.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+x_exten.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x_exten.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_exten.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_exten.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_exten.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_exten.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_exten.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+x_exten.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x_info.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+x_info.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_info.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_info.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+x_info.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x_info.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_info.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_info.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+x_info.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_info.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_info.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_info.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+x_info.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x_name.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+x_name.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_name.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_name.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_name.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+x_name.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x_name.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_name.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_name.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+x_name.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x_name.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_name.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_name.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_name.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_name.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_name.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+x_name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+x_pkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_pkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_pkey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+x_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_pkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_pkey.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+x_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_pkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_pkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_pkey.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+x_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x_pubkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+x_pubkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_pubkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_pubkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_pubkey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+x_pubkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x_pubkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_pubkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_pubkey.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+x_pubkey.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x_pubkey.o: ../../include/openssl/opensslconf.h
+x_pubkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x_pubkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_pubkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_pubkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_pubkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_pubkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_pubkey.o: ../cryptlib.h
+x_req.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+x_req.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_req.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_req.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+x_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x_req.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_req.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_req.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+x_req.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_req.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_req.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_req.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+x_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x_sig.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+x_sig.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_sig.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_sig.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_sig.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+x_sig.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x_sig.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_sig.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_sig.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+x_sig.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x_sig.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_sig.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_sig.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_sig.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_sig.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_sig.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+x_sig.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x_spki.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+x_spki.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_spki.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_spki.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+x_spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_spki.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_spki.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+x_spki.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x_spki.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_spki.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_spki.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_spki.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+x_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x_val.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+x_val.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_val.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_val.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_val.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+x_val.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x_val.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_val.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_val.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+x_val.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x_val.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_val.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_val.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_val.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_val.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_val.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+x_val.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x_x509.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+x_x509.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_x509.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_x509.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+x_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+x_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_x509.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_x509.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+x_x509.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_x509.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_x509.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_x509.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+x_x509.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
diff --git a/lib/libssl/src/crypto/asn1/a_bitstr.c b/lib/libssl/src/crypto/asn1/a_bitstr.c
index 2c101206511..38ea802be81 100644
--- a/lib/libssl/src/crypto/asn1/a_bitstr.c
+++ b/lib/libssl/src/crypto/asn1/a_bitstr.c
@@ -58,45 +58,60 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1.h"
+#include <openssl/asn1.h>
 
-/* ASN1err(ASN1_F_ASN1_STRING_NEW,ASN1_R_STRING_TOO_SHORT);
- * ASN1err(ASN1_F_D2I_ASN1_BIT_STRING,ASN1_R_EXPECTING_A_BIT_STRING);
- */
-
-int i2d_ASN1_BIT_STRING(a,pp)
-ASN1_BIT_STRING *a;
-unsigned char **pp;
+int i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
 	{
-	int ret,j,r,bits;
+	int ret,j,r,bits,len;
 	unsigned char *p,*d;
 
 	if (a == NULL) return(0);
 
-	/* our bit strings are always a multiple of 8 :-) */
-	bits=0;
-	ret=1+a->length;
+	len=a->length;
+
+	if (len > 0)
+		{
+		if (a->flags & ASN1_STRING_FLAG_BITS_LEFT)
+			{
+			bits=(int)a->flags&0x07;
+			}
+		else
+			{
+			for ( ; len > 0; len--)
+				{
+				if (a->data[len-1]) break;
+				}
+			j=a->data[len-1];
+			if      (j & 0x01) bits=0;
+			else if (j & 0x02) bits=1;
+			else if (j & 0x04) bits=2;
+			else if (j & 0x08) bits=3;
+			else if (j & 0x10) bits=4;
+			else if (j & 0x20) bits=5;
+			else if (j & 0x40) bits=6;
+			else if (j & 0x80) bits=7;
+			else bits=0; /* should not happen */
+			}
+		}
+	else
+		bits=0;
+	ret=1+len;
 	r=ASN1_object_size(0,ret,V_ASN1_BIT_STRING);
 	if (pp == NULL) return(r);
 	p= *pp;
 
 	ASN1_put_object(&p,0,ret,V_ASN1_BIT_STRING,V_ASN1_UNIVERSAL);
-	if (bits == 0)
-		j=0;
-	else	j=8-bits;
-	*(p++)=(unsigned char)j;
+	*(p++)=(unsigned char)bits;
 	d=a->data;
-	memcpy(p,d,a->length);
-	p+=a->length;
-	if (a->length > 0) p[-1]&=(0xff<<j);
+	memcpy(p,d,len);
+	p+=len;
+	if (len > 0) p[-1]&=(0xff<<bits);
 	*pp=p;
 	return(r);
 	}
 
-ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(a, pp, length)
-ASN1_BIT_STRING **a;
-unsigned char **pp;
-long length;
+ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
+	     long length)
 	{
 	ASN1_BIT_STRING *ret=NULL;
 	unsigned char *p,*s;
@@ -127,6 +142,12 @@ long length;
 	if (len < 1) { i=ASN1_R_STRING_TOO_SHORT; goto err; }
 
 	i= *(p++);
+	/* We do this to preserve the settings.  If we modify
+	 * the settings, via the _set_bit function, we will recalculate
+	 * on output */
+	ret->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear */
+	ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|(i&0x07)); /* set */
+
 	if (len-- > 1) /* using one because of the bits left byte */
 		{
 		s=(unsigned char *)Malloc((int)len);
@@ -158,10 +179,7 @@ err:
 
 /* These next 2 functions from Goetz Babin-Ebell <babinebell@trustcenter.de>
  */
-int ASN1_BIT_STRING_set_bit(a,n,value)
-ASN1_BIT_STRING *a;
-int n;
-int value;
+int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
 	{
 	int w,v,iv;
 	unsigned char *c;
@@ -170,6 +188,8 @@ int value;
 	v=1<<(7-(n&0x07));
 	iv= ~v;
 
+	a->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear, set on write */
+
 	if (a == NULL) return(0);
 	if ((a->length < (w+1)) || (a->data == NULL))
 		{
@@ -189,9 +209,7 @@ int value;
 	return(1);
 	}
 
-int ASN1_BIT_STRING_get_bit(a,n)
-ASN1_BIT_STRING *a;
-int n;
+int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n)
 	{
 	int w,v;
 
diff --git a/lib/libssl/src/crypto/asn1/a_bmp.c b/lib/libssl/src/crypto/asn1/a_bmp.c
index 774502b1fc4..6075871984f 100644
--- a/lib/libssl/src/crypto/asn1/a_bmp.c
+++ b/lib/libssl/src/crypto/asn1/a_bmp.c
@@ -58,31 +58,24 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1.h"
+#include <openssl/asn1.h>
 
-/* ASN1err(ASN1_F_D2I_ASN1_INTEGER,ASN1_R_EXPECTING_AN_INTEGER);
- */
-
-int i2d_ASN1_BMPSTRING(a, pp)
-ASN1_BMPSTRING *a;
-unsigned char **pp;
+int i2d_ASN1_BMPSTRING(ASN1_BMPSTRING *a, unsigned char **pp)
 	{
 	return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
 		V_ASN1_BMPSTRING,V_ASN1_UNIVERSAL));
 	}
 
-ASN1_BMPSTRING *d2i_ASN1_BMPSTRING(a, pp, length)
-ASN1_BMPSTRING **a;
-unsigned char **pp;
-long length;
+ASN1_BMPSTRING *d2i_ASN1_BMPSTRING(ASN1_BMPSTRING **a, unsigned char **pp,
+	     long length)
 	{
 	ASN1_BMPSTRING *ret=NULL;
 
 	ret=(ASN1_BMPSTRING *)d2i_ASN1_bytes((ASN1_STRING **)a,
-	pp,length,V_ASN1_BMPSTRING,V_ASN1_UNIVERSAL);
+		pp,length,V_ASN1_BMPSTRING,V_ASN1_UNIVERSAL);
 	if (ret == NULL)
 		{
-		ASN1err(ASN1_F_D2I_ASN1_BMPSTRING,ASN1_R_ERROR_STACK);
+		ASN1err(ASN1_F_D2I_ASN1_BMPSTRING,ERR_R_NESTED_ASN1_ERROR);
 		return(NULL);
 		}
 	return(ret);
diff --git a/lib/libssl/src/crypto/asn1/a_bool.c b/lib/libssl/src/crypto/asn1/a_bool.c
index 41a95aa278b..18fa61840b4 100644
--- a/lib/libssl/src/crypto/asn1/a_bool.c
+++ b/lib/libssl/src/crypto/asn1/a_bool.c
@@ -58,15 +58,9 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1.h"
+#include <openssl/asn1.h>
 
-/* ASN1err(ASN1_F_D2I_ASN1_BOOLEAN,ASN1_R_EXPECTING_A_BOOLEAN);
- * ASN1err(ASN1_F_D2I_ASN1_BOOLEAN,ASN1_R_BOOLEAN_IS_WRONG_LENGTH);
- */
-
-int i2d_ASN1_BOOLEAN(a,pp)
-int a;
-unsigned char **pp;
+int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
 	{
 	int r;
 	unsigned char *p;
@@ -81,10 +75,7 @@ unsigned char **pp;
 	return(r);
 	}
 
-int d2i_ASN1_BOOLEAN(a, pp, length)
-int *a;
-unsigned char **pp;
-long length;
+int d2i_ASN1_BOOLEAN(int *a, unsigned char **pp, long length)
 	{
 	int ret= -1;
 	unsigned char *p;
diff --git a/lib/libssl/src/crypto/asn1/a_bytes.c b/lib/libssl/src/crypto/asn1/a_bytes.c
index 14168d61ad1..e452e03b88f 100644
--- a/lib/libssl/src/crypto/asn1/a_bytes.c
+++ b/lib/libssl/src/crypto/asn1/a_bytes.c
@@ -58,38 +58,24 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
-
-/* ASN1err(ASN1_F_ASN1_TYPE_NEW,ASN1_R_ERROR_STACK);
- * ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES,ASN1_R_ERROR_STACK);
- * ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES,ASN1_R_WRONG_TYPE);
- * ASN1err(ASN1_F_ASN1_COLLATE_PRIMATIVE,ASN1_R_WRONG_TAG);
- */
+#include <openssl/asn1_mac.h>
 
 static unsigned long tag2bit[32]={
 0,	0,	0,	B_ASN1_BIT_STRING,	/* tags  0 -  3 */
 B_ASN1_OCTET_STRING,	0,	0,		B_ASN1_UNKNOWN,/* tags  4- 7 */
 B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,/* tags  8-11 */
-B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,/* tags 12-15 */
+B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */
 0,	0,	B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING,
 B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING,0,
 0,B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING,
 B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN,
 	};
 
-#ifndef NOPROTO
 static int asn1_collate_primative(ASN1_STRING *a, ASN1_CTX *c);
-#else
-static int asn1_collate_primative();
-#endif
-
-/* type is a 'bitmap' of acceptable string types to be accepted.
+/* type is a 'bitmap' of acceptable string types.
  */
-ASN1_STRING *d2i_ASN1_type_bytes(a, pp, length, type)
-ASN1_STRING **a;
-unsigned char **pp;
-long length;
-int type;
+ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, unsigned char **pp,
+	     long length, int type)
 	{
 	ASN1_STRING *ret=NULL;
 	unsigned char *p,*s;
@@ -152,11 +138,7 @@ err:
 	return(NULL);
 	}
 
-int i2d_ASN1_bytes(a, pp, tag, xclass)
-ASN1_STRING *a;
-unsigned char **pp;
-int tag;
-int xclass;
+int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass)
 	{
 	int ret,r,constructed;
 	unsigned char *p;
@@ -182,12 +164,8 @@ int xclass;
 	return(r);
 	}
 
-ASN1_STRING *d2i_ASN1_bytes(a, pp, length, Ptag, Pclass)
-ASN1_STRING **a;
-unsigned char **pp;
-long length;
-int Ptag;
-int Pclass;
+ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, long length,
+	     int Ptag, int Pclass)
 	{
 	ASN1_STRING *ret=NULL;
 	unsigned char *p,*s;
@@ -279,9 +257,7 @@ err:
  * them into the one struture that is then returned */
 /* There have been a few bug fixes for this function from
  * Paul Keogh <paul.keogh@sse.ie>, many thanks to him */
-static int asn1_collate_primative(a,c)
-ASN1_STRING *a;
-ASN1_CTX *c;
+static int asn1_collate_primative(ASN1_STRING *a, ASN1_CTX *c)
 	{
 	ASN1_STRING *os=NULL;
 	BUF_MEM b;
@@ -338,7 +314,7 @@ ASN1_CTX *c;
 	if (os != NULL) ASN1_STRING_free(os);
 	return(1);
 err:
-	ASN1err(ASN1_F_ASN1_COLLATE_PRIMATIVE,c->error);
+	ASN1err(ASN1_F_ASN1_COLLATE_PRIMITIVE,c->error);
 	if (os != NULL) ASN1_STRING_free(os);
 	if (b.data != NULL) Free(b.data);
 	return(0);
diff --git a/lib/libssl/src/crypto/asn1/a_d2i_fp.c b/lib/libssl/src/crypto/asn1/a_d2i_fp.c
index d952836a910..a49d1cb2897 100644
--- a/lib/libssl/src/crypto/asn1/a_d2i_fp.c
+++ b/lib/libssl/src/crypto/asn1/a_d2i_fp.c
@@ -58,17 +58,14 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "asn1_mac.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1_mac.h>
 
 #define HEADER_SIZE   8
 
 #ifndef NO_FP_API
-char *ASN1_d2i_fp(xnew,d2i,in,x)
-char *(*xnew)();
-char *(*d2i)();
-FILE *in;
-unsigned char **x;
+char *ASN1_d2i_fp(char *(*xnew)(), char *(*d2i)(), FILE *in,
+	     unsigned char **x)
         {
         BIO *b;
         char *ret;
@@ -85,11 +82,8 @@ unsigned char **x;
         }
 #endif
 
-char *ASN1_d2i_bio(xnew,d2i,in,x)
-char *(*xnew)();
-char *(*d2i)();
-BIO *in;
-unsigned char **x;
+char *ASN1_d2i_bio(char *(*xnew)(), char *(*d2i)(), BIO *in,
+	     unsigned char **x)
 	{
 	BUF_MEM *b;
 	unsigned char *p;
diff --git a/lib/libssl/src/crypto/asn1/a_digest.c b/lib/libssl/src/crypto/asn1/a_digest.c
index 8ddb65b0dc6..8c45add5576 100644
--- a/lib/libssl/src/crypto/asn1/a_digest.c
+++ b/lib/libssl/src/crypto/asn1/a_digest.c
@@ -62,16 +62,12 @@
 #include <sys/stat.h>
 
 #include "cryptlib.h"
-#include "evp.h"
-#include "x509.h"
-#include "buffer.h"
+#include <openssl/evp.h>
+#include <openssl/buffer.h>
+#include <openssl/x509.h>
 
-int ASN1_digest(i2d,type,data,md,len)
-int (*i2d)();
-EVP_MD *type;
-char *data;
-unsigned char *md;
-unsigned int *len;
+int ASN1_digest(int (*i2d)(), EVP_MD *type, char *data, unsigned char *md,
+	     unsigned int *len)
 	{
 	EVP_MD_CTX ctx;
 	int i;
diff --git a/lib/libssl/src/crypto/asn1/a_dup.c b/lib/libssl/src/crypto/asn1/a_dup.c
index 961b4cb0694..c0a8709f3b4 100644
--- a/lib/libssl/src/crypto/asn1/a_dup.c
+++ b/lib/libssl/src/crypto/asn1/a_dup.c
@@ -58,14 +58,11 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
+#include <openssl/asn1_mac.h>
 
 #define READ_CHUNK   2048
 
-char *ASN1_dup(i2d,d2i,x)
-int (*i2d)();
-char *(*d2i)();
-char *x;
+char *ASN1_dup(int (*i2d)(), char *(*d2i)(), char *x)
 	{
 	unsigned char *b,*p;
 	long i;
diff --git a/lib/libssl/src/crypto/asn1/a_enum.c b/lib/libssl/src/crypto/asn1/a_enum.c
new file mode 100644
index 00000000000..9239ecc439a
--- /dev/null
+++ b/lib/libssl/src/crypto/asn1/a_enum.c
@@ -0,0 +1,326 @@
+/* crypto/asn1/a_enum.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+/* 
+ * Code for ENUMERATED type: identical to INTEGER apart from a different tag.
+ * for comments on encoding see a_int.c
+ */
+
+int i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a, unsigned char **pp)
+	{
+	int pad=0,ret,r,i,t;
+	unsigned char *p,*n,pb=0;
+
+	if ((a == NULL) || (a->data == NULL)) return(0);
+	t=a->type;
+	if (a->length == 0)
+		ret=1;
+	else
+		{
+		ret=a->length;
+		i=a->data[0];
+		if ((t == V_ASN1_ENUMERATED) && (i > 127)) {
+			pad=1;
+			pb=0;
+		} else if(t == V_ASN1_NEG_ENUMERATED) {
+			if(i>128) {
+				pad=1;
+				pb=0xFF;
+			} else if(i == 128) {
+				for(i = 1; i < a->length; i++) if(a->data[i]) {
+						pad=1;
+						pb=0xFF;
+						break;
+				}
+			}
+		}
+		ret+=pad;
+		}
+	r=ASN1_object_size(0,ret,V_ASN1_ENUMERATED);
+	if (pp == NULL) return(r);
+	p= *pp;
+
+	ASN1_put_object(&p,0,ret,V_ASN1_ENUMERATED,V_ASN1_UNIVERSAL);
+	if (pad) *(p++)=pb;
+	if (a->length == 0)
+		*(p++)=0;
+	else if (t == V_ASN1_ENUMERATED)
+		{
+		memcpy(p,a->data,(unsigned int)a->length);
+		p+=a->length;
+		}
+	else {
+		/* Begin at the end of the encoding */
+		n=a->data + a->length - 1;
+		p += a->length - 1;
+		i = a->length;
+		/* Copy zeros to destination as long as source is zero */
+		while(!*n) {
+			*(p--) = 0;
+			n--;
+			i--;
+		}
+		/* Complement and increment next octet */
+		*(p--) = ((*(n--)) ^ 0xff) + 1;
+		i--;
+		/* Complement any octets left */
+		for(;i > 0; i--) *(p--) = *(n--) ^ 0xff;
+		p += a->length;
+	}
+
+	*pp=p;
+	return(r);
+	}
+
+ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a, unsigned char **pp,
+	     long length)
+	{
+	ASN1_ENUMERATED *ret=NULL;
+	unsigned char *p,*to,*s;
+	long len;
+	int inf,tag,xclass;
+	int i;
+
+	if ((a == NULL) || ((*a) == NULL))
+		{
+		if ((ret=ASN1_ENUMERATED_new()) == NULL) return(NULL);
+		ret->type=V_ASN1_ENUMERATED;
+		}
+	else
+		ret=(*a);
+
+	p= *pp;
+	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+	if (inf & 0x80)
+		{
+		i=ASN1_R_BAD_OBJECT_HEADER;
+		goto err;
+		}
+
+	if (tag != V_ASN1_ENUMERATED)
+		{
+		i=ASN1_R_EXPECTING_AN_ENUMERATED;
+		goto err;
+		}
+
+	/* We must Malloc stuff, even for 0 bytes otherwise it
+	 * signifies a missing NULL parameter. */
+	s=(unsigned char *)Malloc((int)len+1);
+	if (s == NULL)
+		{
+		i=ERR_R_MALLOC_FAILURE;
+		goto err;
+		}
+	to=s;
+	if (*p & 0x80) /* a negative number */
+		{
+		ret->type=V_ASN1_NEG_ENUMERATED;
+		if ((*p == 0xff) && (len != 1)) {
+			p++;
+			len--;
+		}
+		i = len;
+		p += i - 1;
+		to += i - 1;
+		while((!*p) && i) {
+			*(to--) = 0;
+			i--;
+			p--;
+		}
+		if(!i) {
+			*s = 1;
+			s[len] = 0;
+			p += len;
+			len++;
+		} else {
+			*(to--) = (*(p--) ^ 0xff) + 1;
+			i--;
+			for(;i > 0; i--) *(to--) = *(p--) ^ 0xff;
+			p += len;
+		}
+	} else {
+		ret->type=V_ASN1_ENUMERATED;
+		if ((*p == 0) && (len != 1))
+			{
+			p++;
+			len--;
+			}
+		memcpy(s,p,(int)len);
+		p+=len;
+	}
+
+	if (ret->data != NULL) Free((char *)ret->data);
+	ret->data=s;
+	ret->length=(int)len;
+	if (a != NULL) (*a)=ret;
+	*pp=p;
+	return(ret);
+err:
+	ASN1err(ASN1_F_D2I_ASN1_ENUMERATED,i);
+	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+		ASN1_ENUMERATED_free(ret);
+	return(NULL);
+	}
+
+int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
+	{
+	int i,j,k;
+	unsigned char buf[sizeof(long)+1];
+	long d;
+
+	a->type=V_ASN1_ENUMERATED;
+	if (a->length < (sizeof(long)+1))
+		{
+		if (a->data != NULL)
+			Free((char *)a->data);
+		if ((a->data=(unsigned char *)Malloc(sizeof(long)+1)) != NULL)
+			memset((char *)a->data,0,sizeof(long)+1);
+		}
+	if (a->data == NULL)
+		{
+		ASN1err(ASN1_F_ASN1_ENUMERATED_SET,ERR_R_MALLOC_FAILURE);
+		return(0);
+		}
+	d=v;
+	if (d < 0)
+		{
+		d= -d;
+		a->type=V_ASN1_NEG_ENUMERATED;
+		}
+
+	for (i=0; i<sizeof(long); i++)
+		{
+		if (d == 0) break;
+		buf[i]=(int)d&0xff;
+		d>>=8;
+		}
+	j=0;
+	for (k=i-1; k >=0; k--)
+		a->data[j++]=buf[k];
+	a->length=j;
+	return(1);
+	}
+
+long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
+	{
+	int neg=0,i;
+	long r=0;
+
+	if (a == NULL) return(0L);
+	i=a->type;
+	if (i == V_ASN1_NEG_ENUMERATED)
+		neg=1;
+	else if (i != V_ASN1_ENUMERATED)
+		return(0);
+	
+	if (a->length > sizeof(long))
+		{
+		/* hmm... a bit ugly */
+		return(0xffffffffL);
+		}
+	if (a->data == NULL)
+		return(0);
+
+	for (i=0; i<a->length; i++)
+		{
+		r<<=8;
+		r|=(unsigned char)a->data[i];
+		}
+	if (neg) r= -r;
+	return(r);
+	}
+
+ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
+	{
+	ASN1_ENUMERATED *ret;
+	int len,j;
+
+	if (ai == NULL)
+		ret=ASN1_ENUMERATED_new();
+	else
+		ret=ai;
+	if (ret == NULL)
+		{
+		ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_NESTED_ASN1_ERROR);
+		goto err;
+		}
+	if(bn->neg) ret->type = V_ASN1_NEG_ENUMERATED;
+	else ret->type=V_ASN1_ENUMERATED;
+	j=BN_num_bits(bn);
+	len=((j == 0)?0:((j/8)+1));
+	ret->data=(unsigned char *)Malloc(len+4);
+	ret->length=BN_bn2bin(bn,ret->data);
+	return(ret);
+err:
+	if (ret != ai) ASN1_ENUMERATED_free(ret);
+	return(NULL);
+	}
+
+BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn)
+	{
+	BIGNUM *ret;
+
+	if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
+		ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN,ASN1_R_BN_LIB);
+	if(ai->type == V_ASN1_NEG_ENUMERATED) bn->neg = 1;
+	return(ret);
+	}
diff --git a/lib/libssl/src/crypto/asn1/a_gentm.c b/lib/libssl/src/crypto/asn1/a_gentm.c
new file mode 100644
index 00000000000..226474f057b
--- /dev/null
+++ b/lib/libssl/src/crypto/asn1/a_gentm.c
@@ -0,0 +1,224 @@
+/* crypto/asn1/a_gentm.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* GENERALIZEDTIME implementation, written by Steve Henson. Based on UTCTIME */
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp)
+	{
+#ifdef CHARSET_EBCDIC
+	/* KLUDGE! We convert to ascii before writing DER */
+	int len;
+	char tmp[24];
+	ASN1_STRING tmpstr = *(ASN1_STRING *)a;
+
+	len = tmpstr.length;
+	ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len);
+	tmpstr.data = tmp;
+
+	a = (ASN1_GENERALIZEDTIME *) &tmpstr;
+#endif
+	return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
+		V_ASN1_GENERALIZEDTIME,V_ASN1_UNIVERSAL));
+	}
+
+
+ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a,
+	     unsigned char **pp, long length)
+	{
+	ASN1_GENERALIZEDTIME *ret=NULL;
+
+	ret=(ASN1_GENERALIZEDTIME *)d2i_ASN1_bytes((ASN1_STRING **)a,pp,length,
+		V_ASN1_GENERALIZEDTIME,V_ASN1_UNIVERSAL);
+	if (ret == NULL)
+		{
+		ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME,ERR_R_NESTED_ASN1_ERROR);
+		return(NULL);
+		}
+#ifdef CHARSET_EBCDIC
+	ascii2ebcdic(ret->data, ret->data, ret->length);
+#endif
+	if (!ASN1_GENERALIZEDTIME_check(ret))
+		{
+		ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME,ASN1_R_INVALID_TIME_FORMAT);
+		goto err;
+		}
+
+	return(ret);
+err:
+	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+		ASN1_GENERALIZEDTIME_free(ret);
+	return(NULL);
+	}
+
+int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
+	{
+	static int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0};
+	static int max[9]={99, 99,12,31,23,59,59,12,59};
+	char *a;
+	int n,i,l,o;
+
+	if (d->type != V_ASN1_GENERALIZEDTIME) return(0);
+	l=d->length;
+	a=(char *)d->data;
+	o=0;
+	/* GENERALIZEDTIME is similar to UTCTIME except the year is
+         * represented as YYYY. This stuff treats everything as a two digit
+         * field so make first two fields 00 to 99
+         */
+	if (l < 13) goto err;
+	for (i=0; i<7; i++)
+		{
+		if ((i == 6) && ((a[o] == 'Z') ||
+			(a[o] == '+') || (a[o] == '-')))
+			{ i++; break; }
+		if ((a[o] < '0') || (a[o] > '9')) goto err;
+		n= a[o]-'0';
+		if (++o > l) goto err;
+
+		if ((a[o] < '0') || (a[o] > '9')) goto err;
+		n=(n*10)+ a[o]-'0';
+		if (++o > l) goto err;
+
+		if ((n < min[i]) || (n > max[i])) goto err;
+		}
+	if (a[o] == 'Z')
+		o++;
+	else if ((a[o] == '+') || (a[o] == '-'))
+		{
+		o++;
+		if (o+4 > l) goto err;
+		for (i=7; i<9; i++)
+			{
+			if ((a[o] < '0') || (a[o] > '9')) goto err;
+			n= a[o]-'0';
+			o++;
+			if ((a[o] < '0') || (a[o] > '9')) goto err;
+			n=(n*10)+ a[o]-'0';
+			if ((n < min[i]) || (n > max[i])) goto err;
+			o++;
+			}
+		}
+	return(o == l);
+err:
+	return(0);
+	}
+
+int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str)
+	{
+	ASN1_GENERALIZEDTIME t;
+
+	t.type=V_ASN1_GENERALIZEDTIME;
+	t.length=strlen(str);
+	t.data=(unsigned char *)str;
+	if (ASN1_GENERALIZEDTIME_check(&t))
+		{
+		if (s != NULL)
+			{
+			ASN1_STRING_set((ASN1_STRING *)s,
+				(unsigned char *)str,t.length);
+			}
+		return(1);
+		}
+	else
+		return(0);
+	}
+
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
+	     time_t t)
+	{
+	char *p;
+	struct tm *ts;
+#if defined(THREADS) && !defined(WIN32)
+	struct tm data;
+#endif
+
+	if (s == NULL)
+		s=ASN1_GENERALIZEDTIME_new();
+	if (s == NULL)
+		return(NULL);
+
+#if defined(THREADS) && !defined(WIN32)
+	gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */
+	ts=&data;
+#else
+	ts=gmtime(&t);
+#endif
+	p=(char *)s->data;
+	if ((p == NULL) || (s->length < 16))
+		{
+		p=Malloc(20);
+		if (p == NULL) return(NULL);
+		if (s->data != NULL)
+			Free(s->data);
+		s->data=(unsigned char *)p;
+		}
+
+	sprintf(p,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900,
+		ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
+	s->length=strlen(p);
+	s->type=V_ASN1_GENERALIZEDTIME;
+#ifdef CHARSET_EBCDIC_not
+	ebcdic2ascii(s->data, s->data, s->length);
+#endif
+	return(s);
+	}
diff --git a/lib/libssl/src/crypto/asn1/a_hdr.c b/lib/libssl/src/crypto/asn1/a_hdr.c
index 4fb7a5fa752..1171d364439 100644
--- a/lib/libssl/src/crypto/asn1/a_hdr.c
+++ b/lib/libssl/src/crypto/asn1/a_hdr.c
@@ -58,19 +58,10 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
-#include "asn1.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/asn1.h>
 
-/*
- * ASN1err(ASN1_F_D2I_ASN1_HEADER,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_I2D_ASN1_HEADER,ASN1_R_BAD_GET_OBJECT);
- * ASN1err(ASN1_F_I2D_ASN1_HEADER,ASN1_R_BAD_GET_OBJECT);
- * ASN1err(ASN1_F_ASN1_HEADER_NEW,ASN1_R_BAD_GET_OBJECT);
- */
-
-int i2d_ASN1_HEADER(a,pp)
-ASN1_HEADER *a;
-unsigned char **pp;
+int i2d_ASN1_HEADER(ASN1_HEADER *a, unsigned char **pp)
 	{
 	M_ASN1_I2D_vars(a);
 
@@ -85,10 +76,8 @@ unsigned char **pp;
 	M_ASN1_I2D_finish();
 	}
 
-ASN1_HEADER *d2i_ASN1_HEADER(a,pp,length)
-ASN1_HEADER **a;
-unsigned char **pp;
-long length;
+ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a, unsigned char **pp,
+	     long length)
 	{
 	M_ASN1_D2I_vars(a,ASN1_HEADER *,ASN1_HEADER_new);
 
@@ -107,9 +96,10 @@ long length;
         M_ASN1_D2I_Finish(a,ASN1_HEADER_free,ASN1_F_D2I_ASN1_HEADER);
 	}
 
-ASN1_HEADER *ASN1_HEADER_new()
+ASN1_HEADER *ASN1_HEADER_new(void)
 	{
 	ASN1_HEADER *ret=NULL;
+	ASN1_CTX c;
 
 	M_ASN1_New_Malloc(ret,ASN1_HEADER);
 	M_ASN1_New(ret->header,ASN1_OCTET_STRING_new);
@@ -119,8 +109,7 @@ ASN1_HEADER *ASN1_HEADER_new()
         M_ASN1_New_Error(ASN1_F_ASN1_HEADER_NEW);
 	}
 
-void ASN1_HEADER_free(a)
-ASN1_HEADER *a;
+void ASN1_HEADER_free(ASN1_HEADER *a)
 	{
 	if (a == NULL) return;
 	ASN1_OCTET_STRING_free(a->header);
diff --git a/lib/libssl/src/crypto/asn1/a_i2d_fp.c b/lib/libssl/src/crypto/asn1/a_i2d_fp.c
index 66c3df68d59..6bd845443cc 100644
--- a/lib/libssl/src/crypto/asn1/a_i2d_fp.c
+++ b/lib/libssl/src/crypto/asn1/a_i2d_fp.c
@@ -58,14 +58,11 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "asn1_mac.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1_mac.h>
 
 #ifndef NO_FP_API
-int ASN1_i2d_fp(i2d,out,x)
-int (*i2d)();
-FILE *out;
-unsigned char *x;
+int ASN1_i2d_fp(int (*i2d)(), FILE *out, unsigned char *x)
         {
         BIO *b;
         int ret;
@@ -82,10 +79,7 @@ unsigned char *x;
         }
 #endif
 
-int ASN1_i2d_bio(i2d,out,x)
-int (*i2d)();
-BIO *out;
-unsigned char *x;
+int ASN1_i2d_bio(int (*i2d)(), BIO *out, unsigned char *x)
 	{
 	char *b;
 	unsigned char *p;
diff --git a/lib/libssl/src/crypto/asn1/a_int.c b/lib/libssl/src/crypto/asn1/a_int.c
index df79cf99bbb..d05436378b9 100644
--- a/lib/libssl/src/crypto/asn1/a_int.c
+++ b/lib/libssl/src/crypto/asn1/a_int.c
@@ -58,17 +58,37 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1.h"
+#include <openssl/asn1.h>
 
-/* ASN1err(ASN1_F_D2I_ASN1_INTEGER,ASN1_R_EXPECTING_AN_INTEGER);
+/* 
+ * This converts an ASN1 INTEGER into its DER encoding.
+ * The internal representation is an ASN1_STRING whose data is a big endian
+ * representation of the value, ignoring the sign. The sign is determined by
+ * the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative. 
+ *
+ * Positive integers are no problem: they are almost the same as the DER
+ * encoding, except if the first byte is >= 0x80 we need to add a zero pad.
+ *
+ * Negative integers are a bit trickier...
+ * The DER representation of negative integers is in 2s complement form.
+ * The internal form is converted by complementing each octet and finally 
+ * adding one to the result. This can be done less messily with a little trick.
+ * If the internal form has trailing zeroes then they will become FF by the
+ * complement and 0 by the add one (due to carry) so just copy as many trailing 
+ * zeros to the destination as there are in the source. The carry will add one
+ * to the last none zero octet: so complement this octet and add one and finally
+ * complement any left over until you get to the start of the string.
+ *
+ * Padding is a little trickier too. If the first bytes is > 0x80 then we pad
+ * with 0xff. However if the first byte is 0x80 and one of the following bytes
+ * is non-zero we pad with 0xff. The reason for this distinction is that 0x80
+ * followed by optional zeros isn't padded.
  */
 
-int i2d_ASN1_INTEGER(a,pp)
-ASN1_INTEGER *a;
-unsigned char **pp;
+int i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
 	{
 	int pad=0,ret,r,i,t;
-	unsigned char *p,*pt,*n,pb=0;
+	unsigned char *p,*n,pb=0;
 
 	if ((a == NULL) || (a->data == NULL)) return(0);
 	t=a->type;
@@ -78,16 +98,25 @@ unsigned char **pp;
 		{
 		ret=a->length;
 		i=a->data[0];
-		if ((t == V_ASN1_INTEGER) && (i > 127))
-			{
+		if ((t == V_ASN1_INTEGER) && (i > 127)) {
 			pad=1;
 			pb=0;
+		} else if(t == V_ASN1_NEG_INTEGER) {
+			if(i>128) {
+				pad=1;
+				pb=0xFF;
+			} else if(i == 128) {
+			/*
+			 * Special case: if any other bytes non zero we pad:
+			 * otherwise we don't.
+			 */
+				for(i = 1; i < a->length; i++) if(a->data[i]) {
+						pad=1;
+						pb=0xFF;
+						break;
+				}
 			}
-		else if ((t == V_ASN1_NEG_INTEGER) && (i>128))
-			{
-			pad=1;
-			pb=0xFF;
-			}
+		}
 		ret+=pad;
 		}
 	r=ASN1_object_size(0,ret,V_ASN1_INTEGER);
@@ -96,33 +125,35 @@ unsigned char **pp;
 
 	ASN1_put_object(&p,0,ret,V_ASN1_INTEGER,V_ASN1_UNIVERSAL);
 	if (pad) *(p++)=pb;
-	if (a->length == 0)
-		*(p++)=0;
-	else if (t == V_ASN1_INTEGER)
-		{
-		memcpy(p,a->data,(unsigned int)a->length);
-		p+=a->length;
-		}
-	else
-		{
-		n=a->data;
-		pt=p;
-		for (i=a->length; i>0; i--)
-			*(p++)= (*(n++)^0xFF)+1;
-		if (!pad) *pt|=0x80;
+	if (a->length == 0) *(p++)=0;
+	else if (t == V_ASN1_INTEGER) memcpy(p,a->data,(unsigned int)a->length);
+	else {
+		/* Begin at the end of the encoding */
+		n=a->data + a->length - 1;
+		p += a->length - 1;
+		i = a->length;
+		/* Copy zeros to destination as long as source is zero */
+		while(!*n) {
+			*(p--) = 0;
+			n--;
+			i--;
 		}
+		/* Complement and increment next octet */
+		*(p--) = ((*(n--)) ^ 0xff) + 1;
+		i--;
+		/* Complement any octets left */
+		for(;i > 0; i--) *(p--) = *(n--) ^ 0xff;
+	}
 
-	*pp=p;
+	*pp+=r;
 	return(r);
 	}
 
-ASN1_INTEGER *d2i_ASN1_INTEGER(a, pp, length)
-ASN1_INTEGER **a;
-unsigned char **pp;
-long length;
+ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
+	     long length)
 	{
 	ASN1_INTEGER *ret=NULL;
-	unsigned char *p,*to,*s;
+	unsigned char *p,*to,*s, *pend;
 	long len;
 	int inf,tag,xclass;
 	int i;
@@ -137,6 +168,7 @@ long length;
 
 	p= *pp;
 	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+	pend = p + len;
 	if (inf & 0x80)
 		{
 		i=ASN1_R_BAD_OBJECT_HEADER;
@@ -161,16 +193,102 @@ long length;
 	if (*p & 0x80) /* a negative number */
 		{
 		ret->type=V_ASN1_NEG_INTEGER;
-		if (*p == 0xff)
+		if ((*p == 0xff) && (len != 1)) {
+			p++;
+			len--;
+		}
+		i = len;
+		p += i - 1;
+		to += i - 1;
+		while((!*p) && i) {
+			*(to--) = 0;
+			i--;
+			p--;
+		}
+		/* Special case: if all zeros then the number will be of
+		 * the form FF followed by n zero bytes: this corresponds to
+		 * 1 followed by n zero bytes. We've already written n zeros
+		 * so we just append an extra one and set the first byte to
+		 * a 1. This is treated separately because it is the only case
+		 * where the number of bytes is larger than len.
+		 */
+		if(!i) {
+			*s = 1;
+			s[len] = 0;
+			len++;
+		} else {
+			*(to--) = (*(p--) ^ 0xff) + 1;
+			i--;
+			for(;i > 0; i--) *(to--) = *(p--) ^ 0xff;
+		}
+	} else {
+		ret->type=V_ASN1_INTEGER;
+		if ((*p == 0) && (len != 1))
 			{
 			p++;
 			len--;
 			}
-		for (i=(int)len; i>0; i--)
-			*(to++)= (*(p++)^0xFF)+1;
+		memcpy(s,p,(int)len);
+	}
+
+	if (ret->data != NULL) Free((char *)ret->data);
+	ret->data=s;
+	ret->length=(int)len;
+	if (a != NULL) (*a)=ret;
+	*pp=pend;
+	return(ret);
+err:
+	ASN1err(ASN1_F_D2I_ASN1_INTEGER,i);
+	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+		ASN1_INTEGER_free(ret);
+	return(NULL);
+	}
+
+/* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of
+ * ASN1 integers: some broken software can encode a positive INTEGER
+ * with its MSB set as negative (it doesn't add a padding zero).
+ */
+
+ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, unsigned char **pp,
+	     long length)
+	{
+	ASN1_INTEGER *ret=NULL;
+	unsigned char *p,*to,*s;
+	long len;
+	int inf,tag,xclass;
+	int i;
+
+	if ((a == NULL) || ((*a) == NULL))
+		{
+		if ((ret=ASN1_INTEGER_new()) == NULL) return(NULL);
+		ret->type=V_ASN1_INTEGER;
 		}
 	else
+		ret=(*a);
+
+	p= *pp;
+	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+	if (inf & 0x80)
+		{
+		i=ASN1_R_BAD_OBJECT_HEADER;
+		goto err;
+		}
+
+	if (tag != V_ASN1_INTEGER)
 		{
+		i=ASN1_R_EXPECTING_AN_INTEGER;
+		goto err;
+		}
+
+	/* We must Malloc stuff, even for 0 bytes otherwise it
+	 * signifies a missing NULL parameter. */
+	s=(unsigned char *)Malloc((int)len+1);
+	if (s == NULL)
+		{
+		i=ERR_R_MALLOC_FAILURE;
+		goto err;
+		}
+	to=s;
 		ret->type=V_ASN1_INTEGER;
 		if ((*p == 0) && (len != 1))
 			{
@@ -179,7 +297,6 @@ long length;
 			}
 		memcpy(s,p,(int)len);
 		p+=len;
-		}
 
 	if (ret->data != NULL) Free((char *)ret->data);
 	ret->data=s;
@@ -188,15 +305,13 @@ long length;
 	*pp=p;
 	return(ret);
 err:
-	ASN1err(ASN1_F_D2I_ASN1_INTEGER,i);
+	ASN1err(ASN1_F_D2I_ASN1_UINTEGER,i);
 	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
 		ASN1_INTEGER_free(ret);
 	return(NULL);
 	}
 
-int ASN1_INTEGER_set(a,v)
-ASN1_INTEGER *a;
-long v;
+int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
 	{
 	int i,j,k;
 	unsigned char buf[sizeof(long)+1];
@@ -229,15 +344,13 @@ long v;
 		d>>=8;
 		}
 	j=0;
-	if (v < 0) a->data[j++]=0;
 	for (k=i-1; k >=0; k--)
 		a->data[j++]=buf[k];
 	a->length=j;
 	return(1);
 	}
 
-long ASN1_INTEGER_get(a)
-ASN1_INTEGER *a;
+long ASN1_INTEGER_get(ASN1_INTEGER *a)
 	{
 	int neg=0,i;
 	long r=0;
@@ -266,9 +379,7 @@ ASN1_INTEGER *a;
 	return(r);
 	}
 
-ASN1_INTEGER *BN_to_ASN1_INTEGER(bn,ai)
-BIGNUM *bn;
-ASN1_INTEGER *ai;
+ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
 	{
 	ASN1_INTEGER *ret;
 	int len,j;
@@ -279,10 +390,11 @@ ASN1_INTEGER *ai;
 		ret=ai;
 	if (ret == NULL)
 		{
-		ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ASN1_R_ERROR_STACK);
+		ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_NESTED_ASN1_ERROR);
 		goto err;
 		}
-	ret->type=V_ASN1_INTEGER;
+	if(bn->neg) ret->type = V_ASN1_NEG_INTEGER;
+	else ret->type=V_ASN1_INTEGER;
 	j=BN_num_bits(bn);
 	len=((j == 0)?0:((j/8)+1));
 	ret->data=(unsigned char *)Malloc(len+4);
@@ -293,13 +405,12 @@ err:
 	return(NULL);
 	}
 
-BIGNUM *ASN1_INTEGER_to_BN(ai,bn)
-ASN1_INTEGER *ai;
-BIGNUM *bn;
+BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn)
 	{
 	BIGNUM *ret;
 
 	if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
 		ASN1err(ASN1_F_ASN1_INTEGER_TO_BN,ASN1_R_BN_LIB);
+	if(ai->type == V_ASN1_NEG_INTEGER) bn->neg = 1;
 	return(ret);
 	}
diff --git a/lib/libssl/src/crypto/asn1/a_meth.c b/lib/libssl/src/crypto/asn1/a_meth.c
index 513625c3054..63158e9cab2 100644
--- a/lib/libssl/src/crypto/asn1/a_meth.c
+++ b/lib/libssl/src/crypto/asn1/a_meth.c
@@ -58,8 +58,8 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "x509.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
 
 static  ASN1_METHOD ia5string_meth={
 	(int (*)())	i2d_ASN1_IA5STRING,
@@ -73,12 +73,12 @@ static  ASN1_METHOD bit_string_meth={
 	(char *(*)())	ASN1_STRING_new,
 	(void (*)())	ASN1_STRING_free};
 
-ASN1_METHOD *ASN1_IA5STRING_asn1_meth()
+ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void)
 	{
 	return(&ia5string_meth);
 	}
 
-ASN1_METHOD *ASN1_BIT_STRING_asn1_meth()
+ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void)
 	{
 	return(&bit_string_meth);
 	}
diff --git a/lib/libssl/src/crypto/asn1/a_object.c b/lib/libssl/src/crypto/asn1/a_object.c
index 5a7eeef8d8b..b94b418ee89 100644
--- a/lib/libssl/src/crypto/asn1/a_object.c
+++ b/lib/libssl/src/crypto/asn1/a_object.c
@@ -58,18 +58,11 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "asn1.h"
-#include "objects.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
 
-/* ASN1err(ASN1_F_ASN1_OBJECT_NEW,ASN1_R_EXPECTING_AN_OBJECT); 
- * ASN1err(ASN1_F_D2I_ASN1_OBJECT,ASN1_R_BAD_OBJECT_HEADER); 
- * ASN1err(ASN1_F_I2T_ASN1_OBJECT,ASN1_R_BAD_OBJECT_HEADER);
- */
-
-int i2d_ASN1_OBJECT(a, pp)
-ASN1_OBJECT *a;
-unsigned char **pp;
+int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
 	{
 	unsigned char *p;
 
@@ -87,14 +80,11 @@ unsigned char **pp;
 	return(a->length);
 	}
 
-int a2d_ASN1_OBJECT(out,olen,buf,num)
-unsigned char *out;
-int olen;
-char *buf;
-int num;
+int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
 	{
 	int i,first,len=0,c;
-	char tmp[24],*p;
+	char tmp[24];
+	const char *p;
 	unsigned long l;
 
 	if (num == 0)
@@ -180,85 +170,12 @@ err:
 	return(0);
 	}
 
-int i2t_ASN1_OBJECT(buf,buf_len,a)
-char *buf;
-int buf_len;
-ASN1_OBJECT *a;
-	{
-	int i,idx=0,n=0,len,nid;
-	unsigned long l;
-	unsigned char *p;
-	char *s;
-	char tbuf[32];
-
-	if (buf_len <= 0) return(0);
-
-	if ((a == NULL) || (a->data == NULL))
-		{
-		buf[0]='\0';
-		return(0);
-		}
-
-	nid=OBJ_obj2nid(a);
-	if (nid == NID_undef)
-		{
-		len=a->length;
-		p=a->data;
-
-		idx=0;
-		l=0;
-		while (idx < a->length)
-			{
-			l|=(p[idx]&0x7f);
-			if (!(p[idx] & 0x80)) break;
-			l<<=7L;
-			idx++;
-			}
-		idx++;
-		i=(int)(l/40);
-		if (i > 2) i=2;
-		l-=(long)(i*40);
-
-		sprintf(tbuf,"%d.%ld",i,l);
-		i=strlen(tbuf);
-		strncpy(buf,tbuf,buf_len);
-		buf_len-=i;
-		buf+=i;
-		n+=i;
-
-		l=0;
-		for (; idx<len; idx++)
-			{
-			l|=p[idx]&0x7f;
-			if (!(p[idx] & 0x80))
-				{
-				sprintf(tbuf,".%ld",l);
-				i=strlen(tbuf);
-				if (buf_len > 0)
-					strncpy(buf,tbuf,buf_len);
-				buf_len-=i;
-				buf+=i;
-				n+=i;
-				l=0;
-				}
-			l<<=7L;
-			}
-		}
-	else
-		{
-		s=(char *)OBJ_nid2ln(nid);
-		if (s == NULL)
-			s=(char *)OBJ_nid2sn(nid);
-		strncpy(buf,s,buf_len);
-		n=strlen(s);
-		}
-	buf[buf_len-1]='\0';
-	return(n);
-	}
+int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a)
+{
+	return OBJ_obj2txt(buf, buf_len, a, 0);
+}
 
-int i2a_ASN1_OBJECT(bp,a)
-BIO *bp;
-ASN1_OBJECT *a;
+int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
 	{
 	char buf[80];
 	int i;
@@ -271,10 +188,8 @@ ASN1_OBJECT *a;
 	return(i);
 	}
 
-ASN1_OBJECT *d2i_ASN1_OBJECT(a, pp, length)
-ASN1_OBJECT **a;
-unsigned char **pp;
-long length; 
+ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
+	     long length)
 	{
 	ASN1_OBJECT *ret=NULL;
 	unsigned char *p;
@@ -330,7 +245,7 @@ err:
 	return(NULL);
 	}
 
-ASN1_OBJECT *ASN1_OBJECT_new()
+ASN1_OBJECT *ASN1_OBJECT_new(void)
 	{
 	ASN1_OBJECT *ret;
 
@@ -349,14 +264,15 @@ ASN1_OBJECT *ASN1_OBJECT_new()
 	return(ret);
 	}
 
-void ASN1_OBJECT_free(a)
-ASN1_OBJECT *a;
+void ASN1_OBJECT_free(ASN1_OBJECT *a)
 	{
 	if (a == NULL) return;
 	if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS)
 		{
-		if (a->sn != NULL) Free(a->sn);
-		if (a->ln != NULL) Free(a->ln);
+#ifndef CONST_STRICT /* disable purely for compile-time strict const checking. Doing this on a "real" compile will cause mempory leaks */
+		if (a->sn != NULL) Free((void *)a->sn);
+		if (a->ln != NULL) Free((void *)a->ln);
+#endif
 		a->sn=a->ln=NULL;
 		}
 	if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA)
@@ -366,14 +282,11 @@ ASN1_OBJECT *a;
 		a->length=0;
 		}
 	if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC)
-		Free((char *)a);
+		Free(a);
 	}
 
-ASN1_OBJECT *ASN1_OBJECT_create(nid,data,len,sn,ln)
-int nid;
-unsigned char *data;
-int len;
-char *sn,*ln;
+ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
+	     char *sn, char *ln)
 	{
 	ASN1_OBJECT o;
 
@@ -382,8 +295,10 @@ char *sn,*ln;
 	o.data=data;
 	o.nid=nid;
 	o.length=len;
-	o.flags=ASN1_OBJECT_FLAG_DYNAMIC|
-		ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|ASN1_OBJECT_FLAG_DYNAMIC_DATA;
+	o.flags=ASN1_OBJECT_FLAG_DYNAMIC|ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|
+		ASN1_OBJECT_FLAG_DYNAMIC_DATA;
 	return(OBJ_dup(&o));
 	}
 
+IMPLEMENT_STACK_OF(ASN1_OBJECT)
+IMPLEMENT_ASN1_SET_OF(ASN1_OBJECT)
diff --git a/lib/libssl/src/crypto/asn1/a_octet.c b/lib/libssl/src/crypto/asn1/a_octet.c
index be3f172a8c4..7659a13bd38 100644
--- a/lib/libssl/src/crypto/asn1/a_octet.c
+++ b/lib/libssl/src/crypto/asn1/a_octet.c
@@ -58,23 +58,16 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1.h"
+#include <openssl/asn1.h>
 
-/* ASN1err(ASN1_F_D2I_ASN1_OCTET_STRING,ASN1_R_EXPECTING_AN_OCTET_STRING);
- */
-
-int i2d_ASN1_OCTET_STRING(a, pp)
-ASN1_OCTET_STRING *a;
-unsigned char **pp;
+int i2d_ASN1_OCTET_STRING(ASN1_OCTET_STRING *a, unsigned char **pp)
 	{
 	return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
 		V_ASN1_OCTET_STRING,V_ASN1_UNIVERSAL));
 	}
 
-ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING(a, pp, length)
-ASN1_OCTET_STRING **a;
-unsigned char **pp;
-long length;
+ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING(ASN1_OCTET_STRING **a,
+	     unsigned char **pp, long length)
 	{
 	ASN1_OCTET_STRING *ret=NULL;
 
@@ -82,7 +75,7 @@ long length;
 		pp,length,V_ASN1_OCTET_STRING,V_ASN1_UNIVERSAL);
 	if (ret == NULL)
 		{
-		ASN1err(ASN1_F_D2I_ASN1_OCTET_STRING,ASN1_R_ERROR_STACK);
+		ASN1err(ASN1_F_D2I_ASN1_OCTET_STRING,ERR_R_NESTED_ASN1_ERROR);
 		return(NULL);
 		}
 	return(ret);
diff --git a/lib/libssl/src/crypto/asn1/a_print.c b/lib/libssl/src/crypto/asn1/a_print.c
index 3023361deef..cdec7a1561d 100644
--- a/lib/libssl/src/crypto/asn1/a_print.c
+++ b/lib/libssl/src/crypto/asn1/a_print.c
@@ -58,49 +58,32 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1.h"
+#include <openssl/asn1.h>
 
-/* ASN1err(ASN1_F_D2I_ASN1_PRINT_TYPE,ASN1_R_WRONG_PRINTABLE_TYPE);
- * ASN1err(ASN1_F_D2I_ASN1_PRINT_TYPE,ASN1_R_TAG_VALUE_TOO_HIGH);
- */
-
-int i2d_ASN1_IA5STRING(a,pp)
-ASN1_IA5STRING *a;
-unsigned char **pp;
+int i2d_ASN1_IA5STRING(ASN1_IA5STRING *a, unsigned char **pp)
 	{ return(M_i2d_ASN1_IA5STRING(a,pp)); }
 
-ASN1_IA5STRING *d2i_ASN1_IA5STRING(a,pp,l)
-ASN1_IA5STRING **a;
-unsigned char **pp;
-long l;
+ASN1_IA5STRING *d2i_ASN1_IA5STRING(ASN1_IA5STRING **a, unsigned char **pp,
+	     long l)
 	{ return(M_d2i_ASN1_IA5STRING(a,pp,l)); }
 
-ASN1_T61STRING *d2i_ASN1_T61STRING(a,pp,l)
-ASN1_T61STRING **a;
-unsigned char **pp;
-long l;
+ASN1_T61STRING *d2i_ASN1_T61STRING(ASN1_T61STRING **a, unsigned char **pp,
+	     long l)
 	{ return(M_d2i_ASN1_T61STRING(a,pp,l)); }
 
-ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING(a,pp,l)
-ASN1_PRINTABLESTRING **a;
-unsigned char **pp;
-long l;
-	{ return(M_d2i_ASN1_PRINTABLESTRING(a,pp,l)); }
+ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING **a,
+	     unsigned char **pp, long l)
+	{ return(M_d2i_ASN1_PRINTABLESTRING(a,pp,
+	     l)); }
 
-int i2d_ASN1_PRINTABLE(a,pp)
-ASN1_STRING *a;
-unsigned char **pp;
+int i2d_ASN1_PRINTABLE(ASN1_STRING *a, unsigned char **pp)
 	{ return(M_i2d_ASN1_PRINTABLE(a,pp)); }
 
-ASN1_STRING *d2i_ASN1_PRINTABLE(a,pp,l)
-ASN1_STRING **a;
-unsigned char **pp;
-long l;
+ASN1_STRING *d2i_ASN1_PRINTABLE(ASN1_STRING **a, unsigned char **pp,
+	     long l)
 	{ return(M_d2i_ASN1_PRINTABLE(a,pp,l)); }
 
-int ASN1_PRINTABLE_type(s,len)
-unsigned char *s;
-int len;
+int ASN1_PRINTABLE_type(unsigned char *s, int len)
 	{
 	int c;
 	int ia5=0;
@@ -112,6 +95,7 @@ int len;
 	while ((*s) && (len-- != 0))
 		{
 		c= *(s++);
+#ifndef CHARSET_EBCDIC
 		if (!(	((c >= 'a') && (c <= 'z')) ||
 			((c >= 'A') && (c <= 'Z')) ||
 			(c == ' ') ||
@@ -125,14 +109,20 @@ int len;
 			ia5=1;
 		if (c&0x80)
 			t61=1;
+#else
+		if (!isalnum(c) && (c != ' ') &&
+		    strchr("'()+,-./:=?", c) == NULL)
+			ia5=1;
+		if (os_toascii[c] & 0x80)
+			t61=1;
+#endif
 		}
 	if (t61) return(V_ASN1_T61STRING);
 	if (ia5) return(V_ASN1_IA5STRING);
 	return(V_ASN1_PRINTABLESTRING);
 	}
 
-int ASN1_UNIVERSALSTRING_to_string(s)
-ASN1_UNIVERSALSTRING *s;
+int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s)
 	{
 	int i;
 	unsigned char *p;
@@ -159,3 +149,17 @@ ASN1_UNIVERSALSTRING *s;
 	return(1);
 	}
 
+
+int i2d_DIRECTORYSTRING(ASN1_STRING *a, unsigned char **pp)
+	{ return(M_i2d_DIRECTORYSTRING(a,pp)); }
+
+ASN1_STRING *d2i_DIRECTORYSTRING(ASN1_STRING **a, unsigned char **pp,
+	     long l)
+	{ return(M_d2i_DIRECTORYSTRING(a,pp,l)); }
+
+int i2d_DISPLAYTEXT(ASN1_STRING *a, unsigned char **pp)
+	{ return(M_i2d_DISPLAYTEXT(a,pp)); }
+
+ASN1_STRING *d2i_DISPLAYTEXT(ASN1_STRING **a, unsigned char **pp,
+	     long l)
+	{ return(M_d2i_DISPLAYTEXT(a,pp,l)); }
diff --git a/lib/libssl/src/crypto/asn1/a_set.c b/lib/libssl/src/crypto/asn1/a_set.c
index 17c49946cf4..c2481e75974 100644
--- a/lib/libssl/src/crypto/asn1/a_set.c
+++ b/lib/libssl/src/crypto/asn1/a_set.c
@@ -58,21 +58,40 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
+#include <openssl/asn1_mac.h>
 
-/* ASN1err(ASN1_F_ASN1_TYPE_NEW,ERR_R_MALLOC_FAILURE);
+typedef struct
+    {
+    unsigned char *pbData;
+    int cbData;
+    } MYBLOB;
+
+/* SetBlobCmp
+ * This function compares two elements of SET_OF block
  */
+static int SetBlobCmp(const void *elem1, const void *elem2 )
+    {
+    const MYBLOB *b1 = (const MYBLOB *)elem1;
+    const MYBLOB *b2 = (const MYBLOB *)elem2;
+    int r;
+
+    r = memcmp(b1->pbData, b2->pbData,
+	       b1->cbData < b2->cbData ? b1->cbData : b2->cbData);
+    if(r != 0)
+	return r;
+    return b1->cbData-b2->cbData;
+    }
 
-int i2d_ASN1_SET(a,pp,func,ex_tag,ex_class)
-STACK *a;
-unsigned char **pp;
-int (*func)();
-int ex_tag;
-int ex_class;
+/* int is_set:  if TRUE, then sort the contents (i.e. it isn't a SEQUENCE)    */
+int i2d_ASN1_SET(STACK *a, unsigned char **pp, int (*func)(), int ex_tag,
+	     int ex_class, int is_set)
 	{
 	int ret=0,r;
 	int i;
 	unsigned char *p;
+        unsigned char *pStart, *pTempMem;
+        MYBLOB *rgSetBlob;
+        int totSize;
 
 	if (a == NULL) return(0);
 	for (i=sk_num(a)-1; i>=0; i--)
@@ -82,20 +101,58 @@ int ex_class;
 
 	p= *pp;
 	ASN1_put_object(&p,1,ret,ex_tag,ex_class);
-	for (i=0; i<sk_num(a); i++)
-		func(sk_value(a,i),&p);
 
-	*pp=p;
-	return(r);
-	}
+/* Modified by gp@nsj.co.jp */
+	/* And then again by Ben */
+	/* And again by Steve */
+
+	if(!is_set || (sk_num(a) < 2))
+		{
+		for (i=0; i<sk_num(a); i++)
+                	func(sk_value(a,i),&p);
+
+		*pp=p;
+		return(r);
+		}
+
+        pStart  = p; /* Catch the beg of Setblobs*/
+        rgSetBlob = (MYBLOB *)Malloc( sk_num(a) * sizeof(MYBLOB)); /* In this array
+we will store the SET blobs */
+
+        for (i=0; i<sk_num(a); i++)
+	        {
+                rgSetBlob[i].pbData = p;  /* catch each set encode blob */
+                func(sk_value(a,i),&p);
+                rgSetBlob[i].cbData = p - rgSetBlob[i].pbData; /* Length of this
+SetBlob
+*/
+		}
+        *pp=p;
+        totSize = p - pStart; /* This is the total size of all set blobs */
+
+ /* Now we have to sort the blobs. I am using a simple algo.
+    *Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
+        qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);
+        pTempMem = Malloc(totSize);
+
+/* Copy to temp mem */
+        p = pTempMem;
+        for(i=0; i<sk_num(a); ++i)
+		{
+                memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData);
+                p += rgSetBlob[i].cbData;
+		}
 
-STACK *d2i_ASN1_SET(a,pp,length,func,ex_tag,ex_class)
-STACK **a;
-unsigned char **pp;
-long length;
-char *(*func)();
-int ex_tag;
-int ex_class;
+/* Copy back to user mem*/
+        memcpy(pStart, pTempMem, totSize);
+        Free(pTempMem);
+        Free(rgSetBlob);
+
+        return(r);
+        }
+
+STACK *d2i_ASN1_SET(STACK **a, unsigned char **pp, long length,
+	     char *(*func)(), void (*free_func)(), int ex_tag, int ex_class)
 	{
 	ASN1_CTX c;
 	STACK *ret=NULL;
@@ -136,14 +193,25 @@ int ex_class;
 		char *s;
 
 		if (M_ASN1_D2I_end_sequence()) break;
-		if ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL) goto err;
+		if ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL)
+			{
+			ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_ERROR_PARSING_SET_ELEMENT);
+			asn1_add_error(*pp,(int)(c.q- *pp));
+			goto err;
+			}
 		if (!sk_push(ret,s)) goto err;
 		}
 	if (a != NULL) (*a)=ret;
 	*pp=c.p;
 	return(ret);
 err:
-	if ((ret != NULL) && ((a == NULL) || (*a != ret))) sk_free(ret);
+	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+		{
+		if (free_func != NULL)
+			sk_pop_free(ret,free_func);
+		else
+			sk_free(ret);
+		}
 	return(NULL);
 	}
 
diff --git a/lib/libssl/src/crypto/asn1/a_sign.c b/lib/libssl/src/crypto/asn1/a_sign.c
index 02188e68c48..57595692e5b 100644
--- a/lib/libssl/src/crypto/asn1/a_sign.c
+++ b/lib/libssl/src/crypto/asn1/a_sign.c
@@ -62,21 +62,15 @@
 #include <sys/stat.h>
 
 #include "cryptlib.h"
-#include "bn.h"
-#include "evp.h"
-#include "x509.h"
-#include "objects.h"
-#include "buffer.h"
-#include "pem.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
 
-int ASN1_sign(i2d,algor1,algor2,signature,data,pkey,type)
-int (*i2d)();
-X509_ALGOR *algor1;
-X509_ALGOR *algor2;
-ASN1_BIT_STRING *signature;
-char *data;
-EVP_PKEY *pkey;
-EVP_MD *type;
+int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
+	     ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey,
+	     const EVP_MD *type)
 	{
 	EVP_MD_CTX ctx;
 	unsigned char *p,*buf_in=NULL,*buf_out=NULL;
@@ -136,7 +130,11 @@ EVP_MD *type;
 	signature->data=buf_out;
 	buf_out=NULL;
 	signature->length=outl;
-
+	/* In the interests of compatability, I'll make sure that
+	 * the bit string has a 'not-used bits' value of 0
+	 */
+	signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+	signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
 err:
 	memset(&ctx,0,sizeof(ctx));
 	if (buf_in != NULL)
diff --git a/lib/libssl/src/crypto/asn1/a_time.c b/lib/libssl/src/crypto/asn1/a_time.c
new file mode 100644
index 00000000000..c1690a56949
--- /dev/null
+++ b/lib/libssl/src/crypto/asn1/a_time.c
@@ -0,0 +1,123 @@
+/* crypto/asn1/a_time.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+/* This is an implementation of the ASN1 Time structure which is:
+ *    Time ::= CHOICE {
+ *      utcTime        UTCTime,
+ *      generalTime    GeneralizedTime }
+ * written by Steve Henson.
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp)
+	{
+#ifdef CHARSET_EBCDIC
+	/* KLUDGE! We convert to ascii before writing DER */
+	char tmp[24];
+	ASN1_STRING tmpstr;
+
+	if(a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) {
+	    int len;
+
+	    tmpstr = *(ASN1_STRING *)a;
+	    len = tmpstr.length;
+	    ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len);
+	    tmpstr.data = tmp;
+	    a = (ASN1_GENERALIZEDTIME *) &tmpstr;
+	}
+#endif
+	if(a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME)
+				return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
+				     a->type ,V_ASN1_UNIVERSAL));
+	ASN1err(ASN1_F_I2D_ASN1_TIME,ASN1_R_EXPECTING_A_TIME);
+	return -1;
+	}
+
+
+ASN1_TIME *d2i_ASN1_TIME(ASN1_TIME **a, unsigned char **pp, long length)
+	{
+	unsigned char tag;
+	tag = **pp & ~V_ASN1_CONSTRUCTED;
+	if(tag == (V_ASN1_UTCTIME|V_ASN1_UNIVERSAL))
+					 return d2i_ASN1_UTCTIME(a, pp, length);
+	if(tag == (V_ASN1_GENERALIZEDTIME|V_ASN1_UNIVERSAL))
+				return d2i_ASN1_GENERALIZEDTIME(a, pp, length);
+	ASN1err(ASN1_F_D2I_ASN1_TIME,ASN1_R_EXPECTING_A_TIME);
+	return(NULL);
+	}
+
+
+ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
+	{
+	struct tm *ts;
+#if defined(THREADS) && !defined(WIN32)
+	struct tm data;
+#endif
+
+#if defined(THREADS) && !defined(WIN32)
+	gmtime_r(&t,&data);
+	ts=&data; /* should return &data, but doesn't on some systems, so we don't even look at the return value */
+#else
+	ts=gmtime(&t);
+#endif
+	if((ts->tm_year >= 50) && (ts->tm_year < 150))
+					return ASN1_UTCTIME_set(s, t);
+	return ASN1_GENERALIZEDTIME_set(s,t);
+	}
diff --git a/lib/libssl/src/crypto/asn1/a_type.c b/lib/libssl/src/crypto/asn1/a_type.c
index 7c0004084c2..3f2ecee5c2f 100644
--- a/lib/libssl/src/crypto/asn1/a_type.c
+++ b/lib/libssl/src/crypto/asn1/a_type.c
@@ -58,23 +58,10 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
+#include <openssl/asn1_mac.h>
 
-/* ASN1err(ASN1_F_ASN1_TYPE_NEW,ASN1_R_ERROR_STACK);
- * ASN1err(ASN1_F_D2I_ASN1_BYTES,ASN1_R_ERROR_STACK);
- * ASN1err(ASN1_F_D2I_ASN1_BYTES,ASN1_R_WRONG_TAG);
- * ASN1err(ASN1_F_ASN1_COLLATE_PRIMATIVE,ASN1_R_WRONG_TAG);
- */
-
-#ifndef NOPROTO
 static void ASN1_TYPE_component_free(ASN1_TYPE *a);
-#else
-static void ASN1_TYPE_component_free();
-#endif
-
-int i2d_ASN1_TYPE(a,pp)
-ASN1_TYPE *a;
-unsigned char **pp;
+int i2d_ASN1_TYPE(ASN1_TYPE *a, unsigned char **pp)
 	{
 	int r=0;
 
@@ -91,6 +78,10 @@ unsigned char **pp;
 	case V_ASN1_NEG_INTEGER:
 		r=i2d_ASN1_INTEGER(a->value.integer,pp);
 		break;
+	case V_ASN1_ENUMERATED:
+	case V_ASN1_NEG_ENUMERATED:
+		r=i2d_ASN1_ENUMERATED(a->value.enumerated,pp);
+		break;
 	case V_ASN1_BIT_STRING:
 		r=i2d_ASN1_BIT_STRING(a->value.bit_string,pp);
 		break;
@@ -115,12 +106,21 @@ unsigned char **pp;
 	case V_ASN1_UNIVERSALSTRING:
 		r=M_i2d_ASN1_UNIVERSALSTRING(a->value.universalstring,pp);
 		break;
+	case V_ASN1_UTF8STRING:
+		r=M_i2d_ASN1_UTF8STRING(a->value.utf8string,pp);
+		break;
+	case V_ASN1_VISIBLESTRING:
+		r=M_i2d_ASN1_VISIBLESTRING(a->value.visiblestring,pp);
+		break;
 	case V_ASN1_BMPSTRING:
 		r=M_i2d_ASN1_BMPSTRING(a->value.bmpstring,pp);
 		break;
 	case V_ASN1_UTCTIME:
 		r=i2d_ASN1_UTCTIME(a->value.utctime,pp);
 		break;
+	case V_ASN1_GENERALIZEDTIME:
+		r=i2d_ASN1_GENERALIZEDTIME(a->value.generalizedtime,pp);
+		break;
 	case V_ASN1_SET:
 	case V_ASN1_SEQUENCE:
 		if (a->value.set == NULL)
@@ -139,10 +139,7 @@ unsigned char **pp;
 	return(r);
 	}
 
-ASN1_TYPE *d2i_ASN1_TYPE(a,pp,length)
-ASN1_TYPE **a;
-unsigned char **pp;
-long length;
+ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **a, unsigned char **pp, long length)
 	{
 	ASN1_TYPE *ret=NULL;
 	unsigned char *q,*p,*max;
@@ -176,6 +173,11 @@ long length;
 			d2i_ASN1_INTEGER(NULL,&p,max-p)) == NULL)
 			goto err;
 		break;
+	case V_ASN1_ENUMERATED:
+		if ((ret->value.enumerated=
+			d2i_ASN1_ENUMERATED(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
 	case V_ASN1_BIT_STRING:
 		if ((ret->value.bit_string=
 			d2i_ASN1_BIT_STRING(NULL,&p,max-p)) == NULL)
@@ -186,6 +188,16 @@ long length;
 			d2i_ASN1_OCTET_STRING(NULL,&p,max-p)) == NULL)
 			goto err;
 		break;
+	case V_ASN1_VISIBLESTRING:
+		if ((ret->value.visiblestring=
+			d2i_ASN1_VISIBLESTRING(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
+	case V_ASN1_UTF8STRING:
+		if ((ret->value.utf8string=
+			d2i_ASN1_UTF8STRING(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
 	case V_ASN1_OBJECT:
 		if ((ret->value.object=
 			d2i_ASN1_OBJECT(NULL,&p,max-p)) == NULL)
@@ -226,6 +238,11 @@ long length;
 			d2i_ASN1_UTCTIME(NULL,&p,max-p)) == NULL)
 			goto err;
 		break;
+	case V_ASN1_GENERALIZEDTIME:
+		if ((ret->value.generalizedtime=
+			d2i_ASN1_GENERALIZEDTIME(NULL,&p,max-p)) == NULL)
+			goto err;
+		break;
 	case V_ASN1_SET:
 	case V_ASN1_SEQUENCE:
 		/* Sets and sequences are left complete */
@@ -249,9 +266,10 @@ err:
 	return(NULL);
 	}
 
-ASN1_TYPE *ASN1_TYPE_new()
+ASN1_TYPE *ASN1_TYPE_new(void)
 	{
 	ASN1_TYPE *ret=NULL;
+	ASN1_CTX c;
 
 	M_ASN1_New_Malloc(ret,ASN1_TYPE);
 	ret->type= -1;
@@ -260,16 +278,14 @@ ASN1_TYPE *ASN1_TYPE_new()
 	M_ASN1_New_Error(ASN1_F_ASN1_TYPE_NEW);
 	}
 
-void ASN1_TYPE_free(a)
-ASN1_TYPE *a;
+void ASN1_TYPE_free(ASN1_TYPE *a)
 	{
 	if (a == NULL) return;
 	ASN1_TYPE_component_free(a);
 	Free((char *)(char *)a);
 	}
 
-int ASN1_TYPE_get(a)
-ASN1_TYPE *a;
+int ASN1_TYPE_get(ASN1_TYPE *a)
 	{
 	if (a->value.ptr != NULL)
 		return(a->type);
@@ -277,10 +293,7 @@ ASN1_TYPE *a;
 		return(0);
 	}
 
-void ASN1_TYPE_set(a,type,value)
-ASN1_TYPE *a;
-int type;
-char *value;
+void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
 	{
 	if (a->value.ptr != NULL)
 		ASN1_TYPE_component_free(a);
@@ -288,8 +301,7 @@ char *value;
 	a->value.ptr=value;
 	}
 
-static void ASN1_TYPE_component_free(a)
-ASN1_TYPE *a;
+static void ASN1_TYPE_component_free(ASN1_TYPE *a)
 	{
 	if (a == NULL) return;
 
@@ -302,16 +314,25 @@ ASN1_TYPE *a;
 			break;
 		case V_ASN1_INTEGER:
 		case V_ASN1_NEG_INTEGER:
+		case V_ASN1_ENUMERATED:
+		case V_ASN1_NEG_ENUMERATED:
 		case V_ASN1_BIT_STRING:
 		case V_ASN1_OCTET_STRING:
+		case V_ASN1_SEQUENCE:
+		case V_ASN1_SET:
+		case V_ASN1_NUMERICSTRING:
 		case V_ASN1_PRINTABLESTRING:
 		case V_ASN1_T61STRING:
+		case V_ASN1_VIDEOTEXSTRING:
 		case V_ASN1_IA5STRING:
-		case V_ASN1_UNIVERSALSTRING:
-		case V_ASN1_GENERALSTRING:
 		case V_ASN1_UTCTIME:
-		case V_ASN1_SET:
-		case V_ASN1_SEQUENCE:
+		case V_ASN1_GENERALIZEDTIME:
+		case V_ASN1_GRAPHICSTRING:
+		case V_ASN1_VISIBLESTRING:
+		case V_ASN1_GENERALSTRING:
+		case V_ASN1_UNIVERSALSTRING:
+		case V_ASN1_BMPSTRING:
+		case V_ASN1_UTF8STRING:
 			ASN1_STRING_free((ASN1_STRING *)a->value.ptr);
 			break;
 		default:
@@ -323,3 +344,5 @@ ASN1_TYPE *a;
 		}
 	}
 
+IMPLEMENT_STACK_OF(ASN1_TYPE)
+IMPLEMENT_ASN1_SET_OF(ASN1_TYPE)
diff --git a/lib/libssl/src/crypto/asn1/a_utctm.c b/lib/libssl/src/crypto/asn1/a_utctm.c
index 17a7abbb679..688199fdd22 100644
--- a/lib/libssl/src/crypto/asn1/a_utctm.c
+++ b/lib/libssl/src/crypto/asn1/a_utctm.c
@@ -58,26 +58,35 @@
 
 #include <stdio.h>
 #include <time.h>
+#ifdef VMS
+#include <descrip.h>
+#include <lnmdef.h>
+#include <starlet.h>
+#endif
 #include "cryptlib.h"
-#include "asn1.h"
-
-/* ASN1err(ASN1_F_ASN1_UTCTIME_NEW,ASN1_R_UTCTIME_TOO_LONG);
- * ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ASN1_R_EXPECTING_A_UTCTIME);
- */
+#include <openssl/asn1.h>
 
-int i2d_ASN1_UTCTIME(a,pp)
-ASN1_UTCTIME *a;
-unsigned char **pp;
+int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp)
 	{
+#ifndef CHARSET_EBCDIC
 	return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
 		V_ASN1_UTCTIME,V_ASN1_UNIVERSAL));
+#else
+	/* KLUDGE! We convert to ascii before writing DER */
+	int len;
+	char tmp[24];
+	ASN1_STRING x = *(ASN1_STRING *)a;
+
+	len = x.length;
+	ebcdic2ascii(tmp, x.data, (len >= sizeof tmp) ? sizeof tmp : len);
+	x.data = tmp;
+	return i2d_ASN1_bytes(&x, pp, V_ASN1_UTCTIME,V_ASN1_UNIVERSAL);
+#endif
 	}
 
 
-ASN1_UTCTIME *d2i_ASN1_UTCTIME(a, pp, length)
-ASN1_UTCTIME **a;
-unsigned char **pp;
-long length;
+ASN1_UTCTIME *d2i_ASN1_UTCTIME(ASN1_UTCTIME **a, unsigned char **pp,
+	     long length)
 	{
 	ASN1_UTCTIME *ret=NULL;
 
@@ -85,9 +94,12 @@ long length;
 		V_ASN1_UTCTIME,V_ASN1_UNIVERSAL);
 	if (ret == NULL)
 		{
-		ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ASN1_R_ERROR_STACK);
+		ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ERR_R_NESTED_ASN1_ERROR);
 		return(NULL);
 		}
+#ifdef CHARSET_EBCDIC
+	ascii2ebcdic(ret->data, ret->data, ret->length);
+#endif
 	if (!ASN1_UTCTIME_check(ret))
 		{
 		ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ASN1_R_INVALID_TIME_FORMAT);
@@ -101,8 +113,7 @@ err:
 	return(NULL);
 	}
 
-int ASN1_UTCTIME_check(d)
-ASN1_UTCTIME *d;
+int ASN1_UTCTIME_check(ASN1_UTCTIME *d)
 	{
 	static int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0};
 	static int max[8]={99,12,31,23,59,59,12,59};
@@ -152,9 +163,7 @@ err:
 	return(0);
 	}
 
-int ASN1_UTCTIME_set_string(s,str)
-ASN1_UTCTIME *s;
-char *str;
+int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str)
 	{
 	ASN1_UTCTIME t;
 
@@ -174,13 +183,11 @@ char *str;
 		return(0);
 	}
 
-ASN1_UTCTIME *ASN1_UTCTIME_set(s, t)
-ASN1_UTCTIME *s;
-time_t t;
+ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
 	{
 	char *p;
 	struct tm *ts;
-#if defined(THREADS)
+#if defined(THREADS) && !defined(WIN32)
 	struct tm data;
 #endif
 
@@ -189,10 +196,48 @@ time_t t;
 	if (s == NULL)
 		return(NULL);
 
-#if defined(THREADS)
-	ts=(struct tm *)gmtime_r(&t,&data);
+#if defined(THREADS) && !defined(WIN32)
+	gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */
+	ts=&data;
 #else
-	ts=(struct tm *)gmtime(&t);
+	ts=gmtime(&t);
+#endif
+#ifdef VMS
+	if (ts == NULL)
+		{
+		static $DESCRIPTOR(tabnam,"LNM$DCL_LOGICAL");
+		static $DESCRIPTOR(lognam,"SYS$TIMEZONE_DIFFERENTIAL");
+		char result[256];
+		unsigned int reslen = 0;
+		struct {
+			short buflen;
+			short code;
+			void *bufaddr;
+			unsigned int *reslen;
+		} itemlist[] = {
+			{ 0, LNM$_STRING, 0, 0 },
+			{ 0, 0, 0, 0 },
+		};
+		int status;
+
+		/* Get the value for SYS$TIMEZONE_DIFFERENTIAL */
+		itemlist[0].buflen = sizeof(result);
+		itemlist[0].bufaddr = result;
+		itemlist[0].reslen = &reslen;
+		status = sys$trnlnm(0, &tabnam, &lognam, 0, itemlist);
+		if (!(status & 1))
+			return NULL;
+		result[reslen] = '\0';
+
+		/* Get the numerical value of the equivalence string */
+		status = atoi(result);
+
+		/* and use it to move time to GMT */
+		t -= status;
+
+		/* then convert the result to the time structure */
+		ts=(struct tm *)localtime(&t);
+		}
 #endif
 	p=(char *)s->data;
 	if ((p == NULL) || (s->length < 14))
@@ -208,5 +253,8 @@ time_t t;
 		ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
 	s->length=strlen(p);
 	s->type=V_ASN1_UTCTIME;
+#ifdef CHARSET_EBCDIC_not
+	ebcdic2ascii(s->data, s->data, s->length);
+#endif
 	return(s);
 	}
diff --git a/lib/libssl/src/crypto/bn/bn_mod.c b/lib/libssl/src/crypto/asn1/a_utf8.c
index c351aac14f0..4a8a92e9e46 100644
--- a/lib/libssl/src/crypto/bn/bn_mod.c
+++ b/lib/libssl/src/crypto/asn1/a_utf8.c
@@ -1,4 +1,4 @@
-/* crypto/bn/bn_mod.c */
+/* crypto/asn1/a_utf8.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -58,40 +58,26 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn_lcl.h"
+#include <openssl/asn1.h>
 
-/* rem != m */
-int BN_mod(rem, m, d,ctx)
-BIGNUM *rem;
-BIGNUM *m;
-BIGNUM *d;
-BN_CTX *ctx;
+int i2d_ASN1_UTF8STRING(ASN1_UTF8STRING *a, unsigned char **pp)
 	{
-#if 0 /* The old slow way */
-	int i,nm,nd;
-	BIGNUM *dv;
-
-	if (BN_ucmp(m,d) < 0)
-		return((BN_copy(rem,m) == NULL)?0:1);
-
-	dv=ctx->bn[ctx->tos];
+	return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
+		V_ASN1_UTF8STRING,V_ASN1_UNIVERSAL));
+	}
 
-	if (!BN_copy(rem,m)) return(0);
+ASN1_UTF8STRING *d2i_ASN1_UTF8STRING(ASN1_UTF8STRING **a, unsigned char **pp,
+	     long length)
+	{
+	ASN1_UTF8STRING *ret=NULL;
 
-	nm=BN_num_bits(rem);
-	nd=BN_num_bits(d);
-	if (!BN_lshift(dv,d,nm-nd)) return(0);
-	for (i=nm-nd; i>=0; i--)
+	ret=(ASN1_UTF8STRING *)d2i_ASN1_bytes((ASN1_STRING **)a,
+		pp,length,V_ASN1_UTF8STRING,V_ASN1_UNIVERSAL);
+	if (ret == NULL)
 		{
-		if (BN_cmp(rem,dv) >= 0)
-			{
-			if (!BN_sub(rem,rem,dv)) return(0);
-			}
-		if (!BN_rshift1(dv,dv)) return(0);
+		ASN1err(ASN1_F_D2I_ASN1_UTF8STRING,ERR_R_NESTED_ASN1_ERROR);
+		return(NULL);
 		}
-	return(1);
-#else
-	return(BN_div(NULL,rem,m,d,ctx));
-#endif
+	return(ret);
 	}
 
diff --git a/lib/libssl/src/crypto/asn1/a_verify.c b/lib/libssl/src/crypto/asn1/a_verify.c
index 03fc63dbef3..6383d2c698d 100644
--- a/lib/libssl/src/crypto/asn1/a_verify.c
+++ b/lib/libssl/src/crypto/asn1/a_verify.c
@@ -62,22 +62,17 @@
 #include <sys/stat.h>
 
 #include "cryptlib.h"
-#include "bn.h"
-#include "x509.h"
-#include "objects.h"
-#include "buffer.h"
-#include "evp.h"
-#include "pem.h"
+#include <openssl/bn.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
 
-int ASN1_verify(i2d,a,signature,data,pkey)
-int (*i2d)();
-X509_ALGOR *a;
-ASN1_BIT_STRING *signature;
-char *data;
-EVP_PKEY *pkey;
+int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
+	     char *data, EVP_PKEY *pkey)
 	{
 	EVP_MD_CTX ctx;
-	EVP_MD *type;
+	const EVP_MD *type;
 	unsigned char *p,*buf_in=NULL;
 	int ret= -1,i,inl;
 
@@ -90,7 +85,7 @@ EVP_PKEY *pkey;
 		}
 	
 	inl=i2d(data,NULL);
-	buf_in=(unsigned char *)Malloc((unsigned int)inl);
+	buf_in=Malloc((unsigned int)inl);
 	if (buf_in == NULL)
 		{
 		ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);
diff --git a/lib/libssl/src/perl/callback.c b/lib/libssl/src/crypto/asn1/a_vis.c
index 01840abc854..2072be780d4 100644
--- a/lib/libssl/src/perl/callback.c
+++ b/lib/libssl/src/crypto/asn1/a_vis.c
@@ -1,4 +1,4 @@
-/* perl/callback.c */
+/* crypto/asn1/a_vis.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,48 +56,28 @@
  * [including the GNU Public Licence.]
  */
 
-SV *new_ref(type,obj,mort)
-char *type;
-char *obj;
-	{
-	SV *ret;
-
-	if (mort)
-		ret=sv_newmortal();
-	else
-		ret=newSViv(0);
-	sv_setref_pv(ret,type,(void *)obj);
-	return(ret);
-	}
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
 
-int ex_new(obj,data,ad,idx,argl,argp)
-char *obj;
-SV *data;
-CRYPTO_EX_DATA *ad;
-int idx;
-long argl;
-char *argp;
+int i2d_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING *a, unsigned char **pp)
 	{
-	SV *sv;
-
-fprintf(stderr,"ex_new %08X %s\n",obj,argp);
-	sv=sv_newmortal();
-	sv_setref_pv(sv,argp,(void *)obj);
-	CRYPTO_set_ex_data(ad,idx,(char *)sv);
-	return(1);
+	return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
+		V_ASN1_VISIBLESTRING,V_ASN1_UNIVERSAL));
 	}
 
-void ex_cleanup(obj,data,ad,idx,argl,argp)
-char *obj;
-SV *data;
-CRYPTO_EX_DATA *ad;
-int idx;
-long argl;
-char *argp;
+ASN1_VISIBLESTRING *d2i_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING **a,
+	     unsigned char **pp, long length)
 	{
-	pr_name("ex_cleanup");
-fprintf(stderr,"ex_cleanup %08X %s\n",obj,argp);
-	if (data != NULL)
-		SvREFCNT_dec((SV *)data);
+	ASN1_VISIBLESTRING *ret=NULL;
+
+	ret=(ASN1_VISIBLESTRING *)d2i_ASN1_bytes((ASN1_STRING **)a,
+		pp,length,V_ASN1_VISIBLESTRING,V_ASN1_UNIVERSAL);
+	if (ret == NULL)
+		{
+		ASN1err(ASN1_F_D2I_ASN1_VISIBLESTRING,ERR_R_NESTED_ASN1_ERROR);
+		return(NULL);
+		}
+	return(ret);
 	}
 
diff --git a/lib/libssl/src/crypto/asn1/asn1.err b/lib/libssl/src/crypto/asn1/asn1.err
deleted file mode 100644
index c8b70114885..00000000000
--- a/lib/libssl/src/crypto/asn1/asn1.err
+++ /dev/null
@@ -1,182 +0,0 @@
-/* Error codes for the ASN1 functions. */
-
-/* Function codes. */
-#define ASN1_F_A2D_ASN1_OBJECT				 100
-#define ASN1_F_A2I_ASN1_INTEGER				 101
-#define ASN1_F_A2I_ASN1_STRING				 102
-#define ASN1_F_ASN1_COLLATE_PRIMATIVE			 103
-#define ASN1_F_ASN1_D2I_BIO				 104
-#define ASN1_F_ASN1_D2I_FP				 105
-#define ASN1_F_ASN1_DUP					 106
-#define ASN1_F_ASN1_GET_OBJECT				 107
-#define ASN1_F_ASN1_HEADER_NEW				 108
-#define ASN1_F_ASN1_I2D_BIO				 109
-#define ASN1_F_ASN1_I2D_FP				 110
-#define ASN1_F_ASN1_INTEGER_SET				 111
-#define ASN1_F_ASN1_INTEGER_TO_BN			 112
-#define ASN1_F_ASN1_OBJECT_NEW				 113
-#define ASN1_F_ASN1_SIGN				 114
-#define ASN1_F_ASN1_STRING_NEW				 115
-#define ASN1_F_ASN1_STRING_TYPE_NEW			 116
-#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING		 117
-#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING		 118
-#define ASN1_F_ASN1_TYPE_NEW				 119
-#define ASN1_F_ASN1_UTCTIME_NEW				 120
-#define ASN1_F_ASN1_VERIFY				 121
-#define ASN1_F_BN_TO_ASN1_INTEGER			 122
-#define ASN1_F_D2I_ASN1_BIT_STRING			 123
-#define ASN1_F_D2I_ASN1_BMPSTRING			 124
-#define ASN1_F_D2I_ASN1_BOOLEAN				 125
-#define ASN1_F_D2I_ASN1_BYTES				 126
-#define ASN1_F_D2I_ASN1_HEADER				 127
-#define ASN1_F_D2I_ASN1_INTEGER				 128
-#define ASN1_F_D2I_ASN1_OBJECT				 129
-#define ASN1_F_D2I_ASN1_OCTET_STRING			 130
-#define ASN1_F_D2I_ASN1_PRINT_TYPE			 131
-#define ASN1_F_D2I_ASN1_SET				 132
-#define ASN1_F_D2I_ASN1_TYPE				 133
-#define ASN1_F_D2I_ASN1_TYPE_BYTES			 134
-#define ASN1_F_D2I_ASN1_UTCTIME				 135
-#define ASN1_F_D2I_DHPARAMS				 136
-#define ASN1_F_D2I_DSAPARAMS				 137
-#define ASN1_F_D2I_DSAPRIVATEKEY			 138
-#define ASN1_F_D2I_DSAPUBLICKEY				 139
-#define ASN1_F_D2I_NETSCAPE_PKEY			 140
-#define ASN1_F_D2I_NETSCAPE_RSA				 141
-#define ASN1_F_D2I_NETSCAPE_RSA_2			 142
-#define ASN1_F_D2I_NETSCAPE_SPKAC			 143
-#define ASN1_F_D2I_NETSCAPE_SPKI			 144
-#define ASN1_F_D2I_PKCS7				 145
-#define ASN1_F_D2I_PKCS7_DIGEST				 146
-#define ASN1_F_D2I_PKCS7_ENCRYPT			 147
-#define ASN1_F_D2I_PKCS7_ENC_CONTENT			 148
-#define ASN1_F_D2I_PKCS7_ENVELOPE			 149
-#define ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL		 150
-#define ASN1_F_D2I_PKCS7_RECIP_INFO			 151
-#define ASN1_F_D2I_PKCS7_SIGNED				 152
-#define ASN1_F_D2I_PKCS7_SIGNER_INFO			 153
-#define ASN1_F_D2I_PKCS7_SIGN_ENVELOPE			 154
-#define ASN1_F_D2I_PRIVATEKEY				 155
-#define ASN1_F_D2I_PUBLICKEY				 156
-#define ASN1_F_D2I_RSAPRIVATEKEY			 157
-#define ASN1_F_D2I_RSAPUBLICKEY				 158
-#define ASN1_F_D2I_X509					 159
-#define ASN1_F_D2I_X509_ALGOR				 160
-#define ASN1_F_D2I_X509_ATTRIBUTE			 161
-#define ASN1_F_D2I_X509_CINF				 162
-#define ASN1_F_D2I_X509_CRL				 163
-#define ASN1_F_D2I_X509_CRL_INFO			 164
-#define ASN1_F_D2I_X509_EXTENSION			 165
-#define ASN1_F_D2I_X509_KEY				 166
-#define ASN1_F_D2I_X509_NAME				 167
-#define ASN1_F_D2I_X509_NAME_ENTRY			 168
-#define ASN1_F_D2I_X509_PKEY				 169
-#define ASN1_F_D2I_X509_PUBKEY				 170
-#define ASN1_F_D2I_X509_REQ				 171
-#define ASN1_F_D2I_X509_REQ_INFO			 172
-#define ASN1_F_D2I_X509_REVOKED				 173
-#define ASN1_F_D2I_X509_SIG				 174
-#define ASN1_F_D2I_X509_VAL				 175
-#define ASN1_F_I2D_ASN1_HEADER				 176
-#define ASN1_F_I2D_DHPARAMS				 177
-#define ASN1_F_I2D_DSAPARAMS				 178
-#define ASN1_F_I2D_DSAPRIVATEKEY			 179
-#define ASN1_F_I2D_DSAPUBLICKEY				 180
-#define ASN1_F_I2D_NETSCAPE_RSA				 181
-#define ASN1_F_I2D_PKCS7				 182
-#define ASN1_F_I2D_PRIVATEKEY				 183
-#define ASN1_F_I2D_PUBLICKEY				 184
-#define ASN1_F_I2D_RSAPRIVATEKEY			 185
-#define ASN1_F_I2D_RSAPUBLICKEY				 186
-#define ASN1_F_I2D_X509_ATTRIBUTE			 187
-#define ASN1_F_I2T_ASN1_OBJECT				 188
-#define ASN1_F_NETSCAPE_PKEY_NEW			 189
-#define ASN1_F_NETSCAPE_SPKAC_NEW			 190
-#define ASN1_F_NETSCAPE_SPKI_NEW			 191
-#define ASN1_F_PKCS7_DIGEST_NEW				 192
-#define ASN1_F_PKCS7_ENCRYPT_NEW			 193
-#define ASN1_F_PKCS7_ENC_CONTENT_NEW			 194
-#define ASN1_F_PKCS7_ENVELOPE_NEW			 195
-#define ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW		 196
-#define ASN1_F_PKCS7_NEW				 197
-#define ASN1_F_PKCS7_RECIP_INFO_NEW			 198
-#define ASN1_F_PKCS7_SIGNED_NEW				 199
-#define ASN1_F_PKCS7_SIGNER_INFO_NEW			 200
-#define ASN1_F_PKCS7_SIGN_ENVELOPE_NEW			 201
-#define ASN1_F_X509_ALGOR_NEW				 202
-#define ASN1_F_X509_ATTRIBUTE_NEW			 203
-#define ASN1_F_X509_CINF_NEW				 204
-#define ASN1_F_X509_CRL_INFO_NEW			 205
-#define ASN1_F_X509_CRL_NEW				 206
-#define ASN1_F_X509_DHPARAMS_NEW			 207
-#define ASN1_F_X509_EXTENSION_NEW			 208
-#define ASN1_F_X509_INFO_NEW				 209
-#define ASN1_F_X509_KEY_NEW				 210
-#define ASN1_F_X509_NAME_ENTRY_NEW			 211
-#define ASN1_F_X509_NAME_NEW				 212
-#define ASN1_F_X509_NEW					 213
-#define ASN1_F_X509_PKEY_NEW				 214
-#define ASN1_F_X509_PUBKEY_NEW				 215
-#define ASN1_F_X509_REQ_INFO_NEW			 216
-#define ASN1_F_X509_REQ_NEW				 217
-#define ASN1_F_X509_REVOKED_NEW				 218
-#define ASN1_F_X509_SIG_NEW				 219
-#define ASN1_F_X509_VAL_FREE				 220
-#define ASN1_F_X509_VAL_NEW				 221
-
-/* Reason codes. */
-#define ASN1_R_BAD_CLASS				 100
-#define ASN1_R_BAD_GET_OBJECT				 101
-#define ASN1_R_BAD_OBJECT_HEADER			 102
-#define ASN1_R_BAD_PASSWORD_READ			 103
-#define ASN1_R_BAD_PKCS7_CONTENT			 104
-#define ASN1_R_BAD_PKCS7_TYPE				 105
-#define ASN1_R_BAD_TAG					 106
-#define ASN1_R_BAD_TYPE					 107
-#define ASN1_R_BN_LIB					 108
-#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH			 109
-#define ASN1_R_BUFFER_TOO_SMALL				 110
-#define ASN1_R_DATA_IS_WRONG				 111
-#define ASN1_R_DECODING_ERROR				 112
-#define ASN1_R_ERROR_STACK				 113
-#define ASN1_R_EXPECTING_AN_INTEGER			 114
-#define ASN1_R_EXPECTING_AN_OBJECT			 115
-#define ASN1_R_EXPECTING_AN_OCTET_STRING		 116
-#define ASN1_R_EXPECTING_A_BIT_STRING			 117
-#define ASN1_R_EXPECTING_A_BOOLEAN			 118
-#define ASN1_R_EXPECTING_A_SEQUENCE			 119
-#define ASN1_R_EXPECTING_A_UTCTIME			 120
-#define ASN1_R_FIRST_NUM_TOO_LARGE			 121
-#define ASN1_R_HEADER_TOO_LONG				 122
-#define ASN1_R_INVALID_DIGIT				 123
-#define ASN1_R_INVALID_SEPARATOR			 124
-#define ASN1_R_INVALID_TIME_FORMAT			 125
-#define ASN1_R_IV_TOO_LARGE				 126
-#define ASN1_R_LENGTH_ERROR				 127
-#define ASN1_R_LENGTH_MISMATCH				 128
-#define ASN1_R_MISSING_EOS				 129
-#define ASN1_R_MISSING_SECOND_NUMBER			 130
-#define ASN1_R_NON_HEX_CHARACTERS			 131
-#define ASN1_R_NOT_ENOUGH_DATA				 132
-#define ASN1_R_ODD_NUMBER_OF_CHARS			 133
-#define ASN1_R_PARSING					 134
-#define ASN1_R_PRIVATE_KEY_HEADER_MISSING		 135
-#define ASN1_R_SECOND_NUMBER_TOO_LARGE			 136
-#define ASN1_R_SHORT_LINE				 137
-#define ASN1_R_STRING_TOO_SHORT				 138
-#define ASN1_R_TAG_VALUE_TOO_HIGH			 139
-#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 140
-#define ASN1_R_TOO_LONG					 141
-#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY			 142
-#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY		 143
-#define ASN1_R_UNKNOWN_ATTRIBUTE_TYPE			 144
-#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM		 145
-#define ASN1_R_UNKNOWN_OBJECT_TYPE			 146
-#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE			 147
-#define ASN1_R_UNSUPPORTED_CIPHER			 148
-#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM		 149
-#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE		 150
-#define ASN1_R_UTCTIME_TOO_LONG				 151
-#define ASN1_R_WRONG_PRINTABLE_TYPE			 152
-#define ASN1_R_WRONG_TAG				 153
-#define ASN1_R_WRONG_TYPE				 154
diff --git a/lib/libssl/src/crypto/asn1/asn1.h b/lib/libssl/src/crypto/asn1/asn1.h
index 9793db365d3..5c2d8999bc1 100644
--- a/lib/libssl/src/crypto/asn1/asn1.h
+++ b/lib/libssl/src/crypto/asn1/asn1.h
@@ -64,8 +64,9 @@ extern "C" {
 #endif
 
 #include <time.h>
-#include "bn.h"
-#include "stack.h"
+#include <openssl/bn.h>
+#include <openssl/stack.h>
+#include <openssl/safestack.h>
 
 #define V_ASN1_UNIVERSAL		0x00
 #define	V_ASN1_APPLICATION		0x40
@@ -73,6 +74,7 @@ extern "C" {
 #define V_ASN1_PRIVATE			0xc0
 
 #define V_ASN1_CONSTRUCTED		0x20
+#define V_ASN1_PRIMITIVE_TAG		0x1f
 #define V_ASN1_PRIMATIVE_TAG		0x1f
 
 #define V_ASN1_APP_CHOOSE		-2	/* let the recipent choose */
@@ -89,7 +91,9 @@ extern "C" {
 #define V_ASN1_OBJECT_DESCRIPTOR	7
 #define V_ASN1_EXTERNAL			8
 #define V_ASN1_REAL			9
-#define V_ASN1_ENUMERATED		10	/* microsoft weirdness */
+#define V_ASN1_ENUMERATED		10
+#define V_ASN1_NEG_ENUMERATED		(10+0x100)
+#define V_ASN1_UTF8STRING		12
 #define V_ASN1_SEQUENCE			16
 #define V_ASN1_SET			17
 #define V_ASN1_NUMERICSTRING		18	/**/
@@ -111,111 +115,46 @@ extern "C" {
 #define B_ASN1_NUMERICSTRING	0x0001
 #define B_ASN1_PRINTABLESTRING	0x0002
 #define B_ASN1_T61STRING	0x0004
+#define B_ASN1_TELETEXSTRING	0x0008
 #define B_ASN1_VIDEOTEXSTRING	0x0008
 #define B_ASN1_IA5STRING	0x0010
 #define B_ASN1_GRAPHICSTRING	0x0020
 #define B_ASN1_ISO64STRING	0x0040
+#define B_ASN1_VISIBLESTRING	0x0040
 #define B_ASN1_GENERALSTRING	0x0080
 #define B_ASN1_UNIVERSALSTRING	0x0100
 #define B_ASN1_OCTET_STRING	0x0200
 #define B_ASN1_BIT_STRING	0x0400
 #define B_ASN1_BMPSTRING	0x0800
 #define B_ASN1_UNKNOWN		0x1000
-
-#ifndef DEBUG
-
-#define ASN1_INTEGER		ASN1_STRING
-#define ASN1_BIT_STRING		ASN1_STRING
-#define ASN1_OCTET_STRING	ASN1_STRING
-#define ASN1_PRINTABLESTRING	ASN1_STRING
-#define ASN1_T61STRING		ASN1_STRING
-#define ASN1_IA5STRING		ASN1_STRING
-#define ASN1_UTCTIME		ASN1_STRING
-#define ASN1_GENERALIZEDTIME	ASN1_STRING
-#define ASN1_GENERALSTRING	ASN1_STRING
-#define ASN1_UNIVERSALSTRING	ASN1_STRING
-#define ASN1_BMPSTRING		ASN1_STRING
-
-#else
-
-typedef struct asn1_integer_st
-	{
-	int length;
-	int type;
-	unsigned char *data;
-	} ASN1_INTEGER;
-
-typedef struct asn1_bit_string_st
-	{
-	int length;
-	int type;
-	unsigned char *data;
-	} ASN1_BIT_STRING;
-
-typedef struct asn1_octet_string_st
-	{
-	int length;
-	int type;
-	unsigned char *data;
-	} ASN1_OCTET_STRING;
-
-typedef struct asn1_printablestring_st
-	{
-	int length;
-	int type;
-	unsigned char *data;
-	} ASN1_PRINTABLESTRING;
-
-typedef struct asn1_t61string_st
-	{
-	int length;
-	int type;
-	unsigned char *data;
-	} ASN1_T61STRING;
-
-typedef struct asn1_ia5string_st
-	{
-	int length;
-	int type;
-	unsigned char *data;
-	} ASN1_IA5STRING;
-
-typedef struct asn1_generalstring_st
-	{
-	int length;
-	int type;
-	unsigned char *data;
-	} ASN1_GENERALSTRING;
-
-typedef struct asn1_universalstring_st
-	{
-	int length;
-	int type;
-	unsigned char *data;
-	} ASN1_UNIVERSALSTRING;
-
-typedef struct asn1_bmpstring_st
-	{
-	int length;
-	int type;
-	unsigned char *data;
-	} ASN1_BMPSTRING;
-
-typedef struct asn1_utctime_st
-	{
-	int length;
-	int type;
-	unsigned char *data;
-	} ASN1_UTCTIME;
-
-typedef struct asn1_generalizedtime_st
-	{
-	int length;
-	int type;
-	unsigned char *data;
-	} ASN1_GENERALIZEDTIME;
-
-#endif
+#define B_ASN1_UTF8STRING	0x2000
+
+#define DECLARE_ASN1_SET_OF(type) \
+int i2d_ASN1_SET_OF_##type(STACK_OF(type) *a,unsigned char **pp, \
+			   int (*func)(type *,unsigned char **), int ex_tag, \
+			   int ex_class, int is_set); \
+STACK_OF(type) *d2i_ASN1_SET_OF_##type(STACK_OF(type) **a,unsigned char **pp, \
+				       long length, \
+				       type *(*func)(type **, \
+						     unsigned char **,long), \
+				       void (*free_func)(type *), \
+				       int ex_tag,int ex_class);
+
+#define IMPLEMENT_ASN1_SET_OF(type) \
+int i2d_ASN1_SET_OF_##type(STACK_OF(type) *a,unsigned char **pp, \
+			   int (*func)(type *,unsigned char **), int ex_tag, \
+			   int ex_class, int is_set) \
+    { return i2d_ASN1_SET((STACK *)a,pp,func,ex_tag,ex_class,is_set); } \
+STACK_OF(type) *d2i_ASN1_SET_OF_##type(STACK_OF(type) **a,unsigned char **pp, \
+				       long length, \
+				       type *(*func)(type **, \
+						     unsigned char **,long), \
+				       void (*free_func)(type *), \
+				       int ex_tag,int ex_class) \
+    { return (STACK_OF(type) *)d2i_ASN1_SET((STACK **)a,pp,length, \
+					    (char *(*)())func, \
+					    (void (*)())free_func, \
+					    ex_tag,ex_class); }
 
 typedef struct asn1_ctx_st
 	{
@@ -229,6 +168,7 @@ typedef struct asn1_ctx_st
 	unsigned char *max; /* largest value of p alowed */
 	unsigned char *q;/* temporary variable */
 	unsigned char **pp;/* variable */
+	int line;	/* used in error processing */
 	} ASN1_CTX;
 
 /* These are used internally in the ASN1_OBJECT to keep track of
@@ -239,21 +179,61 @@ typedef struct asn1_ctx_st
 #define ASN1_OBJECT_FLAG_DYNAMIC_DATA 	 0x08	/* internal use */
 typedef struct asn1_object_st
 	{
-	char *sn,*ln;
+	const char *sn,*ln;
 	int nid;
 	int length;
 	unsigned char *data;
 	int flags;	/* Should we free this one */
 	} ASN1_OBJECT;
 
+#define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
 /* This is the base type that holds just about everything :-) */
 typedef struct asn1_string_st
 	{
 	int length;
 	int type;
 	unsigned char *data;
+	/* The value of the following field depends on the type being
+	 * held.  It is mostly being used for BIT_STRING so if the
+	 * input data has a non-zero 'unused bits' value, it will be
+	 * handled correctly */
+	long flags;
 	} ASN1_STRING;
 
+#ifndef DEBUG
+#define ASN1_INTEGER		ASN1_STRING
+#define ASN1_ENUMERATED		ASN1_STRING
+#define ASN1_BIT_STRING		ASN1_STRING
+#define ASN1_OCTET_STRING	ASN1_STRING
+#define ASN1_PRINTABLESTRING	ASN1_STRING
+#define ASN1_T61STRING		ASN1_STRING
+#define ASN1_IA5STRING		ASN1_STRING
+#define ASN1_UTCTIME		ASN1_STRING
+#define ASN1_GENERALIZEDTIME	ASN1_STRING
+#define ASN1_TIME		ASN1_STRING
+#define ASN1_GENERALSTRING	ASN1_STRING
+#define ASN1_UNIVERSALSTRING	ASN1_STRING
+#define ASN1_BMPSTRING		ASN1_STRING
+#define ASN1_VISIBLESTRING	ASN1_STRING
+#define ASN1_UTF8STRING		ASN1_STRING
+#else
+typedef struct asn1_string_st ASN1_INTEGER;
+typedef struct asn1_string_st ASN1_ENUMERATED;
+typedef struct asn1_string_st ASN1_BIT_STRING;
+typedef struct asn1_string_st ASN1_OCTET_STRING;
+typedef struct asn1_string_st ASN1_PRINTABLESTRING;
+typedef struct asn1_string_st ASN1_T61STRING;
+typedef struct asn1_string_st ASN1_IA5STRING;
+typedef struct asn1_string_st ASN1_GENERALSTRING;
+typedef struct asn1_string_st ASN1_UNIVERSALSTRING;
+typedef struct asn1_string_st ASN1_BMPSTRING;
+typedef struct asn1_string_st ASN1_UTCTIME;
+typedef struct asn1_string_st ASN1_TIME;
+typedef struct asn1_string_st ASN1_GENERALIZEDTIME;
+typedef struct asn1_string_st ASN1_VISIBLESTRING;
+typedef struct asn1_string_st ASN1_UTF8STRING;
+#endif
+
 typedef struct asn1_type_st
 	{
 	int type;
@@ -262,6 +242,7 @@ typedef struct asn1_type_st
 		ASN1_STRING *		asn1_string;
 		ASN1_OBJECT *		object;
 		ASN1_INTEGER *		integer;
+		ASN1_ENUMERATED *	enumerated;
 		ASN1_BIT_STRING *	bit_string;
 		ASN1_OCTET_STRING *	octet_string;
 		ASN1_PRINTABLESTRING *	printablestring;
@@ -272,6 +253,8 @@ typedef struct asn1_type_st
 		ASN1_UNIVERSALSTRING *	universalstring;
 		ASN1_UTCTIME *		utctime;
 		ASN1_GENERALIZEDTIME *	generalizedtime;
+		ASN1_VISIBLESTRING *	visiblestring;
+		ASN1_UTF8STRING *	utf8string;
 		/* set and sequence are left complete and still
 		 * contain the set or sequence bytes */
 		ASN1_STRING *		set;
@@ -279,6 +262,9 @@ typedef struct asn1_type_st
 		} value;
 	} ASN1_TYPE;
 
+DECLARE_STACK_OF(ASN1_TYPE)
+DECLARE_ASN1_SET_OF(ASN1_TYPE)
+
 typedef struct asn1_method_st
 	{
 	int (*i2d)();
@@ -322,6 +308,17 @@ typedef struct asn1_header_st
 /* i2d_ASN1_INTEGER() is a function */
 /* d2i_ASN1_INTEGER() is a function */
 
+#define ASN1_ENUMERATED_new()	(ASN1_ENUMERATED *)\
+		ASN1_STRING_type_new(V_ASN1_ENUMERATED)
+#define ASN1_ENUMERATED_free(a)		ASN1_STRING_free((ASN1_STRING *)a)
+#define ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)ASN1_STRING_dup((ASN1_STRING *)a)
+#define ASN1_ENUMERATED_cmp(a,b)	ASN1_STRING_cmp(\
+		(ASN1_STRING *)a,(ASN1_STRING *)b)
+/* ASN1_ENUMERATED_set() is a function, also see BN_to_ASN1_ENUMERATED() */
+/* ASN1_ENUMERATED_get() is a function, also see ASN1_ENUMERATED_to_BN() */
+/* i2d_ASN1_ENUMERATED() is a function */
+/* d2i_ASN1_ENUMERATED() is a function */
+
 #define ASN1_OCTET_STRING_new()	(ASN1_OCTET_STRING *)\
 		ASN1_STRING_type_new(V_ASN1_OCTET_STRING)
 #define ASN1_OCTET_STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
@@ -350,7 +347,29 @@ typedef struct asn1_header_st
 			B_ASN1_BMPSTRING|\
 			B_ASN1_UNKNOWN)
 
-#define ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING_STRING *)\
+#define DIRECTORYSTRING_new() ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
+#define DIRECTORYSTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_DIRECTORYSTRING(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
+						pp,a->type,V_ASN1_UNIVERSAL)
+#define M_d2i_DIRECTORYSTRING(a,pp,l) \
+		d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
+			B_ASN1_PRINTABLESTRING| \
+			B_ASN1_TELETEXSTRING|\
+			B_ASN1_BMPSTRING|\
+			B_ASN1_UNIVERSALSTRING|\
+			B_ASN1_UTF8STRING)
+
+#define DISPLAYTEXT_new() ASN1_STRING_type_new(V_ASN1_VISIBLESTRING)
+#define DISPLAYTEXT_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_DISPLAYTEXT(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
+						pp,a->type,V_ASN1_UNIVERSAL)
+#define M_d2i_DISPLAYTEXT(a,pp,l) \
+		d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
+			B_ASN1_VISIBLESTRING| \
+			B_ASN1_BMPSTRING|\
+			B_ASN1_UTF8STRING)
+
+#define ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING *)\
 		ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
 #define ASN1_PRINTABLESTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
 #define M_i2d_ASN1_PRINTABLESTRING(a,pp) \
@@ -373,6 +392,8 @@ typedef struct asn1_header_st
 #define ASN1_IA5STRING_new()	(ASN1_IA5STRING *)\
 		ASN1_STRING_type_new(V_ASN1_IA5STRING)
 #define ASN1_IA5STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define ASN1_IA5STRING_dup(a)	\
+			(ASN1_IA5STRING *)ASN1_STRING_dup((ASN1_STRING *)a)
 #define M_i2d_ASN1_IA5STRING(a,pp) \
 		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\
 			V_ASN1_UNIVERSAL)
@@ -392,12 +413,22 @@ typedef struct asn1_header_st
 #define ASN1_GENERALIZEDTIME_new()	(ASN1_GENERALIZEDTIME *)\
 		ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME)
 #define ASN1_GENERALIZEDTIME_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define ASN1_GENERALIZEDTIME_dup(a) (ASN1_UTCTIME *)ASN1_STRING_dup(\
+#define ASN1_GENERALIZEDTIME_dup(a) (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup(\
 	(ASN1_STRING *)a)
-/* DOES NOT EXIST YET i2d_ASN1_GENERALIZEDTIME() is a function */
-/* DOES NOT EXIST YET d2i_ASN1_GENERALIZEDTIME() is a function */
-/* DOES NOT EXIST YET ASN1_GENERALIZEDTIME_set() is a function */
-/* DOES NOT EXIST YET ASN1_GENERALIZEDTIME_check() is a function */
+/* i2d_ASN1_GENERALIZEDTIME() is a function */
+/* d2i_ASN1_GENERALIZEDTIME() is a function */
+/* ASN1_GENERALIZEDTIME_set() is a function */
+/* ASN1_GENERALIZEDTIME_check() is a function */
+
+#define ASN1_TIME_new()	(ASN1_TIME *)\
+		ASN1_STRING_type_new(V_ASN1_UTCTIME)
+#define ASN1_TIME_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define ASN1_TIME_dup(a) (ASN1_TIME *)ASN1_STRING_dup((ASN1_STRING *)a)
+
+/* i2d_ASN1_TIME() is a function */
+/* d2i_ASN1_TIME() is a function */
+/* ASN1_TIME_set() is a function */
+/* ASN1_TIME_check() is a function */
 
 #define ASN1_GENERALSTRING_new()	(ASN1_GENERALSTRING *)\
 		ASN1_STRING_type_new(V_ASN1_GENERALSTRING)
@@ -429,13 +460,36 @@ typedef struct asn1_header_st
 		(ASN1_BMPSTRING *)d2i_ASN1_type_bytes\
 		((ASN1_STRING **)a,pp,l,B_ASN1_BMPSTRING)
 
-#ifndef NOPROTO
+#define ASN1_VISIBLESTRING_new()	(ASN1_VISIBLESTRING *)\
+		ASN1_STRING_type_new(V_ASN1_VISIBLESTRING)
+#define ASN1_VISIBLESTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_VISIBLESTRING(a,pp) \
+		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_VISIBLESTRING,\
+			V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_VISIBLESTRING(a,pp,l) \
+		(ASN1_VISIBLESTRING *)d2i_ASN1_type_bytes\
+		((ASN1_STRING **)a,pp,l,B_ASN1_VISIBLESTRING)
+
+#define ASN1_UTF8STRING_new()	(ASN1_UTF8STRING *)\
+		ASN1_STRING_type_new(V_ASN1_UTF8STRING)
+#define ASN1_UTF8STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_UTF8STRING(a,pp) \
+		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UTF8STRING,\
+			V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_UTF8STRING(a,pp,l) \
+		(ASN1_UTF8STRING *)d2i_ASN1_type_bytes\
+		((ASN1_STRING **)a,pp,l,B_ASN1_UTF8STRING)
+
+  /* for the is_set parameter to i2d_ASN1_SET */
+#define IS_SEQUENCE	0
+#define IS_SET		1
+
 ASN1_TYPE *	ASN1_TYPE_new(void );
 void		ASN1_TYPE_free(ASN1_TYPE *a);
 int		i2d_ASN1_TYPE(ASN1_TYPE *a,unsigned char **pp);
 ASN1_TYPE *	d2i_ASN1_TYPE(ASN1_TYPE **a,unsigned char **pp,long length);
 int ASN1_TYPE_get(ASN1_TYPE *a);
-void ASN1_TYPE_set(ASN1_TYPE *a, int type, char *value);
+void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
 
 ASN1_OBJECT *	ASN1_OBJECT_new(void );
 void		ASN1_OBJECT_free(ASN1_OBJECT *a);
@@ -443,12 +497,17 @@ int		i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp);
 ASN1_OBJECT *	d2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
 			long length);
 
+DECLARE_STACK_OF(ASN1_OBJECT)
+DECLARE_ASN1_SET_OF(ASN1_OBJECT)
+
 ASN1_STRING *	ASN1_STRING_new(void );
 void		ASN1_STRING_free(ASN1_STRING *a);
 ASN1_STRING *	ASN1_STRING_dup(ASN1_STRING *a);
 ASN1_STRING *	ASN1_STRING_type_new(int type );
 int 		ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b);
-int 		ASN1_STRING_set(ASN1_STRING *str,unsigned char *data, int len);
+  /* Since this is used to store all sorts of things, via macros, for now, make
+     its data void * */
+int 		ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
 
 int		i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp);
 ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,unsigned char **pp,
@@ -463,21 +522,50 @@ int 		d2i_ASN1_BOOLEAN(int *a,unsigned char **pp,long length);
 int		i2d_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);
 ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,
 			long length);
+ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,unsigned char **pp,
+			long length);
+
+int		i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a,unsigned char **pp);
+ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a,unsigned char **pp,
+			long length);
 
 int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
 ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t);
 int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str); 
 
+int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t);
+int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str); 
+
 int		i2d_ASN1_OCTET_STRING(ASN1_OCTET_STRING *a,unsigned char **pp);
 ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING(ASN1_OCTET_STRING **a,
 			unsigned char **pp,long length);
 
+int	i2d_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING *a,unsigned char **pp);
+ASN1_VISIBLESTRING *d2i_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING **a,
+			unsigned char **pp,long length);
+
+int		i2d_ASN1_UTF8STRING(ASN1_UTF8STRING *a,unsigned char **pp);
+ASN1_UTF8STRING *d2i_ASN1_UTF8STRING(ASN1_UTF8STRING **a,
+			unsigned char **pp,long length);
+
+int i2d_ASN1_BMPSTRING(ASN1_BMPSTRING *a, unsigned char **pp);
+ASN1_BMPSTRING *d2i_ASN1_BMPSTRING(ASN1_BMPSTRING **a, unsigned char **pp,
+	long length);
+
 int i2d_ASN1_PRINTABLE(ASN1_STRING *a,unsigned char **pp);
 ASN1_STRING *d2i_ASN1_PRINTABLE(ASN1_STRING **a,
 	unsigned char **pp, long l);
 ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING **a,
 	unsigned char **pp, long l);
 
+int	i2d_DIRECTORYSTRING(ASN1_STRING *a,unsigned char **pp);
+ASN1_STRING *d2i_DIRECTORYSTRING(ASN1_STRING **a, unsigned char **pp,
+								 long length);
+
+int	i2d_DISPLAYTEXT(ASN1_STRING *a,unsigned char **pp);
+ASN1_STRING *d2i_DISPLAYTEXT(ASN1_STRING **a, unsigned char **pp, long length);
+
 ASN1_T61STRING *d2i_ASN1_T61STRING(ASN1_T61STRING **a,
 	unsigned char **pp, long l);
 int i2d_ASN1_IA5STRING(ASN1_IA5STRING *a,unsigned char **pp);
@@ -488,21 +576,32 @@ int		i2d_ASN1_UTCTIME(ASN1_UTCTIME *a,unsigned char **pp);
 ASN1_UTCTIME *	d2i_ASN1_UTCTIME(ASN1_UTCTIME **a,unsigned char **pp,
 			long length);
 
+int		i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a,unsigned char **pp);
+ASN1_GENERALIZEDTIME *	d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a,unsigned char **pp,
+			long length);
+
+int		i2d_ASN1_TIME(ASN1_TIME *a,unsigned char **pp);
+ASN1_TIME *	d2i_ASN1_TIME(ASN1_TIME **a,unsigned char **pp, long length);
+ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t);
+
 int		i2d_ASN1_SET(STACK *a, unsigned char **pp,
-			int (*func)(), int ex_tag, int ex_class);
+			int (*func)(), int ex_tag, int ex_class, int is_set);
 STACK *		d2i_ASN1_SET(STACK **a, unsigned char **pp, long length,
-			char *(*func)(), int ex_tag, int ex_class);
+			char *(*func)(), void (*free_func)(),
+			int ex_tag, int ex_class);
 
 #ifdef HEADER_BIO_H
 int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
 int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size);
+int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a);
+int a2i_ASN1_ENUMERATED(BIO *bp,ASN1_ENUMERATED *bs,char *buf,int size);
 int i2a_ASN1_OBJECT(BIO *bp,ASN1_OBJECT *a);
 int a2i_ASN1_STRING(BIO *bp,ASN1_STRING *bs,char *buf,int size);
 int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type);
 #endif
 int i2t_ASN1_OBJECT(char *buf,int buf_len,ASN1_OBJECT *a);
 
-int a2d_ASN1_OBJECT(unsigned char *out,int olen, char *buf, int num);
+int a2d_ASN1_OBJECT(unsigned char *out,int olen, const char *buf, int num);
 ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data,int len,
 	char *sn, char *ln);
 
@@ -511,6 +610,11 @@ long ASN1_INTEGER_get(ASN1_INTEGER *a);
 ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai);
 BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai,BIGNUM *bn);
 
+int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
+long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a);
+ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai);
+BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai,BIGNUM *bn);
+
 /* General */
 /* given a string, return the correct type, max is the maximum length */
 int ASN1_PRINTABLE_type(unsigned char *s, int max);
@@ -545,6 +649,8 @@ int ASN1_i2d_fp(int (*i2d)(),FILE *out,unsigned char *x);
 char *ASN1_d2i_bio(char *(*xnew)(),char *(*d2i)(),BIO *bp,unsigned char **x);
 int ASN1_i2d_bio(int (*i2d)(),BIO *out,unsigned char *x);
 int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a);
+int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a);
+int ASN1_TIME_print(BIO *fp,ASN1_TIME *a);
 int ASN1_STRING_print(BIO *bp,ASN1_STRING *v);
 int ASN1_parse(BIO *bp,unsigned char *pp,long len,int indent);
 #endif
@@ -574,111 +680,32 @@ int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num,
 int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num,
 	unsigned char *data, int max_len);
 
-#else
-
-ASN1_TYPE *	ASN1_TYPE_new();
-void		ASN1_TYPE_free();
-int		i2d_ASN1_TYPE();
-ASN1_TYPE *	d2i_ASN1_TYPE();
-int ASN1_TYPE_get();
-void ASN1_TYPE_set();
-
-ASN1_OBJECT *	ASN1_OBJECT_new();
-void		ASN1_OBJECT_free();
-int		i2d_ASN1_OBJECT();
-ASN1_OBJECT *	d2i_ASN1_OBJECT();
-ASN1_STRING *	ASN1_STRING_new();
-void		ASN1_STRING_free();
-ASN1_STRING *	ASN1_STRING_dup();
-ASN1_STRING *	ASN1_STRING_type_new();
-int 		ASN1_STRING_cmp();
-int 		ASN1_STRING_set();
-int		i2d_ASN1_BIT_STRING();
-ASN1_BIT_STRING *d2i_ASN1_BIT_STRING();
-int		ASN1_BIT_STRING_set_bit();
-int		ASN1_BIT_STRING_get_bit();
-int		i2d_ASN1_BOOLEAN();
-int 		d2i_ASN1_BOOLEAN();
-int		i2d_ASN1_INTEGER();
-ASN1_INTEGER *d2i_ASN1_INTEGER();
-int ASN1_UTCTIME_check();
-ASN1_UTCTIME *ASN1_UTCTIME_set();
-int ASN1_UTCTIME_set_string();
-int		i2d_ASN1_OCTET_STRING();
-ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING();
-int i2d_ASN1_PRINTABLE();
-ASN1_STRING *d2i_ASN1_PRINTABLE();
-ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING();
-ASN1_T61STRING *d2i_ASN1_T61STRING();
-int i2d_ASN1_IA5STRING();
-ASN1_IA5STRING *d2i_ASN1_IA5STRING();
-int		i2d_ASN1_UTCTIME();
-ASN1_UTCTIME *	d2i_ASN1_UTCTIME();
-int		i2d_ASN1_SET();
-STACK *		d2i_ASN1_SET();
-int a2d_ASN1_OBJECT();
-ASN1_OBJECT *ASN1_OBJECT_create();
-int ASN1_INTEGER_set();
-long ASN1_INTEGER_get();
-ASN1_INTEGER *BN_to_ASN1_INTEGER();
-BIGNUM *ASN1_INTEGER_to_BN();
-int ASN1_PRINTABLE_type();
-int i2d_ASN1_bytes();
-ASN1_STRING *d2i_ASN1_bytes();
-ASN1_STRING *d2i_ASN1_type_bytes();
-int asn1_Finish();
-int ASN1_get_object();
-int ASN1_check_infinite_end();
-void ASN1_put_object();
-int ASN1_object_size();
-char *ASN1_dup();
-#ifndef NO_FP_API
-char *ASN1_d2i_fp();
-int ASN1_i2d_fp();
-#endif
-
-char *ASN1_d2i_bio();
-int ASN1_i2d_bio();
-int ASN1_UTCTIME_print();
-int ASN1_STRING_print();
-int ASN1_parse();
-int i2a_ASN1_INTEGER();
-int a2i_ASN1_INTEGER();
-int i2a_ASN1_OBJECT();
-int i2t_ASN1_OBJECT();
-int a2i_ASN1_STRING();
-int i2a_ASN1_STRING();
-
-int i2d_ASN1_HEADER();
-ASN1_HEADER *d2i_ASN1_HEADER();
-ASN1_HEADER *ASN1_HEADER_new();
-void ASN1_HEADER_free();
-void ERR_load_ASN1_strings();
-ASN1_METHOD *X509_asn1_meth();
-ASN1_METHOD *RSAPrivateKey_asn1_meth();
-ASN1_METHOD *ASN1_IA5STRING_asn1_meth();
-ASN1_METHOD *ASN1_BIT_STRING_asn1_meth();
-
-int ASN1_UNIVERSALSTRING_to_string();
-
-int ASN1_TYPE_set_octetstring();
-int ASN1_TYPE_get_octetstring();
-int ASN1_TYPE_set_int_octetstring();
-int ASN1_TYPE_get_int_octetstring();
-
-#endif
+STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(),
+						 void (*free_func)() ); 
+unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf,
+								 int *len );
+void *ASN1_unpack_string(ASN1_STRING *oct, char *(*d2i)());
+ASN1_STRING *ASN1_pack_string(void *obj, int (*i2d)(), ASN1_OCTET_STRING **oct);
 
 /* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
 /* Error codes for the ASN1 functions. */
 
 /* Function codes. */
 #define ASN1_F_A2D_ASN1_OBJECT				 100
+#define ASN1_F_A2I_ASN1_ENUMERATED			 236
 #define ASN1_F_A2I_ASN1_INTEGER				 101
 #define ASN1_F_A2I_ASN1_STRING				 102
-#define ASN1_F_ASN1_COLLATE_PRIMATIVE			 103
+#define ASN1_F_ASN1_COLLATE_PRIMITIVE			 103
 #define ASN1_F_ASN1_D2I_BIO				 104
 #define ASN1_F_ASN1_D2I_FP				 105
 #define ASN1_F_ASN1_DUP					 106
+#define ASN1_F_ASN1_ENUMERATED_SET			 232
+#define ASN1_F_ASN1_ENUMERATED_TO_BN			 233
+#define ASN1_F_ASN1_GENERALIZEDTIME_NEW			 222
 #define ASN1_F_ASN1_GET_OBJECT				 107
 #define ASN1_F_ASN1_HEADER_NEW				 108
 #define ASN1_F_ASN1_I2D_BIO				 109
@@ -686,37 +713,65 @@ int ASN1_TYPE_get_int_octetstring();
 #define ASN1_F_ASN1_INTEGER_SET				 111
 #define ASN1_F_ASN1_INTEGER_TO_BN			 112
 #define ASN1_F_ASN1_OBJECT_NEW				 113
+#define ASN1_F_ASN1_PACK_STRING				 245
+#define ASN1_F_ASN1_PBE_SET				 253
+#define ASN1_F_ASN1_SEQ_PACK				 246
+#define ASN1_F_ASN1_SEQ_UNPACK				 247
 #define ASN1_F_ASN1_SIGN				 114
 #define ASN1_F_ASN1_STRING_NEW				 115
 #define ASN1_F_ASN1_STRING_TYPE_NEW			 116
 #define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING		 117
 #define ASN1_F_ASN1_TYPE_GET_OCTETSTRING		 118
 #define ASN1_F_ASN1_TYPE_NEW				 119
+#define ASN1_F_ASN1_UNPACK_STRING			 248
 #define ASN1_F_ASN1_UTCTIME_NEW				 120
 #define ASN1_F_ASN1_VERIFY				 121
+#define ASN1_F_AUTHORITY_KEYID_NEW			 237
+#define ASN1_F_BASIC_CONSTRAINTS_NEW			 226
+#define ASN1_F_BN_TO_ASN1_ENUMERATED			 234
 #define ASN1_F_BN_TO_ASN1_INTEGER			 122
 #define ASN1_F_D2I_ASN1_BIT_STRING			 123
 #define ASN1_F_D2I_ASN1_BMPSTRING			 124
 #define ASN1_F_D2I_ASN1_BOOLEAN				 125
 #define ASN1_F_D2I_ASN1_BYTES				 126
+#define ASN1_F_D2I_ASN1_ENUMERATED			 235
+#define ASN1_F_D2I_ASN1_GENERALIZEDTIME			 223
 #define ASN1_F_D2I_ASN1_HEADER				 127
 #define ASN1_F_D2I_ASN1_INTEGER				 128
 #define ASN1_F_D2I_ASN1_OBJECT				 129
 #define ASN1_F_D2I_ASN1_OCTET_STRING			 130
 #define ASN1_F_D2I_ASN1_PRINT_TYPE			 131
 #define ASN1_F_D2I_ASN1_SET				 132
+#define ASN1_F_D2I_ASN1_TIME				 224
 #define ASN1_F_D2I_ASN1_TYPE				 133
 #define ASN1_F_D2I_ASN1_TYPE_BYTES			 134
+#define ASN1_F_D2I_ASN1_UINTEGER			 280
 #define ASN1_F_D2I_ASN1_UTCTIME				 135
+#define ASN1_F_D2I_ASN1_UTF8STRING			 266
+#define ASN1_F_D2I_ASN1_VISIBLESTRING			 267
+#define ASN1_F_D2I_AUTHORITY_KEYID			 238
+#define ASN1_F_D2I_BASIC_CONSTRAINTS			 227
 #define ASN1_F_D2I_DHPARAMS				 136
+#define ASN1_F_D2I_DIST_POINT				 276
+#define ASN1_F_D2I_DIST_POINT_NAME			 277
 #define ASN1_F_D2I_DSAPARAMS				 137
 #define ASN1_F_D2I_DSAPRIVATEKEY			 138
 #define ASN1_F_D2I_DSAPUBLICKEY				 139
+#define ASN1_F_D2I_GENERAL_NAME				 230
+#define ASN1_F_D2I_NETSCAPE_CERT_SEQUENCE		 228
 #define ASN1_F_D2I_NETSCAPE_PKEY			 140
 #define ASN1_F_D2I_NETSCAPE_RSA				 141
 #define ASN1_F_D2I_NETSCAPE_RSA_2			 142
 #define ASN1_F_D2I_NETSCAPE_SPKAC			 143
 #define ASN1_F_D2I_NETSCAPE_SPKI			 144
+#define ASN1_F_D2I_NOTICEREF				 268
+#define ASN1_F_D2I_PBE2PARAM				 262
+#define ASN1_F_D2I_PBEPARAM				 249
+#define ASN1_F_D2I_PBKDF2PARAM				 263
+#define ASN1_F_D2I_PKCS12				 254
+#define ASN1_F_D2I_PKCS12_BAGS				 255
+#define ASN1_F_D2I_PKCS12_MAC_DATA			 256
+#define ASN1_F_D2I_PKCS12_SAFEBAG			 257
 #define ASN1_F_D2I_PKCS7				 145
 #define ASN1_F_D2I_PKCS7_DIGEST				 146
 #define ASN1_F_D2I_PKCS7_ENCRYPT			 147
@@ -727,10 +782,17 @@ int ASN1_TYPE_get_int_octetstring();
 #define ASN1_F_D2I_PKCS7_SIGNED				 152
 #define ASN1_F_D2I_PKCS7_SIGNER_INFO			 153
 #define ASN1_F_D2I_PKCS7_SIGN_ENVELOPE			 154
+#define ASN1_F_D2I_PKCS8_PRIV_KEY_INFO			 250
+#define ASN1_F_D2I_PKEY_USAGE_PERIOD			 239
+#define ASN1_F_D2I_POLICYINFO				 269
+#define ASN1_F_D2I_POLICYQUALINFO			 270
 #define ASN1_F_D2I_PRIVATEKEY				 155
 #define ASN1_F_D2I_PUBLICKEY				 156
 #define ASN1_F_D2I_RSAPRIVATEKEY			 157
 #define ASN1_F_D2I_RSAPUBLICKEY				 158
+#define ASN1_F_D2I_SXNET				 241
+#define ASN1_F_D2I_SXNETID				 243
+#define ASN1_F_D2I_USERNOTICE				 271
 #define ASN1_F_D2I_X509					 159
 #define ASN1_F_D2I_X509_ALGOR				 160
 #define ASN1_F_D2I_X509_ATTRIBUTE			 161
@@ -748,7 +810,11 @@ int ASN1_TYPE_get_int_octetstring();
 #define ASN1_F_D2I_X509_REVOKED				 173
 #define ASN1_F_D2I_X509_SIG				 174
 #define ASN1_F_D2I_X509_VAL				 175
+#define ASN1_F_DIST_POINT_NAME_NEW			 278
+#define ASN1_F_DIST_POINT_NEW				 279
+#define ASN1_F_GENERAL_NAME_NEW				 231
 #define ASN1_F_I2D_ASN1_HEADER				 176
+#define ASN1_F_I2D_ASN1_TIME				 225
 #define ASN1_F_I2D_DHPARAMS				 177
 #define ASN1_F_I2D_DSAPARAMS				 178
 #define ASN1_F_I2D_DSAPRIVATEKEY			 179
@@ -761,9 +827,19 @@ int ASN1_TYPE_get_int_octetstring();
 #define ASN1_F_I2D_RSAPUBLICKEY				 186
 #define ASN1_F_I2D_X509_ATTRIBUTE			 187
 #define ASN1_F_I2T_ASN1_OBJECT				 188
+#define ASN1_F_NETSCAPE_CERT_SEQUENCE_NEW		 229
 #define ASN1_F_NETSCAPE_PKEY_NEW			 189
 #define ASN1_F_NETSCAPE_SPKAC_NEW			 190
 #define ASN1_F_NETSCAPE_SPKI_NEW			 191
+#define ASN1_F_NOTICEREF_NEW				 272
+#define ASN1_F_PBE2PARAM_NEW				 264
+#define ASN1_F_PBEPARAM_NEW				 251
+#define ASN1_F_PBKDF2PARAM_NEW				 265
+#define ASN1_F_PKCS12_BAGS_NEW				 258
+#define ASN1_F_PKCS12_MAC_DATA_NEW			 259
+#define ASN1_F_PKCS12_NEW				 260
+#define ASN1_F_PKCS12_SAFEBAG_NEW			 261
+#define ASN1_F_PKCS5_PBE2_SET				 281
 #define ASN1_F_PKCS7_DIGEST_NEW				 192
 #define ASN1_F_PKCS7_ENCRYPT_NEW			 193
 #define ASN1_F_PKCS7_ENC_CONTENT_NEW			 194
@@ -774,6 +850,13 @@ int ASN1_TYPE_get_int_octetstring();
 #define ASN1_F_PKCS7_SIGNED_NEW				 199
 #define ASN1_F_PKCS7_SIGNER_INFO_NEW			 200
 #define ASN1_F_PKCS7_SIGN_ENVELOPE_NEW			 201
+#define ASN1_F_PKCS8_PRIV_KEY_INFO_NEW			 252
+#define ASN1_F_PKEY_USAGE_PERIOD_NEW			 240
+#define ASN1_F_POLICYINFO_NEW				 273
+#define ASN1_F_POLICYQUALINFO_NEW			 274
+#define ASN1_F_SXNETID_NEW				 244
+#define ASN1_F_SXNET_NEW				 242
+#define ASN1_F_USERNOTICE_NEW				 275
 #define ASN1_F_X509_ALGOR_NEW				 202
 #define ASN1_F_X509_ATTRIBUTE_NEW			 203
 #define ASN1_F_X509_CINF_NEW				 204
@@ -797,61 +880,64 @@ int ASN1_TYPE_get_int_octetstring();
 
 /* Reason codes. */
 #define ASN1_R_BAD_CLASS				 100
-#define ASN1_R_BAD_GET_OBJECT				 101
-#define ASN1_R_BAD_OBJECT_HEADER			 102
-#define ASN1_R_BAD_PASSWORD_READ			 103
-#define ASN1_R_BAD_PKCS7_CONTENT			 104
-#define ASN1_R_BAD_PKCS7_TYPE				 105
-#define ASN1_R_BAD_TAG					 106
-#define ASN1_R_BAD_TYPE					 107
-#define ASN1_R_BN_LIB					 108
-#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH			 109
-#define ASN1_R_BUFFER_TOO_SMALL				 110
-#define ASN1_R_DATA_IS_WRONG				 111
-#define ASN1_R_DECODING_ERROR				 112
-#define ASN1_R_ERROR_STACK				 113
-#define ASN1_R_EXPECTING_AN_INTEGER			 114
-#define ASN1_R_EXPECTING_AN_OBJECT			 115
-#define ASN1_R_EXPECTING_AN_OCTET_STRING		 116
-#define ASN1_R_EXPECTING_A_BIT_STRING			 117
-#define ASN1_R_EXPECTING_A_BOOLEAN			 118
-#define ASN1_R_EXPECTING_A_SEQUENCE			 119
-#define ASN1_R_EXPECTING_A_UTCTIME			 120
-#define ASN1_R_FIRST_NUM_TOO_LARGE			 121
-#define ASN1_R_HEADER_TOO_LONG				 122
-#define ASN1_R_INVALID_DIGIT				 123
-#define ASN1_R_INVALID_SEPARATOR			 124
-#define ASN1_R_INVALID_TIME_FORMAT			 125
-#define ASN1_R_IV_TOO_LARGE				 126
-#define ASN1_R_LENGTH_ERROR				 127
-#define ASN1_R_LENGTH_MISMATCH				 128
-#define ASN1_R_MISSING_EOS				 129
-#define ASN1_R_MISSING_SECOND_NUMBER			 130
-#define ASN1_R_NON_HEX_CHARACTERS			 131
-#define ASN1_R_NOT_ENOUGH_DATA				 132
-#define ASN1_R_ODD_NUMBER_OF_CHARS			 133
-#define ASN1_R_PARSING					 134
-#define ASN1_R_PRIVATE_KEY_HEADER_MISSING		 135
-#define ASN1_R_SECOND_NUMBER_TOO_LARGE			 136
-#define ASN1_R_SHORT_LINE				 137
-#define ASN1_R_STRING_TOO_SHORT				 138
-#define ASN1_R_TAG_VALUE_TOO_HIGH			 139
-#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 140
-#define ASN1_R_TOO_LONG					 141
-#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY			 142
-#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY		 143
-#define ASN1_R_UNKNOWN_ATTRIBUTE_TYPE			 144
-#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM		 145
-#define ASN1_R_UNKNOWN_OBJECT_TYPE			 146
-#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE			 147
-#define ASN1_R_UNSUPPORTED_CIPHER			 148
-#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM		 149
-#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE		 150
-#define ASN1_R_UTCTIME_TOO_LONG				 151
-#define ASN1_R_WRONG_PRINTABLE_TYPE			 152
-#define ASN1_R_WRONG_TAG				 153
-#define ASN1_R_WRONG_TYPE				 154
- 
+#define ASN1_R_BAD_OBJECT_HEADER			 101
+#define ASN1_R_BAD_PASSWORD_READ			 102
+#define ASN1_R_BAD_PKCS7_CONTENT			 103
+#define ASN1_R_BAD_PKCS7_TYPE				 104
+#define ASN1_R_BAD_TAG					 105
+#define ASN1_R_BAD_TYPE					 106
+#define ASN1_R_BN_LIB					 107
+#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH			 108
+#define ASN1_R_BUFFER_TOO_SMALL				 109
+#define ASN1_R_DATA_IS_WRONG				 110
+#define ASN1_R_DECODE_ERROR				 155
+#define ASN1_R_DECODING_ERROR				 111
+#define ASN1_R_ENCODE_ERROR				 156
+#define ASN1_R_ERROR_PARSING_SET_ELEMENT		 112
+#define ASN1_R_ERROR_SETTING_CIPHER_PARAMS		 157
+#define ASN1_R_EXPECTING_AN_ENUMERATED			 154
+#define ASN1_R_EXPECTING_AN_INTEGER			 113
+#define ASN1_R_EXPECTING_AN_OBJECT			 114
+#define ASN1_R_EXPECTING_AN_OCTET_STRING		 115
+#define ASN1_R_EXPECTING_A_BIT_STRING			 116
+#define ASN1_R_EXPECTING_A_BOOLEAN			 117
+#define ASN1_R_EXPECTING_A_GENERALIZEDTIME		 151
+#define ASN1_R_EXPECTING_A_TIME				 152
+#define ASN1_R_EXPECTING_A_UTCTIME			 118
+#define ASN1_R_FIRST_NUM_TOO_LARGE			 119
+#define ASN1_R_GENERALIZEDTIME_TOO_LONG			 153
+#define ASN1_R_HEADER_TOO_LONG				 120
+#define ASN1_R_INVALID_DIGIT				 121
+#define ASN1_R_INVALID_SEPARATOR			 122
+#define ASN1_R_INVALID_TIME_FORMAT			 123
+#define ASN1_R_IV_TOO_LARGE				 124
+#define ASN1_R_LENGTH_ERROR				 125
+#define ASN1_R_MISSING_SECOND_NUMBER			 126
+#define ASN1_R_NON_HEX_CHARACTERS			 127
+#define ASN1_R_NOT_ENOUGH_DATA				 128
+#define ASN1_R_ODD_NUMBER_OF_CHARS			 129
+#define ASN1_R_PARSING					 130
+#define ASN1_R_PRIVATE_KEY_HEADER_MISSING		 131
+#define ASN1_R_SECOND_NUMBER_TOO_LARGE			 132
+#define ASN1_R_SHORT_LINE				 133
+#define ASN1_R_STRING_TOO_SHORT				 134
+#define ASN1_R_TAG_VALUE_TOO_HIGH			 135
+#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 136
+#define ASN1_R_TOO_LONG					 137
+#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY			 138
+#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY		 139
+#define ASN1_R_UNKNOWN_ATTRIBUTE_TYPE			 140
+#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM		 141
+#define ASN1_R_UNKNOWN_OBJECT_TYPE			 142
+#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE			 143
+#define ASN1_R_UNSUPPORTED_CIPHER			 144
+#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM		 145
+#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE		 146
+#define ASN1_R_UTCTIME_TOO_LONG				 147
+#define ASN1_R_WRONG_PRINTABLE_TYPE			 148
+#define ASN1_R_WRONG_TAG				 149
+#define ASN1_R_WRONG_TYPE				 150
+
 #ifdef  __cplusplus
 }
 #endif
diff --git a/lib/libssl/src/crypto/asn1/asn1_err.c b/lib/libssl/src/crypto/asn1/asn1_err.c
index 03c2858e7df..16755a0b059 100644
--- a/lib/libssl/src/crypto/asn1/asn1_err.c
+++ b/lib/libssl/src/crypto/asn1/asn1_err.c
@@ -1,75 +1,81 @@
-/* lib/asn1/asn1_err.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* crypto/asn1/asn1_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
+ */
+
 #include <stdio.h>
-#include "err.h"
-#include "asn1.h"
+#include <openssl/err.h>
+#include <openssl/asn1.h>
 
 /* BEGIN ERROR CODES */
 #ifndef NO_ERR
 static ERR_STRING_DATA ASN1_str_functs[]=
 	{
 {ERR_PACK(0,ASN1_F_A2D_ASN1_OBJECT,0),	"a2d_ASN1_OBJECT"},
+{ERR_PACK(0,ASN1_F_A2I_ASN1_ENUMERATED,0),	"a2i_ASN1_ENUMERATED"},
 {ERR_PACK(0,ASN1_F_A2I_ASN1_INTEGER,0),	"a2i_ASN1_INTEGER"},
 {ERR_PACK(0,ASN1_F_A2I_ASN1_STRING,0),	"a2i_ASN1_STRING"},
-{ERR_PACK(0,ASN1_F_ASN1_COLLATE_PRIMATIVE,0),	"ASN1_COLLATE_PRIMATIVE"},
+{ERR_PACK(0,ASN1_F_ASN1_COLLATE_PRIMITIVE,0),	"ASN1_COLLATE_PRIMITIVE"},
 {ERR_PACK(0,ASN1_F_ASN1_D2I_BIO,0),	"ASN1_d2i_bio"},
 {ERR_PACK(0,ASN1_F_ASN1_D2I_FP,0),	"ASN1_d2i_fp"},
 {ERR_PACK(0,ASN1_F_ASN1_DUP,0),	"ASN1_dup"},
+{ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_SET,0),	"ASN1_ENUMERATED_set"},
+{ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_TO_BN,0),	"ASN1_ENUMERATED_to_BN"},
+{ERR_PACK(0,ASN1_F_ASN1_GENERALIZEDTIME_NEW,0),	"ASN1_GENERALIZEDTIME_NEW"},
 {ERR_PACK(0,ASN1_F_ASN1_GET_OBJECT,0),	"ASN1_get_object"},
 {ERR_PACK(0,ASN1_F_ASN1_HEADER_NEW,0),	"ASN1_HEADER_new"},
 {ERR_PACK(0,ASN1_F_ASN1_I2D_BIO,0),	"ASN1_i2d_bio"},
@@ -77,121 +83,176 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_ASN1_INTEGER_SET,0),	"ASN1_INTEGER_set"},
 {ERR_PACK(0,ASN1_F_ASN1_INTEGER_TO_BN,0),	"ASN1_INTEGER_to_BN"},
 {ERR_PACK(0,ASN1_F_ASN1_OBJECT_NEW,0),	"ASN1_OBJECT_new"},
-{ERR_PACK(0,ASN1_F_ASN1_SIGN,0),	"ASN1_SIGN"},
+{ERR_PACK(0,ASN1_F_ASN1_PACK_STRING,0),	"ASN1_pack_string"},
+{ERR_PACK(0,ASN1_F_ASN1_PBE_SET,0),	"ASN1_PBE_SET"},
+{ERR_PACK(0,ASN1_F_ASN1_SEQ_PACK,0),	"ASN1_seq_pack"},
+{ERR_PACK(0,ASN1_F_ASN1_SEQ_UNPACK,0),	"ASN1_seq_unpack"},
+{ERR_PACK(0,ASN1_F_ASN1_SIGN,0),	"ASN1_sign"},
 {ERR_PACK(0,ASN1_F_ASN1_STRING_NEW,0),	"ASN1_STRING_new"},
 {ERR_PACK(0,ASN1_F_ASN1_STRING_TYPE_NEW,0),	"ASN1_STRING_type_new"},
 {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0),	"ASN1_TYPE_get_int_octetstring"},
 {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0),	"ASN1_TYPE_get_octetstring"},
 {ERR_PACK(0,ASN1_F_ASN1_TYPE_NEW,0),	"ASN1_TYPE_new"},
+{ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0),	"ASN1_unpack_string"},
 {ERR_PACK(0,ASN1_F_ASN1_UTCTIME_NEW,0),	"ASN1_UTCTIME_NEW"},
-{ERR_PACK(0,ASN1_F_ASN1_VERIFY,0),	"ASN1_VERIFY"},
+{ERR_PACK(0,ASN1_F_ASN1_VERIFY,0),	"ASN1_verify"},
+{ERR_PACK(0,ASN1_F_AUTHORITY_KEYID_NEW,0),	"AUTHORITY_KEYID_new"},
+{ERR_PACK(0,ASN1_F_BASIC_CONSTRAINTS_NEW,0),	"BASIC_CONSTRAINTS_new"},
+{ERR_PACK(0,ASN1_F_BN_TO_ASN1_ENUMERATED,0),	"BN_to_ASN1_ENUMERATED"},
 {ERR_PACK(0,ASN1_F_BN_TO_ASN1_INTEGER,0),	"BN_to_ASN1_INTEGER"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_BIT_STRING,0),	"d2i_ASN1_BIT_STRING"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_BMPSTRING,0),	"D2I_ASN1_BMPSTRING"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_BMPSTRING,0),	"d2i_ASN1_BMPSTRING"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_BOOLEAN,0),	"d2i_ASN1_BOOLEAN"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_BYTES,0),	"d2i_ASN1_bytes"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_ENUMERATED,0),	"d2i_ASN1_ENUMERATED"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_GENERALIZEDTIME,0),	"d2i_ASN1_GENERALIZEDTIME"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_HEADER,0),	"d2i_ASN1_HEADER"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_INTEGER,0),	"d2i_ASN1_INTEGER"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_OBJECT,0),	"d2i_ASN1_OBJECT"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_OCTET_STRING,0),	"d2i_ASN1_OCTET_STRING"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_PRINT_TYPE,0),	"D2I_ASN1_PRINT_TYPE"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_SET,0),	"d2i_ASN1_SET"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_TIME,0),	"d2i_ASN1_TIME"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_TYPE,0),	"d2i_ASN1_TYPE"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_TYPE_BYTES,0),	"d2i_ASN1_type_bytes"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_UINTEGER,0),	"d2i_ASN1_UINTEGER"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_UTCTIME,0),	"d2i_ASN1_UTCTIME"},
-{ERR_PACK(0,ASN1_F_D2I_DHPARAMS,0),	"D2I_DHPARAMS"},
-{ERR_PACK(0,ASN1_F_D2I_DSAPARAMS,0),	"D2I_DSAPARAMS"},
-{ERR_PACK(0,ASN1_F_D2I_DSAPRIVATEKEY,0),	"D2I_DSAPRIVATEKEY"},
-{ERR_PACK(0,ASN1_F_D2I_DSAPUBLICKEY,0),	"D2I_DSAPUBLICKEY"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_UTF8STRING,0),	"d2i_ASN1_UTF8STRING"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_VISIBLESTRING,0),	"d2i_ASN1_VISIBLESTRING"},
+{ERR_PACK(0,ASN1_F_D2I_AUTHORITY_KEYID,0),	"d2i_AUTHORITY_KEYID"},
+{ERR_PACK(0,ASN1_F_D2I_BASIC_CONSTRAINTS,0),	"d2i_BASIC_CONSTRAINTS"},
+{ERR_PACK(0,ASN1_F_D2I_DHPARAMS,0),	"d2i_DHparams"},
+{ERR_PACK(0,ASN1_F_D2I_DIST_POINT,0),	"d2i_DIST_POINT"},
+{ERR_PACK(0,ASN1_F_D2I_DIST_POINT_NAME,0),	"d2i_DIST_POINT_NAME"},
+{ERR_PACK(0,ASN1_F_D2I_DSAPARAMS,0),	"d2i_DSAparams"},
+{ERR_PACK(0,ASN1_F_D2I_DSAPRIVATEKEY,0),	"d2i_DSAPrivateKey"},
+{ERR_PACK(0,ASN1_F_D2I_DSAPUBLICKEY,0),	"d2i_DSAPublicKey"},
+{ERR_PACK(0,ASN1_F_D2I_GENERAL_NAME,0),	"d2i_GENERAL_NAME"},
+{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_CERT_SEQUENCE,0),	"d2i_NETSCAPE_CERT_SEQUENCE"},
 {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_PKEY,0),	"D2I_NETSCAPE_PKEY"},
-{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA,0),	"D2I_NETSCAPE_RSA"},
-{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA_2,0),	"D2I_NETSCAPE_RSA_2"},
-{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKAC,0),	"D2I_NETSCAPE_SPKAC"},
-{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKI,0),	"D2I_NETSCAPE_SPKI"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7,0),	"D2I_PKCS7"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_DIGEST,0),	"D2I_PKCS7_DIGEST"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_ENCRYPT,0),	"D2I_PKCS7_ENCRYPT"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_ENC_CONTENT,0),	"D2I_PKCS7_ENC_CONTENT"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_ENVELOPE,0),	"D2I_PKCS7_ENVELOPE"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL,0),	"D2I_PKCS7_ISSUER_AND_SERIAL"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_RECIP_INFO,0),	"D2I_PKCS7_RECIP_INFO"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGNED,0),	"D2I_PKCS7_SIGNED"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGNER_INFO,0),	"D2I_PKCS7_SIGNER_INFO"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGN_ENVELOPE,0),	"D2I_PKCS7_SIGN_ENVELOPE"},
-{ERR_PACK(0,ASN1_F_D2I_PRIVATEKEY,0),	"D2I_PRIVATEKEY"},
-{ERR_PACK(0,ASN1_F_D2I_PUBLICKEY,0),	"D2I_PUBLICKEY"},
-{ERR_PACK(0,ASN1_F_D2I_RSAPRIVATEKEY,0),	"D2I_RSAPRIVATEKEY"},
-{ERR_PACK(0,ASN1_F_D2I_RSAPUBLICKEY,0),	"D2I_RSAPUBLICKEY"},
-{ERR_PACK(0,ASN1_F_D2I_X509,0),	"D2I_X509"},
-{ERR_PACK(0,ASN1_F_D2I_X509_ALGOR,0),	"D2I_X509_ALGOR"},
-{ERR_PACK(0,ASN1_F_D2I_X509_ATTRIBUTE,0),	"D2I_X509_ATTRIBUTE"},
-{ERR_PACK(0,ASN1_F_D2I_X509_CINF,0),	"D2I_X509_CINF"},
-{ERR_PACK(0,ASN1_F_D2I_X509_CRL,0),	"D2I_X509_CRL"},
-{ERR_PACK(0,ASN1_F_D2I_X509_CRL_INFO,0),	"D2I_X509_CRL_INFO"},
-{ERR_PACK(0,ASN1_F_D2I_X509_EXTENSION,0),	"D2I_X509_EXTENSION"},
+{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA,0),	"d2i_Netscape_RSA"},
+{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA_2,0),	"d2i_Netscape_RSA_2"},
+{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKAC,0),	"d2i_NETSCAPE_SPKAC"},
+{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKI,0),	"d2i_NETSCAPE_SPKI"},
+{ERR_PACK(0,ASN1_F_D2I_NOTICEREF,0),	"d2i_NOTICEREF"},
+{ERR_PACK(0,ASN1_F_D2I_PBE2PARAM,0),	"d2i_PBE2PARAM"},
+{ERR_PACK(0,ASN1_F_D2I_PBEPARAM,0),	"d2i_PBEPARAM"},
+{ERR_PACK(0,ASN1_F_D2I_PBKDF2PARAM,0),	"d2i_PBKDF2PARAM"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS12,0),	"d2i_PKCS12"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS12_BAGS,0),	"d2i_PKCS12_BAGS"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS12_MAC_DATA,0),	"d2i_PKCS12_MAC_DATA"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS12_SAFEBAG,0),	"d2i_PKCS12_SAFEBAG"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7,0),	"d2i_PKCS7"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_DIGEST,0),	"d2i_PKCS7_DIGEST"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_ENCRYPT,0),	"d2i_PKCS7_ENCRYPT"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_ENC_CONTENT,0),	"d2i_PKCS7_ENC_CONTENT"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_ENVELOPE,0),	"d2i_PKCS7_ENVELOPE"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL,0),	"d2i_PKCS7_ISSUER_AND_SERIAL"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_RECIP_INFO,0),	"d2i_PKCS7_RECIP_INFO"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGNED,0),	"d2i_PKCS7_SIGNED"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGNER_INFO,0),	"d2i_PKCS7_SIGNER_INFO"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGN_ENVELOPE,0),	"d2i_PKCS7_SIGN_ENVELOPE"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS8_PRIV_KEY_INFO,0),	"d2i_PKCS8_PRIV_KEY_INFO"},
+{ERR_PACK(0,ASN1_F_D2I_PKEY_USAGE_PERIOD,0),	"d2i_PKEY_USAGE_PERIOD"},
+{ERR_PACK(0,ASN1_F_D2I_POLICYINFO,0),	"d2i_POLICYINFO"},
+{ERR_PACK(0,ASN1_F_D2I_POLICYQUALINFO,0),	"d2i_POLICYQUALINFO"},
+{ERR_PACK(0,ASN1_F_D2I_PRIVATEKEY,0),	"d2i_PrivateKey"},
+{ERR_PACK(0,ASN1_F_D2I_PUBLICKEY,0),	"d2i_PublicKey"},
+{ERR_PACK(0,ASN1_F_D2I_RSAPRIVATEKEY,0),	"d2i_RSAPrivateKey"},
+{ERR_PACK(0,ASN1_F_D2I_RSAPUBLICKEY,0),	"d2i_RSAPublicKey"},
+{ERR_PACK(0,ASN1_F_D2I_SXNET,0),	"d2i_SXNET"},
+{ERR_PACK(0,ASN1_F_D2I_SXNETID,0),	"d2i_SXNETID"},
+{ERR_PACK(0,ASN1_F_D2I_USERNOTICE,0),	"d2i_USERNOTICE"},
+{ERR_PACK(0,ASN1_F_D2I_X509,0),	"d2i_X509"},
+{ERR_PACK(0,ASN1_F_D2I_X509_ALGOR,0),	"d2i_X509_ALGOR"},
+{ERR_PACK(0,ASN1_F_D2I_X509_ATTRIBUTE,0),	"d2i_X509_ATTRIBUTE"},
+{ERR_PACK(0,ASN1_F_D2I_X509_CINF,0),	"d2i_X509_CINF"},
+{ERR_PACK(0,ASN1_F_D2I_X509_CRL,0),	"d2i_X509_CRL"},
+{ERR_PACK(0,ASN1_F_D2I_X509_CRL_INFO,0),	"d2i_X509_CRL_INFO"},
+{ERR_PACK(0,ASN1_F_D2I_X509_EXTENSION,0),	"d2i_X509_EXTENSION"},
 {ERR_PACK(0,ASN1_F_D2I_X509_KEY,0),	"D2I_X509_KEY"},
-{ERR_PACK(0,ASN1_F_D2I_X509_NAME,0),	"D2I_X509_NAME"},
-{ERR_PACK(0,ASN1_F_D2I_X509_NAME_ENTRY,0),	"D2I_X509_NAME_ENTRY"},
-{ERR_PACK(0,ASN1_F_D2I_X509_PKEY,0),	"D2I_X509_PKEY"},
-{ERR_PACK(0,ASN1_F_D2I_X509_PUBKEY,0),	"D2I_X509_PUBKEY"},
-{ERR_PACK(0,ASN1_F_D2I_X509_REQ,0),	"D2I_X509_REQ"},
-{ERR_PACK(0,ASN1_F_D2I_X509_REQ_INFO,0),	"D2I_X509_REQ_INFO"},
-{ERR_PACK(0,ASN1_F_D2I_X509_REVOKED,0),	"D2I_X509_REVOKED"},
-{ERR_PACK(0,ASN1_F_D2I_X509_SIG,0),	"D2I_X509_SIG"},
-{ERR_PACK(0,ASN1_F_D2I_X509_VAL,0),	"D2I_X509_VAL"},
+{ERR_PACK(0,ASN1_F_D2I_X509_NAME,0),	"d2i_X509_NAME"},
+{ERR_PACK(0,ASN1_F_D2I_X509_NAME_ENTRY,0),	"d2i_X509_NAME_ENTRY"},
+{ERR_PACK(0,ASN1_F_D2I_X509_PKEY,0),	"d2i_X509_PKEY"},
+{ERR_PACK(0,ASN1_F_D2I_X509_PUBKEY,0),	"d2i_X509_PUBKEY"},
+{ERR_PACK(0,ASN1_F_D2I_X509_REQ,0),	"d2i_X509_REQ"},
+{ERR_PACK(0,ASN1_F_D2I_X509_REQ_INFO,0),	"d2i_X509_REQ_INFO"},
+{ERR_PACK(0,ASN1_F_D2I_X509_REVOKED,0),	"d2i_X509_REVOKED"},
+{ERR_PACK(0,ASN1_F_D2I_X509_SIG,0),	"d2i_X509_SIG"},
+{ERR_PACK(0,ASN1_F_D2I_X509_VAL,0),	"d2i_X509_VAL"},
+{ERR_PACK(0,ASN1_F_DIST_POINT_NAME_NEW,0),	"DIST_POINT_NAME_new"},
+{ERR_PACK(0,ASN1_F_DIST_POINT_NEW,0),	"DIST_POINT_new"},
+{ERR_PACK(0,ASN1_F_GENERAL_NAME_NEW,0),	"GENERAL_NAME_new"},
 {ERR_PACK(0,ASN1_F_I2D_ASN1_HEADER,0),	"i2d_ASN1_HEADER"},
-{ERR_PACK(0,ASN1_F_I2D_DHPARAMS,0),	"I2D_DHPARAMS"},
-{ERR_PACK(0,ASN1_F_I2D_DSAPARAMS,0),	"I2D_DSAPARAMS"},
-{ERR_PACK(0,ASN1_F_I2D_DSAPRIVATEKEY,0),	"I2D_DSAPRIVATEKEY"},
-{ERR_PACK(0,ASN1_F_I2D_DSAPUBLICKEY,0),	"I2D_DSAPUBLICKEY"},
-{ERR_PACK(0,ASN1_F_I2D_NETSCAPE_RSA,0),	"I2D_NETSCAPE_RSA"},
-{ERR_PACK(0,ASN1_F_I2D_PKCS7,0),	"I2D_PKCS7"},
-{ERR_PACK(0,ASN1_F_I2D_PRIVATEKEY,0),	"I2D_PRIVATEKEY"},
-{ERR_PACK(0,ASN1_F_I2D_PUBLICKEY,0),	"I2D_PUBLICKEY"},
-{ERR_PACK(0,ASN1_F_I2D_RSAPRIVATEKEY,0),	"I2D_RSAPRIVATEKEY"},
-{ERR_PACK(0,ASN1_F_I2D_RSAPUBLICKEY,0),	"I2D_RSAPUBLICKEY"},
-{ERR_PACK(0,ASN1_F_I2D_X509_ATTRIBUTE,0),	"I2D_X509_ATTRIBUTE"},
+{ERR_PACK(0,ASN1_F_I2D_ASN1_TIME,0),	"i2d_ASN1_TIME"},
+{ERR_PACK(0,ASN1_F_I2D_DHPARAMS,0),	"i2d_DHparams"},
+{ERR_PACK(0,ASN1_F_I2D_DSAPARAMS,0),	"i2d_DSAparams"},
+{ERR_PACK(0,ASN1_F_I2D_DSAPRIVATEKEY,0),	"i2d_DSAPrivateKey"},
+{ERR_PACK(0,ASN1_F_I2D_DSAPUBLICKEY,0),	"i2d_DSAPublicKey"},
+{ERR_PACK(0,ASN1_F_I2D_NETSCAPE_RSA,0),	"i2d_Netscape_RSA"},
+{ERR_PACK(0,ASN1_F_I2D_PKCS7,0),	"i2d_PKCS7"},
+{ERR_PACK(0,ASN1_F_I2D_PRIVATEKEY,0),	"i2d_PrivateKey"},
+{ERR_PACK(0,ASN1_F_I2D_PUBLICKEY,0),	"i2d_PublicKey"},
+{ERR_PACK(0,ASN1_F_I2D_RSAPRIVATEKEY,0),	"i2d_RSAPrivateKey"},
+{ERR_PACK(0,ASN1_F_I2D_RSAPUBLICKEY,0),	"i2d_RSAPublicKey"},
+{ERR_PACK(0,ASN1_F_I2D_X509_ATTRIBUTE,0),	"i2d_X509_ATTRIBUTE"},
 {ERR_PACK(0,ASN1_F_I2T_ASN1_OBJECT,0),	"i2t_ASN1_OBJECT"},
+{ERR_PACK(0,ASN1_F_NETSCAPE_CERT_SEQUENCE_NEW,0),	"NETSCAPE_CERT_SEQUENCE_new"},
 {ERR_PACK(0,ASN1_F_NETSCAPE_PKEY_NEW,0),	"NETSCAPE_PKEY_NEW"},
-{ERR_PACK(0,ASN1_F_NETSCAPE_SPKAC_NEW,0),	"NETSCAPE_SPKAC_NEW"},
-{ERR_PACK(0,ASN1_F_NETSCAPE_SPKI_NEW,0),	"NETSCAPE_SPKI_NEW"},
-{ERR_PACK(0,ASN1_F_PKCS7_DIGEST_NEW,0),	"PKCS7_DIGEST_NEW"},
-{ERR_PACK(0,ASN1_F_PKCS7_ENCRYPT_NEW,0),	"PKCS7_ENCRYPT_NEW"},
-{ERR_PACK(0,ASN1_F_PKCS7_ENC_CONTENT_NEW,0),	"PKCS7_ENC_CONTENT_NEW"},
-{ERR_PACK(0,ASN1_F_PKCS7_ENVELOPE_NEW,0),	"PKCS7_ENVELOPE_NEW"},
-{ERR_PACK(0,ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW,0),	"PKCS7_ISSUER_AND_SERIAL_NEW"},
-{ERR_PACK(0,ASN1_F_PKCS7_NEW,0),	"PKCS7_NEW"},
-{ERR_PACK(0,ASN1_F_PKCS7_RECIP_INFO_NEW,0),	"PKCS7_RECIP_INFO_NEW"},
-{ERR_PACK(0,ASN1_F_PKCS7_SIGNED_NEW,0),	"PKCS7_SIGNED_NEW"},
-{ERR_PACK(0,ASN1_F_PKCS7_SIGNER_INFO_NEW,0),	"PKCS7_SIGNER_INFO_NEW"},
-{ERR_PACK(0,ASN1_F_PKCS7_SIGN_ENVELOPE_NEW,0),	"PKCS7_SIGN_ENVELOPE_NEW"},
-{ERR_PACK(0,ASN1_F_X509_ALGOR_NEW,0),	"X509_ALGOR_NEW"},
-{ERR_PACK(0,ASN1_F_X509_ATTRIBUTE_NEW,0),	"X509_ATTRIBUTE_NEW"},
-{ERR_PACK(0,ASN1_F_X509_CINF_NEW,0),	"X509_CINF_NEW"},
-{ERR_PACK(0,ASN1_F_X509_CRL_INFO_NEW,0),	"X509_CRL_INFO_NEW"},
-{ERR_PACK(0,ASN1_F_X509_CRL_NEW,0),	"X509_CRL_NEW"},
+{ERR_PACK(0,ASN1_F_NETSCAPE_SPKAC_NEW,0),	"NETSCAPE_SPKAC_new"},
+{ERR_PACK(0,ASN1_F_NETSCAPE_SPKI_NEW,0),	"NETSCAPE_SPKI_new"},
+{ERR_PACK(0,ASN1_F_NOTICEREF_NEW,0),	"NOTICEREF_new"},
+{ERR_PACK(0,ASN1_F_PBE2PARAM_NEW,0),	"PBE2PARAM_new"},
+{ERR_PACK(0,ASN1_F_PBEPARAM_NEW,0),	"PBEPARAM_new"},
+{ERR_PACK(0,ASN1_F_PBKDF2PARAM_NEW,0),	"PBKDF2PARAM_new"},
+{ERR_PACK(0,ASN1_F_PKCS12_BAGS_NEW,0),	"PKCS12_BAGS_new"},
+{ERR_PACK(0,ASN1_F_PKCS12_MAC_DATA_NEW,0),	"PKCS12_MAC_DATA_new"},
+{ERR_PACK(0,ASN1_F_PKCS12_NEW,0),	"PKCS12_new"},
+{ERR_PACK(0,ASN1_F_PKCS12_SAFEBAG_NEW,0),	"PKCS12_SAFEBAG_new"},
+{ERR_PACK(0,ASN1_F_PKCS5_PBE2_SET,0),	"PKCS5_pbe2_set"},
+{ERR_PACK(0,ASN1_F_PKCS7_DIGEST_NEW,0),	"PKCS7_DIGEST_new"},
+{ERR_PACK(0,ASN1_F_PKCS7_ENCRYPT_NEW,0),	"PKCS7_ENCRYPT_new"},
+{ERR_PACK(0,ASN1_F_PKCS7_ENC_CONTENT_NEW,0),	"PKCS7_ENC_CONTENT_new"},
+{ERR_PACK(0,ASN1_F_PKCS7_ENVELOPE_NEW,0),	"PKCS7_ENVELOPE_new"},
+{ERR_PACK(0,ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW,0),	"PKCS7_ISSUER_AND_SERIAL_new"},
+{ERR_PACK(0,ASN1_F_PKCS7_NEW,0),	"PKCS7_new"},
+{ERR_PACK(0,ASN1_F_PKCS7_RECIP_INFO_NEW,0),	"PKCS7_RECIP_INFO_new"},
+{ERR_PACK(0,ASN1_F_PKCS7_SIGNED_NEW,0),	"PKCS7_SIGNED_new"},
+{ERR_PACK(0,ASN1_F_PKCS7_SIGNER_INFO_NEW,0),	"PKCS7_SIGNER_INFO_new"},
+{ERR_PACK(0,ASN1_F_PKCS7_SIGN_ENVELOPE_NEW,0),	"PKCS7_SIGN_ENVELOPE_new"},
+{ERR_PACK(0,ASN1_F_PKCS8_PRIV_KEY_INFO_NEW,0),	"PKCS8_PRIV_KEY_INFO_new"},
+{ERR_PACK(0,ASN1_F_PKEY_USAGE_PERIOD_NEW,0),	"PKEY_USAGE_PERIOD_new"},
+{ERR_PACK(0,ASN1_F_POLICYINFO_NEW,0),	"POLICYINFO_new"},
+{ERR_PACK(0,ASN1_F_POLICYQUALINFO_NEW,0),	"POLICYQUALINFO_new"},
+{ERR_PACK(0,ASN1_F_SXNETID_NEW,0),	"SXNETID_new"},
+{ERR_PACK(0,ASN1_F_SXNET_NEW,0),	"SXNET_new"},
+{ERR_PACK(0,ASN1_F_USERNOTICE_NEW,0),	"USERNOTICE_new"},
+{ERR_PACK(0,ASN1_F_X509_ALGOR_NEW,0),	"X509_ALGOR_new"},
+{ERR_PACK(0,ASN1_F_X509_ATTRIBUTE_NEW,0),	"X509_ATTRIBUTE_new"},
+{ERR_PACK(0,ASN1_F_X509_CINF_NEW,0),	"X509_CINF_new"},
+{ERR_PACK(0,ASN1_F_X509_CRL_INFO_NEW,0),	"X509_CRL_INFO_new"},
+{ERR_PACK(0,ASN1_F_X509_CRL_NEW,0),	"X509_CRL_new"},
 {ERR_PACK(0,ASN1_F_X509_DHPARAMS_NEW,0),	"X509_DHPARAMS_NEW"},
-{ERR_PACK(0,ASN1_F_X509_EXTENSION_NEW,0),	"X509_EXTENSION_NEW"},
-{ERR_PACK(0,ASN1_F_X509_INFO_NEW,0),	"X509_INFO_NEW"},
+{ERR_PACK(0,ASN1_F_X509_EXTENSION_NEW,0),	"X509_EXTENSION_new"},
+{ERR_PACK(0,ASN1_F_X509_INFO_NEW,0),	"X509_INFO_new"},
 {ERR_PACK(0,ASN1_F_X509_KEY_NEW,0),	"X509_KEY_NEW"},
-{ERR_PACK(0,ASN1_F_X509_NAME_ENTRY_NEW,0),	"X509_NAME_ENTRY_NEW"},
-{ERR_PACK(0,ASN1_F_X509_NAME_NEW,0),	"X509_NAME_NEW"},
-{ERR_PACK(0,ASN1_F_X509_NEW,0),	"X509_NEW"},
-{ERR_PACK(0,ASN1_F_X509_PKEY_NEW,0),	"X509_PKEY_NEW"},
-{ERR_PACK(0,ASN1_F_X509_PUBKEY_NEW,0),	"X509_PUBKEY_NEW"},
-{ERR_PACK(0,ASN1_F_X509_REQ_INFO_NEW,0),	"X509_REQ_INFO_NEW"},
-{ERR_PACK(0,ASN1_F_X509_REQ_NEW,0),	"X509_REQ_NEW"},
-{ERR_PACK(0,ASN1_F_X509_REVOKED_NEW,0),	"X509_REVOKED_NEW"},
-{ERR_PACK(0,ASN1_F_X509_SIG_NEW,0),	"X509_SIG_NEW"},
-{ERR_PACK(0,ASN1_F_X509_VAL_FREE,0),	"X509_VAL_FREE"},
-{ERR_PACK(0,ASN1_F_X509_VAL_NEW,0),	"X509_VAL_NEW"},
-{0,NULL},
+{ERR_PACK(0,ASN1_F_X509_NAME_ENTRY_NEW,0),	"X509_NAME_ENTRY_new"},
+{ERR_PACK(0,ASN1_F_X509_NAME_NEW,0),	"X509_NAME_new"},
+{ERR_PACK(0,ASN1_F_X509_NEW,0),	"X509_new"},
+{ERR_PACK(0,ASN1_F_X509_PKEY_NEW,0),	"X509_PKEY_new"},
+{ERR_PACK(0,ASN1_F_X509_PUBKEY_NEW,0),	"X509_PUBKEY_new"},
+{ERR_PACK(0,ASN1_F_X509_REQ_INFO_NEW,0),	"X509_REQ_INFO_new"},
+{ERR_PACK(0,ASN1_F_X509_REQ_NEW,0),	"X509_REQ_new"},
+{ERR_PACK(0,ASN1_F_X509_REVOKED_NEW,0),	"X509_REVOKED_new"},
+{ERR_PACK(0,ASN1_F_X509_SIG_NEW,0),	"X509_SIG_new"},
+{ERR_PACK(0,ASN1_F_X509_VAL_FREE,0),	"X509_VAL_free"},
+{ERR_PACK(0,ASN1_F_X509_VAL_NEW,0),	"X509_VAL_new"},
+{0,NULL}
 	};
 
 static ERR_STRING_DATA ASN1_str_reasons[]=
 	{
 {ASN1_R_BAD_CLASS                        ,"bad class"},
-{ASN1_R_BAD_GET_OBJECT                   ,"bad get object"},
 {ASN1_R_BAD_OBJECT_HEADER                ,"bad object header"},
 {ASN1_R_BAD_PASSWORD_READ                ,"bad password read"},
 {ASN1_R_BAD_PKCS7_CONTENT                ,"bad pkcs7 content"},
@@ -202,24 +263,28 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ASN1_R_BOOLEAN_IS_WRONG_LENGTH          ,"boolean is wrong length"},
 {ASN1_R_BUFFER_TOO_SMALL                 ,"buffer too small"},
 {ASN1_R_DATA_IS_WRONG                    ,"data is wrong"},
+{ASN1_R_DECODE_ERROR                     ,"decode error"},
 {ASN1_R_DECODING_ERROR                   ,"decoding error"},
-{ASN1_R_ERROR_STACK                      ,"error stack"},
+{ASN1_R_ENCODE_ERROR                     ,"encode error"},
+{ASN1_R_ERROR_PARSING_SET_ELEMENT        ,"error parsing set element"},
+{ASN1_R_ERROR_SETTING_CIPHER_PARAMS      ,"error setting cipher params"},
+{ASN1_R_EXPECTING_AN_ENUMERATED          ,"expecting an enumerated"},
 {ASN1_R_EXPECTING_AN_INTEGER             ,"expecting an integer"},
 {ASN1_R_EXPECTING_AN_OBJECT              ,"expecting an object"},
 {ASN1_R_EXPECTING_AN_OCTET_STRING        ,"expecting an octet string"},
 {ASN1_R_EXPECTING_A_BIT_STRING           ,"expecting a bit string"},
 {ASN1_R_EXPECTING_A_BOOLEAN              ,"expecting a boolean"},
-{ASN1_R_EXPECTING_A_SEQUENCE             ,"expecting a sequence"},
+{ASN1_R_EXPECTING_A_GENERALIZEDTIME      ,"expecting a generalizedtime"},
+{ASN1_R_EXPECTING_A_TIME                 ,"expecting a time"},
 {ASN1_R_EXPECTING_A_UTCTIME              ,"expecting a utctime"},
 {ASN1_R_FIRST_NUM_TOO_LARGE              ,"first num too large"},
+{ASN1_R_GENERALIZEDTIME_TOO_LONG         ,"generalizedtime too long"},
 {ASN1_R_HEADER_TOO_LONG                  ,"header too long"},
 {ASN1_R_INVALID_DIGIT                    ,"invalid digit"},
 {ASN1_R_INVALID_SEPARATOR                ,"invalid separator"},
 {ASN1_R_INVALID_TIME_FORMAT              ,"invalid time format"},
 {ASN1_R_IV_TOO_LARGE                     ,"iv too large"},
 {ASN1_R_LENGTH_ERROR                     ,"length error"},
-{ASN1_R_LENGTH_MISMATCH                  ,"length mismatch"},
-{ASN1_R_MISSING_EOS                      ,"missing eos"},
 {ASN1_R_MISSING_SECOND_NUMBER            ,"missing second number"},
 {ASN1_R_NON_HEX_CHARACTERS               ,"non hex characters"},
 {ASN1_R_NOT_ENOUGH_DATA                  ,"not enough data"},
@@ -245,17 +310,17 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ASN1_R_WRONG_PRINTABLE_TYPE             ,"wrong printable type"},
 {ASN1_R_WRONG_TAG                        ,"wrong tag"},
 {ASN1_R_WRONG_TYPE                       ,"wrong type"},
-{0,NULL},
+{0,NULL}
 	};
 
 #endif
 
-void ERR_load_ASN1_strings()
+void ERR_load_ASN1_strings(void)
 	{
 	static int init=1;
 
-	if (init);
-		{;
+	if (init)
+		{
 		init=0;
 #ifndef NO_ERR
 		ERR_load_strings(ERR_LIB_ASN1,ASN1_str_functs);
diff --git a/lib/libssl/src/crypto/asn1/asn1_lib.c b/lib/libssl/src/crypto/asn1/asn1_lib.c
index ff30b25836e..95e54ed6267 100644
--- a/lib/libssl/src/crypto/asn1/asn1_lib.c
+++ b/lib/libssl/src/crypto/asn1/asn1_lib.c
@@ -58,22 +58,14 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1.h"
-#include "asn1_mac.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>
 
-#ifndef NOPROTO
 static int asn1_get_length(unsigned char **pp,int *inf,long *rl,int max);
 static void asn1_put_length(unsigned char **pp, int length);
-#else
-static int asn1_get_length();
-static void asn1_put_length();
-#endif
-
-char *ASN1_version="ASN1 part of SSLeay 0.9.0b 29-Jun-1998";
+const char *ASN1_version="ASN.1" OPENSSL_VERSION_PTEXT;
 
-int ASN1_check_infinite_end(p,len)
-unsigned char **p;
-long len;
+int ASN1_check_infinite_end(unsigned char **p, long len)
 	{
 	/* If there is 0 or 1 byte left, the length check should pick
 	 * things up */
@@ -88,12 +80,8 @@ long len;
 	}
 
 
-int ASN1_get_object(pp, plength, ptag, pclass, omax)
-unsigned char **pp;
-long *plength;
-int *ptag;
-int *pclass;
-long omax;
+int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass,
+	     long omax)
 	{
 	int i,ret;
 	long l;
@@ -104,8 +92,8 @@ long omax;
 	if (!max) goto err;
 	ret=(*p&V_ASN1_CONSTRUCTED);
 	xclass=(*p&V_ASN1_PRIVATE);
-	i= *p&V_ASN1_PRIMATIVE_TAG;
-	if (i == V_ASN1_PRIMATIVE_TAG)
+	i= *p&V_ASN1_PRIMITIVE_TAG;
+	if (i == V_ASN1_PRIMITIVE_TAG)
 		{		/* high-tag */
 		p++;
 		if (--max == 0) goto err;
@@ -130,11 +118,13 @@ long omax;
 	*pclass=xclass;
 	if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err;
 
-#ifdef undef
-	fprintf(stderr,"p=%d + *plength=%d > omax=%d + *pp=%d  (%d > %d)\n", 
-		p,*plength,omax,*pp,(p+ *plength),omax+ *pp);
+#if 0
+	fprintf(stderr,"p=%d + *plength=%ld > omax=%ld + *pp=%d  (%d > %d)\n", 
+		(int)p,*plength,omax,(int)*pp,(int)(p+ *plength),
+		(int)(omax+ *pp));
 
 #endif
+#if 0
 	if ((p+ *plength) > (omax+ *pp))
 		{
 		ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
@@ -142,18 +132,15 @@ long omax;
 		 * the values are set correctly */
 		ret|=0x80;
 		}
+#endif
 	*pp=p;
-	return(ret+inf);
+	return(ret|inf);
 err:
 	ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_HEADER_TOO_LONG);
 	return(0x80);
 	}
 
-static int asn1_get_length(pp,inf,rl,max)
-unsigned char **pp;
-int *inf;
-long *rl;
-int max;
+static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
 	{
 	unsigned char *p= *pp;
 	long ret=0;
@@ -190,12 +177,8 @@ int max;
 
 /* class 0 is constructed
  * constructed == 2 for indefinitle length constructed */
-void ASN1_put_object(pp,constructed,length,tag,xclass)
-unsigned char **pp;
-int constructed;
-int length;
-int tag;
-int xclass;
+void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag,
+	     int xclass)
 	{
 	unsigned char *p= *pp;
 	int i;
@@ -203,10 +186,10 @@ int xclass;
 	i=(constructed)?V_ASN1_CONSTRUCTED:0;
 	i|=(xclass&V_ASN1_PRIVATE);
 	if (tag < 31)
-		*(p++)=i|(tag&V_ASN1_PRIMATIVE_TAG);
+		*(p++)=i|(tag&V_ASN1_PRIMITIVE_TAG);
 	else
 		{
-		*(p++)=i|V_ASN1_PRIMATIVE_TAG;
+		*(p++)=i|V_ASN1_PRIMITIVE_TAG;
 		while (tag > 0x7f)
 			{
 			*(p++)=(tag&0x7f)|0x80;
@@ -221,9 +204,7 @@ int xclass;
 	*pp=p;
 	}
 
-static void asn1_put_length(pp, length)
-unsigned char **pp;
-int length;
+static void asn1_put_length(unsigned char **pp, int length)
 	{
 	unsigned char *p= *pp;
 	int i,l;
@@ -246,10 +227,7 @@ int length;
 	*pp=p;
 	}
 
-int ASN1_object_size(constructed, length, tag)
-int constructed;
-int length;
-int tag;
+int ASN1_object_size(int constructed, int length, int tag)
 	{
 	int ret;
 
@@ -277,29 +255,26 @@ int tag;
 	return(ret);
 	}
 
-int asn1_Finish(c)
-ASN1_CTX *c;
+int asn1_Finish(ASN1_CTX *c)
 	{
 	if ((c->inf == (1|V_ASN1_CONSTRUCTED)) && (!c->eos))
 		{
 		if (!ASN1_check_infinite_end(&c->p,c->slen))
 			{
-			c->error=ASN1_R_MISSING_EOS;
+			c->error=ERR_R_MISSING_ASN1_EOS;
 			return(0);
 			}
 		}
 	if (	((c->slen != 0) && !(c->inf & 1)) ||
 		((c->slen < 0) && (c->inf & 1)))
 		{
-		c->error=ASN1_R_LENGTH_MISMATCH;
+		c->error=ERR_R_ASN1_LENGTH_MISMATCH;
 		return(0);
 		}
 	return(1);
 	}
 
-int asn1_GetSequence(c,length)
-ASN1_CTX *c;
-long *length;
+int asn1_GetSequence(ASN1_CTX *c, long *length)
 	{
 	unsigned char *q;
 
@@ -308,18 +283,18 @@ long *length;
 		*length);
 	if (c->inf & 0x80)
 		{
-		c->error=ASN1_R_BAD_GET_OBJECT;
+		c->error=ERR_R_BAD_GET_ASN1_OBJECT_CALL;
 		return(0);
 		}
 	if (c->tag != V_ASN1_SEQUENCE)
 		{
-		c->error=ASN1_R_EXPECTING_A_SEQUENCE;
+		c->error=ERR_R_EXPECTING_AN_ASN1_SEQUENCE;
 		return(0);
 		}
 	(*length)-=(c->p-q);
 	if (c->max && (*length < 0))
 		{
-		c->error=ASN1_R_LENGTH_MISMATCH;
+		c->error=ERR_R_ASN1_LENGTH_MISMATCH;
 		return(0);
 		}
 	if (c->inf == (1|V_ASN1_CONSTRUCTED))
@@ -328,8 +303,7 @@ long *length;
 	return(1);
 	}
 
-ASN1_STRING *ASN1_STRING_dup(str)
-ASN1_STRING *str;
+ASN1_STRING *ASN1_STRING_dup(ASN1_STRING *str)
 	{
 	ASN1_STRING *ret;
 
@@ -341,34 +315,33 @@ ASN1_STRING *str;
 		ASN1_STRING_free(ret);
 		return(NULL);
 		}
+	ret->flags = str->flags;
 	return(ret);
 	}
 
-int ASN1_STRING_set(str,data,len)
-ASN1_STRING *str;
-unsigned char *data;
-int len;
+int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
 	{
-	char *c;
+	unsigned char *c;
+	const char *data=_data;
 
 	if (len < 0)
 		{
 		if (data == NULL)
 			return(0);
 		else
-			len=strlen((char *)data);
+			len=strlen(data);
 		}
 	if ((str->length < len) || (str->data == NULL))
 		{
-		c=(char *)str->data;
+		c=str->data;
 		if (c == NULL)
-			str->data=(unsigned char *)Malloc(len+1);
+			str->data=Malloc(len+1);
 		else
-			str->data=(unsigned char *)Realloc(c,len+1);
+			str->data=Realloc(c,len+1);
 
 		if (str->data == NULL)
 			{
-			str->data=(unsigned char *)c;
+			str->data=c;
 			return(0);
 			}
 		}
@@ -382,14 +355,13 @@ int len;
 	return(1);
 	}
 
-ASN1_STRING *ASN1_STRING_new()
+ASN1_STRING *ASN1_STRING_new(void)
 	{
 	return(ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
 	}
 
 
-ASN1_STRING *ASN1_STRING_type_new(type)
-int type;
+ASN1_STRING *ASN1_STRING_type_new(int type)
 	{
 	ASN1_STRING *ret;
 
@@ -402,19 +374,18 @@ int type;
 	ret->length=0;
 	ret->type=type;
 	ret->data=NULL;
+	ret->flags=0;
 	return(ret);
 	}
 
-void ASN1_STRING_free(a)
-ASN1_STRING *a;
+void ASN1_STRING_free(ASN1_STRING *a)
 	{
 	if (a == NULL) return;
 	if (a->data != NULL) Free((char *)a->data);
 	Free((char *)a);
 	}
 
-int ASN1_STRING_cmp(a,b)
-ASN1_STRING *a,*b;
+int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b)
 	{
 	int i;
 
@@ -431,9 +402,7 @@ ASN1_STRING *a,*b;
 		return(i);
 	}
 
-void asn1_add_error(address,offset)
-unsigned char *address;
-int offset;
+void asn1_add_error(unsigned char *address, int offset)
 	{
 	char buf1[16],buf2[16];
 
diff --git a/lib/libssl/src/crypto/asn1/asn1_mac.h b/lib/libssl/src/crypto/asn1/asn1_mac.h
index 4fba70e4bb4..93f9c5193c5 100644
--- a/lib/libssl/src/crypto/asn1/asn1_mac.h
+++ b/lib/libssl/src/crypto/asn1/asn1_mac.h
@@ -63,18 +63,25 @@
 extern "C" {
 #endif
 
-#include "asn1.h"
-#include "x509.h"
-#include "pkcs7.h"
+#include <openssl/asn1.h>
+
+#ifndef ASN1_MAC_ERR_LIB
+#define ASN1_MAC_ERR_LIB	ERR_LIB_ASN1
+#endif 
+
+#define ASN1_MAC_H_err(f,r,line) \
+	ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),ERR_file_name,(line))
 
 #define M_ASN1_D2I_vars(a,type,func) \
 	ASN1_CTX c; \
 	type ret=NULL; \
 	\
 	c.pp=pp; \
-	c.error=ASN1_R_ERROR_STACK; \
+	c.q= *pp; \
+	c.error=ERR_R_NESTED_ASN1_ERROR; \
 	if ((a == NULL) || ((*a) == NULL)) \
-		{ if ((ret=(type)func()) == NULL) goto err; } \
+		{ if ((ret=(type)func()) == NULL) \
+			{ c.line=__LINE__; goto err; } } \
 	else	ret=(*a);
 
 #define M_ASN1_D2I_Init() \
@@ -82,7 +89,8 @@ extern "C" {
 	c.max=(length == 0)?0:(c.p+length);
 
 #define M_ASN1_D2I_Finish_2(a) \
-	if (!asn1_Finish(&c)) goto err; \
+	if (!asn1_Finish(&c)) \
+		{ c.line=__LINE__; goto err; } \
 	*pp=c.p; \
 	if (a != NULL) (*a)=ret; \
 	return(ret);
@@ -90,21 +98,31 @@ extern "C" {
 #define M_ASN1_D2I_Finish(a,func,e) \
 	M_ASN1_D2I_Finish_2(a); \
 err:\
-	ASN1err((e),c.error); \
+	ASN1_MAC_H_err((e),c.error,c.line); \
 	asn1_add_error(*pp,(int)(c.q- *pp)); \
 	if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \
 	return(NULL)
 
 #define M_ASN1_D2I_start_sequence() \
-	if (!asn1_GetSequence(&c,&length)) goto err;
+	if (!asn1_GetSequence(&c,&length)) \
+		{ c.line=__LINE__; goto err; }
 
 #define M_ASN1_D2I_end_sequence() \
 	(((c.inf&1) == 0)?(c.slen <= 0): \
 		(c.eos=ASN1_check_infinite_end(&c.p,c.slen)))
 
+/* Don't use this with d2i_ASN1_BOOLEAN() */
 #define M_ASN1_D2I_get(b,func) \
 	c.q=c.p; \
-	if (func(&(b),&c.p,c.slen) == NULL) goto err; \
+	if (func(&(b),&c.p,c.slen) == NULL) \
+		{c.line=__LINE__; goto err; } \
+	c.slen-=(c.p-c.q);
+
+/* use this instead () */
+#define M_ASN1_D2I_get_int(b,func) \
+	c.q=c.p; \
+	if (func(&(b),&c.p,c.slen) < 0) \
+		{c.line=__LINE__; goto err; } \
 	c.slen-=(c.p-c.q);
 
 #define M_ASN1_D2I_get_opt(b,func,type) \
@@ -114,49 +132,118 @@ err:\
 		M_ASN1_D2I_get(b,func); \
 		}
 
+#define M_ASN1_D2I_get_imp(b,func, type) \
+	M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \
+	c.q=c.p; \
+	if (func(&(b),&c.p,c.slen) == NULL) \
+		{c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \
+	c.slen-=(c.p-c.q);\
+	M_ASN1_next_prev=_tmp;
+
 #define M_ASN1_D2I_get_IMP_opt(b,func,tag,type) \
 	if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) == \
 		(V_ASN1_CONTEXT_SPECIFIC|(tag)))) \
 		{ \
-		unsigned char tmp; \
-		tmp=M_ASN1_next; \
-		M_ASN1_next=(tmp& ~V_ASN1_PRIMATIVE_TAG)|type; \
-		M_ASN1_D2I_get(b,func); \
-		M_ASN1_next_prev=tmp; \
+		unsigned char _tmp = M_ASN1_next; \
+		M_ASN1_D2I_get_imp(b,func, type);\
 		}
 
-#define M_ASN1_D2I_get_set(r,func) \
-		M_ASN1_D2I_get_imp_set(r,func,V_ASN1_SET,V_ASN1_UNIVERSAL);
+#define M_ASN1_D2I_get_set(r,func,free_func) \
+		M_ASN1_D2I_get_imp_set(r,func,free_func, \
+			V_ASN1_SET,V_ASN1_UNIVERSAL);
+
+#define M_ASN1_D2I_get_set_type(type,r,func,free_func) \
+		M_ASN1_D2I_get_imp_set_type(type,r,func,free_func, \
+			V_ASN1_SET,V_ASN1_UNIVERSAL);
+
+#define M_ASN1_D2I_get_set_opt(r,func,free_func) \
+	if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
+		V_ASN1_CONSTRUCTED|V_ASN1_SET)))\
+		{ M_ASN1_D2I_get_set(r,func,free_func); }
+
+#define M_ASN1_D2I_get_set_opt_type(type,r,func,free_func) \
+	if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
+		V_ASN1_CONSTRUCTED|V_ASN1_SET)))\
+		{ M_ASN1_D2I_get_set_type(type,r,func,free_func); }
+
+#define M_ASN1_I2D_len_SET_opt(a,f) \
+	if ((a != NULL) && (sk_num(a) != 0)) \
+		M_ASN1_I2D_len_SET(a,f);
+
+#define M_ASN1_I2D_put_SET_opt(a,f) \
+	if ((a != NULL) && (sk_num(a) != 0)) \
+		M_ASN1_I2D_put_SET(a,f);
+
+#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \
+	if ((a != NULL) && (sk_num(a) != 0)) \
+		M_ASN1_I2D_put_SEQUENCE(a,f);
+
+#define M_ASN1_I2D_put_SEQUENCE_opt_type(type,a,f) \
+	if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+		M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
+
+#define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \
+	if ((c.slen != 0) && \
+		(M_ASN1_next == \
+		(V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\
+		{ \
+		M_ASN1_D2I_get_imp_set(b,func,free_func,\
+			tag,V_ASN1_CONTEXT_SPECIFIC); \
+		}
 
-#define M_ASN1_D2I_get_IMP_set_opt(b,func,tag) \
+#define M_ASN1_D2I_get_IMP_set_opt_type(type,b,func,free_func,tag) \
 	if ((c.slen != 0) && \
 		(M_ASN1_next == \
 		(V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\
 		{ \
-		M_ASN1_D2I_get_imp_set(b,func,tag,V_ASN1_CONTEXT_SPECIFIC); \
+		M_ASN1_D2I_get_imp_set_type(type,b,func,free_func,\
+			tag,V_ASN1_CONTEXT_SPECIFIC); \
 		}
 
-#define M_ASN1_D2I_get_seq(r,func) \
-		M_ASN1_D2I_get_imp_set(r,func,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+#define M_ASN1_D2I_get_seq(r,func,free_func) \
+		M_ASN1_D2I_get_imp_set(r,func,free_func,\
+			V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+
+#define M_ASN1_D2I_get_seq_type(type,r,func,free_func) \
+		M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\
+					    V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL)
 
-#define M_ASN1_D2I_get_seq_opt(r,func) \
+#define M_ASN1_D2I_get_seq_opt(r,func,free_func) \
 	if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
 		V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\
-		{ M_ASN1_D2I_get_seq(r,func); }
+		{ M_ASN1_D2I_get_seq(r,func,free_func); }
 
-#define M_ASN1_D2I_get_IMP_set(r,func,x) \
-		M_ASN1_D2I_get_imp_set(r,func,x,V_ASN1_CONTEXT_SPECIFIC);
+#define M_ASN1_D2I_get_seq_opt_type(type,r,func,free_func) \
+	if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
+		V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\
+		{ M_ASN1_D2I_get_seq_type(type,r,func,free_func); }
+
+#define M_ASN1_D2I_get_IMP_set(r,func,free_func,x) \
+		M_ASN1_D2I_get_imp_set(r,func,free_func,\
+			x,V_ASN1_CONTEXT_SPECIFIC);
 
-#define M_ASN1_D2I_get_imp_set(r,func,a,b) \
+#define M_ASN1_D2I_get_IMP_set_type(type,r,func,free_func,x) \
+		M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\
+			x,V_ASN1_CONTEXT_SPECIFIC);
+
+#define M_ASN1_D2I_get_imp_set(r,func,free_func,a,b) \
 	c.q=c.p; \
-	if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,a,b) == NULL) \
-		goto err; \
+	if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\
+		(void (*)())free_func,a,b) == NULL) \
+		{ c.line=__LINE__; goto err; } \
+	c.slen-=(c.p-c.q);
+
+#define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \
+	c.q=c.p; \
+	if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\
+				   free_func,a,b) == NULL) \
+		{ c.line=__LINE__; goto err; } \
 	c.slen-=(c.p-c.q);
 
 #define M_ASN1_D2I_get_set_strings(r,func,a,b) \
 	c.q=c.p; \
 	if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \
-		goto err; \
+		{ c.line=__LINE__; goto err; } \
 	c.slen-=(c.p-c.q);
 
 #define M_ASN1_D2I_get_EXP_opt(r,func,tag) \
@@ -169,13 +256,22 @@ err:\
 		c.q=c.p; \
 		Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
 		if (Tinf & 0x80) \
-			{ c.error=ASN1_R_BAD_OBJECT_HEADER; goto err; } \
+			{ c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
+			c.line=__LINE__; goto err; } \
+		if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
+					Tlen = c.slen - (c.p - c.q) - 2; \
 		if (func(&(r),&c.p,Tlen) == NULL) \
-			goto err; \
+			{ c.line=__LINE__; goto err; } \
+		if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
+			Tlen = c.slen - (c.p - c.q); \
+			if(!ASN1_check_infinite_end(&c.p, Tlen)) \
+				{ c.error=ERR_R_MISSING_ASN1_EOS; \
+				c.line=__LINE__; goto err; } \
+		}\
 		c.slen-=(c.p-c.q); \
 		}
 
-#define M_ASN1_D2I_get_EXP_set_opt(r,func,tag,b) \
+#define M_ASN1_D2I_get_EXP_set_opt(r,func,free_func,tag,b) \
 	if ((c.slen != 0) && (M_ASN1_next == \
 		(V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
 		{ \
@@ -185,24 +281,61 @@ err:\
 		c.q=c.p; \
 		Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
 		if (Tinf & 0x80) \
-			{ c.error=ASN1_R_BAD_OBJECT_HEADER; goto err; } \
+			{ c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
+			c.line=__LINE__; goto err; } \
+		if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
+					Tlen = c.slen - (c.p - c.q) - 2; \
 		if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \
+			(void (*)())free_func, \
 			b,V_ASN1_UNIVERSAL) == NULL) \
-			goto err; \
+			{ c.line=__LINE__; goto err; } \
+		if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
+			Tlen = c.slen - (c.p - c.q); \
+			if(!ASN1_check_infinite_end(&c.p, Tlen)) \
+				{ c.error=ERR_R_MISSING_ASN1_EOS; \
+				c.line=__LINE__; goto err; } \
+		}\
+		c.slen-=(c.p-c.q); \
+		}
+
+#define M_ASN1_D2I_get_EXP_set_opt_type(type,r,func,free_func,tag,b) \
+	if ((c.slen != 0) && (M_ASN1_next == \
+		(V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
+		{ \
+		int Tinf,Ttag,Tclass; \
+		long Tlen; \
+		\
+		c.q=c.p; \
+		Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
+		if (Tinf & 0x80) \
+			{ c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
+			c.line=__LINE__; goto err; } \
+		if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
+					Tlen = c.slen - (c.p - c.q) - 2; \
+		if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \
+			free_func,b,V_ASN1_UNIVERSAL) == NULL) \
+			{ c.line=__LINE__; goto err; } \
+		if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
+			Tlen = c.slen - (c.p - c.q); \
+			if(!ASN1_check_infinite_end(&c.p, Tlen)) \
+				{ c.error=ERR_R_MISSING_ASN1_EOS; \
+				c.line=__LINE__; goto err; } \
+		}\
 		c.slen-=(c.p-c.q); \
 		}
 
 /* New macros */
 #define M_ASN1_New_Malloc(ret,type) \
-	if ((ret=(type *)Malloc(sizeof(type))) == NULL) goto err2;
+	if ((ret=(type *)Malloc(sizeof(type))) == NULL) \
+		{ c.line=__LINE__; goto err2; }
 
 #define M_ASN1_New(arg,func) \
 	if (((arg)=func()) == NULL) return(NULL)
 
 #define M_ASN1_New_Error(a) \
-/*	err:	ASN1err((a),ASN1_R_ERROR_STACK); \
+/*	err:	ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \
 		return(NULL);*/ \
-	err2:	ASN1err((a),ERR_R_MALLOC_FAILURE); \
+	err2:	ASN1_MAC_H_err((a),ERR_R_MALLOC_FAILURE,c.line); \
 		return(NULL)
 
 
@@ -220,21 +353,59 @@ err:\
 #define M_ASN1_I2D_len_IMP_opt(a,f)	if (a != NULL) M_ASN1_I2D_len(a,f)
 
 #define M_ASN1_I2D_len_SET(a,f) \
-		ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SET,V_ASN1_UNIVERSAL);
+		ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET);
 
-#define M_ASN1_I2D_len_SEQ(a,f) \
-		ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+#define M_ASN1_I2D_len_SET_type(type,a,f) \
+		ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SET, \
+					    V_ASN1_UNIVERSAL,IS_SET);
 
-#define M_ASN1_I2D_len_SEQ_opt(a,f) \
+#define M_ASN1_I2D_len_SEQUENCE(a,f) \
+		ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \
+				  IS_SEQUENCE);
+
+#define M_ASN1_I2D_len_SEQUENCE_type(type,a,f) \
+		ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SEQUENCE, \
+					    V_ASN1_UNIVERSAL,IS_SEQUENCE)
+
+#define M_ASN1_I2D_len_SEQUENCE_opt(a,f) \
 		if ((a != NULL) && (sk_num(a) != 0)) \
-			M_ASN1_I2D_len_SEQ(a,f);
+			M_ASN1_I2D_len_SEQUENCE(a,f);
+
+#define M_ASN1_I2D_len_SEQUENCE_opt_type(type,a,f) \
+		if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+			M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
 
-#define M_ASN1_I2D_len_IMP_set(a,f,x) \
-		ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC);
+#define M_ASN1_I2D_len_IMP_SET(a,f,x) \
+		ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET);
 
-#define M_ASN1_I2D_len_IMP_set_opt(a,f,x) \
+#define M_ASN1_I2D_len_IMP_SET_type(type,a,f,x) \
+		ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
+					    V_ASN1_CONTEXT_SPECIFIC,IS_SET);
+
+#define M_ASN1_I2D_len_IMP_SET_opt(a,f,x) \
 		if ((a != NULL) && (sk_num(a) != 0)) \
-			ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC);
+			ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \
+					  IS_SET);
+
+#define M_ASN1_I2D_len_IMP_SET_opt_type(type,a,f,x) \
+		if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+			ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
+					       V_ASN1_CONTEXT_SPECIFIC,IS_SET);
+
+#define M_ASN1_I2D_len_IMP_SEQUENCE(a,f,x) \
+		ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \
+				  IS_SEQUENCE);
+
+#define M_ASN1_I2D_len_IMP_SEQUENCE_opt(a,f,x) \
+		if ((a != NULL) && (sk_num(a) != 0)) \
+			ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \
+					  IS_SEQUENCE);
+
+#define M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(type,a,f,x) \
+		if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+			ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
+						    V_ASN1_CONTEXT_SPECIFIC, \
+						    IS_SEQUENCE);
 
 #define M_ASN1_I2D_len_EXP_opt(a,f,mtag,v) \
 		if (a != NULL)\
@@ -243,10 +414,27 @@ err:\
 			ret+=ASN1_object_size(1,v,mtag); \
 			}
 
-#define M_ASN1_I2D_len_EXP_set_opt(a,f,mtag,tag,v) \
+#define M_ASN1_I2D_len_EXP_SET_opt(a,f,mtag,tag,v) \
+		if ((a != NULL) && (sk_num(a) != 0))\
+			{ \
+			v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL,IS_SET); \
+			ret+=ASN1_object_size(1,v,mtag); \
+			}
+
+#define M_ASN1_I2D_len_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \
 		if ((a != NULL) && (sk_num(a) != 0))\
 			{ \
-			v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL); \
+			v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL, \
+				       IS_SEQUENCE); \
+			ret+=ASN1_object_size(1,v,mtag); \
+			}
+
+#define M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \
+		if ((a != NULL) && (sk_##type##_num(a) != 0))\
+			{ \
+			v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \
+						 V_ASN1_UNIVERSAL, \
+						 IS_SEQUENCE); \
 			ret+=ASN1_object_size(1,v,mtag); \
 			}
 
@@ -262,20 +450,48 @@ err:\
 			}
 
 #define M_ASN1_I2D_put_SET(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SET,\
-			V_ASN1_UNIVERSAL)
-#define M_ASN1_I2D_put_IMP_set(a,f,x) i2d_ASN1_SET(a,&p,f,x,\
-			V_ASN1_CONTEXT_SPECIFIC)
-
-#define M_ASN1_I2D_put_SEQ(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SEQUENCE,\
-			V_ASN1_UNIVERSAL)
+			V_ASN1_UNIVERSAL,IS_SET)
+#define M_ASN1_I2D_put_SET_type(type,a,f) \
+     i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET)
+#define M_ASN1_I2D_put_IMP_SET(a,f,x) i2d_ASN1_SET(a,&p,f,x,\
+			V_ASN1_CONTEXT_SPECIFIC,IS_SET)
+#define M_ASN1_I2D_put_IMP_SET_type(type,a,f,x) \
+     i2d_ASN1_SET_OF_##type(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET)
+#define M_ASN1_I2D_put_IMP_SEQUENCE(a,f,x) i2d_ASN1_SET(a,&p,f,x,\
+			V_ASN1_CONTEXT_SPECIFIC,IS_SEQUENCE)
+
+#define M_ASN1_I2D_put_SEQUENCE(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SEQUENCE,\
+					     V_ASN1_UNIVERSAL,IS_SEQUENCE)
+
+#define M_ASN1_I2D_put_SEQUENCE_type(type,a,f) \
+     i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \
+			    IS_SEQUENCE)
+
+#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \
+		if ((a != NULL) && (sk_num(a) != 0)) \
+			M_ASN1_I2D_put_SEQUENCE(a,f);
 
-#define M_ASN1_I2D_put_SEQ_opt(a,f) \
+#define M_ASN1_I2D_put_IMP_SET_opt(a,f,x) \
 		if ((a != NULL) && (sk_num(a) != 0)) \
-			M_ASN1_I2D_put_SEQ(a,f);
+			{ i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \
+				       IS_SET); }
+
+#define M_ASN1_I2D_put_IMP_SET_opt_type(type,a,f,x) \
+		if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+			{ i2d_ASN1_SET_OF_##type(a,&p,f,x, \
+						 V_ASN1_CONTEXT_SPECIFIC, \
+						 IS_SET); }
 
-#define M_ASN1_I2D_put_IMP_set_opt(a,f,x) \
+#define M_ASN1_I2D_put_IMP_SEQUENCE_opt(a,f,x) \
 		if ((a != NULL) && (sk_num(a) != 0)) \
-			{ i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC); }
+			{ i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \
+				       IS_SEQUENCE); }
+
+#define M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(type,a,f,x) \
+		if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+			{ i2d_ASN1_SET_OF_##type(a,&p,f,x, \
+						 V_ASN1_CONTEXT_SPECIFIC, \
+						 IS_SEQUENCE); }
 
 #define M_ASN1_I2D_put_EXP_opt(a,f,tag,v) \
 		if (a != NULL) \
@@ -284,11 +500,26 @@ err:\
 			f(a,&p); \
 			}
 
-#define M_ASN1_I2D_put_EXP_set_opt(a,f,mtag,tag,v) \
+#define M_ASN1_I2D_put_EXP_SET_opt(a,f,mtag,tag,v) \
 		if ((a != NULL) && (sk_num(a) != 0)) \
 			{ \
 			ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
-			i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL); \
+			i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SET); \
+			}
+
+#define M_ASN1_I2D_put_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \
+		if ((a != NULL) && (sk_num(a) != 0)) \
+			{ \
+			ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
+			i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SEQUENCE); \
+			}
+
+#define M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \
+		if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+			{ \
+			ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
+			i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \
+					       IS_SEQUENCE); \
 			}
 
 #define M_ASN1_I2D_seq_total() \
@@ -306,14 +537,8 @@ err:\
 #define M_ASN1_I2D_finish()	*pp=p; \
 				return(r);
 
-#ifndef NOPROTO
 int asn1_GetSequence(ASN1_CTX *c, long *length);
 void asn1_add_error(unsigned char *address,int offset);
-#else 
-int asn1_GetSequence();
-void asn1_add_error();
-#endif
-
 #ifdef  __cplusplus
 }
 #endif
diff --git a/lib/libssl/src/crypto/asn1/asn1_par.c b/lib/libssl/src/crypto/asn1/asn1_par.c
index 3906227d21a..86886606ef6 100644
--- a/lib/libssl/src/crypto/asn1/asn1_par.c
+++ b/lib/libssl/src/crypto/asn1/asn1_par.c
@@ -58,30 +58,21 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/asn1.h>
 
-#ifndef NOPROTO
 static int asn1_print_info(BIO *bp, int tag, int xclass,int constructed,
 	int indent);
 static int asn1_parse2(BIO *bp, unsigned char **pp, long length,
 	int offset, int depth, int indent);
-#else
-static int asn1_print_info();
-static int asn1_parse2();
-#endif
-
-static int asn1_print_info(bp, tag, xclass, constructed,indent)
-BIO *bp;
-int tag;
-int xclass;
-int constructed;
-int indent;
+static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
+	     int indent)
 	{
-	static char *fmt="%-18s";
-	static char *fmt2="%2d %-15s";
-	char *p,str[128],*p2=NULL;
+	static const char fmt[]="%-18s";
+	static const char fmt2[]="%2d %-15s";
+	char str[128];
+	const char *p,*p2=NULL;
 
 	if (constructed & V_ASN1_CONSTRUCTED)
 		p="cons: ";
@@ -108,6 +99,8 @@ int indent;
 		p="BOOLEAN";
 	else if (tag == V_ASN1_INTEGER)
 		p="INTEGER";
+	else if (tag == V_ASN1_ENUMERATED)
+		p="ENUMERATED";
 	else if (tag == V_ASN1_BIT_STRING)
 		p="BIT STRING";
 	else if (tag == V_ASN1_OCTET_STRING)
@@ -138,8 +131,8 @@ int indent;
 		p="GENERALIZEDTIME";
 	else if (tag == V_ASN1_GRAPHICSTRING)
 		p="GRAPHICSTRING";
-	else if (tag == V_ASN1_ISO64STRING)
-		p="ISO64STRING";
+	else if (tag == V_ASN1_VISIBLESTRING)
+		p="VISIBLESTRING";
 	else if (tag == V_ASN1_GENERALSTRING)
 		p="GENERALSTRING";
 	else if (tag == V_ASN1_UNIVERSALSTRING)
@@ -162,22 +155,13 @@ err:
 	return(0);
 	}
 
-int ASN1_parse(bp, pp, len, indent)
-BIO *bp;
-unsigned char *pp;
-long len;
-int indent;
+int ASN1_parse(BIO *bp, unsigned char *pp, long len, int indent)
 	{
 	return(asn1_parse2(bp,&pp,len,0,0,indent));
 	}
 
-static int asn1_parse2(bp, pp, length, offset, depth, indent)
-BIO *bp;
-unsigned char **pp;
-long length;
-int offset;
-int depth;
-int indent;
+static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
+	     int depth, int indent)
 	{
 	unsigned char *p,*ep,*tot,*op,*opp;
 	long len;
@@ -266,7 +250,9 @@ int indent;
 			if (	(tag == V_ASN1_PRINTABLESTRING) ||
 				(tag == V_ASN1_T61STRING) ||
 				(tag == V_ASN1_IA5STRING) ||
-				(tag == V_ASN1_UTCTIME))
+				(tag == V_ASN1_VISIBLESTRING) ||
+				(tag == V_ASN1_UTCTIME) ||
+				(tag == V_ASN1_GENERALIZEDTIME))
 				{
 				if (BIO_write(bp,":",1) <= 0) goto end;
 				if ((len > 0) &&
@@ -370,6 +356,38 @@ int indent;
 					}
 				ASN1_INTEGER_free(bs);
 				}
+			else if (tag == V_ASN1_ENUMERATED)
+				{
+				ASN1_ENUMERATED *bs;
+				int i;
+
+				opp=op;
+				bs=d2i_ASN1_ENUMERATED(NULL,&opp,len+hl);
+				if (bs != NULL)
+					{
+					if (BIO_write(bp,":",1) <= 0) goto end;
+					if (bs->type == V_ASN1_NEG_ENUMERATED)
+						if (BIO_write(bp,"-",1) <= 0)
+							goto end;
+					for (i=0; i<bs->length; i++)
+						{
+						if (BIO_printf(bp,"%02X",
+							bs->data[i]) <= 0)
+							goto end;
+						}
+					if (bs->length == 0)
+						{
+						if (BIO_write(bp,"00",2) <= 0)
+							goto end;
+						}
+					}
+				else
+					{
+					if (BIO_write(bp,"BAD ENUMERATED",11) <= 0)
+						goto end;
+					}
+				ASN1_ENUMERATED_free(bs);
+				}
 
 			if (!nl) 
 				{
diff --git a/lib/libssl/src/crypto/asn1/asn_pack.c b/lib/libssl/src/crypto/asn1/asn_pack.c
new file mode 100644
index 00000000000..662a2626a19
--- /dev/null
+++ b/lib/libssl/src/crypto/asn1/asn_pack.c
@@ -0,0 +1,145 @@
+/* asn_pack.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+/* ASN1 packing and unpacking functions */
+
+/* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */
+
+STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(),
+	     void (*free_func)())
+{
+    STACK *sk;
+    unsigned char *pbuf;
+    pbuf =  buf;
+    if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func,
+					V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL)))
+		 ASN1err(ASN1_F_ASN1_SEQ_UNPACK,ASN1_R_DECODE_ERROR);
+    return sk;
+}
+
+/* Turn a STACK structures into an ASN1 encoded SEQUENCE OF structure in a
+ * Malloc'ed buffer
+ */
+
+unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf,
+	     int *len)
+{
+	int safelen;
+	unsigned char *safe, *p;
+	if (!(safelen = i2d_ASN1_SET(safes, NULL, i2d, V_ASN1_SEQUENCE,
+					      V_ASN1_UNIVERSAL, IS_SEQUENCE))) {
+		ASN1err(ASN1_F_ASN1_SEQ_PACK,ASN1_R_ENCODE_ERROR);
+		return NULL;
+	}
+	if (!(safe = Malloc (safelen))) {
+		ASN1err(ASN1_F_ASN1_SEQ_PACK,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	p = safe;
+	i2d_ASN1_SET(safes, &p, i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL,
+								 IS_SEQUENCE);
+	if (len) *len = safelen;
+	if (buf) *buf = safe;
+	return safe;
+}
+
+/* Extract an ASN1 object from an ASN1_STRING */
+
+void *ASN1_unpack_string (ASN1_STRING *oct, char *(*d2i)())
+{
+	unsigned char *p;
+	char *ret;
+
+	p = oct->data;
+	if(!(ret = d2i(NULL, &p, oct->length)))
+		ASN1err(ASN1_F_ASN1_UNPACK_STRING,ASN1_R_DECODE_ERROR);
+	return ret;
+}
+
+/* Pack an ASN1 object into an ASN1_STRING */
+
+ASN1_STRING *ASN1_pack_string (void *obj, int (*i2d)(), ASN1_STRING **oct)
+{
+	unsigned char *p;
+	ASN1_STRING *octmp;
+
+	if (!oct || !*oct) {
+		if (!(octmp = ASN1_STRING_new ())) {
+			ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
+			return NULL;
+		}
+		if (oct) *oct = octmp;
+	} else octmp = *oct;
+		
+	if (!(octmp->length = i2d(obj, NULL))) {
+		ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR);
+		return NULL;
+	}
+	if (!(p = Malloc (octmp->length))) {
+		ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	octmp->data = p;
+	i2d (obj, &p);
+	return octmp;
+}
+
diff --git a/lib/libssl/src/crypto/asn1/d2i_dhp.c b/lib/libssl/src/crypto/asn1/d2i_dhp.c
index 616a308100f..a077211a4c1 100644
--- a/lib/libssl/src/crypto/asn1/d2i_dhp.c
+++ b/lib/libssl/src/crypto/asn1/d2i_dhp.c
@@ -56,24 +56,17 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_DH
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "dh.h"
-#include "objects.h"
-#include "asn1_mac.h"
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include <openssl/objects.h>
+#include <openssl/asn1_mac.h>
 
-/*
- * ASN1err(ASN1_F_D2I_DHPARAMS,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_I2D_DHPARAMS,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
- */
-
-DH *d2i_DHparams(a,pp,length)
-DH **a;
-unsigned char **pp;
-long length;
+DH *d2i_DHparams(DH **a, unsigned char **pp, long length)
 	{
-	int i=ASN1_R_ERROR_STACK;
+	int i=ERR_R_NESTED_ASN1_ERROR;
 	ASN1_INTEGER *bs=NULL;
 	long v=0;
 	M_ASN1_D2I_vars(a,DH *,DH_new);
@@ -105,4 +98,4 @@ err:
 	if (bs != NULL) ASN1_BIT_STRING_free(bs);
 	return(NULL);
 	}
-
+#endif
diff --git a/lib/libssl/src/crypto/asn1/d2i_dsap.c b/lib/libssl/src/crypto/asn1/d2i_dsap.c
index 2c8ac7bbcfa..cdd7136f512 100644
--- a/lib/libssl/src/crypto/asn1/d2i_dsap.c
+++ b/lib/libssl/src/crypto/asn1/d2i_dsap.c
@@ -56,24 +56,21 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_DSA
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "dsa.h"
-#include "objects.h"
-#include "asn1_mac.h"
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/objects.h>
+#include <openssl/asn1_mac.h>
 
-/*
- * ASN1err(ASN1_F_D2I_DSAPARAMS,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_I2D_DSAPARAMS,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
- */
+#ifdef NEG_PUBKEY_BUG
+#define d2i_ASN1_INTEGER d2i_ASN1_UINTEGER
+#endif
 
-DSA *d2i_DSAparams(a,pp,length)
-DSA **a;
-unsigned char **pp;
-long length;
+DSA *d2i_DSAparams(DSA **a, unsigned char **pp, long length)
 	{
-	int i=ASN1_R_ERROR_STACK;
+	int i=ERR_R_NESTED_ASN1_ERROR;
 	ASN1_INTEGER *bs=NULL;
 	M_ASN1_D2I_vars(a,DSA *,DSA_new);
 
@@ -98,4 +95,4 @@ err:
 	if (bs != NULL) ASN1_BIT_STRING_free(bs);
 	return(NULL);
 	}
-
+#endif
diff --git a/lib/libssl/src/crypto/asn1/d2i_pr.c b/lib/libssl/src/crypto/asn1/d2i_pr.c
index b9eaa9629b0..f3d1aa6240e 100644
--- a/lib/libssl/src/crypto/asn1/d2i_pr.c
+++ b/lib/libssl/src/crypto/asn1/d2i_pr.c
@@ -58,16 +58,13 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/asn1.h>
 
-EVP_PKEY *d2i_PrivateKey(type,a,pp,length)
-int type;
-EVP_PKEY **a;
-unsigned char **pp;
-long length;
+EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, unsigned char **pp,
+	     long length)
 	{
 	EVP_PKEY *ret;
 
@@ -106,7 +103,7 @@ long length;
 	default:
 		ASN1err(ASN1_F_D2I_PRIVATEKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
 		goto err;
-		break;
+		/* break; */
 		}
 	if (a != NULL) (*a)=ret;
 	return(ret);
diff --git a/lib/libssl/src/crypto/asn1/d2i_pu.c b/lib/libssl/src/crypto/asn1/d2i_pu.c
index 5d6192f1e52..e0d203cef73 100644
--- a/lib/libssl/src/crypto/asn1/d2i_pu.c
+++ b/lib/libssl/src/crypto/asn1/d2i_pu.c
@@ -58,16 +58,13 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/asn1.h>
 
-EVP_PKEY *d2i_PublicKey(type,a,pp,length)
-int type;
-EVP_PKEY **a;
-unsigned char **pp;
-long length;
+EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp,
+	     long length)
 	{
 	EVP_PKEY *ret;
 
@@ -106,7 +103,7 @@ long length;
 	default:
 		ASN1err(ASN1_F_D2I_PUBLICKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
 		goto err;
-		break;
+		/* break; */
 		}
 	if (a != NULL) (*a)=ret;
 	return(ret);
diff --git a/lib/libssl/src/crypto/asn1/d2i_r_pr.c b/lib/libssl/src/crypto/asn1/d2i_r_pr.c
index 0c53aa94bf5..18f11b6f5ef 100644
--- a/lib/libssl/src/crypto/asn1/d2i_r_pr.c
+++ b/lib/libssl/src/crypto/asn1/d2i_r_pr.c
@@ -56,18 +56,13 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_RSA
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "rsa.h"
-#include "objects.h"
-#include "asn1_mac.h"
-
-/*
- * ASN1err(ASN1_F_D2I_RSAPRIVATEKEY,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_I2D_RSAPRIVATEKEY,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
- * ASN1err(ASN1_F_I2D_RSAPRIVATEKEY,ASN1_R_PARSING);
- */
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/objects.h>
+#include <openssl/asn1_mac.h>
 
 static ASN1_METHOD method={
         (int (*)())  i2d_RSAPrivateKey,
@@ -75,15 +70,12 @@ static ASN1_METHOD method={
         (char *(*)())RSA_new,
         (void (*)()) RSA_free};
 
-ASN1_METHOD *RSAPrivateKey_asn1_meth()
+ASN1_METHOD *RSAPrivateKey_asn1_meth(void)
 	{
 	return(&method);
 	}
 
-RSA *d2i_RSAPrivateKey(a,pp,length)
-RSA **a;
-unsigned char **pp;
-long length;
+RSA *d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length)
 	{
 	int i=ASN1_R_PARSING;
 	ASN1_INTEGER *bs=NULL;
@@ -126,4 +118,4 @@ err:
 	if (bs != NULL) ASN1_INTEGER_free(bs);
 	return(NULL);
 	}
-
+#endif
diff --git a/lib/libssl/src/crypto/asn1/d2i_r_pu.c b/lib/libssl/src/crypto/asn1/d2i_r_pu.c
index 778b792b1e7..c4ae58b5943 100644
--- a/lib/libssl/src/crypto/asn1/d2i_r_pu.c
+++ b/lib/libssl/src/crypto/asn1/d2i_r_pu.c
@@ -56,22 +56,19 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_RSA
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "rsa.h"
-#include "objects.h"
-#include "asn1_mac.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/objects.h>
+#include <openssl/asn1_mac.h>
 
-/*
- * ASN1err(ASN1_F_D2I_RSAPUBLICKEY,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_I2D_RSAPUBLICKEY,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
- */
+#ifdef NEG_PUBKEY_BUG
+#define d2i_ASN1_INTEGER d2i_ASN1_UINTEGER
+#endif
 
-RSA *d2i_RSAPublicKey(a,pp,length)
-RSA **a;
-unsigned char **pp;
-long length;
+RSA *d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length)
 	{
 	int i=ASN1_R_PARSING;
 	ASN1_INTEGER *bs=NULL;
@@ -97,4 +94,4 @@ err:
 	if (bs != NULL) ASN1_INTEGER_free(bs);
 	return(NULL);
 	}
-
+#endif
diff --git a/lib/libssl/src/crypto/asn1/d2i_s_pr.c b/lib/libssl/src/crypto/asn1/d2i_s_pr.c
index 32ff8ba4b39..050e1cc5fb2 100644
--- a/lib/libssl/src/crypto/asn1/d2i_s_pr.c
+++ b/lib/libssl/src/crypto/asn1/d2i_s_pr.c
@@ -56,25 +56,17 @@
  * [including the GNU Public Licence.]
  */
 
-/* Origional version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
+/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
 
+#ifndef NO_DSA
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "dsa.h"
-#include "objects.h"
-#include "asn1_mac.h"
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/objects.h>
+#include <openssl/asn1_mac.h>
 
-/*
- * ASN1err(ASN1_F_D2I_DSAPRIVATEKEY,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_I2D_DSAPRIVATEKEY,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
- * ASN1err(ASN1_F_I2D_DSAPRIVATEKEY,ASN1_R_PARSING);
- */
-
-DSA *d2i_DSAPrivateKey(a,pp,length)
-DSA **a;
-unsigned char **pp;
-long length;
+DSA *d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length)
 	{
 	int i=ASN1_R_PARSING;
 	ASN1_INTEGER *bs=NULL;
@@ -110,4 +102,4 @@ err:
 	if (bs != NULL) ASN1_INTEGER_free(bs);
 	return(NULL);
 	}
-
+#endif
diff --git a/lib/libssl/src/crypto/asn1/d2i_s_pu.c b/lib/libssl/src/crypto/asn1/d2i_s_pu.c
index 1002f41cd8f..94ea1c313b6 100644
--- a/lib/libssl/src/crypto/asn1/d2i_s_pu.c
+++ b/lib/libssl/src/crypto/asn1/d2i_s_pu.c
@@ -56,24 +56,21 @@
  * [including the GNU Public Licence.]
  */
 
-/* Origional version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
+/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
 
+#ifndef NO_DSA
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "dsa.h"
-#include "objects.h"
-#include "asn1_mac.h"
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/objects.h>
+#include <openssl/asn1_mac.h>
 
-/*
- * ASN1err(ASN1_F_D2I_DSAPUBLICKEY,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_I2D_DSAPUBLICKEY,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
- */
+#ifdef NEG_PUBKEY_BUG
+#define d2i_ASN1_INTEGER d2i_ASN1_UINTEGER
+#endif
 
-DSA *d2i_DSAPublicKey(a,pp,length)
-DSA **a;
-unsigned char **pp;
-long length;
+DSA *d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length)
 	{
 	int i=ASN1_R_PARSING;
 	ASN1_INTEGER *bs=NULL;
@@ -121,4 +118,4 @@ err:
 	if (bs != NULL) ASN1_INTEGER_free(bs);
 	return(NULL);
 	}
-
+#endif
diff --git a/lib/libssl/src/crypto/asn1/evp_asn1.c b/lib/libssl/src/crypto/asn1/evp_asn1.c
index ebe34a3362d..41ced49c190 100644
--- a/lib/libssl/src/crypto/asn1/evp_asn1.c
+++ b/lib/libssl/src/crypto/asn1/evp_asn1.c
@@ -58,26 +58,22 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1.h"
-#include "asn1_mac.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>
 
-int ASN1_TYPE_set_octetstring(a,data,len)
-ASN1_TYPE *a;
-unsigned char *data;
-int len;
+int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len)
 	{
 	ASN1_STRING *os;
 
 	if ((os=ASN1_OCTET_STRING_new()) == NULL) return(0);
 	if (!ASN1_OCTET_STRING_set(os,data,len)) return(0);
-	ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,(char *)os);
+	ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os);
 	return(1);
 	}
 
-int ASN1_TYPE_get_octetstring(a,data,max_len)
-ASN1_TYPE *a;
-unsigned char *data;
-int max_len; /* for returned value */
+/* int max_len:  for returned value    */
+int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data,
+	     int max_len)
 	{
 	int ret,num;
 	unsigned char *p;
@@ -97,11 +93,8 @@ int max_len; /* for returned value */
 	return(ret);
 	}
 
-int ASN1_TYPE_set_int_octetstring(a,num,data,len)
-ASN1_TYPE *a;
-long num;
-unsigned char *data;
-int len;
+int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data,
+	     int len)
 	{
 	int n,size;
 	ASN1_OCTET_STRING os,*osp;
@@ -131,16 +124,15 @@ int len;
 	  i2d_ASN1_INTEGER(&in,&p);
 	M_i2d_ASN1_OCTET_STRING(&os,&p);
 
-	ASN1_TYPE_set(a,V_ASN1_SEQUENCE,(char *)osp);
+	ASN1_TYPE_set(a,V_ASN1_SEQUENCE,osp);
 	return(1);
 	}
 
-/* we return the actual length... */
-int ASN1_TYPE_get_int_octetstring(a,num,data,max_len)
-ASN1_TYPE *a;
-long *num;
-unsigned char *data;
-int max_len; /* for returned value */
+/* we return the actual length..., num may be missing, in which
+ * case, set it to zero */
+/* int max_len:  for returned value    */
+int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num, unsigned char *data,
+	     int max_len)
 	{
 	int ret= -1,n;
 	ASN1_INTEGER *ai=NULL;
diff --git a/lib/libssl/src/crypto/asn1/f.c b/lib/libssl/src/crypto/asn1/f.c
index 2ab3a262ac6..82bccdfd510 100644
--- a/lib/libssl/src/crypto/asn1/f.c
+++ b/lib/libssl/src/crypto/asn1/f.c
@@ -56,8 +56,8 @@
  * [including the GNU Public Licence.]
  */
 #include <stdio.h>
-#include "asn1.h"
-#include "err.h"
+#include <openssl/asn1.h>
+#include <openssl/err.h>
 
 main()
 	{
diff --git a/lib/libssl/src/crypto/bn/bn_sub.c b/lib/libssl/src/crypto/asn1/f_enum.c
index bba80f8afbe..3bcceecdb85 100644
--- a/lib/libssl/src/crypto/bn/bn_sub.c
+++ b/lib/libssl/src/crypto/asn1/f_enum.c
@@ -1,4 +1,4 @@
-/* crypto/bn/bn_sub.c */
+/* crypto/asn1/f_enum.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -58,123 +58,150 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn_lcl.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
 
-/* unsigned subtraction of b from a, a must be larger than b. */
-void bn_qsub(r, a, b)
-BIGNUM *r;
-BIGNUM *a;
-BIGNUM *b;
+/* Based on a_int.c: equivalent ENUMERATED functions */
+
+int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a)
 	{
-	int max,min;
-	register BN_ULONG t1,t2,*ap,*bp,*rp;
-	int i,carry;
-#if defined(IRIX_CC_BUG) && !defined(LINT)
-	int dummy;
-#endif
+	int i,n=0;
+	static const char *h="0123456789ABCDEF";
+	char buf[2];
 
-	max=a->top;
-	min=b->top;
-	ap=a->d;
-	bp=b->d;
-	rp=r->d;
+	if (a == NULL) return(0);
 
-	carry=0;
-	for (i=0; i<min; i++)
+	if (a->length == 0)
 		{
-		t1= *(ap++);
-		t2= *(bp++);
-		if (carry)
-			{
-			carry=(t1 <= t2);
-			t1=(t1-t2-1)&BN_MASK2;
-			}
-		else
-			{
-			carry=(t1 < t2);
-			t1=(t1-t2)&BN_MASK2;
-			}
-#if defined(IRIX_CC_BUG) && !defined(LINT)
-		dummy=t1;
-#endif
-		*(rp++)=t1&BN_MASK2;
+		if (BIO_write(bp,"00",2) != 2) goto err;
+		n=2;
 		}
-	if (carry) /* subtracted */
+	else
 		{
-		while (i < max)
+		for (i=0; i<a->length; i++)
 			{
-			i++;
-			t1= *(ap++);
-			t2=(t1-1)&BN_MASK2;
-			*(rp++)=t2;
-			if (t1 > t2) break;
+			if ((i != 0) && (i%35 == 0))
+				{
+				if (BIO_write(bp,"\\\n",2) != 2) goto err;
+				n+=2;
+				}
+			buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f];
+			buf[1]=h[((unsigned char)a->data[i]   )&0x0f];
+			if (BIO_write(bp,buf,2) != 2) goto err;
+			n+=2;
 			}
 		}
-#if 0
-	memcpy(rp,ap,sizeof(*rp)*(max-i));
-#else
-	for (; i<max; i++)
-		*(rp++)= *(ap++);
-#endif
-
-	r->top=max;
-	bn_fix_top(r);
+	return(n);
+err:
+	return(-1);
 	}
 
-int BN_sub(r, a, b)
-BIGNUM *r;
-BIGNUM *a;
-BIGNUM *b;
+int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)
 	{
-	int max,i;
-	int add=0,neg=0;
-	BIGNUM *tmp;
+	int ret=0;
+	int i,j,k,m,n,again,bufsize;
+	unsigned char *s=NULL,*sp;
+	unsigned char *bufp;
+	int num=0,slen=0,first=1;
 
-	/*  a -  b	a-b
-	 *  a - -b	a+b
-	 * -a -  b	-(a+b)
-	 * -a - -b	b-a
-	 */
-	if (a->neg)
-		{
-		if (b->neg)
-			{ tmp=a; a=b; b=tmp; }
-		else
-			{ add=1; neg=1; }
-		}
-	else
-		{
-		if (b->neg) { add=1; neg=0; }
-		}
+	bs->type=V_ASN1_ENUMERATED;
 
-	if (add)
+	bufsize=BIO_gets(bp,buf,size);
+	for (;;)
 		{
-		/* As a fast max size, do a a->top | b->top */
-		i=(a->top | b->top)+1;
-	        if (bn_wexpand(r,i) == NULL)
-			return(0);
-		if (i)
-			bn_qadd(r,a,b);
-		else
-			bn_qadd(r,b,a);
-		r->neg=neg;
-		return(1);
-		}
+		if (bufsize < 1) goto err_sl;
+		i=bufsize;
+		if (buf[i-1] == '\n') buf[--i]='\0';
+		if (i == 0) goto err_sl;
+		if (buf[i-1] == '\r') buf[--i]='\0';
+		if (i == 0) goto err_sl;
+		again=(buf[i-1] == '\\');
 
-	/* We are actually doing a - b :-) */
+		for (j=0; j<i; j++)
+			{
+			if (!(	((buf[j] >= '0') && (buf[j] <= '9')) ||
+				((buf[j] >= 'a') && (buf[j] <= 'f')) ||
+				((buf[j] >= 'A') && (buf[j] <= 'F'))))
+				{
+				i=j;
+				break;
+				}
+			}
+		buf[i]='\0';
+		/* We have now cleared all the crap off the end of the
+		 * line */
+		if (i < 2) goto err_sl;
 
-	max=(a->top > b->top)?a->top:b->top;
-	if (bn_wexpand(r,max) == NULL) return(0);
-	if (BN_ucmp(a,b) < 0)
-		{
-		bn_qsub(r,b,a);
-		r->neg=1;
+		bufp=(unsigned char *)buf;
+		if (first)
+			{
+			first=0;
+			if ((bufp[0] == '0') && (buf[1] == '0'))
+				{
+				bufp+=2;
+				i-=2;
+				}
+			}
+		k=0;
+		i-=again;
+		if (i%2 != 0)
+			{
+			ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_ODD_NUMBER_OF_CHARS);
+			goto err;
+			}
+		i/=2;
+		if (num+i > slen)
+			{
+			if (s == NULL)
+				sp=(unsigned char *)Malloc(
+					(unsigned int)num+i*2);
+			else
+				sp=(unsigned char *)Realloc(s,
+					(unsigned int)num+i*2);
+			if (sp == NULL)
+				{
+				ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
+				if (s != NULL) Free((char *)s);
+				goto err;
+				}
+			s=sp;
+			slen=num+i*2;
+			}
+		for (j=0; j<i; j++,k+=2)
+			{
+			for (n=0; n<2; n++)
+				{
+				m=bufp[k+n];
+				if ((m >= '0') && (m <= '9'))
+					m-='0';
+				else if ((m >= 'a') && (m <= 'f'))
+					m=m-'a'+10;
+				else if ((m >= 'A') && (m <= 'F'))
+					m=m-'A'+10;
+				else
+					{
+					ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_NON_HEX_CHARACTERS);
+					goto err;
+					}
+				s[num+j]<<=4;
+				s[num+j]|=m;
+				}
+			}
+		num+=i;
+		if (again)
+			bufsize=BIO_gets(bp,buf,size);
+		else
+			break;
 		}
-	else
+	bs->length=num;
+	bs->data=s;
+	ret=1;
+err:
+	if (0)
 		{
-		bn_qsub(r,a,b);
-		r->neg=0;
+err_sl:
+		ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_SHORT_LINE);
 		}
-	return(1);
+	return(ret);
 	}
 
diff --git a/lib/libssl/src/crypto/asn1/f_int.c b/lib/libssl/src/crypto/asn1/f_int.c
index 4817c45cb79..55560dd814a 100644
--- a/lib/libssl/src/crypto/asn1/f_int.c
+++ b/lib/libssl/src/crypto/asn1/f_int.c
@@ -58,15 +58,13 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "x509.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
 
-int i2a_ASN1_INTEGER(bp, a)
-BIO *bp;
-ASN1_INTEGER *a;
+int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a)
 	{
 	int i,n=0;
-	static char *h="0123456789ABCDEF";
+	static const char *h="0123456789ABCDEF";
 	char buf[2];
 
 	if (a == NULL) return(0);
@@ -96,11 +94,7 @@ err:
 	return(-1);
 	}
 
-int a2i_ASN1_INTEGER(bp,bs,buf,size)
-BIO *bp;
-ASN1_INTEGER *bs;
-char *buf;
-int size;
+int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
 	{
 	int ret=0;
 	int i,j,k,m,n,again,bufsize;
@@ -123,9 +117,18 @@ int size;
 
 		for (j=0; j<i; j++)
 			{
+#ifndef CHARSET_EBCDIC
 			if (!(	((buf[j] >= '0') && (buf[j] <= '9')) ||
 				((buf[j] >= 'a') && (buf[j] <= 'f')) ||
 				((buf[j] >= 'A') && (buf[j] <= 'F'))))
+#else
+			/* This #ifdef is not strictly necessary, since
+			 * the characters A...F a...f 0...9 are contiguous
+			 * (yes, even in EBCDIC - but not the whole alphabet).
+			 * Nevertheless, isxdigit() is faster.
+			 */
+			if (!isxdigit(buf[j]))
+#endif
 				{
 				i=j;
 				break;
diff --git a/lib/libssl/src/crypto/asn1/f_string.c b/lib/libssl/src/crypto/asn1/f_string.c
index ab2837824e5..5d0cf5a46d4 100644
--- a/lib/libssl/src/crypto/asn1/f_string.c
+++ b/lib/libssl/src/crypto/asn1/f_string.c
@@ -58,16 +58,13 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "x509.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
 
-int i2a_ASN1_STRING(bp, a, type)
-BIO *bp;
-ASN1_STRING *a;
-int type;
+int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type)
 	{
 	int i,n=0;
-	static char *h="0123456789ABCDEF";
+	static const char *h="0123456789ABCDEF";
 	char buf[2];
 
 	if (a == NULL) return(0);
@@ -97,11 +94,7 @@ err:
 	return(-1);
 	}
 
-int a2i_ASN1_STRING(bp,bs,buf,size)
-BIO *bp;
-ASN1_STRING *bs;
-char *buf;
-int size;
+int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
 	{
 	int ret=0;
 	int i,j,k,m,n,again,bufsize;
@@ -130,9 +123,18 @@ int size;
 
 		for (j=i-1; j>0; j--)
 			{
+#ifndef CHARSET_EBCDIC
 			if (!(	((buf[j] >= '0') && (buf[j] <= '9')) ||
 				((buf[j] >= 'a') && (buf[j] <= 'f')) ||
 				((buf[j] >= 'A') && (buf[j] <= 'F'))))
+#else
+			/* This #ifdef is not strictly necessary, since
+			 * the characters A...F a...f 0...9 are contiguous
+			 * (yes, even in EBCDIC - but not the whole alphabet).
+			 * Nevertheless, isxdigit() is faster.
+			 */
+			if (!isxdigit(buf[j]))
+#endif
 				{
 				i=j;
 				break;
diff --git a/lib/libssl/src/crypto/asn1/i2d_dhp.c b/lib/libssl/src/crypto/asn1/i2d_dhp.c
index a454025ce32..fdda4ec41bc 100644
--- a/lib/libssl/src/crypto/asn1/i2d_dhp.c
+++ b/lib/libssl/src/crypto/asn1/i2d_dhp.c
@@ -56,20 +56,14 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_DH
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "asn1_mac.h"
-#include "dh.h"
+#include <openssl/bn.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/dh.h>
 
-/*
- * ASN1err(ASN1_F_D2I_DHPARAMS,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_X509_DHPARAMS_NEW,ASN1_R_LENGTH_MISMATCH);
- */
-
-int i2d_DHparams(a,pp)
-DH *a;
-unsigned char **pp;
+int i2d_DHparams(DH *a, unsigned char **pp)
 	{
 	BIGNUM *num[3];
 	ASN1_INTEGER bs;
@@ -100,7 +94,12 @@ unsigned char **pp;
 		}
 
 	t=ASN1_object_size(1,tot,V_ASN1_SEQUENCE);
-	if (pp == NULL) return(t);
+	if (pp == NULL)
+		{
+		if (num[2] != NULL)
+			BN_free(num[2]);
+		return(t);
+		}
 
 	p= *pp;
 	ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
@@ -126,3 +125,4 @@ err:
 	*pp=p;
 	return(ret);
 	}
+#endif
diff --git a/lib/libssl/src/crypto/asn1/i2d_dsap.c b/lib/libssl/src/crypto/asn1/i2d_dsap.c
index 94ecff15254..f36f0da4e2e 100644
--- a/lib/libssl/src/crypto/asn1/i2d_dsap.c
+++ b/lib/libssl/src/crypto/asn1/i2d_dsap.c
@@ -56,19 +56,14 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_DSA
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "asn1_mac.h"
-#include "dsa.h"
+#include <openssl/bn.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/dsa.h>
 
-/*
- * ASN1err(ASN1_F_D2I_DSAPARAMS,ASN1_R_LENGTH_MISMATCH);
- */
-
-int i2d_DSAparams(a,pp)
-DSA *a;
-unsigned char **pp;
+int i2d_DSAparams(DSA *a, unsigned char **pp)
 	{
 	BIGNUM *num[3];
 	ASN1_INTEGER bs;
@@ -118,4 +113,5 @@ err:
 	*pp=p;
 	return(ret);
 	}
+#endif
 
diff --git a/lib/libssl/src/crypto/asn1/i2d_pr.c b/lib/libssl/src/crypto/asn1/i2d_pr.c
index b6b821d73c7..71d6910204a 100644
--- a/lib/libssl/src/crypto/asn1/i2d_pr.c
+++ b/lib/libssl/src/crypto/asn1/i2d_pr.c
@@ -58,13 +58,11 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
 
-int i2d_PrivateKey(a,pp)
-EVP_PKEY *a;
-unsigned char **pp;
+int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
 	{
 #ifndef NO_RSA
 	if (a->type == EVP_PKEY_RSA)
diff --git a/lib/libssl/src/crypto/asn1/i2d_pu.c b/lib/libssl/src/crypto/asn1/i2d_pu.c
index 1b854252b73..8f73d37d033 100644
--- a/lib/libssl/src/crypto/asn1/i2d_pu.c
+++ b/lib/libssl/src/crypto/asn1/i2d_pu.c
@@ -58,13 +58,11 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
 
-int i2d_PublicKey(a,pp)
-EVP_PKEY *a;
-unsigned char **pp;
+int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
 	{
 	switch (a->type)
 		{
diff --git a/lib/libssl/src/crypto/asn1/i2d_r_pr.c b/lib/libssl/src/crypto/asn1/i2d_r_pr.c
index aadbb92d8eb..27e6844a7f6 100644
--- a/lib/libssl/src/crypto/asn1/i2d_r_pr.c
+++ b/lib/libssl/src/crypto/asn1/i2d_r_pr.c
@@ -56,21 +56,15 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_RSA
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "rsa.h"
-#include "objects.h"
-#include "asn1_mac.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/objects.h>
+#include <openssl/asn1_mac.h>
 
-/*
- * ASN1err(ASN1_F_D2I_RSAPRIVATEKEY,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_I2D_RSAPRIVATEKEY,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
- */
-
-int i2d_RSAPrivateKey(a,pp)
-RSA *a;
-unsigned char **pp;
+int i2d_RSAPrivateKey(RSA *a, unsigned char **pp)
 	{
 	BIGNUM *num[9];
 	unsigned char data[1];
@@ -129,4 +123,5 @@ unsigned char **pp;
 	*pp=p;
 	return(t);
 	}
+#endif
 
diff --git a/lib/libssl/src/crypto/asn1/i2d_r_pu.c b/lib/libssl/src/crypto/asn1/i2d_r_pu.c
index 3c54f6709da..6d01bfa8b5e 100644
--- a/lib/libssl/src/crypto/asn1/i2d_r_pu.c
+++ b/lib/libssl/src/crypto/asn1/i2d_r_pu.c
@@ -56,21 +56,15 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_RSA
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "rsa.h"
-#include "objects.h"
-#include "asn1_mac.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/objects.h>
+#include <openssl/asn1_mac.h>
 
-/*
- * ASN1err(ASN1_F_D2I_RSAPUBLICKEY,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_I2D_RSAPUBLICKEY,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
- */
-
-int i2d_RSAPublicKey(a,pp)
-RSA *a;
-unsigned char **pp;
+int i2d_RSAPublicKey(RSA *a, unsigned char **pp)
 	{
 	BIGNUM *num[2];
 	ASN1_INTEGER bs;
@@ -115,4 +109,4 @@ unsigned char **pp;
 	*pp=p;
 	return(t);
 	}
-
+#endif
diff --git a/lib/libssl/src/crypto/asn1/i2d_s_pr.c b/lib/libssl/src/crypto/asn1/i2d_s_pr.c
index 6e953055482..5d3dcdf1979 100644
--- a/lib/libssl/src/crypto/asn1/i2d_s_pr.c
+++ b/lib/libssl/src/crypto/asn1/i2d_s_pr.c
@@ -56,20 +56,15 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_DSA
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "dsa.h"
-#include "objects.h"
-#include "asn1_mac.h"
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/objects.h>
+#include <openssl/asn1_mac.h>
 
-/*
- * ASN1err(ASN1_F_I2D_DSAPRIVATEKEY,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
- */
-
-int i2d_DSAPrivateKey(a,pp)
-DSA *a;
-unsigned char **pp;
+int i2d_DSAPrivateKey(DSA *a, unsigned char **pp)
 	{
 	BIGNUM *num[6];
 	unsigned char data[1];
@@ -125,4 +120,4 @@ unsigned char **pp;
 	*pp=p;
 	return(t);
 	}
-
+#endif
diff --git a/lib/libssl/src/crypto/asn1/i2d_s_pu.c b/lib/libssl/src/crypto/asn1/i2d_s_pu.c
index 5cf28770699..18f790f7465 100644
--- a/lib/libssl/src/crypto/asn1/i2d_s_pu.c
+++ b/lib/libssl/src/crypto/asn1/i2d_s_pu.c
@@ -56,20 +56,15 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_DSA
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "dsa.h"
-#include "objects.h"
-#include "asn1_mac.h"
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/objects.h>
+#include <openssl/asn1_mac.h>
 
-/*
- * ASN1err(ASN1_F_I2D_DSAPUBLICKEY,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
- */
-
-int i2d_DSAPublicKey(a,pp)
-DSA *a;
-unsigned char **pp;
+int i2d_DSAPublicKey(DSA *a, unsigned char **pp)
 	{
 	BIGNUM *num[4];
 	ASN1_INTEGER bs;
@@ -128,6 +123,7 @@ unsigned char **pp;
 		}
 	Free((char *)bs.data);
 	*pp=p;
-	return(t);
+	if(all) return(t);
+	else return(tot);
 	}
-
+#endif
diff --git a/lib/libssl/src/crypto/asn1/n_pkey.c b/lib/libssl/src/crypto/asn1/n_pkey.c
index 5110c91bec9..cdc0d8b7c46 100644
--- a/lib/libssl/src/crypto/asn1/n_pkey.c
+++ b/lib/libssl/src/crypto/asn1/n_pkey.c
@@ -56,13 +56,14 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_RSA
 #include <stdio.h>
 #include "cryptlib.h"
-#include "rsa.h"
-#include "objects.h"
-#include "asn1_mac.h"
-#include "evp.h"
-#include "x509.h"
+#include <openssl/rsa.h>
+#include <openssl/objects.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
 
 
 #ifndef NO_RC4
@@ -74,28 +75,12 @@ typedef struct netscape_pkey_st
 	ASN1_OCTET_STRING *private_key;
 	} NETSCAPE_PKEY;
 
-/*
- * ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_DECODING_ERROR);
- * ASN1err(ASN1_F_D2I_NETSCAPE_PKEY,ASN1_R_DECODING_ERROR);
- * ASN1err(ASN1_F_NETSCAPE_PKEY_NEW,ASN1_R_DECODING_ERROR);
- */
-#ifndef NOPROTO
 static int i2d_NETSCAPE_PKEY(NETSCAPE_PKEY *a, unsigned char **pp);
 static NETSCAPE_PKEY *d2i_NETSCAPE_PKEY(NETSCAPE_PKEY **a,unsigned char **pp, long length);
 static NETSCAPE_PKEY *NETSCAPE_PKEY_new(void);
 static void NETSCAPE_PKEY_free(NETSCAPE_PKEY *);
-#else
-static int i2d_NETSCAPE_PKEY();
-static NETSCAPE_PKEY *d2i_NETSCAPE_PKEY();
-static NETSCAPE_PKEY *NETSCAPE_PKEY_new();
-static void NETSCAPE_PKEY_free();
-#endif
 
-int i2d_Netscape_RSA(a,pp,cb)
-RSA *a;
-unsigned char **pp;
-int (*cb)();
+int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)())
 	{
 	int i,j,l[6];
 	NETSCAPE_PKEY *pkey;
@@ -138,7 +123,9 @@ int (*cb)();
 	l[2]=i2d_X509_ALGOR(alg,NULL);
 	l[3]=ASN1_object_size(1,l[2]+l[1],V_ASN1_SEQUENCE);
 
+#ifndef CONST_STRICT
 	os.data=(unsigned char *)"private-key";
+#endif
 	os.length=11;
 	l[4]=i2d_ASN1_OCTET_STRING(&os,NULL);
 
@@ -195,18 +182,14 @@ int (*cb)();
 	i2d_ASN1_OCTET_STRING(&os2,&p);
 	ret=l[5];
 err:
-	if (os2.data != NULL) Free((char *)os2.data);
+	if (os2.data != NULL) Free(os2.data);
 	if (alg != NULL) X509_ALGOR_free(alg);
 	if (pkey != NULL) NETSCAPE_PKEY_free(pkey);
 	r=r;
 	return(ret);
 	}
 
-RSA *d2i_Netscape_RSA(a,pp,length,cb)
-RSA **a;
-unsigned char **pp;
-long length;
-int (*cb)();
+RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)())
 	{
 	RSA *ret=NULL;
 	ASN1_OCTET_STRING *os=NULL;
@@ -233,11 +216,8 @@ int (*cb)();
 	M_ASN1_D2I_Finish(a,RSA_free,ASN1_F_D2I_NETSCAPE_RSA);
 	}
 
-RSA *d2i_Netscape_RSA_2(a,pp,length,cb)
-RSA **a;
-unsigned char **pp;
-long length;
-int (*cb)();
+RSA *d2i_Netscape_RSA_2(RSA **a, unsigned char **pp, long length,
+	     int (*cb)())
 	{
 	NETSCAPE_PKEY *pkey=NULL;
 	RSA *ret=NULL;
@@ -249,7 +229,7 @@ int (*cb)();
 	ASN1_OCTET_STRING *os=NULL;
 	ASN1_CTX c;
 
-	c.error=ASN1_R_ERROR_STACK;
+	c.error=ERR_R_NESTED_ASN1_ERROR;
 	c.pp=pp;
 
 	M_ASN1_D2I_Init();
@@ -304,9 +284,7 @@ err:
 	return(ret);
 	}
 
-static int i2d_NETSCAPE_PKEY(a,pp)
-NETSCAPE_PKEY *a;
-unsigned char **pp;
+static int i2d_NETSCAPE_PKEY(NETSCAPE_PKEY *a, unsigned char **pp)
 	{
 	M_ASN1_I2D_vars(a);
 
@@ -324,10 +302,8 @@ unsigned char **pp;
 	M_ASN1_I2D_finish();
 	}
 
-static NETSCAPE_PKEY *d2i_NETSCAPE_PKEY(a,pp,length)
-NETSCAPE_PKEY **a;
-unsigned char **pp;
-long length;
+static NETSCAPE_PKEY *d2i_NETSCAPE_PKEY(NETSCAPE_PKEY **a, unsigned char **pp,
+	     long length)
 	{
 	M_ASN1_D2I_vars(a,NETSCAPE_PKEY *,NETSCAPE_PKEY_new);
 
@@ -339,9 +315,10 @@ long length;
 	M_ASN1_D2I_Finish(a,NETSCAPE_PKEY_free,ASN1_F_D2I_NETSCAPE_PKEY);
 	}
 
-static NETSCAPE_PKEY *NETSCAPE_PKEY_new()
+static NETSCAPE_PKEY *NETSCAPE_PKEY_new(void)
 	{
 	NETSCAPE_PKEY *ret=NULL;
+	ASN1_CTX c;
 
 	M_ASN1_New_Malloc(ret,NETSCAPE_PKEY);
 	M_ASN1_New(ret->version,ASN1_INTEGER_new);
@@ -351,8 +328,7 @@ static NETSCAPE_PKEY *NETSCAPE_PKEY_new()
 	M_ASN1_New_Error(ASN1_F_NETSCAPE_PKEY_NEW);
 	}
 
-static void NETSCAPE_PKEY_free(a)
-NETSCAPE_PKEY *a;
+static void NETSCAPE_PKEY_free(NETSCAPE_PKEY *a)
 	{
 	if (a == NULL) return;
 	ASN1_INTEGER_free(a->version);
@@ -362,4 +338,4 @@ NETSCAPE_PKEY *a;
 	}
 
 #endif /* NO_RC4 */
-
+#endif
diff --git a/lib/libssl/src/crypto/asn1/nsseq.c b/lib/libssl/src/crypto/asn1/nsseq.c
new file mode 100644
index 00000000000..417d024b811
--- /dev/null
+++ b/lib/libssl/src/crypto/asn1/nsseq.c
@@ -0,0 +1,118 @@
+/* nsseq.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+
+/* Netscape certificate sequence structure */
+
+int i2d_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE *a, unsigned char **pp)
+{
+	int v = 0;
+	M_ASN1_I2D_vars(a);
+	M_ASN1_I2D_len (a->type, i2d_ASN1_OBJECT);
+	M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509,a->certs,i2d_X509,0,
+					     V_ASN1_SEQUENCE,v);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put (a->type, i2d_ASN1_OBJECT);
+	M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509,a->certs,i2d_X509,0,
+					     V_ASN1_SEQUENCE,v);
+
+	M_ASN1_I2D_finish();
+}
+
+NETSCAPE_CERT_SEQUENCE *NETSCAPE_CERT_SEQUENCE_new(void)
+{
+	NETSCAPE_CERT_SEQUENCE *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, NETSCAPE_CERT_SEQUENCE);
+	/* Note hardcoded object type */
+	ret->type = OBJ_nid2obj(NID_netscape_cert_sequence);
+	ret->certs = NULL;
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_NETSCAPE_CERT_SEQUENCE_NEW);
+}
+
+NETSCAPE_CERT_SEQUENCE *d2i_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE **a,
+	     unsigned char **pp, long length)
+{
+	M_ASN1_D2I_vars(a,NETSCAPE_CERT_SEQUENCE *,
+					NETSCAPE_CERT_SEQUENCE_new);
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get (ret->type, d2i_ASN1_OBJECT);
+	M_ASN1_D2I_get_EXP_set_opt_type(X509,ret->certs,d2i_X509,X509_free,0,
+					V_ASN1_SEQUENCE);
+	M_ASN1_D2I_Finish(a, NETSCAPE_CERT_SEQUENCE_free,
+			  ASN1_F_D2I_NETSCAPE_CERT_SEQUENCE);
+}
+
+void NETSCAPE_CERT_SEQUENCE_free (NETSCAPE_CERT_SEQUENCE *a)
+{
+	if (a == NULL) return;
+	ASN1_OBJECT_free(a->type);
+	if(a->certs)
+	    sk_X509_pop_free(a->certs, X509_free);
+	Free (a);
+}
diff --git a/lib/libssl/src/crypto/asn1/p5_pbe.c b/lib/libssl/src/crypto/asn1/p5_pbe.c
new file mode 100644
index 00000000000..b831836e7b0
--- /dev/null
+++ b/lib/libssl/src/crypto/asn1/p5_pbe.c
@@ -0,0 +1,156 @@
+/* p5_pbe.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
+#include <openssl/rand.h>
+
+/* PKCS#5 password based encryption structure */
+
+int i2d_PBEPARAM(PBEPARAM *a, unsigned char **pp)
+{
+	M_ASN1_I2D_vars(a);
+	M_ASN1_I2D_len (a->salt, i2d_ASN1_OCTET_STRING);
+	M_ASN1_I2D_len (a->iter, i2d_ASN1_INTEGER);
+
+	M_ASN1_I2D_seq_total ();
+
+	M_ASN1_I2D_put (a->salt, i2d_ASN1_OCTET_STRING);
+	M_ASN1_I2D_put (a->iter, i2d_ASN1_INTEGER);
+	M_ASN1_I2D_finish();
+}
+
+PBEPARAM *PBEPARAM_new(void)
+{
+	PBEPARAM *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, PBEPARAM);
+	M_ASN1_New(ret->iter,ASN1_INTEGER_new);
+	M_ASN1_New(ret->salt,ASN1_OCTET_STRING_new);
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_PBEPARAM_NEW);
+}
+
+PBEPARAM *d2i_PBEPARAM(PBEPARAM **a, unsigned char **pp, long length)
+{
+	M_ASN1_D2I_vars(a,PBEPARAM *,PBEPARAM_new);
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get (ret->salt, d2i_ASN1_OCTET_STRING);
+	M_ASN1_D2I_get (ret->iter, d2i_ASN1_INTEGER);
+	M_ASN1_D2I_Finish(a, PBEPARAM_free, ASN1_F_D2I_PBEPARAM);
+}
+
+void PBEPARAM_free (PBEPARAM *a)
+{
+	if(a==NULL) return;
+	ASN1_OCTET_STRING_free(a->salt);
+	ASN1_INTEGER_free (a->iter);
+	Free ((char *)a);
+}
+
+/* Return an algorithm identifier for a PKCS#5 PBE algorithm */
+
+X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt,
+	     int saltlen)
+{
+	PBEPARAM *pbe;
+	ASN1_OBJECT *al;
+	X509_ALGOR *algor;
+	ASN1_TYPE *astype;
+
+	if (!(pbe = PBEPARAM_new ())) {
+		ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
+	ASN1_INTEGER_set (pbe->iter, iter);
+	if (!saltlen) saltlen = PKCS5_SALT_LEN;
+	if (!(pbe->salt->data = Malloc (saltlen))) {
+		ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	pbe->salt->length = saltlen;
+	if (salt) memcpy (pbe->salt->data, salt, saltlen);
+	else RAND_bytes (pbe->salt->data, saltlen);
+
+	if (!(astype = ASN1_TYPE_new())) {
+		ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+
+	astype->type = V_ASN1_SEQUENCE;
+	if(!ASN1_pack_string(pbe, i2d_PBEPARAM, &astype->value.sequence)) {
+		ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	PBEPARAM_free (pbe);
+	
+	al = OBJ_nid2obj(alg); /* never need to free al */
+	if (!(algor = X509_ALGOR_new())) {
+		ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	ASN1_OBJECT_free(algor->algorithm);
+	algor->algorithm = al;
+	algor->parameter = astype;
+
+	return (algor);
+}
diff --git a/lib/libssl/src/crypto/asn1/p5_pbev2.c b/lib/libssl/src/crypto/asn1/p5_pbev2.c
new file mode 100644
index 00000000000..09f4bf61121
--- /dev/null
+++ b/lib/libssl/src/crypto/asn1/p5_pbev2.c
@@ -0,0 +1,274 @@
+/* p5_pbev2.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
+#include <openssl/rand.h>
+
+/* PKCS#5 v2.0 password based encryption structures */
+
+int i2d_PBE2PARAM(PBE2PARAM *a, unsigned char **pp)
+{
+	M_ASN1_I2D_vars(a);
+	M_ASN1_I2D_len (a->keyfunc, i2d_X509_ALGOR);
+	M_ASN1_I2D_len (a->encryption, i2d_X509_ALGOR);
+
+	M_ASN1_I2D_seq_total ();
+
+	M_ASN1_I2D_put (a->keyfunc, i2d_X509_ALGOR);
+	M_ASN1_I2D_put (a->encryption, i2d_X509_ALGOR);
+
+	M_ASN1_I2D_finish();
+}
+
+PBE2PARAM *PBE2PARAM_new(void)
+{
+	PBE2PARAM *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, PBE2PARAM);
+	M_ASN1_New(ret->keyfunc,X509_ALGOR_new);
+	M_ASN1_New(ret->encryption,X509_ALGOR_new);
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_PBE2PARAM_NEW);
+}
+
+PBE2PARAM *d2i_PBE2PARAM(PBE2PARAM **a, unsigned char **pp, long length)
+{
+	M_ASN1_D2I_vars(a,PBE2PARAM *,PBE2PARAM_new);
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get (ret->keyfunc, d2i_X509_ALGOR);
+	M_ASN1_D2I_get (ret->encryption, d2i_X509_ALGOR);
+	M_ASN1_D2I_Finish(a, PBE2PARAM_free, ASN1_F_D2I_PBE2PARAM);
+}
+
+void PBE2PARAM_free (PBE2PARAM *a)
+{
+	if(a==NULL) return;
+	X509_ALGOR_free(a->keyfunc);
+	X509_ALGOR_free(a->encryption);
+	Free ((char *)a);
+}
+
+int i2d_PBKDF2PARAM(PBKDF2PARAM *a, unsigned char **pp)
+{
+	M_ASN1_I2D_vars(a);
+	M_ASN1_I2D_len (a->salt, i2d_ASN1_TYPE);
+	M_ASN1_I2D_len (a->iter, i2d_ASN1_INTEGER);
+	M_ASN1_I2D_len (a->keylength, i2d_ASN1_INTEGER);
+	M_ASN1_I2D_len (a->prf, i2d_X509_ALGOR);
+
+	M_ASN1_I2D_seq_total ();
+
+	M_ASN1_I2D_put (a->salt, i2d_ASN1_TYPE);
+	M_ASN1_I2D_put (a->iter, i2d_ASN1_INTEGER);
+	M_ASN1_I2D_put (a->keylength, i2d_ASN1_INTEGER);
+	M_ASN1_I2D_put (a->prf, i2d_X509_ALGOR);
+
+	M_ASN1_I2D_finish();
+}
+
+PBKDF2PARAM *PBKDF2PARAM_new(void)
+{
+	PBKDF2PARAM *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, PBKDF2PARAM);
+	M_ASN1_New(ret->salt, ASN1_TYPE_new);
+	M_ASN1_New(ret->iter, ASN1_INTEGER_new);
+	ret->keylength = NULL;
+	ret->prf = NULL;
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_PBKDF2PARAM_NEW);
+}
+
+PBKDF2PARAM *d2i_PBKDF2PARAM(PBKDF2PARAM **a, unsigned char **pp,
+	     long length)
+{
+	M_ASN1_D2I_vars(a,PBKDF2PARAM *,PBKDF2PARAM_new);
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get (ret->salt, d2i_ASN1_TYPE);
+	M_ASN1_D2I_get (ret->iter, d2i_ASN1_INTEGER);
+	M_ASN1_D2I_get_opt (ret->keylength, d2i_ASN1_INTEGER, V_ASN1_INTEGER);
+	M_ASN1_D2I_get_opt (ret->prf, d2i_X509_ALGOR, V_ASN1_SEQUENCE);
+	M_ASN1_D2I_Finish(a, PBKDF2PARAM_free, ASN1_F_D2I_PBKDF2PARAM);
+}
+
+void PBKDF2PARAM_free (PBKDF2PARAM *a)
+{
+	if(a==NULL) return;
+	ASN1_TYPE_free(a->salt);
+	ASN1_INTEGER_free(a->iter);
+	ASN1_INTEGER_free(a->keylength);
+	X509_ALGOR_free(a->prf);
+	Free ((char *)a);
+}
+
+/* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm:
+ * yes I know this is horrible!
+ */
+
+X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
+				 unsigned char *salt, int saltlen)
+{
+	X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
+	int alg_nid;
+	EVP_CIPHER_CTX ctx;
+	unsigned char iv[EVP_MAX_IV_LENGTH];
+	PBKDF2PARAM *kdf = NULL;
+	PBE2PARAM *pbe2 = NULL;
+	ASN1_OCTET_STRING *osalt = NULL;
+
+	if(!(pbe2 = PBE2PARAM_new())) goto merr;
+
+	/* Setup the AlgorithmIdentifier for the encryption scheme */
+	scheme = pbe2->encryption;
+
+	alg_nid = EVP_CIPHER_type(cipher);
+
+	scheme->algorithm = OBJ_nid2obj(alg_nid);
+	if(!(scheme->parameter = ASN1_TYPE_new())) goto merr;
+
+	/* Create random IV */
+	RAND_bytes(iv, EVP_CIPHER_iv_length(cipher));
+
+	/* Dummy cipherinit to just setup the IV */
+	EVP_CipherInit(&ctx, cipher, NULL, iv, 0);
+	if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
+		ASN1err(ASN1_F_PKCS5_PBE2_SET,
+					ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
+		goto err;
+	}
+	EVP_CIPHER_CTX_cleanup(&ctx);
+
+	if(!(kdf = PBKDF2PARAM_new())) goto merr;
+	if(!(osalt = ASN1_OCTET_STRING_new())) goto merr;
+
+	if (!saltlen) saltlen = PKCS5_SALT_LEN;
+	if (!(osalt->data = Malloc (saltlen))) goto merr;
+	osalt->length = saltlen;
+	if (salt) memcpy (osalt->data, salt, saltlen);
+	else RAND_bytes (osalt->data, saltlen);
+
+	if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
+	if(!ASN1_INTEGER_set(kdf->iter, iter)) goto merr;
+
+	/* Now include salt in kdf structure */
+	kdf->salt->value.octet_string = osalt;
+	kdf->salt->type = V_ASN1_OCTET_STRING;
+	osalt = NULL;
+
+	/* If its RC2 then we'd better setup the key length */
+
+	if(alg_nid == NID_rc2_cbc) {
+		if(!(kdf->keylength = ASN1_INTEGER_new())) goto merr;
+		if(!ASN1_INTEGER_set (kdf->keylength,
+				 EVP_CIPHER_key_length(cipher))) goto merr;
+	}
+
+	/* prf can stay NULL because we are using hmacWithSHA1 */
+
+	/* Now setup the PBE2PARAM keyfunc structure */
+
+	pbe2->keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);
+
+	/* Encode PBKDF2PARAM into parameter of pbe2 */
+
+	if(!(pbe2->keyfunc->parameter = ASN1_TYPE_new())) goto merr;
+
+	if(!ASN1_pack_string(kdf, i2d_PBKDF2PARAM,
+			 &pbe2->keyfunc->parameter->value.sequence)) goto merr;
+	pbe2->keyfunc->parameter->type = V_ASN1_SEQUENCE;
+
+	PBKDF2PARAM_free(kdf);
+	kdf = NULL;
+
+	/* Now set up top level AlgorithmIdentifier */
+
+	if(!(ret = X509_ALGOR_new())) goto merr;
+	if(!(ret->parameter = ASN1_TYPE_new())) goto merr;
+
+	ret->algorithm = OBJ_nid2obj(NID_pbes2);
+
+	/* Encode PBE2PARAM into parameter */
+
+	if(!ASN1_pack_string(pbe2, i2d_PBE2PARAM,
+				 &ret->parameter->value.sequence)) goto merr;
+	ret->parameter->type = V_ASN1_SEQUENCE;
+
+	PBE2PARAM_free(pbe2);
+	pbe2 = NULL;
+
+	return ret;
+
+	merr:
+	ASN1err(ASN1_F_PKCS5_PBE2_SET,ERR_R_MALLOC_FAILURE);
+
+	err:
+	PBE2PARAM_free(pbe2);
+	/* Note 'scheme' is freed as part of pbe2 */
+	ASN1_OCTET_STRING_free(osalt);
+	PBKDF2PARAM_free(kdf);
+	X509_ALGOR_free(kalg);
+	X509_ALGOR_free(ret);
+
+	return NULL;
+
+}
diff --git a/lib/libssl/src/crypto/asn1/p7_dgst.c b/lib/libssl/src/crypto/asn1/p7_dgst.c
index f71ed8eb1da..62783a2b8de 100644
--- a/lib/libssl/src/crypto/asn1/p7_dgst.c
+++ b/lib/libssl/src/crypto/asn1/p7_dgst.c
@@ -58,17 +58,10 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
-#include "x509.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
 
-/*
- * ASN1err(ASN1_F_PKCS7_DIGEST_NEW,ASN1_R_MISSING_EOS);
- * ASN1err(ASN1_F_D2I_PKCS7_DIGEST,ASN1_R_LENGTH_MISMATCH);
- */
-
-int i2d_PKCS7_DIGEST(a,pp)
-PKCS7_DIGEST *a;
-unsigned char **pp;
+int i2d_PKCS7_DIGEST(PKCS7_DIGEST *a, unsigned char **pp)
 	{
 	M_ASN1_I2D_vars(a);
 
@@ -87,10 +80,8 @@ unsigned char **pp;
 	M_ASN1_I2D_finish();
 	}
 
-PKCS7_DIGEST *d2i_PKCS7_DIGEST(a,pp,length)
-PKCS7_DIGEST **a;
-unsigned char **pp;
-long length;
+PKCS7_DIGEST *d2i_PKCS7_DIGEST(PKCS7_DIGEST **a, unsigned char **pp,
+	     long length)
 	{
 	M_ASN1_D2I_vars(a,PKCS7_DIGEST *,PKCS7_DIGEST_new);
 
@@ -104,9 +95,10 @@ long length;
 	M_ASN1_D2I_Finish(a,PKCS7_DIGEST_free,ASN1_F_D2I_PKCS7_DIGEST);
 	}
 
-PKCS7_DIGEST *PKCS7_DIGEST_new()
+PKCS7_DIGEST *PKCS7_DIGEST_new(void)
 	{
 	PKCS7_DIGEST *ret=NULL;
+	ASN1_CTX c;
 
 	M_ASN1_New_Malloc(ret,PKCS7_DIGEST);
 	M_ASN1_New(ret->version,ASN1_INTEGER_new);
@@ -117,8 +109,7 @@ PKCS7_DIGEST *PKCS7_DIGEST_new()
 	M_ASN1_New_Error(ASN1_F_PKCS7_DIGEST_NEW);
 	}
 
-void PKCS7_DIGEST_free(a)
-PKCS7_DIGEST *a;
+void PKCS7_DIGEST_free(PKCS7_DIGEST *a)
 	{
 	if (a == NULL) return;
 	ASN1_INTEGER_free(a->version);
diff --git a/lib/libssl/src/crypto/asn1/p7_enc.c b/lib/libssl/src/crypto/asn1/p7_enc.c
index 874dd78389f..47411265870 100644
--- a/lib/libssl/src/crypto/asn1/p7_enc.c
+++ b/lib/libssl/src/crypto/asn1/p7_enc.c
@@ -58,17 +58,10 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
-#include "x509.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
 
-/*
- * ASN1err(ASN1_F_PKCS7_ENCRYPT_NEW,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_D2I_PKCS7_ENCRYPT,ASN1_R_LENGTH_MISMATCH);
- */
-
-int i2d_PKCS7_ENCRYPT(a,pp)
-PKCS7_ENCRYPT *a;
-unsigned char **pp;
+int i2d_PKCS7_ENCRYPT(PKCS7_ENCRYPT *a, unsigned char **pp)
 	{
 	M_ASN1_I2D_vars(a);
 
@@ -83,10 +76,8 @@ unsigned char **pp;
 	M_ASN1_I2D_finish();
 	}
 
-PKCS7_ENCRYPT *d2i_PKCS7_ENCRYPT(a,pp,length)
-PKCS7_ENCRYPT **a;
-unsigned char **pp;
-long length;
+PKCS7_ENCRYPT *d2i_PKCS7_ENCRYPT(PKCS7_ENCRYPT **a, unsigned char **pp,
+	     long length)
 	{
 	M_ASN1_D2I_vars(a,PKCS7_ENCRYPT *,PKCS7_ENCRYPT_new);
 
@@ -98,9 +89,10 @@ long length;
 	M_ASN1_D2I_Finish(a,PKCS7_ENCRYPT_free,ASN1_F_D2I_PKCS7_ENCRYPT);
 	}
 
-PKCS7_ENCRYPT *PKCS7_ENCRYPT_new()
+PKCS7_ENCRYPT *PKCS7_ENCRYPT_new(void)
 	{
 	PKCS7_ENCRYPT *ret=NULL;
+	ASN1_CTX c;
 
 	M_ASN1_New_Malloc(ret,PKCS7_ENCRYPT);
 	M_ASN1_New(ret->version,ASN1_INTEGER_new);
@@ -109,8 +101,7 @@ PKCS7_ENCRYPT *PKCS7_ENCRYPT_new()
 	M_ASN1_New_Error(ASN1_F_PKCS7_ENCRYPT_NEW);
 	}
 
-void PKCS7_ENCRYPT_free(a)
-PKCS7_ENCRYPT *a;
+void PKCS7_ENCRYPT_free(PKCS7_ENCRYPT *a)
 	{
 	if (a == NULL) return;
 	ASN1_INTEGER_free(a->version);
diff --git a/lib/libssl/src/crypto/asn1/p7_enc_c.c b/lib/libssl/src/crypto/asn1/p7_enc_c.c
index 2860d3e9255..a832737a382 100644
--- a/lib/libssl/src/crypto/asn1/p7_enc_c.c
+++ b/lib/libssl/src/crypto/asn1/p7_enc_c.c
@@ -58,17 +58,10 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
-#include "x509.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
 
-/*
- * ASN1err(ASN1_F_PKCS7_ENC_CONTENT_NEW,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_D2I_PKCS7_ENC_CONTENT,ASN1_R_LENGTH_MISMATCH);
- */
-
-int i2d_PKCS7_ENC_CONTENT(a,pp)
-PKCS7_ENC_CONTENT *a;
-unsigned char **pp;
+int i2d_PKCS7_ENC_CONTENT(PKCS7_ENC_CONTENT *a, unsigned char **pp)
 	{
 	M_ASN1_I2D_vars(a);
 
@@ -85,10 +78,8 @@ unsigned char **pp;
 	M_ASN1_I2D_finish();
 	}
 
-PKCS7_ENC_CONTENT *d2i_PKCS7_ENC_CONTENT(a,pp,length)
-PKCS7_ENC_CONTENT **a;
-unsigned char **pp;
-long length;
+PKCS7_ENC_CONTENT *d2i_PKCS7_ENC_CONTENT(PKCS7_ENC_CONTENT **a,
+	     unsigned char **pp, long length)
 	{
 	M_ASN1_D2I_vars(a,PKCS7_ENC_CONTENT *,PKCS7_ENC_CONTENT_new);
 
@@ -103,20 +94,21 @@ long length;
 		ASN1_F_D2I_PKCS7_ENC_CONTENT);
 	}
 
-PKCS7_ENC_CONTENT *PKCS7_ENC_CONTENT_new()
+PKCS7_ENC_CONTENT *PKCS7_ENC_CONTENT_new(void)
 	{
 	PKCS7_ENC_CONTENT *ret=NULL;
+	ASN1_CTX c;
 
 	M_ASN1_New_Malloc(ret,PKCS7_ENC_CONTENT);
-	M_ASN1_New(ret->content_type,ASN1_OBJECT_new);
+	/* M_ASN1_New(ret->content_type,ASN1_OBJECT_new); */
+	ret->content_type=OBJ_nid2obj(NID_pkcs7_encrypted);
 	M_ASN1_New(ret->algorithm,X509_ALGOR_new);
 	ret->enc_data=NULL;
 	return(ret);
 	M_ASN1_New_Error(ASN1_F_PKCS7_ENC_CONTENT_NEW);
 	}
 
-void PKCS7_ENC_CONTENT_free(a)
-PKCS7_ENC_CONTENT *a;
+void PKCS7_ENC_CONTENT_free(PKCS7_ENC_CONTENT *a)
 	{
 	if (a == NULL) return;
 	ASN1_OBJECT_free(a->content_type);
diff --git a/lib/libssl/src/crypto/asn1/p7_evp.c b/lib/libssl/src/crypto/asn1/p7_evp.c
index 4db0a7fe625..b2b3d50dcd8 100644
--- a/lib/libssl/src/crypto/asn1/p7_evp.c
+++ b/lib/libssl/src/crypto/asn1/p7_evp.c
@@ -58,67 +58,61 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
-#include "x509.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
 
-/*
- * ASN1err(ASN1_F_PKCS7_ENVELOPE_NEW,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_D2I_PKCS7_ENVELOPE,ASN1_R_LENGTH_MISMATCH);
- */
-
-int i2d_PKCS7_ENVELOPE(a,pp)
-PKCS7_ENVELOPE *a;
-unsigned char **pp;
+int i2d_PKCS7_ENVELOPE(PKCS7_ENVELOPE *a, unsigned char **pp)
 	{
 	M_ASN1_I2D_vars(a);
 
 	M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
-	M_ASN1_I2D_len_SET(a->recipientinfo,i2d_PKCS7_RECIP_INFO);
+	M_ASN1_I2D_len_SET_type(PKCS7_RECIP_INFO,a->recipientinfo,
+				i2d_PKCS7_RECIP_INFO);
 	M_ASN1_I2D_len(a->enc_data,i2d_PKCS7_ENC_CONTENT);
 
 	M_ASN1_I2D_seq_total();
 
 	M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER);
-	M_ASN1_I2D_put_SET(a->recipientinfo,i2d_PKCS7_RECIP_INFO);
+	M_ASN1_I2D_put_SET_type(PKCS7_RECIP_INFO,a->recipientinfo,
+				i2d_PKCS7_RECIP_INFO);
 	M_ASN1_I2D_put(a->enc_data,i2d_PKCS7_ENC_CONTENT);
 
 	M_ASN1_I2D_finish();
 	}
 
-PKCS7_ENVELOPE *d2i_PKCS7_ENVELOPE(a,pp,length)
-PKCS7_ENVELOPE **a;
-unsigned char **pp;
-long length;
+PKCS7_ENVELOPE *d2i_PKCS7_ENVELOPE(PKCS7_ENVELOPE **a, unsigned char **pp,
+	     long length)
 	{
 	M_ASN1_D2I_vars(a,PKCS7_ENVELOPE *,PKCS7_ENVELOPE_new);
 
 	M_ASN1_D2I_Init();
 	M_ASN1_D2I_start_sequence();
 	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
-	M_ASN1_D2I_get_set(ret->recipientinfo,d2i_PKCS7_RECIP_INFO);
+	M_ASN1_D2I_get_set_type(PKCS7_RECIP_INFO,ret->recipientinfo,
+				d2i_PKCS7_RECIP_INFO,PKCS7_RECIP_INFO_free);
 	M_ASN1_D2I_get(ret->enc_data,d2i_PKCS7_ENC_CONTENT);
 
 	M_ASN1_D2I_Finish(a,PKCS7_ENVELOPE_free,ASN1_F_D2I_PKCS7_ENVELOPE);
 	}
 
-PKCS7_ENVELOPE *PKCS7_ENVELOPE_new()
+PKCS7_ENVELOPE *PKCS7_ENVELOPE_new(void)
 	{
 	PKCS7_ENVELOPE *ret=NULL;
+	ASN1_CTX c;
 
 	M_ASN1_New_Malloc(ret,PKCS7_ENVELOPE);
 	M_ASN1_New(ret->version,ASN1_INTEGER_new);
-	M_ASN1_New(ret->recipientinfo,sk_new_null);
+	M_ASN1_New(ret->recipientinfo,sk_PKCS7_RECIP_INFO_new_null);
 	M_ASN1_New(ret->enc_data,PKCS7_ENC_CONTENT_new);
 	return(ret);
 	M_ASN1_New_Error(ASN1_F_PKCS7_ENVELOPE_NEW);
 	}
 
-void PKCS7_ENVELOPE_free(a)
-PKCS7_ENVELOPE *a;
+void PKCS7_ENVELOPE_free(PKCS7_ENVELOPE *a)
 	{
 	if (a == NULL) return;
 	ASN1_INTEGER_free(a->version);
-	sk_pop_free(a->recipientinfo,PKCS7_RECIP_INFO_free);
+	sk_PKCS7_RECIP_INFO_pop_free(a->recipientinfo,PKCS7_RECIP_INFO_free);
 	PKCS7_ENC_CONTENT_free(a->enc_data);
 	Free((char *)a);
 	}
diff --git a/lib/libssl/src/crypto/asn1/p7_i_s.c b/lib/libssl/src/crypto/asn1/p7_i_s.c
index 9b00c556d9e..7d4b457e017 100644
--- a/lib/libssl/src/crypto/asn1/p7_i_s.c
+++ b/lib/libssl/src/crypto/asn1/p7_i_s.c
@@ -58,17 +58,11 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
-#include "x509.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
 
-/*
- * ASN1err(ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL,ASN1_R_LENGTH_MISMATCH);
- */
-
-int i2d_PKCS7_ISSUER_AND_SERIAL(a,pp)
-PKCS7_ISSUER_AND_SERIAL *a;
-unsigned char **pp;
+int i2d_PKCS7_ISSUER_AND_SERIAL(PKCS7_ISSUER_AND_SERIAL *a,
+	     unsigned char **pp)
 	{
 	M_ASN1_I2D_vars(a);
 
@@ -83,10 +77,7 @@ unsigned char **pp;
 	M_ASN1_I2D_finish();
 	}
 
-PKCS7_ISSUER_AND_SERIAL *d2i_PKCS7_ISSUER_AND_SERIAL(a,pp,length)
-PKCS7_ISSUER_AND_SERIAL **a;
-unsigned char **pp;
-long length;
+PKCS7_ISSUER_AND_SERIAL *d2i_PKCS7_ISSUER_AND_SERIAL(PKCS7_ISSUER_AND_SERIAL **a, unsigned char **pp, long length)
 	{
 	M_ASN1_D2I_vars(a,PKCS7_ISSUER_AND_SERIAL *,PKCS7_ISSUER_AND_SERIAL_new);
 
@@ -98,9 +89,10 @@ long length;
 		ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL);
 	}
 
-PKCS7_ISSUER_AND_SERIAL *PKCS7_ISSUER_AND_SERIAL_new()
+PKCS7_ISSUER_AND_SERIAL *PKCS7_ISSUER_AND_SERIAL_new(void)
 	{
 	PKCS7_ISSUER_AND_SERIAL *ret=NULL;
+	ASN1_CTX c;
 
 	M_ASN1_New_Malloc(ret,PKCS7_ISSUER_AND_SERIAL);
 	M_ASN1_New(ret->issuer,X509_NAME_new);
@@ -109,8 +101,7 @@ PKCS7_ISSUER_AND_SERIAL *PKCS7_ISSUER_AND_SERIAL_new()
 	M_ASN1_New_Error(ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW);
 	}
 
-void PKCS7_ISSUER_AND_SERIAL_free(a)
-PKCS7_ISSUER_AND_SERIAL *a;
+void PKCS7_ISSUER_AND_SERIAL_free(PKCS7_ISSUER_AND_SERIAL *a)
 	{
 	if (a == NULL) return;
 	X509_NAME_free(a->issuer);
diff --git a/lib/libssl/src/crypto/asn1/p7_lib.c b/lib/libssl/src/crypto/asn1/p7_lib.c
index 2134e0974af..846be171588 100644
--- a/lib/libssl/src/crypto/asn1/p7_lib.c
+++ b/lib/libssl/src/crypto/asn1/p7_lib.c
@@ -58,17 +58,11 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
-#include "objects.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/pkcs7.h>
+#include <openssl/objects.h>
 
-/* ASN1err(ASN1_F_D2I_PKCS7,ASN1_R_BAD_PKCS7_CONTENT);
- * ASN1err(ASN1_F_I2D_PKCS7,ASN1_R_BAD_PKCS7_TYPE);
- * ASN1err(ASN1_F_PKCS7_NEW,ASN1_R_BAD_PKCS7_TYPE);
- */
-
-int i2d_PKCS7(a,pp)
-PKCS7 *a;
-unsigned char **pp;
+int i2d_PKCS7(PKCS7 *a, unsigned char **pp)
 	{
 	M_ASN1_I2D_vars(a);
 
@@ -150,10 +144,7 @@ unsigned char **pp;
 	M_ASN1_I2D_finish();
 	}
 
-PKCS7 *d2i_PKCS7(a,pp,length)
-PKCS7 **a;
-unsigned char **pp;
-long length;
+PKCS7 *d2i_PKCS7(PKCS7 **a, unsigned char **pp, long length)
 	{
 	M_ASN1_D2I_vars(a,PKCS7 *,PKCS7_new);
 
@@ -179,6 +170,7 @@ long length;
 			V_ASN1_CONTEXT_SPECIFIC|0))
 			{
 			c.error=ASN1_R_BAD_PKCS7_CONTENT;
+			c.line=__LINE__;
 			goto err;
 			}
 
@@ -187,7 +179,7 @@ long length;
 		c.q=c.p;
 		Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,
 			(c.inf & 1)?(length+ *pp-c.q):c.slen);
-		if (Tinf & 0x80) goto err;
+		if (Tinf & 0x80) { c.line=__LINE__; goto err; }
 		c.slen-=(c.p-c.q);
 
 		switch (OBJ_obj2nid(ret->type))
@@ -215,14 +207,16 @@ long length;
 			break;
 		default:
 			c.error=ASN1_R_BAD_PKCS7_TYPE;
+			c.line=__LINE__;
 			goto err;
-			break;
+			/* break; */
 			}
 		if (Tinf == (1|V_ASN1_CONSTRUCTED))
 			{
 			if (!ASN1_check_infinite_end(&c.p,c.slen))
 				{
-				c.error=ASN1_R_MISSING_EOS;
+				c.error=ERR_R_MISSING_ASN1_EOS;
+				c.line=__LINE__;
 				goto err;
 				}
 			}
@@ -233,12 +227,13 @@ long length;
 	M_ASN1_D2I_Finish(a,PKCS7_free,ASN1_F_D2I_PKCS7);
 	}
 
-PKCS7 *PKCS7_new()
+PKCS7 *PKCS7_new(void)
 	{
 	PKCS7 *ret=NULL;
+	ASN1_CTX c;
 
 	M_ASN1_New_Malloc(ret,PKCS7);
-	ret->type=ASN1_OBJECT_new();
+	ret->type=OBJ_nid2obj(NID_undef);
 	ret->asn1=NULL;
 	ret->length=0;
 	ret->detached=0;
@@ -247,8 +242,7 @@ PKCS7 *PKCS7_new()
 	M_ASN1_New_Error(ASN1_F_PKCS7_NEW);
 	}
 
-void PKCS7_free(a)
-PKCS7 *a;
+void PKCS7_free(PKCS7 *a)
 	{
 	if (a == NULL) return;
 
@@ -260,9 +254,11 @@ PKCS7 *a;
 	Free((char *)(char *)a);
 	}
 
-void PKCS7_content_free(a)
-PKCS7 *a;
+void PKCS7_content_free(PKCS7 *a)
 	{
+	if(a == NULL)
+	    return;
+
 	if (a->asn1 != NULL) Free((char *)a->asn1);
 
 	if (a->d.ptr != NULL)
diff --git a/lib/libssl/src/crypto/asn1/p7_recip.c b/lib/libssl/src/crypto/asn1/p7_recip.c
index f02233f5a8b..9fda4f20d49 100644
--- a/lib/libssl/src/crypto/asn1/p7_recip.c
+++ b/lib/libssl/src/crypto/asn1/p7_recip.c
@@ -58,17 +58,10 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
-#include "x509.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
 
-/*
- * ASN1err(ASN1_F_PKCS7_RECIP_INFO_NEW,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_D2I_PKCS7_RECIP_INFO,ASN1_R_LENGTH_MISMATCH);
- */
-
-int i2d_PKCS7_RECIP_INFO(a,pp)
-PKCS7_RECIP_INFO *a;
-unsigned char **pp;
+int i2d_PKCS7_RECIP_INFO(PKCS7_RECIP_INFO *a, unsigned char **pp)
 	{
 	M_ASN1_I2D_vars(a);
 
@@ -87,10 +80,8 @@ unsigned char **pp;
 	M_ASN1_I2D_finish();
 	}
 
-PKCS7_RECIP_INFO *d2i_PKCS7_RECIP_INFO(a,pp,length)
-PKCS7_RECIP_INFO **a;
-unsigned char **pp;
-long length;
+PKCS7_RECIP_INFO *d2i_PKCS7_RECIP_INFO(PKCS7_RECIP_INFO **a,
+	     unsigned char **pp, long length)
 	{
 	M_ASN1_D2I_vars(a,PKCS7_RECIP_INFO *,PKCS7_RECIP_INFO_new);
 
@@ -104,9 +95,10 @@ long length;
 	M_ASN1_D2I_Finish(a,PKCS7_RECIP_INFO_free,ASN1_F_D2I_PKCS7_RECIP_INFO);
 	}
 
-PKCS7_RECIP_INFO *PKCS7_RECIP_INFO_new()
+PKCS7_RECIP_INFO *PKCS7_RECIP_INFO_new(void)
 	{
 	PKCS7_RECIP_INFO *ret=NULL;
+	ASN1_CTX c;
 
 	M_ASN1_New_Malloc(ret,PKCS7_RECIP_INFO);
 	M_ASN1_New(ret->version,ASN1_INTEGER_new);
@@ -118,8 +110,7 @@ PKCS7_RECIP_INFO *PKCS7_RECIP_INFO_new()
 	M_ASN1_New_Error(ASN1_F_PKCS7_RECIP_INFO_NEW);
 	}
 
-void PKCS7_RECIP_INFO_free(a)
-PKCS7_RECIP_INFO *a;
+void PKCS7_RECIP_INFO_free(PKCS7_RECIP_INFO *a)
 	{
 	if (a == NULL) return;
 	ASN1_INTEGER_free(a->version);
@@ -127,6 +118,8 @@ PKCS7_RECIP_INFO *a;
 	X509_ALGOR_free(a->key_enc_algor);
 	ASN1_OCTET_STRING_free(a->enc_key);
 	if (a->cert != NULL) X509_free(a->cert);
-	Free((char *)a);
+	Free(a);
 	}
 
+IMPLEMENT_STACK_OF(PKCS7_RECIP_INFO)
+IMPLEMENT_ASN1_SET_OF(PKCS7_RECIP_INFO)
diff --git a/lib/libssl/src/crypto/asn1/p7_s_e.c b/lib/libssl/src/crypto/asn1/p7_s_e.c
index d344211456f..90946695c95 100644
--- a/lib/libssl/src/crypto/asn1/p7_s_e.c
+++ b/lib/libssl/src/crypto/asn1/p7_s_e.c
@@ -58,89 +58,88 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
-#include "x509.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
 
-/*
- * ASN1err(ASN1_F_PKCS7_SIGN_ENVELOPE_NEW,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_D2I_PKCS7_SIGN_ENVELOPE,ASN1_R_LENGTH_MISMATCH);
- */
-
-int i2d_PKCS7_SIGN_ENVELOPE(a,pp)
-PKCS7_SIGN_ENVELOPE *a;
-unsigned char **pp;
+int i2d_PKCS7_SIGN_ENVELOPE(PKCS7_SIGN_ENVELOPE *a, unsigned char **pp)
 	{
 	M_ASN1_I2D_vars(a);
 
 	M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
-	M_ASN1_I2D_len_SET(a->recipientinfo,i2d_PKCS7_RECIP_INFO);
-	M_ASN1_I2D_len_SET(a->md_algs,i2d_X509_ALGOR);
+	M_ASN1_I2D_len_SET_type(PKCS7_RECIP_INFO,a->recipientinfo,
+				i2d_PKCS7_RECIP_INFO);
+	M_ASN1_I2D_len_SET_type(X509_ALGOR,a->md_algs,i2d_X509_ALGOR);
 	M_ASN1_I2D_len(a->enc_data,i2d_PKCS7_ENC_CONTENT);
-	M_ASN1_I2D_len_IMP_set_opt(a->cert,i2d_X509,0);
-	M_ASN1_I2D_len_IMP_set_opt(a->crl,i2d_X509_CRL,1);
-	M_ASN1_I2D_len_SET(a->signer_info,i2d_PKCS7_SIGNER_INFO);
+	M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(X509,a->cert,i2d_X509,0);
+	M_ASN1_I2D_len_IMP_SET_opt_type(X509_CRL,a->crl,i2d_X509_CRL,1);
+	M_ASN1_I2D_len_SET_type(PKCS7_SIGNER_INFO,a->signer_info,
+				i2d_PKCS7_SIGNER_INFO);
 
 	M_ASN1_I2D_seq_total();
 
 	M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER);
-	M_ASN1_I2D_put_SET(a->recipientinfo,i2d_PKCS7_RECIP_INFO);
-	M_ASN1_I2D_put_SET(a->md_algs,i2d_X509_ALGOR);
+	M_ASN1_I2D_put_SET_type(PKCS7_RECIP_INFO,a->recipientinfo,
+				i2d_PKCS7_RECIP_INFO);
+	M_ASN1_I2D_put_SET_type(X509_ALGOR,a->md_algs,i2d_X509_ALGOR);
 	M_ASN1_I2D_put(a->enc_data,i2d_PKCS7_ENC_CONTENT);
-	M_ASN1_I2D_put_IMP_set_opt(a->cert,i2d_X509,0);
-	M_ASN1_I2D_put_IMP_set_opt(a->crl,i2d_X509_CRL,1);
-	M_ASN1_I2D_put_SET(a->signer_info,i2d_PKCS7_SIGNER_INFO);
+	M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(X509,a->cert,i2d_X509,0);
+	M_ASN1_I2D_put_IMP_SET_opt_type(X509_CRL,a->crl,i2d_X509_CRL,1);
+	M_ASN1_I2D_put_SET_type(PKCS7_SIGNER_INFO,a->signer_info,
+				i2d_PKCS7_SIGNER_INFO);
 
 	M_ASN1_I2D_finish();
 	}
 
-PKCS7_SIGN_ENVELOPE *d2i_PKCS7_SIGN_ENVELOPE(a,pp,length)
-PKCS7_SIGN_ENVELOPE **a;
-unsigned char **pp;
-long length;
+PKCS7_SIGN_ENVELOPE *d2i_PKCS7_SIGN_ENVELOPE(PKCS7_SIGN_ENVELOPE **a,
+	     unsigned char **pp, long length)
 	{
 	M_ASN1_D2I_vars(a,PKCS7_SIGN_ENVELOPE *,PKCS7_SIGN_ENVELOPE_new);
 
 	M_ASN1_D2I_Init();
 	M_ASN1_D2I_start_sequence();
 	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
-	M_ASN1_D2I_get_set(ret->recipientinfo,d2i_PKCS7_RECIP_INFO);
-	M_ASN1_D2I_get_set(ret->md_algs,d2i_X509_ALGOR);
+	M_ASN1_D2I_get_set_type(PKCS7_RECIP_INFO,ret->recipientinfo,
+				d2i_PKCS7_RECIP_INFO,PKCS7_RECIP_INFO_free);
+	M_ASN1_D2I_get_set_type(X509_ALGOR,ret->md_algs,d2i_X509_ALGOR,
+				X509_ALGOR_free);
 	M_ASN1_D2I_get(ret->enc_data,d2i_PKCS7_ENC_CONTENT);
-	M_ASN1_D2I_get_IMP_set_opt(ret->cert,d2i_X509,0);
-	M_ASN1_D2I_get_IMP_set_opt(ret->crl,d2i_X509_CRL,1);
-	M_ASN1_D2I_get_set(ret->signer_info,d2i_PKCS7_SIGNER_INFO);
+	M_ASN1_D2I_get_IMP_set_opt_type(X509,ret->cert,d2i_X509,X509_free,0);
+	M_ASN1_D2I_get_IMP_set_opt_type(X509_CRL,ret->crl,d2i_X509_CRL,
+					X509_CRL_free,1);
+	M_ASN1_D2I_get_set_type(PKCS7_SIGNER_INFO,ret->signer_info,
+				d2i_PKCS7_SIGNER_INFO,PKCS7_SIGNER_INFO_free);
 
 	M_ASN1_D2I_Finish(a,PKCS7_SIGN_ENVELOPE_free,
 		ASN1_F_D2I_PKCS7_SIGN_ENVELOPE);
 	}
 
-PKCS7_SIGN_ENVELOPE *PKCS7_SIGN_ENVELOPE_new()
+PKCS7_SIGN_ENVELOPE *PKCS7_SIGN_ENVELOPE_new(void)
 	{
 	PKCS7_SIGN_ENVELOPE *ret=NULL;
+	ASN1_CTX c;
 
 	M_ASN1_New_Malloc(ret,PKCS7_SIGN_ENVELOPE);
 	M_ASN1_New(ret->version,ASN1_INTEGER_new);
-	M_ASN1_New(ret->recipientinfo,sk_new_null);
-	M_ASN1_New(ret->md_algs,sk_new_null);
+	M_ASN1_New(ret->recipientinfo,sk_PKCS7_RECIP_INFO_new_null);
+	M_ASN1_New(ret->md_algs,sk_X509_ALGOR_new_null);
 	M_ASN1_New(ret->enc_data,PKCS7_ENC_CONTENT_new);
 	ret->cert=NULL;
 	ret->crl=NULL;
-	M_ASN1_New(ret->signer_info,sk_new_null);
+	M_ASN1_New(ret->signer_info,sk_PKCS7_SIGNER_INFO_new_null);
 	return(ret);
 	M_ASN1_New_Error(ASN1_F_PKCS7_SIGN_ENVELOPE_NEW);
 	}
 
-void PKCS7_SIGN_ENVELOPE_free(a)
-PKCS7_SIGN_ENVELOPE *a;
+void PKCS7_SIGN_ENVELOPE_free(PKCS7_SIGN_ENVELOPE *a)
 	{
 	if (a == NULL) return;
 	ASN1_INTEGER_free(a->version);
-	sk_pop_free(a->recipientinfo,PKCS7_RECIP_INFO_free);
-	sk_pop_free(a->md_algs,X509_ALGOR_free);
+	sk_PKCS7_RECIP_INFO_pop_free(a->recipientinfo,PKCS7_RECIP_INFO_free);
+	sk_X509_ALGOR_pop_free(a->md_algs,X509_ALGOR_free);
 	PKCS7_ENC_CONTENT_free(a->enc_data);
-	sk_pop_free(a->cert,X509_free);
-	sk_pop_free(a->crl,X509_CRL_free);
-	sk_pop_free(a->signer_info,PKCS7_SIGNER_INFO_free);
-	Free((char *)a);
+	sk_X509_pop_free(a->cert,X509_free);
+	sk_X509_CRL_pop_free(a->crl,X509_CRL_free);
+	sk_PKCS7_SIGNER_INFO_pop_free(a->signer_info,PKCS7_SIGNER_INFO_free);
+	Free(a);
 	}
 
diff --git a/lib/libssl/src/crypto/asn1/p7_signd.c b/lib/libssl/src/crypto/asn1/p7_signd.c
index 40f9a44fa8d..74f0f522e15 100644
--- a/lib/libssl/src/crypto/asn1/p7_signd.c
+++ b/lib/libssl/src/crypto/asn1/p7_signd.c
@@ -58,83 +58,78 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
-#include "x509.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
 
-/*
- * ASN1err(ASN1_F_PKCS7_SIGNED_NEW,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_D2I_PKCS7_SIGNED,ASN1_R_LENGTH_MISMATCH);
- */
-
-int i2d_PKCS7_SIGNED(a,pp)
-PKCS7_SIGNED *a;
-unsigned char **pp;
+int i2d_PKCS7_SIGNED(PKCS7_SIGNED *a, unsigned char **pp)
 	{
 	M_ASN1_I2D_vars(a);
 
 	M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
-	M_ASN1_I2D_len_SET(a->md_algs,i2d_X509_ALGOR);
+	M_ASN1_I2D_len_SET_type(X509_ALGOR,a->md_algs,i2d_X509_ALGOR);
 	M_ASN1_I2D_len(a->contents,i2d_PKCS7);
-	M_ASN1_I2D_len_IMP_set_opt(a->cert,i2d_X509,0);
-	M_ASN1_I2D_len_IMP_set_opt(a->crl,i2d_X509_CRL,1);
-	M_ASN1_I2D_len_SET(a->signer_info,i2d_PKCS7_SIGNER_INFO);
+	M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(X509,a->cert,i2d_X509,0);
+	M_ASN1_I2D_len_IMP_SET_opt_type(X509_CRL,a->crl,i2d_X509_CRL,1);
+	M_ASN1_I2D_len_SET_type(PKCS7_SIGNER_INFO,a->signer_info,
+				i2d_PKCS7_SIGNER_INFO);
 
 	M_ASN1_I2D_seq_total();
 
 	M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER);
-	M_ASN1_I2D_put_SET(a->md_algs,i2d_X509_ALGOR);
+	M_ASN1_I2D_put_SET_type(X509_ALGOR,a->md_algs,i2d_X509_ALGOR);
 	M_ASN1_I2D_put(a->contents,i2d_PKCS7);
-	M_ASN1_I2D_put_IMP_set_opt(a->cert,i2d_X509,0);
-	M_ASN1_I2D_put_IMP_set_opt(a->crl,i2d_X509_CRL,1);
-	M_ASN1_I2D_put_SET(a->signer_info,i2d_PKCS7_SIGNER_INFO);
+	M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(X509,a->cert,i2d_X509,0);
+	M_ASN1_I2D_put_IMP_SET_opt_type(X509_CRL,a->crl,i2d_X509_CRL,1);
+	M_ASN1_I2D_put_SET_type(PKCS7_SIGNER_INFO,a->signer_info,
+				i2d_PKCS7_SIGNER_INFO);
 
 	M_ASN1_I2D_finish();
 	}
 
-PKCS7_SIGNED *d2i_PKCS7_SIGNED(a,pp,length)
-PKCS7_SIGNED **a;
-unsigned char **pp;
-long length;
+PKCS7_SIGNED *d2i_PKCS7_SIGNED(PKCS7_SIGNED **a, unsigned char **pp,
+	     long length)
 	{
 	M_ASN1_D2I_vars(a,PKCS7_SIGNED *,PKCS7_SIGNED_new);
 
 	M_ASN1_D2I_Init();
 	M_ASN1_D2I_start_sequence();
 	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
-	M_ASN1_D2I_get_set(ret->md_algs,d2i_X509_ALGOR);
+	M_ASN1_D2I_get_set_type(X509_ALGOR,ret->md_algs,d2i_X509_ALGOR,
+				X509_ALGOR_free);
 	M_ASN1_D2I_get(ret->contents,d2i_PKCS7);
-	M_ASN1_D2I_get_IMP_set_opt(ret->cert,d2i_X509,0);
-	M_ASN1_D2I_get_IMP_set_opt(ret->crl,d2i_X509_CRL,1);
-	M_ASN1_D2I_get_set(ret->signer_info,d2i_PKCS7_SIGNER_INFO);
+	M_ASN1_D2I_get_IMP_set_opt_type(X509,ret->cert,d2i_X509,X509_free,0);
+	M_ASN1_D2I_get_IMP_set_opt_type(X509_CRL,ret->crl,d2i_X509_CRL,
+					X509_CRL_free,1);
+	M_ASN1_D2I_get_set_type(PKCS7_SIGNER_INFO,ret->signer_info,
+				d2i_PKCS7_SIGNER_INFO,PKCS7_SIGNER_INFO_free);
 
 	M_ASN1_D2I_Finish(a,PKCS7_SIGNED_free,ASN1_F_D2I_PKCS7_SIGNED);
 	}
 
-PKCS7_SIGNED *PKCS7_SIGNED_new()
+PKCS7_SIGNED *PKCS7_SIGNED_new(void)
 	{
 	PKCS7_SIGNED *ret=NULL;
+	ASN1_CTX c;
 
 	M_ASN1_New_Malloc(ret,PKCS7_SIGNED);
 	M_ASN1_New(ret->version,ASN1_INTEGER_new);
-	M_ASN1_New(ret->md_algs,sk_new_null);
+	M_ASN1_New(ret->md_algs,sk_X509_ALGOR_new_null);
 	M_ASN1_New(ret->contents,PKCS7_new);
 	ret->cert=NULL;
 	ret->crl=NULL;
-	M_ASN1_New(ret->signer_info,sk_new_null);
+	M_ASN1_New(ret->signer_info,sk_PKCS7_SIGNER_INFO_new_null);
 	return(ret);
 	M_ASN1_New_Error(ASN1_F_PKCS7_SIGNED_NEW);
 	}
 
-void PKCS7_SIGNED_free(a)
-PKCS7_SIGNED *a;
+void PKCS7_SIGNED_free(PKCS7_SIGNED *a)
 	{
 	if (a == NULL) return;
 	ASN1_INTEGER_free(a->version);
-	sk_pop_free(a->md_algs,X509_ALGOR_free);
+	sk_X509_ALGOR_pop_free(a->md_algs,X509_ALGOR_free);
 	PKCS7_free(a->contents);
-	sk_pop_free(a->cert,X509_free);
-	sk_pop_free(a->crl,X509_CRL_free);
-	sk_pop_free(a->signer_info,PKCS7_SIGNER_INFO_free);
-	Free((char *)a);
+	sk_X509_pop_free(a->cert,X509_free);
+	sk_X509_CRL_pop_free(a->crl,X509_CRL_free);
+	sk_PKCS7_SIGNER_INFO_pop_free(a->signer_info,PKCS7_SIGNER_INFO_free);
+	Free(a);
 	}
-
diff --git a/lib/libssl/src/crypto/asn1/p7_signi.c b/lib/libssl/src/crypto/asn1/p7_signi.c
index 0da92169fcc..21132ef4ddd 100644
--- a/lib/libssl/src/crypto/asn1/p7_signi.c
+++ b/lib/libssl/src/crypto/asn1/p7_signi.c
@@ -58,45 +58,40 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
-#include "x509.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
 
-/*
- * ASN1err(ASN1_F_PKCS7_SIGNER_INFO_NEW,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_D2I_PKCS7_SIGNER_INFO,ASN1_R_LENGTH_MISMATCH);
- */
-
-int i2d_PKCS7_SIGNER_INFO(a,pp)
-PKCS7_SIGNER_INFO *a;
-unsigned char **pp;
+int i2d_PKCS7_SIGNER_INFO(PKCS7_SIGNER_INFO *a, unsigned char **pp)
 	{
 	M_ASN1_I2D_vars(a);
 
 	M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
 	M_ASN1_I2D_len(a->issuer_and_serial,i2d_PKCS7_ISSUER_AND_SERIAL);
 	M_ASN1_I2D_len(a->digest_alg,i2d_X509_ALGOR);
-	M_ASN1_I2D_len_IMP_set_opt(a->auth_attr,i2d_X509_ATTRIBUTE,0);
+	M_ASN1_I2D_len_IMP_SET_opt_type(X509_ATTRIBUTE,a->auth_attr,
+					i2d_X509_ATTRIBUTE,0);
 	M_ASN1_I2D_len(a->digest_enc_alg,i2d_X509_ALGOR);
 	M_ASN1_I2D_len(a->enc_digest,i2d_ASN1_OCTET_STRING);
-	M_ASN1_I2D_len_IMP_set_opt(a->unauth_attr,i2d_X509_ATTRIBUTE,1);
+	M_ASN1_I2D_len_IMP_SET_opt_type(X509_ATTRIBUTE,a->unauth_attr,
+					i2d_X509_ATTRIBUTE,1);
 
 	M_ASN1_I2D_seq_total();
 
 	M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER);
 	M_ASN1_I2D_put(a->issuer_and_serial,i2d_PKCS7_ISSUER_AND_SERIAL);
 	M_ASN1_I2D_put(a->digest_alg,i2d_X509_ALGOR);
-	M_ASN1_I2D_put_IMP_set_opt(a->auth_attr,i2d_X509_ATTRIBUTE,0);
+	M_ASN1_I2D_put_IMP_SET_opt_type(X509_ATTRIBUTE,a->auth_attr,
+					i2d_X509_ATTRIBUTE,0);
 	M_ASN1_I2D_put(a->digest_enc_alg,i2d_X509_ALGOR);
 	M_ASN1_I2D_put(a->enc_digest,i2d_ASN1_OCTET_STRING);
-	M_ASN1_I2D_put_IMP_set_opt(a->unauth_attr,i2d_X509_ATTRIBUTE,1);
+	M_ASN1_I2D_put_IMP_SET_opt_type(X509_ATTRIBUTE,a->unauth_attr,
+					i2d_X509_ATTRIBUTE,1);
 
 	M_ASN1_I2D_finish();
 	}
 
-PKCS7_SIGNER_INFO *d2i_PKCS7_SIGNER_INFO(a,pp,length)
-PKCS7_SIGNER_INFO **a;
-unsigned char **pp;
-long length;
+PKCS7_SIGNER_INFO *d2i_PKCS7_SIGNER_INFO(PKCS7_SIGNER_INFO **a,
+	     unsigned char **pp, long length)
 	{
 	M_ASN1_D2I_vars(a,PKCS7_SIGNER_INFO *,PKCS7_SIGNER_INFO_new);
 
@@ -105,18 +100,23 @@ long length;
 	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
 	M_ASN1_D2I_get(ret->issuer_and_serial,d2i_PKCS7_ISSUER_AND_SERIAL);
 	M_ASN1_D2I_get(ret->digest_alg,d2i_X509_ALGOR);
-	M_ASN1_D2I_get_IMP_set_opt(ret->auth_attr,d2i_X509_ATTRIBUTE,0);
+	M_ASN1_D2I_get_IMP_set_opt_type(X509_ATTRIBUTE,ret->auth_attr,
+					d2i_X509_ATTRIBUTE,X509_ATTRIBUTE_free,
+					0);
 	M_ASN1_D2I_get(ret->digest_enc_alg,d2i_X509_ALGOR);
 	M_ASN1_D2I_get(ret->enc_digest,d2i_ASN1_OCTET_STRING);
-	M_ASN1_D2I_get_IMP_set_opt(ret->unauth_attr,d2i_X509_ATTRIBUTE,1);
+	M_ASN1_D2I_get_IMP_set_opt_type(X509_ATTRIBUTE,ret->unauth_attr,
+					d2i_X509_ATTRIBUTE,
+					X509_ATTRIBUTE_free,1);
 
 	M_ASN1_D2I_Finish(a,PKCS7_SIGNER_INFO_free,
 		ASN1_F_D2I_PKCS7_SIGNER_INFO);
 	}
 
-PKCS7_SIGNER_INFO *PKCS7_SIGNER_INFO_new()
+PKCS7_SIGNER_INFO *PKCS7_SIGNER_INFO_new(void)
 	{
 	PKCS7_SIGNER_INFO *ret=NULL;
+	ASN1_CTX c;
 
 	M_ASN1_New_Malloc(ret,PKCS7_SIGNER_INFO);
 	M_ASN1_New(ret->version,ASN1_INTEGER_new);
@@ -131,19 +131,20 @@ PKCS7_SIGNER_INFO *PKCS7_SIGNER_INFO_new()
 	M_ASN1_New_Error(ASN1_F_PKCS7_SIGNER_INFO_NEW);
 	}
 
-void PKCS7_SIGNER_INFO_free(a)
-PKCS7_SIGNER_INFO *a;
+void PKCS7_SIGNER_INFO_free(PKCS7_SIGNER_INFO *a)
 	{
 	if (a == NULL) return;
 	ASN1_INTEGER_free(a->version);
 	PKCS7_ISSUER_AND_SERIAL_free(a->issuer_and_serial);
 	X509_ALGOR_free(a->digest_alg);
-	sk_pop_free(a->auth_attr,X509_ATTRIBUTE_free);
+	sk_X509_ATTRIBUTE_pop_free(a->auth_attr,X509_ATTRIBUTE_free);
 	X509_ALGOR_free(a->digest_enc_alg);
 	ASN1_OCTET_STRING_free(a->enc_digest);
-	sk_pop_free(a->unauth_attr,X509_ATTRIBUTE_free);
+	sk_X509_ATTRIBUTE_pop_free(a->unauth_attr,X509_ATTRIBUTE_free);
 	if (a->pkey != NULL)
 		EVP_PKEY_free(a->pkey);
 	Free((char *)a);
 	}
 
+IMPLEMENT_STACK_OF(PKCS7_SIGNER_INFO)
+IMPLEMENT_ASN1_SET_OF(PKCS7_SIGNER_INFO)
diff --git a/lib/libssl/src/crypto/asn1/p8_pkey.c b/lib/libssl/src/crypto/asn1/p8_pkey.c
new file mode 100644
index 00000000000..aa9a4f6c968
--- /dev/null
+++ b/lib/libssl/src/crypto/asn1/p8_pkey.c
@@ -0,0 +1,129 @@
+/* p8_pkey.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
+
+int i2d_PKCS8_PRIV_KEY_INFO (PKCS8_PRIV_KEY_INFO *a, unsigned char **pp)
+{
+
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len (a->version, i2d_ASN1_INTEGER);
+	M_ASN1_I2D_len (a->pkeyalg, i2d_X509_ALGOR);
+	M_ASN1_I2D_len (a->pkey, i2d_ASN1_TYPE);
+	M_ASN1_I2D_len_IMP_SET_opt_type (X509_ATTRIBUTE, a->attributes,
+					 i2d_X509_ATTRIBUTE, 0);
+	
+	M_ASN1_I2D_seq_total ();
+
+	M_ASN1_I2D_put (a->version, i2d_ASN1_INTEGER);
+	M_ASN1_I2D_put (a->pkeyalg, i2d_X509_ALGOR);
+	M_ASN1_I2D_put (a->pkey, i2d_ASN1_TYPE);
+	M_ASN1_I2D_put_IMP_SET_opt_type (X509_ATTRIBUTE, a->attributes,
+					 i2d_X509_ATTRIBUTE, 0);
+
+	M_ASN1_I2D_finish();
+}
+
+PKCS8_PRIV_KEY_INFO *PKCS8_PRIV_KEY_INFO_new(void)
+{
+	PKCS8_PRIV_KEY_INFO *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, PKCS8_PRIV_KEY_INFO);
+	M_ASN1_New (ret->version, ASN1_INTEGER_new);
+	M_ASN1_New (ret->pkeyalg, X509_ALGOR_new);
+	M_ASN1_New (ret->pkey, ASN1_TYPE_new);
+	ret->attributes = NULL;
+	ret->broken = PKCS8_OK;
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_PKCS8_PRIV_KEY_INFO_NEW);
+}
+
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO **a,
+	     unsigned char **pp, long length)
+{
+	M_ASN1_D2I_vars(a,PKCS8_PRIV_KEY_INFO *,PKCS8_PRIV_KEY_INFO_new);
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get (ret->version, d2i_ASN1_INTEGER);
+	M_ASN1_D2I_get (ret->pkeyalg, d2i_X509_ALGOR);
+	M_ASN1_D2I_get (ret->pkey, d2i_ASN1_TYPE);
+	M_ASN1_D2I_get_IMP_set_opt_type(X509_ATTRIBUTE, ret->attributes,
+					d2i_X509_ATTRIBUTE,
+					X509_ATTRIBUTE_free, 0);
+	if (ASN1_TYPE_get(ret->pkey) == V_ASN1_SEQUENCE) 
+						ret->broken = PKCS8_NO_OCTET;
+	M_ASN1_D2I_Finish(a, PKCS8_PRIV_KEY_INFO_free, ASN1_F_D2I_PKCS8_PRIV_KEY_INFO);
+}
+
+void PKCS8_PRIV_KEY_INFO_free (PKCS8_PRIV_KEY_INFO *a)
+{
+	if (a == NULL) return;
+	ASN1_INTEGER_free (a->version);
+	X509_ALGOR_free(a->pkeyalg);
+	/* Clear sensitive data */
+	if (a->pkey->value.octet_string)
+		memset (a->pkey->value.octet_string->data,
+				 0, a->pkey->value.octet_string->length);
+	ASN1_TYPE_free (a->pkey);
+	sk_X509_ATTRIBUTE_pop_free (a->attributes, X509_ATTRIBUTE_free);
+	Free (a);
+}
diff --git a/lib/libssl/src/crypto/asn1/pkcs8.c b/lib/libssl/src/crypto/asn1/pkcs8.c
index 03fdadd51a9..29c4ea6a296 100644
--- a/lib/libssl/src/crypto/asn1/pkcs8.c
+++ b/lib/libssl/src/crypto/asn1/pkcs8.c
@@ -58,17 +58,10 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
-#include "objects.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/objects.h>
 
-/*
- * ASN1err(ASN1_F_D2I_X509_KEY,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_X509_KEY_NEW,ASN1_R_BAD_GET_OBJECT);
- */
-
-int i2d_X509_KEY(a,pp)
-X509 *a;
-unsigned char **pp;
+int i2d_X509_KEY(X509 *a, unsigned char **pp)
 	{
 	M_ASN1_I2D_vars(a);
 
@@ -85,10 +78,7 @@ unsigned char **pp;
 	M_ASN1_I2D_finish();
 	}
 
-X509 *d2i_X509_KEY(a,pp,length)
-X509 **a;
-unsigned char **pp;
-long length;
+X509 *d2i_X509_KEY(X509 **a, unsigned char **pp, long length)
 	{
 	M_ASN1_D2I_vars(a,X509 *,X509_new);
 
@@ -100,7 +90,7 @@ long length;
 	M_ASN1_D2I_Finish(a,X509_free,ASN1_F_D2I_X509);
 	}
 
-X509 *X509_KEY_new()
+X509 *X509_KEY_new(void)
 	{
 	X509_KEY *ret=NULL;
 
@@ -114,8 +104,7 @@ X509 *X509_KEY_new()
 	M_ASN1_New_Error(ASN1_F_X509_NEW);
 	}
 
-void X509_KEY_free(a)
-X509 *a;
+void X509_KEY_free(X509 *a)
 	{
 	int i;
 
diff --git a/lib/libssl/src/crypto/asn1/t_crl.c b/lib/libssl/src/crypto/asn1/t_crl.c
new file mode 100644
index 00000000000..c2e447ce6ff
--- /dev/null
+++ b/lib/libssl/src/crypto/asn1/t_crl.c
@@ -0,0 +1,166 @@
+/* t_crl.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+static void ext_print(BIO *out, X509_EXTENSION *ex);
+#ifndef NO_FP_API
+int X509_CRL_print_fp(FILE *fp, X509_CRL *x)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+		{
+		X509err(X509_F_X509_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+		}
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=X509_CRL_print(b, x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int X509_CRL_print(BIO *out, X509_CRL *x)
+{
+	char buf[256];
+	unsigned char *s;
+	STACK_OF(X509_REVOKED) *rev;
+	X509_REVOKED *r;
+	long l;
+	int i, j, n;
+
+	BIO_printf(out, "Certificate Revocation List (CRL):\n");
+	l = X509_CRL_get_version(x);
+	BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l+1, l);
+	i = OBJ_obj2nid(x->sig_alg->algorithm);
+	BIO_printf(out, "%8sSignature Algorithm: %s\n", "",
+				 (i == NID_undef) ? "NONE" : OBJ_nid2ln(i));
+	X509_NAME_oneline(X509_CRL_get_issuer(x),buf,256);
+	BIO_printf(out,"%8sIssuer: %s\n","",buf);
+	BIO_printf(out,"%8sLast Update: ","");
+	ASN1_TIME_print(out,X509_CRL_get_lastUpdate(x));
+	BIO_printf(out,"\n%8sNext Update: ","");
+	if (X509_CRL_get_nextUpdate(x))
+		 ASN1_TIME_print(out,X509_CRL_get_nextUpdate(x));
+	else BIO_printf(out,"NONE");
+	BIO_printf(out,"\n");
+
+	n=X509_CRL_get_ext_count(x);
+	if (n > 0) {
+		BIO_printf(out,"%8sCRL extensions:\n","");
+		for (i=0; i<n; i++) ext_print(out, X509_CRL_get_ext(x, i));
+	}
+
+
+	rev = X509_CRL_get_REVOKED(x);
+
+	if(sk_X509_REVOKED_num(rev))
+	    BIO_printf(out, "Revoked Certificates:\n");
+	else BIO_printf(out, "No Revoked Certificates.\n");
+
+	for(i = 0; i < sk_X509_REVOKED_num(rev); i++) {
+		r = sk_X509_REVOKED_value(rev, i);
+		BIO_printf(out,"    Serial Number: ");
+		i2a_ASN1_INTEGER(out,r->serialNumber);
+		BIO_printf(out,"\n        Revocation Date: ","");
+		ASN1_TIME_print(out,r->revocationDate);
+		BIO_printf(out,"\n");
+		for(j = 0; j < X509_REVOKED_get_ext_count(r); j++)
+				ext_print(out, X509_REVOKED_get_ext(r, j));
+	}
+
+	i=OBJ_obj2nid(x->sig_alg->algorithm);
+	BIO_printf(out,"    Signature Algorithm: %s",
+				(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
+
+	s = x->signature->data;
+	n = x->signature->length;
+	for (i=0; i<n; i++, s++)
+	{
+		if ((i%18) == 0) BIO_write(out,"\n        ",9);
+		BIO_printf(out,"%02x%s",*s, ((i+1) == n)?"":":");
+	}
+	BIO_write(out,"\n",1);
+
+	return 1;
+
+}
+
+static void ext_print(BIO *out, X509_EXTENSION *ex)
+{
+	ASN1_OBJECT *obj;
+	int j;
+	BIO_printf(out,"%12s","");
+	obj=X509_EXTENSION_get_object(ex);
+	i2a_ASN1_OBJECT(out,obj);
+	j=X509_EXTENSION_get_critical(ex);
+	BIO_printf(out, ": %s\n", j ? "critical":"","");
+	if(!X509V3_EXT_print(out, ex, 0, 16)) {
+		BIO_printf(out, "%16s", "");
+		ASN1_OCTET_STRING_print(out,ex->value);
+	}
+	BIO_write(out,"\n",1);
+}
diff --git a/lib/libssl/src/crypto/asn1/t_pkey.c b/lib/libssl/src/crypto/asn1/t_pkey.c
index bc518d59a26..0dc6e30c3dd 100644
--- a/lib/libssl/src/crypto/asn1/t_pkey.c
+++ b/lib/libssl/src/crypto/asn1/t_pkey.c
@@ -58,35 +58,23 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "bn.h"
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
 #ifndef NO_RSA
-#include "rsa.h"
+#include <openssl/rsa.h>
 #endif
 #ifndef NO_DH
-#include "dh.h"
+#include <openssl/dh.h>
 #endif
 #ifndef NO_DSA
-#include "dsa.h"
+#include <openssl/dsa.h>
 #endif
 
-/* DHerr(DH_F_DHPARAMS_PRINT,ERR_R_MALLOC_FAILURE);
- * DSAerr(DSA_F_DSAPARAMS_PRINT,ERR_R_MALLOC_FAILURE);
- */
-
-#ifndef NOPROTO
-static int print(BIO *fp,char *str,BIGNUM *num,
+static int print(BIO *fp,const char *str,BIGNUM *num,
 		unsigned char *buf,int off);
-#else
-static int print();
-#endif
-
 #ifndef NO_RSA
 #ifndef NO_FP_API
-int RSA_print_fp(fp,x,off)
-FILE *fp;
-RSA *x;
-int off;
+int RSA_print_fp(FILE *fp, RSA *x, int off)
         {
         BIO *b;
         int ret;
@@ -103,12 +91,10 @@ int off;
         }
 #endif
 
-int RSA_print(bp,x,off)
-BIO *bp;
-RSA *x;
-int off;
+int RSA_print(BIO *bp, RSA *x, int off)
 	{
-	char str[128],*s;
+	char str[128];
+	const char *s;
 	unsigned char *m=NULL;
 	int i,ret=0;
 
@@ -154,10 +140,7 @@ err:
 
 #ifndef NO_DSA
 #ifndef NO_FP_API
-int DSA_print_fp(fp,x,off)
-FILE *fp;
-DSA *x;
-int off;
+int DSA_print_fp(FILE *fp, DSA *x, int off)
 	{
 	BIO *b;
 	int ret;
@@ -174,10 +157,7 @@ int off;
 	}
 #endif
 
-int DSA_print(bp,x,off)
-BIO *bp;
-DSA *x;
-int off;
+int DSA_print(BIO *bp, DSA *x, int off)
 	{
 	char str[128];
 	unsigned char *m=NULL;
@@ -229,15 +209,12 @@ err:
 	}
 #endif /* !NO_DSA */
 
-static int print(bp,number,num,buf,off)
-BIO *bp;
-char *number;
-BIGNUM *num;
-unsigned char *buf;
-int off;
+static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf,
+	     int off)
 	{
 	int n,i;
-	char str[128],*neg;
+	char str[128];
+	const char *neg;
 
 	if (num == NULL) return(1);
 	neg=(num->neg)?"-":"";
@@ -284,9 +261,7 @@ int off;
 
 #ifndef NO_DH
 #ifndef NO_FP_API
-int DHparams_print_fp(fp,x)
-FILE *fp;
-DH *x;
+int DHparams_print_fp(FILE *fp, DH *x)
         {
         BIO *b;
         int ret;
@@ -303,9 +278,7 @@ DH *x;
         }
 #endif
 
-int DHparams_print(bp,x)
-BIO *bp;
-DH *x;
+int DHparams_print(BIO *bp, DH *x)
 	{
 	unsigned char *m=NULL;
 	int reason=ERR_R_BUF_LIB,i,ret=0;
@@ -341,9 +314,7 @@ err:
 
 #ifndef NO_DSA
 #ifndef NO_FP_API
-int DSAparams_print_fp(fp,x)
-FILE *fp;
-DSA *x;
+int DSAparams_print_fp(FILE *fp, DSA *x)
         {
         BIO *b;
         int ret;
@@ -360,9 +331,7 @@ DSA *x;
         }
 #endif
 
-int DSAparams_print(bp,x)
-BIO *bp;
-DSA *x;
+int DSAparams_print(BIO *bp, DSA *x)
 	{
 	unsigned char *m=NULL;
 	int reason=ERR_R_BUF_LIB,i,ret=0;
diff --git a/lib/libssl/src/crypto/asn1/t_req.c b/lib/libssl/src/crypto/asn1/t_req.c
index 7df749a48fd..bdd749436ab 100644
--- a/lib/libssl/src/crypto/asn1/t_req.c
+++ b/lib/libssl/src/crypto/asn1/t_req.c
@@ -58,15 +58,13 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "bn.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
 #ifndef NO_FP_API
-int X509_REQ_print_fp(fp,x)
-FILE *fp;
-X509_REQ *x;
+int X509_REQ_print_fp(FILE *fp, X509_REQ *x)
         {
         BIO *b;
         int ret;
@@ -83,16 +81,15 @@ X509_REQ *x;
         }
 #endif
 
-int X509_REQ_print(bp,x)
-BIO *bp;
-X509_REQ *x;
+int X509_REQ_print(BIO *bp, X509_REQ *x)
 	{
 	unsigned long l;
 	int i,n;
-	char *s,*neg;
+	char *s;
+	const char *neg;
 	X509_REQ_INFO *ri;
 	EVP_PKEY *pkey;
-	STACK *sk;
+	STACK_OF(X509_ATTRIBUTE) *sk;
 	char str[128];
 
 	ri=x->req_info;
@@ -138,12 +135,14 @@ X509_REQ *x;
 #endif
 		BIO_printf(bp,"%12sUnknown Public Key:\n","");
 
+	EVP_PKEY_free(pkey);
+
 	/* may not be */
 	sprintf(str,"%8sAttributes:\n","");
 	if (BIO_puts(bp,str) <= 0) goto err;
 
 	sk=x->req_info->attributes;
-	if ((sk == NULL) || (sk_num(sk) == 0))
+	if ((sk == NULL) || (sk_X509_ATTRIBUTE_num(sk) == 0))
 		{
 		if (!x->req_info->req_kludge)
 			{
@@ -153,7 +152,7 @@ X509_REQ *x;
 		}
 	else
 		{
-		for (i=0; i<sk_num(sk); i++)
+		for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
 			{
 			ASN1_TYPE *at;
 			X509_ATTRIBUTE *a;
@@ -161,17 +160,17 @@ X509_REQ *x;
 			ASN1_TYPE *t;
 			int j,type=0,count=1,ii=0;
 
-			a=(X509_ATTRIBUTE *)sk_value(sk,i);
+			a=sk_X509_ATTRIBUTE_value(sk,i);
 			sprintf(str,"%12s","");
 			if (BIO_puts(bp,str) <= 0) goto err;
 			if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0)
-
+			{
 			if (a->set)
 				{
 				ii=0;
-				count=sk_num(a->value.set);
+				count=sk_ASN1_TYPE_num(a->value.set);
 get_next:
-				at=(ASN1_TYPE *)sk_value(a->value.set,ii);
+				at=sk_ASN1_TYPE_value(a->value.set,ii);
 				type=at->type;
 				bs=at->value.asn1_string;
 				}
@@ -181,6 +180,7 @@ get_next:
 				type=t->type;
 				bs=t->value.bit_string;
 				}
+			}
 			for (j=25-j; j>0; j--)
 				if (BIO_write(bp," ",1) != 1) goto err;
 			if (BIO_puts(bp,":") <= 0) goto err;
diff --git a/lib/libssl/src/crypto/asn1/t_x509.c b/lib/libssl/src/crypto/asn1/t_x509.c
index b10fbbb9922..42f4d498cfa 100644
--- a/lib/libssl/src/crypto/asn1/t_x509.c
+++ b/lib/libssl/src/crypto/asn1/t_x509.c
@@ -58,21 +58,20 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "bn.h"
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
 #ifndef NO_RSA
-#include "rsa.h"
+#include <openssl/rsa.h>
 #endif
 #ifndef NO_DSA
-#include "dsa.h"
+#include <openssl/dsa.h>
 #endif
-#include "objects.h"
-#include "x509.h"
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
 
 #ifndef NO_FP_API
-int X509_print_fp(fp,x)
-FILE *fp;
-X509 *x;
+int X509_print_fp(FILE *fp, X509 *x)
         {
         BIO *b;
         int ret;
@@ -89,9 +88,7 @@ X509 *x;
         }
 #endif
 
-int X509_print(bp,x)
-BIO *bp;
-X509 *x;
+int X509_print(BIO *bp, X509 *x)
 	{
 	long l;
 	int ret=0,i,j,n;
@@ -99,7 +96,7 @@ X509 *x;
 	X509_CINF *ci;
 	ASN1_INTEGER *bs;
 	EVP_PKEY *pkey=NULL;
-	char *neg;
+	const char *neg;
 	X509_EXTENSION *ex;
 	ASN1_STRING *str=NULL;
 
@@ -146,9 +143,9 @@ X509 *x;
 	if (!X509_NAME_print(bp,X509_get_issuer_name(x),16)) goto err;
 	if (BIO_write(bp,"\n        Validity\n",18) <= 0) goto err;
 	if (BIO_write(bp,"            Not Before: ",24) <= 0) goto err;
-	if (!ASN1_UTCTIME_print(bp,X509_get_notBefore(x))) goto err;
+	if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err;
 	if (BIO_write(bp,"\n            Not After : ",25) <= 0) goto err;
-	if (!ASN1_UTCTIME_print(bp,X509_get_notAfter(x))) goto err;
+	if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err;
 	if (BIO_write(bp,"\n        Subject: ",18) <= 0) goto err;
 	if (!X509_NAME_print(bp,X509_get_subject_name(x),16)) goto err;
 	if (BIO_write(bp,"\n        Subject Public Key Info:\n",34) <= 0)
@@ -158,6 +155,12 @@ X509 *x;
 		(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err;
 
 	pkey=X509_get_pubkey(x);
+	if (pkey == NULL)
+		{
+		BIO_printf(bp,"%12sUnable to load Public Key\n","");
+		ERR_print_errors(bp);
+		}
+	else
 #ifndef NO_RSA
 	if (pkey->type == EVP_PKEY_RSA)
 		{
@@ -175,7 +178,9 @@ X509 *x;
 		}
 	else
 #endif
-		BIO_printf(bp,"%12sDSA Public Key:\n","");
+		BIO_printf(bp,"%12sUnknown Public Key:\n","");
+
+	EVP_PKEY_free(pkey);
 
 	n=X509_get_ext_count(x);
 	if (n > 0)
@@ -183,7 +188,9 @@ X509 *x;
 		BIO_printf(bp,"%8sX509v3 extensions:\n","");
 		for (i=0; i<n; i++)
 			{
+#if 0
 			int data_type,pack_type;
+#endif
 			ASN1_OBJECT *obj;
 
 			ex=X509_get_ext(x,i);
@@ -191,41 +198,11 @@ X509 *x;
 			obj=X509_EXTENSION_get_object(ex);
 			i2a_ASN1_OBJECT(bp,obj);
 			j=X509_EXTENSION_get_critical(ex);
-			if (BIO_printf(bp,": %s\n%16s",j?"critical":"","") <= 0)
+			if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
 				goto err;
-
-			pack_type=X509v3_pack_type_by_OBJ(obj);
-			data_type=X509v3_data_type_by_OBJ(obj);
-			
-			if (pack_type == X509_EXT_PACK_STRING)
-				{
-				if (X509v3_unpack_string(
-					&str,data_type,
-					X509_EXTENSION_get_data(ex)) == NULL)
-					{
-					/* hmm... */
-					goto err;
-					}
-				if (	(data_type == V_ASN1_IA5STRING) ||
-					(data_type == V_ASN1_PRINTABLESTRING) ||
-					(data_type == V_ASN1_T61STRING))
-					{
-					if (BIO_write(bp,(char *)str->data,
-							str->length) <= 0)
-						goto err;
-					}
-				else if (data_type == V_ASN1_BIT_STRING)
-					{
-					BIO_printf(bp,"0x");
-					for (j=0; j<str->length; j++)
-						{
-						BIO_printf(bp,"%02X",
-							str->data[j]);
-						}
-					}
-				}
-			else
+			if(!X509V3_EXT_print(bp, ex, 0, 16))
 				{
+				BIO_printf(bp, "%16s", "");
 				ASN1_OCTET_STRING_print(bp,ex->value);
 				}
 			if (BIO_write(bp,"\n",1) <= 0) goto err;
@@ -253,9 +230,7 @@ err:
 	return(ret);
 	}
 
-int ASN1_STRING_print(bp,v)
-BIO *bp;
-ASN1_STRING *v;
+int ASN1_STRING_print(BIO *bp, ASN1_STRING *v)
 	{
 	int i,n;
 	char buf[80],*p;;
@@ -284,15 +259,59 @@ ASN1_STRING *v;
 	return(1);
 	}
 
-int ASN1_UTCTIME_print(bp,tm)
-BIO *bp;
-ASN1_UTCTIME *tm;
+int ASN1_TIME_print(BIO *bp, ASN1_TIME *tm)
+{
+	if(tm->type == V_ASN1_UTCTIME) return ASN1_UTCTIME_print(bp, tm);
+	if(tm->type == V_ASN1_GENERALIZEDTIME)
+				return ASN1_GENERALIZEDTIME_print(bp, tm);
+	BIO_write(bp,"Bad time value",14);
+	return(0);
+}
+
+static const char *mon[12]=
+    {
+    "Jan","Feb","Mar","Apr","May","Jun",
+    "Jul","Aug","Sep","Oct","Nov","Dec"
+    };
+
+int ASN1_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm)
+	{
+	char *v;
+	int gmt=0;
+	int i;
+	int y=0,M=0,d=0,h=0,m=0,s=0;
+
+	i=tm->length;
+	v=(char *)tm->data;
+
+	if (i < 12) goto err;
+	if (v[i-1] == 'Z') gmt=1;
+	for (i=0; i<12; i++)
+		if ((v[i] > '9') || (v[i] < '0')) goto err;
+	y= (v[0]-'0')*1000+(v[1]-'0')*100 + (v[2]-'0')*10+(v[3]-'0');
+	M= (v[4]-'0')*10+(v[5]-'0');
+	if ((M > 12) || (M < 1)) goto err;
+	d= (v[6]-'0')*10+(v[7]-'0');
+	h= (v[8]-'0')*10+(v[9]-'0');
+	m=  (v[10]-'0')*10+(v[11]-'0');
+	if (	(v[12] >= '0') && (v[12] <= '9') &&
+		(v[13] >= '0') && (v[13] <= '9'))
+		s=  (v[12]-'0')*10+(v[13]-'0');
+
+	if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s",
+		mon[M-1],d,h,m,s,y,(gmt)?" GMT":"") <= 0)
+		return(0);
+	else
+		return(1);
+err:
+	BIO_write(bp,"Bad time value",14);
+	return(0);
+	}
+
+int ASN1_UTCTIME_print(BIO *bp, ASN1_UTCTIME *tm)
 	{
 	char *v;
 	int gmt=0;
-	static char *mon[12]={
-		"Jan","Feb","Mar","Apr","May","Jun",
-		"Jul","Aug","Sep","Oct","Nov","Dec"};
 	int i;
 	int y=0,M=0,d=0,h=0,m=0,s=0;
 
@@ -324,10 +343,7 @@ err:
 	return(0);
 	}
 
-int X509_NAME_print(bp,name,obase)
-BIO *bp;
-X509_NAME *name;
-int obase;
+int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
 	{
 	char *s,*c;
 	int ret=0,l,ll,i,first=1;
@@ -342,6 +358,7 @@ int obase;
 	c=s;
 	for (;;)
 		{
+#ifndef CHARSET_EBCDIC
 		if (	((*s == '/') &&
 				((s[1] >= 'A') && (s[1] <= 'Z') && (
 					(s[2] == '=') ||
@@ -349,6 +366,15 @@ int obase;
 					(s[3] == '='))
 				 ))) ||
 			(*s == '\0'))
+#else
+		if (	((*s == '/') &&
+				(isupper(s[1]) && (
+					(s[2] == '=') ||
+					(isupper(s[2]) &&
+					(s[3] == '='))
+				 ))) ||
+			(*s == '\0'))
+#endif
 			{
 			if ((l <= 0) && !first)
 				{
diff --git a/lib/libssl/src/crypto/asn1/x_algor.c b/lib/libssl/src/crypto/asn1/x_algor.c
index 0ed2c87b649..b2c20d139fc 100644
--- a/lib/libssl/src/crypto/asn1/x_algor.c
+++ b/lib/libssl/src/crypto/asn1/x_algor.c
@@ -58,17 +58,10 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
 
-/*
- * ASN1err(ASN1_F_D2I_X509_ALGOR,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_X509_ALGOR_NEW,ASN1_R_EXPECTING_A_SEQUENCE);
- * ASN1err(ASN1_F_D2I_X509_ALGOR,ASN1_R_LENGTH_MISMATCH);
- */
-
-int i2d_X509_ALGOR(a,pp)
-X509_ALGOR *a;
-unsigned char **pp;
+int i2d_X509_ALGOR(X509_ALGOR *a, unsigned char **pp)
 	{
 	M_ASN1_I2D_vars(a);
 
@@ -84,10 +77,7 @@ unsigned char **pp;
 	M_ASN1_I2D_finish();
 	}
 
-X509_ALGOR *d2i_X509_ALGOR(a,pp,length)
-X509_ALGOR **a;
-unsigned char **pp;
-long length;
+X509_ALGOR *d2i_X509_ALGOR(X509_ALGOR **a, unsigned char **pp, long length)
 	{
 	M_ASN1_D2I_vars(a,X509_ALGOR *,X509_ALGOR_new);
 
@@ -104,19 +94,19 @@ long length;
 	M_ASN1_D2I_Finish(a,X509_ALGOR_free,ASN1_F_D2I_X509_ALGOR);
 	}
 
-X509_ALGOR *X509_ALGOR_new()
+X509_ALGOR *X509_ALGOR_new(void)
 	{
 	X509_ALGOR *ret=NULL;
+	ASN1_CTX c;
 
 	M_ASN1_New_Malloc(ret,X509_ALGOR);
-	M_ASN1_New(ret->algorithm,ASN1_OBJECT_new);
+	ret->algorithm=OBJ_nid2obj(NID_undef);
 	ret->parameter=NULL;
 	return(ret);
 	M_ASN1_New_Error(ASN1_F_X509_ALGOR_NEW);
 	}
 
-void X509_ALGOR_free(a)
-X509_ALGOR *a;
+void X509_ALGOR_free(X509_ALGOR *a)
 	{
 	if (a == NULL) return;
 	ASN1_OBJECT_free(a->algorithm);
@@ -124,3 +114,5 @@ X509_ALGOR *a;
 	Free((char *)a);
 	}
 
+IMPLEMENT_STACK_OF(X509_ALGOR)
+IMPLEMENT_ASN1_SET_OF(X509_ALGOR)
diff --git a/lib/libssl/src/crypto/asn1/x_attrib.c b/lib/libssl/src/crypto/asn1/x_attrib.c
index e52ced86276..a1cbebf5a50 100644
--- a/lib/libssl/src/crypto/asn1/x_attrib.c
+++ b/lib/libssl/src/crypto/asn1/x_attrib.c
@@ -58,19 +58,12 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "objects.h"
-#include "asn1_mac.h"
-
-/*
- * ASN1err(ASN1_F_D2I_X509_ATTRIBUTE,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_X509_ATTRIBUTE_NEW,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
- * ASN1err(ASN1_F_I2D_X509_ATTRIBUTE,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
- */
+#include <openssl/objects.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
 
 /* sequence */
-int i2d_X509_ATTRIBUTE(a,pp)
-X509_ATTRIBUTE *a;
-unsigned char **pp;
+int i2d_X509_ATTRIBUTE(X509_ATTRIBUTE *a, unsigned char **pp)
 	{
 	int k=0;
 	int r=0,ret=0;
@@ -92,18 +85,16 @@ unsigned char **pp;
 
 		ret+=i2d_ASN1_OBJECT(a->object,p);
 		if (a->set)
-			ret+=i2d_ASN1_SET(a->value.set,p,i2d_ASN1_TYPE,
-				V_ASN1_SET,V_ASN1_UNIVERSAL);
+			ret+=i2d_ASN1_SET_OF_ASN1_TYPE(a->value.set,p,i2d_ASN1_TYPE,
+				V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET);
 		else
 			ret+=i2d_ASN1_TYPE(a->value.single,p);
 		if (k++) return(r);
 		}
 	}
 
-X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(a,pp,length)
-X509_ATTRIBUTE **a;
-unsigned char **pp;
-long length;
+X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(X509_ATTRIBUTE **a, unsigned char **pp,
+	     long length)
 	{
 	M_ASN1_D2I_vars(a,X509_ATTRIBUTE *,X509_ATTRIBUTE_new);
 
@@ -115,7 +106,8 @@ long length;
 		(M_ASN1_next == (V_ASN1_CONSTRUCTED|V_ASN1_UNIVERSAL|V_ASN1_SET)))
 		{
 		ret->set=1;
-		M_ASN1_D2I_get_set(ret->value.set,d2i_ASN1_TYPE);
+		M_ASN1_D2I_get_set_type(ASN1_TYPE,ret->value.set,d2i_ASN1_TYPE,
+					ASN1_TYPE_free);
 		}
 	else
 		{
@@ -126,25 +118,46 @@ long length;
 	M_ASN1_D2I_Finish(a,X509_ATTRIBUTE_free,ASN1_F_D2I_X509_ATTRIBUTE);
 	}
 
-X509_ATTRIBUTE *X509_ATTRIBUTE_new()
+X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
+	{
+	X509_ATTRIBUTE *ret=NULL;
+	ASN1_TYPE *val=NULL;
+
+	if ((ret=X509_ATTRIBUTE_new()) == NULL)
+		return(NULL);
+	ret->object=OBJ_nid2obj(nid);
+	ret->set=1;
+	if ((ret->value.set=sk_ASN1_TYPE_new_null()) == NULL) goto err;
+	if ((val=ASN1_TYPE_new()) == NULL) goto err;
+	if (!sk_ASN1_TYPE_push(ret->value.set,val)) goto err;
+
+	ASN1_TYPE_set(val,atrtype,value);
+	return(ret);
+err:
+	if (ret != NULL) X509_ATTRIBUTE_free(ret);
+	if (val != NULL) ASN1_TYPE_free(val);
+	return(NULL);
+	}
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_new(void)
 	{
 	X509_ATTRIBUTE *ret=NULL;
+	ASN1_CTX c;
 
 	M_ASN1_New_Malloc(ret,X509_ATTRIBUTE);
-	M_ASN1_New(ret->object,ASN1_OBJECT_new);
+	ret->object=OBJ_nid2obj(NID_undef);
 	ret->set=0;
 	ret->value.ptr=NULL;
 	return(ret);
 	M_ASN1_New_Error(ASN1_F_X509_ATTRIBUTE_NEW);
 	}
 	
-void X509_ATTRIBUTE_free(a)
-X509_ATTRIBUTE *a;
+void X509_ATTRIBUTE_free(X509_ATTRIBUTE *a)
 	{
 	if (a == NULL) return;
 	ASN1_OBJECT_free(a->object);
 	if (a->set)
-		sk_pop_free(a->value.set,ASN1_TYPE_free);
+		sk_ASN1_TYPE_pop_free(a->value.set,ASN1_TYPE_free);
 	else
 		ASN1_TYPE_free(a->value.single);
 	Free((char *)a);
diff --git a/lib/libssl/src/crypto/asn1/x_cinf.c b/lib/libssl/src/crypto/asn1/x_cinf.c
index 4fc2cc9f6e4..fe1b18a90ff 100644
--- a/lib/libssl/src/crypto/asn1/x_cinf.c
+++ b/lib/libssl/src/crypto/asn1/x_cinf.c
@@ -58,16 +58,10 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
 
-/*
- * ASN1err(ASN1_F_D2I_X509_CINF,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_X509_CINF_NEW,ASN1_R_LENGTH_MISMATCH);
- */
-
-int i2d_X509_CINF(a,pp)
-X509_CINF *a;
-unsigned char **pp;
+int i2d_X509_CINF(X509_CINF *a, unsigned char **pp)
 	{
 	int v1=0,v2=0;
 	M_ASN1_I2D_vars(a);
@@ -81,7 +75,9 @@ unsigned char **pp;
 	M_ASN1_I2D_len(a->key,			i2d_X509_PUBKEY);
 	M_ASN1_I2D_len_IMP_opt(a->issuerUID,	i2d_ASN1_BIT_STRING);
 	M_ASN1_I2D_len_IMP_opt(a->subjectUID,	i2d_ASN1_BIT_STRING);
-	M_ASN1_I2D_len_EXP_set_opt(a->extensions,i2d_X509_EXTENSION,3,V_ASN1_SEQUENCE,v2);
+	M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+					     i2d_X509_EXTENSION,3,
+					     V_ASN1_SEQUENCE,v2);
 
 	M_ASN1_I2D_seq_total();
 
@@ -94,15 +90,14 @@ unsigned char **pp;
 	M_ASN1_I2D_put(a->key,			i2d_X509_PUBKEY);
 	M_ASN1_I2D_put_IMP_opt(a->issuerUID,	i2d_ASN1_BIT_STRING,1);
 	M_ASN1_I2D_put_IMP_opt(a->subjectUID,	i2d_ASN1_BIT_STRING,2);
-	M_ASN1_I2D_put_EXP_set_opt(a->extensions,i2d_X509_EXTENSION,3,V_ASN1_SEQUENCE,v2);
+	M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+					     i2d_X509_EXTENSION,3,
+					     V_ASN1_SEQUENCE,v2);
 
 	M_ASN1_I2D_finish();
 	}
 
-X509_CINF *d2i_X509_CINF(a,pp,length)
-X509_CINF **a;
-unsigned char **pp;
-long length;
+X509_CINF *d2i_X509_CINF(X509_CINF **a, unsigned char **pp, long length)
 	{
 	int ver=0;
 	M_ASN1_D2I_vars(a,X509_CINF *,X509_CINF_new);
@@ -140,28 +135,38 @@ long length;
 		if (ret->subjectUID != NULL)
 			{
 			ASN1_BIT_STRING_free(ret->subjectUID);
-			ret->issuerUID=NULL;
+			ret->subjectUID=NULL;
 			}
 		M_ASN1_D2I_get_IMP_opt(ret->issuerUID,d2i_ASN1_BIT_STRING,  1,
 			V_ASN1_BIT_STRING);
 		M_ASN1_D2I_get_IMP_opt(ret->subjectUID,d2i_ASN1_BIT_STRING, 2,
 			V_ASN1_BIT_STRING);
 		}
+/* Note: some broken certificates include extensions but don't set
+ * the version number properly. By bypassing this check they can
+ * be parsed.
+ */
+
+#ifdef VERSION_EXT_CHECK
 	if (ver >= 2) /* version 3 extensions */
+#endif
 		{
 		if (ret->extensions != NULL)
-			while (sk_num(ret->extensions))
-				X509_EXTENSION_free((X509_EXTENSION *)
-					sk_pop(ret->extensions));
-		M_ASN1_D2I_get_EXP_set_opt(ret->extensions,d2i_X509_EXTENSION,3,
-			V_ASN1_SEQUENCE);
+			while (sk_X509_EXTENSION_num(ret->extensions))
+				X509_EXTENSION_free(
+				      sk_X509_EXTENSION_pop(ret->extensions));
+		M_ASN1_D2I_get_EXP_set_opt_type(X509_EXTENSION,ret->extensions,
+						d2i_X509_EXTENSION,
+						X509_EXTENSION_free,3,
+						V_ASN1_SEQUENCE);
 		}
 	M_ASN1_D2I_Finish(a,X509_CINF_free,ASN1_F_D2I_X509_CINF);
 	}
 
-X509_CINF *X509_CINF_new()
+X509_CINF *X509_CINF_new(void)
 	{
 	X509_CINF *ret=NULL;
+	ASN1_CTX c;
 
 	M_ASN1_New_Malloc(ret,X509_CINF);
 	ret->version=NULL;
@@ -178,8 +183,7 @@ X509_CINF *X509_CINF_new()
 	M_ASN1_New_Error(ASN1_F_X509_CINF_NEW);
 	}
 
-void X509_CINF_free(a)
-X509_CINF *a;
+void X509_CINF_free(X509_CINF *a)
 	{
 	if (a == NULL) return;
 	ASN1_INTEGER_free(a->version);
@@ -191,7 +195,7 @@ X509_CINF *a;
 	X509_PUBKEY_free(a->key);
 	ASN1_BIT_STRING_free(a->issuerUID);
 	ASN1_BIT_STRING_free(a->subjectUID);
-	sk_pop_free(a->extensions,X509_EXTENSION_free);
-	Free((char *)a);
+	sk_X509_EXTENSION_pop_free(a->extensions,X509_EXTENSION_free);
+	Free(a);
 	}
 
diff --git a/lib/libssl/src/crypto/asn1/x_crl.c b/lib/libssl/src/crypto/asn1/x_crl.c
index 13acdab427d..cd46bbebc28 100644
--- a/lib/libssl/src/crypto/asn1/x_crl.c
+++ b/lib/libssl/src/crypto/asn1/x_crl.c
@@ -58,83 +58,69 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
-#include "x509.h"
-
-/*
- * ASN1err(ASN1_F_D2I_X509_CRL,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_D2I_X509_CRL_INFO,ASN1_R_EXPECTING_A_SEQUENCE);
- * ASN1err(ASN1_F_D2I_X509_REVOKED,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_X509_CRL_NEW,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_X509_CRL_INFO_NEW,ASN1_R_EXPECTING_A_SEQUENCE);
- * ASN1err(ASN1_F_X509_REVOKED_NEW,ASN1_R_LENGTH_MISMATCH);
- */
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
 
-#ifndef NOPROTO
 static int X509_REVOKED_cmp(X509_REVOKED **a,X509_REVOKED **b);
 static int X509_REVOKED_seq_cmp(X509_REVOKED **a,X509_REVOKED **b);
-#else
-static int X509_REVOKED_cmp();
-static int X509_REVOKED_seq_cmp();
-#endif
-
-int i2d_X509_REVOKED(a,pp)
-X509_REVOKED *a;
-unsigned char **pp;
+int i2d_X509_REVOKED(X509_REVOKED *a, unsigned char **pp)
 	{
 	M_ASN1_I2D_vars(a);
 
 	M_ASN1_I2D_len(a->serialNumber,i2d_ASN1_INTEGER);
-	M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_UTCTIME);
-	M_ASN1_I2D_len_SEQ_opt(a->extensions,i2d_X509_EXTENSION);
+	M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_TIME);
+	M_ASN1_I2D_len_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+					 i2d_X509_EXTENSION);
 
 	M_ASN1_I2D_seq_total();
 
 	M_ASN1_I2D_put(a->serialNumber,i2d_ASN1_INTEGER);
-	M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_UTCTIME);
-	M_ASN1_I2D_put_SEQ_opt(a->extensions,i2d_X509_EXTENSION);
+	M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_TIME);
+	M_ASN1_I2D_put_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+					 i2d_X509_EXTENSION);
 
 	M_ASN1_I2D_finish();
 	}
 
-X509_REVOKED *d2i_X509_REVOKED(a,pp,length)
-X509_REVOKED **a;
-unsigned char **pp;
-long length;
+X509_REVOKED *d2i_X509_REVOKED(X509_REVOKED **a, unsigned char **pp,
+	     long length)
 	{
 	M_ASN1_D2I_vars(a,X509_REVOKED *,X509_REVOKED_new);
 
 	M_ASN1_D2I_Init();
 	M_ASN1_D2I_start_sequence();
 	M_ASN1_D2I_get(ret->serialNumber,d2i_ASN1_INTEGER);
-	M_ASN1_D2I_get(ret->revocationDate,d2i_ASN1_UTCTIME);
-	M_ASN1_D2I_get_seq_opt(ret->extensions,d2i_X509_EXTENSION);
+	M_ASN1_D2I_get(ret->revocationDate,d2i_ASN1_TIME);
+	M_ASN1_D2I_get_seq_opt_type(X509_EXTENSION,ret->extensions,
+				    d2i_X509_EXTENSION,X509_EXTENSION_free);
 	M_ASN1_D2I_Finish(a,X509_REVOKED_free,ASN1_F_D2I_X509_REVOKED);
 	}
 
-int i2d_X509_CRL_INFO(a,pp)
-X509_CRL_INFO *a;
-unsigned char **pp;
+int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **pp)
 	{
 	int v1=0;
 	long l=0;
+	int (*old_cmp)(X509_REVOKED **,X509_REVOKED **);
 	M_ASN1_I2D_vars(a);
+	
+	old_cmp=sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_seq_cmp);
+	sk_X509_REVOKED_sort(a->revoked);
+	sk_X509_REVOKED_set_cmp_func(a->revoked,old_cmp);
 
-	if (sk_num(a->revoked) != 0)
-		qsort((char *)a->revoked->data,sk_num(a->revoked),
-			sizeof(X509_REVOKED *),(int (*)(P_CC_CC))X509_REVOKED_seq_cmp);
 	if ((a->version != NULL) && ((l=ASN1_INTEGER_get(a->version)) != 0))
 		{
 		M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
 		}
 	M_ASN1_I2D_len(a->sig_alg,i2d_X509_ALGOR);
 	M_ASN1_I2D_len(a->issuer,i2d_X509_NAME);
-	M_ASN1_I2D_len(a->lastUpdate,i2d_ASN1_UTCTIME);
+	M_ASN1_I2D_len(a->lastUpdate,i2d_ASN1_TIME);
 	if (a->nextUpdate != NULL)
-		{ M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_UTCTIME); }
-	M_ASN1_I2D_len_SEQ_opt(a->revoked,i2d_X509_REVOKED);
-	M_ASN1_I2D_len_EXP_set_opt(a->extensions,i2d_X509_EXTENSION,0,
-		V_ASN1_SEQUENCE,v1);
+		{ M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_TIME); }
+	M_ASN1_I2D_len_SEQUENCE_opt_type(X509_REVOKED,a->revoked,
+					 i2d_X509_REVOKED);
+	M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+					     i2d_X509_EXTENSION,0,
+					     V_ASN1_SEQUENCE,v1);
 
 	M_ASN1_I2D_seq_total();
 
@@ -147,17 +133,17 @@ unsigned char **pp;
 	M_ASN1_I2D_put(a->lastUpdate,i2d_ASN1_UTCTIME);
 	if (a->nextUpdate != NULL)
 		{ M_ASN1_I2D_put(a->nextUpdate,i2d_ASN1_UTCTIME); }
-	M_ASN1_I2D_put_SEQ_opt(a->revoked,i2d_X509_REVOKED);
-	M_ASN1_I2D_put_EXP_set_opt(a->extensions,i2d_X509_EXTENSION,0,
-		V_ASN1_SEQUENCE,v1);
+	M_ASN1_I2D_put_SEQUENCE_opt_type(X509_REVOKED,a->revoked,
+					 i2d_X509_REVOKED);
+	M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+					     i2d_X509_EXTENSION,0,
+					     V_ASN1_SEQUENCE,v1);
 
 	M_ASN1_I2D_finish();
 	}
 
-X509_CRL_INFO *d2i_X509_CRL_INFO(a,pp,length)
-X509_CRL_INFO **a;
-unsigned char **pp;
-long length;
+X509_CRL_INFO *d2i_X509_CRL_INFO(X509_CRL_INFO **a, unsigned char **pp,
+	     long length)
 	{
 	int i,ver=0;
 	M_ASN1_D2I_vars(a,X509_CRL_INFO *,X509_CRL_INFO_new);
@@ -176,20 +162,31 @@ long length;
 		}
 	M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
 	M_ASN1_D2I_get(ret->issuer,d2i_X509_NAME);
-	M_ASN1_D2I_get(ret->lastUpdate,d2i_ASN1_UTCTIME);
-	M_ASN1_D2I_get_opt(ret->nextUpdate,d2i_ASN1_UTCTIME,V_ASN1_UTCTIME);
+	M_ASN1_D2I_get(ret->lastUpdate,d2i_ASN1_TIME);
+	/* Manually handle the OPTIONAL ASN1_TIME stuff */
+	if(c.slen != 0
+	   && ( (M_ASN1_next & ~V_ASN1_CONSTRUCTED) ==
+		    (V_ASN1_UNIVERSAL|V_ASN1_UTCTIME)
+		|| (M_ASN1_next & ~V_ASN1_CONSTRUCTED) ==
+		    (V_ASN1_UNIVERSAL|V_ASN1_GENERALIZEDTIME) ) ) {
+		M_ASN1_D2I_get(ret->nextUpdate,d2i_ASN1_TIME);
+	}
+	if(!ret->nextUpdate) 
+		M_ASN1_D2I_get_opt(ret->nextUpdate,d2i_ASN1_GENERALIZEDTIME,
+							V_ASN1_GENERALIZEDTIME);
 	if (ret->revoked != NULL)
 		{
-		while (sk_num(ret->revoked))
-			X509_REVOKED_free((X509_REVOKED *)sk_pop(ret->revoked));
+		while (sk_X509_REVOKED_num(ret->revoked))
+			X509_REVOKED_free(sk_X509_REVOKED_pop(ret->revoked));
 		}
-	M_ASN1_D2I_get_seq_opt(ret->revoked,d2i_X509_REVOKED);
+	M_ASN1_D2I_get_seq_opt_type(X509_REVOKED,ret->revoked,d2i_X509_REVOKED,
+				    X509_REVOKED_free);
 
 	if (ret->revoked != NULL)
 		{
-		for (i=0; i<sk_num(ret->revoked); i++)
+		for (i=0; i<sk_X509_REVOKED_num(ret->revoked); i++)
 			{
-			((X509_REVOKED *)sk_value(ret->revoked,i))->sequence=i;
+			sk_X509_REVOKED_value(ret->revoked,i)->sequence=i;
 			}
 		}
 
@@ -197,21 +194,21 @@ long length;
 		{
 		if (ret->extensions != NULL)
 			{
-			while (sk_num(ret->extensions))
-				X509_EXTENSION_free((X509_EXTENSION *)
-				sk_pop(ret->extensions));
+			while (sk_X509_EXTENSION_num(ret->extensions))
+				X509_EXTENSION_free(
+				sk_X509_EXTENSION_pop(ret->extensions));
 			}
 			
-		M_ASN1_D2I_get_EXP_set_opt(ret->extensions,d2i_X509_EXTENSION,
-			0,V_ASN1_SEQUENCE);
+		M_ASN1_D2I_get_EXP_set_opt_type(X509_EXTENSION,ret->extensions,
+						d2i_X509_EXTENSION,
+						X509_EXTENSION_free,0,
+						V_ASN1_SEQUENCE);
 		}
 
 	M_ASN1_D2I_Finish(a,X509_CRL_INFO_free,ASN1_F_D2I_X509_CRL_INFO);
 	}
 
-int i2d_X509_CRL(a,pp)
-X509_CRL *a;
-unsigned char **pp;
+int i2d_X509_CRL(X509_CRL *a, unsigned char **pp)
 	{
 	M_ASN1_I2D_vars(a);
 
@@ -228,10 +225,7 @@ unsigned char **pp;
 	M_ASN1_I2D_finish();
 	}
 
-X509_CRL *d2i_X509_CRL(a,pp,length)
-X509_CRL **a;
-unsigned char **pp;
-long length;
+X509_CRL *d2i_X509_CRL(X509_CRL **a, unsigned char **pp, long length)
 	{
 	M_ASN1_D2I_vars(a,X509_CRL *,X509_CRL_new);
 
@@ -245,9 +239,10 @@ long length;
 	}
 
 
-X509_REVOKED *X509_REVOKED_new()
+X509_REVOKED *X509_REVOKED_new(void)
 	{
 	X509_REVOKED *ret=NULL;
+	ASN1_CTX c;
 
 	M_ASN1_New_Malloc(ret,X509_REVOKED);
 	M_ASN1_New(ret->serialNumber,ASN1_INTEGER_new);
@@ -257,9 +252,10 @@ X509_REVOKED *X509_REVOKED_new()
 	M_ASN1_New_Error(ASN1_F_X509_REVOKED_NEW);
 	}
 
-X509_CRL_INFO *X509_CRL_INFO_new()
+X509_CRL_INFO *X509_CRL_INFO_new(void)
 	{
 	X509_CRL_INFO *ret=NULL;
+	ASN1_CTX c;
 
 	M_ASN1_New_Malloc(ret,X509_CRL_INFO);
 	ret->version=NULL;
@@ -267,16 +263,17 @@ X509_CRL_INFO *X509_CRL_INFO_new()
 	M_ASN1_New(ret->issuer,X509_NAME_new);
 	M_ASN1_New(ret->lastUpdate,ASN1_UTCTIME_new);
 	ret->nextUpdate=NULL;
-	M_ASN1_New(ret->revoked,sk_new_null);
-	M_ASN1_New(ret->extensions,sk_new_null);
-	ret->revoked->comp=(int (*)())X509_REVOKED_cmp;
+	M_ASN1_New(ret->revoked,sk_X509_REVOKED_new_null);
+	M_ASN1_New(ret->extensions,sk_X509_EXTENSION_new_null);
+	sk_X509_REVOKED_set_cmp_func(ret->revoked,X509_REVOKED_cmp);
 	return(ret);
 	M_ASN1_New_Error(ASN1_F_X509_CRL_INFO_NEW);
 	}
 
-X509_CRL *X509_CRL_new()
+X509_CRL *X509_CRL_new(void)
 	{
 	X509_CRL *ret=NULL;
+	ASN1_CTX c;
 
 	M_ASN1_New_Malloc(ret,X509_CRL);
 	ret->references=1;
@@ -287,18 +284,16 @@ X509_CRL *X509_CRL_new()
 	M_ASN1_New_Error(ASN1_F_X509_CRL_NEW);
 	}
 
-void X509_REVOKED_free(a)
-X509_REVOKED *a;
+void X509_REVOKED_free(X509_REVOKED *a)
 	{
 	if (a == NULL) return;
 	ASN1_INTEGER_free(a->serialNumber);
 	ASN1_UTCTIME_free(a->revocationDate);
-	sk_pop_free(a->extensions,X509_EXTENSION_free);
-	Free((char *)a);
+	sk_X509_EXTENSION_pop_free(a->extensions,X509_EXTENSION_free);
+	Free(a);
 	}
 
-void X509_CRL_INFO_free(a)
-X509_CRL_INFO *a;
+void X509_CRL_INFO_free(X509_CRL_INFO *a)
 	{
 	if (a == NULL) return;
 	ASN1_INTEGER_free(a->version);
@@ -307,13 +302,12 @@ X509_CRL_INFO *a;
 	ASN1_UTCTIME_free(a->lastUpdate);
 	if (a->nextUpdate)
 		ASN1_UTCTIME_free(a->nextUpdate);
-	sk_pop_free(a->revoked,X509_REVOKED_free);
-	sk_pop_free(a->extensions,X509_EXTENSION_free);
-	Free((char *)a);
+	sk_X509_REVOKED_pop_free(a->revoked,X509_REVOKED_free);
+	sk_X509_EXTENSION_pop_free(a->extensions,X509_EXTENSION_free);
+	Free(a);
 	}
 
-void X509_CRL_free(a)
-X509_CRL *a;
+void X509_CRL_free(X509_CRL *a)
 	{
 	int i;
 
@@ -335,19 +329,22 @@ X509_CRL *a;
 	X509_CRL_INFO_free(a->crl);
 	X509_ALGOR_free(a->sig_alg);
 	ASN1_BIT_STRING_free(a->signature);
-	Free((char *)a);
+	Free(a);
 	}
 
-static int X509_REVOKED_cmp(a,b)
-X509_REVOKED **a,**b;
+static int X509_REVOKED_cmp(X509_REVOKED **a, X509_REVOKED **b)
 	{
 	return(ASN1_STRING_cmp(
 		(ASN1_STRING *)(*a)->serialNumber,
 		(ASN1_STRING *)(*b)->serialNumber));
 	}
 
-static int X509_REVOKED_seq_cmp(a,b)
-X509_REVOKED **a,**b;
+static int X509_REVOKED_seq_cmp(X509_REVOKED **a, X509_REVOKED **b)
 	{
 	return((*a)->sequence-(*b)->sequence);
 	}
+
+IMPLEMENT_STACK_OF(X509_REVOKED)
+IMPLEMENT_ASN1_SET_OF(X509_REVOKED)
+IMPLEMENT_STACK_OF(X509_CRL)
+IMPLEMENT_ASN1_SET_OF(X509_CRL)
diff --git a/lib/libssl/src/crypto/asn1/x_exten.c b/lib/libssl/src/crypto/asn1/x_exten.c
index 54ffe2f00b2..d5f9e1df9e0 100644
--- a/lib/libssl/src/crypto/asn1/x_exten.c
+++ b/lib/libssl/src/crypto/asn1/x_exten.c
@@ -58,17 +58,11 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "objects.h"
-#include "asn1_mac.h"
+#include <openssl/objects.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
 
-/*
- * ASN1err(ASN1_F_D2I_X509_EXTENSION,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_X509_EXTENSION_NEW,ASN1_R_LENGTH_MISMATCH);
- */
-
-int i2d_X509_EXTENSION(a,pp)
-X509_EXTENSION *a;
-unsigned char **pp;
+int i2d_X509_EXTENSION(X509_EXTENSION *a, unsigned char **pp)
 	{
 	int k=0;
 	int r=0,ret=0;
@@ -96,10 +90,8 @@ unsigned char **pp;
 		}
 	}
 
-X509_EXTENSION *d2i_X509_EXTENSION(a,pp,length)
-X509_EXTENSION **a;
-unsigned char **pp;
-long length;
+X509_EXTENSION *d2i_X509_EXTENSION(X509_EXTENSION **a, unsigned char **pp,
+	     long length)
 	{
 	int i;
 	M_ASN1_D2I_vars(a,X509_EXTENSION *,X509_EXTENSION_new);
@@ -127,12 +119,13 @@ long length;
 	M_ASN1_D2I_Finish(a,X509_EXTENSION_free,ASN1_F_D2I_X509_EXTENSION);
 	}
 
-X509_EXTENSION *X509_EXTENSION_new()
+X509_EXTENSION *X509_EXTENSION_new(void)
 	{
 	X509_EXTENSION *ret=NULL;
+	ASN1_CTX c;
 
 	M_ASN1_New_Malloc(ret,X509_EXTENSION);
-	M_ASN1_New(ret->object,ASN1_OBJECT_new);
+	ret->object=OBJ_nid2obj(NID_undef);
 	M_ASN1_New(ret->value,ASN1_OCTET_STRING_new);
 	ret->critical=0;
 	ret->netscape_hack=0;
@@ -143,8 +136,7 @@ X509_EXTENSION *X509_EXTENSION_new()
 	M_ASN1_New_Error(ASN1_F_X509_EXTENSION_NEW);
 	}
 	
-void X509_EXTENSION_free(a)
-X509_EXTENSION *a;
+void X509_EXTENSION_free(X509_EXTENSION *a)
 	{
 	if (a == NULL) return;
 	if ((a->argp != NULL) && (a->ex_free != NULL))
diff --git a/lib/libssl/src/crypto/asn1/x_info.c b/lib/libssl/src/crypto/asn1/x_info.c
index b55f0ce77a7..99ce011f075 100644
--- a/lib/libssl/src/crypto/asn1/x_info.c
+++ b/lib/libssl/src/crypto/asn1/x_info.c
@@ -58,11 +58,11 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "asn1_mac.h"
-#include "x509.h"
+#include <openssl/evp.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
 
-X509_INFO *X509_INFO_new()
+X509_INFO *X509_INFO_new(void)
 	{
 	X509_INFO *ret=NULL;
 
@@ -84,8 +84,7 @@ X509_INFO *X509_INFO_new()
 	return(ret);
 	}
 
-void X509_INFO_free(x)
-X509_INFO *x;
+void X509_INFO_free(X509_INFO *x)
 	{
 	int i;
 
@@ -109,3 +108,6 @@ X509_INFO *x;
 	if (x->x_pkey != NULL) X509_PKEY_free(x->x_pkey);
 	Free((char *)x);
 	}
+
+IMPLEMENT_STACK_OF(X509_INFO)
+
diff --git a/lib/libssl/src/crypto/asn1/x_name.c b/lib/libssl/src/crypto/asn1/x_name.c
index 28b9c34b589..b09fba33fbd 100644
--- a/lib/libssl/src/crypto/asn1/x_name.c
+++ b/lib/libssl/src/crypto/asn1/x_name.c
@@ -58,25 +58,12 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "objects.h"
-#include "asn1_mac.h"
-
-/*
- * ASN1err(ASN1_F_D2I_X509_NAME,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_X509_NAME_NEW,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
- * ASN1err(ASN1_F_D2I_X509_NAME_ENTRY,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_X509_NAME_ENTRY_NEW,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
- */
+#include <openssl/objects.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
 
-#ifndef NOPROTO
 static int i2d_X509_NAME_entries(X509_NAME *a);
-#else
-static int i2d_X509_NAME_entries();
-#endif
-
-int i2d_X509_NAME_ENTRY(a,pp)
-X509_NAME_ENTRY *a;
-unsigned char **pp;
+int i2d_X509_NAME_ENTRY(X509_NAME_ENTRY *a, unsigned char **pp)
 	{
 	M_ASN1_I2D_vars(a);
 
@@ -91,10 +78,8 @@ unsigned char **pp;
 	M_ASN1_I2D_finish();
 	}
 
-X509_NAME_ENTRY *d2i_X509_NAME_ENTRY(a,pp,length)
-X509_NAME_ENTRY **a;
-unsigned char **pp;
-long length;
+X509_NAME_ENTRY *d2i_X509_NAME_ENTRY(X509_NAME_ENTRY **a, unsigned char **pp,
+	     long length)
 	{
 	M_ASN1_D2I_vars(a,X509_NAME_ENTRY *,X509_NAME_ENTRY_new);
 
@@ -106,9 +91,7 @@ long length;
 	M_ASN1_D2I_Finish(a,X509_NAME_ENTRY_free,ASN1_F_D2I_X509_NAME_ENTRY);
 	}
 
-int i2d_X509_NAME(a,pp)
-X509_NAME *a;
-unsigned char **pp;
+int i2d_X509_NAME(X509_NAME *a, unsigned char **pp)
 	{
 	int ret;
 
@@ -128,11 +111,10 @@ unsigned char **pp;
 	return(ret);
 	}
 
-static int i2d_X509_NAME_entries(a)
-X509_NAME *a;
+static int i2d_X509_NAME_entries(X509_NAME *a)
 	{
 	X509_NAME_ENTRY *ne,*fe=NULL;
-	STACK *sk;
+	STACK_OF(X509_NAME_ENTRY) *sk;
 	BUF_MEM *buf=NULL;
 	int set=0,r,ret=0;
 	int i;
@@ -140,9 +122,9 @@ X509_NAME *a;
 	int size=0;
 
 	sk=a->entries;
-	for (i=0; i<sk_num(sk); i++)
+	for (i=0; i<sk_X509_NAME_ENTRY_num(sk); i++)
 		{
-		ne=(X509_NAME_ENTRY *)sk_value(sk,i);
+		ne=sk_X509_NAME_ENTRY_value(sk,i);
 		if (fe == NULL)
 			{
 			fe=ne;
@@ -173,9 +155,9 @@ X509_NAME *a;
 	ASN1_put_object(&p,1,ret,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
 
 	set= -1;
-	for (i=0; i<sk_num(sk); i++)
+	for (i=0; i<sk_X509_NAME_ENTRY_num(sk); i++)
 		{
-		ne=(X509_NAME_ENTRY *)sk_value(sk,i);
+		ne=sk_X509_NAME_ENTRY_value(sk,i);
 		if (set != ne->set)
 			{
 			set=ne->set;
@@ -190,10 +172,7 @@ err:
 	return(-1);
 	}
 
-X509_NAME *d2i_X509_NAME(a,pp,length)
-X509_NAME **a;
-unsigned char **pp;
-long length;
+X509_NAME *d2i_X509_NAME(X509_NAME **a, unsigned char **pp, long length)
 	{
 	int set=0,i;
 	int idx=0;
@@ -201,11 +180,11 @@ long length;
 	M_ASN1_D2I_vars(a,X509_NAME *,X509_NAME_new);
 
 	orig= *pp;
-	if (sk_num(ret->entries) > 0)
+	if (sk_X509_NAME_ENTRY_num(ret->entries) > 0)
 		{
-		while (sk_num(ret->entries) > 0)
-			X509_NAME_ENTRY_free((X509_NAME_ENTRY *)
-				sk_pop(ret->entries));
+		while (sk_X509_NAME_ENTRY_num(ret->entries) > 0)
+			X509_NAME_ENTRY_free(
+				       sk_X509_NAME_ENTRY_pop(ret->entries));
 		}
 
 	M_ASN1_D2I_Init();
@@ -213,11 +192,12 @@ long length;
 	for (;;)
 		{
 		if (M_ASN1_D2I_end_sequence()) break;
-		M_ASN1_D2I_get_set(ret->entries,d2i_X509_NAME_ENTRY);
-		for (; idx < sk_num(ret->entries); idx++)
+		M_ASN1_D2I_get_set_type(X509_NAME_ENTRY,ret->entries,
+					d2i_X509_NAME_ENTRY,
+					X509_NAME_ENTRY_free);
+		for (; idx < sk_X509_NAME_ENTRY_num(ret->entries); idx++)
 			{
-			((X509_NAME_ENTRY *)sk_value(ret->entries,idx))->set=
-				set;
+			sk_X509_NAME_ENTRY_value(ret->entries,idx)->set=set;
 			}
 		set++;
 		}
@@ -231,21 +211,24 @@ long length;
 	M_ASN1_D2I_Finish(a,X509_NAME_free,ASN1_F_D2I_X509_NAME);
 	}
 
-X509_NAME *X509_NAME_new()
+X509_NAME *X509_NAME_new(void)
 	{
 	X509_NAME *ret=NULL;
+	ASN1_CTX c;
 
 	M_ASN1_New_Malloc(ret,X509_NAME);
-	if ((ret->entries=sk_new(NULL)) == NULL) goto err2;
+	if ((ret->entries=sk_X509_NAME_ENTRY_new(NULL)) == NULL)
+		{ c.line=__LINE__; goto err2; }
 	M_ASN1_New(ret->bytes,BUF_MEM_new);
 	ret->modified=1;
 	return(ret);
 	M_ASN1_New_Error(ASN1_F_X509_NAME_NEW);
 	}
 
-X509_NAME_ENTRY *X509_NAME_ENTRY_new()
+X509_NAME_ENTRY *X509_NAME_ENTRY_new(void)
 	{
 	X509_NAME_ENTRY *ret=NULL;
+	ASN1_CTX c;
 
 	M_ASN1_New_Malloc(ret,X509_NAME_ENTRY);
 /*	M_ASN1_New(ret->object,ASN1_OBJECT_new);*/
@@ -256,26 +239,25 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_new()
 	M_ASN1_New_Error(ASN1_F_X509_NAME_ENTRY_NEW);
 	}
 
-void X509_NAME_free(a)
-X509_NAME *a;
+void X509_NAME_free(X509_NAME *a)
 	{
+	if(a == NULL)
+	    return;
+
 	BUF_MEM_free(a->bytes);
-	sk_pop_free(a->entries,X509_NAME_ENTRY_free);
-	Free((char *)a);
+	sk_X509_NAME_ENTRY_pop_free(a->entries,X509_NAME_ENTRY_free);
+	Free(a);
 	}
 
-void X509_NAME_ENTRY_free(a)
-X509_NAME_ENTRY *a;
+void X509_NAME_ENTRY_free(X509_NAME_ENTRY *a)
 	{
 	if (a == NULL) return;
 	ASN1_OBJECT_free(a->object);
 	ASN1_BIT_STRING_free(a->value);
-	Free((char *)a);
+	Free(a);
 	}
 
-int X509_NAME_set(xn,name)
-X509_NAME **xn;
-X509_NAME *name;
+int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
 	{
 	X509_NAME *in;
 
@@ -293,3 +275,5 @@ X509_NAME *name;
 	return(*xn != NULL);
 	}
 	
+IMPLEMENT_STACK_OF(X509_NAME_ENTRY)
+IMPLEMENT_ASN1_SET_OF(X509_NAME_ENTRY)
diff --git a/lib/libssl/src/crypto/asn1/x_pkey.c b/lib/libssl/src/crypto/asn1/x_pkey.c
index 1d4d9261293..b0057eb212c 100644
--- a/lib/libssl/src/crypto/asn1/x_pkey.c
+++ b/lib/libssl/src/crypto/asn1/x_pkey.c
@@ -58,25 +58,18 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-#include "asn1_mac.h"
-
-/* ASN1err(ASN1_F_D2I_X509_PKEY,ASN1_R_UNSUPPORTED_CIPHER); */
-/* ASN1err(ASN1_F_X509_PKEY_NEW,ASN1_R_IV_TOO_LARGE); */
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
 
 /* need to implement */
-int i2d_X509_PKEY(a,pp)
-X509_PKEY *a;
-unsigned char **pp;
+int i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp)
 	{
 	return(0);
 	}
 
-X509_PKEY *d2i_X509_PKEY(a,pp,length)
-X509_PKEY **a;
-unsigned char **pp;
-long length;
+X509_PKEY *d2i_X509_PKEY(X509_PKEY **a, unsigned char **pp, long length)
 	{
 	int i;
 	M_ASN1_D2I_vars(a,X509_PKEY *,X509_PKEY_new);
@@ -91,6 +84,7 @@ long length;
 	if (ret->cipher.cipher == NULL)
 		{
 		c.error=ASN1_R_UNSUPPORTED_CIPHER;
+		c.line=__LINE__;
 		goto err;
 		}
 	if (ret->enc_algor->parameter->type == V_ASN1_OCTET_STRING) 
@@ -99,6 +93,7 @@ long length;
 		if (i > EVP_MAX_IV_LENGTH)
 			{
 			c.error=ASN1_R_IV_TOO_LARGE;
+			c.line=__LINE__;
 			goto err;
 			}
 		memcpy(ret->cipher.iv,
@@ -109,9 +104,10 @@ long length;
 	M_ASN1_D2I_Finish(a,X509_PKEY_free,ASN1_F_D2I_X509_PKEY);
 	}
 
-X509_PKEY *X509_PKEY_new()
+X509_PKEY *X509_PKEY_new(void)
 	{
 	X509_PKEY *ret=NULL;
+	ASN1_CTX c;
 
 	M_ASN1_New_Malloc(ret,X509_PKEY);
 	ret->version=0;
@@ -128,8 +124,7 @@ X509_PKEY *X509_PKEY_new()
 	M_ASN1_New_Error(ASN1_F_X509_PKEY_NEW);
 	}
 
-void X509_PKEY_free(x)
-X509_PKEY *x;
+void X509_PKEY_free(X509_PKEY *x)
 	{
 	int i;
 
diff --git a/lib/libssl/src/crypto/asn1/x_pubkey.c b/lib/libssl/src/crypto/asn1/x_pubkey.c
index a309cf74a79..4ac32c59dd7 100644
--- a/lib/libssl/src/crypto/asn1/x_pubkey.c
+++ b/lib/libssl/src/crypto/asn1/x_pubkey.c
@@ -58,16 +58,10 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
 
-/*
- * ASN1err(ASN1_F_D2I_X509_PUBKEY,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_X509_PUBKEY_NEW,ASN1_R_LENGTH_MISMATCH);
- */
-
-int i2d_X509_PUBKEY(a,pp)
-X509_PUBKEY *a;
-unsigned char **pp;
+int i2d_X509_PUBKEY(X509_PUBKEY *a, unsigned char **pp)
 	{
 	M_ASN1_I2D_vars(a);
 
@@ -82,10 +76,8 @@ unsigned char **pp;
 	M_ASN1_I2D_finish();
 	}
 
-X509_PUBKEY *d2i_X509_PUBKEY(a,pp,length)
-X509_PUBKEY **a;
-unsigned char **pp;
-long length;
+X509_PUBKEY *d2i_X509_PUBKEY(X509_PUBKEY **a, unsigned char **pp,
+	     long length)
 	{
 	M_ASN1_D2I_vars(a,X509_PUBKEY *,X509_PUBKEY_new);
 
@@ -101,9 +93,10 @@ long length;
 	M_ASN1_D2I_Finish(a,X509_PUBKEY_free,ASN1_F_D2I_X509_PUBKEY);
 	}
 
-X509_PUBKEY *X509_PUBKEY_new()
+X509_PUBKEY *X509_PUBKEY_new(void)
 	{
 	X509_PUBKEY *ret=NULL;
+	ASN1_CTX c;
 
 	M_ASN1_New_Malloc(ret,X509_PUBKEY);
 	M_ASN1_New(ret->algor,X509_ALGOR_new);
@@ -113,8 +106,7 @@ X509_PUBKEY *X509_PUBKEY_new()
 	M_ASN1_New_Error(ASN1_F_X509_PUBKEY_NEW);
 	}
 
-void X509_PUBKEY_free(a)
-X509_PUBKEY *a;
+void X509_PUBKEY_free(X509_PUBKEY *a)
 	{
 	if (a == NULL) return;
 	X509_ALGOR_free(a->algor);
@@ -123,9 +115,7 @@ X509_PUBKEY *a;
 	Free((char *)a);
 	}
 
-int X509_PUBKEY_set(x,pkey)
-X509_PUBKEY **x;
-EVP_PKEY *pkey;
+int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
 	{
 	int ok=0;
 	X509_PUBKEY *pk;
@@ -182,11 +172,15 @@ EVP_PKEY *pkey;
 		goto err;
 		}
 
-	i=i2d_PublicKey(pkey,NULL);
+	if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err;
 	if ((s=(unsigned char *)Malloc(i+1)) == NULL) goto err;
 	p=s;
 	i2d_PublicKey(pkey,&p);
 	if (!ASN1_BIT_STRING_set(pk->public_key,s,i)) goto err;
+	/* Set number of unused bits to zero */
+	pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+	pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT;
+
 	Free(s);
 
 	CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
@@ -204,8 +198,7 @@ err:
 	return(ok);
 	}
 
-EVP_PKEY *X509_PUBKEY_get(key)
-X509_PUBKEY *key;
+EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
 	{
 	EVP_PKEY *ret=NULL;
 	long j;
@@ -217,7 +210,11 @@ X509_PUBKEY *key;
 
 	if (key == NULL) goto err;
 
-	if (key->pkey != NULL) return(key->pkey);
+	if (key->pkey != NULL)
+	    {
+	    CRYPTO_add(&key->pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
+	    return(key->pkey);
+	    }
 
 	if (key->public_key == NULL) goto err;
 
@@ -247,6 +244,7 @@ X509_PUBKEY *key;
 		}
 #endif
 	key->pkey=ret;
+	CRYPTO_add(&ret->references,1,CRYPTO_LOCK_EVP_PKEY);
 	return(ret);
 err:
 	if (ret != NULL)
diff --git a/lib/libssl/src/crypto/asn1/x_req.c b/lib/libssl/src/crypto/asn1/x_req.c
index ff0be13d379..9b1d6abe640 100644
--- a/lib/libssl/src/crypto/asn1/x_req.c
+++ b/lib/libssl/src/crypto/asn1/x_req.c
@@ -58,19 +58,10 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
-#include "x509.h"
-
-/*
- * ASN1err(ASN1_F_D2I_X509_REQ,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_D2I_X509_REQ_INFO,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_X509_REQ_NEW,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_X509_REQ_INFO_NEW,ASN1_R_LENGTH_MISMATCH);
- */
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
 
-int i2d_X509_REQ_INFO(a,pp)
-X509_REQ_INFO *a;
-unsigned char **pp;
+int i2d_X509_REQ_INFO(X509_REQ_INFO *a, unsigned char **pp)
 	{
 	M_ASN1_I2D_vars(a);
 
@@ -87,11 +78,12 @@ unsigned char **pp;
 	 */
 	if (a->req_kludge) 
 	        {
-	        M_ASN1_I2D_len_IMP_set_opt(a->attributes,i2d_X509_ATTRIBUTE,0);
+	        M_ASN1_I2D_len_IMP_SET_opt_type(X509_ATTRIBUTE,a->attributes,i2d_X509_ATTRIBUTE,0);
 		}
 	else
 	        {
-	        M_ASN1_I2D_len_IMP_set(a->attributes,	i2d_X509_ATTRIBUTE,0);
+	        M_ASN1_I2D_len_IMP_SET_type(X509_ATTRIBUTE,a->attributes,
+					    i2d_X509_ATTRIBUTE,0);
 		}
 	
 	M_ASN1_I2D_seq_total();
@@ -107,20 +99,20 @@ unsigned char **pp;
 	 */
 	if (a->req_kludge)
 		{
-	        M_ASN1_I2D_put_IMP_set_opt(a->attributes,i2d_X509_ATTRIBUTE,0);
+	        M_ASN1_I2D_put_IMP_SET_opt_type(X509_ATTRIBUTE,a->attributes,
+						i2d_X509_ATTRIBUTE,0);
 		}
 	else
 		{
-	        M_ASN1_I2D_put_IMP_set(a->attributes,i2d_X509_ATTRIBUTE,0);
+	        M_ASN1_I2D_put_IMP_SET_type(X509_ATTRIBUTE,a->attributes,
+					    i2d_X509_ATTRIBUTE,0);
 		}
 
 	M_ASN1_I2D_finish();
 	}
 
-X509_REQ_INFO *d2i_X509_REQ_INFO(a,pp,length)
-X509_REQ_INFO **a;
-unsigned char **pp;
-long length;
+X509_REQ_INFO *d2i_X509_REQ_INFO(X509_REQ_INFO **a, unsigned char **pp,
+	     long length)
 	{
 	M_ASN1_D2I_vars(a,X509_REQ_INFO *,X509_REQ_INFO_new);
 
@@ -141,40 +133,40 @@ long length;
 		ret->req_kludge=1;
 	else
 		{
-		M_ASN1_D2I_get_IMP_set(ret->attributes,d2i_X509_ATTRIBUTE,0);
+		M_ASN1_D2I_get_IMP_set_type(X509_ATTRIBUTE,ret->attributes,
+					    d2i_X509_ATTRIBUTE,
+					    X509_ATTRIBUTE_free,0);
 		}
 
 	M_ASN1_D2I_Finish(a,X509_REQ_INFO_free,ASN1_F_D2I_X509_REQ_INFO);
 	}
 
-X509_REQ_INFO *X509_REQ_INFO_new()
+X509_REQ_INFO *X509_REQ_INFO_new(void)
 	{
 	X509_REQ_INFO *ret=NULL;
+	ASN1_CTX c;
 
 	M_ASN1_New_Malloc(ret,X509_REQ_INFO);
 	M_ASN1_New(ret->version,ASN1_INTEGER_new);
 	M_ASN1_New(ret->subject,X509_NAME_new);
 	M_ASN1_New(ret->pubkey,X509_PUBKEY_new);
-	M_ASN1_New(ret->attributes,sk_new_null);
+	M_ASN1_New(ret->attributes,sk_X509_ATTRIBUTE_new_null);
 	ret->req_kludge=0;
 	return(ret);
 	M_ASN1_New_Error(ASN1_F_X509_REQ_INFO_NEW);
 	}
 	
-void X509_REQ_INFO_free(a)
-X509_REQ_INFO *a;
+void X509_REQ_INFO_free(X509_REQ_INFO *a)
 	{
 	if (a == NULL) return;
 	ASN1_INTEGER_free(a->version);
 	X509_NAME_free(a->subject);
 	X509_PUBKEY_free(a->pubkey);
-	sk_pop_free(a->attributes,X509_ATTRIBUTE_free);
+	sk_X509_ATTRIBUTE_pop_free(a->attributes,X509_ATTRIBUTE_free);
 	Free((char *)a);
 	}
 
-int i2d_X509_REQ(a,pp)
-X509_REQ *a;
-unsigned char **pp;
+int i2d_X509_REQ(X509_REQ *a, unsigned char **pp)
 	{
 	M_ASN1_I2D_vars(a);
 	M_ASN1_I2D_len(a->req_info,	i2d_X509_REQ_INFO);
@@ -190,10 +182,7 @@ unsigned char **pp;
 	M_ASN1_I2D_finish();
 	}
 
-X509_REQ *d2i_X509_REQ(a,pp,length)
-X509_REQ **a;
-unsigned char **pp;
-long length;
+X509_REQ *d2i_X509_REQ(X509_REQ **a, unsigned char **pp, long length)
 	{
 	M_ASN1_D2I_vars(a,X509_REQ *,X509_REQ_new);
 
@@ -205,9 +194,10 @@ long length;
 	M_ASN1_D2I_Finish(a,X509_REQ_free,ASN1_F_D2I_X509_REQ);
 	}
 
-X509_REQ *X509_REQ_new()
+X509_REQ *X509_REQ_new(void)
 	{
 	X509_REQ *ret=NULL;
+	ASN1_CTX c;
 
 	M_ASN1_New_Malloc(ret,X509_REQ);
 	ret->references=1;
@@ -218,8 +208,7 @@ X509_REQ *X509_REQ_new()
 	M_ASN1_New_Error(ASN1_F_X509_REQ_NEW);
 	}
 
-void X509_REQ_free(a)
-X509_REQ *a;
+void X509_REQ_free(X509_REQ *a)
 	{
 	int i;
 
diff --git a/lib/libssl/src/crypto/asn1/x_sig.c b/lib/libssl/src/crypto/asn1/x_sig.c
index f0a2e4c27a3..c2782d1b9c0 100644
--- a/lib/libssl/src/crypto/asn1/x_sig.c
+++ b/lib/libssl/src/crypto/asn1/x_sig.c
@@ -58,16 +58,10 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
 
-/*
- * ASN1err(ASN1_F_D2I_X509_SIG,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_X509_SIG_NEW,ASN1_R_LENGTH_MISMATCH);
- */
-
-int i2d_X509_SIG(a,pp)
-X509_SIG *a;
-unsigned char **pp;
+int i2d_X509_SIG(X509_SIG *a, unsigned char **pp)
 	{
 	M_ASN1_I2D_vars(a);
 
@@ -82,10 +76,7 @@ unsigned char **pp;
 	M_ASN1_I2D_finish();
 	}
 
-X509_SIG *d2i_X509_SIG(a,pp,length)
-X509_SIG **a;
-unsigned char **pp;
-long length;
+X509_SIG *d2i_X509_SIG(X509_SIG **a, unsigned char **pp, long length)
 	{
 	M_ASN1_D2I_vars(a,X509_SIG *,X509_SIG_new);
 
@@ -96,9 +87,10 @@ long length;
 	M_ASN1_D2I_Finish(a,X509_SIG_free,ASN1_F_D2I_X509_SIG);
 	}
 
-X509_SIG *X509_SIG_new()
+X509_SIG *X509_SIG_new(void)
 	{
 	X509_SIG *ret=NULL;
+	ASN1_CTX c;
 
 	M_ASN1_New_Malloc(ret,X509_SIG);
 	M_ASN1_New(ret->algor,X509_ALGOR_new);
@@ -107,8 +99,7 @@ X509_SIG *X509_SIG_new()
 	M_ASN1_New_Error(ASN1_F_X509_SIG_NEW);
 	}
 
-void X509_SIG_free(a)
-X509_SIG *a;
+void X509_SIG_free(X509_SIG *a)
 	{
 	if (a == NULL) return;
 	X509_ALGOR_free(a->algor);
diff --git a/lib/libssl/src/crypto/asn1/x_spki.c b/lib/libssl/src/crypto/asn1/x_spki.c
index 4a80df44b84..43e0023839a 100644
--- a/lib/libssl/src/crypto/asn1/x_spki.c
+++ b/lib/libssl/src/crypto/asn1/x_spki.c
@@ -62,19 +62,10 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "x509.h"
-#include "asn1_mac.h"
-
-/*
- * ASN1err(ASN1_F_D2I_NETSCAPE_SPKAC,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_NETSCAPE_SPKAC_NEW,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_D2I_NETSCAPE_SPKI,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_NETSCAPE_SPKI_NEW,ASN1_R_LENGTH_MISMATCH);
- */
+#include <openssl/x509.h>
+#include <openssl/asn1_mac.h>
 
-int i2d_NETSCAPE_SPKAC(a,pp)
-NETSCAPE_SPKAC *a;
-unsigned char **pp;
+int i2d_NETSCAPE_SPKAC(NETSCAPE_SPKAC *a, unsigned char **pp)
 	{
 	M_ASN1_I2D_vars(a);
 
@@ -89,10 +80,8 @@ unsigned char **pp;
 	M_ASN1_I2D_finish();
 	}
 
-NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC(a,pp,length)
-NETSCAPE_SPKAC **a;
-unsigned char **pp;
-long length;
+NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC(NETSCAPE_SPKAC **a, unsigned char **pp,
+	     long length)
 	{
 	M_ASN1_D2I_vars(a,NETSCAPE_SPKAC *,NETSCAPE_SPKAC_new);
 
@@ -103,9 +92,10 @@ long length;
 	M_ASN1_D2I_Finish(a,NETSCAPE_SPKAC_free,ASN1_F_D2I_NETSCAPE_SPKAC);
 	}
 
-NETSCAPE_SPKAC *NETSCAPE_SPKAC_new()
+NETSCAPE_SPKAC *NETSCAPE_SPKAC_new(void)
 	{
 	NETSCAPE_SPKAC *ret=NULL;
+	ASN1_CTX c;
 
 	M_ASN1_New_Malloc(ret,NETSCAPE_SPKAC);
 	M_ASN1_New(ret->pubkey,X509_PUBKEY_new);
@@ -114,8 +104,7 @@ NETSCAPE_SPKAC *NETSCAPE_SPKAC_new()
 	M_ASN1_New_Error(ASN1_F_NETSCAPE_SPKAC_NEW);
 	}
 
-void NETSCAPE_SPKAC_free(a)
-NETSCAPE_SPKAC *a;
+void NETSCAPE_SPKAC_free(NETSCAPE_SPKAC *a)
 	{
 	if (a == NULL) return;
 	X509_PUBKEY_free(a->pubkey);
@@ -123,9 +112,7 @@ NETSCAPE_SPKAC *a;
 	Free((char *)a);
 	}
 
-int i2d_NETSCAPE_SPKI(a,pp)
-NETSCAPE_SPKI *a;
-unsigned char **pp;
+int i2d_NETSCAPE_SPKI(NETSCAPE_SPKI *a, unsigned char **pp)
 	{
 	M_ASN1_I2D_vars(a);
 
@@ -142,10 +129,8 @@ unsigned char **pp;
 	M_ASN1_I2D_finish();
 	}
 
-NETSCAPE_SPKI *d2i_NETSCAPE_SPKI(a,pp,length)
-NETSCAPE_SPKI **a;
-unsigned char **pp;
-long length;
+NETSCAPE_SPKI *d2i_NETSCAPE_SPKI(NETSCAPE_SPKI **a, unsigned char **pp,
+	     long length)
 	{
 	M_ASN1_D2I_vars(a,NETSCAPE_SPKI *,NETSCAPE_SPKI_new);
 
@@ -157,9 +142,10 @@ long length;
 	M_ASN1_D2I_Finish(a,NETSCAPE_SPKI_free,ASN1_F_D2I_NETSCAPE_SPKI);
 	}
 
-NETSCAPE_SPKI *NETSCAPE_SPKI_new()
+NETSCAPE_SPKI *NETSCAPE_SPKI_new(void)
 	{
 	NETSCAPE_SPKI *ret=NULL;
+	ASN1_CTX c;
 
 	M_ASN1_New_Malloc(ret,NETSCAPE_SPKI);
 	M_ASN1_New(ret->spkac,NETSCAPE_SPKAC_new);
@@ -169,8 +155,7 @@ NETSCAPE_SPKI *NETSCAPE_SPKI_new()
 	M_ASN1_New_Error(ASN1_F_NETSCAPE_SPKI_NEW);
 	}
 
-void NETSCAPE_SPKI_free(a)
-NETSCAPE_SPKI *a;
+void NETSCAPE_SPKI_free(NETSCAPE_SPKI *a)
 	{
 	if (a == NULL) return;
 	NETSCAPE_SPKAC_free(a->spkac);
diff --git a/lib/libssl/src/crypto/asn1/x_val.c b/lib/libssl/src/crypto/asn1/x_val.c
index a9c390f88ce..84d6f7ca4df 100644
--- a/lib/libssl/src/crypto/asn1/x_val.c
+++ b/lib/libssl/src/crypto/asn1/x_val.c
@@ -58,61 +58,52 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
 
-/* ASN1err(ASN1_F_X509_VAL_NEW,ERR_R_MALLOC_FAILURE);
- * ASN1err(ASN1_F_X509_VAL_FREE,ERR_R_MALLOC_FAILURE);
- * ASN1err(ASN1_F_D2I_X509_VAL,ERR_R_MALLOC_FAILURE);
- */
-
-int i2d_X509_VAL(a,pp)
-X509_VAL *a;
-unsigned char **pp;
+int i2d_X509_VAL(X509_VAL *a, unsigned char **pp)
 	{
 	M_ASN1_I2D_vars(a);
 
-	M_ASN1_I2D_len(a->notBefore,i2d_ASN1_UTCTIME);
-	M_ASN1_I2D_len(a->notAfter,i2d_ASN1_UTCTIME);
+	M_ASN1_I2D_len(a->notBefore,i2d_ASN1_TIME);
+	M_ASN1_I2D_len(a->notAfter,i2d_ASN1_TIME);
 
 	M_ASN1_I2D_seq_total();
 
-	M_ASN1_I2D_put(a->notBefore,i2d_ASN1_UTCTIME);
-	M_ASN1_I2D_put(a->notAfter,i2d_ASN1_UTCTIME);
+	M_ASN1_I2D_put(a->notBefore,i2d_ASN1_TIME);
+	M_ASN1_I2D_put(a->notAfter,i2d_ASN1_TIME);
 
 	M_ASN1_I2D_finish();
 	}
 
-X509_VAL *d2i_X509_VAL(a,pp,length)
-X509_VAL **a;
-unsigned char **pp;
-long length;
+X509_VAL *d2i_X509_VAL(X509_VAL **a, unsigned char **pp, long length)
 	{
 	M_ASN1_D2I_vars(a,X509_VAL *,X509_VAL_new);
 
 	M_ASN1_D2I_Init();
 	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->notBefore,d2i_ASN1_UTCTIME);
-	M_ASN1_D2I_get(ret->notAfter,d2i_ASN1_UTCTIME);
+	M_ASN1_D2I_get(ret->notBefore,d2i_ASN1_TIME);
+	M_ASN1_D2I_get(ret->notAfter,d2i_ASN1_TIME);
 	M_ASN1_D2I_Finish(a,X509_VAL_free,ASN1_F_D2I_X509_VAL);
 	}
 
-X509_VAL *X509_VAL_new()
+X509_VAL *X509_VAL_new(void)
 	{
 	X509_VAL *ret=NULL;
+	ASN1_CTX c;
 
 	M_ASN1_New_Malloc(ret,X509_VAL);
-	M_ASN1_New(ret->notBefore,ASN1_UTCTIME_new);
-	M_ASN1_New(ret->notAfter,ASN1_UTCTIME_new);
+	M_ASN1_New(ret->notBefore,ASN1_TIME_new);
+	M_ASN1_New(ret->notAfter,ASN1_TIME_new);
 	return(ret);
 	M_ASN1_New_Error(ASN1_F_X509_VAL_NEW);
 	}
 
-void X509_VAL_free(a)
-X509_VAL *a;
+void X509_VAL_free(X509_VAL *a)
 	{
 	if (a == NULL) return;
-	ASN1_UTCTIME_free(a->notBefore);
-	ASN1_UTCTIME_free(a->notAfter);
+	ASN1_TIME_free(a->notBefore);
+	ASN1_TIME_free(a->notAfter);
 	Free((char *)a);
 	}
 
diff --git a/lib/libssl/src/crypto/asn1/x_x509.c b/lib/libssl/src/crypto/asn1/x_x509.c
index bc466ce0f68..7abf6b2a6ba 100644
--- a/lib/libssl/src/crypto/asn1/x_x509.c
+++ b/lib/libssl/src/crypto/asn1/x_x509.c
@@ -58,13 +58,9 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "asn1_mac.h"
-
-/*
- * ASN1err(ASN1_F_D2I_X509,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_X509_NEW,ASN1_R_BAD_GET_OBJECT);
- */
+#include <openssl/evp.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
 
 static ASN1_METHOD meth={
 	(int (*)())  i2d_X509,
@@ -72,14 +68,12 @@ static ASN1_METHOD meth={
 	(char *(*)())X509_new,
 	(void (*)()) X509_free};
 
-ASN1_METHOD *X509_asn1_meth()
+ASN1_METHOD *X509_asn1_meth(void)
 	{
 	return(&meth);
 	}
 
-int i2d_X509(a,pp)
-X509 *a;
-unsigned char **pp;
+int i2d_X509(X509 *a, unsigned char **pp)
 	{
 	M_ASN1_I2D_vars(a);
 
@@ -96,10 +90,7 @@ unsigned char **pp;
 	M_ASN1_I2D_finish();
 	}
 
-X509 *d2i_X509(a,pp,length)
-X509 **a;
-unsigned char **pp;
-long length;
+X509 *d2i_X509(X509 **a, unsigned char **pp, long length)
 	{
 	M_ASN1_D2I_vars(a,X509 *,X509_new);
 
@@ -108,15 +99,16 @@ long length;
 	M_ASN1_D2I_get(ret->cert_info,d2i_X509_CINF);
 	M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
 	M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
-if (ret->name != NULL) Free(ret->name);
-ret->name=X509_NAME_oneline(ret->cert_info->subject,NULL,0);
+	if (ret->name != NULL) Free(ret->name);
+	ret->name=X509_NAME_oneline(ret->cert_info->subject,NULL,0);
 
 	M_ASN1_D2I_Finish(a,X509_free,ASN1_F_D2I_X509);
 	}
 
-X509 *X509_new()
+X509 *X509_new(void)
 	{
 	X509 *ret=NULL;
+	ASN1_CTX c;
 
 	M_ASN1_New_Malloc(ret,X509);
 	ret->references=1;
@@ -129,8 +121,7 @@ X509 *X509_new()
 	M_ASN1_New_Error(ASN1_F_X509_NEW);
 	}
 
-void X509_free(a)
-X509 *a;
+void X509_free(X509 *a)
 	{
 	int i;
 
@@ -149,9 +140,11 @@ X509 *a;
 		}
 #endif
 
+	/* CRYPTO_free_ex_data(bio_meth,(char *)a,&a->ex_data); */
 	X509_CINF_free(a->cert_info);
 	X509_ALGOR_free(a->sig_alg);
 	ASN1_BIT_STRING_free(a->signature);
+
 	if (a->name != NULL) Free(a->name);
 	Free((char *)a);
 	}
diff --git a/lib/libssl/src/crypto/bf/Makefile.ssl b/lib/libssl/src/crypto/bf/Makefile.ssl
index 236671f238d..18bddda0db2 100644
--- a/lib/libssl/src/crypto/bf/Makefile.ssl
+++ b/lib/libssl/src/crypto/bf/Makefile.ssl
@@ -8,9 +8,11 @@ CC=	cc
 CPP=	$(CC) -E
 INCLUDES=
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -42,7 +44,7 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 	@touch lib
 
 # elf
@@ -61,27 +63,25 @@ asm/bx86-out.o: asm/bx86unix.cpp
 
 # bsdi
 asm/bx86bsdi.o: asm/bx86unix.cpp
-	$(CPP) -DBSDI asm/bx86unix.cpp | as -o asm/bx86bsdi.o
+	$(CPP) -DBSDI asm/bx86unix.cpp | sed 's/ :/:/' | as -o asm/bx86bsdi.o
 
 asm/bx86unix.cpp:
-	(cd asm; perl bf-586.pl cpp >bx86unix.cpp)
+	(cd asm; $(PERL) bf-586.pl cpp $(PROCESSOR) >bx86unix.cpp)
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/point.sh ../../doc/blowfish.doc blowfish.doc ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -93,15 +93,24 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
+	rm -f asm/bx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+bf_cfb64.o: ../../include/openssl/blowfish.h
+bf_cfb64.o: ../../include/openssl/opensslconf.h bf_locl.h
+bf_ecb.o: ../../include/openssl/blowfish.h ../../include/openssl/opensslconf.h
+bf_ecb.o: ../../include/openssl/opensslv.h bf_locl.h
+bf_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/opensslconf.h
+bf_enc.o: bf_locl.h
+bf_ofb64.o: ../../include/openssl/blowfish.h
+bf_ofb64.o: ../../include/openssl/opensslconf.h bf_locl.h
+bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/opensslconf.h
+bf_skey.o: bf_locl.h bf_pi.h
diff --git a/lib/libssl/src/crypto/bf/Makefile.uni b/lib/libssl/src/crypto/bf/Makefile.uni
index 9ba5b0c8545..f67e5ca23bc 100644
--- a/lib/libssl/src/crypto/bf/Makefile.uni
+++ b/lib/libssl/src/crypto/bf/Makefile.uni
@@ -29,6 +29,7 @@ CFLAG= -O3 -fomit-frame-pointer
 CFLAGS=$(OPTS) $(CFLAG)
 CPP=$(CC) -E
 AS=as
+RANLIB=ranlib
 
 # Assember version of bf_encrypt().
 BF_ENC=bf_enc.o		# normal C version
@@ -105,9 +106,7 @@ test:	all
 $(BLIB): $(LIBOBJ)
 	/bin/rm -f $(BLIB)
 	ar cr $(BLIB) $(LIBOBJ)
-	-if test -s /bin/ranlib; then /bin/ranlib $(BLIB); \
-	else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(BLIB); \
-	else exit 0; fi; fi
+	$(RANLIB) $(BLIB)
 
 bftest: bftest.o $(BLIB)
 	$(CC) $(CFLAGS) -o bftest bftest.o $(BLIB)
@@ -142,25 +141,14 @@ install: $(BLIB)
 	if test $(INSTALLTOP); then \
 	    echo SSL style install; \
 	    cp $(BLIB) $(INSTALLTOP)/lib; \
-	    if test -s /bin/ranlib; then \
-	        /bin/ranlib $(INSTALLTOP)/lib/$(BLIB); \
-	    else \
-		if test -s /usr/bin/ranlib; then \
-		/usr/bin/ranlib $(INSTALLTOP)/lib/$(BLIB); \
-	    fi; fi; \
+		$(RANLIB) $(BLIB); \
 	    chmod 644 $(INSTALLTOP)/lib/$(BLIB); \
 	    cp blowfish.h $(INSTALLTOP)/include; \
 	    chmod 644 $(INSTALLTOP)/include/blowfish.h; \
 	else \
 	    echo Standalone install; \
 	    cp $(BLIB) $(LIBDIR)/$(BLIB); \
-	    if test -s /bin/ranlib; then \
-	      /bin/ranlib $(LIBDIR)/$(BLIB); \
-	    else \
-	      if test -s /usr/bin/ranlib; then \
-		/usr/bin/ranlib $(LIBDIR)/$(BLIB); \
-	      fi; \
-	    fi; \
+		$(RANLIB) $(BLIB); \
 	    chmod 644 $(LIBDIR)/$(BLIB); \
 	    cp blowfish.h $(INCDIR)/blowfish.h; \
 	    chmod 644 $(INCDIR)/blowfish.h; \
diff --git a/lib/libssl/src/crypto/bf/asm/bf-586.pl b/lib/libssl/src/crypto/bf/asm/bf-586.pl
index 5c7ab14ab0c..b556642c949 100644
--- a/lib/libssl/src/crypto/bf/asm/bf-586.pl
+++ b/lib/libssl/src/crypto/bf/asm/bf-586.pl
@@ -1,10 +1,10 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 
 push(@INC,"perlasm","../../perlasm");
 require "x86asm.pl";
 require "cbc.pl";
 
-&asm_init($ARGV[0],"bf-586.pl");
+&asm_init($ARGV[0],"bf-586.pl",$ARGV[$#ARGV] eq "386");
 
 $BF_ROUNDS=16;
 $BF_OFF=($BF_ROUNDS+2)*4;
diff --git a/lib/libssl/src/crypto/bf/asm/bf-686.pl b/lib/libssl/src/crypto/bf/asm/bf-686.pl
index bed303d7866..8e4c25f5984 100644
--- a/lib/libssl/src/crypto/bf/asm/bf-686.pl
+++ b/lib/libssl/src/crypto/bf/asm/bf-686.pl
@@ -1,4 +1,3 @@
-#!/usr/bin/perl
 #!/usr/local/bin/perl
 
 push(@INC,"perlasm","../../perlasm");
diff --git a/lib/libssl/src/crypto/bf/asm/bx86unix.cpp b/lib/libssl/src/crypto/bf/asm/bx86unix.cpp
deleted file mode 100644
index cdaa269378f..00000000000
--- a/lib/libssl/src/crypto/bf/asm/bx86unix.cpp
+++ /dev/null
@@ -1,976 +0,0 @@
-/* Run the C pre-processor over this file with one of the following defined
- * ELF - elf object files,
- * OUT - a.out object files,
- * BSDI - BSDI style a.out object files
- * SOL - Solaris style elf
- */
-
-#define TYPE(a,b)       .type   a,b
-#define SIZE(a,b)       .size   a,b
-
-#if defined(OUT) || defined(BSDI)
-#define BF_encrypt _BF_encrypt
-#define BF_decrypt _BF_decrypt
-#define BF_cbc_encrypt _BF_cbc_encrypt
-
-#endif
-
-#ifdef OUT
-#define OK	1
-#define ALIGN	4
-#endif
-
-#ifdef BSDI
-#define OK              1
-#define ALIGN           4
-#undef SIZE
-#undef TYPE
-#define SIZE(a,b)
-#define TYPE(a,b)
-#endif
-
-#if defined(ELF) || defined(SOL)
-#define OK              1
-#define ALIGN           16
-#endif
-
-#ifndef OK
-You need to define one of
-ELF - elf systems - linux-elf, NetBSD and DG-UX
-OUT - a.out systems - linux-a.out and FreeBSD
-SOL - solaris systems, which are elf with strange comment lines
-BSDI - a.out with a very primative version of as.
-#endif
-
-/* Let the Assembler begin :-) */
-	/* Don't even think of reading this code */
-	/* It was automatically generated by bf-586.pl */
-	/* Which is a perl program used to generate the x86 assember for */
-	/* any of elf, a.out, BSDI,Win32, or Solaris */
-	/* eric <eay@cryptsoft.com> */
-
-	.file	"bf-586.s"
-	.version	"01.01"
-gcc2_compiled.:
-.text
-	.align ALIGN
-.globl BF_encrypt
-	TYPE(BF_encrypt,@function)
-BF_encrypt:
-
-	pushl	%ebp
-	pushl	%ebx
-	movl	12(%esp),	%ebx
-	movl	16(%esp),	%ebp
-	pushl	%esi
-	pushl	%edi
-	/* Load the 2 words */
-	movl	(%ebx),		%edi
-	movl	4(%ebx),	%esi
-	xorl	%eax,		%eax
-	movl	(%ebp),		%ebx
-	xorl	%ecx,		%ecx
-	xorl	%ebx,		%edi
-
-	/* Round 0 */
-	movl	4(%ebp),	%edx
-	movl	%edi,		%ebx
-	xorl	%edx,		%esi
-	shrl	$16,		%ebx
-	movl	%edi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%esi
-
-	/* Round 1 */
-	movl	8(%ebp),	%edx
-	movl	%esi,		%ebx
-	xorl	%edx,		%edi
-	shrl	$16,		%ebx
-	movl	%esi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%edi
-
-	/* Round 2 */
-	movl	12(%ebp),	%edx
-	movl	%edi,		%ebx
-	xorl	%edx,		%esi
-	shrl	$16,		%ebx
-	movl	%edi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%esi
-
-	/* Round 3 */
-	movl	16(%ebp),	%edx
-	movl	%esi,		%ebx
-	xorl	%edx,		%edi
-	shrl	$16,		%ebx
-	movl	%esi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%edi
-
-	/* Round 4 */
-	movl	20(%ebp),	%edx
-	movl	%edi,		%ebx
-	xorl	%edx,		%esi
-	shrl	$16,		%ebx
-	movl	%edi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%esi
-
-	/* Round 5 */
-	movl	24(%ebp),	%edx
-	movl	%esi,		%ebx
-	xorl	%edx,		%edi
-	shrl	$16,		%ebx
-	movl	%esi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%edi
-
-	/* Round 6 */
-	movl	28(%ebp),	%edx
-	movl	%edi,		%ebx
-	xorl	%edx,		%esi
-	shrl	$16,		%ebx
-	movl	%edi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%esi
-
-	/* Round 7 */
-	movl	32(%ebp),	%edx
-	movl	%esi,		%ebx
-	xorl	%edx,		%edi
-	shrl	$16,		%ebx
-	movl	%esi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%edi
-
-	/* Round 8 */
-	movl	36(%ebp),	%edx
-	movl	%edi,		%ebx
-	xorl	%edx,		%esi
-	shrl	$16,		%ebx
-	movl	%edi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%esi
-
-	/* Round 9 */
-	movl	40(%ebp),	%edx
-	movl	%esi,		%ebx
-	xorl	%edx,		%edi
-	shrl	$16,		%ebx
-	movl	%esi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%edi
-
-	/* Round 10 */
-	movl	44(%ebp),	%edx
-	movl	%edi,		%ebx
-	xorl	%edx,		%esi
-	shrl	$16,		%ebx
-	movl	%edi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%esi
-
-	/* Round 11 */
-	movl	48(%ebp),	%edx
-	movl	%esi,		%ebx
-	xorl	%edx,		%edi
-	shrl	$16,		%ebx
-	movl	%esi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%edi
-
-	/* Round 12 */
-	movl	52(%ebp),	%edx
-	movl	%edi,		%ebx
-	xorl	%edx,		%esi
-	shrl	$16,		%ebx
-	movl	%edi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%esi
-
-	/* Round 13 */
-	movl	56(%ebp),	%edx
-	movl	%esi,		%ebx
-	xorl	%edx,		%edi
-	shrl	$16,		%ebx
-	movl	%esi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%edi
-
-	/* Round 14 */
-	movl	60(%ebp),	%edx
-	movl	%edi,		%ebx
-	xorl	%edx,		%esi
-	shrl	$16,		%ebx
-	movl	%edi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%esi
-
-	/* Round 15 */
-	movl	64(%ebp),	%edx
-	movl	%esi,		%ebx
-	xorl	%edx,		%edi
-	shrl	$16,		%ebx
-	movl	%esi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	/* Load parameter 0 (16) enc=1 */
-	movl	20(%esp),	%eax
-	xorl	%ebx,		%edi
-	movl	68(%ebp),	%edx
-	xorl	%edx,		%esi
-	movl	%edi,		4(%eax)
-	movl	%esi,		(%eax)
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.BF_encrypt_end:
-	SIZE(BF_encrypt,.BF_encrypt_end-BF_encrypt)
-.ident	"BF_encrypt"
-.text
-	.align ALIGN
-.globl BF_decrypt
-	TYPE(BF_decrypt,@function)
-BF_decrypt:
-
-	pushl	%ebp
-	pushl	%ebx
-	movl	12(%esp),	%ebx
-	movl	16(%esp),	%ebp
-	pushl	%esi
-	pushl	%edi
-	/* Load the 2 words */
-	movl	(%ebx),		%edi
-	movl	4(%ebx),	%esi
-	xorl	%eax,		%eax
-	movl	68(%ebp),	%ebx
-	xorl	%ecx,		%ecx
-	xorl	%ebx,		%edi
-
-	/* Round 16 */
-	movl	64(%ebp),	%edx
-	movl	%edi,		%ebx
-	xorl	%edx,		%esi
-	shrl	$16,		%ebx
-	movl	%edi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%esi
-
-	/* Round 15 */
-	movl	60(%ebp),	%edx
-	movl	%esi,		%ebx
-	xorl	%edx,		%edi
-	shrl	$16,		%ebx
-	movl	%esi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%edi
-
-	/* Round 14 */
-	movl	56(%ebp),	%edx
-	movl	%edi,		%ebx
-	xorl	%edx,		%esi
-	shrl	$16,		%ebx
-	movl	%edi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%esi
-
-	/* Round 13 */
-	movl	52(%ebp),	%edx
-	movl	%esi,		%ebx
-	xorl	%edx,		%edi
-	shrl	$16,		%ebx
-	movl	%esi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%edi
-
-	/* Round 12 */
-	movl	48(%ebp),	%edx
-	movl	%edi,		%ebx
-	xorl	%edx,		%esi
-	shrl	$16,		%ebx
-	movl	%edi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%esi
-
-	/* Round 11 */
-	movl	44(%ebp),	%edx
-	movl	%esi,		%ebx
-	xorl	%edx,		%edi
-	shrl	$16,		%ebx
-	movl	%esi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%edi
-
-	/* Round 10 */
-	movl	40(%ebp),	%edx
-	movl	%edi,		%ebx
-	xorl	%edx,		%esi
-	shrl	$16,		%ebx
-	movl	%edi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%esi
-
-	/* Round 9 */
-	movl	36(%ebp),	%edx
-	movl	%esi,		%ebx
-	xorl	%edx,		%edi
-	shrl	$16,		%ebx
-	movl	%esi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%edi
-
-	/* Round 8 */
-	movl	32(%ebp),	%edx
-	movl	%edi,		%ebx
-	xorl	%edx,		%esi
-	shrl	$16,		%ebx
-	movl	%edi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%esi
-
-	/* Round 7 */
-	movl	28(%ebp),	%edx
-	movl	%esi,		%ebx
-	xorl	%edx,		%edi
-	shrl	$16,		%ebx
-	movl	%esi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%edi
-
-	/* Round 6 */
-	movl	24(%ebp),	%edx
-	movl	%edi,		%ebx
-	xorl	%edx,		%esi
-	shrl	$16,		%ebx
-	movl	%edi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%esi
-
-	/* Round 5 */
-	movl	20(%ebp),	%edx
-	movl	%esi,		%ebx
-	xorl	%edx,		%edi
-	shrl	$16,		%ebx
-	movl	%esi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%edi
-
-	/* Round 4 */
-	movl	16(%ebp),	%edx
-	movl	%edi,		%ebx
-	xorl	%edx,		%esi
-	shrl	$16,		%ebx
-	movl	%edi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%esi
-
-	/* Round 3 */
-	movl	12(%ebp),	%edx
-	movl	%esi,		%ebx
-	xorl	%edx,		%edi
-	shrl	$16,		%ebx
-	movl	%esi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%edi
-
-	/* Round 2 */
-	movl	8(%ebp),	%edx
-	movl	%edi,		%ebx
-	xorl	%edx,		%esi
-	shrl	$16,		%ebx
-	movl	%edi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%esi
-
-	/* Round 1 */
-	movl	4(%ebp),	%edx
-	movl	%esi,		%ebx
-	xorl	%edx,		%edi
-	shrl	$16,		%ebx
-	movl	%esi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	/* Load parameter 0 (1) enc=0 */
-	movl	20(%esp),	%eax
-	xorl	%ebx,		%edi
-	movl	(%ebp),		%edx
-	xorl	%edx,		%esi
-	movl	%edi,		4(%eax)
-	movl	%esi,		(%eax)
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.BF_decrypt_end:
-	SIZE(BF_decrypt,.BF_decrypt_end-BF_decrypt)
-.ident	"BF_decrypt"
-.text
-	.align ALIGN
-.globl BF_cbc_encrypt
-	TYPE(BF_cbc_encrypt,@function)
-BF_cbc_encrypt:
-
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	movl	28(%esp),	%ebp
-	/* getting iv ptr from parameter 4 */
-	movl	36(%esp),	%ebx
-	movl	(%ebx),		%esi
-	movl	4(%ebx),	%edi
-	pushl	%edi
-	pushl	%esi
-	pushl	%edi
-	pushl	%esi
-	movl	%esp,		%ebx
-	movl	36(%esp),	%esi
-	movl	40(%esp),	%edi
-	/* getting encrypt flag from parameter 5 */
-	movl	56(%esp),	%ecx
-	/* get and push parameter 3 */
-	movl	48(%esp),	%eax
-	pushl	%eax
-	pushl	%ebx
-	cmpl	$0,		%ecx
-	jz	.L000decrypt
-	andl	$4294967288,	%ebp
-	movl	8(%esp),	%eax
-	movl	12(%esp),	%ebx
-	jz	.L001encrypt_finish
-.L002encrypt_loop:
-	movl	(%esi),		%ecx
-	movl	4(%esi),	%edx
-	xorl	%ecx,		%eax
-	xorl	%edx,		%ebx
-.byte 15
-.byte 200		/* bswapl  %eax */
-.byte 15
-.byte 203		/* bswapl  %ebx */
-	movl	%eax,		8(%esp)
-	movl	%ebx,		12(%esp)
-	call	BF_encrypt
-	movl	8(%esp),	%eax
-	movl	12(%esp),	%ebx
-.byte 15
-.byte 200		/* bswapl  %eax */
-.byte 15
-.byte 203		/* bswapl  %ebx */
-	movl	%eax,		(%edi)
-	movl	%ebx,		4(%edi)
-	addl	$8,		%esi
-	addl	$8,		%edi
-	subl	$8,		%ebp
-	jnz	.L002encrypt_loop
-.L001encrypt_finish:
-	movl	52(%esp),	%ebp
-	andl	$7,		%ebp
-	jz	.L003finish
-	xorl	%ecx,		%ecx
-	xorl	%edx,		%edx
-	movl	.L004cbc_enc_jmp_table(,%ebp,4),%ebp
-	jmp	*%ebp
-.L005ej7:
-	movb	6(%esi),	%dh
-	sall	$8,		%edx
-.L006ej6:
-	movb	5(%esi),	%dh
-.L007ej5:
-	movb	4(%esi),	%dl
-.L008ej4:
-	movl	(%esi),		%ecx
-	jmp	.L009ejend
-.L010ej3:
-	movb	2(%esi),	%ch
-	sall	$8,		%ecx
-.L011ej2:
-	movb	1(%esi),	%ch
-.L012ej1:
-	movb	(%esi),		%cl
-.L009ejend:
-	xorl	%ecx,		%eax
-	xorl	%edx,		%ebx
-.byte 15
-.byte 200		/* bswapl  %eax */
-.byte 15
-.byte 203		/* bswapl  %ebx */
-	movl	%eax,		8(%esp)
-	movl	%ebx,		12(%esp)
-	call	BF_encrypt
-	movl	8(%esp),	%eax
-	movl	12(%esp),	%ebx
-.byte 15
-.byte 200		/* bswapl  %eax */
-.byte 15
-.byte 203		/* bswapl  %ebx */
-	movl	%eax,		(%edi)
-	movl	%ebx,		4(%edi)
-	jmp	.L003finish
-.align ALIGN
-.L000decrypt:
-	andl	$4294967288,	%ebp
-	movl	16(%esp),	%eax
-	movl	20(%esp),	%ebx
-	jz	.L013decrypt_finish
-.L014decrypt_loop:
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-.byte 15
-.byte 200		/* bswapl  %eax */
-.byte 15
-.byte 203		/* bswapl  %ebx */
-	movl	%eax,		8(%esp)
-	movl	%ebx,		12(%esp)
-	call	BF_decrypt
-	movl	8(%esp),	%eax
-	movl	12(%esp),	%ebx
-.byte 15
-.byte 200		/* bswapl  %eax */
-.byte 15
-.byte 203		/* bswapl  %ebx */
-	movl	16(%esp),	%ecx
-	movl	20(%esp),	%edx
-	xorl	%eax,		%ecx
-	xorl	%ebx,		%edx
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-	movl	%ecx,		(%edi)
-	movl	%edx,		4(%edi)
-	movl	%eax,		16(%esp)
-	movl	%ebx,		20(%esp)
-	addl	$8,		%esi
-	addl	$8,		%edi
-	subl	$8,		%ebp
-	jnz	.L014decrypt_loop
-.L013decrypt_finish:
-	movl	52(%esp),	%ebp
-	andl	$7,		%ebp
-	jz	.L003finish
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-.byte 15
-.byte 200		/* bswapl  %eax */
-.byte 15
-.byte 203		/* bswapl  %ebx */
-	movl	%eax,		8(%esp)
-	movl	%ebx,		12(%esp)
-	call	BF_decrypt
-	movl	8(%esp),	%eax
-	movl	12(%esp),	%ebx
-.byte 15
-.byte 200		/* bswapl  %eax */
-.byte 15
-.byte 203		/* bswapl  %ebx */
-	movl	16(%esp),	%ecx
-	movl	20(%esp),	%edx
-	xorl	%eax,		%ecx
-	xorl	%ebx,		%edx
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-.L015dj7:
-	rorl	$16,		%edx
-	movb	%dl,		6(%edi)
-	shrl	$16,		%edx
-.L016dj6:
-	movb	%dh,		5(%edi)
-.L017dj5:
-	movb	%dl,		4(%edi)
-.L018dj4:
-	movl	%ecx,		(%edi)
-	jmp	.L019djend
-.L020dj3:
-	rorl	$16,		%ecx
-	movb	%cl,		2(%edi)
-	sall	$16,		%ecx
-.L021dj2:
-	movb	%ch,		1(%esi)
-.L022dj1:
-	movb	%cl,		(%esi)
-.L019djend:
-	jmp	.L003finish
-.align ALIGN
-.L003finish:
-	movl	60(%esp),	%ecx
-	addl	$24,		%esp
-	movl	%eax,		(%ecx)
-	movl	%ebx,		4(%ecx)
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.align ALIGN
-.L004cbc_enc_jmp_table:
-	.long 0
-	.long .L012ej1
-	.long .L011ej2
-	.long .L010ej3
-	.long .L008ej4
-	.long .L007ej5
-	.long .L006ej6
-	.long .L005ej7
-.align ALIGN
-.L023cbc_dec_jmp_table:
-	.long 0
-	.long .L022dj1
-	.long .L021dj2
-	.long .L020dj3
-	.long .L018dj4
-	.long .L017dj5
-	.long .L016dj6
-	.long .L015dj7
-.BF_cbc_encrypt_end:
-	SIZE(BF_cbc_encrypt,.BF_cbc_encrypt_end-BF_cbc_encrypt)
-.ident	"desasm.pl"
diff --git a/lib/libssl/src/crypto/bf/bf_cbc.c b/lib/libssl/src/crypto/bf/bf_cbc.c
index e0fa9ad7631..95d1cdcdf92 100644
--- a/lib/libssl/src/crypto/bf/bf_cbc.c
+++ b/lib/libssl/src/crypto/bf/bf_cbc.c
@@ -56,16 +56,11 @@
  * [including the GNU Public Licence.]
  */
 
-#include "blowfish.h"
+#include <openssl/blowfish.h>
 #include "bf_locl.h"
 
-void BF_cbc_encrypt(in, out, length, ks, iv, encrypt)
-unsigned char *in;
-unsigned char *out;
-long length;
-BF_KEY *ks;
-unsigned char *iv;
-int encrypt;
+void BF_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
+	     BF_KEY *ks, unsigned char *iv, int encrypt)
 	{
 	register BF_LONG tin0,tin1;
 	register BF_LONG tout0,tout1,xor0,xor1;
diff --git a/lib/libssl/src/crypto/bf/bf_cfb64.c b/lib/libssl/src/crypto/bf/bf_cfb64.c
index f9c66e7cedb..1fb8905f49e 100644
--- a/lib/libssl/src/crypto/bf/bf_cfb64.c
+++ b/lib/libssl/src/crypto/bf/bf_cfb64.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-#include "blowfish.h"
+#include <openssl/blowfish.h>
 #include "bf_locl.h"
 
 /* The input and output encrypted as though 64bit cfb mode is being
@@ -64,14 +64,8 @@
  * 64bit block we have used is contained in *num;
  */
 
-void BF_cfb64_encrypt(in, out, length, schedule, ivec, num, encrypt)
-unsigned char *in;
-unsigned char *out;
-long length;
-BF_KEY *schedule;
-unsigned char *ivec;
-int *num;
-int encrypt;
+void BF_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
+	     BF_KEY *schedule, unsigned char *ivec, int *num, int encrypt)
 	{
 	register BF_LONG v0,v1,t;
 	register int n= *num;
diff --git a/lib/libssl/src/crypto/bf/bf_ecb.c b/lib/libssl/src/crypto/bf/bf_ecb.c
index 6d16360bd98..9f8a24cdff5 100644
--- a/lib/libssl/src/crypto/bf/bf_ecb.c
+++ b/lib/libssl/src/crypto/bf/bf_ecb.c
@@ -56,17 +56,18 @@
  * [including the GNU Public Licence.]
  */
 
-#include "blowfish.h"
+#include <openssl/blowfish.h>
 #include "bf_locl.h"
+#include <openssl/opensslv.h>
 
 /* Blowfish as implemented from 'Blowfish: Springer-Verlag paper'
  * (From LECTURE NOTES IN COIMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
  * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
  */
 
-char *BF_version="BlowFish part of SSLeay 0.9.0b 29-Jun-1998";
+const char *BF_version="BlowFish" OPENSSL_VERSION_PTEXT;
 
-char *BF_options()
+const char *BF_options(void)
 	{
 #ifdef BF_PTR
 	return("blowfish(ptr)");
@@ -77,11 +78,8 @@ char *BF_options()
 #endif
 	}
 
-void BF_ecb_encrypt(in, out, ks, encrypt)
-unsigned char *in;
-unsigned char *out;
-BF_KEY *ks;
-int encrypt;
+void BF_ecb_encrypt(unsigned char *in, unsigned char *out, BF_KEY *ks,
+	     int encrypt)
 	{
 	BF_LONG l,d[2];
 
diff --git a/lib/libssl/src/crypto/bf/bf_enc.c b/lib/libssl/src/crypto/bf/bf_enc.c
index 66a8604c594..ee018345619 100644
--- a/lib/libssl/src/crypto/bf/bf_enc.c
+++ b/lib/libssl/src/crypto/bf/bf_enc.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-#include "blowfish.h"
+#include <openssl/blowfish.h>
 #include "bf_locl.h"
 
 /* Blowfish as implemented from 'Blowfish: Springer-Verlag paper'
@@ -65,14 +65,13 @@
  */
 
 #if (BF_ROUNDS != 16) && (BF_ROUNDS != 20)
-If you set BF_ROUNDS to some value other than 16 or 20, you will have
+#error If you set BF_ROUNDS to some value other than 16 or 20, you will have \
 to modify the code.
 #endif
 
-void BF_encrypt(data,key)
-BF_LONG *data;
-BF_KEY *key;
+void BF_encrypt(BF_LONG *data, BF_KEY *key)
 	{
+#ifndef BF_PTR2
 	register BF_LONG l,r,*p,*s;
 
 	p=key->P;
@@ -107,14 +106,48 @@ BF_KEY *key;
 
 	data[1]=l&0xffffffffL;
 	data[0]=r&0xffffffffL;
+#else
+	register BF_LONG l,r,t,*k;
+
+	l=data[0];
+	r=data[1];
+	k=(BF_LONG*)key;
+
+	l^=k[0];
+	BF_ENC(r,l,k, 1);
+	BF_ENC(l,r,k, 2);
+	BF_ENC(r,l,k, 3);
+	BF_ENC(l,r,k, 4);
+	BF_ENC(r,l,k, 5);
+	BF_ENC(l,r,k, 6);
+	BF_ENC(r,l,k, 7);
+	BF_ENC(l,r,k, 8);
+	BF_ENC(r,l,k, 9);
+	BF_ENC(l,r,k,10);
+	BF_ENC(r,l,k,11);
+	BF_ENC(l,r,k,12);
+	BF_ENC(r,l,k,13);
+	BF_ENC(l,r,k,14);
+	BF_ENC(r,l,k,15);
+	BF_ENC(l,r,k,16);
+#if BF_ROUNDS == 20
+	BF_ENC(r,l,k,17);
+	BF_ENC(l,r,k,18);
+	BF_ENC(r,l,k,19);
+	BF_ENC(l,r,k,20);
+#endif
+	r^=k[BF_ROUNDS+1];
+
+	data[1]=l&0xffffffffL;
+	data[0]=r&0xffffffffL;
+#endif
 	}
 
 #ifndef BF_DEFAULT_OPTIONS
 
-void BF_decrypt(data,key)
-BF_LONG *data;
-BF_KEY *key;
+void BF_decrypt(BF_LONG *data, BF_KEY *key)
 	{
+#ifndef BF_PTR2
 	register BF_LONG l,r,*p,*s;
 
 	p=key->P;
@@ -149,15 +182,45 @@ BF_KEY *key;
 
 	data[1]=l&0xffffffffL;
 	data[0]=r&0xffffffffL;
+#else
+	register BF_LONG l,r,t,*k;
+
+	l=data[0];
+	r=data[1];
+	k=(BF_LONG *)key;
+
+	l^=k[BF_ROUNDS+1];
+#if BF_ROUNDS == 20
+	BF_ENC(r,l,k,20);
+	BF_ENC(l,r,k,19);
+	BF_ENC(r,l,k,18);
+	BF_ENC(l,r,k,17);
+#endif
+	BF_ENC(r,l,k,16);
+	BF_ENC(l,r,k,15);
+	BF_ENC(r,l,k,14);
+	BF_ENC(l,r,k,13);
+	BF_ENC(r,l,k,12);
+	BF_ENC(l,r,k,11);
+	BF_ENC(r,l,k,10);
+	BF_ENC(l,r,k, 9);
+	BF_ENC(r,l,k, 8);
+	BF_ENC(l,r,k, 7);
+	BF_ENC(r,l,k, 6);
+	BF_ENC(l,r,k, 5);
+	BF_ENC(r,l,k, 4);
+	BF_ENC(l,r,k, 3);
+	BF_ENC(r,l,k, 2);
+	BF_ENC(l,r,k, 1);
+	r^=k[0];
+
+	data[1]=l&0xffffffffL;
+	data[0]=r&0xffffffffL;
+#endif
 	}
 
-void BF_cbc_encrypt(in, out, length, ks, iv, encrypt)
-unsigned char *in;
-unsigned char *out;
-long length;
-BF_KEY *ks;
-unsigned char *iv;
-int encrypt;
+void BF_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
+	     BF_KEY *ks, unsigned char *iv, int encrypt)
 	{
 	register BF_LONG tin0,tin1;
 	register BF_LONG tout0,tout1,xor0,xor1;
diff --git a/lib/libssl/src/crypto/bf/bf_locl.org b/lib/libssl/src/crypto/bf/bf_locl.h
index a5663de8cae..05756b5d3b6 100644
--- a/lib/libssl/src/crypto/bf/bf_locl.org
+++ b/lib/libssl/src/crypto/bf/bf_locl.h
@@ -1,4 +1,4 @@
-/* crypto/bf/bf_locl.org */
+/* crypto/bf/bf_locl.h */
 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,39 +56,9 @@
  * [including the GNU Public Licence.]
  */
 
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- *
- * Always modify bf_locl.org since bf_locl.h is automatically generated from
- * it during SSLeay configuration.
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
-
-#if defined( sun )                    /* Newer Sparc's */
-#  define BF_PTR
-#elif defined( __ultrix )     /* Older MIPS */
-#  define BF_PTR
-#elif defined( __osf1__ )     /* Alpha */
-  /* None */
-#elif defined ( _AIX )                /* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )               /* HP-PA */
-  /* None */
-#elif defined( __aux )                /* 68K */
-  /* Unknown */
-#elif defined( __dgux )               /* 88K (but P6 in latest boxes) */
-  /* Unknown */
-#elif defined( __sgi )                /* Newer MIPS */
-#  define BF_PTR
-#elif defined( i386 )         /* x86 boxes, should be gcc */
-#elif defined( _MSC_VER )     /* x86 boxes, Visual C */
-#endif /* Systems-specific speed defines */
+#ifndef HEADER_BF_LOCL_H
+#define HEADER_BF_LOCL_H
+#include <openssl/opensslconf.h> /* BF_PTR, BF_PTR2 */
 
 #undef c2l
 #define c2l(c,l)	(l =((unsigned long)(*((c)++)))    , \
@@ -181,62 +151,69 @@
 /* This is actually a big endian algorithm, the most significate byte
  * is used to lookup array 0 */
 
-/* use BF_PTR2 for intel boxes,
- * BF_PTR for sparc and MIPS/SGI
- * use nothing for Alpha and HP.
- */
-#if !defined(BF_PTR) && !defined(BF_PTR2)
-#undef BF_PTR
-#endif
-
-#define BF_M	0x3fc
-#define BF_0	22L
-#define BF_1	14L
-#define BF_2	 6L
-#define BF_3	 2L /* left shift */
-
 #if defined(BF_PTR2)
 
-/* This is basically a special pentium verson */
-#define BF_ENC(LL,R,S,P) \
-	{ \
-	BF_LONG t,u,v; \
-	u=R>>BF_0; \
-	v=R>>BF_1; \
-	u&=BF_M; \
-	v&=BF_M; \
-	t=  *(BF_LONG *)((unsigned char *)&(S[  0])+u); \
-	u=R>>BF_2; \
-	t+= *(BF_LONG *)((unsigned char *)&(S[256])+v); \
-	v=R<<BF_3; \
-	u&=BF_M; \
-	v&=BF_M; \
-	t^= *(BF_LONG *)((unsigned char *)&(S[512])+u); \
-	LL^=P; \
-	t+= *(BF_LONG *)((unsigned char *)&(S[768])+v); \
-	LL^=t; \
-	}
+/*
+ * This is basically a special Intel version. Point is that Intel
+ * doesn't have many registers, but offers a reach choice of addressing
+ * modes. So we spare some registers by directly traversing BF_KEY
+ * structure and hiring the most decorated addressing mode. The code
+ * generated by EGCS is *perfectly* competitive with assembler
+ * implementation!
+ */
+#define BF_ENC(LL,R,KEY,Pi) (\
+	LL^=KEY[Pi], \
+	t=  KEY[BF_ROUNDS+2 +   0 + ((R>>24)&0xFF)], \
+	t+= KEY[BF_ROUNDS+2 + 256 + ((R>>16)&0xFF)], \
+	t^= KEY[BF_ROUNDS+2 + 512 + ((R>>8 )&0xFF)], \
+	t+= KEY[BF_ROUNDS+2 + 768 + ((R    )&0xFF)], \
+	LL^=t \
+	)
 
 #elif defined(BF_PTR)
 
-/* This is normally very good */
+#ifndef BF_LONG_LOG2
+#define BF_LONG_LOG2  2       /* default to BF_LONG being 32 bits */
+#endif
+#define BF_M  (0xFF<<BF_LONG_LOG2)
+#define BF_0  (24-BF_LONG_LOG2)
+#define BF_1  (16-BF_LONG_LOG2)
+#define BF_2  ( 8-BF_LONG_LOG2)
+#define BF_3  BF_LONG_LOG2 /* left shift */
+
+/*
+ * This is normally very good on RISC platforms where normally you
+ * have to explicitely "multiplicate" array index by sizeof(BF_LONG)
+ * in order to caclulate the effective address. This implementation
+ * excuses CPU from this extra work. Power[PC] uses should have most
+ * fun as (R>>BF_i)&BF_M gets folded into a single instruction, namely
+ * rlwinm. So let'em double-check if their compiler does it.
+ */
 
-#define BF_ENC(LL,R,S,P) \
-	LL^=P; \
+#define BF_ENC(LL,R,S,P) ( \
+	LL^=P, \
 	LL^= (((*(BF_LONG *)((unsigned char *)&(S[  0])+((R>>BF_0)&BF_M))+ \
 		*(BF_LONG *)((unsigned char *)&(S[256])+((R>>BF_1)&BF_M)))^ \
 		*(BF_LONG *)((unsigned char *)&(S[512])+((R>>BF_2)&BF_M)))+ \
-		*(BF_LONG *)((unsigned char *)&(S[768])+((R<<BF_3)&BF_M)));
+		*(BF_LONG *)((unsigned char *)&(S[768])+((R<<BF_3)&BF_M))) \
+	)
 #else
 
-/* This will always work, even on 64 bit machines and strangly enough,
- * on the Alpha it is faster than the pointer versions (both 32 and 64
- * versions of BF_LONG) */
+/*
+ * This is a *generic* version. Seem to perform best on platforms that
+ * offer explicit support for extraction of 8-bit nibbles preferably
+ * complemented with "multiplying" of array index by sizeof(BF_LONG).
+ * For the moment of this writing the list comprises Alpha CPU featuring
+ * extbl and s[48]addq instructions.
+ */
+
+#define BF_ENC(LL,R,S,P) ( \
+	LL^=P, \
+	LL^=(((	S[       ((int)(R>>24)&0xff)] + \
+		S[0x0100+((int)(R>>16)&0xff)])^ \
+		S[0x0200+((int)(R>> 8)&0xff)])+ \
+		S[0x0300+((int)(R    )&0xff)])&0xffffffffL \
+	)
+#endif
 
-#define BF_ENC(LL,R,S,P) \
-	LL^=P; \
-	LL^=(((	S[        (int)(R>>24L)      ] + \
-		S[0x0100+((int)(R>>16L)&0xff)])^ \
-		S[0x0200+((int)(R>> 8L)&0xff)])+ \
-		S[0x0300+((int)(R     )&0xff)])&0xffffffffL;
 #endif
diff --git a/lib/libssl/src/crypto/bf/bf_ofb64.c b/lib/libssl/src/crypto/bf/bf_ofb64.c
index 5d844ac760d..8ceb8d9bdaa 100644
--- a/lib/libssl/src/crypto/bf/bf_ofb64.c
+++ b/lib/libssl/src/crypto/bf/bf_ofb64.c
@@ -56,20 +56,15 @@
  * [including the GNU Public Licence.]
  */
 
-#include "blowfish.h"
+#include <openssl/blowfish.h>
 #include "bf_locl.h"
 
 /* The input and output encrypted as though 64bit ofb mode is being
  * used.  The extra state information to record how much of the
  * 64bit block we have used is contained in *num;
  */
-void BF_ofb64_encrypt(in, out, length, schedule, ivec, num)
-unsigned char *in;
-unsigned char *out;
-long length;
-BF_KEY *schedule;
-unsigned char *ivec;
-int *num;
+void BF_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
+	     BF_KEY *schedule, unsigned char *ivec, int *num)
 	{
 	register BF_LONG v0,v1,t;
 	register int n= *num;
diff --git a/lib/libssl/src/crypto/bf/bf_opts.c b/lib/libssl/src/crypto/bf/bf_opts.c
index 5cfa60c5373..5f330cc53ce 100644
--- a/lib/libssl/src/crypto/bf/bf_opts.c
+++ b/lib/libssl/src/crypto/bf/bf_opts.c
@@ -59,19 +59,17 @@
 /* define PART1, PART2, PART3 or PART4 to build only with a few of the options.
  * This is for machines with 64k code segment size restrictions. */
 
-#ifndef MSDOS
+#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
 #define TIMES
 #endif
 
 #include <stdio.h>
-#ifndef MSDOS
-#include <unistd.h>
-#else
-#include <io.h>
-extern void exit();
-#endif
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+
 #include <signal.h>
-#ifndef VMS
 #ifndef _IRIX
 #include <time.h>
 #endif
@@ -79,25 +77,26 @@ extern void exit();
 #include <sys/types.h>
 #include <sys/times.h>
 #endif
-#else /* VMS */
-#include <types.h>
-struct tms {
-	time_t tms_utime;
-	time_t tms_stime;
-	time_t tms_uchild;	/* I dunno...  */
-	time_t tms_uchildsys;	/* so these names are a guess :-) */
-	}
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#undef TIMES
 #endif
+
 #ifndef TIMES
 #include <sys/timeb.h>
 #endif
 
-#ifdef sun
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
 #include <limits.h>
 #include <sys/param.h>
 #endif
 
-#include "blowfish.h"
+#include <openssl/blowfish.h>
 
 #define BF_DEFAULT_OPTIONS
 
@@ -126,11 +125,7 @@ struct tms {
 #ifndef HZ
 # ifndef CLK_TCK
 #  ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
-#   ifndef VMS
-#    define HZ	100.0
-#   else /* VMS */
-#    define HZ	100.0
-#   endif
+#   define HZ	100.0
 #  else /* _BSD_CLK_TCK_ */
 #   define HZ ((double)_BSD_CLK_TCK_)
 #  endif
@@ -142,12 +137,7 @@ struct tms {
 #define BUFSIZE	((long)1024)
 long run=0;
 
-#ifndef NOPROTO
 double Time_F(int s);
-#else
-double Time_F();
-#endif
-
 #ifdef SIGALRM
 #if defined(__STDC__) || defined(sgi)
 #define SIGRETTYPE void
@@ -155,14 +145,8 @@ double Time_F();
 #define SIGRETTYPE int
 #endif
 
-#ifndef NOPROTO
 SIGRETTYPE sig_done(int sig);
-#else
-SIGRETTYPE sig_done();
-#endif
-
-SIGRETTYPE sig_done(sig)
-int sig;
+SIGRETTYPE sig_done(int sig)
 	{
 	signal(SIGALRM,sig_done);
 	run=0;
@@ -175,8 +159,7 @@ int sig;
 #define START	0
 #define STOP	1
 
-double Time_F(s)
-int s;
+double Time_F(int s)
 	{
 	double ret;
 #ifdef TIMES
@@ -237,9 +220,7 @@ int s;
 	fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \
 		tm[index]*8,1.0e6/tm[index]);
 
-int main(argc,argv)
-int argc;
-char **argv;
+int main(int argc, char **argv)
 	{
 	long count;
 	static unsigned char buf[BUFSIZE];
diff --git a/lib/libssl/src/crypto/bf/bf_skey.c b/lib/libssl/src/crypto/bf/bf_skey.c
index 86574c0acc4..eefa8e6f51d 100644
--- a/lib/libssl/src/crypto/bf/bf_skey.c
+++ b/lib/libssl/src/crypto/bf/bf_skey.c
@@ -58,14 +58,11 @@
 
 #include <stdio.h>
 #include <string.h>
-#include "blowfish.h"
+#include <openssl/blowfish.h>
 #include "bf_locl.h"
 #include "bf_pi.h"
 
-void BF_set_key(key,len,data)
-BF_KEY *key;
-int len;
-unsigned char *data;
+void BF_set_key(BF_KEY *key, int len, unsigned char *data)
 	{
 	int i;
 	BF_LONG *p,ri,in[2];
diff --git a/lib/libssl/src/crypto/bf/bfs.cpp b/lib/libssl/src/crypto/bf/bfs.cpp
index 272ed2f9780..d74c4577607 100644
--- a/lib/libssl/src/crypto/bf/bfs.cpp
+++ b/lib/libssl/src/crypto/bf/bfs.cpp
@@ -32,7 +32,7 @@ void GetTSC(unsigned long& tsc)
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "blowfish.h"
+#include <openssl/blowfish.h>
 
 void main(int argc,char *argv[])
 	{
diff --git a/lib/libssl/src/crypto/bf/bfspeed.c b/lib/libssl/src/crypto/bf/bfspeed.c
index 640d820dd3c..9b893e92cc5 100644
--- a/lib/libssl/src/crypto/bf/bfspeed.c
+++ b/lib/libssl/src/crypto/bf/bfspeed.c
@@ -59,19 +59,17 @@
 /* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
 /* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
 
-#ifndef MSDOS
+#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
 #define TIMES
 #endif
 
 #include <stdio.h>
-#ifndef MSDOS
-#include <unistd.h>
-#else
-#include <io.h>
-extern int exit();
-#endif
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+
 #include <signal.h>
-#ifndef VMS
 #ifndef _IRIX
 #include <time.h>
 #endif
@@ -79,34 +77,31 @@ extern int exit();
 #include <sys/types.h>
 #include <sys/times.h>
 #endif
-#else /* VMS */
-#include <types.h>
-struct tms {
-	time_t tms_utime;
-	time_t tms_stime;
-	time_t tms_uchild;	/* I dunno...  */
-	time_t tms_uchildsys;	/* so these names are a guess :-) */
-	}
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#undef TIMES
 #endif
+
 #ifndef TIMES
 #include <sys/timeb.h>
 #endif
 
-#ifdef sun
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
 #include <limits.h>
 #include <sys/param.h>
 #endif
 
-#include "blowfish.h"
+#include <openssl/blowfish.h>
 
 /* The following if from times(3) man page.  It may need to be changed */
 #ifndef HZ
 #ifndef CLK_TCK
-#ifndef VMS
-#define HZ	100.0
-#else /* VMS */
 #define HZ	100.0
-#endif
 #else /* CLK_TCK */
 #define HZ ((double)CLK_TCK)
 #endif
@@ -115,12 +110,7 @@ struct tms {
 #define BUFSIZE	((long)1024)
 long run=0;
 
-#ifndef NOPROTO
 double Time_F(int s);
-#else
-double Time_F();
-#endif
-
 #ifdef SIGALRM
 #if defined(__STDC__) || defined(sgi) || defined(_AIX)
 #define SIGRETTYPE void
@@ -128,14 +118,8 @@ double Time_F();
 #define SIGRETTYPE int
 #endif
 
-#ifndef NOPROTO
 SIGRETTYPE sig_done(int sig);
-#else
-SIGRETTYPE sig_done();
-#endif
-
-SIGRETTYPE sig_done(sig)
-int sig;
+SIGRETTYPE sig_done(int sig)
 	{
 	signal(SIGALRM,sig_done);
 	run=0;
@@ -148,8 +132,7 @@ int sig;
 #define START	0
 #define STOP	1
 
-double Time_F(s)
-int s;
+double Time_F(int s)
 	{
 	double ret;
 #ifdef TIMES
@@ -185,9 +168,7 @@ int s;
 #endif
 	}
 
-int main(argc,argv)
-int argc;
-char **argv;
+int main(int argc, char **argv)
 	{
 	long count;
 	static unsigned char buf[BUFSIZE];
diff --git a/lib/libssl/src/crypto/bf/bftest.c b/lib/libssl/src/crypto/bf/bftest.c
index 9266cf813a4..6ecd2609a92 100644
--- a/lib/libssl/src/crypto/bf/bftest.c
+++ b/lib/libssl/src/crypto/bf/bftest.c
@@ -62,7 +62,19 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#include "blowfish.h"
+
+#ifdef NO_BF
+int main(int argc, char *argv[])
+{
+    printf("No BF support\n");
+    return(0);
+}
+#else
+#include <openssl/blowfish.h>
+
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
 
 char *bf_key[2]={
 	"abcdefghijklmnopqrstuvwxyz",
@@ -252,17 +264,9 @@ unsigned char key_out[KEY_TEST_NUM][8]={
 	{0x05,0x04,0x4B,0x62,0xFA,0x52,0xD0,0x80},
 	};
 
-#ifndef NOPROTO
 static int test(void );
 static int print_test_data(void );
-#else
-static int test();
-static int print_test_data();
-#endif
-
-int main(argc,argv)
-int argc;
-char *argv[];
+int main(int argc, char *argv[])
 	{
 	int ret;
 
@@ -275,7 +279,7 @@ char *argv[];
 	return(0);
 	}
 
-static int print_test_data()
+static int print_test_data(void)
 	{
 	unsigned int i,j;
 
@@ -304,7 +308,7 @@ static int print_test_data()
 		printf("c=");
 		for (j=0; j<8; j++)
 			printf("%02X",key_out[i][j]);
-		printf(" k[%2d]=",i+1);
+		printf(" k[%2u]=",i+1);
 		for (j=0; j<i+1; j++)
 			printf("%02X",key_test[j]);
 		printf("\n");
@@ -342,7 +346,7 @@ static int print_test_data()
 	return(0);
 	}
 
-static int test()
+static int test(void)
 	{
 	unsigned char cbc_in[40],cbc_out[40],iv[8];
 	int i,n,err=0;
@@ -351,9 +355,16 @@ static int test()
 	unsigned char out[8]; 
 	BF_LONG len;
 
+#ifdef CHARSET_EBCDIC
+	ebcdic2ascii(cbc_data, cbc_data, strlen(cbc_data));
+#endif
+
 	printf("testing blowfish in raw ecb mode\n");
 	for (n=0; n<2; n++)
 		{
+#ifdef CHARSET_EBCDIC
+		ebcdic2ascii(bf_key[n], bf_key[n], strlen(bf_key[n]));
+#endif
 		BF_set_key(&key,strlen(bf_key[n]),(unsigned char *)bf_key[n]);
 
 		data[0]=bf_plain[n][0];
@@ -364,11 +375,11 @@ static int test()
 			printf("BF_encrypt error encrypting\n");
 			printf("got     :");
 			for (i=0; i<2; i++)
-				printf("%08lX ",data[i]);
+				printf("%08lX ",(unsigned long)data[i]);
 			printf("\n");
 			printf("expected:");
 			for (i=0; i<2; i++)
-				printf("%08lX ",bf_cipher[n][i]);
+				printf("%08lX ",(unsigned long)bf_cipher[n][i]);
 			err=1;
 			printf("\n");
 			}
@@ -379,11 +390,11 @@ static int test()
 			printf("BF_encrypt error decrypting\n");
 			printf("got     :");
 			for (i=0; i<2; i++)
-				printf("%08lX ",data[i]);
+				printf("%08lX ",(unsigned long)data[i]);
 			printf("\n");
 			printf("expected:");
 			for (i=0; i<2; i++)
-				printf("%08lX ",bf_plain[n][i]);
+				printf("%08lX ",(unsigned long)bf_plain[n][i]);
 			printf("\n");
 			err=1;
 			}
@@ -519,3 +530,4 @@ static int test()
 
 	return(err);
 	}
+#endif
diff --git a/lib/libssl/src/crypto/bf/blowfish.h b/lib/libssl/src/crypto/bf/blowfish.h
index c4a8085a29c..02f73b2f309 100644
--- a/lib/libssl/src/crypto/bf/blowfish.h
+++ b/lib/libssl/src/crypto/bf/blowfish.h
@@ -63,14 +63,35 @@
 extern "C" {
 #endif
 
+#ifdef NO_BF
+#error BF is disabled.
+#endif
+
 #define BF_ENCRYPT	1
 #define BF_DECRYPT	0
 
-/* If you make this 'unsigned int' the pointer variants will work on
- * the Alpha, otherwise they will not.  Strangly using the '8 byte'
- * BF_LONG and the default 'non-pointer' inner loop is the best configuration
- * for the Alpha */
+/*
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! BF_LONG has to be at least 32 bits wide. If it's wider, then !
+ * ! BF_LONG_LOG2 has to be defined along.                        !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+
+#if defined(WIN16) || defined(__LP32__)
 #define BF_LONG unsigned long
+#elif defined(_CRAY) || defined(__ILP64__)
+#define BF_LONG unsigned long
+#define BF_LONG_LOG2 3
+/*
+ * _CRAY note. I could declare short, but I have no idea what impact
+ * does it have on performance on none-T3E machines. I could declare
+ * int, but at least on C90 sizeof(int) can be chosen at compile time.
+ * So I've chosen long...
+ *					<appro@fy.chalmers.se>
+ */
+#else
+#define BF_LONG unsigned int
+#endif
 
 #define BF_ROUNDS	16
 #define BF_BLOCK	8
@@ -81,7 +102,6 @@ typedef struct bf_key_st
 	BF_LONG S[4*256];
 	} BF_KEY;
 
-#ifndef NOPROTO
  
 void BF_set_key(BF_KEY *key, int len, unsigned char *data);
 void BF_ecb_encrypt(unsigned char *in,unsigned char *out,BF_KEY *key,
@@ -94,20 +114,7 @@ void BF_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
 	BF_KEY *schedule, unsigned char *ivec, int *num, int enc);
 void BF_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
 	BF_KEY *schedule, unsigned char *ivec, int *num);
-char *BF_options(void);
-
-#else
-
-void BF_set_key();
-void BF_ecb_encrypt();
-void BF_encrypt();
-void BF_decrypt();
-void BF_cbc_encrypt();
-void BF_cfb64_encrypt();
-void BF_ofb64_encrypt();
-char *BF_options();
-
-#endif
+const char *BF_options(void);
 
 #ifdef  __cplusplus
 }
diff --git a/lib/libssl/src/crypto/bio/Makefile.ssl b/lib/libssl/src/crypto/bio/Makefile.ssl
index 42e11e1c94f..f54c7ee1f09 100644
--- a/lib/libssl/src/crypto/bio/Makefile.ssl
+++ b/lib/libssl/src/crypto/bio/Makefile.ssl
@@ -7,36 +7,36 @@ TOP=	../..
 CC=	cc
 INCLUDES= -I.. -I../../include
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
-ERR=bio
-ERRC=bio_err
 GENERAL=Makefile
 TEST=
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= bio_lib.c bio_cb.c $(ERRC).c \
+LIBSRC= bio_lib.c bio_cb.c bio_err.c \
 	bss_mem.c bss_null.c bss_fd.c \
 	bss_file.c bss_sock.c bss_conn.c \
 	bf_null.c bf_buff.c b_print.c b_dump.c \
-	b_sock.c bss_acpt.c bf_nbio.c
-LIBOBJ= bio_lib.o bio_cb.o $(ERRC).o \
+	b_sock.c bss_acpt.c bf_nbio.c bss_log.c bss_bio.c
+LIBOBJ= bio_lib.o bio_cb.o bio_err.o \
 	bss_mem.o bss_null.o bss_fd.o \
 	bss_file.o bss_sock.o bss_conn.o \
 	bf_null.o bf_buff.o b_print.o b_dump.o \
-	b_sock.o bss_acpt.o bf_nbio.o
+	b_sock.o bss_acpt.o bf_nbio.o bss_log.o bss_bio.o
 
 SRC= $(LIBSRC)
 
-EXHEADER= bio.h bss_file.c
-HEADER=	$(EXHEADER)
+EXHEADER= bio.h
+HEADER=	bss_file.c $(EXHEADER)
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
 
@@ -47,24 +47,23 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
-	@for i in $(EXHEADER) bss_file.c ; \
+	@for i in $(EXHEADER); \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -76,17 +75,136 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
-	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+b_dump.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+b_dump.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+b_dump.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+b_dump.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+b_dump.o: ../../include/openssl/stack.h ../cryptlib.h
+b_print.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+b_print.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+b_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+b_print.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+b_print.o: ../../include/openssl/stack.h ../cryptlib.h
+b_sock.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+b_sock.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+b_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+b_sock.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+b_sock.o: ../../include/openssl/stack.h ../cryptlib.h
+bf_buff.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+bf_buff.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+bf_buff.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+bf_buff.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+bf_buff.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+bf_buff.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bf_buff.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+bf_buff.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+bf_buff.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+bf_buff.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+bf_buff.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+bf_buff.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+bf_buff.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+bf_buff.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+bf_buff.o: ../../include/openssl/stack.h ../cryptlib.h
+bf_nbio.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+bf_nbio.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+bf_nbio.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+bf_nbio.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+bf_nbio.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+bf_nbio.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bf_nbio.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+bf_nbio.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+bf_nbio.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+bf_nbio.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+bf_nbio.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+bf_nbio.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+bf_nbio.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+bf_nbio.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+bf_nbio.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+bf_nbio.o: ../cryptlib.h
+bf_null.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+bf_null.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+bf_null.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+bf_null.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+bf_null.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+bf_null.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bf_null.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+bf_null.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+bf_null.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+bf_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+bf_null.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+bf_null.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+bf_null.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+bf_null.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+bf_null.o: ../../include/openssl/stack.h ../cryptlib.h
+bio_cb.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+bio_cb.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+bio_cb.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_cb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bio_cb.o: ../../include/openssl/stack.h ../cryptlib.h
+bio_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+bio_err.o: ../../include/openssl/err.h ../../include/openssl/opensslv.h
+bio_err.o: ../../include/openssl/stack.h
+bio_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+bio_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+bio_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bio_lib.o: ../../include/openssl/stack.h ../cryptlib.h
+bss_acpt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+bss_acpt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+bss_acpt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_acpt.o: ../../include/openssl/opensslconf.h
+bss_acpt.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bss_acpt.o: ../cryptlib.h
+bss_bio.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+bss_bio.o: ../../include/openssl/err.h ../../include/openssl/opensslv.h
+bss_bio.o: ../../include/openssl/stack.h
+bss_conn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+bss_conn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+bss_conn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_conn.o: ../../include/openssl/opensslconf.h
+bss_conn.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bss_conn.o: ../cryptlib.h
+bss_fd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+bss_fd.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+bss_fd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_fd.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bss_fd.o: ../../include/openssl/stack.h ../cryptlib.h bss_sock.c
+bss_file.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+bss_file.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+bss_file.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_file.o: ../../include/openssl/opensslconf.h
+bss_file.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bss_file.o: ../cryptlib.h
+bss_log.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+bss_log.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+bss_log.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_log.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bss_log.o: ../../include/openssl/stack.h ../cryptlib.h
+bss_mem.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+bss_mem.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+bss_mem.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_mem.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bss_mem.o: ../../include/openssl/stack.h ../cryptlib.h
+bss_null.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+bss_null.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+bss_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_null.o: ../../include/openssl/opensslconf.h
+bss_null.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bss_null.o: ../cryptlib.h
+bss_sock.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+bss_sock.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+bss_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_sock.o: ../../include/openssl/opensslconf.h
+bss_sock.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bss_sock.o: ../cryptlib.h
diff --git a/lib/libssl/src/crypto/bio/b_dump.c b/lib/libssl/src/crypto/bio/b_dump.c
index db84ad3d478..a7cd8289785 100644
--- a/lib/libssl/src/crypto/bio/b_dump.c
+++ b/lib/libssl/src/crypto/bio/b_dump.c
@@ -62,15 +62,12 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bio.h"
+#include <openssl/bio.h>
 
 #define TRUNCATE
 #define DUMP_WIDTH	16
 
-int BIO_dump(bio,s,len)
-BIO *bio;
-char *s;
-int len;
+int BIO_dump(BIO *bio, const char *s, int len)
 {
   int ret=0;
   char buf[160+1],tmp[20];
@@ -105,7 +102,13 @@ int len;
       if (((i*DUMP_WIDTH)+j)>=len)
 	break;
       ch=((unsigned char)*((char *)(s)+i*DUMP_WIDTH+j)) & 0xff;
+#ifndef CHARSET_EBCDIC
       sprintf(tmp,"%c",((ch>=' ')&&(ch<='~'))?ch:'.');
+#else
+      sprintf(tmp,"%c",((ch>=os_toascii[' '])&&(ch<=os_toascii['~']))
+	      ? os_toebcdic[ch]
+	      : '.');
+#endif
       strcat(buf,tmp);
     }
     strcat(buf,"\n");
diff --git a/lib/libssl/src/crypto/bio/b_print.c b/lib/libssl/src/crypto/bio/b_print.c
index cdadeb839a0..f448004298a 100644
--- a/lib/libssl/src/crypto/bio/b_print.c
+++ b/lib/libssl/src/crypto/bio/b_print.c
@@ -61,32 +61,27 @@
  */
 
 #include <stdio.h>
+#include <stdarg.h>
 #include "cryptlib.h"
-#include "bio.h"
+#include <openssl/bio.h>
 
-int BIO_printf ( VAR_PLIST( BIO *, bio ) )
-VAR_ALIST
+int BIO_printf (BIO *bio, ...)
 	{
-	VAR_BDEFN(args, BIO *, bio);
+	va_list args;
 	char *format;
 	int ret;
 	MS_STATIC char hugebuf[1024*2]; /* 10k in one chunk is the limit */
 
-	VAR_INIT(args, BIO *, bio);
-	VAR_ARG(args, char *, format);
+	va_start(args, bio);
+	format=va_arg(args, char *);
 
 	hugebuf[0]='\0';
 
-/* no-one uses _doprnt anymore and it appears to be broken under SunOS 4.1.4 */
-#if 0 && defined(sun) && !defined(VAR_ANSI) /**/
-	_doprnt(hugebuf,format,args);
-#else /* !sun */
 	vsprintf(hugebuf,format,args);
-#endif /* sun */
 
 	ret=BIO_write(bio,hugebuf,strlen(hugebuf));
 
-	VAR_END( args );
+	va_end(args);
 	return(ret);
 	}
 
diff --git a/lib/libssl/src/crypto/bio/b_sock.c b/lib/libssl/src/crypto/bio/b_sock.c
index a45909527c9..d29b29ff8b3 100644
--- a/lib/libssl/src/crypto/bio/b_sock.c
+++ b/lib/libssl/src/crypto/bio/b_sock.c
@@ -63,9 +63,7 @@
 #include <errno.h>
 #define USE_SOCKETS
 #include "cryptlib.h"
-#include "bio.h"
-
-/*	BIOerr(BIO_F_WSASTARTUP,BIO_R_WSASTARTUP ); */
+#include <openssl/bio.h>
 
 #ifdef WIN16
 #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
@@ -96,21 +94,14 @@ static struct ghbn_cache_st
 	unsigned long order;
 	} ghbn_cache[GHBN_NUM];
 
-#ifndef NOPROTO
-static int get_ip(char *str,unsigned char *ip);
+static int get_ip(const char *str,unsigned char *ip);
 static void ghbn_free(struct hostent *a);
 static struct hostent *ghbn_dup(struct hostent *a);
-#else
-static int get_ip();
-static void ghbn_free();
-static struct hostent *ghbn_dup();
-#endif
-
-int BIO_get_host_ip(str,ip)
-char *str;
-unsigned char *ip;
+int BIO_get_host_ip(const char *str, unsigned char *ip)
 	{
 	int i;
+	int err = 1;
+	int locked = 0;
 	struct hostent *he;
 
 	i=get_ip(str,ip);
@@ -118,37 +109,45 @@ unsigned char *ip;
 	if (i < 0)
 		{
 		BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_INVALID_IP_ADDRESS);
-		ERR_add_error_data(2,"host=",str);
-		return(0);
+		goto err;
 		}
-	else
-		{ /* do a gethostbyname */
-		if (!BIO_sock_init()) return(0);
 
-		he=BIO_gethostbyname(str);
-		if (he == NULL)
-			{
-			BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_BAD_HOSTNAME_LOOKUP);
-			ERR_add_error_data(2,"host=",str);
-			return(0);
-			}
+	/* do a gethostbyname */
+	if (!BIO_sock_init())
+		return(0); /* don't generate another error code here */
 
-		/* cast to short because of win16 winsock definition */
-		if ((short)he->h_addrtype != AF_INET)
-			{
-			BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET);
-			ERR_add_error_data(2,"host=",str);
-			return(0);
-			}
-		for (i=0; i<4; i++)
-			ip[i]=he->h_addr_list[0][i];
+	CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
+	locked = 1;
+	he=BIO_gethostbyname(str);
+	if (he == NULL)
+		{
+		BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_BAD_HOSTNAME_LOOKUP);
+		goto err;
 		}
-	return(1);
+
+	/* cast to short because of win16 winsock definition */
+	if ((short)he->h_addrtype != AF_INET)
+		{
+		BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET);
+		goto err;
+		}
+	for (i=0; i<4; i++)
+		ip[i]=he->h_addr_list[0][i];
+	err = 0;
+
+ err:
+	if (locked)
+		CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME);
+	if (err)
+		{
+		ERR_add_error_data(2,"host=",str);
+		return 0;
+		}
+	else
+		return 1;
 	}
 
-int BIO_get_port(str,port_ptr)
-char *str;
-short *port_ptr;
+int BIO_get_port(const char *str, unsigned short *port_ptr)
 	{
 	int i;
 	struct servent *s;
@@ -163,8 +162,12 @@ short *port_ptr;
 		*port_ptr=(unsigned short)i;
 	else
 		{
-		s=getservbyname(str,"tcp");
-		if (s == NULL)
+		CRYPTO_w_lock(CRYPTO_LOCK_GETSERVBYNAME);
+ 		s=getservbyname(str,"tcp");
+		if(s != NULL)
+			*port_ptr=ntohs((unsigned short)s->s_port);
+		CRYPTO_w_unlock(CRYPTO_LOCK_GETSERVBYNAME);
+		if(s == NULL)
 			{
 			if (strcmp(str,"http") == 0)
 				*port_ptr=80;
@@ -190,31 +193,30 @@ short *port_ptr;
 				ERR_add_error_data(3,"service='",str,"'");
 				return(0);
 				}
-			return(1);
 			}
-		*port_ptr=htons((unsigned short)s->s_port);
 		}
 	return(1);
 	}
 
-int BIO_sock_error(sock)
-int sock;
+int BIO_sock_error(int sock)
 	{
-	int j,i,size;
+	int j,i;
+	int size;
 		 
 	size=sizeof(int);
-
-	i=getsockopt(sock,SOL_SOCKET,SO_ERROR,(char *)&j,&size);
+	/* Note: under Windows the third parameter is of type (char *)
+	 * whereas under other systems it is (void *) if you don't have
+	 * a cast it will choke the compiler: if you do have a cast then
+	 * you can either go for (char *) or (void *).
+	 */
+	i=getsockopt(sock,SOL_SOCKET,SO_ERROR,(void *)&j,(void *)&size);
 	if (i < 0)
 		return(1);
 	else
 		return(j);
 	}
 
-long BIO_ghbn_ctrl(cmd,iarg,parg)
-int cmd;
-int iarg;
-char *parg;
+long BIO_ghbn_ctrl(int cmd, int iarg, char *parg)
 	{
 	int i;
 	char **p;
@@ -223,13 +225,13 @@ char *parg;
 		{
 	case BIO_GHBN_CTRL_HITS:
 		return(BIO_ghbn_hits);
-		break;
+		/* break; */
 	case BIO_GHBN_CTRL_MISSES:
 		return(BIO_ghbn_miss);
-		break;
+		/* break; */
 	case BIO_GHBN_CTRL_CACHE_SIZE:
 		return(GHBN_NUM);
-		break;
+		/* break; */
 	case BIO_GHBN_CTRL_GET_ENTRY:
 		if ((iarg >= 0) && (iarg <GHBN_NUM) &&
 			(ghbn_cache[iarg].order > 0))
@@ -241,7 +243,7 @@ char *parg;
 			return(1);
 			}
 		return(0);
-		break;
+		/* break; */
 	case BIO_GHBN_CTRL_FLUSH:
 		for (i=0; i<GHBN_NUM; i++)
 			ghbn_cache[i].order=0;
@@ -252,77 +254,84 @@ char *parg;
 	return(1);
 	}
 
-static struct hostent *ghbn_dup(a)
-struct hostent *a;
+static struct hostent *ghbn_dup(struct hostent *a)
 	{
 	struct hostent *ret;
 	int i,j;
 
-	ret=(struct hostent *)malloc(sizeof(struct hostent));
+	MemCheck_off();
+	ret=(struct hostent *)Malloc(sizeof(struct hostent));
 	if (ret == NULL) return(NULL);
 	memset(ret,0,sizeof(struct hostent));
 
 	for (i=0; a->h_aliases[i] != NULL; i++)
 		;
 	i++;
-	ret->h_aliases=(char **)malloc(sizeof(char *)*i);
-	memset(ret->h_aliases,0,sizeof(char *)*i);
-	if (ret == NULL) goto err;
+	ret->h_aliases = (char **)Malloc(i*sizeof(char *));
+	if (ret->h_aliases == NULL)
+		goto err;
+	memset(ret->h_aliases, 0, i*sizeof(char *));
 
 	for (i=0; a->h_addr_list[i] != NULL; i++)
 		;
 	i++;
-	ret->h_addr_list=(char **)malloc(sizeof(char *)*i);
-	memset(ret->h_addr_list,0,sizeof(char *)*i);
-	if (ret->h_addr_list == NULL) goto err;
+	ret->h_addr_list=(char **)Malloc(i*sizeof(char *));
+	if (ret->h_addr_list == NULL)
+		goto err;
+	memset(ret->h_addr_list, 0, i*sizeof(char *));
 
 	j=strlen(a->h_name)+1;
-	if ((ret->h_name=malloc(j)) == NULL) goto err;
-	memcpy((char *)ret->h_name,a->h_name,j);
+	if ((ret->h_name=Malloc(j)) == NULL) goto err;
+	memcpy((char *)ret->h_name,a->h_name,j+1);
 	for (i=0; a->h_aliases[i] != NULL; i++)
 		{
 		j=strlen(a->h_aliases[i])+1;
-		if ((ret->h_aliases[i]=malloc(j)) == NULL) goto err;
-		memcpy(ret->h_aliases[i],a->h_aliases[i],j);
+		if ((ret->h_aliases[i]=Malloc(j)) == NULL) goto err;
+		memcpy(ret->h_aliases[i],a->h_aliases[i],j+1);
 		}
 	ret->h_length=a->h_length;
 	ret->h_addrtype=a->h_addrtype;
 	for (i=0; a->h_addr_list[i] != NULL; i++)
 		{
-		if ((ret->h_addr_list[i]=malloc(a->h_length)) == NULL)
+		if ((ret->h_addr_list[i]=Malloc(a->h_length)) == NULL)
 			goto err;
 		memcpy(ret->h_addr_list[i],a->h_addr_list[i],a->h_length);
 		}
-	return(ret);
+	if (0)
+		{
 err:	
-	if (ret != NULL)
-		ghbn_free(ret);
-	return(NULL);
+		if (ret != NULL)
+			ghbn_free(ret);
+		ret=NULL;
+		}
+	MemCheck_on();
+	return(ret);
 	}
 
-static void ghbn_free(a)
-struct hostent *a;
+static void ghbn_free(struct hostent *a)
 	{
 	int i;
 
+	if(a == NULL)
+	    return;
+
 	if (a->h_aliases != NULL)
 		{
 		for (i=0; a->h_aliases[i] != NULL; i++)
-			free(a->h_aliases[i]);
-		free(a->h_aliases);
+			Free(a->h_aliases[i]);
+		Free(a->h_aliases);
 		}
 	if (a->h_addr_list != NULL)
 		{
 		for (i=0; a->h_addr_list[i] != NULL; i++)
-			free(a->h_addr_list[i]);
-		free(a->h_addr_list);
+			Free(a->h_addr_list[i]);
+		Free(a->h_addr_list);
 		}
-	if (a->h_name != NULL) free((char *)a->h_name);
-	free(a);
+	if (a->h_name != NULL) Free((char *)a->h_name);
+	Free(a);
 	}
 
-struct hostent *BIO_gethostbyname(name)
-char *name;
+struct hostent *BIO_gethostbyname(const char *name)
 	{
 	struct hostent *ret;
 	int i,lowi=0,j;
@@ -330,7 +339,12 @@ char *name;
 
 /*	return(gethostbyname(name)); */
 
-	CRYPTO_w_lock(CRYPTO_LOCK_BIO_GETHOSTBYNAME);
+#if 0 /* It doesn't make sense to use locking here: The function interface
+	   * is not thread-safe, because threads can never be sure when
+	   * some other thread destroys the data they were given a pointer to.
+	   */
+	CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
+#endif
 	j=strlen(name);
 	if (j < 128)
 		{
@@ -356,15 +370,29 @@ char *name;
 		BIO_ghbn_miss++;
 		ret=gethostbyname(name);
 
-		if (ret == NULL) return(NULL);
-		if (j > 128) return(ret); /* too big to cache */
+		if (ret == NULL)
+			goto end;
+		if (j > 128) /* too big to cache */
+			{
+#if 0 /* If we were trying to make this function thread-safe (which
+	   * is bound to fail), we'd have to give up in this case
+	   * (or allocate more memory). */
+			ret = NULL;
+#endif
+			goto end;
+			}
 
 		/* else add to cache */
 		if (ghbn_cache[lowi].ent != NULL)
-			ghbn_free(ghbn_cache[lowi].ent);
+			ghbn_free(ghbn_cache[lowi].ent); /* XXX not thread-safe */
+		ghbn_cache[lowi].name[0] = '\0';
 
+		if((ret=ghbn_cache[lowi].ent=ghbn_dup(ret)) == NULL)
+			{
+			BIOerr(BIO_F_BIO_GETHOSTBYNAME,ERR_R_MALLOC_FAILURE);
+			goto end;
+			}
 		strncpy(ghbn_cache[lowi].name,name,128);
-		ghbn_cache[lowi].ent=ghbn_dup(ret);
 		ghbn_cache[lowi].order=BIO_ghbn_miss+BIO_ghbn_hits;
 		}
 	else
@@ -373,11 +401,14 @@ char *name;
 		ret= ghbn_cache[i].ent;
 		ghbn_cache[i].order=BIO_ghbn_miss+BIO_ghbn_hits;
 		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_BIO_GETHOSTBYNAME);
+end:
+#if 0
+	CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME);
+#endif
 	return(ret);
 	}
 
-int BIO_sock_init()
+int BIO_sock_init(void)
 	{
 #ifdef WINDOWS
 	static struct WSAData wsa_state;
@@ -403,7 +434,7 @@ int BIO_sock_init()
 	return(1);
 	}
 
-void BIO_sock_cleanup()
+void BIO_sock_cleanup(void)
 	{
 #ifdef WINDOWS
 	if (wsa_init_done)
@@ -415,10 +446,9 @@ void BIO_sock_cleanup()
 #endif
 	}
 
-int BIO_socket_ioctl(fd,type,arg)
-int fd;
-long type;
-unsigned long *arg;
+#if !defined(VMS) || __VMS_VER >= 70000000
+
+int BIO_socket_ioctl(int fd, long type, unsigned long *arg)
 	{
 	int i;
 
@@ -427,12 +457,11 @@ unsigned long *arg;
 		SYSerr(SYS_F_IOCTLSOCKET,get_last_socket_error());
 	return(i);
 	}
+#endif /* __VMS_VER */
 
 /* The reason I have implemented this instead of using sscanf is because
  * Visual C 1.52c gives an unresolved external when linking a DLL :-( */
-static int get_ip(str,ip)
-char *str;
-unsigned char ip[4];
+static int get_ip(const char *str, unsigned char ip[4])
 	{
 	unsigned int tmp[4];
 	int num=0,c,ok=0;
@@ -467,16 +496,17 @@ unsigned char ip[4];
 	return(1);
 	}
 
-int BIO_get_accept_socket(host)
-char *host;
+int BIO_get_accept_socket(char *host, int bind_mode)
 	{
 	int ret=0;
-	struct sockaddr_in server;
-	int s= -1;
+	struct sockaddr_in server,client;
+	int s= -1,cs;
 	unsigned char ip[4];
-	short port;
-	char *str,*h,*p,*e;
+	unsigned short port;
+	char *str,*e;
+	const char *h,*p;
 	unsigned long l;
+	int err_num;
 
 	if (!BIO_sock_init()) return(INVALID_SOCKET);
 
@@ -508,7 +538,7 @@ char *host;
 
 	memset((char *)&server,0,sizeof(server));
 	server.sin_family=AF_INET;
-	server.sin_port=htons((unsigned short)port);
+	server.sin_port=htons(port);
 
 	if (strcmp(h,"*") == 0)
 		server.sin_addr.s_addr=INADDR_ANY;
@@ -517,12 +547,13 @@ char *host;
 		if (!BIO_get_host_ip(h,&(ip[0]))) return(INVALID_SOCKET);
 		l=(unsigned long)
 			((unsigned long)ip[0]<<24L)|
-			((unsigned long)ip[0]<<16L)|
-			((unsigned long)ip[0]<< 8L)|
-			((unsigned long)ip[0]);
+			((unsigned long)ip[1]<<16L)|
+			((unsigned long)ip[2]<< 8L)|
+			((unsigned long)ip[3]);
 		server.sin_addr.s_addr=htonl(l);
 		}
 
+again:
 	s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
 	if (s == INVALID_SOCKET)
 		{
@@ -531,9 +562,45 @@ char *host;
 		BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_CREATE_SOCKET);
 		goto err;
 		}
+
+#ifdef SO_REUSEADDR
+	if (bind_mode == BIO_BIND_REUSEADDR)
+		{
+		int i=1;
+
+		ret=setsockopt(s,SOL_SOCKET,SO_REUSEADDR,(char *)&i,sizeof(i));
+		bind_mode=BIO_BIND_NORMAL;
+		}
+#endif
 	if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
 		{
-		SYSerr(SYS_F_BIND,get_last_socket_error());
+#ifdef SO_REUSEADDR
+		err_num=get_last_socket_error();
+		if ((bind_mode == BIO_BIND_REUSEADDR_IF_UNUSED) &&
+			(err_num == EADDRINUSE))
+			{
+			memcpy((char *)&client,(char *)&server,sizeof(server));
+			if (strcmp(h,"*") == 0)
+				client.sin_addr.s_addr=htonl(0x7F000001);
+			cs=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+			if (cs != INVALID_SOCKET)
+				{
+				int ii;
+				ii=connect(cs,(struct sockaddr *)&client,
+					sizeof(client));
+				closesocket(cs);
+				if (ii == INVALID_SOCKET)
+					{
+					bind_mode=BIO_BIND_REUSEADDR;
+					closesocket(s);
+					goto again;
+					}
+				/* else error */
+				}
+			/* else error */
+			}
+#endif
+		SYSerr(SYS_F_BIND,err_num);
 		ERR_add_error_data(3,"port='",host,"'");
 		BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_BIND_SOCKET);
 		goto err;
@@ -550,30 +617,29 @@ err:
 	if (str != NULL) Free(str);
 	if ((ret == 0) && (s != INVALID_SOCKET))
 		{
-#ifdef WINDOWS
 		closesocket(s);
-#else
-		close(s);
-#endif
 		s= INVALID_SOCKET;
 		}
 	return(s);
 	}
 
-int BIO_accept(sock,addr)
-int sock;
-char **addr;
+int BIO_accept(int sock, char **addr)
 	{
 	int ret=INVALID_SOCKET;
 	static struct sockaddr_in from;
 	unsigned long l;
-	short port;
+	unsigned short port;
 	int len;
 	char *p;
 
 	memset((char *)&from,0,sizeof(from));
 	len=sizeof(from);
-	ret=accept(sock,(struct sockaddr *)&from,&len);
+	/* Note: under VMS with SOCKETSHR the fourth parameter is currently
+	 * of type (int *) whereas under other systems it is (void *) if
+	 * you don't have a cast it will choke the compiler: if you do
+	 * have a cast then you can either go for (int *) or (void *).
+	 */
+	ret=accept(sock,(struct sockaddr *)&from,(void *)&len);
 	if (ret == INVALID_SOCKET)
 		{
 		SYSerr(SYS_F_ACCEPT,get_last_socket_error());
@@ -604,9 +670,7 @@ end:
 	return(ret);
 	}
 
-int BIO_set_tcp_ndelay(s,on)
-int s;
-int on;
+int BIO_set_tcp_ndelay(int s, int on)
 	{
 	int ret=0;
 #if defined(TCP_NODELAY) && (defined(IPPROTO_TCP) || defined(SOL_TCP))
@@ -626,3 +690,14 @@ int on;
 	}
 #endif
 
+int BIO_socket_nbio(int s, int mode)
+	{
+	int ret= -1;
+	unsigned long l;
+
+	l=mode;
+#ifdef FIONBIO
+	ret=BIO_socket_ioctl(s,FIONBIO,&l);
+#endif
+	return(ret == 0);
+	}
diff --git a/lib/libssl/src/crypto/bio/bf_buff.c b/lib/libssl/src/crypto/bio/bf_buff.c
index 7912b88473c..acd81481389 100644
--- a/lib/libssl/src/crypto/bio/bf_buff.c
+++ b/lib/libssl/src/crypto/bio/bf_buff.c
@@ -59,10 +59,9 @@
 #include <stdio.h>
 #include <errno.h>
 #include "cryptlib.h"
-#include "bio.h"
-#include "evp.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
 
-#ifndef NOPROTO
 static int buffer_write(BIO *h,char *buf,int num);
 static int buffer_read(BIO *h,char *buf,int size);
 static int buffer_puts(BIO *h,char *str);
@@ -70,16 +69,6 @@ static int buffer_gets(BIO *h,char *str,int size);
 static long buffer_ctrl(BIO *h,int cmd,long arg1,char *arg2);
 static int buffer_new(BIO *h);
 static int buffer_free(BIO *data);
-#else
-static int buffer_write();
-static int buffer_read();
-static int buffer_puts();
-static int buffer_gets();
-static long buffer_ctrl();
-static int buffer_new();
-static int buffer_free();
-#endif
-
 #define DEFAULT_BUFFER_SIZE	1024
 
 static BIO_METHOD methods_buffer=
@@ -95,13 +84,12 @@ static BIO_METHOD methods_buffer=
 	buffer_free,
 	};
 
-BIO_METHOD *BIO_f_buffer()
+BIO_METHOD *BIO_f_buffer(void)
 	{
 	return(&methods_buffer);
 	}
 
-static int buffer_new(bi)
-BIO *bi;
+static int buffer_new(BIO *bi)
 	{
 	BIO_F_BUFFER_CTX *ctx;
 
@@ -124,8 +112,7 @@ BIO *bi;
 	return(1);
 	}
 
-static int buffer_free(a)
-BIO *a;
+static int buffer_free(BIO *a)
 	{
 	BIO_F_BUFFER_CTX *b;
 
@@ -140,10 +127,7 @@ BIO *a;
 	return(1);
 	}
 	
-static int buffer_read(b,out,outl)
-BIO *b;
-char *out;
-int outl;
+static int buffer_read(BIO *b, char *out, int outl)
 	{
 	int i,num=0;
 	BIO_F_BUFFER_CTX *ctx;
@@ -209,10 +193,7 @@ start:
 	goto start;
 	}
 
-static int buffer_write(b,in,inl)
-BIO *b;
-char *in;
-int inl;
+static int buffer_write(BIO *b, char *in, int inl)
 	{
 	int i,num=0;
 	BIO_F_BUFFER_CTX *ctx;
@@ -285,11 +266,7 @@ start:
 	goto start;
 	}
 
-static long buffer_ctrl(b,cmd,num,ptr)
-BIO *b;
-int cmd;
-long num;
-char *ptr;
+static long buffer_ctrl(BIO *b, int cmd, long num, char *ptr)
 	{
 	BIO *dbio;
 	BIO_F_BUFFER_CTX *ctx;
@@ -432,6 +409,7 @@ fprintf(stderr,"FLUSH [%3d] %3d -> %3d\n",ctx->obuf_off,ctx->obuf_len-ctx->obuf_
 				break;
 				}
 			}
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
 		break;
 	case BIO_CTRL_DUP:
 		dbio=(BIO *)ptr;
@@ -449,10 +427,7 @@ malloc_error:
 	return(0);
 	}
 
-static int buffer_gets(b,buf,size)
-BIO *b;
-char *buf;
-int size;
+static int buffer_gets(BIO *b, char *buf, int size)
 	{
 	BIO_F_BUFFER_CTX *ctx;
 	int num=0,i,flag;
@@ -503,9 +478,7 @@ int size;
 		}
 	}
 
-static int buffer_puts(b,str)
-BIO *b;
-char *str;
+static int buffer_puts(BIO *b, char *str)
 	{
 	return(BIO_write(b,str,strlen(str)));
 	}
diff --git a/lib/libssl/src/crypto/bio/bf_nbio.c b/lib/libssl/src/crypto/bio/bf_nbio.c
index 034b3024dfc..cbec2bae29a 100644
--- a/lib/libssl/src/crypto/bio/bf_nbio.c
+++ b/lib/libssl/src/crypto/bio/bf_nbio.c
@@ -59,14 +59,13 @@
 #include <stdio.h>
 #include <errno.h>
 #include "cryptlib.h"
-#include "rand.h"
-#include "bio.h"
-#include "evp.h"
+#include <openssl/rand.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
 
 /* BIO_put and BIO_get both add to the digest,
  * BIO_gets returns the digest */
 
-#ifndef NOPROTO
 static int nbiof_write(BIO *h,char *buf,int num);
 static int nbiof_read(BIO *h,char *buf,int size);
 static int nbiof_puts(BIO *h,char *str);
@@ -74,16 +73,6 @@ static int nbiof_gets(BIO *h,char *str,int size);
 static long nbiof_ctrl(BIO *h,int cmd,long arg1,char *arg2);
 static int nbiof_new(BIO *h);
 static int nbiof_free(BIO *data);
-#else
-static int nbiof_write();
-static int nbiof_read();
-static int nbiof_puts();
-static int nbiof_gets();
-static long nbiof_ctrl();
-static int nbiof_new();
-static int nbiof_free();
-#endif
-
 typedef struct nbio_test_st
 	{
 	/* only set if we sent a 'should retry' error */
@@ -104,13 +93,12 @@ static BIO_METHOD methods_nbiof=
 	nbiof_free,
 	};
 
-BIO_METHOD *BIO_f_nbio_test()
+BIO_METHOD *BIO_f_nbio_test(void)
 	{
 	return(&methods_nbiof);
 	}
 
-static int nbiof_new(bi)
-BIO *bi;
+static int nbiof_new(BIO *bi)
 	{
 	NBIO_TEST *nt;
 
@@ -123,8 +111,7 @@ BIO *bi;
 	return(1);
 	}
 
-static int nbiof_free(a)
-BIO *a;
+static int nbiof_free(BIO *a)
 	{
 	if (a == NULL) return(0);
 	if (a->ptr != NULL)
@@ -135,10 +122,7 @@ BIO *a;
 	return(1);
 	}
 	
-static int nbiof_read(b,out,outl)
-BIO *b;
-char *out;
-int outl;
+static int nbiof_read(BIO *b, char *out, int outl)
 	{
 	NBIO_TEST *nt;
 	int ret=0;
@@ -173,10 +157,7 @@ int outl;
 	return(ret);
 	}
 
-static int nbiof_write(b,in,inl)
-BIO *b;
-char *in;
-int inl;
+static int nbiof_write(BIO *b, char *in, int inl)
 	{
 	NBIO_TEST *nt;
 	int ret=0;
@@ -221,11 +202,7 @@ int inl;
 	return(ret);
 	}
 
-static long nbiof_ctrl(b,cmd,num,ptr)
-BIO *b;
-int cmd;
-long num;
-char *ptr;
+static long nbiof_ctrl(BIO *b, int cmd, long num, char *ptr)
 	{
 	long ret;
 
@@ -247,19 +224,14 @@ char *ptr;
 	return(ret);
 	}
 
-static int nbiof_gets(bp,buf,size)
-BIO *bp;
-char *buf;
-int size;
+static int nbiof_gets(BIO *bp, char *buf, int size)
 	{
 	if (bp->next_bio == NULL) return(0);
 	return(BIO_gets(bp->next_bio,buf,size));
 	}
 
 
-static int nbiof_puts(bp,str)
-BIO *bp;
-char *str;
+static int nbiof_puts(BIO *bp, char *str)
 	{
 	if (bp->next_bio == NULL) return(0);
 	return(BIO_puts(bp->next_bio,str));
diff --git a/lib/libssl/src/crypto/bio/bf_null.c b/lib/libssl/src/crypto/bio/bf_null.c
index a47a65741a1..3254a55dce7 100644
--- a/lib/libssl/src/crypto/bio/bf_null.c
+++ b/lib/libssl/src/crypto/bio/bf_null.c
@@ -59,13 +59,12 @@
 #include <stdio.h>
 #include <errno.h>
 #include "cryptlib.h"
-#include "bio.h"
-#include "evp.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
 
 /* BIO_put and BIO_get both add to the digest,
  * BIO_gets returns the digest */
 
-#ifndef NOPROTO
 static int nullf_write(BIO *h,char *buf,int num);
 static int nullf_read(BIO *h,char *buf,int size);
 static int nullf_puts(BIO *h,char *str);
@@ -73,16 +72,6 @@ static int nullf_gets(BIO *h,char *str,int size);
 static long nullf_ctrl(BIO *h,int cmd,long arg1,char *arg2);
 static int nullf_new(BIO *h);
 static int nullf_free(BIO *data);
-#else
-static int nullf_write();
-static int nullf_read();
-static int nullf_puts();
-static int nullf_gets();
-static long nullf_ctrl();
-static int nullf_new();
-static int nullf_free();
-#endif
-
 static BIO_METHOD methods_nullf=
 	{
 	BIO_TYPE_NULL_FILTER,
@@ -96,13 +85,12 @@ static BIO_METHOD methods_nullf=
 	nullf_free,
 	};
 
-BIO_METHOD *BIO_f_null()
+BIO_METHOD *BIO_f_null(void)
 	{
 	return(&methods_nullf);
 	}
 
-static int nullf_new(bi)
-BIO *bi;
+static int nullf_new(BIO *bi)
 	{
 	bi->init=1;
 	bi->ptr=NULL;
@@ -110,8 +98,7 @@ BIO *bi;
 	return(1);
 	}
 
-static int nullf_free(a)
-BIO *a;
+static int nullf_free(BIO *a)
 	{
 	if (a == NULL) return(0);
 /*	a->ptr=NULL;
@@ -120,10 +107,7 @@ BIO *a;
 	return(1);
 	}
 	
-static int nullf_read(b,out,outl)
-BIO *b;
-char *out;
-int outl;
+static int nullf_read(BIO *b, char *out, int outl)
 	{
 	int ret=0;
  
@@ -135,10 +119,7 @@ int outl;
 	return(ret);
 	}
 
-static int nullf_write(b,in,inl)
-BIO *b;
-char *in;
-int inl;
+static int nullf_write(BIO *b, char *in, int inl)
 	{
 	int ret=0;
 
@@ -150,11 +131,7 @@ int inl;
 	return(ret);
 	}
 
-static long nullf_ctrl(b,cmd,num,ptr)
-BIO *b;
-int cmd;
-long num;
-char *ptr;
+static long nullf_ctrl(BIO *b, int cmd, long num, char *ptr)
 	{
 	long ret;
 
@@ -175,19 +152,14 @@ char *ptr;
 	return(ret);
 	}
 
-static int nullf_gets(bp,buf,size)
-BIO *bp;
-char *buf;
-int size;
+static int nullf_gets(BIO *bp, char *buf, int size)
 	{
 	if (bp->next_bio == NULL) return(0);
 	return(BIO_gets(bp->next_bio,buf,size));
 	}
 
 
-static int nullf_puts(bp,str)
-BIO *bp;
-char *str;
+static int nullf_puts(BIO *bp, char *str)
 	{
 	if (bp->next_bio == NULL) return(0);
 	return(BIO_puts(bp->next_bio,str));
diff --git a/lib/libssl/src/crypto/bio/bio.err b/lib/libssl/src/crypto/bio/bio.err
deleted file mode 100644
index 6e2f2b63ca0..00000000000
--- a/lib/libssl/src/crypto/bio/bio.err
+++ /dev/null
@@ -1,46 +0,0 @@
-/* Error codes for the BIO functions. */
-
-/* Function codes. */
-#define BIO_F_ACPT_STATE				 100
-#define BIO_F_BIO_ACCEPT				 101
-#define BIO_F_BIO_CTRL					 102
-#define BIO_F_BIO_GETS					 103
-#define BIO_F_BIO_GET_ACCEPT_SOCKET			 104
-#define BIO_F_BIO_GET_HOST_IP				 105
-#define BIO_F_BIO_GET_PORT				 106
-#define BIO_F_BIO_NEW					 107
-#define BIO_F_BIO_NEW_FILE				 108
-#define BIO_F_BIO_PUTS					 109
-#define BIO_F_BIO_READ					 110
-#define BIO_F_BIO_SOCK_INIT				 111
-#define BIO_F_BIO_WRITE					 112
-#define BIO_F_BUFFER_CTRL				 113
-#define BIO_F_CONN_STATE				 114
-#define BIO_F_FILE_CTRL					 115
-#define BIO_F_MEM_WRITE					 116
-#define BIO_F_SSL_NEW					 117
-#define BIO_F_WSASTARTUP				 118
-
-/* Reason codes. */
-#define BIO_R_ACCEPT_ERROR				 100
-#define BIO_R_BAD_FOPEN_MODE				 101
-#define BIO_R_BAD_HOSTNAME_LOOKUP			 102
-#define BIO_R_CONNECT_ERROR				 103
-#define BIO_R_ERROR_SETTING_NBIO			 104
-#define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET	 105
-#define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET	 106
-#define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET		 107
-#define BIO_R_INVALID_IP_ADDRESS			 108
-#define BIO_R_KEEPALIVE					 109
-#define BIO_R_NBIO_CONNECT_ERROR			 110
-#define BIO_R_NO_ACCEPT_PORT_SPECIFIED			 111
-#define BIO_R_NO_HOSTHNAME_SPECIFIED			 112
-#define BIO_R_NO_PORT_DEFINED				 113
-#define BIO_R_NO_PORT_SPECIFIED				 114
-#define BIO_R_NULL_PARAMETER				 115
-#define BIO_R_UNABLE_TO_BIND_SOCKET			 116
-#define BIO_R_UNABLE_TO_CREATE_SOCKET			 117
-#define BIO_R_UNABLE_TO_LISTEN_SOCKET			 118
-#define BIO_R_UNINITALISED				 119
-#define BIO_R_UNSUPPORTED_METHOD			 120
-#define BIO_R_WSASTARTUP				 121
diff --git a/lib/libssl/src/crypto/bio/bio.h b/lib/libssl/src/crypto/bio/bio.h
index 300b330e00d..54bf622a3bd 100644
--- a/lib/libssl/src/crypto/bio/bio.h
+++ b/lib/libssl/src/crypto/bio/bio.h
@@ -63,7 +63,9 @@
 extern "C" {
 #endif
 
-#include "crypto.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/crypto.h>
 
 /* These are the 'types' of BIOs */
 #define BIO_TYPE_NONE		0
@@ -84,6 +86,8 @@ extern "C" {
 #define BIO_TYPE_PROXY_SERVER	(15|0x0200)		/* server proxy BIO */
 #define BIO_TYPE_NBIO_TEST	(16|0x0200)		/* server proxy BIO */
 #define BIO_TYPE_NULL_FILTER	(17|0x0200)
+#define BIO_TYPE_BER		(18|0x0200)		/* BER -> bin filter */
+#define BIO_TYPE_BIO		(19|0x0400)		/* (half a) BIO pair */
 
 #define BIO_TYPE_DESCRIPTOR	0x0100	/* socket, fd, connect or accept */
 #define BIO_TYPE_FILTER		0x0200
@@ -202,7 +206,7 @@ extern "C" {
 typedef struct bio_method_st
 	{
 	int type;
-	char *name;
+	const char *name;
 	int (*bwrite)();
 	int (*bread)();
 	int (*bputs)();
@@ -215,7 +219,7 @@ typedef struct bio_method_st
 typedef struct bio_method_st
 	{
 	int type;
-	char *name;
+	const char *name;
 	int (_far *bwrite)();
 	int (_far *bread)();
 	int (_far *bputs)();
@@ -229,12 +233,8 @@ typedef struct bio_method_st
 typedef struct bio_st
 	{
 	BIO_METHOD *method;
-#ifndef NOPROTO
 	/* bio, mode, argp, argi, argl, ret */
-	long (*callback)(struct bio_st *,int,char *,int, long,long);
-#else
-	long (*callback)();
-#endif
+	long (*callback)(struct bio_st *,int,const char *,int, long,long);
 	char *cb_arg; /* first argument for the callback */
 
 	int init;
@@ -242,7 +242,7 @@ typedef struct bio_st
 	int flags;	/* extra storage */
 	int retry_reason;
 	int num;
-	char *ptr;
+	void *ptr;
 	struct bio_st *next_bio;	/* used by filter BIOs */
 	struct bio_st *prev_bio;	/* used by filter BIOs */
 	int references;
@@ -276,7 +276,7 @@ typedef struct bio_f_buffer_ctx_struct
 #define BIO_CONN_S_OK			6
 #define BIO_CONN_S_BLOCKED_CONNECT	7
 #define BIO_CONN_S_NBIO			8
-#define BIO_CONN_get_param_hostname	BIO_ctrl
+/*#define BIO_CONN_get_param_hostname	BIO_ctrl */
 
 #define BIO_number_read(b)	((b)->num_read)
 #define BIO_number_written(b)	((b)->num_write)
@@ -309,18 +309,28 @@ typedef struct bio_f_buffer_ctx_struct
 #define BIO_C_SET_SSL_RENEGOTIATE_BYTES		125
 #define BIO_C_GET_SSL_NUM_RENEGOTIATES		126
 #define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT	127
+#define BIO_C_FILE_SEEK				128
+#define BIO_C_GET_CIPHER_CTX			129
+#define BIO_C_SET_BUF_MEM_EOF_RETURN		130/*return end of input value*/
+#define BIO_C_SET_BIND_MODE			131
+#define BIO_C_GET_BIND_MODE			132
+#define BIO_C_FILE_TELL				133
+#define BIO_C_GET_SOCKS				134
+#define BIO_C_SET_SOCKS				135
+
+#define BIO_C_SET_WRITE_BUF_SIZE		136/* for BIO_s_bio */
+#define BIO_C_GET_WRITE_BUF_SIZE		137
+#define BIO_C_MAKE_BIO_PAIR			138
+#define BIO_C_DESTROY_BIO_PAIR			139
+#define BIO_C_GET_WRITE_GUARANTEE		140
+#define BIO_C_GET_READ_REQUEST			141
+#define BIO_C_SHUTDOWN_WR			142
+
 
 #define BIO_set_app_data(s,arg)		BIO_set_ex_data(s,0,(char *)arg)
 #define BIO_get_app_data(s)		BIO_get_ex_data(s,0)
 
-int BIO_get_ex_num(BIO *bio);
-int BIO_set_ex_data(BIO *bio,int idx,char *data);
-char *BIO_get_ex_data(BIO *bio,int idx);
-void BIO_set_ex_free_func(BIO *bio,int idx,void (*cb)());
-int BIO_get_ex_new_index(long argl, char *argp, int (*new_func)(),
-	int (*dup_func)(), void (*free_func)());
-
-/* BIO_s_connect_socket() */
+/* BIO_s_connect() and BIO_s_socks4a_connect() */
 #define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name)
 #define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port)
 #define BIO_set_conn_ip(b,ip)	  BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)ip)
@@ -328,7 +338,8 @@ int BIO_get_ex_new_index(long argl, char *argp, int (*new_func)(),
 #define BIO_get_conn_hostname(b)  BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
 #define BIO_get_conn_port(b)      BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
 #define BIO_get_conn_ip(b,ip) BIO_ptr_ctrl(b,BIO_C_SET_CONNECT,2)
-#define BIO_get_conn_int port(b,port) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,port)
+#define BIO_get_conn_int_port(b,port) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,port)
+
 
 #define BIO_set_nbio(b,n)	BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
 
@@ -339,6 +350,12 @@ int BIO_get_ex_new_index(long argl, char *argp, int (*new_func)(),
 #define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?"a":NULL)
 #define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio)
 
+#define BIO_BIND_NORMAL			0
+#define BIO_BIND_REUSEADDR_IF_UNUSED	1
+#define BIO_BIND_REUSEADDR		2
+#define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)
+#define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)
+
 #define BIO_do_connect(b)	BIO_do_handshake(b)
 #define BIO_do_accept(b)	BIO_do_handshake(b)
 #define BIO_do_handshake(b)	BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
@@ -364,12 +381,26 @@ int BIO_get_ex_new_index(long argl, char *argp, int (*new_func)(),
 #define BIO_set_fp(b,fp,c)	BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp)
 #define BIO_get_fp(b,fpp)	BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp)
 
+#define BIO_seek(b,ofs)	(int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL)
+#define BIO_tell(b)	(int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL)
+
+/* name is cast to lose const, but might be better to route through a function
+   so we can do it safely */
+#ifdef CONST_STRICT
+/* If you are wondering why this isn't defined, its because CONST_STRICT is
+ * purely a compile-time kludge to allow const to be checked.
+ */
+int BIO_read_filename(BIO *b,const char *name);
+#else
 #define BIO_read_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
-		BIO_CLOSE|BIO_FP_READ,name)
+		BIO_CLOSE|BIO_FP_READ,(char *)name)
+#endif
 #define BIO_write_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
 		BIO_CLOSE|BIO_FP_WRITE,name)
 #define BIO_append_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
 		BIO_CLOSE|BIO_FP_APPEND,name)
+#define BIO_rw_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
+		BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name)
 
 /* WARNING WARNING, this ups the reference count on the read bio of the
  * SSL structure.  This is because the ssl read BIO is now pointed to by
@@ -388,8 +419,11 @@ int BIO_get_ex_new_index(long argl, char *argp, int (*new_func)(),
 /* defined in evp.h */
 /* #define BIO_set_md(b,md)	BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */
 
+#define BIO_get_mem_data(b,pp)	BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)pp)
 #define BIO_set_mem_buf(b,bm,c)	BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)bm)
 #define BIO_get_mem_ptr(b,pp)	BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0,(char *)pp)
+#define BIO_set_mem_eof_return(b,v) \
+				BIO_ctrl(b,BIO_C_SET_BUF_MEM_EOF_RETURN,v,NULL)
 
 /* For the BIO_f_buffer() type */
 #define BIO_get_buffer_num_lines(b)	BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL)
@@ -407,6 +441,9 @@ int BIO_get_ex_new_index(long argl, char *argp, int (*new_func)(),
 #define BIO_get_close(b)	(int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL)
 #define BIO_pending(b)		(int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL)
 #define BIO_wpending(b)		(int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL)
+/* ...pending macros have inappropriate return type */
+size_t BIO_ctrl_pending(BIO *b);
+size_t BIO_ctrl_wpending(BIO *b);
 #define BIO_flush(b)		(int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL)
 #define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0,(char *)cbp)
 #define BIO_set_info_callback(b,cb) (int)BIO_ctrl(b,BIO_CTRL_SET_CALLBACK,0,(char *)cb)
@@ -414,11 +451,32 @@ int BIO_get_ex_new_index(long argl, char *argp, int (*new_func)(),
 /* For the BIO_f_buffer() type */
 #define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL)
 
+/* For BIO_s_bio() */
+#define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL)
+#define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL)
+#define BIO_make_bio_pair(b1,b2)   (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2)
+#define BIO_destroy_bio_pair(b)    (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL)
+/* macros with inappropriate type -- but ...pending macros use int too: */
+#define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL)
+#define BIO_get_read_request(b)    (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL)
+size_t BIO_ctrl_get_write_guarantee(BIO *b);
+size_t BIO_ctrl_get_read_request(BIO *b);
+
+
+
 #ifdef NO_STDIO
 #define NO_FP_API
 #endif
 
-#ifndef NOPROTO
+
+/* These two aren't currently implemented */
+/* int BIO_get_ex_num(BIO *bio); */
+/* void BIO_set_ex_free_func(BIO *bio,int idx,void (*cb)()); */
+int BIO_set_ex_data(BIO *bio,int idx,char *data);
+char *BIO_get_ex_data(BIO *bio,int idx);
+int BIO_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+	int (*dup_func)(), void (*free_func)());
+
 #  if defined(WIN16) && defined(_WINDLL)
 BIO_METHOD *BIO_s_file_internal(void);
 BIO *BIO_new_file_internal(char *filename, char *mode);
@@ -428,39 +486,20 @@ BIO *BIO_new_fp_internal(FILE *stream, int close_flag);
 #    define BIO_new_fp	BIO_new_fp_internal
 #  else /* FP_API */
 BIO_METHOD *BIO_s_file(void );
-BIO *BIO_new_file(char *filename, char *mode);
+BIO *BIO_new_file(const char *filename, const char *mode);
 BIO *BIO_new_fp(FILE *stream, int close_flag);
 #    define BIO_s_file_internal		BIO_s_file
 #    define BIO_new_file_internal	BIO_new_file
 #    define BIO_new_fp_internal		BIO_s_file
 #  endif /* FP_API */
-#else
-#  if defined(WIN16) && defined(_WINDLL)
-BIO_METHOD *BIO_s_file_internal();
-BIO *BIO_new_file_internal();
-BIO *BIO_new_fp_internal();
-#    define BIO_s_file	BIO_s_file_internal
-#    define BIO_new_file	BIO_new_file_internal
-#    define BIO_new_fp	BIO_new_fp_internal
-#  else /* FP_API */
-BIO_METHOD *BIO_s_file();
-BIO *BIO_new_file();
-BIO *BIO_new_fp();
-#    define BIO_s_file_internal		BIO_s_file
-#    define BIO_new_file_internal	BIO_new_file
-#    define BIO_new_fp_internal		BIO_s_file
-#  endif /* FP_API */
-#endif
-
-#ifndef NOPROTO
 BIO *	BIO_new(BIO_METHOD *type);
 int	BIO_set(BIO *a,BIO_METHOD *type);
 int	BIO_free(BIO *a);
-int	BIO_read(BIO *b, char *data, int len);
+int	BIO_read(BIO *b, void *data, int len);
 int	BIO_gets(BIO *bp,char *buf, int size);
-int	BIO_write(BIO *b, char *data, int len);
-int	BIO_puts(BIO *bp,char *buf);
-long	BIO_ctrl(BIO *bp,int cmd,long larg,char *parg);
+int	BIO_write(BIO *b, const char *data, int len);
+int	BIO_puts(BIO *bp,const char *buf);
+long	BIO_ctrl(BIO *bp,int cmd,long larg,void *parg);
 char *	BIO_ptr_ctrl(BIO *bp,int cmd,long larg);
 long	BIO_int_ctrl(BIO *bp,int cmd,long larg,int iarg);
 BIO *	BIO_push(BIO *b,BIO *append);
@@ -472,10 +511,10 @@ int	BIO_get_retry_reason(BIO *bio);
 BIO *	BIO_dup_chain(BIO *in);
 
 #ifndef WIN16
-long BIO_debug_callback(BIO *bio,int cmd,char *argp,int argi,
+long BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi,
 	long argl,long ret);
 #else
-long _far _loadds BIO_debug_callback(BIO *bio,int cmd,char *argp,int argi,
+long _far _loadds BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi,
 	long argl,long ret);
 #endif
 
@@ -484,23 +523,35 @@ BIO_METHOD *BIO_s_socket(void);
 BIO_METHOD *BIO_s_connect(void);
 BIO_METHOD *BIO_s_accept(void);
 BIO_METHOD *BIO_s_fd(void);
+BIO_METHOD *BIO_s_log(void);
+BIO_METHOD *BIO_s_bio(void);
 BIO_METHOD *BIO_s_null(void);
 BIO_METHOD *BIO_f_null(void);
-BIO_METHOD *BIO_f_nbio_test(void);
 BIO_METHOD *BIO_f_buffer(void);
+BIO_METHOD *BIO_f_nbio_test(void);
+/* BIO_METHOD *BIO_f_ber(void); */
 
 int BIO_sock_should_retry(int i);
 int BIO_sock_non_fatal_error(int error);
 int BIO_fd_should_retry(int i);
 int BIO_fd_non_fatal_error(int error);
-int BIO_dump(BIO *b,char *bytes,int len);
-
-struct hostent *BIO_gethostbyname(char *name);
+int BIO_dump(BIO *b,const char *bytes,int len);
+
+struct hostent *BIO_gethostbyname(const char *name);
+/* We might want a thread-safe interface too:
+ * struct hostent *BIO_gethostbyname_r(const char *name,
+ *     struct hostent *result, void *buffer, size_t buflen);
+ * or something similar (caller allocates a struct hostent,
+ * pointed to by "result", and additional buffer space for the various
+ * substructures; if the buffer does not suffice, NULL is returned
+ * and an appropriate error code is set).
+ */
 int BIO_sock_error(int sock);
 int BIO_socket_ioctl(int fd, long type, unsigned long *arg);
-int BIO_get_port(char *str, short *port_ptr);
-int BIO_get_host_ip(char *str, unsigned char *ip);
-int BIO_get_accept_socket(char *host_port);
+int BIO_socket_nbio(int fd,int mode);
+int BIO_get_port(const char *str, unsigned short *port_ptr);
+int BIO_get_host_ip(const char *str, unsigned char *ip);
+int BIO_get_accept_socket(char *host_port,int mode);
 int BIO_accept(int sock,char **ip_port);
 int BIO_sock_init(void );
 void BIO_sock_cleanup(void);
@@ -513,174 +564,78 @@ BIO *BIO_new_fd(int fd, int close_flag);
 BIO *BIO_new_connect(char *host_port);
 BIO *BIO_new_accept(char *host_port);
 
+int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
+	BIO **bio2, size_t writebuf2);
+/* If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
+ * Otherwise returns 0 and sets *bio1 and *bio2 to NULL.
+ * Size 0 uses default value.
+ */
+
 void BIO_copy_next_retry(BIO *b);
 
 long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);
 
-#else
-
-BIO *	BIO_new();
-int	BIO_set();
-int	BIO_free();
-int	BIO_read();
-int	BIO_gets();
-int	BIO_write();
-int	BIO_puts();
-char *	BIO_ptr_ctrl();
-long	BIO_ctrl();
-long	BIO_int_ctrl();
-BIO *	BIO_push();
-BIO *	BIO_pop();
-void	BIO_free_all();
-BIO *	BIO_find_type();
-BIO *	BIO_get_retry_BIO();
-int	BIO_get_retry_reason();
-BIO *	BIO_dup_chain();
-
-#ifndef WIN16
-long BIO_debug_callback();
-#else
-long _far _loadds BIO_debug_callback();
-#endif
-
-BIO_METHOD *BIO_s_mem();
-BIO_METHOD *BIO_s_socket();
-BIO_METHOD *BIO_s_connect();
-BIO_METHOD *BIO_s_accept();
-BIO_METHOD *BIO_s_fd();
-BIO_METHOD *BIO_s_null();
-BIO_METHOD *BIO_f_null();
-BIO_METHOD *BIO_f_buffer();
-BIO_METHOD *BIO_f_nbio_test();
-
-int BIO_sock_should_retry();
-int BIO_sock_non_fatal_error();
-int BIO_fd_should_retry();
-int BIO_fd_non_fatal_error();
-int BIO_dump();
-
-struct hostent *BIO_gethostbyname();
-int BIO_sock_error();
-int BIO_socket_ioctl();
-int BIO_get_port();
-int BIO_get_host_ip();
-int BIO_get_accept_socket();
-int BIO_accept();
-int BIO_sock_init();
-void BIO_sock_cleanup();
-int BIO_set_tcp_ndelay();
-
-void ERR_load_BIO_strings();
-
-BIO *BIO_new_socket();
-BIO *BIO_new_fd();
-BIO *BIO_new_connect();
-BIO *BIO_new_accept();
-
-void BIO_copy_next_retry();
-
-int BIO_ghbn_ctrl();
-
-#endif
-
-/* Tim Hudson's portable varargs stuff */
-
-#ifndef NOPROTO
-#define VAR_ANSI	/* select ANSI version by default */
-#endif
-
-#ifdef VAR_ANSI
-/* ANSI version of a "portable" macro set for variable length args */
-#ifndef __STDARG_H__ /**/
-#include <stdarg.h>
-#endif /**/
-
-#define VAR_PLIST(arg1type,arg1)    arg1type arg1, ...
-#define VAR_PLIST2(arg1type,arg1,arg2type,arg2) arg1type arg1,arg2type arg2,...
-#define VAR_ALIST
-#define VAR_BDEFN(args,arg1type,arg1)   va_list args
-#define VAR_BDEFN2(args,arg1type,arg1,arg2type,arg2)    va_list args
-#define VAR_INIT(args,arg1type,arg1)    va_start(args,arg1);
-#define VAR_INIT2(args,arg1type,arg1,arg2type,arg2) va_start(args,arg2);
-#define VAR_ARG(args,type,arg)	arg=va_arg(args,type)
-#define VAR_END(args)		va_end(args);
-
-#else
-
-/* K&R version of a "portable" macro set for variable length args */
-#ifndef __VARARGS_H__
-#include <varargs.h>
-#endif
-
-#define VAR_PLIST(arg1type,arg1)	va_alist
-#define VAR_PLIST2(arg1type,arg1,arg2type,arg2) va_alist
-#define VAR_ALIST		va_dcl
-#define VAR_BDEFN(args,arg1type,arg1)	va_list args; arg1type arg1
-#define VAR_BDEFN2(args,arg1type,arg1,arg2type,arg2)    va_list args; \
-	arg1type arg1; arg2type arg2
-#define VAR_INIT(args,arg1type,arg1)	va_start(args); \
-	arg1=va_arg(args,arg1type);
-#define VAR_INIT2(args,arg1type,arg1,arg2type,arg2) va_start(args); \
-	arg1=va_arg(args,arg1type);	arg2=va_arg(args,arg2type);
-#define VAR_ARG(args,type,arg)		arg=va_arg(args,type)
-#define VAR_END(args)			va_end(args);
-
-#endif
-
-#ifndef NOPROTO
-int BIO_printf( VAR_PLIST( BIO *, bio ) );
-#else
-int BIO_printf();
-#endif
+int BIO_printf(BIO *bio, ...);
 
 /* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
 /* Error codes for the BIO functions. */
 
 /* Function codes. */
 #define BIO_F_ACPT_STATE				 100
 #define BIO_F_BIO_ACCEPT				 101
-#define BIO_F_BIO_CTRL					 102
-#define BIO_F_BIO_GETS					 103
-#define BIO_F_BIO_GET_ACCEPT_SOCKET			 104
-#define BIO_F_BIO_GET_HOST_IP				 105
-#define BIO_F_BIO_GET_PORT				 106
-#define BIO_F_BIO_NEW					 107
-#define BIO_F_BIO_NEW_FILE				 108
-#define BIO_F_BIO_PUTS					 109
-#define BIO_F_BIO_READ					 110
-#define BIO_F_BIO_SOCK_INIT				 111
-#define BIO_F_BIO_WRITE					 112
-#define BIO_F_BUFFER_CTRL				 113
-#define BIO_F_CONN_STATE				 114
-#define BIO_F_FILE_CTRL					 115
-#define BIO_F_MEM_WRITE					 116
-#define BIO_F_SSL_NEW					 117
-#define BIO_F_WSASTARTUP				 118
+#define BIO_F_BIO_BER_GET_HEADER			 102
+#define BIO_F_BIO_CTRL					 103
+#define BIO_F_BIO_GETHOSTBYNAME				 120
+#define BIO_F_BIO_GETS					 104
+#define BIO_F_BIO_GET_ACCEPT_SOCKET			 105
+#define BIO_F_BIO_GET_HOST_IP				 106
+#define BIO_F_BIO_GET_PORT				 107
+#define BIO_F_BIO_MAKE_PAIR				 121
+#define BIO_F_BIO_NEW					 108
+#define BIO_F_BIO_NEW_FILE				 109
+#define BIO_F_BIO_PUTS					 110
+#define BIO_F_BIO_READ					 111
+#define BIO_F_BIO_SOCK_INIT				 112
+#define BIO_F_BIO_WRITE					 113
+#define BIO_F_BUFFER_CTRL				 114
+#define BIO_F_CONN_STATE				 115
+#define BIO_F_FILE_CTRL					 116
+#define BIO_F_MEM_WRITE					 117
+#define BIO_F_SSL_NEW					 118
+#define BIO_F_WSASTARTUP				 119
 
 /* Reason codes. */
 #define BIO_R_ACCEPT_ERROR				 100
 #define BIO_R_BAD_FOPEN_MODE				 101
 #define BIO_R_BAD_HOSTNAME_LOOKUP			 102
+#define BIO_R_BROKEN_PIPE				 124
 #define BIO_R_CONNECT_ERROR				 103
 #define BIO_R_ERROR_SETTING_NBIO			 104
 #define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET	 105
 #define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET	 106
 #define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET		 107
+#define BIO_R_INVALID_ARGUMENT				 125
 #define BIO_R_INVALID_IP_ADDRESS			 108
+#define BIO_R_IN_USE					 123
 #define BIO_R_KEEPALIVE					 109
 #define BIO_R_NBIO_CONNECT_ERROR			 110
 #define BIO_R_NO_ACCEPT_PORT_SPECIFIED			 111
-#define BIO_R_NO_HOSTHNAME_SPECIFIED			 112
+#define BIO_R_NO_HOSTNAME_SPECIFIED			 112
 #define BIO_R_NO_PORT_DEFINED				 113
 #define BIO_R_NO_PORT_SPECIFIED				 114
 #define BIO_R_NULL_PARAMETER				 115
-#define BIO_R_UNABLE_TO_BIND_SOCKET			 116
-#define BIO_R_UNABLE_TO_CREATE_SOCKET			 117
-#define BIO_R_UNABLE_TO_LISTEN_SOCKET			 118
-#define BIO_R_UNINITALISED				 119
-#define BIO_R_UNSUPPORTED_METHOD			 120
-#define BIO_R_WSASTARTUP				 121
- 
+#define BIO_R_TAG_MISMATCH				 116
+#define BIO_R_UNABLE_TO_BIND_SOCKET			 117
+#define BIO_R_UNABLE_TO_CREATE_SOCKET			 118
+#define BIO_R_UNABLE_TO_LISTEN_SOCKET			 119
+#define BIO_R_UNINITIALIZED				 120
+#define BIO_R_UNSUPPORTED_METHOD			 121
+#define BIO_R_WSASTARTUP				 122
+
 #ifdef  __cplusplus
 }
 #endif
diff --git a/lib/libssl/src/crypto/bio/bio_cb.c b/lib/libssl/src/crypto/bio/bio_cb.c
index bc6ed9eda1d..37c7c226668 100644
--- a/lib/libssl/src/crypto/bio/bio_cb.c
+++ b/lib/libssl/src/crypto/bio/bio_cb.c
@@ -60,16 +60,11 @@
 #include <string.h>
 #include <stdlib.h>
 #include "cryptlib.h"
-#include "bio.h"
-#include "err.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
 
-long MS_CALLBACK BIO_debug_callback(bio,cmd,argp,argi,argl,ret)
-BIO *bio;
-int cmd;
-char *argp;
-int argi;
-long argl;
-long ret;
+long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp,
+	     int argi, long argl, long ret)
 	{
 	BIO *b;
 	MS_STATIC char buf[256];
diff --git a/lib/libssl/src/crypto/bio/bio_err.c b/lib/libssl/src/crypto/bio/bio_err.c
index 37e14ca107e..712d98a3a1a 100644
--- a/lib/libssl/src/crypto/bio/bio_err.c
+++ b/lib/libssl/src/crypto/bio/bio_err.c
@@ -1,63 +1,65 @@
-/* lib/bio/bio_err.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* crypto/bio/bio_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
+ */
+
 #include <stdio.h>
-#include "err.h"
-#include "bio.h"
+#include <openssl/err.h>
+#include <openssl/bio.h>
 
 /* BEGIN ERROR CODES */
 #ifndef NO_ERR
@@ -65,11 +67,14 @@ static ERR_STRING_DATA BIO_str_functs[]=
 	{
 {ERR_PACK(0,BIO_F_ACPT_STATE,0),	"ACPT_STATE"},
 {ERR_PACK(0,BIO_F_BIO_ACCEPT,0),	"BIO_accept"},
+{ERR_PACK(0,BIO_F_BIO_BER_GET_HEADER,0),	"BIO_BER_GET_HEADER"},
 {ERR_PACK(0,BIO_F_BIO_CTRL,0),	"BIO_ctrl"},
+{ERR_PACK(0,BIO_F_BIO_GETHOSTBYNAME,0),	"BIO_gethostbyname"},
 {ERR_PACK(0,BIO_F_BIO_GETS,0),	"BIO_gets"},
 {ERR_PACK(0,BIO_F_BIO_GET_ACCEPT_SOCKET,0),	"BIO_get_accept_socket"},
 {ERR_PACK(0,BIO_F_BIO_GET_HOST_IP,0),	"BIO_get_host_ip"},
 {ERR_PACK(0,BIO_F_BIO_GET_PORT,0),	"BIO_get_port"},
+{ERR_PACK(0,BIO_F_BIO_MAKE_PAIR,0),	"BIO_MAKE_PAIR"},
 {ERR_PACK(0,BIO_F_BIO_NEW,0),	"BIO_new"},
 {ERR_PACK(0,BIO_F_BIO_NEW_FILE,0),	"BIO_new_file"},
 {ERR_PACK(0,BIO_F_BIO_PUTS,0),	"BIO_puts"},
@@ -80,9 +85,9 @@ static ERR_STRING_DATA BIO_str_functs[]=
 {ERR_PACK(0,BIO_F_CONN_STATE,0),	"CONN_STATE"},
 {ERR_PACK(0,BIO_F_FILE_CTRL,0),	"FILE_CTRL"},
 {ERR_PACK(0,BIO_F_MEM_WRITE,0),	"MEM_WRITE"},
-{ERR_PACK(0,BIO_F_SSL_NEW,0),	"SSL_NEW"},
+{ERR_PACK(0,BIO_F_SSL_NEW,0),	"SSL_new"},
 {ERR_PACK(0,BIO_F_WSASTARTUP,0),	"WSASTARTUP"},
-{0,NULL},
+{0,NULL}
 	};
 
 static ERR_STRING_DATA BIO_str_reasons[]=
@@ -90,36 +95,40 @@ static ERR_STRING_DATA BIO_str_reasons[]=
 {BIO_R_ACCEPT_ERROR                      ,"accept error"},
 {BIO_R_BAD_FOPEN_MODE                    ,"bad fopen mode"},
 {BIO_R_BAD_HOSTNAME_LOOKUP               ,"bad hostname lookup"},
+{BIO_R_BROKEN_PIPE                       ,"broken pipe"},
 {BIO_R_CONNECT_ERROR                     ,"connect error"},
 {BIO_R_ERROR_SETTING_NBIO                ,"error setting nbio"},
 {BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET,"error setting nbio on accepted socket"},
 {BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET,"error setting nbio on accept socket"},
 {BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET ,"gethostbyname addr is not af inet"},
+{BIO_R_INVALID_ARGUMENT                  ,"invalid argument"},
 {BIO_R_INVALID_IP_ADDRESS                ,"invalid ip address"},
+{BIO_R_IN_USE                            ,"in use"},
 {BIO_R_KEEPALIVE                         ,"keepalive"},
 {BIO_R_NBIO_CONNECT_ERROR                ,"nbio connect error"},
 {BIO_R_NO_ACCEPT_PORT_SPECIFIED          ,"no accept port specified"},
-{BIO_R_NO_HOSTHNAME_SPECIFIED            ,"no hosthname specified"},
+{BIO_R_NO_HOSTNAME_SPECIFIED             ,"no hostname specified"},
 {BIO_R_NO_PORT_DEFINED                   ,"no port defined"},
 {BIO_R_NO_PORT_SPECIFIED                 ,"no port specified"},
 {BIO_R_NULL_PARAMETER                    ,"null parameter"},
+{BIO_R_TAG_MISMATCH                      ,"tag mismatch"},
 {BIO_R_UNABLE_TO_BIND_SOCKET             ,"unable to bind socket"},
 {BIO_R_UNABLE_TO_CREATE_SOCKET           ,"unable to create socket"},
 {BIO_R_UNABLE_TO_LISTEN_SOCKET           ,"unable to listen socket"},
-{BIO_R_UNINITALISED                      ,"uninitalised"},
+{BIO_R_UNINITIALIZED                     ,"uninitialized"},
 {BIO_R_UNSUPPORTED_METHOD                ,"unsupported method"},
 {BIO_R_WSASTARTUP                        ,"wsastartup"},
-{0,NULL},
+{0,NULL}
 	};
 
 #endif
 
-void ERR_load_BIO_strings()
+void ERR_load_BIO_strings(void)
 	{
 	static int init=1;
 
-	if (init);
-		{;
+	if (init)
+		{
 		init=0;
 #ifndef NO_ERR
 		ERR_load_strings(ERR_LIB_BIO,BIO_str_functs);
diff --git a/lib/libssl/src/crypto/bio/bio_lib.c b/lib/libssl/src/crypto/bio/bio_lib.c
index 7a66b0892ed..b72688ea901 100644
--- a/lib/libssl/src/crypto/bio/bio_lib.c
+++ b/lib/libssl/src/crypto/bio/bio_lib.c
@@ -58,16 +58,15 @@
 
 #include <stdio.h>
 #include <errno.h>
-#include "crypto.h"
+#include <openssl/crypto.h>
 #include "cryptlib.h"
-#include "bio.h"
-#include "stack.h"
+#include <openssl/bio.h>
+#include <openssl/stack.h>
 
 static STACK *bio_meth=NULL;
 static int bio_meth_num=0;
 
-BIO *BIO_new(method)
-BIO_METHOD *method;
+BIO *BIO_new(BIO_METHOD *method)
 	{
 	BIO *ret=NULL;
 
@@ -85,9 +84,7 @@ BIO_METHOD *method;
 	return(ret);
 	}
 
-int BIO_set(bio,method)
-BIO *bio;
-BIO_METHOD *method;
+int BIO_set(BIO *bio, BIO_METHOD *method)
 	{
 	bio->method=method;
 	bio->callback=NULL;
@@ -110,8 +107,7 @@ BIO_METHOD *method;
 	return(1);
 	}
 
-int BIO_free(a)
-BIO *a;
+int BIO_free(BIO *a)
 	{
 	int ret=0,i;
 
@@ -121,7 +117,7 @@ BIO *a;
 #ifdef REF_PRINT
 	REF_PRINT("BIO",a);
 #endif
-        if (i > 0) return(1);
+	if (i > 0) return(1);
 #ifdef REF_CHECK
 	if (i < 0)
 		{
@@ -141,10 +137,7 @@ BIO *a;
 	return(1);
 	}
 
-int BIO_read(b,out,outl)
-BIO *b;
-char *out;
-int outl;
+int BIO_read(BIO *b, void *out, int outl)
 	{
 	int i;
 	long (*cb)();
@@ -162,11 +155,12 @@ int outl;
 
 	if (!b->init)
 		{
-		BIOerr(BIO_F_BIO_READ,BIO_R_UNINITALISED);
+		BIOerr(BIO_F_BIO_READ,BIO_R_UNINITIALIZED);
 		return(-2);
 		}
 
 	i=b->method->bread(b,out,outl);
+
 	if (i > 0) b->num_read+=(unsigned long)i;
 
 	if (cb != NULL)
@@ -175,10 +169,7 @@ int outl;
 	return(i);
 	}
 
-int BIO_write(b,in,inl)
-BIO *b;
-char *in;
-int inl;
+int BIO_write(BIO *b, const char *in, int inl)
 	{
 	int i;
 	long (*cb)();
@@ -199,22 +190,27 @@ int inl;
 
 	if (!b->init)
 		{
-		BIOerr(BIO_F_BIO_WRITE,BIO_R_UNINITALISED);
+		BIOerr(BIO_F_BIO_WRITE,BIO_R_UNINITIALIZED);
 		return(-2);
 		}
 
 	i=b->method->bwrite(b,in,inl);
+
 	if (i > 0) b->num_write+=(unsigned long)i;
 
-	if (cb != NULL)
+	/* This is evil and not thread safe.  If the BIO has been freed,
+	 * we must not call the callback.  The only way to be able to
+	 * determine this is the reference count which is now invalid since
+	 * the memory has been free()ed.
+	 */
+	if (b->references <= 0) abort();
+	if (cb != NULL) /* && (b->references >= 1)) */
 		i=(int)cb(b,BIO_CB_WRITE|BIO_CB_RETURN,in,inl,
 			0L,(long)i);
 	return(i);
 	}
 
-int BIO_puts(b,in)
-BIO *b;
-char *in;
+int BIO_puts(BIO *b, const char *in)
 	{
 	int i;
 	long (*cb)();
@@ -233,7 +229,7 @@ char *in;
 
 	if (!b->init)
 		{
-		BIOerr(BIO_F_BIO_PUTS,BIO_R_UNINITALISED);
+		BIOerr(BIO_F_BIO_PUTS,BIO_R_UNINITIALIZED);
 		return(-2);
 		}
 
@@ -245,10 +241,7 @@ char *in;
 	return(i);
 	}
 
-int BIO_gets(b,in,inl)
-BIO *b;
-char *in;
-int inl;
+int BIO_gets(BIO *b, char *in, int inl)
 	{
 	int i;
 	long (*cb)();
@@ -267,7 +260,7 @@ int inl;
 
 	if (!b->init)
 		{
-		BIOerr(BIO_F_BIO_GETS,BIO_R_UNINITALISED);
+		BIOerr(BIO_F_BIO_GETS,BIO_R_UNINITIALIZED);
 		return(-2);
 		}
 
@@ -279,11 +272,7 @@ int inl;
 	return(i);
 	}
 
-long BIO_int_ctrl(b,cmd,larg,iarg)
-BIO *b;
-int cmd;
-long larg;
-int iarg;
+long BIO_int_ctrl(BIO *b, int cmd, long larg, int iarg)
 	{
 	int i;
 
@@ -291,10 +280,7 @@ int iarg;
 	return(BIO_ctrl(b,cmd,larg,(char *)&i));
 	}
 
-char *BIO_ptr_ctrl(b,cmd,larg)
-BIO *b;
-int cmd;
-long larg;
+char *BIO_ptr_ctrl(BIO *b, int cmd, long larg)
 	{
 	char *p=NULL;
 
@@ -304,11 +290,7 @@ long larg;
 		return(p);
 	}
 
-long BIO_ctrl(b,cmd,larg,parg)
-BIO *b;
-int cmd;
-long larg;
-char *parg;
+long BIO_ctrl(BIO *b, int cmd, long larg, void *parg)
 	{
 	long ret;
 	long (*cb)();
@@ -335,9 +317,22 @@ char *parg;
 	return(ret);
 	}
 
+/* It is unfortunate to duplicate in functions what the BIO_(w)pending macros
+ * do; but those macros have inappropriate return type, and for interfacing
+ * from other programming languages, C macros aren't much of a help anyway. */
+size_t BIO_ctrl_pending(BIO *bio)
+    {
+	return BIO_ctrl(bio, BIO_CTRL_PENDING, 0, NULL);
+	}
+
+size_t BIO_ctrl_wpending(BIO *bio)
+    {
+	return BIO_ctrl(bio, BIO_CTRL_WPENDING, 0, NULL);
+	}
+
+
 /* put the 'bio' on the end of b's list of operators */
-BIO *BIO_push(b,bio)
-BIO *b,*bio;
+BIO *BIO_push(BIO *b, BIO *bio)
 	{
 	BIO *lb;
 
@@ -354,8 +349,7 @@ BIO *b,*bio;
 	}
 
 /* Remove the first and return the rest */
-BIO *BIO_pop(b)
-BIO *b;
+BIO *BIO_pop(BIO *b)
 	{
 	BIO *ret;
 
@@ -373,9 +367,7 @@ BIO *b;
 	return(ret);
 	}
 
-BIO *BIO_get_retry_BIO(bio,reason)
-BIO *bio;
-int *reason;
+BIO *BIO_get_retry_BIO(BIO *bio, int *reason)
 	{
 	BIO *b,*last;
 
@@ -391,15 +383,12 @@ int *reason;
 	return(last);
 	}
 
-int BIO_get_retry_reason(bio)
-BIO *bio;
+int BIO_get_retry_reason(BIO *bio)
 	{
 	return(bio->retry_reason);
 	}
 
-BIO *BIO_find_type(bio,type)
-BIO *bio;
-int type;
+BIO *BIO_find_type(BIO *bio, int type)
 	{
 	int mt,mask;
 
@@ -421,8 +410,7 @@ int type;
 	return(NULL);
 	}
 
-void BIO_free_all(bio)
-BIO *bio;
+void BIO_free_all(BIO *bio)
 	{
 	BIO *b;
 	int ref;
@@ -438,8 +426,7 @@ BIO *bio;
 		}
 	}
 
-BIO *BIO_dup_chain(in)
-BIO *in;
+BIO *BIO_dup_chain(BIO *in)
 	{
 	BIO *ret=NULL,*eoc=NULL,*bio,*new;
 
@@ -461,9 +448,9 @@ BIO *in;
 			goto err;
 			}
 
-	        /* copy app data */
-	        if (!CRYPTO_dup_ex_data(bio_meth,&new->ex_data,&bio->ex_data))
-	                goto err;
+		/* copy app data */
+		if (!CRYPTO_dup_ex_data(bio_meth,&new->ex_data,&bio->ex_data))
+			goto err;
 
 		if (ret == NULL)
 			{
@@ -483,36 +470,26 @@ err:
 	return(NULL);	
 	}
 
-void BIO_copy_next_retry(b)
-BIO *b;
+void BIO_copy_next_retry(BIO *b)
 	{
 	BIO_set_flags(b,BIO_get_retry_flags(b->next_bio));
 	b->retry_reason=b->next_bio->retry_reason;
 	}
 
-int BIO_get_ex_new_index(argl,argp,new_func,dup_func,free_func)
-long argl;
-char *argp;
-int (*new_func)();
-int (*dup_func)();
-void (*free_func)();
-        {
-        bio_meth_num++;
-        return(CRYPTO_get_ex_new_index(bio_meth_num-1,&bio_meth,
-                argl,argp,new_func,dup_func,free_func));
-        }
-
-int BIO_set_ex_data(bio,idx,data)
-BIO *bio;
-int idx;
-char *data;
+int BIO_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+	     int (*dup_func)(), void (*free_func)())
+	{
+	bio_meth_num++;
+	return(CRYPTO_get_ex_new_index(bio_meth_num-1,&bio_meth,
+		argl,argp,new_func,dup_func,free_func));
+	}
+
+int BIO_set_ex_data(BIO *bio, int idx, char *data)
 	{
 	return(CRYPTO_set_ex_data(&(bio->ex_data),idx,data));
 	}
 
-char *BIO_get_ex_data(bio,idx)
-BIO *bio;
-int idx;
+char *BIO_get_ex_data(BIO *bio, int idx)
 	{
 	return(CRYPTO_get_ex_data(&(bio->ex_data),idx));
 	}
diff --git a/lib/libssl/src/crypto/bio/bss_acpt.c b/lib/libssl/src/crypto/bio/bss_acpt.c
index e49902fa9fb..47af80f76d5 100644
--- a/lib/libssl/src/crypto/bio/bss_acpt.c
+++ b/lib/libssl/src/crypto/bio/bss_acpt.c
@@ -62,9 +62,7 @@
 #include <errno.h>
 #define USE_SOCKETS
 #include "cryptlib.h"
-#include "bio.h"
-
-/*	BIOerr(BIO_F_WSASTARTUP,BIO_R_WSASTARTUP ); */
+#include <openssl/bio.h>
 
 #ifdef WIN16
 #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
@@ -72,6 +70,11 @@
 #define SOCKET_PROTOCOL IPPROTO_TCP
 #endif
 
+#if (defined(VMS) && __VMS_VER < 70000000)
+/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
+#undef FIONBIO
+#endif
+
 typedef struct bio_accept_st
 	{
 	int state;
@@ -82,39 +85,24 @@ typedef struct bio_accept_st
 
 	char *addr;
 	int nbio;
+	/* If 0, it means normal, if 1, do a connect on bind failure,
+	 * and if there is no-one listening, bind with SO_REUSEADDR.
+	 * If 2, always use SO_REUSEADDR. */
+	int bind_mode;
 	BIO *bio_chain;
 	} BIO_ACCEPT;
 
-#ifndef NOPROTO
 static int acpt_write(BIO *h,char *buf,int num);
 static int acpt_read(BIO *h,char *buf,int size);
 static int acpt_puts(BIO *h,char *str);
 static long acpt_ctrl(BIO *h,int cmd,long arg1,char *arg2);
 static int acpt_new(BIO *h);
 static int acpt_free(BIO *data);
-#else
-static int acpt_write();
-static int acpt_read();
-static int acpt_puts();
-static long acpt_ctrl();
-static int acpt_new();
-static int acpt_free();
-#endif
-
-#ifndef NOPROTO
 static int acpt_state(BIO *b, BIO_ACCEPT *c);
 static void acpt_close_socket(BIO *data);
 BIO_ACCEPT *BIO_ACCEPT_new(void );
 void BIO_ACCEPT_free(BIO_ACCEPT *a);
 
-#else
-
-static int acpt_state();
-static void acpt_close_socket();
-BIO_ACCEPT *BIO_ACCEPT_new();
-void BIO_ACCEPT_free();
-#endif
-
 #define ACPT_S_BEFORE			1
 #define ACPT_S_GET_ACCEPT_SOCKET	2
 #define ACPT_S_OK			3
@@ -132,13 +120,12 @@ static BIO_METHOD methods_acceptp=
 	acpt_free,
 	};
 
-BIO_METHOD *BIO_s_accept()
+BIO_METHOD *BIO_s_accept(void)
 	{
 	return(&methods_acceptp);
 	}
 
-static int acpt_new(bi)
-BIO *bi;
+static int acpt_new(BIO *bi)
 	{
 	BIO_ACCEPT *ba;
 
@@ -153,7 +140,7 @@ BIO *bi;
 	return(1);
 	}
 
-BIO_ACCEPT *BIO_ACCEPT_new()
+BIO_ACCEPT *BIO_ACCEPT_new(void)
 	{
 	BIO_ACCEPT *ret;
 
@@ -162,20 +149,22 @@ BIO_ACCEPT *BIO_ACCEPT_new()
 
 	memset(ret,0,sizeof(BIO_ACCEPT));
 	ret->accept_sock=INVALID_SOCKET;
+	ret->bind_mode=BIO_BIND_NORMAL;
 	return(ret);
 	}
 
-void BIO_ACCEPT_free(a)
-BIO_ACCEPT *a;
+void BIO_ACCEPT_free(BIO_ACCEPT *a)
 	{
+	if(a == NULL)
+	    return;
+
 	if (a->param_addr != NULL) Free(a->param_addr);
 	if (a->addr != NULL) Free(a->addr);
 	if (a->bio_chain != NULL) BIO_free(a->bio_chain);
 	Free(a);
 	}
 
-static void acpt_close_socket(bio)
-BIO *bio;
+static void acpt_close_socket(BIO *bio)
 	{
 	BIO_ACCEPT *c;
 
@@ -183,18 +172,13 @@ BIO *bio;
 	if (c->accept_sock != INVALID_SOCKET)
 		{
 		shutdown(c->accept_sock,2);
-# ifdef WINDOWS
 		closesocket(c->accept_sock);
-# else
-		close(c->accept_sock);
-# endif
 		c->accept_sock=INVALID_SOCKET;
 		bio->num=INVALID_SOCKET;
 		}
 	}
 
-static int acpt_free(a)
-BIO *a;
+static int acpt_free(BIO *a)
 	{
 	BIO_ACCEPT *data;
 
@@ -212,12 +196,9 @@ BIO *a;
 	return(1);
 	}
 	
-static int acpt_state(b,c)
-BIO *b;
-BIO_ACCEPT *c;
+static int acpt_state(BIO *b, BIO_ACCEPT *c)
 	{
 	BIO *bio=NULL,*dbio;
-	unsigned long l=1;
 	int s= -1;
 	int i;
 
@@ -230,31 +211,24 @@ again:
 			BIOerr(BIO_F_ACPT_STATE,BIO_R_NO_ACCEPT_PORT_SPECIFIED);
 			return(-1);
 			}
-		s=BIO_get_accept_socket(c->param_addr);
+		s=BIO_get_accept_socket(c->param_addr,c->bind_mode);
 		if (s == INVALID_SOCKET)
 			return(-1);
 
-#ifdef FIONBIO
 		if (c->accept_nbio)
 			{
-			i=BIO_socket_ioctl(b->num,FIONBIO,&l);
-			if (i < 0)
+			if (!BIO_socket_nbio(s,1))
 				{
-#ifdef WINDOWS
 				closesocket(s);
-#else
-				close(s);
-# endif
 				BIOerr(BIO_F_ACPT_STATE,BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET);
 				return(-1);
 				}
 			}
-#endif
 		c->accept_sock=s;
 		b->num=s;
 		c->state=ACPT_S_GET_ACCEPT_SOCKET;
 		return(1);
-		break;
+		/* break; */
 	case ACPT_S_GET_ACCEPT_SOCKET:
 		if (b->next_bio != NULL)
 			{
@@ -269,17 +243,14 @@ again:
 		BIO_set_callback(bio,BIO_get_callback(b));
 		BIO_set_callback_arg(bio,BIO_get_callback_arg(b));
 
-#ifdef FIONBIO
 		if (c->nbio)
 			{
-			i=BIO_socket_ioctl(i,FIONBIO,&l);
-			if (i < 0)
+			if (!BIO_socket_nbio(i,1))
 				{
 				BIOerr(BIO_F_ACPT_STATE,BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET);
 				goto err;
 				}
 			}
-#endif
 
 		/* If the accept BIO has an bio_chain, we dup it and
 		 * put the new socket at the end. */
@@ -298,15 +269,9 @@ err:
 		if (bio != NULL)
 			BIO_free(bio);
 		else if (s >= 0)
-			{
-#ifdef WINDOWS
 			closesocket(s);
-#else
-			close(s);
-# endif
-			}
 		return(0);
-		break;
+		/* break; */
 	case ACPT_S_OK:
 		if (b->next_bio == NULL)
 			{
@@ -314,23 +279,20 @@ err:
 			goto again;
 			}
 		return(1);
-		break;
+		/* break; */
 	default:	
 		return(0);
-		break;
+		/* break; */
 		}
 
 	}
 
-static int acpt_read(b,out,outl)
-BIO *b;
-char *out;
-int outl;
+static int acpt_read(BIO *b, char *out, int outl)
 	{
 	int ret=0;
 	BIO_ACCEPT *data;
 
-        BIO_clear_retry_flags(b);
+	BIO_clear_retry_flags(b);
 	data=(BIO_ACCEPT *)b->ptr;
 
 	while (b->next_bio == NULL)
@@ -344,10 +306,7 @@ int outl;
 	return(ret);
 	}
 
-static int acpt_write(b,in,inl)
-BIO *b;
-char *in;
-int inl;
+static int acpt_write(BIO *b, char *in, int inl)
 	{
 	int ret;
 	BIO_ACCEPT *data;
@@ -366,11 +325,7 @@ int inl;
 	return(ret);
 	}
 
-static long acpt_ctrl(b,cmd,num,ptr)
-BIO *b;
-int cmd;
-long num;
-char *ptr;
+static long acpt_ctrl(BIO *b, int cmd, long num, char *ptr)
 	{
 	BIO *dbio;
 	int *ip;
@@ -417,13 +372,21 @@ char *ptr;
 	case BIO_C_SET_NBIO:
 		data->nbio=(int)num;
 		break;
+	case BIO_C_SET_FD:
+		b->init=1;
+		b->num= *((int *)ptr);
+		data->accept_sock=b->num;
+		data->state=ACPT_S_GET_ACCEPT_SOCKET;
+		b->shutdown=(int)num;
+		b->init=1;
+		break;
 	case BIO_C_GET_FD:
 		if (b->init)
 			{
 			ip=(int *)ptr;
 			if (ip != NULL)
 				*ip=data->accept_sock;
-			ret=b->num;
+			ret=data->accept_sock;
 			}
 		else
 			ret= -1;
@@ -454,6 +417,12 @@ char *ptr;
 		break;
 	case BIO_CTRL_FLUSH:
 		break;
+	case BIO_C_SET_BIND_MODE:
+		data->bind_mode=(int)num;
+		break;
+	case BIO_C_GET_BIND_MODE:
+		ret=(long)data->bind_mode;
+		break;
 	case BIO_CTRL_DUP:
 		dbio=(BIO *)ptr;
 /*		if (data->param_port) EAY EAY
@@ -470,9 +439,7 @@ char *ptr;
 	return(ret);
 	}
 
-static int acpt_puts(bp,str)
-BIO *bp;
-char *str;
+static int acpt_puts(BIO *bp, char *str)
 	{
 	int n,ret;
 
@@ -481,8 +448,7 @@ char *str;
 	return(ret);
 	}
 
-BIO *BIO_new_accept(str)
-char *str;
+BIO *BIO_new_accept(char *str)
 	{
 	BIO *ret;
 
diff --git a/lib/libssl/src/crypto/bio/bss_bio.c b/lib/libssl/src/crypto/bio/bss_bio.c
new file mode 100644
index 00000000000..562e9d8de27
--- /dev/null
+++ b/lib/libssl/src/crypto/bio/bss_bio.c
@@ -0,0 +1,588 @@
+/* crypto/bio/bss_bio.c  -*- Mode: C; c-file-style: "eay" -*- */
+
+/* Special method for a BIO where the other endpoint is also a BIO
+ * of this kind, handled by the same thread (i.e. the "peer" is actually
+ * ourselves, wearing a different hat).
+ * Such "BIO pairs" are mainly for using the SSL library with I/O interfaces
+ * for which no specific BIO method is available.
+ * See ssl/ssltest.c for some hints on how this can be used. */
+
+#ifndef BIO_PAIR_DEBUG
+# undef NDEBUG /* avoid conflicting definitions */
+# define NDEBUG
+#endif
+
+#include <assert.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/crypto.h>
+
+static int bio_new(BIO *bio);
+static int bio_free(BIO *bio);
+static int bio_read(BIO *bio, char *buf, int size);
+static int bio_write(BIO *bio, char *buf, int num);
+static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr);
+static int bio_puts(BIO *bio, char *str);
+
+static int bio_make_pair(BIO *bio1, BIO *bio2);
+static void bio_destroy_pair(BIO *bio);
+
+static BIO_METHOD methods_biop =
+{
+	BIO_TYPE_BIO,
+	"BIO pair",
+	bio_write,
+	bio_read,
+	bio_puts,
+	NULL /* no bio_gets */,
+	bio_ctrl,
+	bio_new,
+	bio_free
+};
+
+BIO_METHOD *BIO_s_bio(void)
+	{
+	return &methods_biop;
+	}
+
+struct bio_bio_st
+{
+	BIO *peer;     /* NULL if buf == NULL.
+	                * If peer != NULL, then peer->ptr is also a bio_bio_st,
+	                * and its "peer" member points back to us.
+	                * peer != NULL iff init != 0 in the BIO. */
+	
+	/* This is for what we write (i.e. reading uses peer's struct): */
+	int closed;     /* valid iff peer != NULL */
+	size_t len;     /* valid iff buf != NULL; 0 if peer == NULL */
+	size_t offset;  /* valid iff buf != NULL; 0 if len == 0 */
+	size_t size;
+	char *buf;      /* "size" elements (if != NULL) */
+
+	size_t request; /* valid iff peer != NULL; 0 if len != 0,
+	                 * otherwise set by peer to number of bytes
+	                 * it (unsuccesfully) tried to read,
+	                 * never more than buffer space (size-len) warrants. */
+};
+
+static int bio_new(BIO *bio)
+	{
+	struct bio_bio_st *b;
+	
+	b = Malloc(sizeof *b);
+	if (b == NULL)
+		return 0;
+
+	b->peer = NULL;
+	b->size = 17*1024; /* enough for one TLS record (just a default) */
+	b->buf = NULL;
+
+	bio->ptr = b;
+	return 1;
+	}
+
+
+static int bio_free(BIO *bio)
+	{
+	struct bio_bio_st *b;
+
+	if (bio == NULL)
+		return 0;
+	b = bio->ptr;
+
+	assert(b != NULL);
+
+	if (b->peer)
+		bio_destroy_pair(bio);
+	
+	if (b->buf != NULL)
+		{
+		Free(b->buf);
+		}
+
+	Free(b);
+
+	return 1;
+	}
+
+
+
+static int bio_read(BIO *bio, char *buf, int size_)
+	{
+	size_t size = size_;
+	size_t rest;
+	struct bio_bio_st *b, *peer_b;
+
+	BIO_clear_retry_flags(bio);
+
+	if (!bio->init)
+		return 0;
+
+	b = bio->ptr;
+	assert(b != NULL);
+	assert(b->peer != NULL);
+	peer_b = b->peer->ptr;
+	assert(peer_b != NULL);
+	assert(peer_b->buf != NULL);
+
+	peer_b->request = 0; /* will be set in "retry_read" situation */
+
+	if (buf == NULL || size == 0)
+		return 0;
+
+	if (peer_b->len == 0)
+		{
+		if (peer_b->closed)
+			return 0; /* writer has closed, and no data is left */
+		else
+			{
+			BIO_set_retry_read(bio); /* buffer is empty */
+			if (size <= peer_b->size)
+				peer_b->request = size;
+			else
+				/* don't ask for more than the peer can
+				 * deliver in one write */
+				peer_b->request = peer_b->size;
+			return -1;
+			}
+		}
+
+	/* we can read */
+	if (peer_b->len < size)
+		size = peer_b->len;
+
+	/* now read "size" bytes */
+	
+	rest = size;
+	
+	assert(rest > 0);
+	do /* one or two iterations */
+		{
+		size_t chunk;
+		
+		assert(rest <= peer_b->len);
+		if (peer_b->offset + rest <= peer_b->size)
+			chunk = rest;
+		else
+			/* wrap around ring buffer */
+			chunk = peer_b->size - peer_b->offset;
+		assert(peer_b->offset + chunk <= peer_b->size);
+		
+		memcpy(buf, peer_b->buf + peer_b->offset, chunk);
+		
+		peer_b->len -= chunk;
+		if (peer_b->len)
+			{
+			peer_b->offset += chunk;
+			assert(peer_b->offset <= peer_b->size);
+			if (peer_b->offset == peer_b->size)
+				peer_b->offset = 0;
+			buf += chunk;
+			}
+		else
+			{
+			/* buffer now empty, no need to advance "buf" */
+			assert(chunk == rest);
+			peer_b->offset = 0;
+			}
+		rest -= chunk;
+		}
+	while (rest);
+	
+	return size;
+	}
+
+static int bio_write(BIO *bio, char *buf, int num_)
+	{
+	size_t num = num_;
+	size_t rest;
+	struct bio_bio_st *b;
+
+	BIO_clear_retry_flags(bio);
+
+	if (!bio->init || buf == NULL || num == 0)
+		return 0;
+
+	b = bio->ptr;		
+	assert(b != NULL);
+	assert(b->peer != NULL);
+	assert(b->buf != NULL);
+
+	b->request = 0;
+	if (b->closed)
+		{
+		/* we already closed */
+		BIOerr(BIO_F_BIO_WRITE, BIO_R_BROKEN_PIPE);
+		return -1;
+		}
+
+	assert(b->len <= b->size);
+
+	if (b->len == b->size)
+		{
+		BIO_set_retry_write(bio); /* buffer is full */
+		return -1;
+		}
+
+	/* we can write */
+	if (num > b->size - b->len)
+		num = b->size - b->len;
+	
+	/* now write "num" bytes */
+
+	rest = num;
+	
+	assert(rest > 0);
+	do /* one or two iterations */
+		{
+		size_t write_offset;
+		size_t chunk;
+
+		assert(b->len + rest <= b->size);
+
+		write_offset = b->offset + b->len;
+		if (write_offset >= b->size)
+			write_offset -= b->size;
+		/* b->buf[write_offset] is the first byte we can write to. */
+
+		if (write_offset + rest <= b->size)
+			chunk = rest;
+		else
+			/* wrap around ring buffer */
+			chunk = b->size - write_offset;
+		
+		memcpy(b->buf + write_offset, buf, chunk);
+		
+		b->len += chunk;
+
+		assert(b->len <= b->size);
+		
+		rest -= chunk;
+		buf += chunk;
+		}
+	while (rest);
+
+	return num;
+	}
+
+
+static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
+	{
+	long ret;
+	struct bio_bio_st *b = bio->ptr;
+	
+	assert(b != NULL);
+
+	switch (cmd)
+		{
+	/* specific CTRL codes */
+
+	case BIO_C_SET_WRITE_BUF_SIZE:
+		if (b->peer)
+			{
+			BIOerr(BIO_F_BIO_CTRL, BIO_R_IN_USE);
+			ret = 0;
+			}
+		else if (num == 0)
+			{
+			BIOerr(BIO_F_BIO_CTRL, BIO_R_INVALID_ARGUMENT);
+			ret = 0;
+			}
+		else
+			{
+			size_t new_size = num;
+
+			if (b->size != new_size)
+				{
+				if (b->buf) 
+					{
+					Free(b->buf);
+					b->buf = NULL;
+					}
+				b->size = new_size;
+				}
+			ret = 1;
+			}
+		break;
+
+	case BIO_C_GET_WRITE_BUF_SIZE:
+		num = (long) b->size;
+
+	case BIO_C_MAKE_BIO_PAIR:
+		{
+		BIO *other_bio = ptr;
+		
+		if (bio_make_pair(bio, other_bio))
+			ret = 1;
+		else
+			ret = 0;
+		}
+		break;
+		
+	case BIO_C_DESTROY_BIO_PAIR:
+		/* Effects both BIOs in the pair -- call just once!
+		 * Or let BIO_free(bio1); BIO_free(bio2); do the job. */
+		bio_destroy_pair(bio);
+		ret = 1;
+		break;
+
+	case BIO_C_GET_WRITE_GUARANTEE:
+		/* How many bytes can the caller feed to the next write
+		 * withouth having to keep any? */
+		if (b->peer == NULL || b->closed)
+			ret = 0;
+		else
+			ret = (long) b->size - b->len;
+		break;
+
+	case BIO_C_GET_READ_REQUEST:
+		/* If the peer unsuccesfully tried to read, how many bytes
+		 * were requested?  (As with BIO_CTRL_PENDING, that number
+		 * can usually be treated as boolean.) */
+		ret = (long) b->request;
+		break;
+
+	case BIO_C_SHUTDOWN_WR:
+		/* similar to shutdown(..., SHUT_WR) */
+		b->closed = 1;
+		ret = 1;
+		break;
+
+
+	/* standard CTRL codes follow */
+
+	case BIO_CTRL_RESET:
+		if (b->buf != NULL)
+			{
+			b->len = 0;
+			b->offset = 0;
+			}
+		ret = 0;
+		break;		
+
+	case BIO_CTRL_GET_CLOSE:
+		ret = bio->shutdown;
+		break;
+
+	case BIO_CTRL_SET_CLOSE:
+		bio->shutdown = (int) num;
+		ret = 1;
+		break;
+
+	case BIO_CTRL_PENDING:
+		if (b->peer != NULL)
+			{
+			struct bio_bio_st *peer_b = b->peer->ptr;
+			
+			ret = (long) peer_b->len;
+			}
+		else
+			ret = 0;
+		break;
+
+	case BIO_CTRL_WPENDING:
+		if (b->buf != NULL)
+			ret = (long) b->len;
+		else
+			ret = 0;
+		break;
+
+	case BIO_CTRL_DUP:
+		/* See BIO_dup_chain for circumstances we have to expect. */
+		{
+		BIO *other_bio = ptr;
+		struct bio_bio_st *other_b;
+		
+		assert(other_bio != NULL);
+		other_b = other_bio->ptr;
+		assert(other_b != NULL);
+		
+		assert(other_b->buf == NULL); /* other_bio is always fresh */
+
+		other_b->size = b->size;
+		}
+
+		ret = 1;
+		break;
+
+	case BIO_CTRL_FLUSH:
+		ret = 1;
+		break;
+
+	case BIO_CTRL_EOF:
+		{
+		BIO *other_bio = ptr;
+		
+		if (other_bio)
+			{
+			struct bio_bio_st *other_b = other_bio->ptr;
+			
+			assert(other_b != NULL);
+			ret = other_b->len == 0 && other_b->closed;
+			}
+		else
+			ret = 1;
+		}
+		break;
+
+	default:
+		ret = 0;
+		}
+	return ret;
+	}
+
+static int bio_puts(BIO *bio, char *str)
+	{
+	return bio_write(bio, str, strlen(str));
+	}
+
+
+static int bio_make_pair(BIO *bio1, BIO *bio2)
+	{
+	struct bio_bio_st *b1, *b2;
+
+	assert(bio1 != NULL);
+	assert(bio2 != NULL);
+
+	b1 = bio1->ptr;
+	b2 = bio2->ptr;
+	
+	if (b1->peer != NULL || b2->peer != NULL)
+		{
+		BIOerr(BIO_F_BIO_MAKE_PAIR, BIO_R_IN_USE);
+		return 0;
+		}
+	
+	if (b1->buf == NULL)
+		{
+		b1->buf = Malloc(b1->size);
+		if (b1->buf == NULL)
+			{
+			BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);
+			return 0;
+			}
+		b1->len = 0;
+		b1->offset = 0;
+		}
+	
+	if (b2->buf == NULL)
+		{
+		b2->buf = Malloc(b2->size);
+		if (b2->buf == NULL)
+			{
+			BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);
+			return 0;
+			}
+		b2->len = 0;
+		b2->offset = 0;
+		}
+	
+	b1->peer = bio2;
+	b1->closed = 0;
+	b1->request = 0;
+	b2->peer = bio1;
+	b2->closed = 0;
+	b2->request = 0;
+
+	bio1->init = 1;
+	bio2->init = 1;
+
+	return 1;
+	}
+
+static void bio_destroy_pair(BIO *bio)
+	{
+	struct bio_bio_st *b = bio->ptr;
+
+	if (b != NULL)
+		{
+		BIO *peer_bio = b->peer;
+
+		if (peer_bio != NULL)
+			{
+			struct bio_bio_st *peer_b = peer_bio->ptr;
+
+			assert(peer_b != NULL);
+			assert(peer_b->peer == bio);
+
+			peer_b->peer = NULL;
+			peer_bio->init = 0;
+			assert(peer_b->buf != NULL);
+			peer_b->len = 0;
+			peer_b->offset = 0;
+			
+			b->peer = NULL;
+			bio->init = 0;
+			assert(b->buf != NULL);
+			b->len = 0;
+			b->offset = 0;
+			}
+		}
+	}
+ 
+
+/* Exported convenience functions */
+int BIO_new_bio_pair(BIO **bio1_p, size_t writebuf1,
+	BIO **bio2_p, size_t writebuf2)
+	 {
+	 BIO *bio1 = NULL, *bio2 = NULL;
+	 long r;
+	 int ret = 0;
+
+	 bio1 = BIO_new(BIO_s_bio());
+	 if (bio1 == NULL)
+		 goto err;
+	 bio2 = BIO_new(BIO_s_bio());
+	 if (bio2 == NULL)
+		 goto err;
+
+	 if (writebuf1)
+		 {
+		 r = BIO_set_write_buf_size(bio1, writebuf1);
+		 if (!r)
+			 goto err;
+		 }
+	 if (writebuf2)
+		 {
+		 r = BIO_set_write_buf_size(bio2, writebuf2);
+		 if (!r)
+			 goto err;
+		 }
+
+	 r = BIO_make_bio_pair(bio1, bio2);
+	 if (!r)
+		 goto err;
+	 ret = 1;
+
+ err:
+	 if (ret == 0)
+		 {
+		 if (bio1)
+			 {
+			 BIO_free(bio1);
+			 bio1 = NULL;
+			 }
+		 if (bio2)
+			 {
+			 BIO_free(bio2);
+			 bio2 = NULL;
+			 }
+		 }
+
+	 *bio1_p = bio1;
+	 *bio2_p = bio2;
+	 return ret;
+	 }
+
+size_t BIO_ctrl_get_write_guarantee(BIO *bio)
+	{
+	return BIO_ctrl(bio, BIO_C_GET_WRITE_GUARANTEE, 0, NULL);
+	}
+
+size_t BIO_ctrl_get_read_request(BIO *bio)
+	{
+	return BIO_ctrl(bio, BIO_C_GET_READ_REQUEST, 0, NULL);
+	}
diff --git a/lib/libssl/src/crypto/bio/bss_conn.c b/lib/libssl/src/crypto/bio/bss_conn.c
index 6e547bf8666..68c46e3d699 100644
--- a/lib/libssl/src/crypto/bio/bss_conn.c
+++ b/lib/libssl/src/crypto/bio/bss_conn.c
@@ -62,9 +62,7 @@
 #include <errno.h>
 #define USE_SOCKETS
 #include "cryptlib.h"
-#include "bio.h"
-
-/*	BIOerr(BIO_F_WSASTARTUP,BIO_R_WSASTARTUP ); */
+#include <openssl/bio.h>
 
 #ifdef WIN16
 #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
@@ -72,6 +70,12 @@
 #define SOCKET_PROTOCOL IPPROTO_TCP
 #endif
 
+#if (defined(VMS) && __VMS_VER < 70000000)
+/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
+#undef FIONBIO
+#endif
+
+
 typedef struct bio_connect_st
 	{
 	int state;
@@ -81,13 +85,12 @@ typedef struct bio_connect_st
 	int nbio;
 
 	unsigned char ip[4];
-	short port;
+	unsigned short port;
 
 	struct sockaddr_in them;
 
 	/* int socket; this will be kept in bio->num so that it is
 	 * compatable with the bss_sock bio */ 
-	int error;
 
 	/* called when the connection is initially made
 	 *  callback(BIO,state,ret);  The callback should return
@@ -95,38 +98,18 @@ typedef struct bio_connect_st
 	int (*info_callback)();
 	} BIO_CONNECT;
 
-#ifndef NOPROTO
 static int conn_write(BIO *h,char *buf,int num);
 static int conn_read(BIO *h,char *buf,int size);
 static int conn_puts(BIO *h,char *str);
 static long conn_ctrl(BIO *h,int cmd,long arg1,char *arg2);
 static int conn_new(BIO *h);
 static int conn_free(BIO *data);
-#else
-static int conn_write();
-static int conn_read();
-static int conn_puts();
-static long conn_ctrl();
-static int conn_new();
-static int conn_free();
-#endif
-
-#ifndef NOPROTO
 
 static int conn_state(BIO *b, BIO_CONNECT *c);
 static void conn_close_socket(BIO *data);
 BIO_CONNECT *BIO_CONNECT_new(void );
 void BIO_CONNECT_free(BIO_CONNECT *a);
 
-#else
-
-static int conn_state();
-static void conn_close_socket();
-BIO_CONNECT *BIO_CONNECT_new();
-void BIO_CONNECT_free();
-
-#endif
-
 static BIO_METHOD methods_connectp=
 	{
 	BIO_TYPE_CONNECT,
@@ -140,9 +123,7 @@ static BIO_METHOD methods_connectp=
 	conn_free,
 	};
 
-static int conn_state(b,c)
-BIO *b;
-BIO_CONNECT *c;
+static int conn_state(BIO *b, BIO_CONNECT *c)
 	{
 	int ret= -1,i;
 	unsigned long l;
@@ -160,7 +141,7 @@ BIO_CONNECT *c;
 			p=c->param_hostname;
 			if (p == NULL)
 				{
-				BIOerr(BIO_F_CONN_STATE,BIO_R_NO_HOSTHNAME_SPECIFIED);
+				BIOerr(BIO_F_CONN_STATE,BIO_R_NO_HOSTNAME_SPECIFIED);
 				goto exit_loop;
 				}
 			for ( ; *p != '\0'; p++)
@@ -187,7 +168,7 @@ BIO_CONNECT *c;
 					}
 				}
 
-			if (p == NULL)
+			if (c->param_port == NULL)
 				{
 				BIOerr(BIO_F_CONN_STATE,BIO_R_NO_PORT_SPECIFIED);
 				ERR_add_error_data(2,"host=",c->param_hostname);
@@ -203,7 +184,12 @@ BIO_CONNECT *c;
 			break;
 
 		case BIO_CONN_S_GET_PORT:
-			if (BIO_get_port(c->param_port,&c->port) <= 0)
+			if (c->param_port == NULL)
+				{
+				abort();
+				goto exit_loop;
+				}
+			else if (BIO_get_port(c->param_port,&c->port) <= 0)
 				goto exit_loop;
 			c->state=BIO_CONN_S_CREATE_SOCKET;
 			break;
@@ -235,12 +221,9 @@ BIO_CONNECT *c;
 			break;
 
 		case BIO_CONN_S_NBIO:
-#ifdef FIONBIO
 			if (c->nbio)
 				{
-				l=1;
-				ret=BIO_socket_ioctl(b->num,FIONBIO,&l);
-				if (ret < 0)
+				if (!BIO_socket_nbio(b->num,1))
 					{
 					BIOerr(BIO_F_CONN_STATE,BIO_R_ERROR_SETTING_NBIO);
 					ERR_add_error_data(4,"host=",
@@ -249,7 +232,6 @@ BIO_CONNECT *c;
 					goto exit_loop;
 					}
 				}
-#endif
 			c->state=BIO_CONN_S_CONNECT;
 
 #ifdef SO_KEEPALIVE
@@ -326,17 +308,15 @@ BIO_CONNECT *c;
 			}
 		}
 
-	if (1)
-		{
+	/* Loop does not exit */
 exit_loop:
-		if (cb != NULL)
-			ret=cb((BIO *)b,c->state,ret);
-		}
+	if (cb != NULL)
+		ret=cb((BIO *)b,c->state,ret);
 end:
 	return(ret);
 	}
 
-BIO_CONNECT *BIO_CONNECT_new()
+BIO_CONNECT *BIO_CONNECT_new(void)
 	{
 	BIO_CONNECT *ret;
 
@@ -353,13 +333,14 @@ BIO_CONNECT *BIO_CONNECT_new()
 	ret->ip[3]=0;
 	ret->port=0;
 	memset((char *)&ret->them,0,sizeof(ret->them));
-	ret->error=0;
 	return(ret);
 	}
 
-void BIO_CONNECT_free(a)
-BIO_CONNECT *a;
+void BIO_CONNECT_free(BIO_CONNECT *a)
 	{
+	if(a == NULL)
+	    return;
+
 	if (a->param_hostname != NULL)
 		Free(a->param_hostname);
 	if (a->param_port != NULL)
@@ -367,13 +348,12 @@ BIO_CONNECT *a;
 	Free(a);
 	}
 
-BIO_METHOD *BIO_s_connect()
+BIO_METHOD *BIO_s_connect(void)
 	{
 	return(&methods_connectp);
 	}
 
-static int conn_new(bi)
-BIO *bi;
+static int conn_new(BIO *bi)
 	{
 	bi->init=0;
 	bi->num=INVALID_SOCKET;
@@ -384,8 +364,7 @@ BIO *bi;
 		return(1);
 	}
 
-static void conn_close_socket(bio)
-BIO *bio;
+static void conn_close_socket(BIO *bio)
 	{
 	BIO_CONNECT *c;
 
@@ -395,17 +374,12 @@ BIO *bio;
 		/* Only do a shutdown if things were established */
 		if (c->state == BIO_CONN_S_OK)
 			shutdown(bio->num,2);
-# ifdef WINDOWS
 		closesocket(bio->num);
-# else
-		close(bio->num);
-# endif
 		bio->num=INVALID_SOCKET;
 		}
 	}
 
-static int conn_free(a)
-BIO *a;
+static int conn_free(BIO *a)
 	{
 	BIO_CONNECT *data;
 
@@ -423,10 +397,7 @@ BIO *a;
 	return(1);
 	}
 	
-static int conn_read(b,out,outl)
-BIO *b;
-char *out;
-int outl;
+static int conn_read(BIO *b, char *out, int outl)
 	{
 	int ret=0;
 	BIO_CONNECT *data;
@@ -442,11 +413,7 @@ int outl;
 	if (out != NULL)
 		{
 		clear_socket_error();
-#if defined(WINDOWS)
-		ret=recv(b->num,out,outl,0);
-#else
-		ret=read(b->num,out,outl);
-#endif
+		ret=readsocket(b->num,out,outl);
 		BIO_clear_retry_flags(b);
 		if (ret <= 0)
 			{
@@ -457,10 +424,7 @@ int outl;
 	return(ret);
 	}
 
-static int conn_write(b,in,inl)
-BIO *b;
-char *in;
-int inl;
+static int conn_write(BIO *b, char *in, int inl)
 	{
 	int ret;
 	BIO_CONNECT *data;
@@ -473,11 +437,7 @@ int inl;
 		}
 
 	clear_socket_error();
-#if defined(WINDOWS)
-	ret=send(b->num,in,inl,0);
-#else
-	ret=write(b->num,in,inl);
-#endif
+	ret=writesocket(b->num,in,inl);
 	BIO_clear_retry_flags(b);
 	if (ret <= 0)
 		{
@@ -487,15 +447,11 @@ int inl;
 	return(ret);
 	}
 
-static long conn_ctrl(b,cmd,num,ptr)
-BIO *b;
-int cmd;
-long num;
-char *ptr;
+static long conn_ctrl(BIO *b, int cmd, long num, char *ptr)
 	{
 	BIO *dbio;
 	int *ip;
-	char **pptr;
+	const char **pptr;
 	long ret=1;
 	BIO_CONNECT *data;
 
@@ -519,7 +475,7 @@ char *ptr;
 	case BIO_C_GET_CONNECT:
 		if (ptr != NULL)
 			{
-			pptr=(char **)ptr;
+			pptr=(const char **)ptr;
 			if (num == 0)
 				{
 				*pptr=data->param_hostname;
@@ -559,9 +515,26 @@ char *ptr;
 				data->param_port=BUF_strdup(ptr);
 				}
 			else if (num == 2)
-				memcpy(data->ip,ptr,4);
+				{
+				char buf[16];
+
+				sprintf(buf,"%d.%d.%d.%d",
+					ptr[0],ptr[1],ptr[2],ptr[3]);
+				if (data->param_hostname != NULL)
+					Free(data->param_hostname);
+				data->param_hostname=BUF_strdup(buf);
+				memcpy(&(data->ip[0]),ptr,4);
+				}
 			else if (num == 3)
+				{
+				char buf[16];
+
+				sprintf(buf,"%d",*(int *)ptr);
+				if (data->param_port != NULL)
+					Free(data->param_port);
+				data->param_port=BUF_strdup(buf);
 				data->port= *(int *)ptr;
+				}
 			}
 		break;
 	case BIO_C_SET_NBIO:
@@ -597,7 +570,7 @@ char *ptr;
 		if (data->param_hostname)
 			BIO_set_conn_hostname(dbio,data->param_hostname);
 		BIO_set_nbio(dbio,data->nbio);
-		BIO_set_info_callback(dbio,data->info_callback);
+		(void)BIO_set_info_callback(dbio,data->info_callback);
 		break;
 	case BIO_CTRL_SET_CALLBACK:
 		data->info_callback=(int (*)())ptr;
@@ -617,9 +590,7 @@ char *ptr;
 	return(ret);
 	}
 
-static int conn_puts(bp,str)
-BIO *bp;
-char *str;
+static int conn_puts(BIO *bp, char *str)
 	{
 	int n,ret;
 
@@ -628,8 +599,7 @@ char *str;
 	return(ret);
 	}
 
-BIO *BIO_new_connect(str)
-char *str;
+BIO *BIO_new_connect(char *str)
 	{
 	BIO *ret;
 
diff --git a/lib/libssl/src/crypto/bio/bss_file.c b/lib/libssl/src/crypto/bio/bss_file.c
index 1484cf849ee..52c0c39df04 100644
--- a/lib/libssl/src/crypto/bio/bss_file.c
+++ b/lib/libssl/src/crypto/bio/bss_file.c
@@ -68,12 +68,11 @@
 #include <stdio.h>
 #include <errno.h>
 #include "cryptlib.h"
-#include "bio.h"
-#include "err.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
 
 #if !defined(NO_STDIO)
 
-#ifndef NOPROTO
 static int MS_CALLBACK file_write(BIO *h,char *buf,int num);
 static int MS_CALLBACK file_read(BIO *h,char *buf,int size);
 static int MS_CALLBACK file_puts(BIO *h,char *str);
@@ -81,16 +80,6 @@ static int MS_CALLBACK file_gets(BIO *h,char *str,int size);
 static long MS_CALLBACK file_ctrl(BIO *h,int cmd,long arg1,char *arg2);
 static int MS_CALLBACK file_new(BIO *h);
 static int MS_CALLBACK file_free(BIO *data);
-#else
-static int MS_CALLBACK file_write();
-static int MS_CALLBACK file_read();
-static int MS_CALLBACK file_puts();
-static int MS_CALLBACK file_gets();
-static long MS_CALLBACK file_ctrl();
-static int MS_CALLBACK file_new();
-static int MS_CALLBACK file_free();
-#endif
-
 static BIO_METHOD methods_filep=
 	{
 	BIO_TYPE_FILE,
@@ -104,9 +93,7 @@ static BIO_METHOD methods_filep=
 	file_free,
 	};
 
-BIO *BIO_new_file(filename,mode)
-char *filename;
-char *mode;
+BIO *BIO_new_file(const char *filename, const char *mode)
 	{
 	BIO *ret;
 	FILE *file;
@@ -125,9 +112,7 @@ char *mode;
 	return(ret);
 	}
 
-BIO *BIO_new_fp(stream,close_flag)
-FILE *stream;
-int close_flag;
+BIO *BIO_new_fp(FILE *stream, int close_flag)
 	{
 	BIO *ret;
 
@@ -138,13 +123,12 @@ int close_flag;
 	return(ret);
 	}
 
-BIO_METHOD *BIO_s_file()
+BIO_METHOD *BIO_s_file(void)
 	{
 	return(&methods_filep);
 	}
 
-static int MS_CALLBACK file_new(bi)
-BIO *bi;
+static int MS_CALLBACK file_new(BIO *bi)
 	{
 	bi->init=0;
 	bi->num=0;
@@ -152,8 +136,7 @@ BIO *bi;
 	return(1);
 	}
 
-static int MS_CALLBACK file_free(a)
-BIO *a;
+static int MS_CALLBACK file_free(BIO *a)
 	{
 	if (a == NULL) return(0);
 	if (a->shutdown)
@@ -168,10 +151,7 @@ BIO *a;
 	return(1);
 	}
 	
-static int MS_CALLBACK file_read(b,out,outl)
-BIO *b;
-char *out;
-int outl;
+static int MS_CALLBACK file_read(BIO *b, char *out, int outl)
 	{
 	int ret=0;
 
@@ -182,10 +162,7 @@ int outl;
 	return(ret);
 	}
 
-static int MS_CALLBACK file_write(b,in,inl)
-BIO *b;
-char *in;
-int inl;
+static int MS_CALLBACK file_write(BIO *b, char *in, int inl)
 	{
 	int ret=0;
 
@@ -201,11 +178,7 @@ int inl;
 	return(ret);
 	}
 
-static long MS_CALLBACK file_ctrl(b,cmd,num,ptr)
-BIO *b;
-int cmd;
-long num;
-char *ptr;
+static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, char *ptr)
 	{
 	long ret=1;
 	FILE *fp=(FILE *)b->ptr;
@@ -214,18 +187,20 @@ char *ptr;
 
 	switch (cmd)
 		{
+	case BIO_C_FILE_SEEK:
 	case BIO_CTRL_RESET:
 		ret=(long)fseek(fp,num,0);
 		break;
 	case BIO_CTRL_EOF:
 		ret=(long)feof(fp);
 		break;
+	case BIO_C_FILE_TELL:
 	case BIO_CTRL_INFO:
 		ret=ftell(fp);
 		break;
 	case BIO_C_SET_FILE_PTR:
 		file_free(b);
-		b->shutdown=(int)num;
+		b->shutdown=(int)num&BIO_CLOSE;
 		b->ptr=(char *)ptr;
 		b->init=1;
 #if defined(MSDOS) || defined(WINDOWS)
@@ -307,10 +282,7 @@ char *ptr;
 	return(ret);
 	}
 
-static int MS_CALLBACK file_gets(bp,buf,size)
-BIO *bp;
-char *buf;
-int size;
+static int MS_CALLBACK file_gets(BIO *bp, char *buf, int size)
 	{
 	int ret=0;
 
@@ -321,9 +293,7 @@ int size;
 	return(ret);
 	}
 
-static int MS_CALLBACK file_puts(bp,str)
-BIO *bp;
-char *str;
+static int MS_CALLBACK file_puts(BIO *bp, char *str)
 	{
 	int n,ret;
 
diff --git a/lib/libssl/src/crypto/bio/bss_log.c b/lib/libssl/src/crypto/bio/bss_log.c
new file mode 100644
index 00000000000..db82e757e7a
--- /dev/null
+++ b/lib/libssl/src/crypto/bio/bss_log.c
@@ -0,0 +1,232 @@
+/* crypto/bio/bss_log.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/*
+	Why BIO_s_log?
+
+	BIO_s_log is useful for system daemons (or services under NT).
+	It is one-way BIO, it sends all stuff to syslogd (or event log
+	under NT).
+
+*/
+
+
+#include <stdio.h>
+#include <errno.h>
+
+#ifndef WIN32
+#ifdef __ultrix
+#include <sys/syslog.h>
+#else
+#include <syslog.h>
+#endif
+#endif
+
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+#ifndef NO_SYSLOG
+
+
+static int MS_CALLBACK slg_write(BIO *h,char *buf,int num);
+static int MS_CALLBACK slg_puts(BIO *h,char *str);
+static long MS_CALLBACK slg_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int MS_CALLBACK slg_new(BIO *h);
+static int MS_CALLBACK slg_free(BIO *data);
+static int xopenlog(BIO* bp, const char* name, int level);
+static int xcloselog(BIO* bp);
+
+static BIO_METHOD methods_slg=
+	{
+	BIO_TYPE_MEM,"syslog",
+	slg_write,
+	NULL,
+	slg_puts,
+	NULL,
+	slg_ctrl,
+	slg_new,
+	slg_free,
+	};
+
+BIO_METHOD *BIO_s_log(void)
+	{
+	return(&methods_slg);
+	}
+
+static int MS_CALLBACK slg_new(BIO *bi)
+	{
+	bi->init=1;
+	bi->num=0;
+	bi->ptr=NULL;
+#ifndef WIN32
+	xopenlog(bi, "application", LOG_DAEMON);
+#else
+	xopenlog(bi, "application", 0);
+#endif
+	return(1);
+	}
+
+static int MS_CALLBACK slg_free(BIO *a)
+	{
+	if (a == NULL) return(0);
+	xcloselog(a);
+	return(1);
+	}
+	
+static int MS_CALLBACK slg_write(BIO *b, char *in, int inl)
+	{
+	int ret= inl;
+	char* buf= in;
+	char* pp;
+#if defined(WIN32)
+	LPTSTR lpszStrings[1];
+	WORD evtype= EVENTLOG_ERROR_TYPE;
+#else
+	int priority;
+#endif
+
+	if((buf= (char *)Malloc(inl+ 1)) == NULL){
+		return(0);
+	}
+	strncpy(buf, in, inl);
+	buf[inl]= '\0';
+#if defined(WIN32)
+	if(strncmp(buf, "ERR ", 4) == 0){
+		evtype= EVENTLOG_ERROR_TYPE;
+		pp= buf+ 4;
+	}else if(strncmp(buf, "WAR ", 4) == 0){
+		evtype= EVENTLOG_WARNING_TYPE;
+		pp= buf+ 4;
+	}else if(strncmp(buf, "INF ", 4) == 0){
+		evtype= EVENTLOG_INFORMATION_TYPE;
+		pp= buf+ 4;
+	}else{
+		evtype= EVENTLOG_ERROR_TYPE;
+		pp= buf;
+	}
+	lpszStrings[0]= pp;
+
+	if(b->ptr)
+		ReportEvent(b->ptr, evtype, 0, 1024, NULL, 1, 0,
+				lpszStrings, NULL);
+#else
+	if(strncmp(buf, "ERR ", 4) == 0){
+		priority= LOG_ERR;
+		pp= buf+ 4;
+	}else if(strncmp(buf, "WAR ", 4) == 0){
+		priority= LOG_WARNING;
+		pp= buf+ 4;
+	}else if(strncmp(buf, "INF ", 4) == 0){
+		priority= LOG_INFO;
+		pp= buf+ 4;
+	}else{
+		priority= LOG_ERR;
+		pp= buf;
+	}
+
+	syslog(priority, "%s", pp);
+#endif
+	Free(buf);
+	return(ret);
+	}
+
+static long MS_CALLBACK slg_ctrl(BIO *b, int cmd, long num, char *ptr)
+	{
+	switch (cmd)
+		{
+	case BIO_CTRL_SET:
+		xcloselog(b);
+		xopenlog(b, ptr, num);
+		break;
+	default:
+		break;
+		}
+	return(0);
+	}
+
+static int MS_CALLBACK slg_puts(BIO *bp, char *str)
+	{
+	int n,ret;
+
+	n=strlen(str);
+	ret=slg_write(bp,str,n);
+	return(ret);
+	}
+
+static int xopenlog(BIO* bp, const char* name, int level)
+{
+#if defined(WIN32)
+	if((bp->ptr= (char *)RegisterEventSource(NULL, name)) == NULL){
+		return(0);
+	}
+#else
+	openlog(name, LOG_PID|LOG_CONS, level);
+#endif
+	return(1);
+}
+
+static int xcloselog(BIO* bp)
+{
+#if defined(WIN32)
+	if(bp->ptr)
+		DeregisterEventSource((HANDLE)(bp->ptr));
+	bp->ptr= NULL;
+#else
+	closelog();
+#endif
+	return(1);
+}
+
+#endif
diff --git a/lib/libssl/src/crypto/bio/bss_mem.c b/lib/libssl/src/crypto/bio/bss_mem.c
index 40c4e39f025..7e749a503ef 100644
--- a/lib/libssl/src/crypto/bio/bss_mem.c
+++ b/lib/libssl/src/crypto/bio/bss_mem.c
@@ -59,9 +59,8 @@
 #include <stdio.h>
 #include <errno.h>
 #include "cryptlib.h"
-#include "bio.h"
+#include <openssl/bio.h>
 
-#ifndef NOPROTO
 static int mem_write(BIO *h,char *buf,int num);
 static int mem_read(BIO *h,char *buf,int size);
 static int mem_puts(BIO *h,char *str);
@@ -69,16 +68,6 @@ static int mem_gets(BIO *h,char *str,int size);
 static long mem_ctrl(BIO *h,int cmd,long arg1,char *arg2);
 static int mem_new(BIO *h);
 static int mem_free(BIO *data);
-#else
-static int mem_write();
-static int mem_read();
-static int mem_puts();
-static int mem_gets();
-static long mem_ctrl();
-static int mem_new();
-static int mem_free();
-#endif
-
 static BIO_METHOD mem_method=
 	{
 	BIO_TYPE_MEM,
@@ -92,13 +81,15 @@ static BIO_METHOD mem_method=
 	mem_free,
 	};
 
-BIO_METHOD *BIO_s_mem()
+/* bio->num is used to hold the value to return on 'empty', if it is
+ * 0, should_retry is not set */
+
+BIO_METHOD *BIO_s_mem(void)
 	{
 	return(&mem_method);
 	}
 
-static int mem_new(bi)
-BIO *bi;
+static int mem_new(BIO *bi)
 	{
 	BUF_MEM *b;
 
@@ -106,13 +97,12 @@ BIO *bi;
 		return(0);
 	bi->shutdown=1;
 	bi->init=1;
-	bi->num=0;
+	bi->num= -1;
 	bi->ptr=(char *)b;
 	return(1);
 	}
 
-static int mem_free(a)
-BIO *a;
+static int mem_free(BIO *a)
 	{
 	if (a == NULL) return(0);
 	if (a->shutdown)
@@ -126,10 +116,7 @@ BIO *a;
 	return(1);
 	}
 	
-static int mem_read(b,out,outl)
-BIO *b;
-char *out;
-int outl;
+static int mem_read(BIO *b, char *out, int outl)
 	{
 	int ret= -1;
 	BUF_MEM *bm;
@@ -151,16 +138,14 @@ int outl;
 		}
 	else if (bm->length == 0)
 		{
-		BIO_set_retry_read(b);
-		ret= -1;
+		if (b->num != 0)
+			BIO_set_retry_read(b);
+		ret= b->num;
 		}
 	return(ret);
 	}
 
-static int mem_write(b,in,inl)
-BIO *b;
-char *in;
-int inl;
+static int mem_write(BIO *b, char *in, int inl)
 	{
 	int ret= -1;
 	int blen;
@@ -183,11 +168,7 @@ end:
 	return(ret);
 	}
 
-static long mem_ctrl(b,cmd,num,ptr)
-BIO *b;
-int cmd;
-long num;
-char *ptr;
+static long mem_ctrl(BIO *b, int cmd, long num, char *ptr)
 	{
 	long ret=1;
 	char **pptr;
@@ -204,6 +185,9 @@ char *ptr;
 	case BIO_CTRL_EOF:
 		ret=(long)(bm->length == 0);
 		break;
+	case BIO_C_SET_BUF_MEM_EOF_RETURN:
+		b->num=(int)num;
+		break;
 	case BIO_CTRL_INFO:
 		ret=(long)bm->length;
 		if (ptr != NULL)
@@ -250,10 +234,7 @@ char *ptr;
 	return(ret);
 	}
 
-static int mem_gets(bp,buf,size)
-BIO *bp;
-char *buf;
-int size;
+static int mem_gets(BIO *bp, char *buf, int size)
 	{
 	int i,j;
 	int ret= -1;
@@ -283,9 +264,7 @@ int size;
 	return(ret);
 	}
 
-static int mem_puts(bp,str)
-BIO *bp;
-char *str;
+static int mem_puts(BIO *bp, char *str)
 	{
 	int n,ret;
 
diff --git a/lib/libssl/src/crypto/bio/bss_null.c b/lib/libssl/src/crypto/bio/bss_null.c
index 0791a2471a9..d04be888e53 100644
--- a/lib/libssl/src/crypto/bio/bss_null.c
+++ b/lib/libssl/src/crypto/bio/bss_null.c
@@ -59,9 +59,8 @@
 #include <stdio.h>
 #include <errno.h>
 #include "cryptlib.h"
-#include "bio.h"
+#include <openssl/bio.h>
 
-#ifndef NOPROTO
 static int null_write(BIO *h,char *buf,int num);
 static int null_read(BIO *h,char *buf,int size);
 static int null_puts(BIO *h,char *str);
@@ -69,16 +68,6 @@ static int null_gets(BIO *h,char *str,int size);
 static long null_ctrl(BIO *h,int cmd,long arg1,char *arg2);
 static int null_new(BIO *h);
 static int null_free(BIO *data);
-#else
-static int null_write();
-static int null_read();
-static int null_puts();
-static int null_gets();
-static long null_ctrl();
-static int null_new();
-static int null_free();
-#endif
-
 static BIO_METHOD null_method=
 	{
 	BIO_TYPE_NULL,
@@ -92,13 +81,12 @@ static BIO_METHOD null_method=
 	null_free,
 	};
 
-BIO_METHOD *BIO_s_null()
+BIO_METHOD *BIO_s_null(void)
 	{
 	return(&null_method);
 	}
 
-static int null_new(bi)
-BIO *bi;
+static int null_new(BIO *bi)
 	{
 	bi->init=1;
 	bi->num=0;
@@ -106,34 +94,23 @@ BIO *bi;
 	return(1);
 	}
 
-static int null_free(a)
-BIO *a;
+static int null_free(BIO *a)
 	{
 	if (a == NULL) return(0);
 	return(1);
 	}
 	
-static int null_read(b,out,outl)
-BIO *b;
-char *out;
-int outl;
+static int null_read(BIO *b, char *out, int outl)
 	{
 	return(0);
 	}
 
-static int null_write(b,in,inl)
-BIO *b;
-char *in;
-int inl;
+static int null_write(BIO *b, char *in, int inl)
 	{
 	return(inl);
 	}
 
-static long null_ctrl(b,cmd,num,ptr)
-BIO *b;
-int cmd;
-long num;
-char *ptr;
+static long null_ctrl(BIO *b, int cmd, long num, char *ptr)
 	{
 	long ret=1;
 
@@ -159,17 +136,12 @@ char *ptr;
 	return(ret);
 	}
 
-static int null_gets(bp,buf,size)
-BIO *bp;
-char *buf;
-int size;
+static int null_gets(BIO *bp, char *buf, int size)
 	{
 	return(0);
 	}
 
-static int null_puts(bp,str)
-BIO *bp;
-char *str;
+static int null_puts(BIO *bp, char *str)
 	{
 	if (str == NULL) return(0);
 	return(strlen(str));
diff --git a/lib/libssl/src/crypto/bio/bss_rtcp.c b/lib/libssl/src/crypto/bio/bss_rtcp.c
index 6eb434dee8c..2ef040057e3 100644
--- a/lib/libssl/src/crypto/bio/bss_rtcp.c
+++ b/lib/libssl/src/crypto/bio/bss_rtcp.c
@@ -58,6 +58,7 @@
 
 /* Written by David L. Jones <jonesd@kcgl1.eng.ohio-state.edu>
  * Date:   22-JUL-1996
+ * Revised: 25-SEP-1997		Update for 0.8.1, BIO_CTRL_SET -> BIO_C_SET_FD
  */
 /* VMS */
 #include <stdio.h>
@@ -65,10 +66,11 @@
 #include <string.h>
 #include <errno.h>
 #include "cryptlib.h"
-#include "bio.h"
+#include <openssl/bio.h>
 
 #include <iodef.h>		/* VMS IO$_ definitions */
-extern int SYS$QIOW();
+#include <starlet.h>
+
 typedef unsigned short io_channel;
 /*************************************************************************/
 struct io_status { short status, count; long flags; };
@@ -107,18 +109,24 @@ static BIO_METHOD rtcp_method=
 	rtcp_free,
 	};
 
-BIO_METHOD *BIO_s_rtcp()
+BIO_METHOD *BIO_s_rtcp(void)
 	{
 	return(&rtcp_method);
 	}
 /*****************************************************************************/
 /* Decnet I/O routines.
  */
+
+#ifdef __DECC
+#pragma message save
+#pragma message disable DOLLARID
+#endif
+
 static int get ( io_channel chan, char *buffer, int maxlen, int *length )
 {
     int status;
     struct io_status iosb;
-    status = SYS$QIOW ( 0, chan, IO$_READVBLK, &iosb, 0, 0,
+    status = sys$qiow ( 0, chan, IO$_READVBLK, &iosb, 0, 0,
 	buffer, maxlen, 0, 0, 0, 0 );
     if ( (status&1) == 1 ) status = iosb.status;
     if ( (status&1) == 1 ) *length = iosb.count;
@@ -129,15 +137,19 @@ static int put ( io_channel chan, char *buffer, int length )
 {
     int status;
     struct io_status iosb;
-    status = SYS$QIOW ( 0, chan, IO$_WRITEVBLK, &iosb, 0, 0,
+    status = sys$qiow ( 0, chan, IO$_WRITEVBLK, &iosb, 0, 0,
 	buffer, length, 0, 0, 0, 0 );
     if ( (status&1) == 1 ) status = iosb.status;
     return status;
 }
+
+#ifdef __DECC
+#pragma message restore
+#endif
+
 /***************************************************************************/
 
-static int rtcp_new(bi)
-BIO *bi;
+static int rtcp_new(BIO *bi)
 {
     struct rpc_ctx *ctx;
 	bi->init=1;
@@ -150,8 +162,7 @@ BIO *bi;
 	return(1);
 }
 
-static int rtcp_free(a)
-BIO *a;
+static int rtcp_free(BIO *a)
 {
 	if (a == NULL) return(0);
 	if ( a->ptr ) Free ( a->ptr );
@@ -159,10 +170,7 @@ BIO *a;
 	return(1);
 }
 	
-static int rtcp_read(b,out,outl)
-BIO *b;
-char *out;
-int outl;
+static int rtcp_read(BIO *b, char *out, int outl)
 {
     int status, length;
     struct rpc_ctx *ctx;
@@ -209,10 +217,7 @@ int outl;
     return length;
 }
 
-static int rtcp_write(b,in,inl)
-BIO *b;
-char *in;
-int inl;
+static int rtcp_write(BIO *b, char *in, int inl)
 {
     int status, i, segment, length;
     struct rpc_ctx *ctx;
@@ -241,11 +246,7 @@ int inl;
     return(i);
 }
 
-static long rtcp_ctrl(b,cmd,num,ptr)
-BIO *b;
-int cmd;
-long num;
-char *ptr;
+static long rtcp_ctrl(BIO *b, int cmd, long num, char *ptr)
 	{
 	long ret=1;
 
@@ -255,7 +256,7 @@ char *ptr;
 	case BIO_CTRL_EOF:
 		ret = 1;
 		break;
-	case BIO_CTRL_SET:
+	case BIO_C_SET_FD:
 		b->num = num;
 		ret = 1;
 	 	break;
@@ -276,17 +277,12 @@ char *ptr;
 	return(ret);
 	}
 
-static int rtcp_gets(bp,buf,size)
-BIO *bp;
-char *buf;
-int size;
+static int rtcp_gets(BIO *bp, char *buf, int size)
 	{
 	return(0);
 	}
 
-static int rtcp_puts(bp,str)
-BIO *bp;
-char *str;
+static int rtcp_puts(BIO *bp, char *str)
 {
     int length;
     if (str == NULL) return(0);
diff --git a/lib/libssl/src/crypto/bio/bss_sock.c b/lib/libssl/src/crypto/bio/bss_sock.c
index d907a2867ba..d336b99fe81 100644
--- a/lib/libssl/src/crypto/bio/bss_sock.c
+++ b/lib/libssl/src/crypto/bio/bss_sock.c
@@ -62,10 +62,9 @@
 #include <errno.h>
 #define USE_SOCKETS
 #include "cryptlib.h"
-#include "bio.h"
+#include <openssl/bio.h>
 
 #ifndef BIO_FD
-#ifndef NOPROTO
 static int sock_write(BIO *h,char *buf,int num);
 static int sock_read(BIO *h,char *buf,int size);
 static int sock_puts(BIO *h,char *str);
@@ -74,18 +73,7 @@ static int sock_new(BIO *h);
 static int sock_free(BIO *data);
 int BIO_sock_should_retry(int s);
 #else
-static int sock_write();
-static int sock_read();
-static int sock_puts();
-static long sock_ctrl();
-static int sock_new();
-static int sock_free();
-int BIO_sock_should_retry();
-#endif
-
-#else
 
-#ifndef NOPROTO
 static int fd_write(BIO *h,char *buf,int num);
 static int fd_read(BIO *h,char *buf,int size);
 static int fd_puts(BIO *h,char *str);
@@ -93,15 +81,6 @@ static long fd_ctrl(BIO *h,int cmd,long arg1,char *arg2);
 static int fd_new(BIO *h);
 static int fd_free(BIO *data);
 int BIO_fd_should_retry(int s);
-#else
-static int fd_write();
-static int fd_read();
-static int fd_puts();
-static long fd_ctrl();
-static int fd_new();
-static int fd_free();
-int BIO_fd_should_retry();
-#endif
 #endif
 
 #ifndef BIO_FD
@@ -118,7 +97,7 @@ static BIO_METHOD methods_sockp=
 	sock_free,
 	};
 
-BIO_METHOD *BIO_s_socket()
+BIO_METHOD *BIO_s_socket(void)
 	{
 	return(&methods_sockp);
 	}
@@ -135,19 +114,17 @@ static BIO_METHOD methods_fdp=
 	fd_free,
 	};
 
-BIO_METHOD *BIO_s_fd()
+BIO_METHOD *BIO_s_fd(void)
 	{
 	return(&methods_fdp);
 	}
 #endif
 
 #ifndef BIO_FD
-BIO *BIO_new_socket(fd,close_flag)
+BIO *BIO_new_socket(int fd, int close_flag)
 #else
-BIO *BIO_new_fd(fd,close_flag)
+BIO *BIO_new_fd(int fd,int close_flag)
 #endif
-int fd;
-int close_flag;
 	{
 	BIO *ret;
 
@@ -162,11 +139,10 @@ int close_flag;
 	}
 
 #ifndef BIO_FD
-static int sock_new(bi)
+static int sock_new(BIO *bi)
 #else
-static int fd_new(bi)
+static int fd_new(BIO *bi)
 #endif
-BIO *bi;
 	{
 	bi->init=0;
 	bi->num=0;
@@ -176,11 +152,10 @@ BIO *bi;
 	}
 
 #ifndef BIO_FD
-static int sock_free(a)
+static int sock_free(BIO *a)
 #else
-static int fd_free(a)
+static int fd_free(BIO *a)
 #endif
-BIO *a;
 	{
 	if (a == NULL) return(0);
 	if (a->shutdown)
@@ -189,11 +164,7 @@ BIO *a;
 			{
 #ifndef BIO_FD
 			shutdown(a->num,2);
-# ifdef WINDOWS
 			closesocket(a->num);
-# else
-			close(a->num);
-# endif
 #else			/* BIO_FD */
 			close(a->num);
 #endif
@@ -206,21 +177,18 @@ BIO *a;
 	}
 	
 #ifndef BIO_FD
-static int sock_read(b,out,outl)
+static int sock_read(BIO *b, char *out, int outl)
 #else
-static int fd_read(b,out,outl)
+static int fd_read(BIO *b, char *out,int outl)
 #endif
-BIO *b;
-char *out;
-int outl;
 	{
 	int ret=0;
 
 	if (out != NULL)
 		{
-#if defined(WINDOWS) && !defined(BIO_FD)
+#ifndef BIO_FD
 		clear_socket_error();
-		ret=recv(b->num,out,outl,0);
+		ret=readsocket(b->num,out,outl);
 #else
 		clear_sys_error();
 		ret=read(b->num,out,outl);
@@ -240,19 +208,16 @@ int outl;
 	}
 
 #ifndef BIO_FD
-static int sock_write(b,in,inl)
+static int sock_write(BIO *b, char *in, int inl)
 #else
-static int fd_write(b,in,inl)
+static int fd_write(BIO *b, char *in, int inl)
 #endif
-BIO *b;
-char *in;
-int inl;
 	{
 	int ret;
 	
-#if defined(WINDOWS) && !defined(BIO_FD)
+#ifndef BIO_FD
 	clear_socket_error();
-	ret=send(b->num,in,inl,0);
+	ret=writesocket(b->num,in,inl);
 #else
 	clear_sys_error();
 	ret=write(b->num,in,inl);
@@ -271,14 +236,10 @@ int inl;
 	}
 
 #ifndef BIO_FD
-static long sock_ctrl(b,cmd,num,ptr)
+static long sock_ctrl(BIO *b, int cmd, long num, char *ptr)
 #else
-static long fd_ctrl(b,cmd,num,ptr)
+static long fd_ctrl(BIO *b, int cmd, long num, char *ptr)
 #endif
-BIO *b;
-int cmd;
-long num;
-char *ptr;
 	{
 	long ret=1;
 	int *ip;
@@ -286,14 +247,21 @@ char *ptr;
 	switch (cmd)
 		{
 	case BIO_CTRL_RESET:
+		num=0;
+	case BIO_C_FILE_SEEK:
 #ifdef BIO_FD
-		ret=(long)lseek(b->num,0,0);
+		ret=(long)lseek(b->num,num,0);
 #else
 		ret=0;
 #endif
 		break;
+	case BIO_C_FILE_TELL:
 	case BIO_CTRL_INFO:
+#ifdef BIO_FD
+		ret=(long)lseek(b->num,0,1);
+#else
 		ret=0;
+#endif
 		break;
 	case BIO_C_SET_FD:
 #ifndef BIO_FD
@@ -329,7 +297,6 @@ char *ptr;
 	case BIO_CTRL_FLUSH:
 		ret=1;
 		break;
-		break;
 	default:
 		ret=0;
 		break;
@@ -338,22 +305,17 @@ char *ptr;
 	}
 
 #ifdef undef
-static int sock_gets(bp,buf,size)
-BIO *bp;
-char *buf;
-int size;
+static int sock_gets(BIO *bp, char *buf,int size)
 	{
 	return(-1);
 	}
 #endif
 
 #ifndef BIO_FD
-static int sock_puts(bp,str)
+static int sock_puts(BIO *bp, char *str)
 #else
-static int fd_puts(bp,str)
+static int fd_puts(BIO *bp, char *str)
 #endif
-BIO *bp;
-char *str;
 	{
 	int n,ret;
 
@@ -367,23 +329,22 @@ char *str;
 	}
 
 #ifndef BIO_FD
-int BIO_sock_should_retry(i)
+int BIO_sock_should_retry(int i)
 #else
-int BIO_fd_should_retry(i)
+int BIO_fd_should_retry(int i)
 #endif
-int i;
 	{
 	int err;
 
 	if ((i == 0) || (i == -1))
 		{
-#if !defined(BIO_FD) && defined(WINDOWS)
+#ifndef BIO_FD
 		err=get_last_socket_error();
 #else
 		err=get_last_sys_error();
 #endif
 
-#if defined(WINDOWS) /* more microsoft stupidity */
+#if defined(WINDOWS) && 0 /* more microsoft stupidity? perhaps not? Ben 4/1/99 */
 		if ((i == -1) && (err == 0))
 			return(1);
 #endif
@@ -398,11 +359,10 @@ int i;
 	}
 
 #ifndef BIO_FD
-int BIO_sock_non_fatal_error(err)
+int BIO_sock_non_fatal_error(int err)
 #else
-int BIO_fd_non_fatal_error(err)
+int BIO_fd_non_fatal_error(int err)
 #endif
-int err;
 	{
 	switch (err)
 		{
@@ -411,8 +371,10 @@ int err;
 	case WSAEWOULDBLOCK:
 # endif
 
-# if defined(WSAENOTCONN)
+# if 0 /* This appears to always be an error */
+#  if defined(WSAENOTCONN)
 	case WSAENOTCONN:
+#  endif
 # endif
 #endif
 
@@ -452,7 +414,7 @@ int err;
 	case EALREADY:
 #endif
 		return(1);
-		break;
+		/* break; */
 	default:
 		break;
 		}
diff --git a/lib/libssl/src/crypto/bn/Makefile.ssl b/lib/libssl/src/crypto/bn/Makefile.ssl
index 9809d26cbcb..fcabb62452b 100644
--- a/lib/libssl/src/crypto/bn/Makefile.ssl
+++ b/lib/libssl/src/crypto/bn/Makefile.ssl
@@ -7,35 +7,35 @@ TOP=	../..
 CC=	cc
 INCLUDES= -I.. -I../../include
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
-BN_MULW=	bn_mulw.o
+BN_ASM=		bn_asm.o
 # or use
-#BN_MULW=	bn86-elf.o
+#BN_ASM=	bn86-elf.o
 
 CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS=$(CFLAGS)
 
-ERR=bn
-ERRC=bn_err
 GENERAL=Makefile
 TEST=bntest.c exptest.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=	bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mod.c bn_mul.c \
-	bn_print.c bn_rand.c bn_shift.c bn_sub.c bn_word.c bn_blind.c \
-	bn_gcd.c bn_prime.c $(ERRC).c bn_sqr.c bn_mulw.c bn_recp.c bn_mont.c \
-	bn_mpi.c
-
-LIBOBJ=	bn_add.o bn_div.o bn_exp.o bn_lib.o bn_mod.o bn_mul.o \
-	bn_print.o bn_rand.o bn_shift.o bn_sub.o bn_word.o bn_blind.o \
-	bn_gcd.o bn_prime.o $(ERRC).o bn_sqr.o $(BN_MULW) bn_recp.o bn_mont.o \
-	bn_mpi.o
+LIBSRC=	bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mul.c \
+	bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
+	bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c bn_recp.c bn_mont.c \
+	bn_mpi.c bn_exp2.c
 
+LIBOBJ=	bn_add.o bn_div.o bn_exp.o bn_lib.o bn_mul.o \
+	bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \
+	bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) bn_recp.o bn_mont.o \
+	bn_mpi.o bn_exp2.o
 
 SRC= $(LIBSRC)
 
@@ -58,53 +58,90 @@ knuth.fast: bn_knuth.c
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 	@touch lib
 
 # elf
 asm/bn86-elf.o: asm/bn86unix.cpp
 	$(CPP) -DELF asm/bn86unix.cpp | as -o asm/bn86-elf.o
 
+asm/co86-elf.o: asm/co86unix.cpp
+	$(CPP) -DELF asm/co86unix.cpp | as -o asm/co86-elf.o
+
 # solaris
 asm/bn86-sol.o: asm/bn86unix.cpp
 	$(CC) -E -DSOL asm/bn86unix.cpp | sed 's/^#.*//' > asm/bn86-sol.s
 	as -o asm/bn86-sol.o asm/bn86-sol.s
 	rm -f asm/bn86-sol.s
 
+asm/co86-sol.o: asm/co86unix.cpp
+	$(CC) -E -DSOL asm/co86unix.cpp | sed 's/^#.*//' > asm/co86-sol.s
+	as -o asm/co86-sol.o asm/co86-sol.s
+	rm -f asm/co86-sol.s
+
 # a.out
 asm/bn86-out.o: asm/bn86unix.cpp
 	$(CPP) -DOUT asm/bn86unix.cpp | as -o asm/bn86-out.o
 
+asm/co86-out.o: asm/co86unix.cpp
+	$(CPP) -DOUT asm/co86unix.cpp | as -o asm/co86-out.o
+
 # bsdi
 asm/bn86bsdi.o: asm/bn86unix.cpp
-	$(CPP) -DBSDI asm/bn86unix.cpp | as -o asm/bn86bsdi.o
+	$(CPP) -DBSDI asm/bn86unix.cpp | sed 's/ :/:/' | as -o asm/bn86bsdi.o
+
+asm/co86bsdi.o: asm/co86unix.cpp
+	$(CPP) -DBSDI asm/co86unix.cpp | sed 's/ :/:/' | as -o asm/co86bsdi.o
+
+asm/bn86unix.cpp: asm/bn-586.pl
+	(cd asm; $(PERL) bn-586.pl cpp >bn86unix.cpp )
+
+asm/co86unix.cpp: asm/co-586.pl
+	(cd asm; $(PERL) co-586.pl cpp >co86unix.cpp )
 
-asm/bn86unix.cpp:
-	(cd asm; perl bn-586.pl cpp >bn86unix.cpp )
+asm/sparcv8.o: asm/sparcv8.S
+
+asm/sparcv8plus.o: asm/sparcv8plus.S
+
+# Old GNU assembler doesn't understand V9 instructions, so we
+# hire /usr/ccs/bin/as to do the job. Note that option is called
+# *-gcc27, but even gcc 2>=8 users may experience similar problem
+# if they didn't bother to upgrade GNU assembler. Such users should
+# not choose this option, but be adviced to *remove* GNU assembler
+# or upgrade it.
+asm/sparcv8plus-gcc27.o: asm/sparcv8plus.S
+	$(CC) $(ASFLAGS) -E asm/sparcv8plus.S | \
+		/usr/ccs/bin/as -xarch=v8plus - -o asm/sparcv8plus-gcc27.o
+
+# MIPS 64 bit assember 
+asm/mips3.o: asm/mips3.s
+
+# MIPS 32 bit assember
+asm/mips1.o: asm/mips1.s
+	/usr/bin/as -O2 -o asm/mips1.o asm/mips1.s
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 exptest:
-	/bin/rm -f exptest
+	rm -f exptest
 	gcc -I../../include -g2 -ggdb -o exptest exptest.c ../../libcrypto.a
 
 div:
-	/bin/rm -f a.out
+	rm -f a.out
 	gcc -I.. -g div.c ../../libcrypto.a
 
 tags:
@@ -116,18 +153,124 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff bn_mulw.s
-
-errors:
-	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).org # special case .org
-	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+	rm -f asm/co86unix.cpp asm/bn86unix.cpp *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff bn_asm.s
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+bn_add.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_add.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_add.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bn_add.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_add.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bn_add.o: ../cryptlib.h bn_lcl.h
+bn_asm.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_asm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_asm.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bn_asm.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_asm.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bn_asm.o: ../cryptlib.h bn_lcl.h
+bn_blind.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_blind.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_blind.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bn_blind.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_blind.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bn_blind.o: ../cryptlib.h bn_lcl.h
+bn_div.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_div.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_div.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bn_div.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_div.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bn_div.o: ../cryptlib.h bn_lcl.h
+bn_err.o: ../../include/openssl/bn.h ../../include/openssl/err.h
+bn_err.o: ../../include/openssl/opensslconf.h
+bn_exp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_exp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_exp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bn_exp.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_exp.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bn_exp.o: ../cryptlib.h bn_lcl.h
+bn_exp2.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_exp2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bn_exp2.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_exp2.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bn_exp2.o: ../cryptlib.h bn_lcl.h
+bn_gcd.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_gcd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_gcd.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bn_gcd.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_gcd.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bn_gcd.o: ../cryptlib.h bn_lcl.h
+bn_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bn_lib.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bn_lib.o: ../cryptlib.h bn_lcl.h
+bn_mont.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mont.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_mont.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bn_mont.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_mont.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bn_mont.o: ../cryptlib.h bn_lcl.h
+bn_mpi.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mpi.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_mpi.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bn_mpi.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_mpi.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bn_mpi.o: ../cryptlib.h bn_lcl.h
+bn_mul.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mul.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_mul.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bn_mul.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_mul.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bn_mul.o: ../cryptlib.h bn_lcl.h
+bn_prime.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_prime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_prime.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bn_prime.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_prime.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+bn_prime.o: ../../include/openssl/stack.h ../cryptlib.h bn_lcl.h bn_prime.h
+bn_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_print.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bn_print.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_print.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bn_print.o: ../cryptlib.h bn_lcl.h
+bn_rand.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_rand.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_rand.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bn_rand.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+bn_rand.o: ../../include/openssl/stack.h ../cryptlib.h bn_lcl.h
+bn_recp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_recp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_recp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bn_recp.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_recp.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bn_recp.o: ../cryptlib.h bn_lcl.h
+bn_shift.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_shift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_shift.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bn_shift.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_shift.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bn_shift.o: ../cryptlib.h bn_lcl.h
+bn_sqr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_sqr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_sqr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bn_sqr.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_sqr.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bn_sqr.o: ../cryptlib.h bn_lcl.h
+bn_word.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_word.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_word.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bn_word.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_word.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+bn_word.o: ../cryptlib.h bn_lcl.h
diff --git a/lib/libssl/src/crypto/bn/asm/alpha.s b/lib/libssl/src/crypto/bn/asm/alpha.s
index 1d17b1d6195..a351694ca23 100644
--- a/lib/libssl/src/crypto/bn/asm/alpha.s
+++ b/lib/libssl/src/crypto/bn/asm/alpha.s
@@ -1,8 +1,14 @@
  # DEC Alpha assember
- # The bn_div64 is actually gcc output but the other parts are hand done.
+ # The bn_div_words is actually gcc output but the other parts are hand done.
  # Thanks to tzeruch@ceddec.com for sending me the gcc output for
- # bn_div64.
-	.file	1 "bn_mulw.c"
+ # bn_div_words.
+ # I've gone back and re-done most of routines.
+ # The key thing to remeber for the 164 CPU is that while a
+ # multiply operation takes 8 cycles, another one can only be issued
+ # after 4 cycles have elapsed.  I've done modification to help
+ # improve this.  Also, normally, a ld instruction will not be available
+ # for about 3 cycles.
+	.file	1 "bn_asm.c"
 	.set noat
 gcc2_compiled.:
 __gnu_compiled_c:
@@ -14,65 +20,91 @@ bn_mul_add_words:
 bn_mul_add_words..ng:
 	.frame $30,0,$26,0
 	.prologue 0
-	subq $18,2,$25	# num=-2
-	bis $31,$31,$0
-	blt $25,$42
 	.align 5
-$142:
-	subq $18,2,$18	# num-=2
-	subq $25,2,$25	# num-=2
-
-	ldq $1,0($17)	# a[0]
-	ldq $2,8($17)	# a[1]
-
-	mulq $19,$1,$3	# a[0]*w low part	r3
- 	umulh $19,$1,$1 # a[0]*w high part	r1
-	mulq $19,$2,$4	# a[1]*w low part	r4
- 	umulh $19,$2,$2 # a[1]*w high part	r2
-
-	ldq $22,0($16)	# r[0]			r22
-	ldq $23,8($16)	# r[1]			r23
-
-	addq $3,$22,$3	# a0 low part + r[0]	
-	addq $4,$23,$4	# a1 low part + r[1]	
-	cmpult $3,$22,$5 # overflow?
-	cmpult $4,$23,$6 # overflow?
-	addq $5,$1,$1	# high part + overflow 
-	addq $6,$2,$2	# high part + overflow 
-
-	addq $3,$0,$3	# add c
-	cmpult $3,$0,$5 # overflow?
-	stq $3,0($16)
-	addq $5,$1,$0	# c=high part + overflow 
-
-	addq $4,$0,$4	# add c
-	cmpult $4,$0,$5 # overflow?
-	stq $4,8($16)
-	addq $5,$2,$0	# c=high part + overflow 
+	subq	$18,4,$18
+	bis	$31,$31,$0
+	blt	$18,$43		# if we are -1, -2, -3 or -4 goto tail code
+	ldq	$20,0($17)	# 1 1
+	ldq	$1,0($16)	# 1 1
+	.align 3
+$42:
+	mulq	$20,$19,$5	# 1 2 1	######
+	ldq	$21,8($17)	# 2 1
+	ldq	$2,8($16)	# 2 1
+	umulh	$20,$19,$20	# 1 2	######
+	ldq	$27,16($17)	# 3 1
+	ldq	$3,16($16)	# 3 1
+	mulq	$21,$19,$6	# 2 2 1	######
+	 ldq	$28,24($17)	# 4 1
+	addq	$1,$5,$1	# 1 2 2
+	 ldq	$4,24($16)	# 4 1
+	umulh	$21,$19,$21	# 2 2	######
+	 cmpult	$1,$5,$22	# 1 2 3 1
+	addq	$20,$22,$20	# 1 3 1
+	 addq	$1,$0,$1	# 1 2 3 1
+	mulq	$27,$19,$7	# 3 2 1	######
+	 cmpult	$1,$0,$0	# 1 2 3 2
+	addq	$2,$6,$2	# 2 2 2
+	 addq	$20,$0,$0	# 1 3 2 
+	cmpult	$2,$6,$23	# 2 2 3 1
+	 addq	$21,$23,$21	# 2 3 1
+	umulh	$27,$19,$27	# 3 2	######
+	 addq	$2,$0,$2	# 2 2 3 1
+	cmpult	$2,$0,$0	# 2 2 3 2
+	 subq	$18,4,$18
+	mulq	$28,$19,$8	# 4 2 1	######
+	 addq	$21,$0,$0	# 2 3 2 
+	addq	$3,$7,$3	# 3 2 2
+	 addq	$16,32,$16
+	cmpult	$3,$7,$24	# 3 2 3 1
+	 stq	$1,-32($16)	# 1 2 4
+	umulh	$28,$19,$28	# 4 2	######
+	 addq	$27,$24,$27	# 3 3 1
+	addq	$3,$0,$3	# 3 2 3 1
+	 stq	$2,-24($16)	# 2 2 4
+	cmpult	$3,$0,$0	# 3 2 3 2
+	 stq	$3,-16($16)	# 3 2 4
+	addq	$4,$8,$4	# 4 2 2
+	 addq	$27,$0,$0	# 3 3 2 
+	cmpult	$4,$8,$25	# 4 2 3 1
+	 addq	$17,32,$17
+	addq	$28,$25,$28	# 4 3 1
+	 addq	$4,$0,$4	# 4 2 3 1
+	cmpult	$4,$0,$0	# 4 2 3 2
+	 stq	$4,-8($16)	# 4 2 4
+	addq	$28,$0,$0	# 4 3 2 
+	 blt	$18,$43
 
-	ble $18,$43
+	ldq	$20,0($17)	# 1 1
+	ldq	$1,0($16)	# 1 1
 
- 	addq $16,16,$16
- 	addq $17,16,$17
-	blt $25,$42
+	br	$42
 
- 	br $31,$142
-$42:
-	ldq $1,0($17)	# a[0]
- 	umulh $19,$1,$3 # a[0]*w high part
-	mulq $19,$1,$1	# a[0]*w low part
-	ldq $2,0($16)	# r[0]
-	addq $1,$2,$1	# low part + r[0]
-	cmpult $1,$2,$4 # overflow?
-	addq $4,$3,$3	# high part + overflow 
-	addq $1,$0,$1	# add c
-	cmpult $1,$0,$4 # overflow?
-	addq $4,$3,$0	# c=high part + overflow 
-	stq $1,0($16)
+	.align 4
+$45:
+	ldq	$20,0($17)	# 4 1
+	ldq	$1,0($16)	# 4 1
+	mulq	$20,$19,$5	# 4 2 1
+	subq	$18,1,$18
+	addq	$16,8,$16
+	addq	$17,8,$17
+	umulh	$20,$19,$20	# 4 2
+	addq	$1,$5,$1	# 4 2 2
+	cmpult	$1,$5,$22	# 4 2 3 1
+	addq	$20,$22,$20	# 4 3 1
+	addq	$1,$0,$1	# 4 2 3 1
+	cmpult	$1,$0,$0	# 4 2 3 2
+	addq	$20,$0,$0	# 4 3 2 
+	stq	$1,-8($16)	# 4 2 4
+	bgt	$18,$45
+	ret	$31,($26),1	# else exit
 
 	.align 4
 $43:
-	ret $31,($26),1
+	addq	$18,4,$18
+	bgt	$18,$45		# goto tail code
+	ret	$31,($26),1	# else exit
+
 	.end bn_mul_add_words
 	.align 3
 	.globl bn_mul_words
@@ -81,49 +113,75 @@ bn_mul_words:
 bn_mul_words..ng:
 	.frame $30,0,$26,0
 	.prologue 0
-	subq $18,2,$25	# num=-2
-	bis $31,$31,$0
-	blt $25,$242
 	.align 5
-$342:
-	subq $18,2,$18	# num-=2
-	subq $25,2,$25	# num-=2
-
-	ldq $1,0($17)	# a[0]
-	ldq $2,8($17)	# a[1]
-
-	mulq $19,$1,$3	# a[0]*w low part	r3
- 	umulh $19,$1,$1 # a[0]*w high part	r1
-	mulq $19,$2,$4	# a[1]*w low part	r4
- 	umulh $19,$2,$2 # a[1]*w high part	r2
-
-	addq $3,$0,$3	# add c
-	cmpult $3,$0,$5 # overflow?
-	stq $3,0($16)
-	addq $5,$1,$0	# c=high part + overflow 
-
-	addq $4,$0,$4	# add c
-	cmpult $4,$0,$5 # overflow?
-	stq $4,8($16)
-	addq $5,$2,$0	# c=high part + overflow 
-
-	ble $18,$243
-
- 	addq $16,16,$16
- 	addq $17,16,$17
-	blt $25,$242
-
- 	br $31,$342
-$242:
-	ldq $1,0($17)	# a[0]
- 	umulh $19,$1,$3 # a[0]*w high part
-	mulq $19,$1,$1	# a[0]*w low part
-	addq $1,$0,$1	# add c
-	cmpult $1,$0,$4 # overflow?
-	addq $4,$3,$0	# c=high part + overflow 
-	stq $1,0($16)
-$243:
-	ret $31,($26),1
+	subq	$18,4,$18
+	bis	$31,$31,$0
+	blt	$18,$143	# if we are -1, -2, -3 or -4 goto tail code
+	ldq	$20,0($17)	# 1 1
+	.align 3
+$142:
+
+	mulq	$20,$19,$5	# 1 2 1	#####
+	 ldq	$21,8($17)	# 2 1
+	 ldq	$27,16($17)	# 3 1
+	umulh	$20,$19,$20	# 1 2	#####
+	 ldq	$28,24($17)	# 4 1
+	mulq	$21,$19,$6	# 2 2 1	#####
+	 addq	$5,$0,$5	# 1 2 3 1
+	subq	$18,4,$18
+	 cmpult	$5,$0,$0	# 1 2 3 2
+	umulh	$21,$19,$21	# 2 2	#####
+	 addq	$20,$0,$0	# 1 3 2 
+	addq	$17,32,$17
+	 addq	$6,$0,$6	# 2 2 3 1
+	mulq	$27,$19,$7	# 3 2 1	#####
+	 cmpult	$6,$0,$0	# 2 2 3 2
+	addq	$21,$0,$0	# 2 3 2 
+	 addq	$16,32,$16
+	umulh	$27,$19,$27	# 3 2	#####
+	 stq	$5,-32($16)	# 1 2 4
+	mulq	$28,$19,$8	# 4 2 1	#####
+	 addq	$7,$0,$7	# 3 2 3 1
+	stq	$6,-24($16)	# 2 2 4
+	 cmpult	$7,$0,$0	# 3 2 3 2
+	umulh	$28,$19,$28	# 4 2	#####
+	 addq	$27,$0,$0	# 3 3 2 
+	stq	$7,-16($16)	# 3 2 4
+	 addq	$8,$0,$8	# 4 2 3 1
+	cmpult	$8,$0,$0	# 4 2 3 2
+
+	addq	$28,$0,$0	# 4 3 2 
+
+	stq	$8,-8($16)	# 4 2 4
+
+	blt	$18,$143
+
+	ldq	$20,0($17)	# 1 1
+
+	br	$142
+
+	.align 4
+$145:
+	ldq	$20,0($17)	# 4 1
+	mulq	$20,$19,$5	# 4 2 1
+	subq	$18,1,$18
+	umulh	$20,$19,$20	# 4 2
+	addq	$5,$0,$5	# 4 2 3 1
+	 addq	$16,8,$16
+	cmpult	$5,$0,$0	# 4 2 3 2
+	 addq	$17,8,$17
+	addq	$20,$0,$0	# 4 3 2 
+	stq	$5,-8($16)	# 4 2 4
+
+	bgt	$18,$145
+	ret	$31,($26),1	# else exit
+
+	.align 4
+$143:
+	addq	$18,4,$18
+	bgt	$18,$145	# goto tail code
+	ret	$31,($26),1	# else exit
+
 	.end bn_mul_words
 	.align 3
 	.globl bn_sqr_words
@@ -132,44 +190,58 @@ bn_sqr_words:
 bn_sqr_words..ng:
 	.frame $30,0,$26,0
 	.prologue 0
-	
-	subq $18,2,$25	# num=-2
-	blt $25,$442
-	.align 5
-$542:
-	subq $18,2,$18	# num-=2
-	subq $25,2,$25	# num-=2
-
-	ldq $1,0($17)	# a[0]
-	ldq $4,8($17)	# a[1]
 
-	mulq $1,$1,$2	# a[0]*w low part	r2
- 	umulh $1,$1,$3 # a[0]*w high part	r3
-	mulq $4,$4,$5	# a[1]*w low part	r5
- 	umulh $4,$4,$6 # a[1]*w high part	r6
-
-	stq $2,0($16)	# r[0]
-	stq $3,8($16)	# r[1]
-	stq $5,16($16)	# r[3]
-	stq $6,24($16)	# r[4]
+	subq	$18,4,$18
+	blt	$18,$543	# if we are -1, -2, -3 or -4 goto tail code
+	ldq	$20,0($17)	# 1 1
+	.align 3
+$542:
+	mulq	$20,$20,$5		######
+	 ldq	$21,8($17)	# 1 1
+	subq	$18,4
+ 	umulh	$20,$20,$1		######
+	ldq	$27,16($17)	# 1 1
+	mulq	$21,$21,$6		######
+	ldq	$28,24($17)	# 1 1
+	stq	$5,0($16)	# r[0]
+ 	umulh	$21,$21,$2		######
+	stq	$1,8($16)	# r[1]
+	mulq	$27,$27,$7		######
+	stq	$6,16($16)	# r[0]
+ 	umulh	$27,$27,$3		######
+	stq	$2,24($16)	# r[1]
+	mulq	$28,$28,$8		######
+	stq	$7,32($16)	# r[0]
+ 	umulh	$28,$28,$4		######
+	stq	$3,40($16)	# r[1]
 
-	ble $18,$443
+ 	addq	$16,64,$16
+ 	addq	$17,32,$17
+	stq	$8,-16($16)	# r[0]
+	stq	$4,-8($16)	# r[1]
 
- 	addq $16,32,$16
- 	addq $17,16,$17
-	blt $25,$442
- 	br $31,$542
+	blt	$18,$543
+	ldq	$20,0($17)	# 1 1
+ 	br 	$542
 
 $442:
-	ldq $1,0($17)   # a[0]
-	mulq $1,$1,$2   # a[0]*w low part       r2
-        umulh $1,$1,$3  # a[0]*w high part       r3
-	stq $2,0($16)   # r[0]
-        stq $3,8($16)   # r[1]
+	ldq	$20,0($17)   # a[0]
+	mulq	$20,$20,$5  # a[0]*w low part       r2
+	addq	$16,16,$16
+	addq	$17,8,$17
+	subq	$18,1,$18
+        umulh	$20,$20,$1  # a[0]*w high part       r3
+	stq	$5,-16($16)   # r[0]
+        stq	$1,-8($16)   # r[1]
+
+	bgt	$18,$442
+	ret	$31,($26),1	# else exit
 
 	.align 4
-$443:
-	ret $31,($26),1
+$543:
+	addq	$18,4,$18
+	bgt	$18,$442	# goto tail code
+	ret	$31,($26),1	# else exit
 	.end bn_sqr_words
 
 	.align 3
@@ -180,31 +252,74 @@ bn_add_words..ng:
 	.frame $30,0,$26,0
 	.prologue 0
 
-	bis	$31,$31,$8	# carry = 0
-	ble	$19,$900
+	subq	$19,4,$19
+	bis	$31,$31,$0	# carry = 0
+	blt	$19,$900
+	ldq	$5,0($17)	# a[0]
+	ldq	$1,0($18)	# b[1]
+	.align 3
 $901:
-	ldq	$0,0($17)	# a[0]
-	ldq	$1,0($18)	# a[1]
+	addq	$1,$5,$1	# r=a+b;
+	 ldq	$6,8($17)	# a[1]
+	cmpult	$1,$5,$22	# did we overflow?
+	 ldq	$2,8($18)	# b[1]
+	addq	$1,$0,$1	# c+= overflow
+	 ldq	$7,16($17)	# a[2]
+	cmpult	$1,$0,$0	# overflow?
+	 ldq	$3,16($18)	# b[2]
+	addq	$0,$22,$0
+	 ldq	$8,24($17)	# a[3]
+	addq	$2,$6,$2	# r=a+b;
+	 ldq	$4,24($18)	# b[3]
+	cmpult	$2,$6,$23	# did we overflow?
+	 addq	$3,$7,$3	# r=a+b;
+	addq	$2,$0,$2	# c+= overflow
+	 cmpult	$3,$7,$24	# did we overflow?
+	cmpult	$2,$0,$0	# overflow?
+	 addq	$4,$8,$4	# r=a+b;
+	addq	$0,$23,$0
+	 cmpult	$4,$8,$25	# did we overflow?
+	addq	$3,$0,$3	# c+= overflow
+	 stq	$1,0($16)	# r[0]=c
+	cmpult	$3,$0,$0	# overflow?
+	 stq	$2,8($16)	# r[1]=c
+	addq	$0,$24,$0
+	 stq	$3,16($16)	# r[2]=c
+	addq	$4,$0,$4	# c+= overflow
+	 subq	$19,4,$19	# loop--
+	cmpult	$4,$0,$0	# overflow?
+	 addq	$17,32,$17	# a++
+	addq	$0,$25,$0
+	 stq	$4,24($16)	# r[3]=c
+	addq	$18,32,$18	# b++
+	 addq	$16,32,$16	# r++
 
-	addq	$0,$1,$3	# c=a+b;
+	blt	$19,$900
+	 ldq	$5,0($17)	# a[0]
+	ldq	$1,0($18)	# b[1]
+	 br	$901
+	.align 4
+$945:
+	ldq	$5,0($17)	# a[0]
+	 ldq	$1,0($18)	# b[1]
+	addq	$1,$5,$1	# r=a+b;
+	 subq	$19,1,$19	# loop--
+	addq	$1,$0,$1	# c+= overflow
 	 addq	$17,8,$17	# a++
+	cmpult	$1,$5,$22	# did we overflow?
+	 cmpult	$1,$0,$0	# overflow?
+	addq	$18,8,$18	# b++
+	 stq	$1,0($16)	# r[0]=c
+	addq	$0,$22,$0
+	 addq	$16,8,$16	# r++
 
-	cmpult	$3,$1,$7	# did we overflow?
-	 addq	$18,8,$18	# b++
-
-	addq	$8,$3,$3	# c+=carry
+	bgt	$19,$945
+	ret	$31,($26),1	# else exit
 
-	cmpult	$3,$8,$8	# did we overflow?
-	 stq	$3,($16)	# r[0]=c
-
-	addq	$7,$8,$8	# add into overflow
-	 subq	$19,1,$19	# loop--
-
-	addq	$16,8,$16	# r++
-	 bgt	$19,$901
 $900:
-	bis	$8,$8,$0	# return carry
-	ret $31,($26),1
+	addq	$19,4,$19
+	bgt	$19,$945	# goto tail code
+	ret	$31,($26),1	# else exit
 	.end bn_add_words
 
  #
@@ -213,11 +328,11 @@ $900:
  #
 .text
 	.align 3
-	.globl bn_div64
-	.ent bn_div64
-bn_div64:
+	.globl bn_div_words
+	.ent bn_div_words
+bn_div_words:
 	ldgp $29,0($27)
-bn_div64..ng:
+bn_div_words..ng:
 	lda $30,-48($30)
 	.frame $30,48,$26,0
 	stq $26,0($30)
@@ -338,7 +453,1446 @@ $136:
 	ldq $13,40($30)
 	addq $30,48,$30
 	ret $31,($26),1
-	.end bn_div64
-	.ident	"GCC: (GNU) 2.7.2.1"
+	.end bn_div_words
+
+	.set noat
+	.text
+	.align 3
+	.globl bn_sub_words
+	.ent bn_sub_words
+bn_sub_words:
+bn_sub_words..ng:
+	.frame $30,0,$26,0
+	.prologue 0
+
+	subq	$19,	4,	$19
+	bis	$31,	$31,	$0
+	blt	$19,	$100
+	ldq	$1,	0($17)
+	ldq	$2,	0($18)
+$101:
+	ldq	$3,	8($17)
+	cmpult	$1,	$2,	$4
+	ldq	$5,	8($18)
+	subq	$1,	$2,	$1
+	ldq	$6,	16($17)
+	cmpult	$1,	$0,	$2
+	ldq	$7,	16($18)
+	subq	$1,	$0,	$23
+	ldq	$8,	24($17)
+	addq	$2,	$4,	$0
+	cmpult	$3,	$5,	$24
+	subq	$3,	$5,	$3
+	ldq	$22,	24($18)
+	cmpult	$3,	$0,	$5
+	subq	$3,	$0,	$25
+	addq	$5,	$24,	$0
+	cmpult	$6,	$7,	$27
+	subq	$6,	$7,	$6
+	stq	$23,	0($16)
+	cmpult	$6,	$0,	$7
+	subq	$6,	$0,	$28
+	addq	$7,	$27,	$0
+	cmpult	$8,	$22,	$21
+	subq	$8,	$22,	$8
+	stq	$25,	8($16)
+	cmpult	$8,	$0,	$22
+	subq	$8,	$0,	$20
+	addq	$22,	$21,	$0
+	stq	$28,	16($16)
+	subq	$19,	4,	$19
+	stq	$20,	24($16)
+	addq	$17,	32,	$17
+	addq	$18,	32,	$18
+	addq	$16,	32,	$16
+	blt	$19,	$100
+	ldq	$1,	0($17)
+	ldq	$2,	0($18)
+	br	$101
+$102:
+	ldq	$1,	0($17)
+	ldq	$2,	0($18)
+	cmpult	$1,	$2,	$27
+	subq	$1,	$2,	$1
+	cmpult	$1,	$0,	$2
+	subq	$1,	$0,	$1
+	stq	$1,	0($16)
+	addq	$2,	$27,	$0
+	addq	$17,	8,	$17
+	addq	$18,	8,	$18
+	addq	$16,	8,	$16
+	subq	$19,	1,	$19
+	bgt	$19,	$102
+	ret	$31,($26),1
+$100:
+	addq	$19,	4,	$19
+	bgt	$19,	$102
+$103:
+	ret	$31,($26),1
+	.end bn_sub_words
+	.text
+	.align 3
+	.globl bn_mul_comba4
+	.ent bn_mul_comba4
+bn_mul_comba4:
+bn_mul_comba4..ng:
+	.frame $30,0,$26,0
+	.prologue 0
 
+	ldq	$0,	0($17)
+	ldq	$1,	0($18)
+	ldq	$2,	8($17)
+	ldq	$3,	8($18)
+	ldq	$4,	16($17)
+	ldq	$5,	16($18)
+	ldq	$6,	24($17)
+	ldq	$7,	24($18)
+	bis	$31,	$31,	$23
+	mulq	$0,	$1,	$8
+	umulh	$0,	$1,	$22
+	stq	$8,	0($16)
+	bis	$31,	$31,	$8
+	mulq	$0,	$3,	$24
+	umulh	$0,	$3,	$25
+	addq	$22,	$24,	$22
+	cmpult	$22,	$24,	$27
+	addq	$27,	$25,	$25
+	addq	$23,	$25,	$23
+	cmpult	$23,	$25,	$28
+	addq	$8,	$28,	$8
+	mulq	$2,	$1,	$21
+	umulh	$2,	$1,	$20
+	addq	$22,	$21,	$22
+	cmpult	$22,	$21,	$19
+	addq	$19,	$20,	$20
+	addq	$23,	$20,	$23
+	cmpult	$23,	$20,	$17
+	addq	$8,	$17,	$8
+	stq	$22,	8($16)
+	bis	$31,	$31,	$22
+	mulq	$2,	$3,	$18
+	umulh	$2,	$3,	$24
+	addq	$23,	$18,	$23
+	cmpult	$23,	$18,	$27
+	addq	$27,	$24,	$24
+	addq	$8,	$24,	$8
+	cmpult	$8,	$24,	$25
+	addq	$22,	$25,	$22
+	mulq	$0,	$5,	$28
+	umulh	$0,	$5,	$21
+	addq	$23,	$28,	$23
+	cmpult	$23,	$28,	$19
+	addq	$19,	$21,	$21
+	addq	$8,	$21,	$8
+	cmpult	$8,	$21,	$20
+	addq	$22,	$20,	$22
+	mulq	$4,	$1,	$17
+	umulh	$4,	$1,	$18
+	addq	$23,	$17,	$23
+	cmpult	$23,	$17,	$27
+	addq	$27,	$18,	$18
+	addq	$8,	$18,	$8
+	cmpult	$8,	$18,	$24
+	addq	$22,	$24,	$22
+	stq	$23,	16($16)
+	bis	$31,	$31,	$23
+	mulq	$0,	$7,	$25
+	umulh	$0,	$7,	$28
+	addq	$8,	$25,	$8
+	cmpult	$8,	$25,	$19
+	addq	$19,	$28,	$28
+	addq	$22,	$28,	$22
+	cmpult	$22,	$28,	$21
+	addq	$23,	$21,	$23
+	mulq	$2,	$5,	$20
+	umulh	$2,	$5,	$17
+	addq	$8,	$20,	$8
+	cmpult	$8,	$20,	$27
+	addq	$27,	$17,	$17
+	addq	$22,	$17,	$22
+	cmpult	$22,	$17,	$18
+	addq	$23,	$18,	$23
+	mulq	$4,	$3,	$24
+	umulh	$4,	$3,	$25
+	addq	$8,	$24,	$8
+	cmpult	$8,	$24,	$19
+	addq	$19,	$25,	$25
+	addq	$22,	$25,	$22
+	cmpult	$22,	$25,	$28
+	addq	$23,	$28,	$23
+	mulq	$6,	$1,	$21
+	umulh	$6,	$1,	$0
+	addq	$8,	$21,	$8
+	cmpult	$8,	$21,	$20
+	addq	$20,	$0,	$0
+	addq	$22,	$0,	$22
+	cmpult	$22,	$0,	$27
+	addq	$23,	$27,	$23
+	stq	$8,	24($16)
+	bis	$31,	$31,	$8
+	mulq	$2,	$7,	$17
+	umulh	$2,	$7,	$18
+	addq	$22,	$17,	$22
+	cmpult	$22,	$17,	$24
+	addq	$24,	$18,	$18
+	addq	$23,	$18,	$23
+	cmpult	$23,	$18,	$19
+	addq	$8,	$19,	$8
+	mulq	$4,	$5,	$25
+	umulh	$4,	$5,	$28
+	addq	$22,	$25,	$22
+	cmpult	$22,	$25,	$21
+	addq	$21,	$28,	$28
+	addq	$23,	$28,	$23
+	cmpult	$23,	$28,	$20
+	addq	$8,	$20,	$8
+	mulq	$6,	$3,	$0
+	umulh	$6,	$3,	$27
+	addq	$22,	$0,	$22
+	cmpult	$22,	$0,	$1
+	addq	$1,	$27,	$27
+	addq	$23,	$27,	$23
+	cmpult	$23,	$27,	$17
+	addq	$8,	$17,	$8
+	stq	$22,	32($16)
+	bis	$31,	$31,	$22
+	mulq	$4,	$7,	$24
+	umulh	$4,	$7,	$18
+	addq	$23,	$24,	$23
+	cmpult	$23,	$24,	$19
+	addq	$19,	$18,	$18
+	addq	$8,	$18,	$8
+	cmpult	$8,	$18,	$2
+	addq	$22,	$2,	$22
+	mulq	$6,	$5,	$25
+	umulh	$6,	$5,	$21
+	addq	$23,	$25,	$23
+	cmpult	$23,	$25,	$28
+	addq	$28,	$21,	$21
+	addq	$8,	$21,	$8
+	cmpult	$8,	$21,	$20
+	addq	$22,	$20,	$22
+	stq	$23,	40($16)
+	bis	$31,	$31,	$23
+	mulq	$6,	$7,	$0
+	umulh	$6,	$7,	$1
+	addq	$8,	$0,	$8
+	cmpult	$8,	$0,	$27
+	addq	$27,	$1,	$1
+	addq	$22,	$1,	$22
+	cmpult	$22,	$1,	$17
+	addq	$23,	$17,	$23
+	stq	$8,	48($16)
+	stq	$22,	56($16)
+	ret	$31,($26),1
+	.end bn_mul_comba4
+	.text
+	.align 3
+	.globl bn_mul_comba8
+	.ent bn_mul_comba8
+bn_mul_comba8:
+bn_mul_comba8..ng:
+	.frame $30,0,$26,0
+	.prologue 0
+
+	subq	$30,	16,	$30
+	ldq	$0,	0($17)
+	ldq	$1,	0($18)
+	stq	$9,	0($30)
+	stq	$10,	8($30)
+	ldq	$2,	8($17)
+	ldq	$3,	8($18)
+	ldq	$4,	16($17)
+	ldq	$5,	16($18)
+	ldq	$6,	24($17)
+	ldq	$7,	24($18)
+	ldq	$8,	8($17)
+	ldq	$22,	8($18)
+	ldq	$23,	8($17)
+	ldq	$24,	8($18)
+	ldq	$25,	8($17)
+	ldq	$27,	8($18)
+	ldq	$28,	8($17)
+	ldq	$21,	8($18)
+	bis	$31,	$31,	$9
+	mulq	$0,	$1,	$20
+	umulh	$0,	$1,	$19
+	stq	$20,	0($16)
+	bis	$31,	$31,	$20
+	mulq	$0,	$3,	$10
+	umulh	$0,	$3,	$17
+	addq	$19,	$10,	$19
+	cmpult	$19,	$10,	$18
+	addq	$18,	$17,	$17
+	addq	$9,	$17,	$9
+	cmpult	$9,	$17,	$10
+	addq	$20,	$10,	$20
+	mulq	$2,	$1,	$18
+	umulh	$2,	$1,	$17
+	addq	$19,	$18,	$19
+	cmpult	$19,	$18,	$10
+	addq	$10,	$17,	$17
+	addq	$9,	$17,	$9
+	cmpult	$9,	$17,	$18
+	addq	$20,	$18,	$20
+	stq	$19,	8($16)
+	bis	$31,	$31,	$19
+	mulq	$0,	$5,	$10
+	umulh	$0,	$5,	$17
+	addq	$9,	$10,	$9
+	cmpult	$9,	$10,	$18
+	addq	$18,	$17,	$17
+	addq	$20,	$17,	$20
+	cmpult	$20,	$17,	$10
+	addq	$19,	$10,	$19
+	mulq	$2,	$3,	$18
+	umulh	$2,	$3,	$17
+	addq	$9,	$18,	$9
+	cmpult	$9,	$18,	$10
+	addq	$10,	$17,	$17
+	addq	$20,	$17,	$20
+	cmpult	$20,	$17,	$18
+	addq	$19,	$18,	$19
+	mulq	$4,	$1,	$10
+	umulh	$4,	$1,	$17
+	addq	$9,	$10,	$9
+	cmpult	$9,	$10,	$18
+	addq	$18,	$17,	$17
+	addq	$20,	$17,	$20
+	cmpult	$20,	$17,	$10
+	addq	$19,	$10,	$19
+	stq	$9,	16($16)
+	bis	$31,	$31,	$9
+	mulq	$0,	$7,	$18
+	umulh	$0,	$7,	$17
+	addq	$20,	$18,	$20
+	cmpult	$20,	$18,	$10
+	addq	$10,	$17,	$17
+	addq	$19,	$17,	$19
+	cmpult	$19,	$17,	$18
+	addq	$9,	$18,	$9
+	mulq	$2,	$5,	$10
+	umulh	$2,	$5,	$17
+	addq	$20,	$10,	$20
+	cmpult	$20,	$10,	$18
+	addq	$18,	$17,	$17
+	addq	$19,	$17,	$19
+	cmpult	$19,	$17,	$10
+	addq	$9,	$10,	$9
+	mulq	$4,	$3,	$18
+	umulh	$4,	$3,	$17
+	addq	$20,	$18,	$20
+	cmpult	$20,	$18,	$10
+	addq	$10,	$17,	$17
+	addq	$19,	$17,	$19
+	cmpult	$19,	$17,	$18
+	addq	$9,	$18,	$9
+	mulq	$6,	$1,	$10
+	umulh	$6,	$1,	$17
+	addq	$20,	$10,	$20
+	cmpult	$20,	$10,	$18
+	addq	$18,	$17,	$17
+	addq	$19,	$17,	$19
+	cmpult	$19,	$17,	$10
+	addq	$9,	$10,	$9
+	stq	$20,	24($16)
+	bis	$31,	$31,	$20
+	mulq	$0,	$22,	$18
+	umulh	$0,	$22,	$17
+	addq	$19,	$18,	$19
+	cmpult	$19,	$18,	$10
+	addq	$10,	$17,	$17
+	addq	$9,	$17,	$9
+	cmpult	$9,	$17,	$18
+	addq	$20,	$18,	$20
+	mulq	$2,	$7,	$10
+	umulh	$2,	$7,	$17
+	addq	$19,	$10,	$19
+	cmpult	$19,	$10,	$18
+	addq	$18,	$17,	$17
+	addq	$9,	$17,	$9
+	cmpult	$9,	$17,	$10
+	addq	$20,	$10,	$20
+	mulq	$4,	$5,	$18
+	umulh	$4,	$5,	$17
+	addq	$19,	$18,	$19
+	cmpult	$19,	$18,	$10
+	addq	$10,	$17,	$17
+	addq	$9,	$17,	$9
+	cmpult	$9,	$17,	$18
+	addq	$20,	$18,	$20
+	mulq	$6,	$3,	$10
+	umulh	$6,	$3,	$17
+	addq	$19,	$10,	$19
+	cmpult	$19,	$10,	$18
+	addq	$18,	$17,	$17
+	addq	$9,	$17,	$9
+	cmpult	$9,	$17,	$10
+	addq	$20,	$10,	$20
+	mulq	$8,	$1,	$18
+	umulh	$8,	$1,	$17
+	addq	$19,	$18,	$19
+	cmpult	$19,	$18,	$10
+	addq	$10,	$17,	$17
+	addq	$9,	$17,	$9
+	cmpult	$9,	$17,	$18
+	addq	$20,	$18,	$20
+	stq	$19,	32($16)
+	bis	$31,	$31,	$19
+	mulq	$0,	$24,	$10
+	umulh	$0,	$24,	$17
+	addq	$9,	$10,	$9
+	cmpult	$9,	$10,	$18
+	addq	$18,	$17,	$17
+	addq	$20,	$17,	$20
+	cmpult	$20,	$17,	$10
+	addq	$19,	$10,	$19
+	mulq	$2,	$22,	$18
+	umulh	$2,	$22,	$17
+	addq	$9,	$18,	$9
+	cmpult	$9,	$18,	$10
+	addq	$10,	$17,	$17
+	addq	$20,	$17,	$20
+	cmpult	$20,	$17,	$18
+	addq	$19,	$18,	$19
+	mulq	$4,	$7,	$10
+	umulh	$4,	$7,	$17
+	addq	$9,	$10,	$9
+	cmpult	$9,	$10,	$18
+	addq	$18,	$17,	$17
+	addq	$20,	$17,	$20
+	cmpult	$20,	$17,	$10
+	addq	$19,	$10,	$19
+	mulq	$6,	$5,	$18
+	umulh	$6,	$5,	$17
+	addq	$9,	$18,	$9
+	cmpult	$9,	$18,	$10
+	addq	$10,	$17,	$17
+	addq	$20,	$17,	$20
+	cmpult	$20,	$17,	$18
+	addq	$19,	$18,	$19
+	mulq	$8,	$3,	$10
+	umulh	$8,	$3,	$17
+	addq	$9,	$10,	$9
+	cmpult	$9,	$10,	$18
+	addq	$18,	$17,	$17
+	addq	$20,	$17,	$20
+	cmpult	$20,	$17,	$10
+	addq	$19,	$10,	$19
+	mulq	$23,	$1,	$18
+	umulh	$23,	$1,	$17
+	addq	$9,	$18,	$9
+	cmpult	$9,	$18,	$10
+	addq	$10,	$17,	$17
+	addq	$20,	$17,	$20
+	cmpult	$20,	$17,	$18
+	addq	$19,	$18,	$19
+	stq	$9,	40($16)
+	bis	$31,	$31,	$9
+	mulq	$0,	$27,	$10
+	umulh	$0,	$27,	$17
+	addq	$20,	$10,	$20
+	cmpult	$20,	$10,	$18
+	addq	$18,	$17,	$17
+	addq	$19,	$17,	$19
+	cmpult	$19,	$17,	$10
+	addq	$9,	$10,	$9
+	mulq	$2,	$24,	$18
+	umulh	$2,	$24,	$17
+	addq	$20,	$18,	$20
+	cmpult	$20,	$18,	$10
+	addq	$10,	$17,	$17
+	addq	$19,	$17,	$19
+	cmpult	$19,	$17,	$18
+	addq	$9,	$18,	$9
+	mulq	$4,	$22,	$10
+	umulh	$4,	$22,	$17
+	addq	$20,	$10,	$20
+	cmpult	$20,	$10,	$18
+	addq	$18,	$17,	$17
+	addq	$19,	$17,	$19
+	cmpult	$19,	$17,	$10
+	addq	$9,	$10,	$9
+	mulq	$6,	$7,	$18
+	umulh	$6,	$7,	$17
+	addq	$20,	$18,	$20
+	cmpult	$20,	$18,	$10
+	addq	$10,	$17,	$17
+	addq	$19,	$17,	$19
+	cmpult	$19,	$17,	$18
+	addq	$9,	$18,	$9
+	mulq	$8,	$5,	$10
+	umulh	$8,	$5,	$17
+	addq	$20,	$10,	$20
+	cmpult	$20,	$10,	$18
+	addq	$18,	$17,	$17
+	addq	$19,	$17,	$19
+	cmpult	$19,	$17,	$10
+	addq	$9,	$10,	$9
+	mulq	$23,	$3,	$18
+	umulh	$23,	$3,	$17
+	addq	$20,	$18,	$20
+	cmpult	$20,	$18,	$10
+	addq	$10,	$17,	$17
+	addq	$19,	$17,	$19
+	cmpult	$19,	$17,	$18
+	addq	$9,	$18,	$9
+	mulq	$25,	$1,	$10
+	umulh	$25,	$1,	$17
+	addq	$20,	$10,	$20
+	cmpult	$20,	$10,	$18
+	addq	$18,	$17,	$17
+	addq	$19,	$17,	$19
+	cmpult	$19,	$17,	$10
+	addq	$9,	$10,	$9
+	stq	$20,	48($16)
+	bis	$31,	$31,	$20
+	mulq	$0,	$21,	$18
+	umulh	$0,	$21,	$17
+	addq	$19,	$18,	$19
+	cmpult	$19,	$18,	$10
+	addq	$10,	$17,	$17
+	addq	$9,	$17,	$9
+	cmpult	$9,	$17,	$18
+	addq	$20,	$18,	$20
+	mulq	$2,	$27,	$10
+	umulh	$2,	$27,	$17
+	addq	$19,	$10,	$19
+	cmpult	$19,	$10,	$18
+	addq	$18,	$17,	$17
+	addq	$9,	$17,	$9
+	cmpult	$9,	$17,	$0
+	addq	$20,	$0,	$20
+	mulq	$4,	$24,	$10
+	umulh	$4,	$24,	$18
+	addq	$19,	$10,	$19
+	cmpult	$19,	$10,	$17
+	addq	$17,	$18,	$18
+	addq	$9,	$18,	$9
+	cmpult	$9,	$18,	$0
+	addq	$20,	$0,	$20
+	mulq	$6,	$22,	$10
+	umulh	$6,	$22,	$17
+	addq	$19,	$10,	$19
+	cmpult	$19,	$10,	$18
+	addq	$18,	$17,	$17
+	addq	$9,	$17,	$9
+	cmpult	$9,	$17,	$0
+	addq	$20,	$0,	$20
+	mulq	$8,	$7,	$10
+	umulh	$8,	$7,	$18
+	addq	$19,	$10,	$19
+	cmpult	$19,	$10,	$17
+	addq	$17,	$18,	$18
+	addq	$9,	$18,	$9
+	cmpult	$9,	$18,	$0
+	addq	$20,	$0,	$20
+	mulq	$23,	$5,	$10
+	umulh	$23,	$5,	$17
+	addq	$19,	$10,	$19
+	cmpult	$19,	$10,	$18
+	addq	$18,	$17,	$17
+	addq	$9,	$17,	$9
+	cmpult	$9,	$17,	$0
+	addq	$20,	$0,	$20
+	mulq	$25,	$3,	$10
+	umulh	$25,	$3,	$18
+	addq	$19,	$10,	$19
+	cmpult	$19,	$10,	$17
+	addq	$17,	$18,	$18
+	addq	$9,	$18,	$9
+	cmpult	$9,	$18,	$0
+	addq	$20,	$0,	$20
+	mulq	$28,	$1,	$10
+	umulh	$28,	$1,	$17
+	addq	$19,	$10,	$19
+	cmpult	$19,	$10,	$18
+	addq	$18,	$17,	$17
+	addq	$9,	$17,	$9
+	cmpult	$9,	$17,	$0
+	addq	$20,	$0,	$20
+	stq	$19,	56($16)
+	bis	$31,	$31,	$19
+	mulq	$2,	$21,	$10
+	umulh	$2,	$21,	$18
+	addq	$9,	$10,	$9
+	cmpult	$9,	$10,	$17
+	addq	$17,	$18,	$18
+	addq	$20,	$18,	$20
+	cmpult	$20,	$18,	$0
+	addq	$19,	$0,	$19
+	mulq	$4,	$27,	$1
+	umulh	$4,	$27,	$10
+	addq	$9,	$1,	$9
+	cmpult	$9,	$1,	$17
+	addq	$17,	$10,	$10
+	addq	$20,	$10,	$20
+	cmpult	$20,	$10,	$18
+	addq	$19,	$18,	$19
+	mulq	$6,	$24,	$0
+	umulh	$6,	$24,	$2
+	addq	$9,	$0,	$9
+	cmpult	$9,	$0,	$1
+	addq	$1,	$2,	$2
+	addq	$20,	$2,	$20
+	cmpult	$20,	$2,	$17
+	addq	$19,	$17,	$19
+	mulq	$8,	$22,	$10
+	umulh	$8,	$22,	$18
+	addq	$9,	$10,	$9
+	cmpult	$9,	$10,	$0
+	addq	$0,	$18,	$18
+	addq	$20,	$18,	$20
+	cmpult	$20,	$18,	$1
+	addq	$19,	$1,	$19
+	mulq	$23,	$7,	$2
+	umulh	$23,	$7,	$17
+	addq	$9,	$2,	$9
+	cmpult	$9,	$2,	$10
+	addq	$10,	$17,	$17
+	addq	$20,	$17,	$20
+	cmpult	$20,	$17,	$0
+	addq	$19,	$0,	$19
+	mulq	$25,	$5,	$18
+	umulh	$25,	$5,	$1
+	addq	$9,	$18,	$9
+	cmpult	$9,	$18,	$2
+	addq	$2,	$1,	$1
+	addq	$20,	$1,	$20
+	cmpult	$20,	$1,	$10
+	addq	$19,	$10,	$19
+	mulq	$28,	$3,	$17
+	umulh	$28,	$3,	$0
+	addq	$9,	$17,	$9
+	cmpult	$9,	$17,	$18
+	addq	$18,	$0,	$0
+	addq	$20,	$0,	$20
+	cmpult	$20,	$0,	$2
+	addq	$19,	$2,	$19
+	stq	$9,	64($16)
+	bis	$31,	$31,	$9
+	mulq	$4,	$21,	$1
+	umulh	$4,	$21,	$10
+	addq	$20,	$1,	$20
+	cmpult	$20,	$1,	$17
+	addq	$17,	$10,	$10
+	addq	$19,	$10,	$19
+	cmpult	$19,	$10,	$18
+	addq	$9,	$18,	$9
+	mulq	$6,	$27,	$0
+	umulh	$6,	$27,	$2
+	addq	$20,	$0,	$20
+	cmpult	$20,	$0,	$3
+	addq	$3,	$2,	$2
+	addq	$19,	$2,	$19
+	cmpult	$19,	$2,	$1
+	addq	$9,	$1,	$9
+	mulq	$8,	$24,	$17
+	umulh	$8,	$24,	$10
+	addq	$20,	$17,	$20
+	cmpult	$20,	$17,	$18
+	addq	$18,	$10,	$10
+	addq	$19,	$10,	$19
+	cmpult	$19,	$10,	$4
+	addq	$9,	$4,	$9
+	mulq	$23,	$22,	$0
+	umulh	$23,	$22,	$3
+	addq	$20,	$0,	$20
+	cmpult	$20,	$0,	$2
+	addq	$2,	$3,	$3
+	addq	$19,	$3,	$19
+	cmpult	$19,	$3,	$1
+	addq	$9,	$1,	$9
+	mulq	$25,	$7,	$17
+	umulh	$25,	$7,	$18
+	addq	$20,	$17,	$20
+	cmpult	$20,	$17,	$10
+	addq	$10,	$18,	$18
+	addq	$19,	$18,	$19
+	cmpult	$19,	$18,	$4
+	addq	$9,	$4,	$9
+	mulq	$28,	$5,	$0
+	umulh	$28,	$5,	$2
+	addq	$20,	$0,	$20
+	cmpult	$20,	$0,	$3
+	addq	$3,	$2,	$2
+	addq	$19,	$2,	$19
+	cmpult	$19,	$2,	$1
+	addq	$9,	$1,	$9
+	stq	$20,	72($16)
+	bis	$31,	$31,	$20
+	mulq	$6,	$21,	$17
+	umulh	$6,	$21,	$10
+	addq	$19,	$17,	$19
+	cmpult	$19,	$17,	$18
+	addq	$18,	$10,	$10
+	addq	$9,	$10,	$9
+	cmpult	$9,	$10,	$4
+	addq	$20,	$4,	$20
+	mulq	$8,	$27,	$0
+	umulh	$8,	$27,	$3
+	addq	$19,	$0,	$19
+	cmpult	$19,	$0,	$2
+	addq	$2,	$3,	$3
+	addq	$9,	$3,	$9
+	cmpult	$9,	$3,	$1
+	addq	$20,	$1,	$20
+	mulq	$23,	$24,	$5
+	umulh	$23,	$24,	$17
+	addq	$19,	$5,	$19
+	cmpult	$19,	$5,	$18
+	addq	$18,	$17,	$17
+	addq	$9,	$17,	$9
+	cmpult	$9,	$17,	$10
+	addq	$20,	$10,	$20
+	mulq	$25,	$22,	$4
+	umulh	$25,	$22,	$6
+	addq	$19,	$4,	$19
+	cmpult	$19,	$4,	$0
+	addq	$0,	$6,	$6
+	addq	$9,	$6,	$9
+	cmpult	$9,	$6,	$2
+	addq	$20,	$2,	$20
+	mulq	$28,	$7,	$3
+	umulh	$28,	$7,	$1
+	addq	$19,	$3,	$19
+	cmpult	$19,	$3,	$5
+	addq	$5,	$1,	$1
+	addq	$9,	$1,	$9
+	cmpult	$9,	$1,	$18
+	addq	$20,	$18,	$20
+	stq	$19,	80($16)
+	bis	$31,	$31,	$19
+	mulq	$8,	$21,	$17
+	umulh	$8,	$21,	$10
+	addq	$9,	$17,	$9
+	cmpult	$9,	$17,	$4
+	addq	$4,	$10,	$10
+	addq	$20,	$10,	$20
+	cmpult	$20,	$10,	$0
+	addq	$19,	$0,	$19
+	mulq	$23,	$27,	$6
+	umulh	$23,	$27,	$2
+	addq	$9,	$6,	$9
+	cmpult	$9,	$6,	$3
+	addq	$3,	$2,	$2
+	addq	$20,	$2,	$20
+	cmpult	$20,	$2,	$5
+	addq	$19,	$5,	$19
+	mulq	$25,	$24,	$1
+	umulh	$25,	$24,	$18
+	addq	$9,	$1,	$9
+	cmpult	$9,	$1,	$7
+	addq	$7,	$18,	$18
+	addq	$20,	$18,	$20
+	cmpult	$20,	$18,	$17
+	addq	$19,	$17,	$19
+	mulq	$28,	$22,	$4
+	umulh	$28,	$22,	$10
+	addq	$9,	$4,	$9
+	cmpult	$9,	$4,	$0
+	addq	$0,	$10,	$10
+	addq	$20,	$10,	$20
+	cmpult	$20,	$10,	$8
+	addq	$19,	$8,	$19
+	stq	$9,	88($16)
+	bis	$31,	$31,	$9
+	mulq	$23,	$21,	$6
+	umulh	$23,	$21,	$3
+	addq	$20,	$6,	$20
+	cmpult	$20,	$6,	$2
+	addq	$2,	$3,	$3
+	addq	$19,	$3,	$19
+	cmpult	$19,	$3,	$5
+	addq	$9,	$5,	$9
+	mulq	$25,	$27,	$1
+	umulh	$25,	$27,	$7
+	addq	$20,	$1,	$20
+	cmpult	$20,	$1,	$18
+	addq	$18,	$7,	$7
+	addq	$19,	$7,	$19
+	cmpult	$19,	$7,	$17
+	addq	$9,	$17,	$9
+	mulq	$28,	$24,	$4
+	umulh	$28,	$24,	$0
+	addq	$20,	$4,	$20
+	cmpult	$20,	$4,	$10
+	addq	$10,	$0,	$0
+	addq	$19,	$0,	$19
+	cmpult	$19,	$0,	$8
+	addq	$9,	$8,	$9
+	stq	$20,	96($16)
+	bis	$31,	$31,	$20
+	mulq	$25,	$21,	$22
+	umulh	$25,	$21,	$6
+	addq	$19,	$22,	$19
+	cmpult	$19,	$22,	$2
+	addq	$2,	$6,	$6
+	addq	$9,	$6,	$9
+	cmpult	$9,	$6,	$3
+	addq	$20,	$3,	$20
+	mulq	$28,	$27,	$5
+	umulh	$28,	$27,	$23
+	addq	$19,	$5,	$19
+	cmpult	$19,	$5,	$1
+	addq	$1,	$23,	$23
+	addq	$9,	$23,	$9
+	cmpult	$9,	$23,	$18
+	addq	$20,	$18,	$20
+	stq	$19,	104($16)
+	bis	$31,	$31,	$19
+	mulq	$28,	$21,	$7
+	umulh	$28,	$21,	$17
+	addq	$9,	$7,	$9
+	cmpult	$9,	$7,	$4
+	addq	$4,	$17,	$17
+	addq	$20,	$17,	$20
+	cmpult	$20,	$17,	$10
+	addq	$19,	$10,	$19
+	stq	$9,	112($16)
+	stq	$20,	120($16)
+	ldq	$9,	0($30)
+	ldq	$10,	8($30)
+	addq	$30,	16,	$30
+	ret	$31,($26),1
+	.end bn_mul_comba8
+	.text
+	.align 3
+	.globl bn_sqr_comba4
+	.ent bn_sqr_comba4
+bn_sqr_comba4:
+bn_sqr_comba4..ng:
+	.frame $30,0,$26,0
+	.prologue 0
+
+	ldq	$0,	0($17)
+	ldq	$1,	8($17)
+	ldq	$2,	16($17)
+	ldq	$3,	24($17)
+	bis	$31,	$31,	$6
+	mulq	$0,	$0,	$4
+	umulh	$0,	$0,	$5
+	stq	$4,	0($16)
+	bis	$31,	$31,	$4
+	mulq	$0,	$1,	$7
+	umulh	$0,	$1,	$8
+	cmplt	$7,	$31,	$22
+	cmplt	$8,	$31,	$23
+	addq	$7,	$7,	$7
+	addq	$8,	$8,	$8
+	addq	$8,	$22,	$8
+	addq	$4,	$23,	$4
+	addq	$5,	$7,	$5
+	addq	$6,	$8,	$6
+	cmpult	$5,	$7,	$24
+	cmpult	$6,	$8,	$25
+	addq	$6,	$24,	$6
+	addq	$4,	$25,	$4
+	stq	$5,	8($16)
+	bis	$31,	$31,	$5
+	mulq	$1,	$1,	$27
+	umulh	$1,	$1,	$28
+	addq	$6,	$27,	$6
+	addq	$4,	$28,	$4
+	cmpult	$6,	$27,	$21
+	cmpult	$4,	$28,	$20
+	addq	$4,	$21,	$4
+	addq	$5,	$20,	$5
+	mulq	$2,	$0,	$19
+	umulh	$2,	$0,	$18
+	cmplt	$19,	$31,	$17
+	cmplt	$18,	$31,	$22
+	addq	$19,	$19,	$19
+	addq	$18,	$18,	$18
+	addq	$18,	$17,	$18
+	addq	$5,	$22,	$5
+	addq	$6,	$19,	$6
+	addq	$4,	$18,	$4
+	cmpult	$6,	$19,	$23
+	cmpult	$4,	$18,	$7
+	addq	$4,	$23,	$4
+	addq	$5,	$7,	$5
+	stq	$6,	16($16)
+	bis	$31,	$31,	$6
+	mulq	$3,	$0,	$8
+	umulh	$3,	$0,	$24
+	cmplt	$8,	$31,	$25
+	cmplt	$24,	$31,	$27
+	addq	$8,	$8,	$8
+	addq	$24,	$24,	$24
+	addq	$24,	$25,	$24
+	addq	$6,	$27,	$6
+	addq	$4,	$8,	$4
+	addq	$5,	$24,	$5
+	cmpult	$4,	$8,	$28
+	cmpult	$5,	$24,	$21
+	addq	$5,	$28,	$5
+	addq	$6,	$21,	$6
+	mulq	$2,	$1,	$20
+	umulh	$2,	$1,	$17
+	cmplt	$20,	$31,	$22
+	cmplt	$17,	$31,	$19
+	addq	$20,	$20,	$20
+	addq	$17,	$17,	$17
+	addq	$17,	$22,	$17
+	addq	$6,	$19,	$6
+	addq	$4,	$20,	$4
+	addq	$5,	$17,	$5
+	cmpult	$4,	$20,	$18
+	cmpult	$5,	$17,	$23
+	addq	$5,	$18,	$5
+	addq	$6,	$23,	$6
+	stq	$4,	24($16)
+	bis	$31,	$31,	$4
+	mulq	$2,	$2,	$7
+	umulh	$2,	$2,	$25
+	addq	$5,	$7,	$5
+	addq	$6,	$25,	$6
+	cmpult	$5,	$7,	$27
+	cmpult	$6,	$25,	$8
+	addq	$6,	$27,	$6
+	addq	$4,	$8,	$4
+	mulq	$3,	$1,	$24
+	umulh	$3,	$1,	$28
+	cmplt	$24,	$31,	$21
+	cmplt	$28,	$31,	$22
+	addq	$24,	$24,	$24
+	addq	$28,	$28,	$28
+	addq	$28,	$21,	$28
+	addq	$4,	$22,	$4
+	addq	$5,	$24,	$5
+	addq	$6,	$28,	$6
+	cmpult	$5,	$24,	$19
+	cmpult	$6,	$28,	$20
+	addq	$6,	$19,	$6
+	addq	$4,	$20,	$4
+	stq	$5,	32($16)
+	bis	$31,	$31,	$5
+	mulq	$3,	$2,	$17
+	umulh	$3,	$2,	$18
+	cmplt	$17,	$31,	$23
+	cmplt	$18,	$31,	$7
+	addq	$17,	$17,	$17
+	addq	$18,	$18,	$18
+	addq	$18,	$23,	$18
+	addq	$5,	$7,	$5
+	addq	$6,	$17,	$6
+	addq	$4,	$18,	$4
+	cmpult	$6,	$17,	$25
+	cmpult	$4,	$18,	$27
+	addq	$4,	$25,	$4
+	addq	$5,	$27,	$5
+	stq	$6,	40($16)
+	bis	$31,	$31,	$6
+	mulq	$3,	$3,	$8
+	umulh	$3,	$3,	$21
+	addq	$4,	$8,	$4
+	addq	$5,	$21,	$5
+	cmpult	$4,	$8,	$22
+	cmpult	$5,	$21,	$24
+	addq	$5,	$22,	$5
+	addq	$6,	$24,	$6
+	stq	$4,	48($16)
+	stq	$5,	56($16)
+	ret	$31,($26),1
+	.end bn_sqr_comba4
+	.text
+	.align 3
+	.globl bn_sqr_comba8
+	.ent bn_sqr_comba8
+bn_sqr_comba8:
+bn_sqr_comba8..ng:
+	.frame $30,0,$26,0
+	.prologue 0
 
+	ldq	$0,	0($17)
+	ldq	$1,	8($17)
+	ldq	$2,	16($17)
+	ldq	$3,	24($17)
+	ldq	$4,	32($17)
+	ldq	$5,	40($17)
+	ldq	$6,	48($17)
+	ldq	$7,	56($17)
+	bis	$31,	$31,	$23
+	mulq	$0,	$0,	$8
+	umulh	$0,	$0,	$22
+	stq	$8,	0($16)
+	bis	$31,	$31,	$8
+	mulq	$1,	$0,	$24
+	umulh	$1,	$0,	$25
+	cmplt	$24,	$31,	$27
+	cmplt	$25,	$31,	$28
+	addq	$24,	$24,	$24
+	addq	$25,	$25,	$25
+	addq	$25,	$27,	$25
+	addq	$8,	$28,	$8
+	addq	$22,	$24,	$22
+	addq	$23,	$25,	$23
+	cmpult	$22,	$24,	$21
+	cmpult	$23,	$25,	$20
+	addq	$23,	$21,	$23
+	addq	$8,	$20,	$8
+	stq	$22,	8($16)
+	bis	$31,	$31,	$22
+	mulq	$1,	$1,	$19
+	umulh	$1,	$1,	$18
+	addq	$23,	$19,	$23
+	addq	$8,	$18,	$8
+	cmpult	$23,	$19,	$17
+	cmpult	$8,	$18,	$27
+	addq	$8,	$17,	$8
+	addq	$22,	$27,	$22
+	mulq	$2,	$0,	$28
+	umulh	$2,	$0,	$24
+	cmplt	$28,	$31,	$25
+	cmplt	$24,	$31,	$21
+	addq	$28,	$28,	$28
+	addq	$24,	$24,	$24
+	addq	$24,	$25,	$24
+	addq	$22,	$21,	$22
+	addq	$23,	$28,	$23
+	addq	$8,	$24,	$8
+	cmpult	$23,	$28,	$20
+	cmpult	$8,	$24,	$19
+	addq	$8,	$20,	$8
+	addq	$22,	$19,	$22
+	stq	$23,	16($16)
+	bis	$31,	$31,	$23
+	mulq	$2,	$1,	$18
+	umulh	$2,	$1,	$17
+	cmplt	$18,	$31,	$27
+	cmplt	$17,	$31,	$25
+	addq	$18,	$18,	$18
+	addq	$17,	$17,	$17
+	addq	$17,	$27,	$17
+	addq	$23,	$25,	$23
+	addq	$8,	$18,	$8
+	addq	$22,	$17,	$22
+	cmpult	$8,	$18,	$21
+	cmpult	$22,	$17,	$28
+	addq	$22,	$21,	$22
+	addq	$23,	$28,	$23
+	mulq	$3,	$0,	$24
+	umulh	$3,	$0,	$20
+	cmplt	$24,	$31,	$19
+	cmplt	$20,	$31,	$27
+	addq	$24,	$24,	$24
+	addq	$20,	$20,	$20
+	addq	$20,	$19,	$20
+	addq	$23,	$27,	$23
+	addq	$8,	$24,	$8
+	addq	$22,	$20,	$22
+	cmpult	$8,	$24,	$25
+	cmpult	$22,	$20,	$18
+	addq	$22,	$25,	$22
+	addq	$23,	$18,	$23
+	stq	$8,	24($16)
+	bis	$31,	$31,	$8
+	mulq	$2,	$2,	$17
+	umulh	$2,	$2,	$21
+	addq	$22,	$17,	$22
+	addq	$23,	$21,	$23
+	cmpult	$22,	$17,	$28
+	cmpult	$23,	$21,	$19
+	addq	$23,	$28,	$23
+	addq	$8,	$19,	$8
+	mulq	$3,	$1,	$27
+	umulh	$3,	$1,	$24
+	cmplt	$27,	$31,	$20
+	cmplt	$24,	$31,	$25
+	addq	$27,	$27,	$27
+	addq	$24,	$24,	$24
+	addq	$24,	$20,	$24
+	addq	$8,	$25,	$8
+	addq	$22,	$27,	$22
+	addq	$23,	$24,	$23
+	cmpult	$22,	$27,	$18
+	cmpult	$23,	$24,	$17
+	addq	$23,	$18,	$23
+	addq	$8,	$17,	$8
+	mulq	$4,	$0,	$21
+	umulh	$4,	$0,	$28
+	cmplt	$21,	$31,	$19
+	cmplt	$28,	$31,	$20
+	addq	$21,	$21,	$21
+	addq	$28,	$28,	$28
+	addq	$28,	$19,	$28
+	addq	$8,	$20,	$8
+	addq	$22,	$21,	$22
+	addq	$23,	$28,	$23
+	cmpult	$22,	$21,	$25
+	cmpult	$23,	$28,	$27
+	addq	$23,	$25,	$23
+	addq	$8,	$27,	$8
+	stq	$22,	32($16)
+	bis	$31,	$31,	$22
+	mulq	$3,	$2,	$24
+	umulh	$3,	$2,	$18
+	cmplt	$24,	$31,	$17
+	cmplt	$18,	$31,	$19
+	addq	$24,	$24,	$24
+	addq	$18,	$18,	$18
+	addq	$18,	$17,	$18
+	addq	$22,	$19,	$22
+	addq	$23,	$24,	$23
+	addq	$8,	$18,	$8
+	cmpult	$23,	$24,	$20
+	cmpult	$8,	$18,	$21
+	addq	$8,	$20,	$8
+	addq	$22,	$21,	$22
+	mulq	$4,	$1,	$28
+	umulh	$4,	$1,	$25
+	cmplt	$28,	$31,	$27
+	cmplt	$25,	$31,	$17
+	addq	$28,	$28,	$28
+	addq	$25,	$25,	$25
+	addq	$25,	$27,	$25
+	addq	$22,	$17,	$22
+	addq	$23,	$28,	$23
+	addq	$8,	$25,	$8
+	cmpult	$23,	$28,	$19
+	cmpult	$8,	$25,	$24
+	addq	$8,	$19,	$8
+	addq	$22,	$24,	$22
+	mulq	$5,	$0,	$18
+	umulh	$5,	$0,	$20
+	cmplt	$18,	$31,	$21
+	cmplt	$20,	$31,	$27
+	addq	$18,	$18,	$18
+	addq	$20,	$20,	$20
+	addq	$20,	$21,	$20
+	addq	$22,	$27,	$22
+	addq	$23,	$18,	$23
+	addq	$8,	$20,	$8
+	cmpult	$23,	$18,	$17
+	cmpult	$8,	$20,	$28
+	addq	$8,	$17,	$8
+	addq	$22,	$28,	$22
+	stq	$23,	40($16)
+	bis	$31,	$31,	$23
+	mulq	$3,	$3,	$25
+	umulh	$3,	$3,	$19
+	addq	$8,	$25,	$8
+	addq	$22,	$19,	$22
+	cmpult	$8,	$25,	$24
+	cmpult	$22,	$19,	$21
+	addq	$22,	$24,	$22
+	addq	$23,	$21,	$23
+	mulq	$4,	$2,	$27
+	umulh	$4,	$2,	$18
+	cmplt	$27,	$31,	$20
+	cmplt	$18,	$31,	$17
+	addq	$27,	$27,	$27
+	addq	$18,	$18,	$18
+	addq	$18,	$20,	$18
+	addq	$23,	$17,	$23
+	addq	$8,	$27,	$8
+	addq	$22,	$18,	$22
+	cmpult	$8,	$27,	$28
+	cmpult	$22,	$18,	$25
+	addq	$22,	$28,	$22
+	addq	$23,	$25,	$23
+	mulq	$5,	$1,	$19
+	umulh	$5,	$1,	$24
+	cmplt	$19,	$31,	$21
+	cmplt	$24,	$31,	$20
+	addq	$19,	$19,	$19
+	addq	$24,	$24,	$24
+	addq	$24,	$21,	$24
+	addq	$23,	$20,	$23
+	addq	$8,	$19,	$8
+	addq	$22,	$24,	$22
+	cmpult	$8,	$19,	$17
+	cmpult	$22,	$24,	$27
+	addq	$22,	$17,	$22
+	addq	$23,	$27,	$23
+	mulq	$6,	$0,	$18
+	umulh	$6,	$0,	$28
+	cmplt	$18,	$31,	$25
+	cmplt	$28,	$31,	$21
+	addq	$18,	$18,	$18
+	addq	$28,	$28,	$28
+	addq	$28,	$25,	$28
+	addq	$23,	$21,	$23
+	addq	$8,	$18,	$8
+	addq	$22,	$28,	$22
+	cmpult	$8,	$18,	$20
+	cmpult	$22,	$28,	$19
+	addq	$22,	$20,	$22
+	addq	$23,	$19,	$23
+	stq	$8,	48($16)
+	bis	$31,	$31,	$8
+	mulq	$4,	$3,	$24
+	umulh	$4,	$3,	$17
+	cmplt	$24,	$31,	$27
+	cmplt	$17,	$31,	$25
+	addq	$24,	$24,	$24
+	addq	$17,	$17,	$17
+	addq	$17,	$27,	$17
+	addq	$8,	$25,	$8
+	addq	$22,	$24,	$22
+	addq	$23,	$17,	$23
+	cmpult	$22,	$24,	$21
+	cmpult	$23,	$17,	$18
+	addq	$23,	$21,	$23
+	addq	$8,	$18,	$8
+	mulq	$5,	$2,	$28
+	umulh	$5,	$2,	$20
+	cmplt	$28,	$31,	$19
+	cmplt	$20,	$31,	$27
+	addq	$28,	$28,	$28
+	addq	$20,	$20,	$20
+	addq	$20,	$19,	$20
+	addq	$8,	$27,	$8
+	addq	$22,	$28,	$22
+	addq	$23,	$20,	$23
+	cmpult	$22,	$28,	$25
+	cmpult	$23,	$20,	$24
+	addq	$23,	$25,	$23
+	addq	$8,	$24,	$8
+	mulq	$6,	$1,	$17
+	umulh	$6,	$1,	$21
+	cmplt	$17,	$31,	$18
+	cmplt	$21,	$31,	$19
+	addq	$17,	$17,	$17
+	addq	$21,	$21,	$21
+	addq	$21,	$18,	$21
+	addq	$8,	$19,	$8
+	addq	$22,	$17,	$22
+	addq	$23,	$21,	$23
+	cmpult	$22,	$17,	$27
+	cmpult	$23,	$21,	$28
+	addq	$23,	$27,	$23
+	addq	$8,	$28,	$8
+	mulq	$7,	$0,	$20
+	umulh	$7,	$0,	$25
+	cmplt	$20,	$31,	$24
+	cmplt	$25,	$31,	$18
+	addq	$20,	$20,	$20
+	addq	$25,	$25,	$25
+	addq	$25,	$24,	$25
+	addq	$8,	$18,	$8
+	addq	$22,	$20,	$22
+	addq	$23,	$25,	$23
+	cmpult	$22,	$20,	$19
+	cmpult	$23,	$25,	$17
+	addq	$23,	$19,	$23
+	addq	$8,	$17,	$8
+	stq	$22,	56($16)
+	bis	$31,	$31,	$22
+	mulq	$4,	$4,	$21
+	umulh	$4,	$4,	$27
+	addq	$23,	$21,	$23
+	addq	$8,	$27,	$8
+	cmpult	$23,	$21,	$28
+	cmpult	$8,	$27,	$24
+	addq	$8,	$28,	$8
+	addq	$22,	$24,	$22
+	mulq	$5,	$3,	$18
+	umulh	$5,	$3,	$20
+	cmplt	$18,	$31,	$25
+	cmplt	$20,	$31,	$19
+	addq	$18,	$18,	$18
+	addq	$20,	$20,	$20
+	addq	$20,	$25,	$20
+	addq	$22,	$19,	$22
+	addq	$23,	$18,	$23
+	addq	$8,	$20,	$8
+	cmpult	$23,	$18,	$17
+	cmpult	$8,	$20,	$21
+	addq	$8,	$17,	$8
+	addq	$22,	$21,	$22
+	mulq	$6,	$2,	$27
+	umulh	$6,	$2,	$28
+	cmplt	$27,	$31,	$24
+	cmplt	$28,	$31,	$25
+	addq	$27,	$27,	$27
+	addq	$28,	$28,	$28
+	addq	$28,	$24,	$28
+	addq	$22,	$25,	$22
+	addq	$23,	$27,	$23
+	addq	$8,	$28,	$8
+	cmpult	$23,	$27,	$19
+	cmpult	$8,	$28,	$18
+	addq	$8,	$19,	$8
+	addq	$22,	$18,	$22
+	mulq	$7,	$1,	$20
+	umulh	$7,	$1,	$17
+	cmplt	$20,	$31,	$21
+	cmplt	$17,	$31,	$24
+	addq	$20,	$20,	$20
+	addq	$17,	$17,	$17
+	addq	$17,	$21,	$17
+	addq	$22,	$24,	$22
+	addq	$23,	$20,	$23
+	addq	$8,	$17,	$8
+	cmpult	$23,	$20,	$25
+	cmpult	$8,	$17,	$27
+	addq	$8,	$25,	$8
+	addq	$22,	$27,	$22
+	stq	$23,	64($16)
+	bis	$31,	$31,	$23
+	mulq	$5,	$4,	$28
+	umulh	$5,	$4,	$19
+	cmplt	$28,	$31,	$18
+	cmplt	$19,	$31,	$21
+	addq	$28,	$28,	$28
+	addq	$19,	$19,	$19
+	addq	$19,	$18,	$19
+	addq	$23,	$21,	$23
+	addq	$8,	$28,	$8
+	addq	$22,	$19,	$22
+	cmpult	$8,	$28,	$24
+	cmpult	$22,	$19,	$20
+	addq	$22,	$24,	$22
+	addq	$23,	$20,	$23
+	mulq	$6,	$3,	$17
+	umulh	$6,	$3,	$25
+	cmplt	$17,	$31,	$27
+	cmplt	$25,	$31,	$18
+	addq	$17,	$17,	$17
+	addq	$25,	$25,	$25
+	addq	$25,	$27,	$25
+	addq	$23,	$18,	$23
+	addq	$8,	$17,	$8
+	addq	$22,	$25,	$22
+	cmpult	$8,	$17,	$21
+	cmpult	$22,	$25,	$28
+	addq	$22,	$21,	$22
+	addq	$23,	$28,	$23
+	mulq	$7,	$2,	$19
+	umulh	$7,	$2,	$24
+	cmplt	$19,	$31,	$20
+	cmplt	$24,	$31,	$27
+	addq	$19,	$19,	$19
+	addq	$24,	$24,	$24
+	addq	$24,	$20,	$24
+	addq	$23,	$27,	$23
+	addq	$8,	$19,	$8
+	addq	$22,	$24,	$22
+	cmpult	$8,	$19,	$18
+	cmpult	$22,	$24,	$17
+	addq	$22,	$18,	$22
+	addq	$23,	$17,	$23
+	stq	$8,	72($16)
+	bis	$31,	$31,	$8
+	mulq	$5,	$5,	$25
+	umulh	$5,	$5,	$21
+	addq	$22,	$25,	$22
+	addq	$23,	$21,	$23
+	cmpult	$22,	$25,	$28
+	cmpult	$23,	$21,	$20
+	addq	$23,	$28,	$23
+	addq	$8,	$20,	$8
+	mulq	$6,	$4,	$27
+	umulh	$6,	$4,	$19
+	cmplt	$27,	$31,	$24
+	cmplt	$19,	$31,	$18
+	addq	$27,	$27,	$27
+	addq	$19,	$19,	$19
+	addq	$19,	$24,	$19
+	addq	$8,	$18,	$8
+	addq	$22,	$27,	$22
+	addq	$23,	$19,	$23
+	cmpult	$22,	$27,	$17
+	cmpult	$23,	$19,	$25
+	addq	$23,	$17,	$23
+	addq	$8,	$25,	$8
+	mulq	$7,	$3,	$21
+	umulh	$7,	$3,	$28
+	cmplt	$21,	$31,	$20
+	cmplt	$28,	$31,	$24
+	addq	$21,	$21,	$21
+	addq	$28,	$28,	$28
+	addq	$28,	$20,	$28
+	addq	$8,	$24,	$8
+	addq	$22,	$21,	$22
+	addq	$23,	$28,	$23
+	cmpult	$22,	$21,	$18
+	cmpult	$23,	$28,	$27
+	addq	$23,	$18,	$23
+	addq	$8,	$27,	$8
+	stq	$22,	80($16)
+	bis	$31,	$31,	$22
+	mulq	$6,	$5,	$19
+	umulh	$6,	$5,	$17
+	cmplt	$19,	$31,	$25
+	cmplt	$17,	$31,	$20
+	addq	$19,	$19,	$19
+	addq	$17,	$17,	$17
+	addq	$17,	$25,	$17
+	addq	$22,	$20,	$22
+	addq	$23,	$19,	$23
+	addq	$8,	$17,	$8
+	cmpult	$23,	$19,	$24
+	cmpult	$8,	$17,	$21
+	addq	$8,	$24,	$8
+	addq	$22,	$21,	$22
+	mulq	$7,	$4,	$28
+	umulh	$7,	$4,	$18
+	cmplt	$28,	$31,	$27
+	cmplt	$18,	$31,	$25
+	addq	$28,	$28,	$28
+	addq	$18,	$18,	$18
+	addq	$18,	$27,	$18
+	addq	$22,	$25,	$22
+	addq	$23,	$28,	$23
+	addq	$8,	$18,	$8
+	cmpult	$23,	$28,	$20
+	cmpult	$8,	$18,	$19
+	addq	$8,	$20,	$8
+	addq	$22,	$19,	$22
+	stq	$23,	88($16)
+	bis	$31,	$31,	$23
+	mulq	$6,	$6,	$17
+	umulh	$6,	$6,	$24
+	addq	$8,	$17,	$8
+	addq	$22,	$24,	$22
+	cmpult	$8,	$17,	$21
+	cmpult	$22,	$24,	$27
+	addq	$22,	$21,	$22
+	addq	$23,	$27,	$23
+	mulq	$7,	$5,	$25
+	umulh	$7,	$5,	$28
+	cmplt	$25,	$31,	$18
+	cmplt	$28,	$31,	$20
+	addq	$25,	$25,	$25
+	addq	$28,	$28,	$28
+	addq	$28,	$18,	$28
+	addq	$23,	$20,	$23
+	addq	$8,	$25,	$8
+	addq	$22,	$28,	$22
+	cmpult	$8,	$25,	$19
+	cmpult	$22,	$28,	$17
+	addq	$22,	$19,	$22
+	addq	$23,	$17,	$23
+	stq	$8,	96($16)
+	bis	$31,	$31,	$8
+	mulq	$7,	$6,	$24
+	umulh	$7,	$6,	$21
+	cmplt	$24,	$31,	$27
+	cmplt	$21,	$31,	$18
+	addq	$24,	$24,	$24
+	addq	$21,	$21,	$21
+	addq	$21,	$27,	$21
+	addq	$8,	$18,	$8
+	addq	$22,	$24,	$22
+	addq	$23,	$21,	$23
+	cmpult	$22,	$24,	$20
+	cmpult	$23,	$21,	$25
+	addq	$23,	$20,	$23
+	addq	$8,	$25,	$8
+	stq	$22,	104($16)
+	bis	$31,	$31,	$22
+	mulq	$7,	$7,	$28
+	umulh	$7,	$7,	$19
+	addq	$23,	$28,	$23
+	addq	$8,	$19,	$8
+	cmpult	$23,	$28,	$17
+	cmpult	$8,	$19,	$27
+	addq	$8,	$17,	$8
+	addq	$22,	$27,	$22
+	stq	$23,	112($16)
+	stq	$8,	120($16)
+	ret	$31,($26),1
+	.end bn_sqr_comba8
diff --git a/lib/libssl/src/crypto/bn/asm/alpha.s.works b/lib/libssl/src/crypto/bn/asm/alpha.s.works
new file mode 100644
index 00000000000..ee6c5878099
--- /dev/null
+++ b/lib/libssl/src/crypto/bn/asm/alpha.s.works
@@ -0,0 +1,533 @@
+
+ # DEC Alpha assember
+ # The bn_div64 is actually gcc output but the other parts are hand done.
+ # Thanks to tzeruch@ceddec.com for sending me the gcc output for
+ # bn_div64.
+ # I've gone back and re-done most of routines.
+ # The key thing to remeber for the 164 CPU is that while a
+ # multiply operation takes 8 cycles, another one can only be issued
+ # after 4 cycles have elapsed.  I've done modification to help
+ # improve this.  Also, normally, a ld instruction will not be available
+ # for about 3 cycles.
+	.file	1 "bn_asm.c"
+	.set noat
+gcc2_compiled.:
+__gnu_compiled_c:
+	.text
+	.align 3
+	.globl bn_mul_add_words
+	.ent bn_mul_add_words
+bn_mul_add_words:
+bn_mul_add_words..ng:
+	.frame $30,0,$26,0
+	.prologue 0
+	.align 5
+	subq	$18,4,$18
+	bis	$31,$31,$0
+	blt	$18,$43		# if we are -1, -2, -3 or -4 goto tail code
+	ldq	$20,0($17)	# 1 1
+	ldq	$1,0($16)	# 1 1
+	.align 3
+$42:
+	mulq	$20,$19,$5	# 1 2 1	######
+	ldq	$21,8($17)	# 2 1
+	ldq	$2,8($16)	# 2 1
+	umulh	$20,$19,$20	# 1 2	######
+	ldq	$27,16($17)	# 3 1
+	ldq	$3,16($16)	# 3 1
+	mulq	$21,$19,$6	# 2 2 1	######
+	 ldq	$28,24($17)	# 4 1
+	addq	$1,$5,$1	# 1 2 2
+	 ldq	$4,24($16)	# 4 1
+	umulh	$21,$19,$21	# 2 2	######
+	 cmpult	$1,$5,$22	# 1 2 3 1
+	addq	$20,$22,$20	# 1 3 1
+	 addq	$1,$0,$1	# 1 2 3 1
+	mulq	$27,$19,$7	# 3 2 1	######
+	 cmpult	$1,$0,$0	# 1 2 3 2
+	addq	$2,$6,$2	# 2 2 2
+	 addq	$20,$0,$0	# 1 3 2 
+	cmpult	$2,$6,$23	# 2 2 3 1
+	 addq	$21,$23,$21	# 2 3 1
+	umulh	$27,$19,$27	# 3 2	######
+	 addq	$2,$0,$2	# 2 2 3 1
+	cmpult	$2,$0,$0	# 2 2 3 2
+	 subq	$18,4,$18
+	mulq	$28,$19,$8	# 4 2 1	######
+	 addq	$21,$0,$0	# 2 3 2 
+	addq	$3,$7,$3	# 3 2 2
+	 addq	$16,32,$16
+	cmpult	$3,$7,$24	# 3 2 3 1
+	 stq	$1,-32($16)	# 1 2 4
+	umulh	$28,$19,$28	# 4 2	######
+	 addq	$27,$24,$27	# 3 3 1
+	addq	$3,$0,$3	# 3 2 3 1
+	 stq	$2,-24($16)	# 2 2 4
+	cmpult	$3,$0,$0	# 3 2 3 2
+	 stq	$3,-16($16)	# 3 2 4
+	addq	$4,$8,$4	# 4 2 2
+	 addq	$27,$0,$0	# 3 3 2 
+	cmpult	$4,$8,$25	# 4 2 3 1
+	 addq	$17,32,$17
+	addq	$28,$25,$28	# 4 3 1
+	 addq	$4,$0,$4	# 4 2 3 1
+	cmpult	$4,$0,$0	# 4 2 3 2
+	 stq	$4,-8($16)	# 4 2 4
+	addq	$28,$0,$0	# 4 3 2 
+	 blt	$18,$43
+
+	ldq	$20,0($17)	# 1 1
+	ldq	$1,0($16)	# 1 1
+
+	br	$42
+
+	.align 4
+$45:
+	ldq	$20,0($17)	# 4 1
+	ldq	$1,0($16)	# 4 1
+	mulq	$20,$19,$5	# 4 2 1
+	subq	$18,1,$18
+	addq	$16,8,$16
+	addq	$17,8,$17
+	umulh	$20,$19,$20	# 4 2
+	addq	$1,$5,$1	# 4 2 2
+	cmpult	$1,$5,$22	# 4 2 3 1
+	addq	$20,$22,$20	# 4 3 1
+	addq	$1,$0,$1	# 4 2 3 1
+	cmpult	$1,$0,$0	# 4 2 3 2
+	addq	$20,$0,$0	# 4 3 2 
+	stq	$1,-8($16)	# 4 2 4
+	bgt	$18,$45
+	ret	$31,($26),1	# else exit
+
+	.align 4
+$43:
+	addq	$18,4,$18
+	bgt	$18,$45		# goto tail code
+	ret	$31,($26),1	# else exit
+
+	.end bn_mul_add_words
+	.align 3
+	.globl bn_mul_words
+	.ent bn_mul_words
+bn_mul_words:
+bn_mul_words..ng:
+	.frame $30,0,$26,0
+	.prologue 0
+	.align 5
+	subq	$18,4,$18
+	bis	$31,$31,$0
+	blt	$18,$143	# if we are -1, -2, -3 or -4 goto tail code
+	ldq	$20,0($17)	# 1 1
+	.align 3
+$142:
+
+	mulq	$20,$19,$5	# 1 2 1	#####
+	 ldq	$21,8($17)	# 2 1
+	 ldq	$27,16($17)	# 3 1
+	umulh	$20,$19,$20	# 1 2	#####
+	 ldq	$28,24($17)	# 4 1
+	mulq	$21,$19,$6	# 2 2 1	#####
+	 addq	$5,$0,$5	# 1 2 3 1
+	subq	$18,4,$18
+	 cmpult	$5,$0,$0	# 1 2 3 2
+	umulh	$21,$19,$21	# 2 2	#####
+	 addq	$20,$0,$0	# 1 3 2 
+	addq	$17,32,$17
+	 addq	$6,$0,$6	# 2 2 3 1
+	mulq	$27,$19,$7	# 3 2 1	#####
+	 cmpult	$6,$0,$0	# 2 2 3 2
+	addq	$21,$0,$0	# 2 3 2 
+	 addq	$16,32,$16
+	umulh	$27,$19,$27	# 3 2	#####
+	 stq	$5,-32($16)	# 1 2 4
+	mulq	$28,$19,$8	# 4 2 1	#####
+	 addq	$7,$0,$7	# 3 2 3 1
+	stq	$6,-24($16)	# 2 2 4
+	 cmpult	$7,$0,$0	# 3 2 3 2
+	umulh	$28,$19,$28	# 4 2	#####
+	 addq	$27,$0,$0	# 3 3 2 
+	stq	$7,-16($16)	# 3 2 4
+	 addq	$8,$0,$8	# 4 2 3 1
+	cmpult	$8,$0,$0	# 4 2 3 2
+
+	addq	$28,$0,$0	# 4 3 2 
+
+	stq	$8,-8($16)	# 4 2 4
+
+	blt	$18,$143
+
+	ldq	$20,0($17)	# 1 1
+
+	br	$142
+
+	.align 4
+$145:
+	ldq	$20,0($17)	# 4 1
+	mulq	$20,$19,$5	# 4 2 1
+	subq	$18,1,$18
+	umulh	$20,$19,$20	# 4 2
+	addq	$5,$0,$5	# 4 2 3 1
+	 addq	$16,8,$16
+	cmpult	$5,$0,$0	# 4 2 3 2
+	 addq	$17,8,$17
+	addq	$20,$0,$0	# 4 3 2 
+	stq	$5,-8($16)	# 4 2 4
+
+	bgt	$18,$145
+	ret	$31,($26),1	# else exit
+
+	.align 4
+$143:
+	addq	$18,4,$18
+	bgt	$18,$145	# goto tail code
+	ret	$31,($26),1	# else exit
+
+	.end bn_mul_words
+	.align 3
+	.globl bn_sqr_words
+	.ent bn_sqr_words
+bn_sqr_words:
+bn_sqr_words..ng:
+	.frame $30,0,$26,0
+	.prologue 0
+
+	subq	$18,4,$18
+	blt	$18,$543	# if we are -1, -2, -3 or -4 goto tail code
+	ldq	$20,0($17)	# 1 1
+	.align 3
+$542:
+	mulq	$20,$20,$5		######
+	 ldq	$21,8($17)	# 1 1
+	subq	$18,4
+ 	umulh	$20,$20,$1		######
+	ldq	$27,16($17)	# 1 1
+	mulq	$21,$21,$6		######
+	ldq	$28,24($17)	# 1 1
+	stq	$5,0($16)	# r[0]
+ 	umulh	$21,$21,$2		######
+	stq	$1,8($16)	# r[1]
+	mulq	$27,$27,$7		######
+	stq	$6,16($16)	# r[0]
+ 	umulh	$27,$27,$3		######
+	stq	$2,24($16)	# r[1]
+	mulq	$28,$28,$8		######
+	stq	$7,32($16)	# r[0]
+ 	umulh	$28,$28,$4		######
+	stq	$3,40($16)	# r[1]
+
+ 	addq	$16,64,$16
+ 	addq	$17,32,$17
+	stq	$8,-16($16)	# r[0]
+	stq	$4,-8($16)	# r[1]
+
+	blt	$18,$543
+	ldq	$20,0($17)	# 1 1
+ 	br 	$542
+
+$442:
+	ldq	$20,0($17)   # a[0]
+	mulq	$20,$20,$5  # a[0]*w low part       r2
+	addq	$16,16,$16
+	addq	$17,8,$17
+	subq	$18,1,$18
+        umulh	$20,$20,$1  # a[0]*w high part       r3
+	stq	$5,-16($16)   # r[0]
+        stq	$1,-8($16)   # r[1]
+
+	bgt	$18,$442
+	ret	$31,($26),1	# else exit
+
+	.align 4
+$543:
+	addq	$18,4,$18
+	bgt	$18,$442	# goto tail code
+	ret	$31,($26),1	# else exit
+	.end bn_sqr_words
+
+	.align 3
+	.globl bn_add_words
+	.ent bn_add_words
+bn_add_words:
+bn_add_words..ng:
+	.frame $30,0,$26,0
+	.prologue 0
+
+	subq	$19,4,$19
+	bis	$31,$31,$0	# carry = 0
+	blt	$19,$900
+	ldq	$5,0($17)	# a[0]
+	ldq	$1,0($18)	# b[1]
+	.align 3
+$901:
+	addq	$1,$5,$1	# r=a+b;
+	 ldq	$6,8($17)	# a[1]
+	cmpult	$1,$5,$22	# did we overflow?
+	 ldq	$2,8($18)	# b[1]
+	addq	$1,$0,$1	# c+= overflow
+	 ldq	$7,16($17)	# a[2]
+	cmpult	$1,$0,$0	# overflow?
+	 ldq	$3,16($18)	# b[2]
+	addq	$0,$22,$0
+	 ldq	$8,24($17)	# a[3]
+	addq	$2,$6,$2	# r=a+b;
+	 ldq	$4,24($18)	# b[3]
+	cmpult	$2,$6,$23	# did we overflow?
+	 addq	$3,$7,$3	# r=a+b;
+	addq	$2,$0,$2	# c+= overflow
+	 cmpult	$3,$7,$24	# did we overflow?
+	cmpult	$2,$0,$0	# overflow?
+	 addq	$4,$8,$4	# r=a+b;
+	addq	$0,$23,$0
+	 cmpult	$4,$8,$25	# did we overflow?
+	addq	$3,$0,$3	# c+= overflow
+	 stq	$1,0($16)	# r[0]=c
+	cmpult	$3,$0,$0	# overflow?
+	 stq	$2,8($16)	# r[1]=c
+	addq	$0,$24,$0
+	 stq	$3,16($16)	# r[2]=c
+	addq	$4,$0,$4	# c+= overflow
+	 subq	$19,4,$19	# loop--
+	cmpult	$4,$0,$0	# overflow?
+	 addq	$17,32,$17	# a++
+	addq	$0,$25,$0
+	 stq	$4,24($16)	# r[3]=c
+	addq	$18,32,$18	# b++
+	 addq	$16,32,$16	# r++
+
+	blt	$19,$900
+	 ldq	$5,0($17)	# a[0]
+	ldq	$1,0($18)	# b[1]
+	 br	$901
+	.align 4
+$945:
+	ldq	$5,0($17)	# a[0]
+	 ldq	$1,0($18)	# b[1]
+	addq	$1,$5,$1	# r=a+b;
+	 subq	$19,1,$19	# loop--
+	addq	$1,$0,$1	# c+= overflow
+	 addq	$17,8,$17	# a++
+	cmpult	$1,$5,$22	# did we overflow?
+	 cmpult	$1,$0,$0	# overflow?
+	addq	$18,8,$18	# b++
+	 stq	$1,0($16)	# r[0]=c
+	addq	$0,$22,$0
+	 addq	$16,8,$16	# r++
+
+	bgt	$19,$945
+	ret	$31,($26),1	# else exit
+
+$900:
+	addq	$19,4,$19
+	bgt	$19,$945	# goto tail code
+	ret	$31,($26),1	# else exit
+	.end bn_add_words
+
+ #
+ # What follows was taken directly from the C compiler with a few
+ # hacks to redo the lables.
+ #
+.text
+	.align 3
+	.globl bn_div64
+	.ent bn_div64
+bn_div64:
+	ldgp $29,0($27)
+bn_div64..ng:
+	lda $30,-48($30)
+	.frame $30,48,$26,0
+	stq $26,0($30)
+	stq $9,8($30)
+	stq $10,16($30)
+	stq $11,24($30)
+	stq $12,32($30)
+	stq $13,40($30)
+	.mask 0x4003e00,-48
+	.prologue 1
+	bis $16,$16,$9
+	bis $17,$17,$10
+	bis $18,$18,$11
+	bis $31,$31,$13
+	bis $31,2,$12
+	bne $11,$119
+	lda $0,-1
+	br $31,$136
+	.align 4
+$119:
+	bis $11,$11,$16
+	jsr $26,BN_num_bits_word
+	ldgp $29,0($26)
+	subq $0,64,$1
+	beq $1,$120
+	bis $31,1,$1
+	sll $1,$0,$1
+	cmpule $9,$1,$1
+	bne $1,$120
+ #	lda $16,_IO_stderr_
+ #	lda $17,$C32
+ #	bis $0,$0,$18
+ #	jsr $26,fprintf
+ #	ldgp $29,0($26)
+	jsr $26,abort
+	ldgp $29,0($26)
+	.align 4
+$120:
+	bis $31,64,$3
+	cmpult $9,$11,$2
+	subq $3,$0,$1
+	addl $1,$31,$0
+	subq $9,$11,$1
+	cmoveq $2,$1,$9
+	beq $0,$122
+	zapnot $0,15,$2
+	subq $3,$0,$1
+	sll $11,$2,$11
+	sll $9,$2,$3
+	srl $10,$1,$1
+	sll $10,$2,$10
+	bis $3,$1,$9
+$122:
+	srl $11,32,$5
+	zapnot $11,15,$6
+	lda $7,-1
+	.align 5
+$123:
+	srl $9,32,$1
+	subq $1,$5,$1
+	bne $1,$126
+	zapnot $7,15,$27
+	br $31,$127
+	.align 4
+$126:
+	bis $9,$9,$24
+	bis $5,$5,$25
+	divqu $24,$25,$27
+$127:
+	srl $10,32,$4
+	.align 5
+$128:
+	mulq $27,$5,$1
+	subq $9,$1,$3
+	zapnot $3,240,$1
+	bne $1,$129
+	mulq $6,$27,$2
+	sll $3,32,$1
+	addq $1,$4,$1
+	cmpule $2,$1,$2
+	bne $2,$129
+	subq $27,1,$27
+	br $31,$128
+	.align 4
+$129:
+	mulq $27,$6,$1
+	mulq $27,$5,$4
+	srl $1,32,$3
+	sll $1,32,$1
+	addq $4,$3,$4
+	cmpult $10,$1,$2
+	subq $10,$1,$10
+	addq $2,$4,$2
+	cmpult $9,$2,$1
+	bis $2,$2,$4
+	beq $1,$134
+	addq $9,$11,$9
+	subq $27,1,$27
+$134:
+	subl $12,1,$12
+	subq $9,$4,$9
+	beq $12,$124
+	sll $27,32,$13
+	sll $9,32,$2
+	srl $10,32,$1
+	sll $10,32,$10
+	bis $2,$1,$9
+	br $31,$123
+	.align 4
+$124:
+	bis $13,$27,$0
+$136:
+	ldq $26,0($30)
+	ldq $9,8($30)
+	ldq $10,16($30)
+	ldq $11,24($30)
+	ldq $12,32($30)
+	ldq $13,40($30)
+	addq $30,48,$30
+	ret $31,($26),1
+	.end bn_div64
+
+	.set noat
+	.text
+	.align 3
+	.globl bn_sub_words
+	.ent bn_sub_words
+bn_sub_words:
+bn_sub_words..ng:
+	.frame $30,0,$26,0
+	.prologue 0
+
+	subq	$19,	4,	$19
+	bis	$31,	$31,	$0
+	blt	$19,	$100
+	ldq	$1,	0($17)
+	ldq	$2,	0($18)
+$101:
+	ldq	$3,	8($17)
+	cmpult	$1,	$2,	$4
+	ldq	$5,	8($18)
+	subq	$1,	$2,	$1
+	ldq	$6,	16($17)
+	cmpult	$1,	$0,	$2
+	ldq	$7,	16($18)
+	subq	$1,	$0,	$23
+	ldq	$8,	24($17)
+	addq	$2,	$4,	$0
+	cmpult	$3,	$5,	$24
+	subq	$3,	$5,	$3
+	ldq	$22,	24($18)
+	cmpult	$3,	$0,	$5
+	subq	$3,	$0,	$25
+	addq	$5,	$24,	$0
+	cmpult	$6,	$7,	$27
+	subq	$6,	$7,	$6
+	stq	$23,	0($16)
+	cmpult	$6,	$0,	$7
+	subq	$6,	$0,	$28
+	addq	$7,	$27,	$0
+	cmpult	$8,	$22,	$21
+	subq	$8,	$22,	$8
+	stq	$25,	8($16)
+	cmpult	$8,	$0,	$22
+	subq	$8,	$0,	$20
+	addq	$22,	$21,	$0
+	stq	$28,	16($16)
+	subq	$19,	4,	$19
+	stq	$20,	24($16)
+	addq	$17,	32,	$17
+	addq	$18,	32,	$18
+	addq	$16,	32,	$16
+	blt	$19,	$100
+	ldq	$1,	0($17)
+	ldq	$2,	0($18)
+	br	$101
+$102:
+	ldq	$1,	0($17)
+	ldq	$2,	0($18)
+	cmpult	$1,	$2,	$27
+	subq	$1,	$2,	$1
+	cmpult	$1,	$0,	$2
+	subq	$1,	$0,	$1
+	stq	$1,	0($16)
+	addq	$2,	$27,	$0
+	addq	$17,	8,	$17
+	addq	$18,	8,	$18
+	addq	$16,	8,	$16
+	subq	$19,	1,	$19
+	bgt	$19,	$102
+	ret	$31,($26),1
+$100:
+	addq	$19,	4,	$19
+	bgt	$19,	$102
+$103:
+	ret	$31,($26),1
+	.end bn_sub_words
diff --git a/lib/libssl/src/crypto/bn/asm/bn-586.pl b/lib/libssl/src/crypto/bn/asm/bn-586.pl
index 19d425ee960..5191bed273e 100644
--- a/lib/libssl/src/crypto/bn/asm/bn-586.pl
+++ b/lib/libssl/src/crypto/bn/asm/bn-586.pl
@@ -1,18 +1,16 @@
-#!/usr/bin/perl
-#
-
 #!/usr/local/bin/perl
 
 push(@INC,"perlasm","../../perlasm");
 require "x86asm.pl";
 
-&asm_init($ARGV[0],"bn-586.pl");
+&asm_init($ARGV[0],$0);
 
 &bn_mul_add_words("bn_mul_add_words");
 &bn_mul_words("bn_mul_words");
 &bn_sqr_words("bn_sqr_words");
-&bn_div64("bn_div64");
+&bn_div_words("bn_div_words");
 &bn_add_words("bn_add_words");
+&bn_sub_words("bn_sub_words");
 
 &asm_finish();
 
@@ -228,7 +226,7 @@ sub bn_sqr_words
 	&function_end($name);
 	}
 
-sub bn_div64
+sub bn_div_words
 	{
 	local($name)=@_;
 
@@ -307,7 +305,79 @@ sub bn_add_words
 		}
 	&set_label("aw_end",0);
 
-	&mov("eax",$c);
+#	&mov("eax",$c);		# $c is "eax"
+
+	&function_end($name);
+	}
+
+sub bn_sub_words
+	{
+	local($name)=@_;
+
+	&function_begin($name,"");
+
+	&comment("");
+	$a="esi";
+	$b="edi";
+	$c="eax";
+	$r="ebx";
+	$tmp1="ecx";
+	$tmp2="edx";
+	$num="ebp";
+
+	&mov($r,&wparam(0));	# get r
+	 &mov($a,&wparam(1));	# get a
+	&mov($b,&wparam(2));	# get b
+	 &mov($num,&wparam(3));	# get num
+	&xor($c,$c);		# clear carry
+	 &and($num,0xfffffff8);	# num / 8
+
+	&jz(&label("aw_finish"));
+
+	&set_label("aw_loop",0);
+	for ($i=0; $i<8; $i++)
+		{
+		&comment("Round $i");
+
+		&mov($tmp1,&DWP($i*4,$a,"",0)); 	# *a
+		 &mov($tmp2,&DWP($i*4,$b,"",0)); 	# *b
+		&sub($tmp1,$c);
+		 &mov($c,0);
+		&adc($c,$c);
+		 &sub($tmp1,$tmp2);
+		&adc($c,0);
+		 &mov(&DWP($i*4,$r,"",0),$tmp1); 	# *r
+		}
+
+	&comment("");
+	&add($a,32);
+	 &add($b,32);
+	&add($r,32);
+	 &sub($num,8);
+	&jnz(&label("aw_loop"));
+
+	&set_label("aw_finish",0);
+	&mov($num,&wparam(3));	# get num
+	&and($num,7);
+	 &jz(&label("aw_end"));
+
+	for ($i=0; $i<7; $i++)
+		{
+		&comment("Tail Round $i");
+		&mov($tmp1,&DWP($i*4,$a,"",0));	# *a
+		 &mov($tmp2,&DWP($i*4,$b,"",0));# *b
+		&sub($tmp1,$c);
+		 &mov($c,0);
+		&adc($c,$c);
+		 &sub($tmp1,$tmp2);
+		&adc($c,0);
+		 &dec($num) if ($i != 6);
+		&mov(&DWP($i*4,$r,"",0),$tmp1);	# *a
+		 &jz(&label("aw_end")) if ($i != 6);
+		}
+	&set_label("aw_end",0);
+
+#	&mov("eax",$c);		# $c is "eax"
 
 	&function_end($name);
 	}
diff --git a/lib/libssl/src/crypto/bn/asm/bn-alpha.pl b/lib/libssl/src/crypto/bn/asm/bn-alpha.pl
new file mode 100644
index 00000000000..302edf23767
--- /dev/null
+++ b/lib/libssl/src/crypto/bn/asm/bn-alpha.pl
@@ -0,0 +1,571 @@
+#!/usr/local/bin/perl
+# I have this in perl so I can use more usefull register names and then convert
+# them into alpha registers.
+#
+
+$d=&data();
+$d =~ s/CC/0/g;
+$d =~ s/R1/1/g;
+$d =~ s/R2/2/g;
+$d =~ s/R3/3/g;
+$d =~ s/R4/4/g;
+$d =~ s/L1/5/g;
+$d =~ s/L2/6/g;
+$d =~ s/L3/7/g;
+$d =~ s/L4/8/g;
+$d =~ s/O1/22/g;
+$d =~ s/O2/23/g;
+$d =~ s/O3/24/g;
+$d =~ s/O4/25/g;
+$d =~ s/A1/20/g;
+$d =~ s/A2/21/g;
+$d =~ s/A3/27/g;
+$d =~ s/A4/28/g;
+if (0){
+}
+
+print $d;
+
+sub data
+	{
+	local($data)=<<'EOF';
+
+ # DEC Alpha assember
+ # The bn_div_words is actually gcc output but the other parts are hand done.
+ # Thanks to tzeruch@ceddec.com for sending me the gcc output for
+ # bn_div_words.
+ # I've gone back and re-done most of routines.
+ # The key thing to remeber for the 164 CPU is that while a
+ # multiply operation takes 8 cycles, another one can only be issued
+ # after 4 cycles have elapsed.  I've done modification to help
+ # improve this.  Also, normally, a ld instruction will not be available
+ # for about 3 cycles.
+	.file	1 "bn_asm.c"
+	.set noat
+gcc2_compiled.:
+__gnu_compiled_c:
+	.text
+	.align 3
+	.globl bn_mul_add_words
+	.ent bn_mul_add_words
+bn_mul_add_words:
+bn_mul_add_words..ng:
+	.frame $30,0,$26,0
+	.prologue 0
+	.align 5
+	subq	$18,4,$18
+	bis	$31,$31,$CC
+	blt	$18,$43		# if we are -1, -2, -3 or -4 goto tail code
+	ldq	$A1,0($17)	# 1 1
+	ldq	$R1,0($16)	# 1 1
+	.align 3
+$42:
+	mulq	$A1,$19,$L1	# 1 2 1	######
+	ldq	$A2,8($17)	# 2 1
+	ldq	$R2,8($16)	# 2 1
+	umulh	$A1,$19,$A1	# 1 2	######
+	ldq	$A3,16($17)	# 3 1
+	ldq	$R3,16($16)	# 3 1
+	mulq	$A2,$19,$L2	# 2 2 1	######
+	 ldq	$A4,24($17)	# 4 1
+	addq	$R1,$L1,$R1	# 1 2 2
+	 ldq	$R4,24($16)	# 4 1
+	umulh	$A2,$19,$A2	# 2 2	######
+	 cmpult	$R1,$L1,$O1	# 1 2 3 1
+	addq	$A1,$O1,$A1	# 1 3 1
+	 addq	$R1,$CC,$R1	# 1 2 3 1
+	mulq	$A3,$19,$L3	# 3 2 1	######
+	 cmpult	$R1,$CC,$CC	# 1 2 3 2
+	addq	$R2,$L2,$R2	# 2 2 2
+	 addq	$A1,$CC,$CC	# 1 3 2 
+	cmpult	$R2,$L2,$O2	# 2 2 3 1
+	 addq	$A2,$O2,$A2	# 2 3 1
+	umulh	$A3,$19,$A3	# 3 2	######
+	 addq	$R2,$CC,$R2	# 2 2 3 1
+	cmpult	$R2,$CC,$CC	# 2 2 3 2
+	 subq	$18,4,$18
+	mulq	$A4,$19,$L4	# 4 2 1	######
+	 addq	$A2,$CC,$CC	# 2 3 2 
+	addq	$R3,$L3,$R3	# 3 2 2
+	 addq	$16,32,$16
+	cmpult	$R3,$L3,$O3	# 3 2 3 1
+	 stq	$R1,-32($16)	# 1 2 4
+	umulh	$A4,$19,$A4	# 4 2	######
+	 addq	$A3,$O3,$A3	# 3 3 1
+	addq	$R3,$CC,$R3	# 3 2 3 1
+	 stq	$R2,-24($16)	# 2 2 4
+	cmpult	$R3,$CC,$CC	# 3 2 3 2
+	 stq	$R3,-16($16)	# 3 2 4
+	addq	$R4,$L4,$R4	# 4 2 2
+	 addq	$A3,$CC,$CC	# 3 3 2 
+	cmpult	$R4,$L4,$O4	# 4 2 3 1
+	 addq	$17,32,$17
+	addq	$A4,$O4,$A4	# 4 3 1
+	 addq	$R4,$CC,$R4	# 4 2 3 1
+	cmpult	$R4,$CC,$CC	# 4 2 3 2
+	 stq	$R4,-8($16)	# 4 2 4
+	addq	$A4,$CC,$CC	# 4 3 2 
+	 blt	$18,$43
+
+	ldq	$A1,0($17)	# 1 1
+	ldq	$R1,0($16)	# 1 1
+
+	br	$42
+
+	.align 4
+$45:
+	ldq	$A1,0($17)	# 4 1
+	ldq	$R1,0($16)	# 4 1
+	mulq	$A1,$19,$L1	# 4 2 1
+	subq	$18,1,$18
+	addq	$16,8,$16
+	addq	$17,8,$17
+	umulh	$A1,$19,$A1	# 4 2
+	addq	$R1,$L1,$R1	# 4 2 2
+	cmpult	$R1,$L1,$O1	# 4 2 3 1
+	addq	$A1,$O1,$A1	# 4 3 1
+	addq	$R1,$CC,$R1	# 4 2 3 1
+	cmpult	$R1,$CC,$CC	# 4 2 3 2
+	addq	$A1,$CC,$CC	# 4 3 2 
+	stq	$R1,-8($16)	# 4 2 4
+	bgt	$18,$45
+	ret	$31,($26),1	# else exit
+
+	.align 4
+$43:
+	addq	$18,4,$18
+	bgt	$18,$45		# goto tail code
+	ret	$31,($26),1	# else exit
+
+	.end bn_mul_add_words
+	.align 3
+	.globl bn_mul_words
+	.ent bn_mul_words
+bn_mul_words:
+bn_mul_words..ng:
+	.frame $30,0,$26,0
+	.prologue 0
+	.align 5
+	subq	$18,4,$18
+	bis	$31,$31,$CC
+	blt	$18,$143	# if we are -1, -2, -3 or -4 goto tail code
+	ldq	$A1,0($17)	# 1 1
+	.align 3
+$142:
+
+	mulq	$A1,$19,$L1	# 1 2 1	#####
+	 ldq	$A2,8($17)	# 2 1
+	 ldq	$A3,16($17)	# 3 1
+	umulh	$A1,$19,$A1	# 1 2	#####
+	 ldq	$A4,24($17)	# 4 1
+	mulq	$A2,$19,$L2	# 2 2 1	#####
+	 addq	$L1,$CC,$L1	# 1 2 3 1
+	subq	$18,4,$18
+	 cmpult	$L1,$CC,$CC	# 1 2 3 2
+	umulh	$A2,$19,$A2	# 2 2	#####
+	 addq	$A1,$CC,$CC	# 1 3 2 
+	addq	$17,32,$17
+	 addq	$L2,$CC,$L2	# 2 2 3 1
+	mulq	$A3,$19,$L3	# 3 2 1	#####
+	 cmpult	$L2,$CC,$CC	# 2 2 3 2
+	addq	$A2,$CC,$CC	# 2 3 2 
+	 addq	$16,32,$16
+	umulh	$A3,$19,$A3	# 3 2	#####
+	 stq	$L1,-32($16)	# 1 2 4
+	mulq	$A4,$19,$L4	# 4 2 1	#####
+	 addq	$L3,$CC,$L3	# 3 2 3 1
+	stq	$L2,-24($16)	# 2 2 4
+	 cmpult	$L3,$CC,$CC	# 3 2 3 2
+	umulh	$A4,$19,$A4	# 4 2	#####
+	 addq	$A3,$CC,$CC	# 3 3 2 
+	stq	$L3,-16($16)	# 3 2 4
+	 addq	$L4,$CC,$L4	# 4 2 3 1
+	cmpult	$L4,$CC,$CC	# 4 2 3 2
+
+	addq	$A4,$CC,$CC	# 4 3 2 
+
+	stq	$L4,-8($16)	# 4 2 4
+
+	blt	$18,$143
+
+	ldq	$A1,0($17)	# 1 1
+
+	br	$142
+
+	.align 4
+$145:
+	ldq	$A1,0($17)	# 4 1
+	mulq	$A1,$19,$L1	# 4 2 1
+	subq	$18,1,$18
+	umulh	$A1,$19,$A1	# 4 2
+	addq	$L1,$CC,$L1	# 4 2 3 1
+	 addq	$16,8,$16
+	cmpult	$L1,$CC,$CC	# 4 2 3 2
+	 addq	$17,8,$17
+	addq	$A1,$CC,$CC	# 4 3 2 
+	stq	$L1,-8($16)	# 4 2 4
+
+	bgt	$18,$145
+	ret	$31,($26),1	# else exit
+
+	.align 4
+$143:
+	addq	$18,4,$18
+	bgt	$18,$145	# goto tail code
+	ret	$31,($26),1	# else exit
+
+	.end bn_mul_words
+	.align 3
+	.globl bn_sqr_words
+	.ent bn_sqr_words
+bn_sqr_words:
+bn_sqr_words..ng:
+	.frame $30,0,$26,0
+	.prologue 0
+
+	subq	$18,4,$18
+	blt	$18,$543	# if we are -1, -2, -3 or -4 goto tail code
+	ldq	$A1,0($17)	# 1 1
+	.align 3
+$542:
+	mulq	$A1,$A1,$L1		######
+	 ldq	$A2,8($17)	# 1 1
+	subq	$18,4
+ 	umulh	$A1,$A1,$R1		######
+	ldq	$A3,16($17)	# 1 1
+	mulq	$A2,$A2,$L2		######
+	ldq	$A4,24($17)	# 1 1
+	stq	$L1,0($16)	# r[0]
+ 	umulh	$A2,$A2,$R2		######
+	stq	$R1,8($16)	# r[1]
+	mulq	$A3,$A3,$L3		######
+	stq	$L2,16($16)	# r[0]
+ 	umulh	$A3,$A3,$R3		######
+	stq	$R2,24($16)	# r[1]
+	mulq	$A4,$A4,$L4		######
+	stq	$L3,32($16)	# r[0]
+ 	umulh	$A4,$A4,$R4		######
+	stq	$R3,40($16)	# r[1]
+
+ 	addq	$16,64,$16
+ 	addq	$17,32,$17
+	stq	$L4,-16($16)	# r[0]
+	stq	$R4,-8($16)	# r[1]
+
+	blt	$18,$543
+	ldq	$A1,0($17)	# 1 1
+ 	br 	$542
+
+$442:
+	ldq	$A1,0($17)   # a[0]
+	mulq	$A1,$A1,$L1  # a[0]*w low part       r2
+	addq	$16,16,$16
+	addq	$17,8,$17
+	subq	$18,1,$18
+        umulh	$A1,$A1,$R1  # a[0]*w high part       r3
+	stq	$L1,-16($16)   # r[0]
+        stq	$R1,-8($16)   # r[1]
+
+	bgt	$18,$442
+	ret	$31,($26),1	# else exit
+
+	.align 4
+$543:
+	addq	$18,4,$18
+	bgt	$18,$442	# goto tail code
+	ret	$31,($26),1	# else exit
+	.end bn_sqr_words
+
+	.align 3
+	.globl bn_add_words
+	.ent bn_add_words
+bn_add_words:
+bn_add_words..ng:
+	.frame $30,0,$26,0
+	.prologue 0
+
+	subq	$19,4,$19
+	bis	$31,$31,$CC	# carry = 0
+	blt	$19,$900
+	ldq	$L1,0($17)	# a[0]
+	ldq	$R1,0($18)	# b[1]
+	.align 3
+$901:
+	addq	$R1,$L1,$R1	# r=a+b;
+	 ldq	$L2,8($17)	# a[1]
+	cmpult	$R1,$L1,$O1	# did we overflow?
+	 ldq	$R2,8($18)	# b[1]
+	addq	$R1,$CC,$R1	# c+= overflow
+	 ldq	$L3,16($17)	# a[2]
+	cmpult	$R1,$CC,$CC	# overflow?
+	 ldq	$R3,16($18)	# b[2]
+	addq	$CC,$O1,$CC
+	 ldq	$L4,24($17)	# a[3]
+	addq	$R2,$L2,$R2	# r=a+b;
+	 ldq	$R4,24($18)	# b[3]
+	cmpult	$R2,$L2,$O2	# did we overflow?
+	 addq	$R3,$L3,$R3	# r=a+b;
+	addq	$R2,$CC,$R2	# c+= overflow
+	 cmpult	$R3,$L3,$O3	# did we overflow?
+	cmpult	$R2,$CC,$CC	# overflow?
+	 addq	$R4,$L4,$R4	# r=a+b;
+	addq	$CC,$O2,$CC
+	 cmpult	$R4,$L4,$O4	# did we overflow?
+	addq	$R3,$CC,$R3	# c+= overflow
+	 stq	$R1,0($16)	# r[0]=c
+	cmpult	$R3,$CC,$CC	# overflow?
+	 stq	$R2,8($16)	# r[1]=c
+	addq	$CC,$O3,$CC
+	 stq	$R3,16($16)	# r[2]=c
+	addq	$R4,$CC,$R4	# c+= overflow
+	 subq	$19,4,$19	# loop--
+	cmpult	$R4,$CC,$CC	# overflow?
+	 addq	$17,32,$17	# a++
+	addq	$CC,$O4,$CC
+	 stq	$R4,24($16)	# r[3]=c
+	addq	$18,32,$18	# b++
+	 addq	$16,32,$16	# r++
+
+	blt	$19,$900
+	 ldq	$L1,0($17)	# a[0]
+	ldq	$R1,0($18)	# b[1]
+	 br	$901
+	.align 4
+$945:
+	ldq	$L1,0($17)	# a[0]
+	 ldq	$R1,0($18)	# b[1]
+	addq	$R1,$L1,$R1	# r=a+b;
+	 subq	$19,1,$19	# loop--
+	addq	$R1,$CC,$R1	# c+= overflow
+	 addq	$17,8,$17	# a++
+	cmpult	$R1,$L1,$O1	# did we overflow?
+	 cmpult	$R1,$CC,$CC	# overflow?
+	addq	$18,8,$18	# b++
+	 stq	$R1,0($16)	# r[0]=c
+	addq	$CC,$O1,$CC
+	 addq	$16,8,$16	# r++
+
+	bgt	$19,$945
+	ret	$31,($26),1	# else exit
+
+$900:
+	addq	$19,4,$19
+	bgt	$19,$945	# goto tail code
+	ret	$31,($26),1	# else exit
+	.end bn_add_words
+
+	.align 3
+	.globl bn_sub_words
+	.ent bn_sub_words
+bn_sub_words:
+bn_sub_words..ng:
+	.frame $30,0,$26,0
+	.prologue 0
+
+	subq	$19,4,$19
+	bis	$31,$31,$CC	# carry = 0
+ br	$800
+	blt	$19,$800
+	ldq	$L1,0($17)	# a[0]
+	ldq	$R1,0($18)	# b[1]
+	.align 3
+$801:
+	addq	$R1,$L1,$R1	# r=a+b;
+	 ldq	$L2,8($17)	# a[1]
+	cmpult	$R1,$L1,$O1	# did we overflow?
+	 ldq	$R2,8($18)	# b[1]
+	addq	$R1,$CC,$R1	# c+= overflow
+	 ldq	$L3,16($17)	# a[2]
+	cmpult	$R1,$CC,$CC	# overflow?
+	 ldq	$R3,16($18)	# b[2]
+	addq	$CC,$O1,$CC
+	 ldq	$L4,24($17)	# a[3]
+	addq	$R2,$L2,$R2	# r=a+b;
+	 ldq	$R4,24($18)	# b[3]
+	cmpult	$R2,$L2,$O2	# did we overflow?
+	 addq	$R3,$L3,$R3	# r=a+b;
+	addq	$R2,$CC,$R2	# c+= overflow
+	 cmpult	$R3,$L3,$O3	# did we overflow?
+	cmpult	$R2,$CC,$CC	# overflow?
+	 addq	$R4,$L4,$R4	# r=a+b;
+	addq	$CC,$O2,$CC
+	 cmpult	$R4,$L4,$O4	# did we overflow?
+	addq	$R3,$CC,$R3	# c+= overflow
+	 stq	$R1,0($16)	# r[0]=c
+	cmpult	$R3,$CC,$CC	# overflow?
+	 stq	$R2,8($16)	# r[1]=c
+	addq	$CC,$O3,$CC
+	 stq	$R3,16($16)	# r[2]=c
+	addq	$R4,$CC,$R4	# c+= overflow
+	 subq	$19,4,$19	# loop--
+	cmpult	$R4,$CC,$CC	# overflow?
+	 addq	$17,32,$17	# a++
+	addq	$CC,$O4,$CC
+	 stq	$R4,24($16)	# r[3]=c
+	addq	$18,32,$18	# b++
+	 addq	$16,32,$16	# r++
+
+	blt	$19,$800
+	 ldq	$L1,0($17)	# a[0]
+	ldq	$R1,0($18)	# b[1]
+	 br	$801
+	.align 4
+$845:
+	ldq	$L1,0($17)	# a[0]
+	 ldq	$R1,0($18)	# b[1]
+	cmpult	$L1,$R1,$O1	# will we borrow?
+	 subq	$L1,$R1,$R1	# r=a-b;
+	subq	$19,1,$19	# loop--
+	 cmpult  $R1,$CC,$O2	# will we borrow?
+	subq	$R1,$CC,$R1	# c+= overflow
+	 addq	$17,8,$17	# a++
+	addq	$18,8,$18	# b++
+	 stq	$R1,0($16)	# r[0]=c
+	addq	$O2,$O1,$CC
+	 addq	$16,8,$16	# r++
+
+	bgt	$19,$845
+	ret	$31,($26),1	# else exit
+
+$800:
+	addq	$19,4,$19
+	bgt	$19,$845	# goto tail code
+	ret	$31,($26),1	# else exit
+	.end bn_sub_words
+
+ #
+ # What follows was taken directly from the C compiler with a few
+ # hacks to redo the lables.
+ #
+.text
+	.align 3
+	.globl bn_div_words
+	.ent bn_div_words
+bn_div_words:
+	ldgp $29,0($27)
+bn_div_words..ng:
+	lda $30,-48($30)
+	.frame $30,48,$26,0
+	stq $26,0($30)
+	stq $9,8($30)
+	stq $10,16($30)
+	stq $11,24($30)
+	stq $12,32($30)
+	stq $13,40($30)
+	.mask 0x4003e00,-48
+	.prologue 1
+	bis $16,$16,$9
+	bis $17,$17,$10
+	bis $18,$18,$11
+	bis $31,$31,$13
+	bis $31,2,$12
+	bne $11,$119
+	lda $0,-1
+	br $31,$136
+	.align 4
+$119:
+	bis $11,$11,$16
+	jsr $26,BN_num_bits_word
+	ldgp $29,0($26)
+	subq $0,64,$1
+	beq $1,$120
+	bis $31,1,$1
+	sll $1,$0,$1
+	cmpule $9,$1,$1
+	bne $1,$120
+ #	lda $16,_IO_stderr_
+ #	lda $17,$C32
+ #	bis $0,$0,$18
+ #	jsr $26,fprintf
+ #	ldgp $29,0($26)
+	jsr $26,abort
+	ldgp $29,0($26)
+	.align 4
+$120:
+	bis $31,64,$3
+	cmpult $9,$11,$2
+	subq $3,$0,$1
+	addl $1,$31,$0
+	subq $9,$11,$1
+	cmoveq $2,$1,$9
+	beq $0,$122
+	zapnot $0,15,$2
+	subq $3,$0,$1
+	sll $11,$2,$11
+	sll $9,$2,$3
+	srl $10,$1,$1
+	sll $10,$2,$10
+	bis $3,$1,$9
+$122:
+	srl $11,32,$5
+	zapnot $11,15,$6
+	lda $7,-1
+	.align 5
+$123:
+	srl $9,32,$1
+	subq $1,$5,$1
+	bne $1,$126
+	zapnot $7,15,$27
+	br $31,$127
+	.align 4
+$126:
+	bis $9,$9,$24
+	bis $5,$5,$25
+	divqu $24,$25,$27
+$127:
+	srl $10,32,$4
+	.align 5
+$128:
+	mulq $27,$5,$1
+	subq $9,$1,$3
+	zapnot $3,240,$1
+	bne $1,$129
+	mulq $6,$27,$2
+	sll $3,32,$1
+	addq $1,$4,$1
+	cmpule $2,$1,$2
+	bne $2,$129
+	subq $27,1,$27
+	br $31,$128
+	.align 4
+$129:
+	mulq $27,$6,$1
+	mulq $27,$5,$4
+	srl $1,32,$3
+	sll $1,32,$1
+	addq $4,$3,$4
+	cmpult $10,$1,$2
+	subq $10,$1,$10
+	addq $2,$4,$2
+	cmpult $9,$2,$1
+	bis $2,$2,$4
+	beq $1,$134
+	addq $9,$11,$9
+	subq $27,1,$27
+$134:
+	subl $12,1,$12
+	subq $9,$4,$9
+	beq $12,$124
+	sll $27,32,$13
+	sll $9,32,$2
+	srl $10,32,$1
+	sll $10,32,$10
+	bis $2,$1,$9
+	br $31,$123
+	.align 4
+$124:
+	bis $13,$27,$0
+$136:
+	ldq $26,0($30)
+	ldq $9,8($30)
+	ldq $10,16($30)
+	ldq $11,24($30)
+	ldq $12,32($30)
+	ldq $13,40($30)
+	addq $30,48,$30
+	ret $31,($26),1
+	.end bn_div_words
+EOF
+	return($data);
+	}
+
diff --git a/lib/libssl/src/crypto/bn/asm/bn-win32.asm b/lib/libssl/src/crypto/bn/asm/bn-win32.asm
index 017ea462b07..871bd88d77f 100644
--- a/lib/libssl/src/crypto/bn/asm/bn-win32.asm
+++ b/lib/libssl/src/crypto/bn/asm/bn-win32.asm
@@ -485,9 +485,9 @@ $L010sw_end:
 _bn_sqr_words ENDP
 _TEXT	ENDS
 _TEXT	SEGMENT
-PUBLIC	_bn_div64
+PUBLIC	_bn_div_words
 
-_bn_div64 PROC NEAR
+_bn_div_words PROC NEAR
 	push	ebp
 	push	ebx
 	push	esi
@@ -501,7 +501,7 @@ _bn_div64 PROC NEAR
 	pop	ebx
 	pop	ebp
 	ret
-_bn_div64 ENDP
+_bn_div_words ENDP
 _TEXT	ENDS
 _TEXT	SEGMENT
 PUBLIC	_bn_add_words
@@ -678,7 +678,6 @@ $L011aw_finish:
 	adc	eax,		0
 	mov	DWORD PTR 24[ebx],ecx
 $L013aw_end:
-	mov	eax,		eax
 	pop	edi
 	pop	esi
 	pop	ebx
@@ -686,4 +685,1438 @@ $L013aw_end:
 	ret
 _bn_add_words ENDP
 _TEXT	ENDS
+_TEXT	SEGMENT
+PUBLIC	_bn_sub_words
+
+_bn_sub_words PROC NEAR
+	push	ebp
+	push	ebx
+	push	esi
+	push	edi
+	; 
+	mov	ebx,		DWORD PTR 20[esp]
+	mov	esi,		DWORD PTR 24[esp]
+	mov	edi,		DWORD PTR 28[esp]
+	mov	ebp,		DWORD PTR 32[esp]
+	xor	eax,		eax
+	and	ebp,		4294967288
+	jz	$L014aw_finish
+L015aw_loop:
+	; Round 0
+	mov	ecx,		DWORD PTR [esi]
+	mov	edx,		DWORD PTR [edi]
+	sub	ecx,		eax
+	mov	eax,		0
+	adc	eax,		eax
+	sub	ecx,		edx
+	adc	eax,		0
+	mov	DWORD PTR [ebx],ecx
+	; Round 1
+	mov	ecx,		DWORD PTR 4[esi]
+	mov	edx,		DWORD PTR 4[edi]
+	sub	ecx,		eax
+	mov	eax,		0
+	adc	eax,		eax
+	sub	ecx,		edx
+	adc	eax,		0
+	mov	DWORD PTR 4[ebx],ecx
+	; Round 2
+	mov	ecx,		DWORD PTR 8[esi]
+	mov	edx,		DWORD PTR 8[edi]
+	sub	ecx,		eax
+	mov	eax,		0
+	adc	eax,		eax
+	sub	ecx,		edx
+	adc	eax,		0
+	mov	DWORD PTR 8[ebx],ecx
+	; Round 3
+	mov	ecx,		DWORD PTR 12[esi]
+	mov	edx,		DWORD PTR 12[edi]
+	sub	ecx,		eax
+	mov	eax,		0
+	adc	eax,		eax
+	sub	ecx,		edx
+	adc	eax,		0
+	mov	DWORD PTR 12[ebx],ecx
+	; Round 4
+	mov	ecx,		DWORD PTR 16[esi]
+	mov	edx,		DWORD PTR 16[edi]
+	sub	ecx,		eax
+	mov	eax,		0
+	adc	eax,		eax
+	sub	ecx,		edx
+	adc	eax,		0
+	mov	DWORD PTR 16[ebx],ecx
+	; Round 5
+	mov	ecx,		DWORD PTR 20[esi]
+	mov	edx,		DWORD PTR 20[edi]
+	sub	ecx,		eax
+	mov	eax,		0
+	adc	eax,		eax
+	sub	ecx,		edx
+	adc	eax,		0
+	mov	DWORD PTR 20[ebx],ecx
+	; Round 6
+	mov	ecx,		DWORD PTR 24[esi]
+	mov	edx,		DWORD PTR 24[edi]
+	sub	ecx,		eax
+	mov	eax,		0
+	adc	eax,		eax
+	sub	ecx,		edx
+	adc	eax,		0
+	mov	DWORD PTR 24[ebx],ecx
+	; Round 7
+	mov	ecx,		DWORD PTR 28[esi]
+	mov	edx,		DWORD PTR 28[edi]
+	sub	ecx,		eax
+	mov	eax,		0
+	adc	eax,		eax
+	sub	ecx,		edx
+	adc	eax,		0
+	mov	DWORD PTR 28[ebx],ecx
+	; 
+	add	esi,		32
+	add	edi,		32
+	add	ebx,		32
+	sub	ebp,		8
+	jnz	L015aw_loop
+$L014aw_finish:
+	mov	ebp,		DWORD PTR 32[esp]
+	and	ebp,		7
+	jz	$L016aw_end
+	; Tail Round 0
+	mov	ecx,		DWORD PTR [esi]
+	mov	edx,		DWORD PTR [edi]
+	sub	ecx,		eax
+	mov	eax,		0
+	adc	eax,		eax
+	sub	ecx,		edx
+	adc	eax,		0
+	dec	ebp
+	mov	DWORD PTR [ebx],ecx
+	jz	$L016aw_end
+	; Tail Round 1
+	mov	ecx,		DWORD PTR 4[esi]
+	mov	edx,		DWORD PTR 4[edi]
+	sub	ecx,		eax
+	mov	eax,		0
+	adc	eax,		eax
+	sub	ecx,		edx
+	adc	eax,		0
+	dec	ebp
+	mov	DWORD PTR 4[ebx],ecx
+	jz	$L016aw_end
+	; Tail Round 2
+	mov	ecx,		DWORD PTR 8[esi]
+	mov	edx,		DWORD PTR 8[edi]
+	sub	ecx,		eax
+	mov	eax,		0
+	adc	eax,		eax
+	sub	ecx,		edx
+	adc	eax,		0
+	dec	ebp
+	mov	DWORD PTR 8[ebx],ecx
+	jz	$L016aw_end
+	; Tail Round 3
+	mov	ecx,		DWORD PTR 12[esi]
+	mov	edx,		DWORD PTR 12[edi]
+	sub	ecx,		eax
+	mov	eax,		0
+	adc	eax,		eax
+	sub	ecx,		edx
+	adc	eax,		0
+	dec	ebp
+	mov	DWORD PTR 12[ebx],ecx
+	jz	$L016aw_end
+	; Tail Round 4
+	mov	ecx,		DWORD PTR 16[esi]
+	mov	edx,		DWORD PTR 16[edi]
+	sub	ecx,		eax
+	mov	eax,		0
+	adc	eax,		eax
+	sub	ecx,		edx
+	adc	eax,		0
+	dec	ebp
+	mov	DWORD PTR 16[ebx],ecx
+	jz	$L016aw_end
+	; Tail Round 5
+	mov	ecx,		DWORD PTR 20[esi]
+	mov	edx,		DWORD PTR 20[edi]
+	sub	ecx,		eax
+	mov	eax,		0
+	adc	eax,		eax
+	sub	ecx,		edx
+	adc	eax,		0
+	dec	ebp
+	mov	DWORD PTR 20[ebx],ecx
+	jz	$L016aw_end
+	; Tail Round 6
+	mov	ecx,		DWORD PTR 24[esi]
+	mov	edx,		DWORD PTR 24[edi]
+	sub	ecx,		eax
+	mov	eax,		0
+	adc	eax,		eax
+	sub	ecx,		edx
+	adc	eax,		0
+	mov	DWORD PTR 24[ebx],ecx
+$L016aw_end:
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
+_bn_sub_words ENDP
+_TEXT	ENDS
+_TEXT	SEGMENT
+PUBLIC	_bn_mul_comba8
+
+_bn_mul_comba8 PROC NEAR
+	push	esi
+	mov	esi,		DWORD PTR 12[esp]
+	push	edi
+	mov	edi,		DWORD PTR 20[esp]
+	push	ebp
+	push	ebx
+	xor	ebx,		ebx
+	mov	eax,		DWORD PTR [esi]
+	xor	ecx,		ecx
+	mov	edx,		DWORD PTR [edi]
+	; ################## Calculate word 0
+	xor	ebp,		ebp
+	; mul a[0]*b[0]
+	mul	edx
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 20[esp]
+	adc	ecx,		edx
+	mov	edx,		DWORD PTR [edi]
+	adc	ebp,		0
+	mov	DWORD PTR [eax],ebx
+	mov	eax,		DWORD PTR 4[esi]
+	; saved r[0]
+	; ################## Calculate word 1
+	xor	ebx,		ebx
+	; mul a[1]*b[0]
+	mul	edx
+	add	ecx,		eax
+	mov	eax,		DWORD PTR [esi]
+	adc	ebp,		edx
+	mov	edx,		DWORD PTR 4[edi]
+	adc	ebx,		0
+	; mul a[0]*b[1]
+	mul	edx
+	add	ecx,		eax
+	mov	eax,		DWORD PTR 20[esp]
+	adc	ebp,		edx
+	mov	edx,		DWORD PTR [edi]
+	adc	ebx,		0
+	mov	DWORD PTR 4[eax],ecx
+	mov	eax,		DWORD PTR 8[esi]
+	; saved r[1]
+	; ################## Calculate word 2
+	xor	ecx,		ecx
+	; mul a[2]*b[0]
+	mul	edx
+	add	ebp,		eax
+	mov	eax,		DWORD PTR 4[esi]
+	adc	ebx,		edx
+	mov	edx,		DWORD PTR 4[edi]
+	adc	ecx,		0
+	; mul a[1]*b[1]
+	mul	edx
+	add	ebp,		eax
+	mov	eax,		DWORD PTR [esi]
+	adc	ebx,		edx
+	mov	edx,		DWORD PTR 8[edi]
+	adc	ecx,		0
+	; mul a[0]*b[2]
+	mul	edx
+	add	ebp,		eax
+	mov	eax,		DWORD PTR 20[esp]
+	adc	ebx,		edx
+	mov	edx,		DWORD PTR [edi]
+	adc	ecx,		0
+	mov	DWORD PTR 8[eax],ebp
+	mov	eax,		DWORD PTR 12[esi]
+	; saved r[2]
+	; ################## Calculate word 3
+	xor	ebp,		ebp
+	; mul a[3]*b[0]
+	mul	edx
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 8[esi]
+	adc	ecx,		edx
+	mov	edx,		DWORD PTR 4[edi]
+	adc	ebp,		0
+	; mul a[2]*b[1]
+	mul	edx
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 4[esi]
+	adc	ecx,		edx
+	mov	edx,		DWORD PTR 8[edi]
+	adc	ebp,		0
+	; mul a[1]*b[2]
+	mul	edx
+	add	ebx,		eax
+	mov	eax,		DWORD PTR [esi]
+	adc	ecx,		edx
+	mov	edx,		DWORD PTR 12[edi]
+	adc	ebp,		0
+	; mul a[0]*b[3]
+	mul	edx
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 20[esp]
+	adc	ecx,		edx
+	mov	edx,		DWORD PTR [edi]
+	adc	ebp,		0
+	mov	DWORD PTR 12[eax],ebx
+	mov	eax,		DWORD PTR 16[esi]
+	; saved r[3]
+	; ################## Calculate word 4
+	xor	ebx,		ebx
+	; mul a[4]*b[0]
+	mul	edx
+	add	ecx,		eax
+	mov	eax,		DWORD PTR 12[esi]
+	adc	ebp,		edx
+	mov	edx,		DWORD PTR 4[edi]
+	adc	ebx,		0
+	; mul a[3]*b[1]
+	mul	edx
+	add	ecx,		eax
+	mov	eax,		DWORD PTR 8[esi]
+	adc	ebp,		edx
+	mov	edx,		DWORD PTR 8[edi]
+	adc	ebx,		0
+	; mul a[2]*b[2]
+	mul	edx
+	add	ecx,		eax
+	mov	eax,		DWORD PTR 4[esi]
+	adc	ebp,		edx
+	mov	edx,		DWORD PTR 12[edi]
+	adc	ebx,		0
+	; mul a[1]*b[3]
+	mul	edx
+	add	ecx,		eax
+	mov	eax,		DWORD PTR [esi]
+	adc	ebp,		edx
+	mov	edx,		DWORD PTR 16[edi]
+	adc	ebx,		0
+	; mul a[0]*b[4]
+	mul	edx
+	add	ecx,		eax
+	mov	eax,		DWORD PTR 20[esp]
+	adc	ebp,		edx
+	mov	edx,		DWORD PTR [edi]
+	adc	ebx,		0
+	mov	DWORD PTR 16[eax],ecx
+	mov	eax,		DWORD PTR 20[esi]
+	; saved r[4]
+	; ################## Calculate word 5
+	xor	ecx,		ecx
+	; mul a[5]*b[0]
+	mul	edx
+	add	ebp,		eax
+	mov	eax,		DWORD PTR 16[esi]
+	adc	ebx,		edx
+	mov	edx,		DWORD PTR 4[edi]
+	adc	ecx,		0
+	; mul a[4]*b[1]
+	mul	edx
+	add	ebp,		eax
+	mov	eax,		DWORD PTR 12[esi]
+	adc	ebx,		edx
+	mov	edx,		DWORD PTR 8[edi]
+	adc	ecx,		0
+	; mul a[3]*b[2]
+	mul	edx
+	add	ebp,		eax
+	mov	eax,		DWORD PTR 8[esi]
+	adc	ebx,		edx
+	mov	edx,		DWORD PTR 12[edi]
+	adc	ecx,		0
+	; mul a[2]*b[3]
+	mul	edx
+	add	ebp,		eax
+	mov	eax,		DWORD PTR 4[esi]
+	adc	ebx,		edx
+	mov	edx,		DWORD PTR 16[edi]
+	adc	ecx,		0
+	; mul a[1]*b[4]
+	mul	edx
+	add	ebp,		eax
+	mov	eax,		DWORD PTR [esi]
+	adc	ebx,		edx
+	mov	edx,		DWORD PTR 20[edi]
+	adc	ecx,		0
+	; mul a[0]*b[5]
+	mul	edx
+	add	ebp,		eax
+	mov	eax,		DWORD PTR 20[esp]
+	adc	ebx,		edx
+	mov	edx,		DWORD PTR [edi]
+	adc	ecx,		0
+	mov	DWORD PTR 20[eax],ebp
+	mov	eax,		DWORD PTR 24[esi]
+	; saved r[5]
+	; ################## Calculate word 6
+	xor	ebp,		ebp
+	; mul a[6]*b[0]
+	mul	edx
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 20[esi]
+	adc	ecx,		edx
+	mov	edx,		DWORD PTR 4[edi]
+	adc	ebp,		0
+	; mul a[5]*b[1]
+	mul	edx
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 16[esi]
+	adc	ecx,		edx
+	mov	edx,		DWORD PTR 8[edi]
+	adc	ebp,		0
+	; mul a[4]*b[2]
+	mul	edx
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 12[esi]
+	adc	ecx,		edx
+	mov	edx,		DWORD PTR 12[edi]
+	adc	ebp,		0
+	; mul a[3]*b[3]
+	mul	edx
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 8[esi]
+	adc	ecx,		edx
+	mov	edx,		DWORD PTR 16[edi]
+	adc	ebp,		0
+	; mul a[2]*b[4]
+	mul	edx
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 4[esi]
+	adc	ecx,		edx
+	mov	edx,		DWORD PTR 20[edi]
+	adc	ebp,		0
+	; mul a[1]*b[5]
+	mul	edx
+	add	ebx,		eax
+	mov	eax,		DWORD PTR [esi]
+	adc	ecx,		edx
+	mov	edx,		DWORD PTR 24[edi]
+	adc	ebp,		0
+	; mul a[0]*b[6]
+	mul	edx
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 20[esp]
+	adc	ecx,		edx
+	mov	edx,		DWORD PTR [edi]
+	adc	ebp,		0
+	mov	DWORD PTR 24[eax],ebx
+	mov	eax,		DWORD PTR 28[esi]
+	; saved r[6]
+	; ################## Calculate word 7
+	xor	ebx,		ebx
+	; mul a[7]*b[0]
+	mul	edx
+	add	ecx,		eax
+	mov	eax,		DWORD PTR 24[esi]
+	adc	ebp,		edx
+	mov	edx,		DWORD PTR 4[edi]
+	adc	ebx,		0
+	; mul a[6]*b[1]
+	mul	edx
+	add	ecx,		eax
+	mov	eax,		DWORD PTR 20[esi]
+	adc	ebp,		edx
+	mov	edx,		DWORD PTR 8[edi]
+	adc	ebx,		0
+	; mul a[5]*b[2]
+	mul	edx
+	add	ecx,		eax
+	mov	eax,		DWORD PTR 16[esi]
+	adc	ebp,		edx
+	mov	edx,		DWORD PTR 12[edi]
+	adc	ebx,		0
+	; mul a[4]*b[3]
+	mul	edx
+	add	ecx,		eax
+	mov	eax,		DWORD PTR 12[esi]
+	adc	ebp,		edx
+	mov	edx,		DWORD PTR 16[edi]
+	adc	ebx,		0
+	; mul a[3]*b[4]
+	mul	edx
+	add	ecx,		eax
+	mov	eax,		DWORD PTR 8[esi]
+	adc	ebp,		edx
+	mov	edx,		DWORD PTR 20[edi]
+	adc	ebx,		0
+	; mul a[2]*b[5]
+	mul	edx
+	add	ecx,		eax
+	mov	eax,		DWORD PTR 4[esi]
+	adc	ebp,		edx
+	mov	edx,		DWORD PTR 24[edi]
+	adc	ebx,		0
+	; mul a[1]*b[6]
+	mul	edx
+	add	ecx,		eax
+	mov	eax,		DWORD PTR [esi]
+	adc	ebp,		edx
+	mov	edx,		DWORD PTR 28[edi]
+	adc	ebx,		0
+	; mul a[0]*b[7]
+	mul	edx
+	add	ecx,		eax
+	mov	eax,		DWORD PTR 20[esp]
+	adc	ebp,		edx
+	mov	edx,		DWORD PTR 4[edi]
+	adc	ebx,		0
+	mov	DWORD PTR 28[eax],ecx
+	mov	eax,		DWORD PTR 28[esi]
+	; saved r[7]
+	; ################## Calculate word 8
+	xor	ecx,		ecx
+	; mul a[7]*b[1]
+	mul	edx
+	add	ebp,		eax
+	mov	eax,		DWORD PTR 24[esi]
+	adc	ebx,		edx
+	mov	edx,		DWORD PTR 8[edi]
+	adc	ecx,		0
+	; mul a[6]*b[2]
+	mul	edx
+	add	ebp,		eax
+	mov	eax,		DWORD PTR 20[esi]
+	adc	ebx,		edx
+	mov	edx,		DWORD PTR 12[edi]
+	adc	ecx,		0
+	; mul a[5]*b[3]
+	mul	edx
+	add	ebp,		eax
+	mov	eax,		DWORD PTR 16[esi]
+	adc	ebx,		edx
+	mov	edx,		DWORD PTR 16[edi]
+	adc	ecx,		0
+	; mul a[4]*b[4]
+	mul	edx
+	add	ebp,		eax
+	mov	eax,		DWORD PTR 12[esi]
+	adc	ebx,		edx
+	mov	edx,		DWORD PTR 20[edi]
+	adc	ecx,		0
+	; mul a[3]*b[5]
+	mul	edx
+	add	ebp,		eax
+	mov	eax,		DWORD PTR 8[esi]
+	adc	ebx,		edx
+	mov	edx,		DWORD PTR 24[edi]
+	adc	ecx,		0
+	; mul a[2]*b[6]
+	mul	edx
+	add	ebp,		eax
+	mov	eax,		DWORD PTR 4[esi]
+	adc	ebx,		edx
+	mov	edx,		DWORD PTR 28[edi]
+	adc	ecx,		0
+	; mul a[1]*b[7]
+	mul	edx
+	add	ebp,		eax
+	mov	eax,		DWORD PTR 20[esp]
+	adc	ebx,		edx
+	mov	edx,		DWORD PTR 8[edi]
+	adc	ecx,		0
+	mov	DWORD PTR 32[eax],ebp
+	mov	eax,		DWORD PTR 28[esi]
+	; saved r[8]
+	; ################## Calculate word 9
+	xor	ebp,		ebp
+	; mul a[7]*b[2]
+	mul	edx
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 24[esi]
+	adc	ecx,		edx
+	mov	edx,		DWORD PTR 12[edi]
+	adc	ebp,		0
+	; mul a[6]*b[3]
+	mul	edx
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 20[esi]
+	adc	ecx,		edx
+	mov	edx,		DWORD PTR 16[edi]
+	adc	ebp,		0
+	; mul a[5]*b[4]
+	mul	edx
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 16[esi]
+	adc	ecx,		edx
+	mov	edx,		DWORD PTR 20[edi]
+	adc	ebp,		0
+	; mul a[4]*b[5]
+	mul	edx
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 12[esi]
+	adc	ecx,		edx
+	mov	edx,		DWORD PTR 24[edi]
+	adc	ebp,		0
+	; mul a[3]*b[6]
+	mul	edx
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 8[esi]
+	adc	ecx,		edx
+	mov	edx,		DWORD PTR 28[edi]
+	adc	ebp,		0
+	; mul a[2]*b[7]
+	mul	edx
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 20[esp]
+	adc	ecx,		edx
+	mov	edx,		DWORD PTR 12[edi]
+	adc	ebp,		0
+	mov	DWORD PTR 36[eax],ebx
+	mov	eax,		DWORD PTR 28[esi]
+	; saved r[9]
+	; ################## Calculate word 10
+	xor	ebx,		ebx
+	; mul a[7]*b[3]
+	mul	edx
+	add	ecx,		eax
+	mov	eax,		DWORD PTR 24[esi]
+	adc	ebp,		edx
+	mov	edx,		DWORD PTR 16[edi]
+	adc	ebx,		0
+	; mul a[6]*b[4]
+	mul	edx
+	add	ecx,		eax
+	mov	eax,		DWORD PTR 20[esi]
+	adc	ebp,		edx
+	mov	edx,		DWORD PTR 20[edi]
+	adc	ebx,		0
+	; mul a[5]*b[5]
+	mul	edx
+	add	ecx,		eax
+	mov	eax,		DWORD PTR 16[esi]
+	adc	ebp,		edx
+	mov	edx,		DWORD PTR 24[edi]
+	adc	ebx,		0
+	; mul a[4]*b[6]
+	mul	edx
+	add	ecx,		eax
+	mov	eax,		DWORD PTR 12[esi]
+	adc	ebp,		edx
+	mov	edx,		DWORD PTR 28[edi]
+	adc	ebx,		0
+	; mul a[3]*b[7]
+	mul	edx
+	add	ecx,		eax
+	mov	eax,		DWORD PTR 20[esp]
+	adc	ebp,		edx
+	mov	edx,		DWORD PTR 16[edi]
+	adc	ebx,		0
+	mov	DWORD PTR 40[eax],ecx
+	mov	eax,		DWORD PTR 28[esi]
+	; saved r[10]
+	; ################## Calculate word 11
+	xor	ecx,		ecx
+	; mul a[7]*b[4]
+	mul	edx
+	add	ebp,		eax
+	mov	eax,		DWORD PTR 24[esi]
+	adc	ebx,		edx
+	mov	edx,		DWORD PTR 20[edi]
+	adc	ecx,		0
+	; mul a[6]*b[5]
+	mul	edx
+	add	ebp,		eax
+	mov	eax,		DWORD PTR 20[esi]
+	adc	ebx,		edx
+	mov	edx,		DWORD PTR 24[edi]
+	adc	ecx,		0
+	; mul a[5]*b[6]
+	mul	edx
+	add	ebp,		eax
+	mov	eax,		DWORD PTR 16[esi]
+	adc	ebx,		edx
+	mov	edx,		DWORD PTR 28[edi]
+	adc	ecx,		0
+	; mul a[4]*b[7]
+	mul	edx
+	add	ebp,		eax
+	mov	eax,		DWORD PTR 20[esp]
+	adc	ebx,		edx
+	mov	edx,		DWORD PTR 20[edi]
+	adc	ecx,		0
+	mov	DWORD PTR 44[eax],ebp
+	mov	eax,		DWORD PTR 28[esi]
+	; saved r[11]
+	; ################## Calculate word 12
+	xor	ebp,		ebp
+	; mul a[7]*b[5]
+	mul	edx
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 24[esi]
+	adc	ecx,		edx
+	mov	edx,		DWORD PTR 24[edi]
+	adc	ebp,		0
+	; mul a[6]*b[6]
+	mul	edx
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 20[esi]
+	adc	ecx,		edx
+	mov	edx,		DWORD PTR 28[edi]
+	adc	ebp,		0
+	; mul a[5]*b[7]
+	mul	edx
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 20[esp]
+	adc	ecx,		edx
+	mov	edx,		DWORD PTR 24[edi]
+	adc	ebp,		0
+	mov	DWORD PTR 48[eax],ebx
+	mov	eax,		DWORD PTR 28[esi]
+	; saved r[12]
+	; ################## Calculate word 13
+	xor	ebx,		ebx
+	; mul a[7]*b[6]
+	mul	edx
+	add	ecx,		eax
+	mov	eax,		DWORD PTR 24[esi]
+	adc	ebp,		edx
+	mov	edx,		DWORD PTR 28[edi]
+	adc	ebx,		0
+	; mul a[6]*b[7]
+	mul	edx
+	add	ecx,		eax
+	mov	eax,		DWORD PTR 20[esp]
+	adc	ebp,		edx
+	mov	edx,		DWORD PTR 28[edi]
+	adc	ebx,		0
+	mov	DWORD PTR 52[eax],ecx
+	mov	eax,		DWORD PTR 28[esi]
+	; saved r[13]
+	; ################## Calculate word 14
+	xor	ecx,		ecx
+	; mul a[7]*b[7]
+	mul	edx
+	add	ebp,		eax
+	mov	eax,		DWORD PTR 20[esp]
+	adc	ebx,		edx
+	adc	ecx,		0
+	mov	DWORD PTR 56[eax],ebp
+	; saved r[14]
+	; save r[15]
+	mov	DWORD PTR 60[eax],ebx
+	pop	ebx
+	pop	ebp
+	pop	edi
+	pop	esi
+	ret
+_bn_mul_comba8 ENDP
+_TEXT	ENDS
+_TEXT	SEGMENT
+PUBLIC	_bn_mul_comba4
+
+_bn_mul_comba4 PROC NEAR
+	push	esi
+	mov	esi,		DWORD PTR 12[esp]
+	push	edi
+	mov	edi,		DWORD PTR 20[esp]
+	push	ebp
+	push	ebx
+	xor	ebx,		ebx
+	mov	eax,		DWORD PTR [esi]
+	xor	ecx,		ecx
+	mov	edx,		DWORD PTR [edi]
+	; ################## Calculate word 0
+	xor	ebp,		ebp
+	; mul a[0]*b[0]
+	mul	edx
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 20[esp]
+	adc	ecx,		edx
+	mov	edx,		DWORD PTR [edi]
+	adc	ebp,		0
+	mov	DWORD PTR [eax],ebx
+	mov	eax,		DWORD PTR 4[esi]
+	; saved r[0]
+	; ################## Calculate word 1
+	xor	ebx,		ebx
+	; mul a[1]*b[0]
+	mul	edx
+	add	ecx,		eax
+	mov	eax,		DWORD PTR [esi]
+	adc	ebp,		edx
+	mov	edx,		DWORD PTR 4[edi]
+	adc	ebx,		0
+	; mul a[0]*b[1]
+	mul	edx
+	add	ecx,		eax
+	mov	eax,		DWORD PTR 20[esp]
+	adc	ebp,		edx
+	mov	edx,		DWORD PTR [edi]
+	adc	ebx,		0
+	mov	DWORD PTR 4[eax],ecx
+	mov	eax,		DWORD PTR 8[esi]
+	; saved r[1]
+	; ################## Calculate word 2
+	xor	ecx,		ecx
+	; mul a[2]*b[0]
+	mul	edx
+	add	ebp,		eax
+	mov	eax,		DWORD PTR 4[esi]
+	adc	ebx,		edx
+	mov	edx,		DWORD PTR 4[edi]
+	adc	ecx,		0
+	; mul a[1]*b[1]
+	mul	edx
+	add	ebp,		eax
+	mov	eax,		DWORD PTR [esi]
+	adc	ebx,		edx
+	mov	edx,		DWORD PTR 8[edi]
+	adc	ecx,		0
+	; mul a[0]*b[2]
+	mul	edx
+	add	ebp,		eax
+	mov	eax,		DWORD PTR 20[esp]
+	adc	ebx,		edx
+	mov	edx,		DWORD PTR [edi]
+	adc	ecx,		0
+	mov	DWORD PTR 8[eax],ebp
+	mov	eax,		DWORD PTR 12[esi]
+	; saved r[2]
+	; ################## Calculate word 3
+	xor	ebp,		ebp
+	; mul a[3]*b[0]
+	mul	edx
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 8[esi]
+	adc	ecx,		edx
+	mov	edx,		DWORD PTR 4[edi]
+	adc	ebp,		0
+	; mul a[2]*b[1]
+	mul	edx
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 4[esi]
+	adc	ecx,		edx
+	mov	edx,		DWORD PTR 8[edi]
+	adc	ebp,		0
+	; mul a[1]*b[2]
+	mul	edx
+	add	ebx,		eax
+	mov	eax,		DWORD PTR [esi]
+	adc	ecx,		edx
+	mov	edx,		DWORD PTR 12[edi]
+	adc	ebp,		0
+	; mul a[0]*b[3]
+	mul	edx
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 20[esp]
+	adc	ecx,		edx
+	mov	edx,		DWORD PTR 4[edi]
+	adc	ebp,		0
+	mov	DWORD PTR 12[eax],ebx
+	mov	eax,		DWORD PTR 12[esi]
+	; saved r[3]
+	; ################## Calculate word 4
+	xor	ebx,		ebx
+	; mul a[3]*b[1]
+	mul	edx
+	add	ecx,		eax
+	mov	eax,		DWORD PTR 8[esi]
+	adc	ebp,		edx
+	mov	edx,		DWORD PTR 8[edi]
+	adc	ebx,		0
+	; mul a[2]*b[2]
+	mul	edx
+	add	ecx,		eax
+	mov	eax,		DWORD PTR 4[esi]
+	adc	ebp,		edx
+	mov	edx,		DWORD PTR 12[edi]
+	adc	ebx,		0
+	; mul a[1]*b[3]
+	mul	edx
+	add	ecx,		eax
+	mov	eax,		DWORD PTR 20[esp]
+	adc	ebp,		edx
+	mov	edx,		DWORD PTR 8[edi]
+	adc	ebx,		0
+	mov	DWORD PTR 16[eax],ecx
+	mov	eax,		DWORD PTR 12[esi]
+	; saved r[4]
+	; ################## Calculate word 5
+	xor	ecx,		ecx
+	; mul a[3]*b[2]
+	mul	edx
+	add	ebp,		eax
+	mov	eax,		DWORD PTR 8[esi]
+	adc	ebx,		edx
+	mov	edx,		DWORD PTR 12[edi]
+	adc	ecx,		0
+	; mul a[2]*b[3]
+	mul	edx
+	add	ebp,		eax
+	mov	eax,		DWORD PTR 20[esp]
+	adc	ebx,		edx
+	mov	edx,		DWORD PTR 12[edi]
+	adc	ecx,		0
+	mov	DWORD PTR 20[eax],ebp
+	mov	eax,		DWORD PTR 12[esi]
+	; saved r[5]
+	; ################## Calculate word 6
+	xor	ebp,		ebp
+	; mul a[3]*b[3]
+	mul	edx
+	add	ebx,		eax
+	mov	eax,		DWORD PTR 20[esp]
+	adc	ecx,		edx
+	adc	ebp,		0
+	mov	DWORD PTR 24[eax],ebx
+	; saved r[6]
+	; save r[7]
+	mov	DWORD PTR 28[eax],ecx
+	pop	ebx
+	pop	ebp
+	pop	edi
+	pop	esi
+	ret
+_bn_mul_comba4 ENDP
+_TEXT	ENDS
+_TEXT	SEGMENT
+PUBLIC	_bn_sqr_comba8
+
+_bn_sqr_comba8 PROC NEAR
+	push	esi
+	push	edi
+	push	ebp
+	push	ebx
+	mov	edi,		DWORD PTR 20[esp]
+	mov	esi,		DWORD PTR 24[esp]
+	xor	ebx,		ebx
+	xor	ecx,		ecx
+	mov	eax,		DWORD PTR [esi]
+	; ############### Calculate word 0
+	xor	ebp,		ebp
+	; sqr a[0]*a[0]
+	mul	eax
+	add	ebx,		eax
+	adc	ecx,		edx
+	mov	edx,		DWORD PTR [esi]
+	adc	ebp,		0
+	mov	DWORD PTR [edi],ebx
+	mov	eax,		DWORD PTR 4[esi]
+	; saved r[0]
+	; ############### Calculate word 1
+	xor	ebx,		ebx
+	; sqr a[1]*a[0]
+	mul	edx
+	add	eax,		eax
+	adc	edx,		edx
+	adc	ebx,		0
+	add	ecx,		eax
+	adc	ebp,		edx
+	mov	eax,		DWORD PTR 8[esi]
+	adc	ebx,		0
+	mov	DWORD PTR 4[edi],ecx
+	mov	edx,		DWORD PTR [esi]
+	; saved r[1]
+	; ############### Calculate word 2
+	xor	ecx,		ecx
+	; sqr a[2]*a[0]
+	mul	edx
+	add	eax,		eax
+	adc	edx,		edx
+	adc	ecx,		0
+	add	ebp,		eax
+	adc	ebx,		edx
+	mov	eax,		DWORD PTR 4[esi]
+	adc	ecx,		0
+	; sqr a[1]*a[1]
+	mul	eax
+	add	ebp,		eax
+	adc	ebx,		edx
+	mov	edx,		DWORD PTR [esi]
+	adc	ecx,		0
+	mov	DWORD PTR 8[edi],ebp
+	mov	eax,		DWORD PTR 12[esi]
+	; saved r[2]
+	; ############### Calculate word 3
+	xor	ebp,		ebp
+	; sqr a[3]*a[0]
+	mul	edx
+	add	eax,		eax
+	adc	edx,		edx
+	adc	ebp,		0
+	add	ebx,		eax
+	adc	ecx,		edx
+	mov	eax,		DWORD PTR 8[esi]
+	adc	ebp,		0
+	mov	edx,		DWORD PTR 4[esi]
+	; sqr a[2]*a[1]
+	mul	edx
+	add	eax,		eax
+	adc	edx,		edx
+	adc	ebp,		0
+	add	ebx,		eax
+	adc	ecx,		edx
+	mov	eax,		DWORD PTR 16[esi]
+	adc	ebp,		0
+	mov	DWORD PTR 12[edi],ebx
+	mov	edx,		DWORD PTR [esi]
+	; saved r[3]
+	; ############### Calculate word 4
+	xor	ebx,		ebx
+	; sqr a[4]*a[0]
+	mul	edx
+	add	eax,		eax
+	adc	edx,		edx
+	adc	ebx,		0
+	add	ecx,		eax
+	adc	ebp,		edx
+	mov	eax,		DWORD PTR 12[esi]
+	adc	ebx,		0
+	mov	edx,		DWORD PTR 4[esi]
+	; sqr a[3]*a[1]
+	mul	edx
+	add	eax,		eax
+	adc	edx,		edx
+	adc	ebx,		0
+	add	ecx,		eax
+	adc	ebp,		edx
+	mov	eax,		DWORD PTR 8[esi]
+	adc	ebx,		0
+	; sqr a[2]*a[2]
+	mul	eax
+	add	ecx,		eax
+	adc	ebp,		edx
+	mov	edx,		DWORD PTR [esi]
+	adc	ebx,		0
+	mov	DWORD PTR 16[edi],ecx
+	mov	eax,		DWORD PTR 20[esi]
+	; saved r[4]
+	; ############### Calculate word 5
+	xor	ecx,		ecx
+	; sqr a[5]*a[0]
+	mul	edx
+	add	eax,		eax
+	adc	edx,		edx
+	adc	ecx,		0
+	add	ebp,		eax
+	adc	ebx,		edx
+	mov	eax,		DWORD PTR 16[esi]
+	adc	ecx,		0
+	mov	edx,		DWORD PTR 4[esi]
+	; sqr a[4]*a[1]
+	mul	edx
+	add	eax,		eax
+	adc	edx,		edx
+	adc	ecx,		0
+	add	ebp,		eax
+	adc	ebx,		edx
+	mov	eax,		DWORD PTR 12[esi]
+	adc	ecx,		0
+	mov	edx,		DWORD PTR 8[esi]
+	; sqr a[3]*a[2]
+	mul	edx
+	add	eax,		eax
+	adc	edx,		edx
+	adc	ecx,		0
+	add	ebp,		eax
+	adc	ebx,		edx
+	mov	eax,		DWORD PTR 24[esi]
+	adc	ecx,		0
+	mov	DWORD PTR 20[edi],ebp
+	mov	edx,		DWORD PTR [esi]
+	; saved r[5]
+	; ############### Calculate word 6
+	xor	ebp,		ebp
+	; sqr a[6]*a[0]
+	mul	edx
+	add	eax,		eax
+	adc	edx,		edx
+	adc	ebp,		0
+	add	ebx,		eax
+	adc	ecx,		edx
+	mov	eax,		DWORD PTR 20[esi]
+	adc	ebp,		0
+	mov	edx,		DWORD PTR 4[esi]
+	; sqr a[5]*a[1]
+	mul	edx
+	add	eax,		eax
+	adc	edx,		edx
+	adc	ebp,		0
+	add	ebx,		eax
+	adc	ecx,		edx
+	mov	eax,		DWORD PTR 16[esi]
+	adc	ebp,		0
+	mov	edx,		DWORD PTR 8[esi]
+	; sqr a[4]*a[2]
+	mul	edx
+	add	eax,		eax
+	adc	edx,		edx
+	adc	ebp,		0
+	add	ebx,		eax
+	adc	ecx,		edx
+	mov	eax,		DWORD PTR 12[esi]
+	adc	ebp,		0
+	; sqr a[3]*a[3]
+	mul	eax
+	add	ebx,		eax
+	adc	ecx,		edx
+	mov	edx,		DWORD PTR [esi]
+	adc	ebp,		0
+	mov	DWORD PTR 24[edi],ebx
+	mov	eax,		DWORD PTR 28[esi]
+	; saved r[6]
+	; ############### Calculate word 7
+	xor	ebx,		ebx
+	; sqr a[7]*a[0]
+	mul	edx
+	add	eax,		eax
+	adc	edx,		edx
+	adc	ebx,		0
+	add	ecx,		eax
+	adc	ebp,		edx
+	mov	eax,		DWORD PTR 24[esi]
+	adc	ebx,		0
+	mov	edx,		DWORD PTR 4[esi]
+	; sqr a[6]*a[1]
+	mul	edx
+	add	eax,		eax
+	adc	edx,		edx
+	adc	ebx,		0
+	add	ecx,		eax
+	adc	ebp,		edx
+	mov	eax,		DWORD PTR 20[esi]
+	adc	ebx,		0
+	mov	edx,		DWORD PTR 8[esi]
+	; sqr a[5]*a[2]
+	mul	edx
+	add	eax,		eax
+	adc	edx,		edx
+	adc	ebx,		0
+	add	ecx,		eax
+	adc	ebp,		edx
+	mov	eax,		DWORD PTR 16[esi]
+	adc	ebx,		0
+	mov	edx,		DWORD PTR 12[esi]
+	; sqr a[4]*a[3]
+	mul	edx
+	add	eax,		eax
+	adc	edx,		edx
+	adc	ebx,		0
+	add	ecx,		eax
+	adc	ebp,		edx
+	mov	eax,		DWORD PTR 28[esi]
+	adc	ebx,		0
+	mov	DWORD PTR 28[edi],ecx
+	mov	edx,		DWORD PTR 4[esi]
+	; saved r[7]
+	; ############### Calculate word 8
+	xor	ecx,		ecx
+	; sqr a[7]*a[1]
+	mul	edx
+	add	eax,		eax
+	adc	edx,		edx
+	adc	ecx,		0
+	add	ebp,		eax
+	adc	ebx,		edx
+	mov	eax,		DWORD PTR 24[esi]
+	adc	ecx,		0
+	mov	edx,		DWORD PTR 8[esi]
+	; sqr a[6]*a[2]
+	mul	edx
+	add	eax,		eax
+	adc	edx,		edx
+	adc	ecx,		0
+	add	ebp,		eax
+	adc	ebx,		edx
+	mov	eax,		DWORD PTR 20[esi]
+	adc	ecx,		0
+	mov	edx,		DWORD PTR 12[esi]
+	; sqr a[5]*a[3]
+	mul	edx
+	add	eax,		eax
+	adc	edx,		edx
+	adc	ecx,		0
+	add	ebp,		eax
+	adc	ebx,		edx
+	mov	eax,		DWORD PTR 16[esi]
+	adc	ecx,		0
+	; sqr a[4]*a[4]
+	mul	eax
+	add	ebp,		eax
+	adc	ebx,		edx
+	mov	edx,		DWORD PTR 8[esi]
+	adc	ecx,		0
+	mov	DWORD PTR 32[edi],ebp
+	mov	eax,		DWORD PTR 28[esi]
+	; saved r[8]
+	; ############### Calculate word 9
+	xor	ebp,		ebp
+	; sqr a[7]*a[2]
+	mul	edx
+	add	eax,		eax
+	adc	edx,		edx
+	adc	ebp,		0
+	add	ebx,		eax
+	adc	ecx,		edx
+	mov	eax,		DWORD PTR 24[esi]
+	adc	ebp,		0
+	mov	edx,		DWORD PTR 12[esi]
+	; sqr a[6]*a[3]
+	mul	edx
+	add	eax,		eax
+	adc	edx,		edx
+	adc	ebp,		0
+	add	ebx,		eax
+	adc	ecx,		edx
+	mov	eax,		DWORD PTR 20[esi]
+	adc	ebp,		0
+	mov	edx,		DWORD PTR 16[esi]
+	; sqr a[5]*a[4]
+	mul	edx
+	add	eax,		eax
+	adc	edx,		edx
+	adc	ebp,		0
+	add	ebx,		eax
+	adc	ecx,		edx
+	mov	eax,		DWORD PTR 28[esi]
+	adc	ebp,		0
+	mov	DWORD PTR 36[edi],ebx
+	mov	edx,		DWORD PTR 12[esi]
+	; saved r[9]
+	; ############### Calculate word 10
+	xor	ebx,		ebx
+	; sqr a[7]*a[3]
+	mul	edx
+	add	eax,		eax
+	adc	edx,		edx
+	adc	ebx,		0
+	add	ecx,		eax
+	adc	ebp,		edx
+	mov	eax,		DWORD PTR 24[esi]
+	adc	ebx,		0
+	mov	edx,		DWORD PTR 16[esi]
+	; sqr a[6]*a[4]
+	mul	edx
+	add	eax,		eax
+	adc	edx,		edx
+	adc	ebx,		0
+	add	ecx,		eax
+	adc	ebp,		edx
+	mov	eax,		DWORD PTR 20[esi]
+	adc	ebx,		0
+	; sqr a[5]*a[5]
+	mul	eax
+	add	ecx,		eax
+	adc	ebp,		edx
+	mov	edx,		DWORD PTR 16[esi]
+	adc	ebx,		0
+	mov	DWORD PTR 40[edi],ecx
+	mov	eax,		DWORD PTR 28[esi]
+	; saved r[10]
+	; ############### Calculate word 11
+	xor	ecx,		ecx
+	; sqr a[7]*a[4]
+	mul	edx
+	add	eax,		eax
+	adc	edx,		edx
+	adc	ecx,		0
+	add	ebp,		eax
+	adc	ebx,		edx
+	mov	eax,		DWORD PTR 24[esi]
+	adc	ecx,		0
+	mov	edx,		DWORD PTR 20[esi]
+	; sqr a[6]*a[5]
+	mul	edx
+	add	eax,		eax
+	adc	edx,		edx
+	adc	ecx,		0
+	add	ebp,		eax
+	adc	ebx,		edx
+	mov	eax,		DWORD PTR 28[esi]
+	adc	ecx,		0
+	mov	DWORD PTR 44[edi],ebp
+	mov	edx,		DWORD PTR 20[esi]
+	; saved r[11]
+	; ############### Calculate word 12
+	xor	ebp,		ebp
+	; sqr a[7]*a[5]
+	mul	edx
+	add	eax,		eax
+	adc	edx,		edx
+	adc	ebp,		0
+	add	ebx,		eax
+	adc	ecx,		edx
+	mov	eax,		DWORD PTR 24[esi]
+	adc	ebp,		0
+	; sqr a[6]*a[6]
+	mul	eax
+	add	ebx,		eax
+	adc	ecx,		edx
+	mov	edx,		DWORD PTR 24[esi]
+	adc	ebp,		0
+	mov	DWORD PTR 48[edi],ebx
+	mov	eax,		DWORD PTR 28[esi]
+	; saved r[12]
+	; ############### Calculate word 13
+	xor	ebx,		ebx
+	; sqr a[7]*a[6]
+	mul	edx
+	add	eax,		eax
+	adc	edx,		edx
+	adc	ebx,		0
+	add	ecx,		eax
+	adc	ebp,		edx
+	mov	eax,		DWORD PTR 28[esi]
+	adc	ebx,		0
+	mov	DWORD PTR 52[edi],ecx
+	; saved r[13]
+	; ############### Calculate word 14
+	xor	ecx,		ecx
+	; sqr a[7]*a[7]
+	mul	eax
+	add	ebp,		eax
+	adc	ebx,		edx
+	adc	ecx,		0
+	mov	DWORD PTR 56[edi],ebp
+	; saved r[14]
+	mov	DWORD PTR 60[edi],ebx
+	pop	ebx
+	pop	ebp
+	pop	edi
+	pop	esi
+	ret
+_bn_sqr_comba8 ENDP
+_TEXT	ENDS
+_TEXT	SEGMENT
+PUBLIC	_bn_sqr_comba4
+
+_bn_sqr_comba4 PROC NEAR
+	push	esi
+	push	edi
+	push	ebp
+	push	ebx
+	mov	edi,		DWORD PTR 20[esp]
+	mov	esi,		DWORD PTR 24[esp]
+	xor	ebx,		ebx
+	xor	ecx,		ecx
+	mov	eax,		DWORD PTR [esi]
+	; ############### Calculate word 0
+	xor	ebp,		ebp
+	; sqr a[0]*a[0]
+	mul	eax
+	add	ebx,		eax
+	adc	ecx,		edx
+	mov	edx,		DWORD PTR [esi]
+	adc	ebp,		0
+	mov	DWORD PTR [edi],ebx
+	mov	eax,		DWORD PTR 4[esi]
+	; saved r[0]
+	; ############### Calculate word 1
+	xor	ebx,		ebx
+	; sqr a[1]*a[0]
+	mul	edx
+	add	eax,		eax
+	adc	edx,		edx
+	adc	ebx,		0
+	add	ecx,		eax
+	adc	ebp,		edx
+	mov	eax,		DWORD PTR 8[esi]
+	adc	ebx,		0
+	mov	DWORD PTR 4[edi],ecx
+	mov	edx,		DWORD PTR [esi]
+	; saved r[1]
+	; ############### Calculate word 2
+	xor	ecx,		ecx
+	; sqr a[2]*a[0]
+	mul	edx
+	add	eax,		eax
+	adc	edx,		edx
+	adc	ecx,		0
+	add	ebp,		eax
+	adc	ebx,		edx
+	mov	eax,		DWORD PTR 4[esi]
+	adc	ecx,		0
+	; sqr a[1]*a[1]
+	mul	eax
+	add	ebp,		eax
+	adc	ebx,		edx
+	mov	edx,		DWORD PTR [esi]
+	adc	ecx,		0
+	mov	DWORD PTR 8[edi],ebp
+	mov	eax,		DWORD PTR 12[esi]
+	; saved r[2]
+	; ############### Calculate word 3
+	xor	ebp,		ebp
+	; sqr a[3]*a[0]
+	mul	edx
+	add	eax,		eax
+	adc	edx,		edx
+	adc	ebp,		0
+	add	ebx,		eax
+	adc	ecx,		edx
+	mov	eax,		DWORD PTR 8[esi]
+	adc	ebp,		0
+	mov	edx,		DWORD PTR 4[esi]
+	; sqr a[2]*a[1]
+	mul	edx
+	add	eax,		eax
+	adc	edx,		edx
+	adc	ebp,		0
+	add	ebx,		eax
+	adc	ecx,		edx
+	mov	eax,		DWORD PTR 12[esi]
+	adc	ebp,		0
+	mov	DWORD PTR 12[edi],ebx
+	mov	edx,		DWORD PTR 4[esi]
+	; saved r[3]
+	; ############### Calculate word 4
+	xor	ebx,		ebx
+	; sqr a[3]*a[1]
+	mul	edx
+	add	eax,		eax
+	adc	edx,		edx
+	adc	ebx,		0
+	add	ecx,		eax
+	adc	ebp,		edx
+	mov	eax,		DWORD PTR 8[esi]
+	adc	ebx,		0
+	; sqr a[2]*a[2]
+	mul	eax
+	add	ecx,		eax
+	adc	ebp,		edx
+	mov	edx,		DWORD PTR 8[esi]
+	adc	ebx,		0
+	mov	DWORD PTR 16[edi],ecx
+	mov	eax,		DWORD PTR 12[esi]
+	; saved r[4]
+	; ############### Calculate word 5
+	xor	ecx,		ecx
+	; sqr a[3]*a[2]
+	mul	edx
+	add	eax,		eax
+	adc	edx,		edx
+	adc	ecx,		0
+	add	ebp,		eax
+	adc	ebx,		edx
+	mov	eax,		DWORD PTR 12[esi]
+	adc	ecx,		0
+	mov	DWORD PTR 20[edi],ebp
+	; saved r[5]
+	; ############### Calculate word 6
+	xor	ebp,		ebp
+	; sqr a[3]*a[3]
+	mul	eax
+	add	ebx,		eax
+	adc	ecx,		edx
+	adc	ebp,		0
+	mov	DWORD PTR 24[edi],ebx
+	; saved r[6]
+	mov	DWORD PTR 28[edi],ecx
+	pop	ebx
+	pop	ebp
+	pop	edi
+	pop	esi
+	ret
+_bn_sqr_comba4 ENDP
+_TEXT	ENDS
 END
diff --git a/lib/libssl/src/crypto/bn/asm/bn86unix.cpp b/lib/libssl/src/crypto/bn/asm/bn86unix.cpp
deleted file mode 100644
index 64702201eab..00000000000
--- a/lib/libssl/src/crypto/bn/asm/bn86unix.cpp
+++ /dev/null
@@ -1,752 +0,0 @@
-/* Run the C pre-processor over this file with one of the following defined
- * ELF - elf object files,
- * OUT - a.out object files,
- * BSDI - BSDI style a.out object files
- * SOL - Solaris style elf
- */
-
-#define TYPE(a,b)       .type   a,b
-#define SIZE(a,b)       .size   a,b
-
-#if defined(OUT) || defined(BSDI)
-#define bn_mul_add_words _bn_mul_add_words
-#define bn_mul_words _bn_mul_words
-#define bn_sqr_words _bn_sqr_words
-#define bn_div64 _bn_div64
-#define bn_add_words _bn_add_words
-
-#endif
-
-#ifdef OUT
-#define OK	1
-#define ALIGN	4
-#endif
-
-#ifdef BSDI
-#define OK              1
-#define ALIGN           4
-#undef SIZE
-#undef TYPE
-#define SIZE(a,b)
-#define TYPE(a,b)
-#endif
-
-#if defined(ELF) || defined(SOL)
-#define OK              1
-#define ALIGN           16
-#endif
-
-#ifndef OK
-You need to define one of
-ELF - elf systems - linux-elf, NetBSD and DG-UX
-OUT - a.out systems - linux-a.out and FreeBSD
-SOL - solaris systems, which are elf with strange comment lines
-BSDI - a.out with a very primative version of as.
-#endif
-
-/* Let the Assembler begin :-) */
-	/* Don't even think of reading this code */
-	/* It was automatically generated by bn-586.pl */
-	/* Which is a perl program used to generate the x86 assember for */
-	/* any of elf, a.out, BSDI,Win32, or Solaris */
-	/* eric <eay@cryptsoft.com> */
-
-	.file	"bn-586.s"
-	.version	"01.01"
-gcc2_compiled.:
-.text
-	.align ALIGN
-.globl bn_mul_add_words
-	TYPE(bn_mul_add_words,@function)
-bn_mul_add_words:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-
-
-	xorl	%esi,		%esi
-	movl	20(%esp),	%edi
-	movl	28(%esp),	%ecx
-	movl	24(%esp),	%ebx
-	andl	$4294967288,	%ecx
-	movl	32(%esp),	%ebp
-	pushl	%ecx
-	jz	.L000maw_finish
-.L001maw_loop:
-	movl	%ecx,		(%esp)
-	/* Round 0 */
-	movl	(%ebx),		%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	(%edi),		%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		(%edi)
-	movl	%edx,		%esi
-	/* Round 4 */
-	movl	4(%ebx),	%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	4(%edi),	%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		4(%edi)
-	movl	%edx,		%esi
-	/* Round 8 */
-	movl	8(%ebx),	%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	8(%edi),	%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		8(%edi)
-	movl	%edx,		%esi
-	/* Round 12 */
-	movl	12(%ebx),	%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	12(%edi),	%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		12(%edi)
-	movl	%edx,		%esi
-	/* Round 16 */
-	movl	16(%ebx),	%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	16(%edi),	%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		16(%edi)
-	movl	%edx,		%esi
-	/* Round 20 */
-	movl	20(%ebx),	%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	20(%edi),	%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		20(%edi)
-	movl	%edx,		%esi
-	/* Round 24 */
-	movl	24(%ebx),	%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	24(%edi),	%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		24(%edi)
-	movl	%edx,		%esi
-	/* Round 28 */
-	movl	28(%ebx),	%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	28(%edi),	%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		28(%edi)
-	movl	%edx,		%esi
-
-	movl	(%esp),		%ecx
-	addl	$32,		%ebx
-	addl	$32,		%edi
-	subl	$8,		%ecx
-	jnz	.L001maw_loop
-.L000maw_finish:
-	movl	32(%esp),	%ecx
-	andl	$7,		%ecx
-	jnz	.L002maw_finish2
-	jmp	.L003maw_end
-.align ALIGN
-.L002maw_finish2:
-	/* Tail Round 0 */
-	movl	(%ebx),		%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	(%edi),		%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	decl	%ecx
-	movl	%eax,		(%edi)
-	movl	%edx,		%esi
-	jz	.L003maw_end
-	/* Tail Round 1 */
-	movl	4(%ebx),	%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	4(%edi),	%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	decl	%ecx
-	movl	%eax,		4(%edi)
-	movl	%edx,		%esi
-	jz	.L003maw_end
-	/* Tail Round 2 */
-	movl	8(%ebx),	%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	8(%edi),	%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	decl	%ecx
-	movl	%eax,		8(%edi)
-	movl	%edx,		%esi
-	jz	.L003maw_end
-	/* Tail Round 3 */
-	movl	12(%ebx),	%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	12(%edi),	%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	decl	%ecx
-	movl	%eax,		12(%edi)
-	movl	%edx,		%esi
-	jz	.L003maw_end
-	/* Tail Round 4 */
-	movl	16(%ebx),	%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	16(%edi),	%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	decl	%ecx
-	movl	%eax,		16(%edi)
-	movl	%edx,		%esi
-	jz	.L003maw_end
-	/* Tail Round 5 */
-	movl	20(%ebx),	%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	20(%edi),	%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	decl	%ecx
-	movl	%eax,		20(%edi)
-	movl	%edx,		%esi
-	jz	.L003maw_end
-	/* Tail Round 6 */
-	movl	24(%ebx),	%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	24(%edi),	%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		24(%edi)
-	movl	%edx,		%esi
-.L003maw_end:
-	movl	%esi,		%eax
-	popl	%ecx
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.bn_mul_add_words_end:
-	SIZE(bn_mul_add_words,.bn_mul_add_words_end-bn_mul_add_words)
-.ident	"bn_mul_add_words"
-.text
-	.align ALIGN
-.globl bn_mul_words
-	TYPE(bn_mul_words,@function)
-bn_mul_words:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-
-
-	xorl	%esi,		%esi
-	movl	20(%esp),	%edi
-	movl	24(%esp),	%ebx
-	movl	28(%esp),	%ebp
-	movl	32(%esp),	%ecx
-	andl	$4294967288,	%ebp
-	jz	.L004mw_finish
-.L005mw_loop:
-	/* Round 0 */
-	movl	(%ebx),		%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		(%edi)
-	movl	%edx,		%esi
-	/* Round 4 */
-	movl	4(%ebx),	%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		4(%edi)
-	movl	%edx,		%esi
-	/* Round 8 */
-	movl	8(%ebx),	%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		8(%edi)
-	movl	%edx,		%esi
-	/* Round 12 */
-	movl	12(%ebx),	%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		12(%edi)
-	movl	%edx,		%esi
-	/* Round 16 */
-	movl	16(%ebx),	%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		16(%edi)
-	movl	%edx,		%esi
-	/* Round 20 */
-	movl	20(%ebx),	%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		20(%edi)
-	movl	%edx,		%esi
-	/* Round 24 */
-	movl	24(%ebx),	%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		24(%edi)
-	movl	%edx,		%esi
-	/* Round 28 */
-	movl	28(%ebx),	%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		28(%edi)
-	movl	%edx,		%esi
-
-	addl	$32,		%ebx
-	addl	$32,		%edi
-	subl	$8,		%ebp
-	jz	.L004mw_finish
-	jmp	.L005mw_loop
-.L004mw_finish:
-	movl	28(%esp),	%ebp
-	andl	$7,		%ebp
-	jnz	.L006mw_finish2
-	jmp	.L007mw_end
-.align ALIGN
-.L006mw_finish2:
-	/* Tail Round 0 */
-	movl	(%ebx),		%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		(%edi)
-	movl	%edx,		%esi
-	decl	%ebp
-	jz	.L007mw_end
-	/* Tail Round 1 */
-	movl	4(%ebx),	%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		4(%edi)
-	movl	%edx,		%esi
-	decl	%ebp
-	jz	.L007mw_end
-	/* Tail Round 2 */
-	movl	8(%ebx),	%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		8(%edi)
-	movl	%edx,		%esi
-	decl	%ebp
-	jz	.L007mw_end
-	/* Tail Round 3 */
-	movl	12(%ebx),	%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		12(%edi)
-	movl	%edx,		%esi
-	decl	%ebp
-	jz	.L007mw_end
-	/* Tail Round 4 */
-	movl	16(%ebx),	%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		16(%edi)
-	movl	%edx,		%esi
-	decl	%ebp
-	jz	.L007mw_end
-	/* Tail Round 5 */
-	movl	20(%ebx),	%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		20(%edi)
-	movl	%edx,		%esi
-	decl	%ebp
-	jz	.L007mw_end
-	/* Tail Round 6 */
-	movl	24(%ebx),	%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		24(%edi)
-	movl	%edx,		%esi
-.L007mw_end:
-	movl	%esi,		%eax
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.bn_mul_words_end:
-	SIZE(bn_mul_words,.bn_mul_words_end-bn_mul_words)
-.ident	"bn_mul_words"
-.text
-	.align ALIGN
-.globl bn_sqr_words
-	TYPE(bn_sqr_words,@function)
-bn_sqr_words:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-
-
-	movl	20(%esp),	%esi
-	movl	24(%esp),	%edi
-	movl	28(%esp),	%ebx
-	andl	$4294967288,	%ebx
-	jz	.L008sw_finish
-.L009sw_loop:
-	/* Round 0 */
-	movl	(%edi),		%eax
-	mull	%eax
-	movl	%eax,		(%esi)
-	movl	%edx,		4(%esi)
-	/* Round 4 */
-	movl	4(%edi),	%eax
-	mull	%eax
-	movl	%eax,		8(%esi)
-	movl	%edx,		12(%esi)
-	/* Round 8 */
-	movl	8(%edi),	%eax
-	mull	%eax
-	movl	%eax,		16(%esi)
-	movl	%edx,		20(%esi)
-	/* Round 12 */
-	movl	12(%edi),	%eax
-	mull	%eax
-	movl	%eax,		24(%esi)
-	movl	%edx,		28(%esi)
-	/* Round 16 */
-	movl	16(%edi),	%eax
-	mull	%eax
-	movl	%eax,		32(%esi)
-	movl	%edx,		36(%esi)
-	/* Round 20 */
-	movl	20(%edi),	%eax
-	mull	%eax
-	movl	%eax,		40(%esi)
-	movl	%edx,		44(%esi)
-	/* Round 24 */
-	movl	24(%edi),	%eax
-	mull	%eax
-	movl	%eax,		48(%esi)
-	movl	%edx,		52(%esi)
-	/* Round 28 */
-	movl	28(%edi),	%eax
-	mull	%eax
-	movl	%eax,		56(%esi)
-	movl	%edx,		60(%esi)
-
-	addl	$32,		%edi
-	addl	$64,		%esi
-	subl	$8,		%ebx
-	jnz	.L009sw_loop
-.L008sw_finish:
-	movl	28(%esp),	%ebx
-	andl	$7,		%ebx
-	jz	.L010sw_end
-	/* Tail Round 0 */
-	movl	(%edi),		%eax
-	mull	%eax
-	movl	%eax,		(%esi)
-	decl	%ebx
-	movl	%edx,		4(%esi)
-	jz	.L010sw_end
-	/* Tail Round 1 */
-	movl	4(%edi),	%eax
-	mull	%eax
-	movl	%eax,		8(%esi)
-	decl	%ebx
-	movl	%edx,		12(%esi)
-	jz	.L010sw_end
-	/* Tail Round 2 */
-	movl	8(%edi),	%eax
-	mull	%eax
-	movl	%eax,		16(%esi)
-	decl	%ebx
-	movl	%edx,		20(%esi)
-	jz	.L010sw_end
-	/* Tail Round 3 */
-	movl	12(%edi),	%eax
-	mull	%eax
-	movl	%eax,		24(%esi)
-	decl	%ebx
-	movl	%edx,		28(%esi)
-	jz	.L010sw_end
-	/* Tail Round 4 */
-	movl	16(%edi),	%eax
-	mull	%eax
-	movl	%eax,		32(%esi)
-	decl	%ebx
-	movl	%edx,		36(%esi)
-	jz	.L010sw_end
-	/* Tail Round 5 */
-	movl	20(%edi),	%eax
-	mull	%eax
-	movl	%eax,		40(%esi)
-	decl	%ebx
-	movl	%edx,		44(%esi)
-	jz	.L010sw_end
-	/* Tail Round 6 */
-	movl	24(%edi),	%eax
-	mull	%eax
-	movl	%eax,		48(%esi)
-	movl	%edx,		52(%esi)
-.L010sw_end:
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.bn_sqr_words_end:
-	SIZE(bn_sqr_words,.bn_sqr_words_end-bn_sqr_words)
-.ident	"bn_sqr_words"
-.text
-	.align ALIGN
-.globl bn_div64
-	TYPE(bn_div64,@function)
-bn_div64:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-
-	movl	20(%esp),	%edx
-	movl	24(%esp),	%eax
-	movl	28(%esp),	%ebx
-	divl	%ebx
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.bn_div64_end:
-	SIZE(bn_div64,.bn_div64_end-bn_div64)
-.ident	"bn_div64"
-.text
-	.align ALIGN
-.globl bn_add_words
-	TYPE(bn_add_words,@function)
-bn_add_words:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-
-
-	movl	20(%esp),	%ebx
-	movl	24(%esp),	%esi
-	movl	28(%esp),	%edi
-	movl	32(%esp),	%ebp
-	xorl	%eax,		%eax
-	andl	$4294967288,	%ebp
-	jz	.L011aw_finish
-.L012aw_loop:
-	/* Round 0 */
-	movl	(%esi),		%ecx
-	movl	(%edi),		%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		(%ebx)
-	/* Round 1 */
-	movl	4(%esi),	%ecx
-	movl	4(%edi),	%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		4(%ebx)
-	/* Round 2 */
-	movl	8(%esi),	%ecx
-	movl	8(%edi),	%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		8(%ebx)
-	/* Round 3 */
-	movl	12(%esi),	%ecx
-	movl	12(%edi),	%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		12(%ebx)
-	/* Round 4 */
-	movl	16(%esi),	%ecx
-	movl	16(%edi),	%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		16(%ebx)
-	/* Round 5 */
-	movl	20(%esi),	%ecx
-	movl	20(%edi),	%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		20(%ebx)
-	/* Round 6 */
-	movl	24(%esi),	%ecx
-	movl	24(%edi),	%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		24(%ebx)
-	/* Round 7 */
-	movl	28(%esi),	%ecx
-	movl	28(%edi),	%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		28(%ebx)
-
-	addl	$32,		%esi
-	addl	$32,		%edi
-	addl	$32,		%ebx
-	subl	$8,		%ebp
-	jnz	.L012aw_loop
-.L011aw_finish:
-	movl	32(%esp),	%ebp
-	andl	$7,		%ebp
-	jz	.L013aw_end
-	/* Tail Round 0 */
-	movl	(%esi),		%ecx
-	movl	(%edi),		%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	decl	%ebp
-	movl	%ecx,		(%ebx)
-	jz	.L013aw_end
-	/* Tail Round 1 */
-	movl	4(%esi),	%ecx
-	movl	4(%edi),	%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	decl	%ebp
-	movl	%ecx,		4(%ebx)
-	jz	.L013aw_end
-	/* Tail Round 2 */
-	movl	8(%esi),	%ecx
-	movl	8(%edi),	%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	decl	%ebp
-	movl	%ecx,		8(%ebx)
-	jz	.L013aw_end
-	/* Tail Round 3 */
-	movl	12(%esi),	%ecx
-	movl	12(%edi),	%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	decl	%ebp
-	movl	%ecx,		12(%ebx)
-	jz	.L013aw_end
-	/* Tail Round 4 */
-	movl	16(%esi),	%ecx
-	movl	16(%edi),	%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	decl	%ebp
-	movl	%ecx,		16(%ebx)
-	jz	.L013aw_end
-	/* Tail Round 5 */
-	movl	20(%esi),	%ecx
-	movl	20(%edi),	%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	decl	%ebp
-	movl	%ecx,		20(%ebx)
-	jz	.L013aw_end
-	/* Tail Round 6 */
-	movl	24(%esi),	%ecx
-	movl	24(%edi),	%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		24(%ebx)
-.L013aw_end:
-	movl	%eax,		%eax
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.bn_add_words_end:
-	SIZE(bn_add_words,.bn_add_words_end-bn_add_words)
-.ident	"bn_add_words"
diff --git a/lib/libssl/src/crypto/bn/asm/ca.pl b/lib/libssl/src/crypto/bn/asm/ca.pl
new file mode 100644
index 00000000000..c1ce67a6b4d
--- /dev/null
+++ b/lib/libssl/src/crypto/bn/asm/ca.pl
@@ -0,0 +1,33 @@
+#!/usr/local/bin/perl
+# I have this in perl so I can use more usefull register names and then convert
+# them into alpha registers.
+#
+
+push(@INC,"perlasm","../../perlasm");
+require "alpha.pl";
+require "alpha/mul_add.pl";
+require "alpha/mul.pl";
+require "alpha/sqr.pl";
+require "alpha/add.pl";
+require "alpha/sub.pl";
+require "alpha/mul_c8.pl";
+require "alpha/mul_c4.pl";
+require "alpha/sqr_c4.pl";
+require "alpha/sqr_c8.pl";
+require "alpha/div.pl";
+
+&asm_init($ARGV[0],$0);
+
+&bn_mul_words("bn_mul_words");
+&bn_sqr_words("bn_sqr_words");
+&bn_mul_add_words("bn_mul_add_words");
+&bn_add_words("bn_add_words");
+&bn_sub_words("bn_sub_words");
+&bn_div_words("bn_div_words");
+&bn_mul_comba8("bn_mul_comba8");
+&bn_mul_comba4("bn_mul_comba4");
+&bn_sqr_comba4("bn_sqr_comba4");
+&bn_sqr_comba8("bn_sqr_comba8");
+
+&asm_finish();
+
diff --git a/lib/libssl/src/crypto/bn/asm/co-586.pl b/lib/libssl/src/crypto/bn/asm/co-586.pl
new file mode 100644
index 00000000000..5d962cb957d
--- /dev/null
+++ b/lib/libssl/src/crypto/bn/asm/co-586.pl
@@ -0,0 +1,286 @@
+#!/usr/local/bin/perl
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+
+&asm_init($ARGV[0],$0);
+
+&bn_mul_comba("bn_mul_comba8",8);
+&bn_mul_comba("bn_mul_comba4",4);
+&bn_sqr_comba("bn_sqr_comba8",8);
+&bn_sqr_comba("bn_sqr_comba4",4);
+
+&asm_finish();
+
+sub mul_add_c
+	{
+	local($a,$ai,$b,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;
+
+	# pos == -1 if eax and edx are pre-loaded, 0 to load from next
+	# words, and 1 if load return value
+
+	&comment("mul a[$ai]*b[$bi]");
+
+	# "eax" and "edx" will always be pre-loaded.
+	# &mov("eax",&DWP($ai*4,$a,"",0)) ;
+	# &mov("edx",&DWP($bi*4,$b,"",0));
+
+	&mul("edx");
+	&add($c0,"eax");
+	 &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;	# laod next a
+	 &mov("eax",&wparam(0)) if $pos > 0;			# load r[]
+	 ###
+	&adc($c1,"edx");
+	 &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 0;	# laod next b
+	 &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 1;	# laod next b
+	 ###
+	&adc($c2,0);
+	 # is pos > 1, it means it is the last loop 
+	 &mov(&DWP($i*4,"eax","",0),$c0) if $pos > 0;		# save r[];
+	&mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;		# laod next a
+	}
+
+sub sqr_add_c
+	{
+	local($r,$a,$ai,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;
+
+	# pos == -1 if eax and edx are pre-loaded, 0 to load from next
+	# words, and 1 if load return value
+
+	&comment("sqr a[$ai]*a[$bi]");
+
+	# "eax" and "edx" will always be pre-loaded.
+	# &mov("eax",&DWP($ai*4,$a,"",0)) ;
+	# &mov("edx",&DWP($bi*4,$b,"",0));
+
+	if ($ai == $bi)
+		{ &mul("eax");}
+	else
+		{ &mul("edx");}
+	&add($c0,"eax");
+	 &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;	# load next a
+	 ###
+	&adc($c1,"edx");
+	 &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos == 1) && ($na != $nb);
+	 ###
+	&adc($c2,0);
+	 # is pos > 1, it means it is the last loop 
+	 &mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0;		# save r[];
+	&mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;		# load next b
+	}
+
+sub sqr_add_c2
+	{
+	local($r,$a,$ai,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;
+
+	# pos == -1 if eax and edx are pre-loaded, 0 to load from next
+	# words, and 1 if load return value
+
+	&comment("sqr a[$ai]*a[$bi]");
+
+	# "eax" and "edx" will always be pre-loaded.
+	# &mov("eax",&DWP($ai*4,$a,"",0)) ;
+	# &mov("edx",&DWP($bi*4,$a,"",0));
+
+	if ($ai == $bi)
+		{ &mul("eax");}
+	else
+		{ &mul("edx");}
+	&add("eax","eax");
+	 ###
+	&adc("edx","edx");
+	 ###
+	&adc($c2,0);
+	 &add($c0,"eax");
+	&adc($c1,"edx");
+	 &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;	# load next a
+	 &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;	# load next b
+	&adc($c2,0);
+	&mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0;		# save r[];
+	 &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos <= 1) && ($na != $nb);
+	 ###
+	}
+
+sub bn_mul_comba
+	{
+	local($name,$num)=@_;
+	local($a,$b,$c0,$c1,$c2);
+	local($i,$as,$ae,$bs,$be,$ai,$bi);
+	local($tot,$end);
+
+	&function_begin_B($name,"");
+
+	$c0="ebx";
+	$c1="ecx";
+	$c2="ebp";
+	$a="esi";
+	$b="edi";
+	
+	$as=0;
+	$ae=0;
+	$bs=0;
+	$be=0;
+	$tot=$num+$num-1;
+
+	&push("esi");
+	 &mov($a,&wparam(1));
+	&push("edi");
+	 &mov($b,&wparam(2));
+	&push("ebp");
+	 &push("ebx");
+
+	&xor($c0,$c0);
+	 &mov("eax",&DWP(0,$a,"",0));	# load the first word 
+	&xor($c1,$c1);
+	 &mov("edx",&DWP(0,$b,"",0));	# load the first second 
+
+	for ($i=0; $i<$tot; $i++)
+		{
+		$ai=$as;
+		$bi=$bs;
+		$end=$be+1;
+
+		&comment("################## Calculate word $i"); 
+
+		for ($j=$bs; $j<$end; $j++)
+			{
+			&xor($c2,$c2) if ($j == $bs);
+			if (($j+1) == $end)
+				{
+				$v=1;
+				$v=2 if (($i+1) == $tot);
+				}
+			else
+				{ $v=0; }
+			if (($j+1) != $end)
+				{
+				$na=($ai-1);
+				$nb=($bi+1);
+				}
+			else
+				{
+				$na=$as+($i < ($num-1));
+				$nb=$bs+($i >= ($num-1));
+				}
+#printf STDERR "[$ai,$bi] -> [$na,$nb]\n";
+			&mul_add_c($a,$ai,$b,$bi,$c0,$c1,$c2,$v,$i,$na,$nb);
+			if ($v)
+				{
+				&comment("saved r[$i]");
+				# &mov("eax",&wparam(0));
+				# &mov(&DWP($i*4,"eax","",0),$c0);
+				($c0,$c1,$c2)=($c1,$c2,$c0);
+				}
+			$ai--;
+			$bi++;
+			}
+		$as++ if ($i < ($num-1));
+		$ae++ if ($i >= ($num-1));
+
+		$bs++ if ($i >= ($num-1));
+		$be++ if ($i < ($num-1));
+		}
+	&comment("save r[$i]");
+	# &mov("eax",&wparam(0));
+	&mov(&DWP($i*4,"eax","",0),$c0);
+
+	&pop("ebx");
+	&pop("ebp");
+	&pop("edi");
+	&pop("esi");
+	&ret();
+	&function_end_B($name);
+	}
+
+sub bn_sqr_comba
+	{
+	local($name,$num)=@_;
+	local($r,$a,$c0,$c1,$c2)=@_;
+	local($i,$as,$ae,$bs,$be,$ai,$bi);
+	local($b,$tot,$end,$half);
+
+	&function_begin_B($name,"");
+
+	$c0="ebx";
+	$c1="ecx";
+	$c2="ebp";
+	$a="esi";
+	$r="edi";
+
+	&push("esi");
+	 &push("edi");
+	&push("ebp");
+	 &push("ebx");
+	&mov($r,&wparam(0));
+	 &mov($a,&wparam(1));
+	&xor($c0,$c0);
+	 &xor($c1,$c1);
+	&mov("eax",&DWP(0,$a,"",0)); # load the first word
+
+	$as=0;
+	$ae=0;
+	$bs=0;
+	$be=0;
+	$tot=$num+$num-1;
+
+	for ($i=0; $i<$tot; $i++)
+		{
+		$ai=$as;
+		$bi=$bs;
+		$end=$be+1;
+
+		&comment("############### Calculate word $i");
+		for ($j=$bs; $j<$end; $j++)
+			{
+			&xor($c2,$c2) if ($j == $bs);
+			if (($ai-1) < ($bi+1))
+				{
+				$v=1;
+				$v=2 if ($i+1) == $tot;
+				}
+			else
+				{ $v=0; }
+			if (!$v)
+				{
+				$na=$ai-1;
+				$nb=$bi+1;
+				}
+			else
+				{
+				$na=$as+($i < ($num-1));
+				$nb=$bs+($i >= ($num-1));
+				}
+			if ($ai == $bi)
+				{
+				&sqr_add_c($r,$a,$ai,$bi,
+					$c0,$c1,$c2,$v,$i,$na,$nb);
+				}
+			else
+				{
+				&sqr_add_c2($r,$a,$ai,$bi,
+					$c0,$c1,$c2,$v,$i,$na,$nb);
+				}
+			if ($v)
+				{
+				&comment("saved r[$i]");
+				#&mov(&DWP($i*4,$r,"",0),$c0);
+				($c0,$c1,$c2)=($c1,$c2,$c0);
+				last;
+				}
+			$ai--;
+			$bi++;
+			}
+		$as++ if ($i < ($num-1));
+		$ae++ if ($i >= ($num-1));
+
+		$bs++ if ($i >= ($num-1));
+		$be++ if ($i < ($num-1));
+		}
+	&mov(&DWP($i*4,$r,"",0),$c0);
+	&pop("ebx");
+	&pop("ebp");
+	&pop("edi");
+	&pop("esi");
+	&ret();
+	&function_end_B($name);
+	}
diff --git a/lib/libssl/src/crypto/bn/asm/co-alpha.pl b/lib/libssl/src/crypto/bn/asm/co-alpha.pl
new file mode 100644
index 00000000000..67dad3e3d5f
--- /dev/null
+++ b/lib/libssl/src/crypto/bn/asm/co-alpha.pl
@@ -0,0 +1,116 @@
+#!/usr/local/bin/perl
+# I have this in perl so I can use more usefull register names and then convert
+# them into alpha registers.
+#
+
+push(@INC,"perlasm","../../perlasm");
+require "alpha.pl";
+
+&asm_init($ARGV[0],$0);
+
+print &bn_sub_words("bn_sub_words");
+
+&asm_finish();
+
+sub bn_sub_words
+	{
+	local($name)=@_;
+	local($cc,$a,$b,$r);
+
+	$cc="r0";
+	$a0="r1"; $b0="r5"; $r0="r9";  $tmp="r13";
+	$a1="r2"; $b1="r6"; $r1="r10"; $t1="r14";
+	$a2="r3"; $b2="r7"; $r2="r11";
+	$a3="r4"; $b3="r8"; $r3="r12"; $t3="r15";
+
+	$rp=&wparam(0);
+	$ap=&wparam(1);
+	$bp=&wparam(2);
+	$count=&wparam(3);
+
+	&function_begin($name,"");
+
+	&comment("");
+	&sub($count,4,$count);
+	&mov("zero",$cc);
+	&blt($count,&label("finish"));
+
+	&ld($a0,&QWPw(0,$ap));
+	&ld($b0,&QWPw(0,$bp));
+
+##########################################################
+	&set_label("loop");
+
+	&ld($a1,&QWPw(1,$ap));
+	 &cmpult($a0,$b0,$tmp);	# will we borrow?
+	&ld($b1,&QWPw(1,$bp));
+	 &sub($a0,$b0,$a0);		# do the subtract
+	&ld($a2,&QWPw(2,$ap));
+	 &cmpult($a0,$cc,$b0);	# will we borrow?
+	&ld($b2,&QWPw(2,$bp));
+	 &sub($a0,$cc,$a0);	# will we borrow?
+	&ld($a3,&QWPw(3,$ap));
+	 &add($b0,$tmp,$cc);	# add the borrows
+
+	&cmpult($a1,$b1,$t1);	# will we borrow?
+	 &sub($a1,$b1,$a1);	# do the subtract
+	&ld($b3,&QWPw(3,$bp));
+	 &cmpult($a1,$cc,$b1);	# will we borrow?
+	&sub($a1,$cc,$a1);	# will we borrow?
+	 &add($b1,$t1,$cc);	# add the borrows
+
+	&cmpult($a2,$b2,$tmp);	# will we borrow?
+	 &sub($a2,$b2,$a2);		# do the subtract
+	&st($a0,&QWPw(0,$rp));	# save
+	 &cmpult($a2,$cc,$b2);	# will we borrow?
+	&sub($a2,$cc,$a2);	# will we borrow?
+	 &add($b2,$tmp,$cc);	# add the borrows
+
+	&cmpult($a3,$b3,$t3);	# will we borrow?
+	 &sub($a3,$b3,$a3);		# do the subtract
+	&st($a1,&QWPw(1,$rp));	# save
+	 &cmpult($a3,$cc,$b3);	# will we borrow?
+	&sub($a3,$cc,$a3);	# will we borrow?
+	 &add($b3,$t3,$cc);	# add the borrows
+
+	&st($a2,&QWPw(2,$rp));	# save
+	 &sub($count,4,$count);	# count-=4
+	&st($a3,&QWPw(3,$rp));	# save
+	 &add($ap,4*$QWS,$ap);	# count+=4
+	&add($bp,4*$QWS,$bp);	# count+=4
+	 &add($rp,4*$QWS,$rp);	# count+=4
+
+	&blt($count,&label("finish"));
+	&ld($a0,&QWPw(0,$ap));
+	 &ld($b0,&QWPw(0,$bp));
+	&br(&label("loop"));
+##################################################
+	# Do the last 0..3 words
+
+	&set_label("last_loop");
+
+	&ld($a0,&QWPw(0,$ap));	# get a
+	 &ld($b0,&QWPw(0,$bp));	# get b
+	&cmpult($a0,$b0,$tmp);	# will we borrow?
+	&sub($a0,$b0,$a0);	# do the subtract
+	&cmpult($a0,$cc,$b0);	# will we borrow?
+	&sub($a0,$cc,$a0);	# will we borrow?
+	&st($a0,&QWPw(0,$rp));	# save
+	&add($b0,$tmp,$cc);	# add the borrows
+
+	&add($ap,$QWS,$ap);
+	&add($bp,$QWS,$bp);
+	&add($rp,$QWS,$rp);
+	&sub($count,1,$count);
+	&bgt($count,&label("last_loop"));
+	&function_end_A($name);
+
+######################################################
+	&set_label("finish");
+	&add($count,4,$count);
+	&bgt($count,&label("last_loop"));
+
+	&set_label("end");
+	&function_end($name);
+	}
+
diff --git a/lib/libssl/src/crypto/bn/asm/mips1.s b/lib/libssl/src/crypto/bn/asm/mips1.s
new file mode 100644
index 00000000000..44fa1254c76
--- /dev/null
+++ b/lib/libssl/src/crypto/bn/asm/mips1.s
@@ -0,0 +1,539 @@
+/* This assember is for R2000/R3000 machines, or higher ones that do
+ * no want to do any 64 bit arithmatic.
+ * Make sure that the SSLeay bignum library is compiled with 
+ * THIRTY_TWO_BIT set.
+ * This must either be compiled with the system CC, or, if you use GNU gas,
+ * cc -E mips1.s|gas -o mips1.o
+ */
+	.set	reorder
+	.set	noat
+
+#define R1	$1
+#define CC	$2
+#define	R2	$3
+#define R3	$8
+#define R4	$9
+#define L1	$10
+#define L2 	$11
+#define L3	$12
+#define L4 	$13
+#define H1 	$14
+#define H2	$15
+#define H3	$24
+#define H4	$25
+
+#define P1	$4
+#define P2	$5
+#define P3	$6
+#define P4	$7
+
+	.align	2
+	.ent	bn_mul_add_words
+	.globl	bn_mul_add_words
+.text
+bn_mul_add_words:
+	.frame	$sp,0,$31
+	.mask	0x00000000,0
+	.fmask	0x00000000,0
+
+	#blt	P3,4,$lab34
+	
+	subu	R1,P3,4
+	move	CC,$0
+	bltz	R1,$lab34
+$lab2:	
+	lw	R1,0(P1)
+	 lw	L1,0(P2)
+	lw	R2,4(P1)
+	 lw	L2,4(P2)
+	lw	R3,8(P1)
+	 lw	L3,8(P2)
+	lw	R4,12(P1)
+	 lw	L4,12(P2)
+	multu	L1,P4
+	 addu	R1,R1,CC
+	mflo	L1
+	 sltu	CC,R1,CC
+	addu	R1,R1,L1
+	 mfhi	H1
+	sltu	L1,R1,L1
+	 sw	R1,0(P1)
+	addu	CC,CC,L1
+	 multu	L2,P4
+	addu	CC,H1,CC
+	mflo	L2
+	 addu	R2,R2,CC
+	sltu	CC,R2,CC
+	 mfhi	H2
+	addu	R2,R2,L2
+	 addu	P2,P2,16
+	sltu	L2,R2,L2
+	 sw	R2,4(P1)
+	addu	CC,CC,L2
+	 multu	L3,P4
+	addu	CC,H2,CC
+	mflo	L3
+	 addu	R3,R3,CC
+	sltu	CC,R3,CC
+	 mfhi	H3
+	addu	R3,R3,L3
+	 addu	P1,P1,16
+	sltu	L3,R3,L3
+	 sw	R3,-8(P1)
+	addu	CC,CC,L3
+	 multu	L4,P4
+	addu	CC,H3,CC
+	mflo	L4
+	 addu	R4,R4,CC
+	sltu	CC,R4,CC
+	 mfhi	H4
+	addu	R4,R4,L4
+	 subu	P3,P3,4
+	sltu	L4,R4,L4
+	addu	CC,CC,L4
+	addu	CC,H4,CC
+
+	subu	R1,P3,4
+	sw	R4,-4(P1)	# delay slot
+	bgez	R1,$lab2
+
+	bleu	P3,0,$lab3
+	.align	2
+$lab33: 
+	lw	L1,0(P2)
+	 lw	R1,0(P1)
+	multu	L1,P4
+	 addu	R1,R1,CC
+	sltu	CC,R1,CC
+	 addu	P1,P1,4
+	mflo	L1
+	 mfhi	H1
+	addu	R1,R1,L1
+	 addu	P2,P2,4
+	sltu	L1,R1,L1
+	 subu	P3,P3,1
+	addu	CC,CC,L1
+	 sw	R1,-4(P1)
+	addu	CC,H1,CC
+	 bgtz	P3,$lab33
+	j	$31
+	.align	2
+$lab3:
+	j	$31
+	.align	2
+$lab34:
+	bgt	P3,0,$lab33
+	j	$31
+	.end	bn_mul_add_words
+
+	.align	2
+	# Program Unit: bn_mul_words
+	.ent	bn_mul_words
+	.globl	bn_mul_words
+.text
+bn_mul_words:
+	.frame	$sp,0,$31
+	.mask	0x00000000,0
+	.fmask	0x00000000,0
+	
+	subu	P3,P3,4
+	move	CC,$0
+	bltz	P3,$lab45
+$lab44:	
+	lw	L1,0(P2)
+	 lw	L2,4(P2)
+	lw	L3,8(P2)
+	 lw	L4,12(P2)
+	multu	L1,P4
+	 subu	P3,P3,4
+	mflo	L1
+	 mfhi	H1
+	addu	L1,L1,CC
+	 multu	L2,P4
+	sltu	CC,L1,CC
+	 sw	L1,0(P1)
+	addu	CC,H1,CC
+	 mflo	L2
+	mfhi	H2
+	 addu	L2,L2,CC
+	multu	L3,P4
+	 sltu	CC,L2,CC
+	sw	L2,4(P1)
+	 addu	CC,H2,CC
+	mflo	L3
+	 mfhi	H3
+	addu	L3,L3,CC
+	 multu	L4,P4
+	sltu	CC,L3,CC
+	 sw	L3,8(P1)
+	addu	CC,H3,CC
+	 mflo	L4
+	mfhi	H4
+	 addu	L4,L4,CC
+	addu	P1,P1,16
+	 sltu	CC,L4,CC
+	addu	P2,P2,16
+	 addu	CC,H4,CC
+	sw	L4,-4(P1)
+
+	bgez	P3,$lab44
+	b	$lab45
+$lab46:
+	lw	L1,0(P2)
+	 addu	P1,P1,4
+	multu	L1,P4
+	 addu	P2,P2,4
+	mflo	L1
+	 mfhi	H1
+	addu	L1,L1,CC
+	 subu	P3,P3,1
+	sltu	CC,L1,CC
+	 sw	L1,-4(P1)
+	addu	CC,H1,CC
+	 bgtz	P3,$lab46
+	j	$31
+$lab45:
+	addu	P3,P3,4
+	bgtz	P3,$lab46
+	j	$31
+	.align	2
+	.end	bn_mul_words
+
+	# Program Unit: bn_sqr_words
+	.ent	bn_sqr_words
+	.globl	bn_sqr_words
+.text
+bn_sqr_words:
+	.frame	$sp,0,$31
+	.mask	0x00000000,0
+	.fmask	0x00000000,0
+	
+	subu	P3,P3,4
+	bltz	P3,$lab55
+$lab54:
+	lw	L1,0(P2)
+	 lw	L2,4(P2)
+	lw	L3,8(P2)
+	 lw	L4,12(P2)
+
+	multu	L1,L1
+	 subu	P3,P3,4
+	mflo	L1
+	 mfhi	H1
+	sw	L1,0(P1)
+	 sw	H1,4(P1)
+
+	multu	L2,L2
+	 addu	P1,P1,32
+	mflo	L2
+	 mfhi	H2
+	sw	L2,-24(P1)
+	 sw	H2,-20(P1)
+
+	multu	L3,L3
+	 addu	P2,P2,16
+	mflo	L3
+	 mfhi	H3
+	sw	L3,-16(P1)
+	 sw	H3,-12(P1)
+
+	multu	L4,L4
+
+	mflo	L4
+	 mfhi	H4
+	sw	L4,-8(P1)
+	 sw	H4,-4(P1)
+
+	bgtz	P3,$lab54
+	b	$lab55
+$lab56:	
+	lw	L1,0(P2)
+	addu	P1,P1,8
+	multu	L1,L1
+	addu	P2,P2,4
+	subu	P3,P3,1
+	mflo	L1
+	mfhi	H1
+	sw	L1,-8(P1)
+	sw	H1,-4(P1)
+
+	bgtz	P3,$lab56
+	j	$31
+$lab55:
+	addu	P3,P3,4
+	bgtz	P3,$lab56
+	j	$31
+	.align	2
+	.end	bn_sqr_words
+
+	# Program Unit: bn_add_words
+	.ent	bn_add_words
+	.globl	bn_add_words
+.text
+bn_add_words: 	 # 0x590
+	.frame	$sp,0,$31
+	.mask	0x00000000,0
+	.fmask	0x00000000,0
+	
+	subu	P4,P4,4
+	move	CC,$0
+	bltz	P4,$lab65
+$lab64:	
+	lw	L1,0(P2)
+	lw	R1,0(P3)
+	lw	L2,4(P2)
+	lw	R2,4(P3)
+
+	addu	L1,L1,CC
+	 lw	L3,8(P2)
+	sltu	CC,L1,CC
+	 addu	L1,L1,R1
+	sltu	R1,L1,R1
+	 lw	R3,8(P3)
+	addu	CC,CC,R1
+	 lw	L4,12(P2)
+
+	addu	L2,L2,CC
+	 lw	R4,12(P3)
+	sltu	CC,L2,CC
+	 addu	L2,L2,R2
+	sltu	R2,L2,R2
+	 sw	L1,0(P1)
+	addu	CC,CC,R2
+	 addu	P1,P1,16
+	addu	L3,L3,CC
+	 sw	L2,-12(P1)
+ 
+	sltu	CC,L3,CC
+	 addu	L3,L3,R3
+	sltu	R3,L3,R3
+	 addu	P2,P2,16
+	addu	CC,CC,R3
+
+	addu	L4,L4,CC
+	 addu	P3,P3,16
+	sltu	CC,L4,CC
+	 addu	L4,L4,R4
+	subu	P4,P4,4
+	 sltu	R4,L4,R4
+	sw	L3,-8(P1)
+	 addu	CC,CC,R4
+	sw	L4,-4(P1)
+
+	bgtz	P4,$lab64
+	b	$lab65
+$lab66:
+	lw	L1,0(P2)
+	 lw	R1,0(P3)
+	addu	L1,L1,CC
+	 addu	P1,P1,4
+	sltu	CC,L1,CC
+	 addu	P2,P2,4
+	addu	P3,P3,4
+	 addu	L1,L1,R1
+	subu	P4,P4,1
+	 sltu	R1,L1,R1
+	sw	L1,-4(P1)
+	 addu	CC,CC,R1
+
+	bgtz	P4,$lab66
+	j	$31
+$lab65:
+	addu	P4,P4,4
+	bgtz	P4,$lab66
+	j	$31
+	.end	bn_add_words
+
+	# Program Unit: bn_div64
+	.set	at
+	.set	reorder
+	.text	
+	.align	2
+	.globl	bn_div64
+ # 321		{
+	.ent	bn_div64 2
+bn_div64:
+	subu	$sp, 64
+	sw	$31, 56($sp)
+	sw	$16, 48($sp)
+	.mask	0x80010000, -56
+	.frame	$sp, 64, $31
+	move	$9, $4
+	move	$12, $5
+	move	$16, $6
+ # 322		BN_ULONG dh,dl,q,ret=0,th,tl,t;
+	move	$31, $0
+ # 323		int i,count=2;
+	li	$13, 2
+ # 324	
+ # 325		if (d == 0) return(BN_MASK2);
+	bne	$16, 0, $80
+	li	$2, -1
+	b	$93
+$80:
+ # 326	
+ # 327		i=BN_num_bits_word(d);
+	move	$4, $16
+	sw	$31, 16($sp)
+	sw	$9, 24($sp)
+	sw	$12, 32($sp)
+	sw	$13, 40($sp)
+	.livereg	0x800ff0e,0xfff
+	jal	BN_num_bits_word
+	li	$4, 32
+	lw	$31, 16($sp)
+	lw	$9, 24($sp)
+	lw	$12, 32($sp)
+	lw	$13, 40($sp)
+	move	$3, $2
+ # 328		if ((i != BN_BITS2) && (h > (BN_ULONG)1<<i))
+	beq	$2, $4, $81
+	li	$14, 1
+	sll	$15, $14, $2
+	bleu	$9, $15, $81
+ # 329			{
+ # 330	#if !defined(NO_STDIO) && !defined(WIN16)
+ # 331			fprintf(stderr,"Division would overflow (%d)\n",i);
+ # 332	#endif
+ # 333			abort();
+	sw	$3, 8($sp)
+	sw	$9, 24($sp)
+	sw	$12, 32($sp)
+	sw	$13, 40($sp)
+	sw	$31, 26($sp)
+	.livereg	0xff0e,0xfff
+	jal	abort
+	lw	$3, 8($sp)
+	li	$4, 32
+	lw	$9, 24($sp)
+	lw	$12, 32($sp)
+	lw	$13, 40($sp)
+	lw	$31, 26($sp)
+ # 334			}
+$81:
+ # 335		i=BN_BITS2-i;
+	subu	$3, $4, $3
+ # 336		if (h >= d) h-=d;
+	bltu	$9, $16, $82
+	subu	$9, $9, $16
+$82:
+ # 337	
+ # 338		if (i)
+	beq	$3, 0, $83
+ # 339			{
+ # 340			d<<=i;
+	sll	$16, $16, $3
+ # 341			h=(h<<i)|(l>>(BN_BITS2-i));
+	sll	$24, $9, $3
+	subu	$25, $4, $3
+	srl	$14, $12, $25
+	or	$9, $24, $14
+ # 342			l<<=i;
+	sll	$12, $12, $3
+ # 343			}
+$83:
+ # 344		dh=(d&BN_MASK2h)>>BN_BITS4;
+ # 345		dl=(d&BN_MASK2l);
+	and	$8, $16, -65536
+	srl	$8, $8, 16
+	and	$10, $16, 65535
+	li	$6, -65536
+$84:
+ # 346		for (;;)
+ # 347			{
+ # 348			if ((h>>BN_BITS4) == dh)
+	srl	$15, $9, 16
+	bne	$8, $15, $85
+ # 349				q=BN_MASK2l;
+	li	$5, 65535
+	b	$86
+$85:
+ # 350			else
+ # 351				q=h/dh;
+	divu	$5, $9, $8
+$86:
+ # 352	
+ # 353			for (;;)
+ # 354				{
+ # 355				t=(h-q*dh);
+	mul	$4, $5, $8
+	subu	$2, $9, $4
+	move	$3, $2
+ # 356				if ((t&BN_MASK2h) ||
+ # 357					((dl*q) <= (
+ # 358						(t<<BN_BITS4)+
+ # 359						((l&BN_MASK2h)>>BN_BITS4))))
+	and	$25, $2, $6
+	bne	$25, $0, $87
+	mul	$24, $10, $5
+	sll	$14, $3, 16
+	and	$15, $12, $6
+	srl	$25, $15, 16
+	addu	$15, $14, $25
+	bgtu	$24, $15, $88
+$87:
+ # 360					break;
+	mul	$3, $10, $5
+	b	$89
+$88:
+ # 361				q--;
+	addu	$5, $5, -1
+ # 362				}
+	b	$86
+$89:
+ # 363			th=q*dh;
+ # 364			tl=q*dl;
+ # 365			t=(tl>>BN_BITS4);
+ # 366			tl=(tl<<BN_BITS4)&BN_MASK2h;
+	sll	$14, $3, 16
+	and	$2, $14, $6
+	move	$11, $2
+ # 367			th+=t;
+	srl	$25, $3, 16
+	addu	$7, $4, $25
+ # 368	
+ # 369			if (l < tl) th++;
+	bgeu	$12, $2, $90
+	addu	$7, $7, 1
+$90:
+ # 370			l-=tl;
+	subu	$12, $12, $11
+ # 371			if (h < th)
+	bgeu	$9, $7, $91
+ # 372				{
+ # 373				h+=d;
+	addu	$9, $9, $16
+ # 374				q--;
+	addu	$5, $5, -1
+ # 375				}
+$91:
+ # 376			h-=th;
+	subu	$9, $9, $7
+ # 377	
+ # 378			if (--count == 0) break;
+	addu	$13, $13, -1
+	beq	$13, 0, $92
+ # 379	
+ # 380			ret=q<<BN_BITS4;
+	sll	$31, $5, 16
+ # 381			h=((h<<BN_BITS4)|(l>>BN_BITS4))&BN_MASK2;
+	sll	$24, $9, 16
+	srl	$15, $12, 16
+	or	$9, $24, $15
+ # 382			l=(l&BN_MASK2l)<<BN_BITS4;
+	and	$12, $12, 65535
+	sll	$12, $12, 16
+ # 383			}
+	b	$84
+$92:
+ # 384		ret|=q;
+	or	$31, $31, $5
+ # 385		return(ret);
+	move	$2, $31
+$93:
+	lw	$16, 48($sp)
+	lw	$31, 56($sp)
+	addu	$sp, 64
+	j	$31
+	.end	bn_div64
+
diff --git a/lib/libssl/src/crypto/bn/asm/mips3.s b/lib/libssl/src/crypto/bn/asm/mips3.s
new file mode 100644
index 00000000000..191345d9207
--- /dev/null
+++ b/lib/libssl/src/crypto/bn/asm/mips3.s
@@ -0,0 +1,2138 @@
+.rdata
+.asciiz "mips3.s, Version 1.0"
+.asciiz	"MIPS III/IV ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
+
+/*
+ * ====================================================================
+ * Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+ * project.
+ *
+ * Rights for redistribution and usage in source and binary forms are
+ * granted according to the OpenSSL license. Warranty of any kind is
+ * disclaimed.
+ * ====================================================================
+ */
+
+/*
+ * This is my modest contributon to the OpenSSL project (see
+ * http://www.openssl.org/ for more information about it) and is
+ * a drop-in MIPS III/IV ISA replacement for crypto/bn/bn_asm.c
+ * module. For updates see http://fy.chalmers.se/~appro/hpe/.
+ *
+ * The module is designed to work with either of the "new" MIPS ABI(5),
+ * namely N32 or N64, offered by IRIX 6.x. It's not ment to work under
+ * IRIX 5.x not only because it doesn't support new ABIs but also
+ * because 5.x kernels put R4x00 CPU into 32-bit mode and all those
+ * 64-bit instructions (daddu, dmultu, etc.) found below gonna only
+ * cause illegal instruction exception:-(
+ *
+ * In addition the code depends on preprocessor flags set up by MIPSpro
+ * compiler driver (either as or cc) and therefore (probably?) can't be
+ * compiled by the GNU assembler. GNU C driver manages fine though...
+ * I mean as long as -mmips-as is specified or is the default option,
+ * because then it simply invokes /usr/bin/as which in turn takes
+ * perfect care of the preprocessor definitions. Another neat feature
+ * offered by the MIPSpro assembler is an optimization pass. This gave
+ * me the opportunity to have the code looking more regular as all those
+ * architecture dependent instruction rescheduling details were left to
+ * the assembler. Cool, huh?
+ *
+ * Performance improvement is astonishing! 'apps/openssl speed rsa dsa'
+ * goes way over 3 times faster!
+ *
+ *					<appro@fy.chalmers.se>
+ */
+#include <asm.h>
+#include <regdef.h>
+
+#if _MIPS_ISA>=4
+#define	MOVNZ(cond,dst,src)	\
+	movn	dst,src,cond
+#else
+#define	MOVNZ(cond,dst,src)	\
+	.set	noreorder;	\
+	bnezl	cond,.+8;	\
+	move	dst,src;	\
+	.set	reorder
+#endif
+
+.text
+
+.set	noat
+.set	reorder
+
+#define	MINUS4	v1
+
+.align	5
+LEAF(bn_mul_add_words)
+	.set	noreorder
+	bgtzl	a2,.L_bn_mul_add_words_proceed
+	ld	t0,0(a1)
+	jr	ra
+	move	v0,zero
+	.set	reorder
+
+.L_bn_mul_add_words_proceed:
+	li	MINUS4,-4
+	and	ta0,a2,MINUS4
+	move	v0,zero
+	beqz	ta0,.L_bn_mul_add_words_tail
+
+.L_bn_mul_add_words_loop:
+	dmultu	t0,a3
+	ld	t1,0(a0)
+	ld	t2,8(a1)
+	ld	t3,8(a0)
+	ld	ta0,16(a1)
+	ld	ta1,16(a0)
+	daddu	t1,v0
+	sltu	v0,t1,v0	/* All manuals say it "compares 32-bit
+				 * values", but it seems to work fine
+				 * even on 64-bit registers. */
+	mflo	AT
+	mfhi	t0
+	daddu	t1,AT
+	daddu	v0,t0
+	sltu	AT,t1,AT
+	sd	t1,0(a0)
+	daddu	v0,AT
+
+	dmultu	t2,a3
+	ld	ta2,24(a1)
+	ld	ta3,24(a0)
+	daddu	t3,v0
+	sltu	v0,t3,v0
+	mflo	AT
+	mfhi	t2
+	daddu	t3,AT
+	daddu	v0,t2
+	sltu	AT,t3,AT
+	sd	t3,8(a0)
+	daddu	v0,AT
+
+	dmultu	ta0,a3
+	subu	a2,4
+	PTR_ADD	a0,32
+	PTR_ADD	a1,32
+	daddu	ta1,v0
+	sltu	v0,ta1,v0
+	mflo	AT
+	mfhi	ta0
+	daddu	ta1,AT
+	daddu	v0,ta0
+	sltu	AT,ta1,AT
+	sd	ta1,-16(a0)
+	daddu	v0,AT
+
+
+	dmultu	ta2,a3
+	and	ta0,a2,MINUS4
+	daddu	ta3,v0
+	sltu	v0,ta3,v0
+	mflo	AT
+	mfhi	ta2
+	daddu	ta3,AT
+	daddu	v0,ta2
+	sltu	AT,ta3,AT
+	sd	ta3,-8(a0)
+	daddu	v0,AT
+	.set	noreorder
+	bgtzl	ta0,.L_bn_mul_add_words_loop
+	ld	t0,0(a1)
+
+	bnezl	a2,.L_bn_mul_add_words_tail
+	ld	t0,0(a1)
+	.set	reorder
+
+.L_bn_mul_add_words_return:
+	jr	ra
+
+.L_bn_mul_add_words_tail:
+	dmultu	t0,a3
+	ld	t1,0(a0)
+	subu	a2,1
+	daddu	t1,v0
+	sltu	v0,t1,v0
+	mflo	AT
+	mfhi	t0
+	daddu	t1,AT
+	daddu	v0,t0
+	sltu	AT,t1,AT
+	sd	t1,0(a0)
+	daddu	v0,AT
+	beqz	a2,.L_bn_mul_add_words_return
+
+	ld	t0,8(a1)
+	dmultu	t0,a3
+	ld	t1,8(a0)
+	subu	a2,1
+	daddu	t1,v0
+	sltu	v0,t1,v0
+	mflo	AT
+	mfhi	t0
+	daddu	t1,AT
+	daddu	v0,t0
+	sltu	AT,t1,AT
+	sd	t1,8(a0)
+	daddu	v0,AT
+	beqz	a2,.L_bn_mul_add_words_return
+
+	ld	t0,16(a1)
+	dmultu	t0,a3
+	ld	t1,16(a0)
+	daddu	t1,v0
+	sltu	v0,t1,v0
+	mflo	AT
+	mfhi	t0
+	daddu	t1,AT
+	daddu	v0,t0
+	sltu	AT,t1,AT
+	sd	t1,16(a0)
+	daddu	v0,AT
+	jr	ra
+END(bn_mul_add_words)
+
+.align	5
+LEAF(bn_mul_words)
+	.set	noreorder
+	bgtzl	a2,.L_bn_mul_words_proceed
+	ld	t0,0(a1)
+	jr	ra
+	move	v0,zero
+	.set	reorder
+
+.L_bn_mul_words_proceed:
+	li	MINUS4,-4
+	and	ta0,a2,MINUS4
+	move	v0,zero
+	beqz	ta0,.L_bn_mul_words_tail
+
+.L_bn_mul_words_loop:
+	dmultu	t0,a3
+	ld	t2,8(a1)
+	ld	ta0,16(a1)
+	ld	ta2,24(a1)
+	mflo	AT
+	mfhi	t0
+	daddu	v0,AT
+	sltu	t1,v0,AT
+	sd	v0,0(a0)
+	daddu	v0,t1,t0
+
+	dmultu	t2,a3
+	subu	a2,4
+	PTR_ADD	a0,32
+	PTR_ADD	a1,32
+	mflo	AT
+	mfhi	t2
+	daddu	v0,AT
+	sltu	t3,v0,AT
+	sd	v0,-24(a0)
+	daddu	v0,t3,t2
+
+	dmultu	ta0,a3
+	mflo	AT
+	mfhi	ta0
+	daddu	v0,AT
+	sltu	ta1,v0,AT
+	sd	v0,-16(a0)
+	daddu	v0,ta1,ta0
+
+
+	dmultu	ta2,a3
+	and	ta0,a2,MINUS4
+	mflo	AT
+	mfhi	ta2
+	daddu	v0,AT
+	sltu	ta3,v0,AT
+	sd	v0,-8(a0)
+	daddu	v0,ta3,ta2
+	.set	noreorder
+	bgtzl	ta0,.L_bn_mul_words_loop
+	ld	t0,0(a1)
+
+	bnezl	a2,.L_bn_mul_words_tail
+	ld	t0,0(a1)
+	.set	reorder
+
+.L_bn_mul_words_return:
+	jr	ra
+
+.L_bn_mul_words_tail:
+	dmultu	t0,a3
+	subu	a2,1
+	mflo	AT
+	mfhi	t0
+	daddu	v0,AT
+	sltu	t1,v0,AT
+	sd	v0,0(a0)
+	daddu	v0,t1,t0
+	beqz	a2,.L_bn_mul_words_return
+
+	ld	t0,8(a1)
+	dmultu	t0,a3
+	subu	a2,1
+	mflo	AT
+	mfhi	t0
+	daddu	v0,AT
+	sltu	t1,v0,AT
+	sd	v0,8(a0)
+	daddu	v0,t1,t0
+	beqz	a2,.L_bn_mul_words_return
+
+	ld	t0,16(a1)
+	dmultu	t0,a3
+	mflo	AT
+	mfhi	t0
+	daddu	v0,AT
+	sltu	t1,v0,AT
+	sd	v0,16(a0)
+	daddu	v0,t1,t0
+	jr	ra
+END(bn_mul_words)
+
+.align	5
+LEAF(bn_sqr_words)
+	.set	noreorder
+	bgtzl	a2,.L_bn_sqr_words_proceed
+	ld	t0,0(a1)
+	jr	ra
+	move	v0,zero
+	.set	reorder
+
+.L_bn_sqr_words_proceed:
+	li	MINUS4,-4
+	and	ta0,a2,MINUS4
+	move	v0,zero
+	beqz	ta0,.L_bn_sqr_words_tail
+
+.L_bn_sqr_words_loop:
+	dmultu	t0,t0
+	ld	t2,8(a1)
+	ld	ta0,16(a1)
+	ld	ta2,24(a1)
+	mflo	t1
+	mfhi	t0
+	sd	t1,0(a0)
+	sd	t0,8(a0)
+
+	dmultu	t2,t2
+	subu	a2,4
+	PTR_ADD	a0,64
+	PTR_ADD	a1,32
+	mflo	t3
+	mfhi	t2
+	sd	t3,-48(a0)
+	sd	t2,-40(a0)
+
+	dmultu	ta0,ta0
+	mflo	ta1
+	mfhi	ta0
+	sd	ta1,-32(a0)
+	sd	ta0,-24(a0)
+
+
+	dmultu	ta2,ta2
+	and	ta0,a2,MINUS4
+	mflo	ta3
+	mfhi	ta2
+	sd	ta3,-16(a0)
+	sd	ta2,-8(a0)
+
+	.set	noreorder
+	bgtzl	ta0,.L_bn_sqr_words_loop
+	ld	t0,0(a1)
+
+	bnezl	a2,.L_bn_sqr_words_tail
+	ld	t0,0(a1)
+	.set	reorder
+
+.L_bn_sqr_words_return:
+	move	v0,zero
+	jr	ra
+
+.L_bn_sqr_words_tail:
+	dmultu	t0,t0
+	subu	a2,1
+	mflo	t1
+	mfhi	t0
+	sd	t1,0(a0)
+	sd	t0,8(a0)
+	beqz	a2,.L_bn_sqr_words_return
+
+	ld	t0,8(a1)
+	dmultu	t0,t0
+	subu	a2,1
+	mflo	t1
+	mfhi	t0
+	sd	t1,16(a0)
+	sd	t0,24(a0)
+	beqz	a2,.L_bn_sqr_words_return
+
+	ld	t0,16(a1)
+	dmultu	t0,t0
+	mflo	t1
+	mfhi	t0
+	sd	t1,32(a0)
+	sd	t0,40(a0)
+	jr	ra
+END(bn_sqr_words)
+
+.align	5
+LEAF(bn_add_words)
+	.set	noreorder
+	bgtzl	a3,.L_bn_add_words_proceed
+	ld	t0,0(a1)
+	jr	ra
+	move	v0,zero
+	.set	reorder
+
+.L_bn_add_words_proceed:
+	li	MINUS4,-4
+	and	AT,a3,MINUS4
+	move	v0,zero
+	beqz	AT,.L_bn_add_words_tail
+
+.L_bn_add_words_loop:
+	ld	ta0,0(a2)
+	ld	t1,8(a1)
+	ld	ta1,8(a2)
+	ld	t2,16(a1)
+	ld	ta2,16(a2)
+	ld	t3,24(a1)
+	ld	ta3,24(a2)
+	daddu	ta0,t0
+	subu	a3,4
+	sltu	t8,ta0,t0
+	daddu	t0,ta0,v0
+	PTR_ADD	a0,32
+	sltu	v0,t0,ta0
+	sd	t0,-32(a0)
+	daddu	v0,t8
+
+	daddu	ta1,t1
+	PTR_ADD	a1,32
+	sltu	t9,ta1,t1
+	daddu	t1,ta1,v0
+	PTR_ADD	a2,32
+	sltu	v0,t1,ta1
+	sd	t1,-24(a0)
+	daddu	v0,t9
+
+	daddu	ta2,t2
+	and	AT,a3,MINUS4
+	sltu	t8,ta2,t2
+	daddu	t2,ta2,v0
+	sltu	v0,t2,ta2
+	sd	t2,-16(a0)
+	daddu	v0,t8
+	
+	daddu	ta3,t3
+	sltu	t9,ta3,t3
+	daddu	t3,ta3,v0
+	sltu	v0,t3,ta3
+	sd	t3,-8(a0)
+	daddu	v0,t9
+	
+	.set	noreorder
+	bgtzl	AT,.L_bn_add_words_loop
+	ld	t0,0(a1)
+
+	bnezl	a3,.L_bn_add_words_tail
+	ld	t0,0(a1)
+	.set	reorder
+
+.L_bn_add_words_return:
+	jr	ra
+
+.L_bn_add_words_tail:
+	ld	ta0,0(a2)
+	daddu	ta0,t0
+	subu	a3,1
+	sltu	t8,ta0,t0
+	daddu	t0,ta0,v0
+	sltu	v0,t0,ta0
+	sd	t0,0(a0)
+	daddu	v0,t8
+	beqz	a3,.L_bn_add_words_return
+
+	ld	t1,8(a1)
+	ld	ta1,8(a2)
+	daddu	ta1,t1
+	subu	a3,1
+	sltu	t9,ta1,t1
+	daddu	t1,ta1,v0
+	sltu	v0,t1,ta1
+	sd	t1,8(a0)
+	daddu	v0,t9
+	beqz	a3,.L_bn_add_words_return
+
+	ld	t2,16(a1)
+	ld	ta2,16(a2)
+	daddu	ta2,t2
+	sltu	t8,ta2,t2
+	daddu	t2,ta2,v0
+	sltu	v0,t2,ta2
+	sd	t2,16(a0)
+	daddu	v0,t8
+	jr	ra
+END(bn_add_words)
+
+.align	5
+LEAF(bn_sub_words)
+	.set	noreorder
+	bgtzl	a3,.L_bn_sub_words_proceed
+	ld	t0,0(a1)
+	jr	ra
+	move	v0,zero
+	.set	reorder
+
+.L_bn_sub_words_proceed:
+	li	MINUS4,-4
+	and	AT,a3,MINUS4
+	move	v0,zero
+	beqz	AT,.L_bn_sub_words_tail
+
+.L_bn_sub_words_loop:
+	ld	ta0,0(a2)
+	ld	t1,8(a1)
+	ld	ta1,8(a2)
+	ld	t2,16(a1)
+	ld	ta2,16(a2)
+	ld	t3,24(a1)
+	ld	ta3,24(a2)
+	sltu	t8,t0,ta0
+	dsubu	t0,ta0
+	subu	a3,4
+	dsubu	ta0,t0,v0
+	and	AT,a3,MINUS4
+	sd	ta0,0(a0)
+	MOVNZ	(t0,v0,t8)
+
+	sltu	t9,t1,ta1
+	dsubu	t1,ta1
+	PTR_ADD	a0,32
+	dsubu	ta1,t1,v0
+	PTR_ADD	a1,32
+	sd	ta1,-24(a0)
+	MOVNZ	(t1,v0,t9)
+
+
+	sltu	t8,t2,ta2
+	dsubu	t2,ta2
+	dsubu	ta2,t2,v0
+	PTR_ADD	a2,32
+	sd	ta2,-16(a0)
+	MOVNZ	(t2,v0,t8)
+
+	sltu	t9,t3,ta3
+	dsubu	t3,ta3
+	dsubu	ta3,t3,v0
+	sd	ta3,-8(a0)
+	MOVNZ	(t3,v0,t9)
+
+	.set	noreorder
+	bgtzl	AT,.L_bn_sub_words_loop
+	ld	t0,0(a1)
+
+	bnezl	a3,.L_bn_sub_words_tail
+	ld	t0,0(a1)
+	.set	reorder
+
+.L_bn_sub_words_return:
+	jr	ra
+
+.L_bn_sub_words_tail:
+	ld	ta0,0(a2)
+	subu	a3,1
+	sltu	t8,t0,ta0
+	dsubu	t0,ta0
+	dsubu	ta0,t0,v0
+	MOVNZ	(t0,v0,t8)
+	sd	ta0,0(a0)
+	beqz	a3,.L_bn_sub_words_return
+
+	ld	t1,8(a1)
+	subu	a3,1
+	ld	ta1,8(a2)
+	sltu	t9,t1,ta1
+	dsubu	t1,ta1
+	dsubu	ta1,t1,v0
+	MOVNZ	(t1,v0,t9)
+	sd	ta1,8(a0)
+	beqz	a3,.L_bn_sub_words_return
+
+	ld	t2,16(a1)
+	ld	ta2,16(a2)
+	sltu	t8,t2,ta2
+	dsubu	t2,ta2
+	dsubu	ta2,t2,v0
+	MOVNZ	(t2,v0,t8)
+	sd	ta2,16(a0)
+	jr	ra
+END(bn_sub_words)
+
+#undef	MINUS4
+
+.align	5
+LEAF(bn_div_words)
+	.set	noreorder
+	bnezl	a2,.L_bn_div_words_proceed
+	move	v1,zero
+	jr	ra
+	li	v0,-1		/* I'd rather signal div-by-zero
+				 * which can be done with 'break 7' */
+
+.L_bn_div_words_proceed:
+	bltz	a2,.L_bn_div_words_body
+	move	t9,v1
+	dsll	a2,1
+	bgtz	a2,.-4
+	addu	t9,1
+
+	.set	reorder
+	negu	t1,t9
+	li	t2,-1
+	dsll	t2,t1
+	and	t2,a0
+	dsrl	AT,a1,t1
+	.set	noreorder
+	bnezl	t2,.+8
+	break	6		/* signal overflow */
+	.set	reorder
+	dsll	a0,t9
+	dsll	a1,t9
+	or	a0,AT
+
+#define	QT	ta0
+#define	HH	ta1
+#define	DH	v1
+.L_bn_div_words_body:
+	dsrl	DH,a2,32
+	sgeu	AT,a0,a2
+	.set	noreorder
+	bnezl	AT,.+8
+	dsubu	a0,a2
+	.set	reorder
+
+	li	QT,-1
+	dsrl	HH,a0,32
+	dsrl	QT,32	/* q=0xffffffff */
+	beq	DH,HH,.L_bn_div_words_skip_div1
+	ddivu	zero,a0,DH
+	mflo	QT
+.L_bn_div_words_skip_div1:
+	dmultu	a2,QT
+	dsll	t3,a0,32
+	dsrl	AT,a1,32
+	or	t3,AT
+	mflo	t0
+	mfhi	t1
+.L_bn_div_words_inner_loop1:
+	sltu	t2,t3,t0
+	seq	t8,HH,t1
+	sltu	AT,HH,t1
+	and	t2,t8
+	or	AT,t2
+	.set	noreorder
+	beqz	AT,.L_bn_div_words_inner_loop1_done
+	sltu	t2,t0,a2
+	.set	reorder
+	dsubu	QT,1
+	dsubu	t0,a2
+	dsubu	t1,t2
+	b	.L_bn_div_words_inner_loop1
+.L_bn_div_words_inner_loop1_done:	
+
+	dsll	a1,32
+	dsubu	a0,t3,t0
+	dsll	v0,QT,32
+
+	li	QT,-1
+	dsrl	HH,a0,32
+	dsrl	QT,32	/* q=0xffffffff */
+	beq	DH,HH,.L_bn_div_words_skip_div2
+	ddivu	zero,a0,DH
+	mflo	QT
+.L_bn_div_words_skip_div2:
+	dmultu	a2,QT
+	dsll	t3,a0,32
+	dsrl	AT,a1,32
+	or	t3,AT
+	mflo	t0
+	mfhi	t1
+.L_bn_div_words_inner_loop2:
+	sltu	t2,t3,t0
+	seq	t8,HH,t1
+	sltu	AT,HH,t1
+	and	t2,t8
+	or	AT,t2
+	.set	noreorder
+	beqz	AT,.L_bn_div_words_inner_loop2_done
+	sltu	t2,t0,a2
+	.set	reorder
+	dsubu	QT,1
+	dsubu	t0,a2
+	dsubu	t1,t2
+	b	.L_bn_div_words_inner_loop2
+.L_bn_div_words_inner_loop2_done:	
+
+	dsubu	a0,t3,t0
+	or	v0,QT
+	dsrl	v1,a0,t9	/* v1 contains remainder if anybody wants it */
+	dsrl	a2,t9		/* restore a2 */
+	jr	ra
+#undef	HH
+#undef	DH
+#undef	QT
+END(bn_div_words)
+
+.align 5
+LEAF(bn_div_3_words)
+	.set	reorder
+	move	a3,a0		/* we know that bn_div_words doesn't
+				 * touch a3, ta2, ta3 and preserves a2
+				 * so that we can save two arguments
+				 * and return address in registers
+				 * instead of stack:-)
+				 */
+	ld	a0,(a3)
+	move	ta2,a2
+	move	a2,a1
+	ld	a1,-8(a3)
+	move	ta3,ra
+	move	v1,zero
+	li	v0,-1
+	beq	a0,a2,.L_bn_div_3_words_skip_div
+	jal	bn_div_words
+	move	ra,ta3
+.L_bn_div_3_words_skip_div:
+	dmultu	ta2,v0
+	ld	t2,-16(a3)
+	mflo	t0
+	mfhi	t1
+.L_bn_div_3_words_inner_loop:
+	sgeu	AT,t2,t0
+	seq	t9,t1,v1
+	sltu	t8,t1,v1
+	and	AT,t9
+	or	AT,t8
+	bnez	AT,.L_bn_div_3_words_inner_loop_done
+	daddu	v1,a2
+	sltu	t3,t0,ta2
+	sltu	AT,v1,a2
+	dsubu	v0,1
+	dsubu	t0,ta2
+	dsubu	t1,t3
+	beqz	AT,.L_bn_div_3_words_inner_loop
+.L_bn_div_3_words_inner_loop_done:
+	jr	ra
+END(bn_div_3_words)
+
+#define	a_0	t0
+#define	a_1	t1
+#define	a_2	t2
+#define	a_3	t3
+#define	b_0	ta0
+#define	b_1	ta1
+#define	b_2	ta2
+#define	b_3	ta3
+
+#define	a_4	s0
+#define	a_5	s2
+#define	a_6	s4
+#define	a_7	a1	/* once we load a[7] we don't need a anymore */
+#define	b_4	s1
+#define	b_5	s3
+#define	b_6	s5
+#define	b_7	a2	/* once we load b[7] we don't need b anymore */
+
+#define	t_1	t8
+#define	t_2	t9
+
+#define	c_1	v0
+#define	c_2	v1
+#define	c_3	a3
+
+#define	FRAME_SIZE	48
+
+.align	5
+LEAF(bn_mul_comba8)
+	.set	noreorder
+	PTR_SUB	sp,FRAME_SIZE
+	.frame	sp,64,ra
+	.set	reorder
+	ld	a_0,0(a1)	/* If compiled with -mips3 option on
+				 * R5000 box assembler barks on this
+				 * line with "shouldn't have mult/div
+				 * as last instruction in bb (R10K
+				 * bug)" warning. If anybody out there
+				 * has a clue about how to circumvent
+				 * this do send me a note.
+				 *		<appro@fy.chalmers.se>
+				 */
+	ld	b_0,0(a2)
+	ld	a_1,8(a1)
+	ld	a_2,16(a1)
+	ld	a_3,24(a1)
+	ld	b_1,8(a2)
+	ld	b_2,16(a2)
+	ld	b_3,24(a2)
+	dmultu	a_0,b_0		/* mul_add_c(a[0],b[0],c1,c2,c3); */
+	sd	s0,0(sp)
+	sd	s1,8(sp)
+	sd	s2,16(sp)
+	sd	s3,24(sp)
+	sd	s4,32(sp)
+	sd	s5,40(sp)
+	mflo	c_1
+	mfhi	c_2
+
+	dmultu	a_0,b_1		/* mul_add_c(a[0],b[1],c2,c3,c1); */
+	ld	a_4,32(a1)
+	ld	a_5,40(a1)
+	ld	a_6,48(a1)
+	ld	a_7,56(a1)
+	ld	b_4,32(a2)
+	ld	b_5,40(a2)
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	c_3,t_2,AT
+	dmultu	a_1,b_0		/* mul_add_c(a[1],b[0],c2,c3,c1); */
+	ld	b_6,48(a2)
+	ld	b_7,56(a2)
+	sd	c_1,0(a0)	/* r[0]=c1; */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	c_1,c_3,t_2
+	sd	c_2,8(a0)	/* r[1]=c2; */
+
+	dmultu	a_2,b_0		/* mul_add_c(a[2],b[0],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	dmultu	a_1,b_1		/* mul_add_c(a[1],b[1],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	c_2,c_1,t_2
+	dmultu	a_0,b_2		/* mul_add_c(a[0],b[2],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	sd	c_3,16(a0)	/* r[2]=c3; */
+
+	dmultu	a_0,b_3		/* mul_add_c(a[0],b[3],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	dmultu	a_1,b_2		/* mul_add_c(a[1],b[2],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	c_3,c_2,t_2
+	dmultu	a_2,b_1		/* mul_add_c(a[2],b[1],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_3,b_0		/* mul_add_c(a[3],b[0],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	sd	c_1,24(a0)	/* r[3]=c1; */
+
+	dmultu	a_4,b_0		/* mul_add_c(a[4],b[0],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	dmultu	a_3,b_1		/* mul_add_c(a[3],b[1],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	c_1,c_3,t_2
+	dmultu	a_2,b_2		/* mul_add_c(a[2],b[2],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_1,b_3		/* mul_add_c(a[1],b[3],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_0,b_4		/* mul_add_c(a[0],b[4],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	sd	c_2,32(a0)	/* r[4]=c2; */
+
+	dmultu	a_0,b_5		/* mul_add_c(a[0],b[5],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	dmultu	a_1,b_4		/* mul_add_c(a[1],b[4],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	c_2,c_1,t_2
+	dmultu	a_2,b_3		/* mul_add_c(a[2],b[3],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_3,b_2		/* mul_add_c(a[3],b[2],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_4,b_1		/* mul_add_c(a[4],b[1],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_5,b_0		/* mul_add_c(a[5],b[0],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	sd	c_3,40(a0)	/* r[5]=c3; */
+
+	dmultu	a_6,b_0		/* mul_add_c(a[6],b[0],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	dmultu	a_5,b_1		/* mul_add_c(a[5],b[1],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	c_3,c_2,t_2
+	dmultu	a_4,b_2		/* mul_add_c(a[4],b[2],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_3,b_3		/* mul_add_c(a[3],b[3],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_2,b_4		/* mul_add_c(a[2],b[4],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_1,b_5		/* mul_add_c(a[1],b[5],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_0,b_6		/* mul_add_c(a[0],b[6],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	sd	c_1,48(a0)	/* r[6]=c1; */
+
+	dmultu	a_0,b_7		/* mul_add_c(a[0],b[7],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	dmultu	a_1,b_6		/* mul_add_c(a[1],b[6],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	c_1,c_3,t_2
+	dmultu	a_2,b_5		/* mul_add_c(a[2],b[5],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_3,b_4		/* mul_add_c(a[3],b[4],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_4,b_3		/* mul_add_c(a[4],b[3],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_5,b_2		/* mul_add_c(a[5],b[2],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_6,b_1		/* mul_add_c(a[6],b[1],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_7,b_0		/* mul_add_c(a[7],b[0],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	sd	c_2,56(a0)	/* r[7]=c2; */
+
+	dmultu	a_7,b_1		/* mul_add_c(a[7],b[1],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	dmultu	a_6,b_2		/* mul_add_c(a[6],b[2],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	c_2,c_1,t_2
+	dmultu	a_5,b_3		/* mul_add_c(a[5],b[3],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_4,b_4		/* mul_add_c(a[4],b[4],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_3,b_5		/* mul_add_c(a[3],b[5],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_2,b_6		/* mul_add_c(a[2],b[6],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_1,b_7		/* mul_add_c(a[1],b[7],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	sd	c_3,64(a0)	/* r[8]=c3; */
+
+	dmultu	a_2,b_7		/* mul_add_c(a[2],b[7],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	dmultu	a_3,b_6		/* mul_add_c(a[3],b[6],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	c_3,c_2,t_2
+	dmultu	a_4,b_5		/* mul_add_c(a[4],b[5],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_5,b_4		/* mul_add_c(a[5],b[4],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_6,b_3		/* mul_add_c(a[6],b[3],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_7,b_2		/* mul_add_c(a[7],b[2],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	sd	c_1,72(a0)	/* r[9]=c1; */
+
+	dmultu	a_7,b_3		/* mul_add_c(a[7],b[3],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	dmultu	a_6,b_4		/* mul_add_c(a[6],b[4],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	c_1,c_3,t_2
+	dmultu	a_5,b_5		/* mul_add_c(a[5],b[5],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_4,b_6		/* mul_add_c(a[4],b[6],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_3,b_7		/* mul_add_c(a[3],b[7],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	sd	c_2,80(a0)	/* r[10]=c2; */
+
+	dmultu	a_4,b_7		/* mul_add_c(a[4],b[7],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	dmultu	a_5,b_6		/* mul_add_c(a[5],b[6],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	c_2,c_1,t_2
+	dmultu	a_6,b_5		/* mul_add_c(a[6],b[5],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_7,b_4		/* mul_add_c(a[7],b[4],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	sd	c_3,88(a0)	/* r[11]=c3; */
+
+	dmultu	a_7,b_5		/* mul_add_c(a[7],b[5],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	dmultu	a_6,b_6		/* mul_add_c(a[6],b[6],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	c_3,c_2,t_2
+	dmultu	a_5,b_7		/* mul_add_c(a[5],b[7],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	sd	c_1,96(a0)	/* r[12]=c1; */
+
+	dmultu	a_6,b_7		/* mul_add_c(a[6],b[7],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	dmultu	a_7,b_6		/* mul_add_c(a[7],b[6],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	c_1,c_3,t_2
+	sd	c_2,104(a0)	/* r[13]=c2; */
+
+	dmultu	a_7,b_7		/* mul_add_c(a[7],b[7],c3,c1,c2); */
+	ld	s0,0(sp)
+	ld	s1,8(sp)
+	ld	s2,16(sp)
+	ld	s3,24(sp)
+	ld	s4,32(sp)
+	ld	s5,40(sp)
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sd	c_3,112(a0)	/* r[14]=c3; */
+	sd	c_1,120(a0)	/* r[15]=c1; */
+
+	PTR_ADD	sp,FRAME_SIZE
+
+	jr	ra
+END(bn_mul_comba8)
+
+.align	5
+LEAF(bn_mul_comba4)
+	.set	reorder
+	ld	a_0,0(a1)
+	ld	b_0,0(a2)
+	ld	a_1,8(a1)
+	ld	a_2,16(a1)
+	dmultu	a_0,b_0		/* mul_add_c(a[0],b[0],c1,c2,c3); */
+	ld	a_3,24(a1)
+	ld	b_1,8(a2)
+	ld	b_2,16(a2)
+	ld	b_3,24(a2)
+	mflo	c_1
+	mfhi	c_2
+	sd	c_1,0(a0)
+
+	dmultu	a_0,b_1		/* mul_add_c(a[0],b[1],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	c_3,t_2,AT
+	dmultu	a_1,b_0		/* mul_add_c(a[1],b[0],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	c_1,c_3,t_2
+	sd	c_2,8(a0)
+
+	dmultu	a_2,b_0		/* mul_add_c(a[2],b[0],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	dmultu	a_1,b_1		/* mul_add_c(a[1],b[1],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	c_2,c_1,t_2
+	dmultu	a_0,b_2		/* mul_add_c(a[0],b[2],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	sd	c_3,16(a0)
+
+	dmultu	a_0,b_3		/* mul_add_c(a[0],b[3],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	dmultu	a_1,b_2		/* mul_add_c(a[1],b[2],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	c_3,c_2,t_2
+	dmultu	a_2,b_1		/* mul_add_c(a[2],b[1],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_3,b_0		/* mul_add_c(a[3],b[0],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	sd	c_1,24(a0)
+
+	dmultu	a_3,b_1		/* mul_add_c(a[3],b[1],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	dmultu	a_2,b_2		/* mul_add_c(a[2],b[2],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	c_1,c_3,t_2
+	dmultu	a_1,b_3		/* mul_add_c(a[1],b[3],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	sd	c_2,32(a0)
+
+	dmultu	a_2,b_3		/* mul_add_c(a[2],b[3],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	dmultu	a_3,b_2		/* mul_add_c(a[3],b[2],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	c_2,c_1,t_2
+	sd	c_3,40(a0)
+
+	dmultu	a_3,b_3		/* mul_add_c(a[3],b[3],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sd	c_1,48(a0)
+	sd	c_2,56(a0)
+
+	jr	ra
+END(bn_mul_comba4)
+
+#undef	a_4
+#undef	a_5
+#undef	a_6
+#undef	a_7
+#define	a_4	b_0
+#define	a_5	b_1
+#define	a_6	b_2
+#define	a_7	b_3
+
+.align	5
+LEAF(bn_sqr_comba8)
+	.set	reorder
+	ld	a_0,0(a1)
+	ld	a_1,8(a1)
+	ld	a_2,16(a1)
+	ld	a_3,24(a1)
+
+	dmultu	a_0,a_0		/* mul_add_c(a[0],b[0],c1,c2,c3); */
+	ld	a_4,32(a1)
+	ld	a_5,40(a1)
+	ld	a_6,48(a1)
+	ld	a_7,56(a1)
+	mflo	c_1
+	mfhi	c_2
+	sd	c_1,0(a0)
+
+	dmultu	a_0,a_1		/* mul_add_c2(a[0],b[1],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	c_3,t_2,AT
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	c_1,c_3,t_2
+	sd	c_2,8(a0)
+
+	dmultu	a_2,a_0		/* mul_add_c2(a[2],b[0],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	a2,t_2,AT
+	daddu	c_1,a2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	c_2,c_1,t_2
+	dmultu	a_1,a_1		/* mul_add_c(a[1],b[1],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	sd	c_3,16(a0)
+
+	dmultu	a_0,a_3		/* mul_add_c2(a[0],b[3],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	a2,t_2,AT
+	daddu	c_2,a2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	c_3,c_2,t_2
+	dmultu	a_1,a_2		/* mul_add_c2(a[1],b[2],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	a2,t_2,AT
+	daddu	c_2,a2
+	sltu	AT,c_2,a2
+	daddu	c_3,AT
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	sd	c_1,24(a0)
+
+	dmultu	a_4,a_0		/* mul_add_c2(a[4],b[0],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	a2,t_2,AT
+	daddu	c_3,a2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	c_1,c_3,t_2
+	dmultu	a_3,a_1		/* mul_add_c2(a[3],b[1],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	a2,t_2,AT
+	daddu	c_3,a2
+	sltu	AT,c_3,a2
+	daddu	c_1,AT
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_2,a_2		/* mul_add_c(a[2],b[2],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	sd	c_2,32(a0)
+
+	dmultu	a_0,a_5		/* mul_add_c2(a[0],b[5],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	a2,t_2,AT
+	daddu	c_1,a2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	c_2,c_1,t_2
+	dmultu	a_1,a_4		/* mul_add_c2(a[1],b[4],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	a2,t_2,AT
+	daddu	c_1,a2
+	sltu	AT,c_1,a2
+	daddu	c_2,AT
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_2,a_3		/* mul_add_c2(a[2],b[3],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	a2,t_2,AT
+	daddu	c_1,a2
+	sltu	AT,c_1,a2
+	daddu	c_2,AT
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	sd	c_3,40(a0)
+
+	dmultu	a_6,a_0		/* mul_add_c2(a[6],b[0],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	a2,t_2,AT
+	daddu	c_2,a2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	c_3,c_2,t_2
+	dmultu	a_5,a_1		/* mul_add_c2(a[5],b[1],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	a2,t_2,AT
+	daddu	c_2,a2
+	sltu	AT,c_2,a2
+	daddu	c_3,AT
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_4,a_2		/* mul_add_c2(a[4],b[2],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	a2,t_2,AT
+	daddu	c_2,a2
+	sltu	AT,c_2,a2
+	daddu	c_3,AT
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_3,a_3		/* mul_add_c(a[3],b[3],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	sd	c_1,48(a0)
+
+	dmultu	a_0,a_7		/* mul_add_c2(a[0],b[7],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	a2,t_2,AT
+	daddu	c_3,a2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	c_1,c_3,t_2
+	dmultu	a_1,a_6		/* mul_add_c2(a[1],b[6],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	a2,t_2,AT
+	daddu	c_3,a2
+	sltu	AT,c_3,a2
+	daddu	c_1,AT
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_2,a_5		/* mul_add_c2(a[2],b[5],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	a2,t_2,AT
+	daddu	c_3,a2
+	sltu	AT,c_3,a2
+	daddu	c_1,AT
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_3,a_4		/* mul_add_c2(a[3],b[4],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	a2,t_2,AT
+	daddu	c_3,a2
+	sltu	AT,c_3,a2
+	daddu	c_1,AT
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	sd	c_2,56(a0)
+
+	dmultu	a_7,a_1		/* mul_add_c2(a[7],b[1],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	a2,t_2,AT
+	daddu	c_1,a2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	c_2,c_1,t_2
+	dmultu	a_6,a_2		/* mul_add_c2(a[6],b[2],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	a2,t_2,AT
+	daddu	c_1,a2
+	sltu	AT,c_1,a2
+	daddu	c_2,AT
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_5,a_3		/* mul_add_c2(a[5],b[3],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	a2,t_2,AT
+	daddu	c_1,a2
+	sltu	AT,c_1,a2
+	daddu	c_2,AT
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_4,a_4		/* mul_add_c(a[4],b[4],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	sd	c_3,64(a0)
+
+	dmultu	a_2,a_7		/* mul_add_c2(a[2],b[7],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	a2,t_2,AT
+	daddu	c_2,a2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	c_3,c_2,t_2
+	dmultu	a_3,a_6		/* mul_add_c2(a[3],b[6],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	a2,t_2,AT
+	daddu	c_2,a2
+	sltu	AT,c_2,a2
+	daddu	c_3,AT
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_4,a_5		/* mul_add_c2(a[4],b[5],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	a2,t_2,AT
+	daddu	c_2,a2
+	sltu	AT,c_2,a2
+	daddu	c_3,AT
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	sd	c_1,72(a0)
+
+	dmultu	a_7,a_3		/* mul_add_c2(a[7],b[3],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	a2,t_2,AT
+	daddu	c_3,a2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	c_1,c_3,t_2
+	dmultu	a_6,a_4		/* mul_add_c2(a[6],b[4],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	a2,t_2,AT
+	daddu	c_3,a2
+	sltu	AT,c_3,a2
+	daddu	c_1,AT
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_5,a_5		/* mul_add_c(a[5],b[5],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	sd	c_2,80(a0)
+
+	dmultu	a_4,a_7		/* mul_add_c2(a[4],b[7],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	a2,t_2,AT
+	daddu	c_1,a2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	c_2,c_1,t_2
+	dmultu	a_5,a_6		/* mul_add_c2(a[5],b[6],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	a2,t_2,AT
+	daddu	c_1,a2
+	sltu	AT,c_1,a2
+	daddu	c_2,AT
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	sd	c_3,88(a0)
+
+	dmultu	a_7,a_5		/* mul_add_c2(a[7],b[5],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	a2,t_2,AT
+	daddu	c_2,a2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	c_3,c_2,t_2
+	dmultu	a_6,a_6		/* mul_add_c(a[6],b[6],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	sd	c_1,96(a0)
+
+	dmultu	a_6,a_7		/* mul_add_c2(a[6],b[7],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	a2,t_2,AT
+	daddu	c_3,a2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	c_1,c_3,t_2
+	sd	c_2,104(a0)
+
+	dmultu	a_7,a_7		/* mul_add_c(a[7],b[7],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sd	c_3,112(a0)
+	sd	c_1,120(a0)
+
+	jr	ra
+END(bn_sqr_comba8)
+
+.align	5
+LEAF(bn_sqr_comba4)
+	.set	reorder
+	ld	a_0,0(a1)
+	ld	a_1,8(a1)
+	ld	a_2,16(a1)
+	ld	a_3,24(a1)
+	dmultu	a_0,a_0		/* mul_add_c(a[0],b[0],c1,c2,c3); */
+	mflo	c_1
+	mfhi	c_2
+	sd	c_1,0(a0)
+
+	dmultu	a_0,a_1		/* mul_add_c2(a[0],b[1],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	c_3,t_2,AT
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	c_1,c_3,t_2
+	sd	c_2,8(a0)
+
+	dmultu	a_2,a_0		/* mul_add_c2(a[2],b[0],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	a2,t_2,AT
+	daddu	c_1,a2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	c_2,c_1,t_2
+	dmultu	a_1,a_1		/* mul_add_c(a[1],b[1],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	sd	c_3,16(a0)
+
+	dmultu	a_0,a_3		/* mul_add_c2(a[0],b[3],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	a2,t_2,AT
+	daddu	c_2,a2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	c_3,c_2,t_2
+	dmultu	a_1,a_2		/* mul_add_c(a2[1],b[2],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	a2,t_2,AT
+	daddu	c_2,a2
+	sltu	AT,c_2,a2
+	daddu	c_3,AT
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	sd	c_1,24(a0)
+
+	dmultu	a_3,a_1		/* mul_add_c2(a[3],b[1],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	a2,t_2,AT
+	daddu	c_3,a2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	c_1,c_3,t_2
+	dmultu	a_2,a_2		/* mul_add_c(a[2],b[2],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	sd	c_2,32(a0)
+
+	dmultu	a_2,a_3		/* mul_add_c2(a[2],b[3],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	a2,t_2,AT
+	daddu	c_1,a2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	c_2,c_1,t_2
+	sd	c_3,40(a0)
+
+	dmultu	a_3,a_3		/* mul_add_c(a[3],b[3],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sd	c_1,48(a0)
+	sd	c_2,56(a0)
+
+	jr	ra
+END(bn_sqr_comba4)
diff --git a/lib/libssl/src/crypto/bn/asm/sparc.s b/lib/libssl/src/crypto/bn/asm/sparc.s
deleted file mode 100644
index f9e533caa88..00000000000
--- a/lib/libssl/src/crypto/bn/asm/sparc.s
+++ /dev/null
@@ -1,462 +0,0 @@
-	.file	"bn_mulw.c"
-gcc2_compiled.:
-.section	".text"
-	.align 4
-	.global bn_mul_add_words
-	.type	 bn_mul_add_words,#function
-	.proc	016
-bn_mul_add_words:
-	!#PROLOGUE# 0
-	save %sp,-112,%sp
-	!#PROLOGUE# 1
-	mov %i0,%o0
-	mov %i1,%o2
-	mov %i2,%g1
-	mov %i3,%o1
-	mov 0,%i4
-	add %o0,12,%g4
-	add %o2,12,%o7
-.LL2:
-	mov %i4,%i3
-	mov 0,%i2
-	ld [%o0],%g2
-	mov %g2,%i1
-	ld [%o2],%g2
-	mov 0,%i0
-	umul %o1,%g2,%g3
-	rd %y,%g2
-	addcc %g3,%i1,%g3
-	addx %g2,%i0,%g2
-	addcc %g3,%i3,%g3
-	addx %g2,%i2,%g2
-	st %g3,[%o0]
-	mov %g2,%i5
-	mov 0,%i4
-	addcc %g1,-1,%g1
-	be .LL3
-	mov %i5,%i4
-	mov %i4,%i3
-	mov 0,%i2
-	ld [%g4-8],%g2
-	mov %g2,%i1
-	ld [%o7-8],%g2
-	mov 0,%i0
-	umul %o1,%g2,%g3
-	rd %y,%g2
-	addcc %g3,%i1,%g3
-	addx %g2,%i0,%g2
-	addcc %g3,%i3,%g3
-	addx %g2,%i2,%g2
-	st %g3,[%g4-8]
-	mov %g2,%i5
-	mov 0,%i4
-	addcc %g1,-1,%g1
-	be .LL3
-	mov %i5,%i4
-	mov %i4,%i3
-	mov 0,%i2
-	ld [%g4-4],%g2
-	mov %g2,%i1
-	ld [%o7-4],%g2
-	mov 0,%i0
-	umul %o1,%g2,%g3
-	rd %y,%g2
-	addcc %g3,%i1,%g3
-	addx %g2,%i0,%g2
-	addcc %g3,%i3,%g3
-	addx %g2,%i2,%g2
-	st %g3,[%g4-4]
-	mov %g2,%i5
-	mov 0,%i4
-	addcc %g1,-1,%g1
-	be .LL3
-	mov %i5,%i4
-	mov %i4,%i3
-	mov 0,%i2
-	ld [%g4],%g2
-	mov %g2,%i1
-	ld [%o7],%g2
-	mov 0,%i0
-	umul %o1,%g2,%g3
-	rd %y,%g2
-	addcc %g3,%i1,%g3
-	addx %g2,%i0,%g2
-	addcc %g3,%i3,%g3
-	addx %g2,%i2,%g2
-	st %g3,[%g4]
-	mov %g2,%i5
-	mov 0,%i4
-	addcc %g1,-1,%g1
-	be .LL3
-	mov %i5,%i4
-	add %o7,16,%o7
-	add %o2,16,%o2
-	add %g4,16,%g4
-	b .LL2
-	add %o0,16,%o0
-.LL3:
-	ret
-	restore %g0,%i4,%o0
-.LLfe1:
-	.size	 bn_mul_add_words,.LLfe1-bn_mul_add_words
-	.align 4
-	.global bn_mul_words
-	.type	 bn_mul_words,#function
-	.proc	016
-bn_mul_words:
-	!#PROLOGUE# 0
-	save %sp,-112,%sp
-	!#PROLOGUE# 1
-	mov %i0,%o7
-	mov %i1,%o0
-	mov %i2,%i4
-	mov %i3,%g4
-	mov 0,%i0
-	add %o7,12,%g1
-	add %o0,12,%i5
-.LL18:
-	mov %i0,%g3
-	mov 0,%g2
-	ld [%o0],%i2
-	umul %g4,%i2,%i3
-	rd %y,%i2
-	addcc %i3,%g3,%i3
-	addx %i2,%g2,%i2
-	st %i3,[%o7]
-	mov %i2,%i1
-	mov 0,%i0
-	addcc %i4,-1,%i4
-	be .LL19
-	mov %i1,%i0
-	mov %i0,%g3
-	mov 0,%g2
-	ld [%i5-8],%i2
-	umul %g4,%i2,%i3
-	rd %y,%i2
-	addcc %i3,%g3,%i3
-	addx %i2,%g2,%i2
-	st %i3,[%g1-8]
-	mov %i2,%i1
-	mov 0,%i0
-	addcc %i4,-1,%i4
-	be .LL19
-	mov %i1,%i0
-	mov %i0,%g3
-	mov 0,%g2
-	ld [%i5-4],%i2
-	umul %g4,%i2,%i3
-	rd %y,%i2
-	addcc %i3,%g3,%i3
-	addx %i2,%g2,%i2
-	st %i3,[%g1-4]
-	mov %i2,%i1
-	mov 0,%i0
-	addcc %i4,-1,%i4
-	be .LL19
-	mov %i1,%i0
-	mov %i0,%g3
-	mov 0,%g2
-	ld [%i5],%i2
-	umul %g4,%i2,%i3
-	rd %y,%i2
-	addcc %i3,%g3,%i3
-	addx %i2,%g2,%i2
-	st %i3,[%g1]
-	mov %i2,%i1
-	mov 0,%i0
-	addcc %i4,-1,%i4
-	be .LL19
-	mov %i1,%i0
-	add %i5,16,%i5
-	add %o0,16,%o0
-	add %g1,16,%g1
-	b .LL18
-	add %o7,16,%o7
-.LL19:
-	ret
-	restore
-.LLfe2:
-	.size	 bn_mul_words,.LLfe2-bn_mul_words
-	.align 4
-	.global bn_sqr_words
-	.type	 bn_sqr_words,#function
-	.proc	020
-bn_sqr_words:
-	!#PROLOGUE# 0
-	!#PROLOGUE# 1
-	mov %o0,%g4
-	add %g4,28,%o3
-	add %o1,12,%g1
-.LL34:
-	ld [%o1],%o0
-	addcc %o2,-1,%o2
-	umul %o0,%o0,%o5
-	rd %y,%o4
-	st %o5,[%g4]
-	mov %o4,%g3
-	mov 0,%g2
-	be .LL35
-	st %g3,[%o3-24]
-	ld [%g1-8],%o0
-	addcc %o2,-1,%o2
-	umul %o0,%o0,%o5
-	rd %y,%o4
-	st %o5,[%o3-20]
-	mov %o4,%g3
-	mov 0,%g2
-	be .LL35
-	st %g3,[%o3-16]
-	ld [%g1-4],%o0
-	addcc %o2,-1,%o2
-	umul %o0,%o0,%o5
-	rd %y,%o4
-	st %o5,[%o3-12]
-	mov %o4,%g3
-	mov 0,%g2
-	be .LL35
-	st %g3,[%o3-8]
-	ld [%g1],%o0
-	addcc %o2,-1,%o2
-	umul %o0,%o0,%o5
-	rd %y,%o4
-	st %o5,[%o3-4]
-	mov %o4,%g3
-	mov 0,%g2
-	be .LL35
-	st %g3,[%o3]
-	add %g1,16,%g1
-	add %o1,16,%o1
-	add %o3,32,%o3
-	b .LL34
-	add %g4,32,%g4
-.LL35:
-	retl
-	nop
-.LLfe3:
-	.size	 bn_sqr_words,.LLfe3-bn_sqr_words
-	.align 4
-	.global bn_add_words
-	.type	 bn_add_words,#function
-	.proc	016
-bn_add_words:
-	!#PROLOGUE# 0
-	save %sp,-112,%sp
-	!#PROLOGUE# 1
-	mov %i0,%o2
-	mov %i1,%o3
-	mov %i2,%o4
-	mov %i3,%i5
-	mov 0,%o0
-	mov 0,%o1
-	add %o2,12,%o7
-	add %o4,12,%g4
-	b .LL42
-	add %o3,12,%g1
-.LL45:
-	add %i5,-1,%i5
-	mov %i4,%g3
-	ld [%g4-8],%i4
-	mov 0,%g2
-	mov %i4,%i1
-	mov 0,%i0
-	addcc %g3,%i1,%g3
-	addx %g2,%i0,%g2
-	addcc %o1,%g3,%o1
-	addx %o0,%g2,%o0
-	st %o1,[%o7-8]
-	mov %o0,%i3
-	mov 0,%i2
-	mov %i2,%o0
-	mov %i3,%o1
-	cmp %i5,0
-	ble .LL43
-	add %i5,-1,%i5
-	ld [%g1-4],%i4
-	mov %i4,%g3
-	ld [%g4-4],%i4
-	mov 0,%g2
-	mov %i4,%i1
-	mov 0,%i0
-	addcc %g3,%i1,%g3
-	addx %g2,%i0,%g2
-	addcc %o1,%g3,%o1
-	addx %o0,%g2,%o0
-	st %o1,[%o7-4]
-	mov %o0,%i3
-	mov 0,%i2
-	mov %i2,%o0
-	mov %i3,%o1
-	cmp %i5,0
-	ble .LL43
-	add %i5,-1,%i5
-	ld [%g1],%i4
-	mov %i4,%g3
-	ld [%g4],%i4
-	mov 0,%g2
-	mov %i4,%i1
-	mov 0,%i0
-	addcc %g3,%i1,%g3
-	addx %g2,%i0,%g2
-	addcc %o1,%g3,%o1
-	addx %o0,%g2,%o0
-	st %o1,[%o7]
-	mov %o0,%i3
-	mov 0,%i2
-	mov %i2,%o0
-	mov %i3,%o1
-	cmp %i5,0
-	ble .LL43
-	add %g1,16,%g1
-	add %o3,16,%o3
-	add %g4,16,%g4
-	add %o4,16,%o4
-	add %o7,16,%o7
-	add %o2,16,%o2
-.LL42:
-	ld [%o3],%i4
-	add %i5,-1,%i5
-	mov %i4,%g3
-	ld [%o4],%i4
-	mov 0,%g2
-	mov %i4,%i1
-	mov 0,%i0
-	addcc %g3,%i1,%g3
-	addx %g2,%i0,%g2
-	addcc %o1,%g3,%o1
-	addx %o0,%g2,%o0
-	st %o1,[%o2]
-	mov %o0,%i3
-	mov 0,%i2
-	mov %i2,%o0
-	mov %i3,%o1
-	cmp %i5,0
-	bg,a .LL45
-	ld [%g1-8],%i4
-.LL43:
-	ret
-	restore %g0,%o1,%o0
-.LLfe4:
-	.size	 bn_add_words,.LLfe4-bn_add_words
-.section	".rodata"
-	.align 8
-.LLC0:
-	.asciz	"Division would overflow (%d)\n"
-.section	".text"
-	.align 4
-	.global bn_div64
-	.type	 bn_div64,#function
-	.proc	016
-bn_div64:
-	!#PROLOGUE# 0
-	save %sp,-112,%sp
-	!#PROLOGUE# 1
-	mov 0,%l1
-	cmp %i2,0
-	bne .LL51
-	mov 2,%l0
-	b .LL68
-	mov -1,%i0
-.LL51:
-	call BN_num_bits_word,0
-	mov %i2,%o0
-	mov %o0,%o2
-	cmp %o2,32
-	be .LL52
-	mov 1,%o0
-	sll %o0,%o2,%o0
-	cmp %i0,%o0
-	bleu .LL69
-	mov 32,%o0
-	sethi %hi(__iob+32),%o0
-	or %o0,%lo(__iob+32),%o0
-	sethi %hi(.LLC0),%o1
-	call fprintf,0
-	or %o1,%lo(.LLC0),%o1
-	call abort,0
-	nop
-.LL52:
-	mov 32,%o0
-.LL69:
-	cmp %i0,%i2
-	blu .LL53
-	sub %o0,%o2,%o2
-	sub %i0,%i2,%i0
-.LL53:
-	cmp %o2,0
-	be .LL54
-	sll %i0,%o2,%o1
-	sll %i2,%o2,%i2
-	sub %o0,%o2,%o0
-	srl %i1,%o0,%o0
-	or %o1,%o0,%i0
-	sll %i1,%o2,%i1
-.LL54:
-	srl %i2,16,%g2
-	sethi %hi(65535),%o0
-	or %o0,%lo(65535),%o1
-	and %i2,%o1,%g3
-	mov %o0,%g4
-	sethi %hi(-65536),%o7
-	mov %o1,%g1
-.LL55:
-	srl %i0,16,%o0
-	cmp %o0,%g2
-	be .LL59
-	or %g4,%lo(65535),%o3
-	wr %g0,%g0,%y
-	nop
-	nop
-	nop
-	udiv %i0,%g2,%o3
-.LL59:
-	and %i1,%o7,%o0
-	srl %o0,16,%o5
-	smul %o3,%g3,%o4
-	smul %o3,%g2,%o2
-.LL60:
-	sub %i0,%o2,%o1
-	andcc %o1,%o7,%g0
-	bne .LL61
-	sll %o1,16,%o0
-	add %o0,%o5,%o0
-	cmp %o4,%o0
-	bleu .LL61
-	sub %o4,%g3,%o4
-	sub %o2,%g2,%o2
-	b .LL60
-	add %o3,-1,%o3
-.LL61:
-	smul %o3,%g2,%o2
-	smul %o3,%g3,%o0
-	srl %o0,16,%o1
-	sll %o0,16,%o0
-	and %o0,%o7,%o0
-	cmp %i1,%o0
-	bgeu .LL65
-	add %o2,%o1,%o2
-	add %o2,1,%o2
-.LL65:
-	cmp %i0,%o2
-	bgeu .LL66
-	sub %i1,%o0,%i1
-	add %i0,%i2,%i0
-	add %o3,-1,%o3
-.LL66:
-	addcc %l0,-1,%l0
-	be .LL56
-	sub %i0,%o2,%i0
-	sll %o3,16,%l1
-	sll %i0,16,%o0
-	srl %i1,16,%o1
-	or %o0,%o1,%i0
-	and %i1,%g1,%o0
-	b .LL55
-	sll %o0,16,%i1
-.LL56:
-	or %l1,%o3,%i0
-.LL68:
-	ret
-	restore
-.LLfe5:
-	.size	 bn_div64,.LLfe5-bn_div64
-	.ident	"GCC: (GNU) 2.7.2.3"
diff --git a/lib/libssl/src/crypto/bn/asm/sparcv8.S b/lib/libssl/src/crypto/bn/asm/sparcv8.S
new file mode 100644
index 00000000000..88c5dc480a7
--- /dev/null
+++ b/lib/libssl/src/crypto/bn/asm/sparcv8.S
@@ -0,0 +1,1458 @@
+.ident	"sparcv8.s, Version 1.4"
+.ident	"SPARC v8 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
+
+/*
+ * ====================================================================
+ * Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+ * project.
+ *
+ * Rights for redistribution and usage in source and binary forms are
+ * granted according to the OpenSSL license. Warranty of any kind is
+ * disclaimed.
+ * ====================================================================
+ */
+
+/*
+ * This is my modest contributon to OpenSSL project (see
+ * http://www.openssl.org/ for more information about it) and is
+ * a drop-in SuperSPARC ISA replacement for crypto/bn/bn_asm.c
+ * module. For updates see http://fy.chalmers.se/~appro/hpe/.
+ *
+ * See bn_asm.sparc.v8plus.S for more details.
+ */
+
+/*
+ * Revision history.
+ *
+ * 1.1	- new loop unrolling model(*);
+ * 1.2	- made gas friendly;
+ * 1.3	- fixed problem with /usr/ccs/lib/cpp;
+ * 1.4	- some retunes;
+ *
+ * (*)	see bn_asm.sparc.v8plus.S for details
+ */
+
+.section	".text",#alloc,#execinstr
+.file		"bn_asm.sparc.v8.S"
+
+.align	32
+
+.global bn_mul_add_words
+/*
+ * BN_ULONG bn_mul_add_words(rp,ap,num,w)
+ * BN_ULONG *rp,*ap;
+ * int num;
+ * BN_ULONG w;
+ */
+bn_mul_add_words:
+	cmp	%o2,0
+	bg,a	.L_bn_mul_add_words_proceed
+	ld	[%o1],%g2
+	retl
+	clr	%o0
+
+.L_bn_mul_add_words_proceed:
+	andcc	%o2,-4,%g0
+	bz	.L_bn_mul_add_words_tail
+	clr	%o5
+
+.L_bn_mul_add_words_loop:
+	ld	[%o0],%o4
+	ld	[%o1+4],%g3
+	umul	%o3,%g2,%g2
+	rd	%y,%g1
+	addcc	%o4,%o5,%o4
+	addx	%g1,0,%g1
+	addcc	%o4,%g2,%o4
+	st	%o4,[%o0]
+	addx	%g1,0,%o5
+
+	ld	[%o0+4],%o4
+	ld	[%o1+8],%g2
+	umul	%o3,%g3,%g3
+	dec	4,%o2
+	rd	%y,%g1
+	addcc	%o4,%o5,%o4
+	addx	%g1,0,%g1
+	addcc	%o4,%g3,%o4
+	st	%o4,[%o0+4]
+	addx	%g1,0,%o5
+
+	ld	[%o0+8],%o4
+	ld	[%o1+12],%g3
+	umul	%o3,%g2,%g2
+	inc	16,%o1
+	rd	%y,%g1
+	addcc	%o4,%o5,%o4
+	addx	%g1,0,%g1
+	addcc	%o4,%g2,%o4
+	st	%o4,[%o0+8]
+	addx	%g1,0,%o5
+
+	ld	[%o0+12],%o4
+	umul	%o3,%g3,%g3
+	inc	16,%o0
+	rd	%y,%g1
+	addcc	%o4,%o5,%o4
+	addx	%g1,0,%g1
+	addcc	%o4,%g3,%o4
+	st	%o4,[%o0-4]
+	addx	%g1,0,%o5
+	andcc	%o2,-4,%g0
+	bnz,a	.L_bn_mul_add_words_loop
+	ld	[%o1],%g2
+
+	tst	%o2
+	bnz,a	.L_bn_mul_add_words_tail
+	ld	[%o1],%g2
+.L_bn_mul_add_words_return:
+	retl
+	mov	%o5,%o0
+	nop
+
+.L_bn_mul_add_words_tail:
+	ld	[%o0],%o4
+	umul	%o3,%g2,%g2
+	addcc	%o4,%o5,%o4
+	rd	%y,%g1
+	addx	%g1,0,%g1
+	addcc	%o4,%g2,%o4
+	addx	%g1,0,%o5
+	deccc	%o2
+	bz	.L_bn_mul_add_words_return
+	st	%o4,[%o0]
+
+	ld	[%o1+4],%g2
+	ld	[%o0+4],%o4
+	umul	%o3,%g2,%g2
+	rd	%y,%g1
+	addcc	%o4,%o5,%o4
+	addx	%g1,0,%g1
+	addcc	%o4,%g2,%o4
+	addx	%g1,0,%o5
+	deccc	%o2
+	bz	.L_bn_mul_add_words_return
+	st	%o4,[%o0+4]
+
+	ld	[%o1+8],%g2
+	ld	[%o0+8],%o4
+	umul	%o3,%g2,%g2
+	rd	%y,%g1
+	addcc	%o4,%o5,%o4
+	addx	%g1,0,%g1
+	addcc	%o4,%g2,%o4
+	st	%o4,[%o0+8]
+	retl
+	addx	%g1,0,%o0
+
+.type	bn_mul_add_words,#function
+.size	bn_mul_add_words,(.-bn_mul_add_words)
+
+.align	32
+
+.global bn_mul_words
+/*
+ * BN_ULONG bn_mul_words(rp,ap,num,w)
+ * BN_ULONG *rp,*ap;
+ * int num;
+ * BN_ULONG w;
+ */
+bn_mul_words:
+	cmp	%o2,0
+	bg,a	.L_bn_mul_words_proceeed
+	ld	[%o1],%g2
+	retl
+	clr	%o0
+
+.L_bn_mul_words_proceeed:
+	andcc	%o2,-4,%g0
+	bz	.L_bn_mul_words_tail
+	clr	%o5
+
+.L_bn_mul_words_loop:
+	ld	[%o1+4],%g3
+	umul	%o3,%g2,%g2
+	addcc	%g2,%o5,%g2
+	rd	%y,%g1
+	addx	%g1,0,%o5
+	st	%g2,[%o0]
+
+	ld	[%o1+8],%g2
+	umul	%o3,%g3,%g3
+	addcc	%g3,%o5,%g3
+	rd	%y,%g1
+	dec	4,%o2
+	addx	%g1,0,%o5
+	st	%g3,[%o0+4]
+
+	ld	[%o1+12],%g3
+	umul	%o3,%g2,%g2
+	addcc	%g2,%o5,%g2
+	rd	%y,%g1
+	inc	16,%o1
+	st	%g2,[%o0+8]
+	addx	%g1,0,%o5
+
+	umul	%o3,%g3,%g3
+	addcc	%g3,%o5,%g3
+	rd	%y,%g1
+	inc	16,%o0
+	addx	%g1,0,%o5
+	st	%g3,[%o0-4]
+	andcc	%o2,-4,%g0
+	nop
+	bnz,a	.L_bn_mul_words_loop
+	ld	[%o1],%g2
+
+	tst	%o2
+	bnz,a	.L_bn_mul_words_tail
+	ld	[%o1],%g2
+.L_bn_mul_words_return:
+	retl
+	mov	%o5,%o0
+	nop
+
+.L_bn_mul_words_tail:
+	umul	%o3,%g2,%g2
+	addcc	%g2,%o5,%g2
+	rd	%y,%g1
+	addx	%g1,0,%o5
+	deccc	%o2
+	bz	.L_bn_mul_words_return
+	st	%g2,[%o0]
+	nop
+
+	ld	[%o1+4],%g2
+	umul	%o3,%g2,%g2
+	addcc	%g2,%o5,%g2
+	rd	%y,%g1
+	addx	%g1,0,%o5
+	deccc	%o2
+	bz	.L_bn_mul_words_return
+	st	%g2,[%o0+4]
+
+	ld	[%o1+8],%g2
+	umul	%o3,%g2,%g2
+	addcc	%g2,%o5,%g2
+	rd	%y,%g1
+	st	%g2,[%o0+8]
+	retl
+	addx	%g1,0,%o0
+
+.type	bn_mul_words,#function
+.size	bn_mul_words,(.-bn_mul_words)
+
+.align  32
+.global	bn_sqr_words
+/*
+ * void bn_sqr_words(r,a,n)
+ * BN_ULONG *r,*a;
+ * int n;
+ */
+bn_sqr_words:
+	cmp	%o2,0
+	bg,a	.L_bn_sqr_words_proceeed
+	ld	[%o1],%g2
+	retl
+	clr	%o0
+
+.L_bn_sqr_words_proceeed:
+	andcc	%o2,-4,%g0
+	bz	.L_bn_sqr_words_tail
+	clr	%o5
+
+.L_bn_sqr_words_loop:
+	ld	[%o1+4],%g3
+	umul	%g2,%g2,%o4
+	st	%o4,[%o0]
+	rd	%y,%o5
+	st	%o5,[%o0+4]
+
+	ld	[%o1+8],%g2
+	umul	%g3,%g3,%o4
+	dec	4,%o2
+	st	%o4,[%o0+8]
+	rd	%y,%o5
+	st	%o5,[%o0+12]
+	nop
+
+	ld	[%o1+12],%g3
+	umul	%g2,%g2,%o4
+	st	%o4,[%o0+16]
+	rd	%y,%o5
+	inc	16,%o1
+	st	%o5,[%o0+20]
+
+	umul	%g3,%g3,%o4
+	inc	32,%o0
+	st	%o4,[%o0-8]
+	rd	%y,%o5
+	st	%o5,[%o0-4]
+	andcc	%o2,-4,%g2
+	bnz,a	.L_bn_sqr_words_loop
+	ld	[%o1],%g2
+
+	tst	%o2
+	nop
+	bnz,a	.L_bn_sqr_words_tail
+	ld	[%o1],%g2
+.L_bn_sqr_words_return:
+	retl
+	clr	%o0
+
+.L_bn_sqr_words_tail:
+	umul	%g2,%g2,%o4
+	st	%o4,[%o0]
+	deccc	%o2
+	rd	%y,%o5
+	bz	.L_bn_sqr_words_return
+	st	%o5,[%o0+4]
+
+	ld	[%o1+4],%g2
+	umul	%g2,%g2,%o4
+	st	%o4,[%o0+8]
+	deccc	%o2
+	rd	%y,%o5
+	nop
+	bz	.L_bn_sqr_words_return
+	st	%o5,[%o0+12]
+
+	ld	[%o1+8],%g2
+	umul	%g2,%g2,%o4
+	st	%o4,[%o0+16]
+	rd	%y,%o5
+	st	%o5,[%o0+20]
+	retl
+	clr	%o0
+
+.type	bn_sqr_words,#function
+.size	bn_sqr_words,(.-bn_sqr_words)
+
+.align	32
+
+.global bn_div_words
+/*
+ * BN_ULONG bn_div_words(h,l,d)
+ * BN_ULONG h,l,d;
+ */
+bn_div_words:
+	wr	%o0,%y
+	udiv	%o1,%o2,%o0
+	retl
+	nop
+
+.type	bn_div_words,#function
+.size	bn_div_words,(.-bn_div_words)
+
+.align	32
+
+.global bn_add_words
+/*
+ * BN_ULONG bn_add_words(rp,ap,bp,n)
+ * BN_ULONG *rp,*ap,*bp;
+ * int n;
+ */
+bn_add_words:
+	cmp	%o3,0
+	bg,a	.L_bn_add_words_proceed
+	ld	[%o1],%o4
+	retl
+	clr	%o0
+
+.L_bn_add_words_proceed:
+	andcc	%o3,-4,%g0
+	bz	.L_bn_add_words_tail
+	clr	%g1
+	ba	.L_bn_add_words_warn_loop
+	addcc	%g0,0,%g0	! clear carry flag
+
+.L_bn_add_words_loop:
+	ld	[%o1],%o4
+.L_bn_add_words_warn_loop:
+	ld	[%o2],%o5
+	ld	[%o1+4],%g3
+	ld	[%o2+4],%g4
+	dec	4,%o3
+	addxcc	%o5,%o4,%o5
+	st	%o5,[%o0]
+
+	ld	[%o1+8],%o4
+	ld	[%o2+8],%o5
+	inc	16,%o1
+	addxcc	%g3,%g4,%g3
+	st	%g3,[%o0+4]
+	
+	ld	[%o1-4],%g3
+	ld	[%o2+12],%g4
+	inc	16,%o2
+	addxcc	%o5,%o4,%o5
+	st	%o5,[%o0+8]
+
+	inc	16,%o0
+	addxcc	%g3,%g4,%g3
+	st	%g3,[%o0-4]
+	addx	%g0,0,%g1
+	andcc	%o3,-4,%g0
+	bnz,a	.L_bn_add_words_loop
+	addcc	%g1,-1,%g0
+
+	tst	%o3
+	bnz,a	.L_bn_add_words_tail
+	ld	[%o1],%o4
+.L_bn_add_words_return:
+	retl
+	mov	%g1,%o0
+
+.L_bn_add_words_tail:
+	addcc	%g1,-1,%g0
+	ld	[%o2],%o5
+	addxcc	%o5,%o4,%o5
+	addx	%g0,0,%g1
+	deccc	%o3
+	bz	.L_bn_add_words_return
+	st	%o5,[%o0]
+
+	ld	[%o1+4],%o4
+	addcc	%g1,-1,%g0
+	ld	[%o2+4],%o5
+	addxcc	%o5,%o4,%o5
+	addx	%g0,0,%g1
+	deccc	%o3
+	bz	.L_bn_add_words_return
+	st	%o5,[%o0+4]
+
+	ld	[%o1+8],%o4
+	addcc	%g1,-1,%g0
+	ld	[%o2+8],%o5
+	addxcc	%o5,%o4,%o5
+	st	%o5,[%o0+8]
+	retl
+	addx	%g0,0,%o0
+
+.type	bn_add_words,#function
+.size	bn_add_words,(.-bn_add_words)
+
+.align	32
+
+.global bn_sub_words
+/*
+ * BN_ULONG bn_sub_words(rp,ap,bp,n)
+ * BN_ULONG *rp,*ap,*bp;
+ * int n;
+ */
+bn_sub_words:
+	cmp	%o3,0
+	bg,a	.L_bn_sub_words_proceed
+	ld	[%o1],%o4
+	retl
+	clr	%o0
+
+.L_bn_sub_words_proceed:
+	andcc	%o3,-4,%g0
+	bz	.L_bn_sub_words_tail
+	clr	%g1
+	ba	.L_bn_sub_words_warm_loop
+	addcc	%g0,0,%g0	! clear carry flag
+
+.L_bn_sub_words_loop:
+	ld	[%o1],%o4
+.L_bn_sub_words_warm_loop:
+	ld	[%o2],%o5
+	ld	[%o1+4],%g3
+	ld	[%o2+4],%g4
+	dec	4,%o3
+	subxcc	%o4,%o5,%o5
+	st	%o5,[%o0]
+
+	ld	[%o1+8],%o4
+	ld	[%o2+8],%o5
+	inc	16,%o1
+	subxcc	%g3,%g4,%g4
+	st	%g4,[%o0+4]
+	
+	ld	[%o1-4],%g3
+	ld	[%o2+12],%g4
+	inc	16,%o2
+	subxcc	%o4,%o5,%o5
+	st	%o5,[%o0+8]
+
+	inc	16,%o0
+	subxcc	%g3,%g4,%g4
+	st	%g4,[%o0-4]
+	addx	%g0,0,%g1
+	andcc	%o3,-4,%g0
+	bnz,a	.L_bn_sub_words_loop
+	addcc	%g1,-1,%g0
+
+	tst	%o3
+	nop
+	bnz,a	.L_bn_sub_words_tail
+	ld	[%o1],%o4
+.L_bn_sub_words_return:
+	retl
+	mov	%g1,%o0
+
+.L_bn_sub_words_tail:
+	addcc	%g1,-1,%g0
+	ld	[%o2],%o5
+	subxcc	%o4,%o5,%o5
+	addx	%g0,0,%g1
+	deccc	%o3
+	bz	.L_bn_sub_words_return
+	st	%o5,[%o0]
+	nop
+
+	ld	[%o1+4],%o4
+	addcc	%g1,-1,%g0
+	ld	[%o2+4],%o5
+	subxcc	%o4,%o5,%o5
+	addx	%g0,0,%g1
+	deccc	%o3
+	bz	.L_bn_sub_words_return
+	st	%o5,[%o0+4]
+
+	ld	[%o1+8],%o4
+	addcc	%g1,-1,%g0
+	ld	[%o2+8],%o5
+	subxcc	%o4,%o5,%o5
+	st	%o5,[%o0+8]
+	retl
+	addx	%g0,0,%o0
+
+.type	bn_sub_words,#function
+.size	bn_sub_words,(.-bn_sub_words)
+
+#define FRAME_SIZE	-96
+
+/*
+ * Here is register usage map for *all* routines below.
+ */
+#define t_1	%o0
+#define	t_2	%o1
+#define c_1	%o2
+#define c_2	%o3
+#define c_3	%o4
+
+#define ap(I)	[%i1+4*I]
+#define bp(I)	[%i2+4*I]
+#define rp(I)	[%i0+4*I]
+
+#define	a_0	%l0
+#define	a_1	%l1
+#define	a_2	%l2
+#define	a_3	%l3
+#define	a_4	%l4
+#define	a_5	%l5
+#define	a_6	%l6
+#define	a_7	%l7
+
+#define	b_0	%i3
+#define	b_1	%i4
+#define	b_2	%i5
+#define	b_3	%o5
+#define	b_4	%g1
+#define	b_5	%g2
+#define	b_6	%g3
+#define	b_7	%g4
+
+.align	32
+.global bn_mul_comba8
+/*
+ * void bn_mul_comba8(r,a,b)
+ * BN_ULONG *r,*a,*b;
+ */
+bn_mul_comba8:
+	save	%sp,FRAME_SIZE,%sp
+	ld	ap(0),a_0
+	ld	bp(0),b_0
+	umul	a_0,b_0,c_1	!=!mul_add_c(a[0],b[0],c1,c2,c3);
+	ld	bp(1),b_1
+	rd	%y,c_2
+	st	c_1,rp(0)	!r[0]=c1;
+
+	umul	a_0,b_1,t_1	!=!mul_add_c(a[0],b[1],c2,c3,c1);
+	ld	ap(1),a_1
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	%g0,t_2,c_3	!=
+	addx	%g0,%g0,c_1
+	ld	ap(2),a_2
+	umul	a_1,b_0,t_1	!mul_add_c(a[1],b[0],c2,c3,c1);
+	addcc	c_2,t_1,c_2	!=
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	st	c_2,rp(1)	!r[1]=c2;
+	addx	c_1,%g0,c_1	!=
+
+	umul	a_2,b_0,t_1	!mul_add_c(a[2],b[0],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	%g0,%g0,c_2
+	ld	bp(2),b_2
+	umul	a_1,b_1,t_1	!mul_add_c(a[1],b[1],c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	ld	bp(3),b_3
+	addx	c_2,%g0,c_2	!=
+	umul	a_0,b_2,t_1	!mul_add_c(a[0],b[2],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	st	c_3,rp(2)	!r[2]=c3;
+
+	umul	a_0,b_3,t_1	!mul_add_c(a[0],b[3],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	%g0,%g0,c_3
+	umul	a_1,b_2,t_1	!=!mul_add_c(a[1],b[2],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	ld	ap(3),a_3
+	umul	a_2,b_1,t_1	!mul_add_c(a[2],b[1],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2		!=
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	ld	ap(4),a_4
+	umul	a_3,b_0,t_1	!mul_add_c(a[3],b[0],c1,c2,c3);!=
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	st	c_1,rp(3)	!r[3]=c1;
+
+	umul	a_4,b_0,t_1	!mul_add_c(a[4],b[0],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	umul	a_3,b_1,t_1	!mul_add_c(a[3],b[1],c2,c3,c1);
+	addcc	c_2,t_1,c_2	!=
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	umul	a_2,b_2,t_1	!=!mul_add_c(a[2],b[2],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	ld	bp(4),b_4
+	umul	a_1,b_3,t_1	!mul_add_c(a[1],b[3],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	ld	bp(5),b_5
+	umul	a_0,b_4,t_1	!=!mul_add_c(a[0],b[4],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	st	c_2,rp(4)	!r[4]=c2;
+
+	umul	a_0,b_5,t_1	!mul_add_c(a[0],b[5],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2
+	umul	a_1,b_4,t_1	!mul_add_c(a[1],b[4],c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_2,b_3,t_1	!=!mul_add_c(a[2],b[3],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	umul	a_3,b_2,t_1	!mul_add_c(a[3],b[2],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	ld	ap(5),a_5
+	umul	a_4,b_1,t_1	!mul_add_c(a[4],b[1],c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	ld	ap(6),a_6
+	addx	c_2,%g0,c_2	!=
+	umul	a_5,b_0,t_1	!mul_add_c(a[5],b[0],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	st	c_3,rp(5)	!r[5]=c3;
+
+	umul	a_6,b_0,t_1	!mul_add_c(a[6],b[0],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	%g0,%g0,c_3
+	umul	a_5,b_1,t_1	!=!mul_add_c(a[5],b[1],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	umul	a_4,b_2,t_1	!mul_add_c(a[4],b[2],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	umul	a_3,b_3,t_1	!mul_add_c(a[3],b[3],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2		!=
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	umul	a_2,b_4,t_1	!mul_add_c(a[2],b[4],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	ld	bp(6),b_6
+	addx	c_3,%g0,c_3	!=
+	umul	a_1,b_5,t_1	!mul_add_c(a[1],b[5],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	ld	bp(7),b_7
+	umul	a_0,b_6,t_1	!mul_add_c(a[0],b[6],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	st	c_1,rp(6)	!r[6]=c1;
+	addx	c_3,%g0,c_3	!=
+
+	umul	a_0,b_7,t_1	!mul_add_c(a[0],b[7],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	%g0,%g0,c_1
+	umul	a_1,b_6,t_1	!mul_add_c(a[1],b[6],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	umul	a_2,b_5,t_1	!mul_add_c(a[2],b[5],c2,c3,c1);
+	addcc	c_2,t_1,c_2	!=
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	umul	a_3,b_4,t_1	!=!mul_add_c(a[3],b[4],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	umul	a_4,b_3,t_1	!mul_add_c(a[4],b[3],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_5,b_2,t_1	!mul_add_c(a[5],b[2],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	ld	ap(7),a_7
+	umul	a_6,b_1,t_1	!=!mul_add_c(a[6],b[1],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	umul	a_7,b_0,t_1	!mul_add_c(a[7],b[0],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	st	c_2,rp(7)	!r[7]=c2;
+
+	umul	a_7,b_1,t_1	!mul_add_c(a[7],b[1],c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2
+	umul	a_6,b_2,t_1	!=!mul_add_c(a[6],b[2],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	umul	a_5,b_3,t_1	!mul_add_c(a[5],b[3],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	umul	a_4,b_4,t_1	!mul_add_c(a[4],b[4],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_3,b_5,t_1	!mul_add_c(a[3],b[5],c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_2,b_6,t_1	!=!mul_add_c(a[2],b[6],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	umul	a_1,b_7,t_1	!mul_add_c(a[1],b[7],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!
+	addx	c_2,%g0,c_2
+	st	c_3,rp(8)	!r[8]=c3;
+
+	umul	a_2,b_7,t_1	!mul_add_c(a[2],b[7],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	%g0,%g0,c_3
+	umul	a_3,b_6,t_1	!=!mul_add_c(a[3],b[6],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	umul	a_4,b_5,t_1	!mul_add_c(a[4],b[5],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	umul	a_5,b_4,t_1	!mul_add_c(a[5],b[4],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2		!=
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	umul	a_6,b_3,t_1	!mul_add_c(a[6],b[3],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	umul	a_7,b_2,t_1	!=!mul_add_c(a[7],b[2],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	st	c_1,rp(9)	!r[9]=c1;
+
+	umul	a_7,b_3,t_1	!mul_add_c(a[7],b[3],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	umul	a_6,b_4,t_1	!mul_add_c(a[6],b[4],c2,c3,c1);
+	addcc	c_2,t_1,c_2	!=
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	umul	a_5,b_5,t_1	!=!mul_add_c(a[5],b[5],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	umul	a_4,b_6,t_1	!mul_add_c(a[4],b[6],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_3,b_7,t_1	!mul_add_c(a[3],b[7],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	st	c_2,rp(10)	!r[10]=c2;
+
+	umul	a_4,b_7,t_1	!=!mul_add_c(a[4],b[7],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2	!=
+	umul	a_5,b_6,t_1	!mul_add_c(a[5],b[6],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	umul	a_6,b_5,t_1	!mul_add_c(a[6],b[5],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_7,b_4,t_1	!mul_add_c(a[7],b[4],c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	st	c_3,rp(11)	!r[11]=c3;
+	addx	c_2,%g0,c_2	!=
+
+	umul	a_7,b_5,t_1	!mul_add_c(a[7],b[5],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	%g0,%g0,c_3
+	umul	a_6,b_6,t_1	!mul_add_c(a[6],b[6],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2		!=
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	umul	a_5,b_7,t_1	!mul_add_c(a[5],b[7],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	st	c_1,rp(12)	!r[12]=c1;
+	addx	c_3,%g0,c_3	!=
+
+	umul	a_6,b_7,t_1	!mul_add_c(a[6],b[7],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	%g0,%g0,c_1
+	umul	a_7,b_6,t_1	!mul_add_c(a[7],b[6],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	st	c_2,rp(13)	!r[13]=c2;
+
+	umul	a_7,b_7,t_1	!=!mul_add_c(a[7],b[7],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	nop			!=
+	st	c_3,rp(14)	!r[14]=c3;
+	st	c_1,rp(15)	!r[15]=c1;
+
+	ret
+	restore	%g0,%g0,%o0
+
+.type	bn_mul_comba8,#function
+.size	bn_mul_comba8,(.-bn_mul_comba8)
+
+.align	32
+
+.global bn_mul_comba4
+/*
+ * void bn_mul_comba4(r,a,b)
+ * BN_ULONG *r,*a,*b;
+ */
+bn_mul_comba4:
+	save	%sp,FRAME_SIZE,%sp
+	ld	ap(0),a_0
+	ld	bp(0),b_0
+	umul	a_0,b_0,c_1	!=!mul_add_c(a[0],b[0],c1,c2,c3);
+	ld	bp(1),b_1
+	rd	%y,c_2
+	st	c_1,rp(0)	!r[0]=c1;
+
+	umul	a_0,b_1,t_1	!=!mul_add_c(a[0],b[1],c2,c3,c1);
+	ld	ap(1),a_1
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	%g0,t_2,c_3
+	addx	%g0,%g0,c_1
+	ld	ap(2),a_2
+	umul	a_1,b_0,t_1	!=!mul_add_c(a[1],b[0],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	st	c_2,rp(1)	!r[1]=c2;
+
+	umul	a_2,b_0,t_1	!mul_add_c(a[2],b[0],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2
+	ld	bp(2),b_2
+	umul	a_1,b_1,t_1	!=!mul_add_c(a[1],b[1],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	ld	bp(3),b_3
+	umul	a_0,b_2,t_1	!mul_add_c(a[0],b[2],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	st	c_3,rp(2)	!r[2]=c3;
+
+	umul	a_0,b_3,t_1	!=!mul_add_c(a[0],b[3],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	%g0,%g0,c_3	!=
+	umul	a_1,b_2,t_1	!mul_add_c(a[1],b[2],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	ld	ap(3),a_3
+	umul	a_2,b_1,t_1	!mul_add_c(a[2],b[1],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	umul	a_3,b_0,t_1	!=!mul_add_c(a[3],b[0],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	st	c_1,rp(3)	!r[3]=c1;
+
+	umul	a_3,b_1,t_1	!mul_add_c(a[3],b[1],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	umul	a_2,b_2,t_1	!mul_add_c(a[2],b[2],c2,c3,c1);
+	addcc	c_2,t_1,c_2	!=
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	umul	a_1,b_3,t_1	!=!mul_add_c(a[1],b[3],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	st	c_2,rp(4)	!r[4]=c2;
+
+	umul	a_2,b_3,t_1	!mul_add_c(a[2],b[3],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2
+	umul	a_3,b_2,t_1	!mul_add_c(a[3],b[2],c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	st	c_3,rp(5)	!r[5]=c3;
+	addx	c_2,%g0,c_2	!=
+
+	umul	a_3,b_3,t_1	!mul_add_c(a[3],b[3],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	st	c_1,rp(6)	!r[6]=c1;
+	st	c_2,rp(7)	!r[7]=c2;
+	
+	ret
+	restore	%g0,%g0,%o0
+
+.type	bn_mul_comba4,#function
+.size	bn_mul_comba4,(.-bn_mul_comba4)
+
+.align	32
+
+.global bn_sqr_comba8
+bn_sqr_comba8:
+	save	%sp,FRAME_SIZE,%sp
+	ld	ap(0),a_0
+	ld	ap(1),a_1
+	umul	a_0,a_0,c_1	!=!sqr_add_c(a,0,c1,c2,c3);
+	rd	%y,c_2
+	st	c_1,rp(0)	!r[0]=c1;
+
+	ld	ap(2),a_2
+	umul	a_0,a_1,t_1	!=!sqr_add_c2(a,1,0,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	%g0,t_2,c_3
+	addx	%g0,%g0,c_1	!=
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3
+	st	c_2,rp(1)	!r[1]=c2;
+	addx	c_1,%g0,c_1	!=
+
+	umul	a_2,a_0,t_1	!sqr_add_c2(a,2,0,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	%g0,%g0,c_2
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	ld	ap(3),a_3
+	umul	a_1,a_1,t_1	!sqr_add_c(a,1,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	st	c_3,rp(2)	!r[2]=c3;
+
+	umul	a_0,a_3,t_1	!=!sqr_add_c2(a,3,0,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	%g0,%g0,c_3	!=
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	ld	ap(4),a_4
+	addx	c_3,%g0,c_3	!=
+	umul	a_1,a_2,t_1	!sqr_add_c2(a,2,1,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	st	c_1,rp(3)	!r[3]=c1;
+
+	umul	a_4,a_0,t_1	!sqr_add_c2(a,4,0,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_3,a_1,t_1	!sqr_add_c2(a,3,1,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	ld	ap(5),a_5
+	umul	a_2,a_2,t_1	!sqr_add_c(a,2,c2,c3,c1);
+	addcc	c_2,t_1,c_2	!=
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	st	c_2,rp(4)	!r[4]=c2;
+	addx	c_1,%g0,c_1	!=
+
+	umul	a_0,a_5,t_1	!sqr_add_c2(a,5,0,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	%g0,%g0,c_2
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	umul	a_1,a_4,t_1	!sqr_add_c2(a,4,1,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	ld	ap(6),a_6
+	umul	a_2,a_3,t_1	!sqr_add_c2(a,3,2,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	st	c_3,rp(5)	!r[5]=c3;
+
+	umul	a_6,a_0,t_1	!sqr_add_c2(a,6,0,c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	%g0,%g0,c_3
+	addcc	c_1,t_1,c_1	!=
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	umul	a_5,a_1,t_1	!sqr_add_c2(a,5,1,c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	addcc	c_1,t_1,c_1	!=
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	umul	a_4,a_2,t_1	!sqr_add_c2(a,4,2,c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	addcc	c_1,t_1,c_1	!=
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	ld	ap(7),a_7
+	umul	a_3,a_3,t_1	!=!sqr_add_c(a,3,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	st	c_1,rp(6)	!r[6]=c1;
+
+	umul	a_0,a_7,t_1	!sqr_add_c2(a,7,0,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_1,a_6,t_1	!sqr_add_c2(a,6,1,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_2,a_5,t_1	!sqr_add_c2(a,5,2,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_3,a_4,t_1	!sqr_add_c2(a,4,3,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	st	c_2,rp(7)	!r[7]=c2;
+
+	umul	a_7,a_1,t_1	!sqr_add_c2(a,7,1,c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2
+	addcc	c_3,t_1,c_3	!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_6,a_2,t_1	!sqr_add_c2(a,6,2,c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	addcc	c_3,t_1,c_3	!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_5,a_3,t_1	!sqr_add_c2(a,5,3,c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	addcc	c_3,t_1,c_3	!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_4,a_4,t_1	!sqr_add_c(a,4,c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	st	c_3,rp(8)	!r[8]=c3;
+	addx	c_2,%g0,c_2	!=
+
+	umul	a_2,a_7,t_1	!sqr_add_c2(a,7,2,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	%g0,%g0,c_3
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	umul	a_3,a_6,t_1	!sqr_add_c2(a,6,3,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	umul	a_4,a_5,t_1	!sqr_add_c2(a,5,4,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	st	c_1,rp(9)	!r[9]=c1;
+
+	umul	a_7,a_3,t_1	!sqr_add_c2(a,7,3,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_6,a_4,t_1	!sqr_add_c2(a,6,4,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_5,a_5,t_1	!sqr_add_c(a,5,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	st	c_2,rp(10)	!r[10]=c2;
+
+	umul	a_4,a_7,t_1	!=!sqr_add_c2(a,7,4,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2	!=
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_5,a_6,t_1	!=!sqr_add_c2(a,6,5,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1
+	st	c_3,rp(11)	!r[11]=c3;
+	addx	c_2,%g0,c_2	!=
+
+	umul	a_7,a_5,t_1	!sqr_add_c2(a,7,5,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	%g0,%g0,c_3
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	umul	a_6,a_6,t_1	!sqr_add_c(a,6,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	st	c_1,rp(12)	!r[12]=c1;
+
+	umul	a_6,a_7,t_1	!sqr_add_c2(a,7,6,c2,c3,c1);
+	addcc	c_2,t_1,c_2	!=
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	addcc	c_2,t_1,c_2	!=
+	addxcc	c_3,t_2,c_3
+	st	c_2,rp(13)	!r[13]=c2;
+	addx	c_1,%g0,c_1	!=
+
+	umul	a_7,a_7,t_1	!sqr_add_c(a,7,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	st	c_3,rp(14)	!r[14]=c3;
+	st	c_1,rp(15)	!r[15]=c1;
+
+	ret
+	restore	%g0,%g0,%o0
+
+.type	bn_sqr_comba8,#function
+.size	bn_sqr_comba8,(.-bn_sqr_comba8)
+
+.align	32
+
+.global bn_sqr_comba4
+/*
+ * void bn_sqr_comba4(r,a)
+ * BN_ULONG *r,*a;
+ */
+bn_sqr_comba4:
+	save	%sp,FRAME_SIZE,%sp
+	ld	ap(0),a_0
+	umul	a_0,a_0,c_1	!sqr_add_c(a,0,c1,c2,c3);
+	ld	ap(1),a_1	!=
+	rd	%y,c_2
+	st	c_1,rp(0)	!r[0]=c1;
+
+	ld	ap(2),a_2
+	umul	a_0,a_1,t_1	!=!sqr_add_c2(a,1,0,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	%g0,t_2,c_3
+	addx	%g0,%g0,c_1	!=
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	st	c_2,rp(1)	!r[1]=c2;
+
+	umul	a_2,a_0,t_1	!sqr_add_c2(a,2,0,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	ld	ap(3),a_3
+	umul	a_1,a_1,t_1	!sqr_add_c(a,1,c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	st	c_3,rp(2)	!r[2]=c3;
+	addx	c_2,%g0,c_2	!=
+
+	umul	a_0,a_3,t_1	!sqr_add_c2(a,3,0,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	%g0,%g0,c_3
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	umul	a_1,a_2,t_1	!sqr_add_c2(a,2,1,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	st	c_1,rp(3)	!r[3]=c1;
+
+	umul	a_3,a_1,t_1	!sqr_add_c2(a,3,1,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_2,a_2,t_1	!sqr_add_c(a,2,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	st	c_2,rp(4)	!r[4]=c2;
+
+	umul	a_2,a_3,t_1	!=!sqr_add_c2(a,3,2,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2	!=
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1
+	st	c_3,rp(5)	!r[5]=c3;
+	addx	c_2,%g0,c_2	!=
+
+	umul	a_3,a_3,t_1	!sqr_add_c(a,3,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	st	c_1,rp(6)	!r[6]=c1;
+	st	c_2,rp(7)	!r[7]=c2;
+	
+	ret
+	restore	%g0,%g0,%o0
+
+.type	bn_sqr_comba4,#function
+.size	bn_sqr_comba4,(.-bn_sqr_comba4)
+
+.align	32
diff --git a/lib/libssl/src/crypto/bn/asm/sparcv8plus.S b/lib/libssl/src/crypto/bn/asm/sparcv8plus.S
new file mode 100644
index 00000000000..0074dfdb750
--- /dev/null
+++ b/lib/libssl/src/crypto/bn/asm/sparcv8plus.S
@@ -0,0 +1,1535 @@
+.ident	"sparcv8plus.s, Version 1.4"
+.ident	"SPARC v9 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
+
+/*
+ * ====================================================================
+ * Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+ * project.
+ *
+ * Rights for redistribution and usage in source and binary forms are
+ * granted according to the OpenSSL license. Warranty of any kind is
+ * disclaimed.
+ * ====================================================================
+ */
+
+/*
+ * This is my modest contributon to OpenSSL project (see
+ * http://www.openssl.org/ for more information about it) and is
+ * a drop-in UltraSPARC ISA replacement for crypto/bn/bn_asm.c
+ * module. For updates see http://fy.chalmers.se/~appro/hpe/.
+ *
+ * Questions-n-answers.
+ *
+ * Q. How to compile?
+ * A. With SC4.x/SC5.x:
+ *
+ *	cc -xarch=v8plus -c bn_asm.sparc.v8plus.S -o bn_asm.o
+ *
+ *    and with gcc:
+ *
+ *	gcc -mcpu=ultrasparc -c bn_asm.sparc.v8plus.S -o bn_asm.o
+ *
+ *    or if above fails (it does if you have gas installed):
+ *
+ *	gcc -E bn_asm.sparc.v8plus.S | as -xarch=v8plus /dev/fd/0 -o bn_asm.o
+ *
+ *    Quick-n-dirty way to fuse the module into the library.
+ *    Provided that the library is already configured and built
+ *    (in 0.9.2 case with no-asm option):
+ *
+ *	# cd crypto/bn
+ *	# cp /some/place/bn_asm.sparc.v8plus.S .
+ *	# cc -xarch=v8plus -c bn_asm.sparc.v8plus.S -o bn_asm.o
+ *	# make
+ *	# cd ../..
+ *	# make; make test
+ *
+ *    Quick-n-dirty way to get rid of it:
+ *
+ *	# cd crypto/bn
+ *	# touch bn_asm.c
+ *	# make
+ *	# cd ../..
+ *	# make; make test
+ *
+ * Q. V8plus achitecture? What kind of beast is that?
+ * A. Well, it's rather a programming model than an architecture...
+ *    It's actually v9-compliant, i.e. *any* UltraSPARC, CPU under
+ *    special conditions, namely when kernel doesn't preserve upper
+ *    32 bits of otherwise 64-bit registers during a context switch.
+ *
+ * Q. Why just UltraSPARC? What about SuperSPARC?
+ * A. Original release did target UltraSPARC only. Now SuperSPARC
+ *    version is provided along. Both version share bn_*comba[48]
+ *    implementations (see comment later in code for explanation).
+ *    But what's so special about this UltraSPARC implementation?
+ *    Why didn't I let compiler do the job? Trouble is that most of
+ *    available compilers (well, SC5.0 is the only exception) don't
+ *    attempt to take advantage of UltraSPARC's 64-bitness under
+ *    32-bit kernels even though it's perfectly possible (see next
+ *    question).
+ *
+ * Q. 64-bit registers under 32-bit kernels? Didn't you just say it
+ *    doesn't work?
+ * A. You can't adress *all* registers as 64-bit wide:-( The catch is
+ *    that you actually may rely upon %o0-%o5 and %g1-%g4 being fully
+ *    preserved if you're in a leaf function, i.e. such never calling
+ *    any other functions. All functions in this module are leaf and
+ *    10 registers is a handful. And as a matter of fact none-"comba"
+ *    routines don't require even that much and I could even afford to
+ *    not allocate own stack frame for 'em:-)
+ *
+ * Q. What about 64-bit kernels?
+ * A. What about 'em? Just kidding:-) Pure 64-bit version is currently
+ *    under evaluation and development...
+ *
+ * Q. What about shared libraries?
+ * A. What about 'em? Kidding again:-) Code does *not* contain any
+ *    code position dependencies and it's safe to include it into
+ *    shared library as is.
+ *
+ * Q. How much faster does it go?
+ * A. Do you have a good benchmark? In either case below is what I
+ *    experience with crypto/bn/expspeed.c test program:
+ *
+ *	v8plus module on U10/300MHz against bn_asm.c compiled with:
+ *
+ *	cc-5.0 -xarch=v8plus -xO5 -xdepend	+7-12%
+ *	cc-4.2 -xarch=v8plus -xO5 -xdepend	+25-35%
+ *	egcs-1.1.2 -mcpu=ultrasparc -O3		+35-45%
+ *
+ *	v8 module on SS10/60MHz against bn_asm.c compiled with:
+ *
+ *	cc-5.0 -xarch=v8 -xO5 -xdepend		+7-10%
+ *	cc-4.2 -xarch=v8 -xO5 -xdepend		+10%
+ *	egcs-1.1.2 -mv8 -O3			+35-45%
+ *
+ *    As you can see it's damn hard to beat the new Sun C compiler
+ *    and it's in first place GNU C users who will appreciate this
+ *    assembler implementation:-)	
+ */
+
+/*
+ * Revision history.
+ *
+ * 1.0	- initial release;
+ * 1.1	- new loop unrolling model(*);
+ *	- some more fine tuning;
+ * 1.2	- made gas friendly;
+ *	- updates to documentation concerning v9;
+ *	- new performance comparison matrix;
+ * 1.3	- fixed problem with /usr/ccs/lib/cpp;
+ * 1.4	- native V9 bn_*_comba[48] implementation (15% more efficient)
+ *	  resulting in slight overall performance kick;
+ *	- some retunes;
+ *	- support for GNU as added;
+ *
+ * (*)	Originally unrolled loop looked like this:
+ *	    for (;;) {
+ *		op(p+0); if (--n==0) break;
+ *		op(p+1); if (--n==0) break;
+ *		op(p+2); if (--n==0) break;
+ *		op(p+3); if (--n==0) break;
+ *		p+=4;
+ *	    }
+ *	I unroll according to following:
+ *	    while (n&~3) {
+ *		op(p+0); op(p+1); op(p+2); op(p+3);
+ *		p+=4; n=-4;
+ *	    }
+ *	    if (n) {
+ *		op(p+0); if (--n==0) return;
+ *		op(p+2); if (--n==0) return;
+ *		op(p+3); return;
+ *	    }
+ */
+
+/*
+ * GNU assembler can't stand stuw:-(
+ */
+#define stuw st
+
+.section	".text",#alloc,#execinstr
+.file		"bn_asm.sparc.v8plus.S"
+
+.align	32
+
+.global bn_mul_add_words
+/*
+ * BN_ULONG bn_mul_add_words(rp,ap,num,w)
+ * BN_ULONG *rp,*ap;
+ * int num;
+ * BN_ULONG w;
+ */
+bn_mul_add_words:
+	brgz,a	%o2,.L_bn_mul_add_words_proceed
+	lduw	[%o1],%g2
+	retl
+	clr	%o0
+
+.L_bn_mul_add_words_proceed:
+	srl	%o3,%g0,%o3	! clruw	%o3
+	andcc	%o2,-4,%g0
+	bz,pn	%icc,.L_bn_mul_add_words_tail
+	clr	%o5
+
+.L_bn_mul_add_words_loop:	! wow! 32 aligned!
+	lduw	[%o0],%g1
+	lduw	[%o1+4],%g3
+	mulx	%o3,%g2,%g2
+	add	%g1,%o5,%o4
+	nop
+	add	%o4,%g2,%o4
+	stuw	%o4,[%o0]
+	srlx	%o4,32,%o5
+
+	lduw	[%o0+4],%g1
+	lduw	[%o1+8],%g2
+	mulx	%o3,%g3,%g3
+	add	%g1,%o5,%o4
+	dec	4,%o2
+	add	%o4,%g3,%o4
+	stuw	%o4,[%o0+4]
+	srlx	%o4,32,%o5
+
+	lduw	[%o0+8],%g1
+	lduw	[%o1+12],%g3
+	mulx	%o3,%g2,%g2
+	add	%g1,%o5,%o4
+	inc	16,%o1
+	add	%o4,%g2,%o4
+	stuw	%o4,[%o0+8]
+	srlx	%o4,32,%o5
+
+	lduw	[%o0+12],%g1
+	mulx	%o3,%g3,%g3
+	add	%g1,%o5,%o4
+	inc	16,%o0
+	add	%o4,%g3,%o4
+	andcc	%o2,-4,%g0
+	stuw	%o4,[%o0-4]
+	srlx	%o4,32,%o5
+	bnz,a,pt	%icc,.L_bn_mul_add_words_loop
+	lduw	[%o1],%g2
+
+	brnz,a,pn	%o2,.L_bn_mul_add_words_tail
+	lduw	[%o1],%g2
+.L_bn_mul_add_words_return:
+	retl
+	mov	%o5,%o0
+
+.L_bn_mul_add_words_tail:
+	lduw	[%o0],%g1
+	mulx	%o3,%g2,%g2
+	add	%g1,%o5,%o4
+	dec	%o2
+	add	%o4,%g2,%o4
+	srlx	%o4,32,%o5
+	brz,pt	%o2,.L_bn_mul_add_words_return
+	stuw	%o4,[%o0]
+
+	lduw	[%o1+4],%g2
+	lduw	[%o0+4],%g1
+	mulx	%o3,%g2,%g2
+	add	%g1,%o5,%o4
+	dec	%o2
+	add	%o4,%g2,%o4
+	srlx	%o4,32,%o5
+	brz,pt	%o2,.L_bn_mul_add_words_return
+	stuw	%o4,[%o0+4]
+
+	lduw	[%o1+8],%g2
+	lduw	[%o0+8],%g1
+	mulx	%o3,%g2,%g2
+	add	%g1,%o5,%o4
+	add	%o4,%g2,%o4
+	stuw	%o4,[%o0+8]
+	retl
+	srlx	%o4,32,%o0
+
+.type	bn_mul_add_words,#function
+.size	bn_mul_add_words,(.-bn_mul_add_words)
+
+.align	32
+
+.global bn_mul_words
+/*
+ * BN_ULONG bn_mul_words(rp,ap,num,w)
+ * BN_ULONG *rp,*ap;
+ * int num;
+ * BN_ULONG w;
+ */
+bn_mul_words:
+	brgz,a	%o2,.L_bn_mul_words_proceeed
+	lduw	[%o1],%g2
+	retl
+	clr	%o0
+
+.L_bn_mul_words_proceeed:
+	srl	%o3,%g0,%o3	! clruw	%o3
+	andcc	%o2,-4,%g0
+	bz,pn	%icc,.L_bn_mul_words_tail
+	clr	%o5
+
+.L_bn_mul_words_loop:		! wow! 32 aligned!
+	lduw	[%o1+4],%g3
+	mulx	%o3,%g2,%g2
+	add	%g2,%o5,%o4
+	nop
+	stuw	%o4,[%o0]
+	srlx	%o4,32,%o5
+
+	lduw	[%o1+8],%g2
+	mulx	%o3,%g3,%g3
+	add	%g3,%o5,%o4
+	dec	4,%o2
+	stuw	%o4,[%o0+4]
+	srlx	%o4,32,%o5
+
+	lduw	[%o1+12],%g3
+	mulx	%o3,%g2,%g2
+	add	%g2,%o5,%o4
+	inc	16,%o1
+	stuw	%o4,[%o0+8]
+	srlx	%o4,32,%o5
+
+	mulx	%o3,%g3,%g3
+	add	%g3,%o5,%o4
+	inc	16,%o0
+	stuw	%o4,[%o0-4]
+	srlx	%o4,32,%o5
+	andcc	%o2,-4,%g0
+	bnz,a,pt	%icc,.L_bn_mul_words_loop
+	lduw	[%o1],%g2
+	nop
+	nop
+
+	brnz,a,pn	%o2,.L_bn_mul_words_tail
+	lduw	[%o1],%g2
+.L_bn_mul_words_return:
+	retl
+	mov	%o5,%o0
+
+.L_bn_mul_words_tail:
+	mulx	%o3,%g2,%g2
+	add	%g2,%o5,%o4
+	dec	%o2
+	srlx	%o4,32,%o5
+	brz,pt	%o2,.L_bn_mul_words_return
+	stuw	%o4,[%o0]
+
+	lduw	[%o1+4],%g2
+	mulx	%o3,%g2,%g2
+	add	%g2,%o5,%o4
+	dec	%o2
+	srlx	%o4,32,%o5
+	brz,pt	%o2,.L_bn_mul_words_return
+	stuw	%o4,[%o0+4]
+
+	lduw	[%o1+8],%g2
+	mulx	%o3,%g2,%g2
+	add	%g2,%o5,%o4
+	stuw	%o4,[%o0+8]
+	retl
+	srlx	%o4,32,%o0
+
+.type	bn_mul_words,#function
+.size	bn_mul_words,(.-bn_mul_words)
+
+.align  32
+.global	bn_sqr_words
+/*
+ * void bn_sqr_words(r,a,n)
+ * BN_ULONG *r,*a;
+ * int n;
+ */
+bn_sqr_words:
+	brgz,a	%o2,.L_bn_sqr_words_proceeed
+	lduw	[%o1],%g2
+	retl
+	clr	%o0
+
+.L_bn_sqr_words_proceeed:
+	andcc	%o2,-4,%g0
+	nop
+	bz,pn	%icc,.L_bn_sqr_words_tail
+	nop
+
+.L_bn_sqr_words_loop:		! wow! 32 aligned!
+	lduw	[%o1+4],%g3
+	mulx	%g2,%g2,%o4
+	stuw	%o4,[%o0]
+	srlx	%o4,32,%o5
+	stuw	%o5,[%o0+4]
+	nop
+
+	lduw	[%o1+8],%g2
+	mulx	%g3,%g3,%o4
+	dec	4,%o2
+	stuw	%o4,[%o0+8]
+	srlx	%o4,32,%o5
+	stuw	%o5,[%o0+12]
+
+	lduw	[%o1+12],%g3
+	mulx	%g2,%g2,%o4
+	srlx	%o4,32,%o5
+	stuw	%o4,[%o0+16]
+	inc	16,%o1
+	stuw	%o5,[%o0+20]
+
+	mulx	%g3,%g3,%o4
+	inc	32,%o0
+	stuw	%o4,[%o0-8]
+	srlx	%o4,32,%o5
+	andcc	%o2,-4,%g2
+	stuw	%o5,[%o0-4]
+	bnz,a,pt	%icc,.L_bn_sqr_words_loop
+	lduw	[%o1],%g2
+	nop
+
+	brnz,a,pn	%o2,.L_bn_sqr_words_tail
+	lduw	[%o1],%g2
+.L_bn_sqr_words_return:
+	retl
+	clr	%o0
+
+.L_bn_sqr_words_tail:
+	mulx	%g2,%g2,%o4
+	dec	%o2
+	stuw	%o4,[%o0]
+	srlx	%o4,32,%o5
+	brz,pt	%o2,.L_bn_sqr_words_return
+	stuw	%o5,[%o0+4]
+
+	lduw	[%o1+4],%g2
+	mulx	%g2,%g2,%o4
+	dec	%o2
+	stuw	%o4,[%o0+8]
+	srlx	%o4,32,%o5
+	brz,pt	%o2,.L_bn_sqr_words_return
+	stuw	%o5,[%o0+12]
+
+	lduw	[%o1+8],%g2
+	mulx	%g2,%g2,%o4
+	srlx	%o4,32,%o5
+	stuw	%o4,[%o0+16]
+	stuw	%o5,[%o0+20]
+	retl
+	clr	%o0
+
+.type	bn_sqr_words,#function
+.size	bn_sqr_words,(.-bn_sqr_words)
+
+.align	32
+.global bn_div_words
+/*
+ * BN_ULONG bn_div_words(h,l,d)
+ * BN_ULONG h,l,d;
+ */
+bn_div_words:
+	sllx	%o0,32,%o0
+	or	%o0,%o1,%o0
+	udivx	%o0,%o2,%o0
+	retl
+	srl	%o0,%g0,%o0	! clruw	%o0
+
+.type	bn_div_words,#function
+.size	bn_div_words,(.-bn_div_words)
+
+.align	32
+
+.global bn_add_words
+/*
+ * BN_ULONG bn_add_words(rp,ap,bp,n)
+ * BN_ULONG *rp,*ap,*bp;
+ * int n;
+ */
+bn_add_words:
+	brgz,a	%o3,.L_bn_add_words_proceed
+	lduw	[%o1],%o4
+	retl
+	clr	%o0
+
+.L_bn_add_words_proceed:
+	andcc	%o3,-4,%g0
+	bz,pn	%icc,.L_bn_add_words_tail
+	addcc	%g0,0,%g0	! clear carry flag
+	nop
+
+.L_bn_add_words_loop:		! wow! 32 aligned!
+	dec	4,%o3
+	lduw	[%o2],%o5
+	lduw	[%o1+4],%g1
+	lduw	[%o2+4],%g2
+	lduw	[%o1+8],%g3
+	lduw	[%o2+8],%g4
+	addccc	%o5,%o4,%o5
+	stuw	%o5,[%o0]
+
+	lduw	[%o1+12],%o4
+	lduw	[%o2+12],%o5
+	inc	16,%o1
+	addccc	%g1,%g2,%g1
+	stuw	%g1,[%o0+4]
+	
+	inc	16,%o2
+	addccc	%g3,%g4,%g3
+	stuw	%g3,[%o0+8]
+
+	inc	16,%o0
+	addccc	%o5,%o4,%o5
+	stuw	%o5,[%o0-4]
+	and	%o3,-4,%g1
+	brnz,a,pt	%g1,.L_bn_add_words_loop
+	lduw	[%o1],%o4
+
+	brnz,a,pn	%o3,.L_bn_add_words_tail
+	lduw	[%o1],%o4
+.L_bn_add_words_return:
+	clr	%o0
+	retl
+	movcs	%icc,1,%o0
+	nop
+
+.L_bn_add_words_tail:
+	lduw	[%o2],%o5
+	dec	%o3
+	addccc	%o5,%o4,%o5
+	brz,pt	%o3,.L_bn_add_words_return
+	stuw	%o5,[%o0]
+
+	lduw	[%o1+4],%o4
+	lduw	[%o2+4],%o5
+	dec	%o3
+	addccc	%o5,%o4,%o5
+	brz,pt	%o3,.L_bn_add_words_return
+	stuw	%o5,[%o0+4]
+
+	lduw	[%o1+8],%o4
+	lduw	[%o2+8],%o5
+	addccc	%o5,%o4,%o5
+	stuw	%o5,[%o0+8]
+	clr	%o0
+	retl
+	movcs	%icc,1,%o0
+
+.type	bn_add_words,#function
+.size	bn_add_words,(.-bn_add_words)
+
+.global bn_sub_words
+/*
+ * BN_ULONG bn_sub_words(rp,ap,bp,n)
+ * BN_ULONG *rp,*ap,*bp;
+ * int n;
+ */
+bn_sub_words:
+	brgz,a	%o3,.L_bn_sub_words_proceed
+	lduw	[%o1],%o4
+	retl
+	clr	%o0
+
+.L_bn_sub_words_proceed:
+	andcc	%o3,-4,%g0
+	bz,pn	%icc,.L_bn_sub_words_tail
+	addcc	%g0,0,%g0	! clear carry flag
+	nop
+
+.L_bn_sub_words_loop:		! wow! 32 aligned!
+	dec	4,%o3
+	lduw	[%o2],%o5
+	lduw	[%o1+4],%g1
+	lduw	[%o2+4],%g2
+	lduw	[%o1+8],%g3
+	lduw	[%o2+8],%g4
+	subccc	%o4,%o5,%o5
+	stuw	%o5,[%o0]
+
+	lduw	[%o1+12],%o4
+	lduw	[%o2+12],%o5
+	inc	16,%o1
+	subccc	%g1,%g2,%g2
+	stuw	%g2,[%o0+4]
+
+	inc	16,%o2
+	subccc	%g3,%g4,%g4
+	stuw	%g4,[%o0+8]
+
+	inc	16,%o0
+	subccc	%o4,%o5,%o5
+	stuw	%o5,[%o0-4]
+	and	%o3,-4,%g1
+	brnz,a,pt	%g1,.L_bn_sub_words_loop
+	lduw	[%o1],%o4
+
+	brnz,a,pn	%o3,.L_bn_sub_words_tail
+	lduw	[%o1],%o4
+.L_bn_sub_words_return:
+	clr	%o0
+	retl
+	movcs	%icc,1,%o0
+	nop
+
+.L_bn_sub_words_tail:		! wow! 32 aligned!
+	lduw	[%o2],%o5
+	dec	%o3
+	subccc	%o4,%o5,%o5
+	brz,pt	%o3,.L_bn_sub_words_return
+	stuw	%o5,[%o0]
+
+	lduw	[%o1+4],%o4
+	lduw	[%o2+4],%o5
+	dec	%o3
+	subccc	%o4,%o5,%o5
+	brz,pt	%o3,.L_bn_sub_words_return
+	stuw	%o5,[%o0+4]
+
+	lduw	[%o1+8],%o4
+	lduw	[%o2+8],%o5
+	subccc	%o4,%o5,%o5
+	stuw	%o5,[%o0+8]
+	clr	%o0
+	retl
+	movcs	%icc,1,%o0
+
+.type	bn_sub_words,#function
+.size	bn_sub_words,(.-bn_sub_words)
+
+/*
+ * Code below depends on the fact that upper parts of the %l0-%l7
+ * and %i0-%i7 are zeroed by kernel after context switch. In
+ * previous versions this comment stated that "the trouble is that
+ * it's not feasible to implement the mumbo-jumbo in less V9
+ * instructions:-(" which apparently isn't true thanks to
+ * 'bcs,a %xcc,.+8; inc %rd' pair. But the performance improvement
+ * results not from the shorter code, but from elimination of
+ * multicycle none-pairable 'rd %y,%rd' instructions.
+ *
+ *							Andy.
+ */
+
+#define FRAME_SIZE	-96
+
+/*
+ * Here is register usage map for *all* routines below.
+ */
+#define t_1	%o0
+#define	t_2	%o1
+#define c_12	%o2
+#define c_3	%o3
+
+#define ap(I)	[%i1+4*I]
+#define bp(I)	[%i2+4*I]
+#define rp(I)	[%i0+4*I]
+
+#define	a_0	%l0
+#define	a_1	%l1
+#define	a_2	%l2
+#define	a_3	%l3
+#define	a_4	%l4
+#define	a_5	%l5
+#define	a_6	%l6
+#define	a_7	%l7
+
+#define	b_0	%i3
+#define	b_1	%i4
+#define	b_2	%i5
+#define	b_3	%o4
+#define	b_4	%o5
+#define	b_5	%o7
+#define	b_6	%g1
+#define	b_7	%g4
+
+.align	32
+.global bn_mul_comba8
+/*
+ * void bn_mul_comba8(r,a,b)
+ * BN_ULONG *r,*a,*b;
+ */
+bn_mul_comba8:
+	save	%sp,FRAME_SIZE,%sp
+	mov	1,t_2
+	lduw	ap(0),a_0
+	sllx	t_2,32,t_2
+	lduw	bp(0),b_0	!=
+	lduw	bp(1),b_1
+	mulx	a_0,b_0,t_1	!mul_add_c(a[0],b[0],c1,c2,c3);
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(0)	!=!r[0]=c1;
+
+	lduw	ap(1),a_1
+	mulx	a_0,b_1,t_1	!mul_add_c(a[0],b[1],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3		!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(2),a_2
+	mulx	a_1,b_0,t_1	!=!mul_add_c(a[1],b[0],c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12	!=
+	stuw	t_1,rp(1)	!r[1]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,b_0,t_1	!mul_add_c(a[2],b[0],c3,c1,c2);
+	addcc	c_12,t_1,c_12	!=
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	bp(2),b_2	!=
+	mulx	a_1,b_1,t_1	!mul_add_c(a[1],b[1],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	lduw	bp(3),b_3
+	mulx	a_0,b_2,t_1	!mul_add_c(a[0],b[2],c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(2)	!r[2]=c3;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_0,b_3,t_1	!mul_add_c(a[0],b[3],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_1,b_2,t_1	!=!mul_add_c(a[1],b[2],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	lduw	ap(3),a_3
+	mulx	a_2,b_1,t_1	!mul_add_c(a[2],b[1],c1,c2,c3);
+	addcc	c_12,t_1,c_12	!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(4),a_4
+	mulx	a_3,b_0,t_1	!=!mul_add_c(a[3],b[0],c1,c2,c3);!=
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12	!=
+	stuw	t_1,rp(3)	!r[3]=c1;
+	or	c_12,c_3,c_12
+
+	mulx	a_4,b_0,t_1	!mul_add_c(a[4],b[0],c2,c3,c1);
+	addcc	c_12,t_1,c_12	!=
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_3,b_1,t_1	!=!mul_add_c(a[3],b[1],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_2,b_2,t_1	!=!mul_add_c(a[2],b[2],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	bp(4),b_4	!=
+	mulx	a_1,b_3,t_1	!mul_add_c(a[1],b[3],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	lduw	bp(5),b_5
+	mulx	a_0,b_4,t_1	!mul_add_c(a[0],b[4],c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(4)	!r[4]=c2;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_0,b_5,t_1	!mul_add_c(a[0],b[5],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_1,b_4,t_1	!mul_add_c(a[1],b[4],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_2,b_3,t_1	!mul_add_c(a[2],b[3],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_3,b_2,t_1	!mul_add_c(a[3],b[2],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	lduw	ap(5),a_5
+	mulx	a_4,b_1,t_1	!mul_add_c(a[4],b[1],c3,c1,c2);
+	addcc	c_12,t_1,c_12	!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(6),a_6
+	mulx	a_5,b_0,t_1	!=!mul_add_c(a[5],b[0],c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12	!=
+	stuw	t_1,rp(5)	!r[5]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_6,b_0,t_1	!mul_add_c(a[6],b[0],c1,c2,c3);
+	addcc	c_12,t_1,c_12	!=
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_5,b_1,t_1	!=!mul_add_c(a[5],b[1],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_4,b_2,t_1	!=!mul_add_c(a[4],b[2],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_3,b_3,t_1	!=!mul_add_c(a[3],b[3],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_2,b_4,t_1	!=!mul_add_c(a[2],b[4],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	bp(6),b_6	!=
+	mulx	a_1,b_5,t_1	!mul_add_c(a[1],b[5],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	lduw	bp(7),b_7
+	mulx	a_0,b_6,t_1	!mul_add_c(a[0],b[6],c1,c2,c3);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(6)	!r[6]=c1;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_0,b_7,t_1	!mul_add_c(a[0],b[7],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_1,b_6,t_1	!mul_add_c(a[1],b[6],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_2,b_5,t_1	!mul_add_c(a[2],b[5],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_3,b_4,t_1	!mul_add_c(a[3],b[4],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_4,b_3,t_1	!mul_add_c(a[4],b[3],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_5,b_2,t_1	!mul_add_c(a[5],b[2],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	lduw	ap(7),a_7
+	mulx	a_6,b_1,t_1	!=!mul_add_c(a[6],b[1],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_7,b_0,t_1	!=!mul_add_c(a[7],b[0],c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12	!=
+	stuw	t_1,rp(7)	!r[7]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_7,b_1,t_1	!=!mul_add_c(a[7],b[1],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	mulx	a_6,b_2,t_1	!mul_add_c(a[6],b[2],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	mulx	a_5,b_3,t_1	!mul_add_c(a[5],b[3],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	mulx	a_4,b_4,t_1	!mul_add_c(a[4],b[4],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	mulx	a_3,b_5,t_1	!mul_add_c(a[3],b[5],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	mulx	a_2,b_6,t_1	!mul_add_c(a[2],b[6],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	mulx	a_1,b_7,t_1	!mul_add_c(a[1],b[7],c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(8)	!r[8]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,b_7,t_1	!=!mul_add_c(a[2],b[7],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	mulx	a_3,b_6,t_1	!mul_add_c(a[3],b[6],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_4,b_5,t_1	!mul_add_c(a[4],b[5],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_5,b_4,t_1	!mul_add_c(a[5],b[4],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_6,b_3,t_1	!mul_add_c(a[6],b[3],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_7,b_2,t_1	!mul_add_c(a[7],b[2],c1,c2,c3);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(9)	!r[9]=c1;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_7,b_3,t_1	!mul_add_c(a[7],b[3],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_6,b_4,t_1	!mul_add_c(a[6],b[4],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_5,b_5,t_1	!mul_add_c(a[5],b[5],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_4,b_6,t_1	!mul_add_c(a[4],b[6],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_3,b_7,t_1	!mul_add_c(a[3],b[7],c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(10)	!r[10]=c2;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_4,b_7,t_1	!mul_add_c(a[4],b[7],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_5,b_6,t_1	!mul_add_c(a[5],b[6],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_6,b_5,t_1	!mul_add_c(a[6],b[5],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_7,b_4,t_1	!mul_add_c(a[7],b[4],c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(11)	!r[11]=c3;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_7,b_5,t_1	!mul_add_c(a[7],b[5],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_6,b_6,t_1	!mul_add_c(a[6],b[6],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_5,b_7,t_1	!mul_add_c(a[5],b[7],c1,c2,c3);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(12)	!r[12]=c1;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_6,b_7,t_1	!mul_add_c(a[6],b[7],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_7,b_6,t_1	!mul_add_c(a[7],b[6],c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	st	t_1,rp(13)	!r[13]=c2;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_7,b_7,t_1	!mul_add_c(a[7],b[7],c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	srlx	t_1,32,c_12	!=
+	stuw	t_1,rp(14)	!r[14]=c3;
+	stuw	c_12,rp(15)	!r[15]=c1;
+
+	ret
+	restore	%g0,%g0,%o0	!=
+
+.type	bn_mul_comba8,#function
+.size	bn_mul_comba8,(.-bn_mul_comba8)
+
+.align	32
+
+.global bn_mul_comba4
+/*
+ * void bn_mul_comba4(r,a,b)
+ * BN_ULONG *r,*a,*b;
+ */
+bn_mul_comba4:
+	save	%sp,FRAME_SIZE,%sp
+	lduw	ap(0),a_0
+	mov	1,t_2
+	lduw	bp(0),b_0
+	sllx	t_2,32,t_2	!=
+	lduw	bp(1),b_1
+	mulx	a_0,b_0,t_1	!mul_add_c(a[0],b[0],c1,c2,c3);
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(0)	!=!r[0]=c1;
+
+	lduw	ap(1),a_1
+	mulx	a_0,b_1,t_1	!mul_add_c(a[0],b[1],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3		!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(2),a_2
+	mulx	a_1,b_0,t_1	!=!mul_add_c(a[1],b[0],c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12	!=
+	stuw	t_1,rp(1)	!r[1]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,b_0,t_1	!mul_add_c(a[2],b[0],c3,c1,c2);
+	addcc	c_12,t_1,c_12	!=
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	bp(2),b_2	!=
+	mulx	a_1,b_1,t_1	!mul_add_c(a[1],b[1],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	lduw	bp(3),b_3
+	mulx	a_0,b_2,t_1	!mul_add_c(a[0],b[2],c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(2)	!r[2]=c3;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_0,b_3,t_1	!mul_add_c(a[0],b[3],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_1,b_2,t_1	!mul_add_c(a[1],b[2],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	lduw	ap(3),a_3
+	mulx	a_2,b_1,t_1	!mul_add_c(a[2],b[1],c1,c2,c3);
+	addcc	c_12,t_1,c_12	!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_3,b_0,t_1	!mul_add_c(a[3],b[0],c1,c2,c3);!=
+	addcc	c_12,t_1,t_1	!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(3)	!=!r[3]=c1;
+	or	c_12,c_3,c_12
+
+	mulx	a_3,b_1,t_1	!mul_add_c(a[3],b[1],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3		!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_2,b_2,t_1	!mul_add_c(a[2],b[2],c2,c3,c1);
+	addcc	c_12,t_1,c_12	!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_1,b_3,t_1	!mul_add_c(a[1],b[3],c2,c3,c1);
+	addcc	c_12,t_1,t_1	!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(4)	!=!r[4]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,b_3,t_1	!mul_add_c(a[2],b[3],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3		!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_3,b_2,t_1	!mul_add_c(a[3],b[2],c3,c1,c2);
+	addcc	c_12,t_1,t_1	!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(5)	!=!r[5]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_3,b_3,t_1	!mul_add_c(a[3],b[3],c1,c2,c3);
+	addcc	c_12,t_1,t_1
+	srlx	t_1,32,c_12	!=
+	stuw	t_1,rp(6)	!r[6]=c1;
+	stuw	c_12,rp(7)	!r[7]=c2;
+	
+	ret
+	restore	%g0,%g0,%o0
+
+.type	bn_mul_comba4,#function
+.size	bn_mul_comba4,(.-bn_mul_comba4)
+
+.align	32
+
+.global bn_sqr_comba8
+bn_sqr_comba8:
+	save	%sp,FRAME_SIZE,%sp
+	mov	1,t_2
+	lduw	ap(0),a_0
+	sllx	t_2,32,t_2
+	lduw	ap(1),a_1
+	mulx	a_0,a_0,t_1	!sqr_add_c(a,0,c1,c2,c3);
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(0)	!r[0]=c1;
+
+	lduw	ap(2),a_2
+	mulx	a_0,a_1,t_1	!=!sqr_add_c2(a,1,0,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(1)	!r[1]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,a_0,t_1	!sqr_add_c2(a,2,0,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(3),a_3
+	mulx	a_1,a_1,t_1	!sqr_add_c(a,1,c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(2)	!r[2]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_0,a_3,t_1	!sqr_add_c2(a,3,0,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(4),a_4
+	mulx	a_1,a_2,t_1	!sqr_add_c2(a,2,1,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	st	t_1,rp(3)	!r[3]=c1;
+	or	c_12,c_3,c_12
+
+	mulx	a_4,a_0,t_1	!sqr_add_c2(a,4,0,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_3,a_1,t_1	!sqr_add_c2(a,3,1,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(5),a_5
+	mulx	a_2,a_2,t_1	!sqr_add_c(a,2,c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(4)	!r[4]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_0,a_5,t_1	!sqr_add_c2(a,5,0,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_1,a_4,t_1	!sqr_add_c2(a,4,1,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(6),a_6
+	mulx	a_2,a_3,t_1	!sqr_add_c2(a,3,2,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(5)	!r[5]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_6,a_0,t_1	!sqr_add_c2(a,6,0,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_5,a_1,t_1	!sqr_add_c2(a,5,1,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_4,a_2,t_1	!sqr_add_c2(a,4,2,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(7),a_7
+	mulx	a_3,a_3,t_1	!=!sqr_add_c(a,3,c1,c2,c3);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(6)	!r[6]=c1;
+	or	c_12,c_3,c_12
+
+	mulx	a_0,a_7,t_1	!sqr_add_c2(a,7,0,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_1,a_6,t_1	!sqr_add_c2(a,6,1,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_2,a_5,t_1	!sqr_add_c2(a,5,2,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_3,a_4,t_1	!sqr_add_c2(a,4,3,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(7)	!r[7]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_7,a_1,t_1	!sqr_add_c2(a,7,1,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_6,a_2,t_1	!sqr_add_c2(a,6,2,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_5,a_3,t_1	!sqr_add_c2(a,5,3,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_4,a_4,t_1	!sqr_add_c(a,4,c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(8)	!r[8]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,a_7,t_1	!sqr_add_c2(a,7,2,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_3,a_6,t_1	!sqr_add_c2(a,6,3,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_4,a_5,t_1	!sqr_add_c2(a,5,4,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(9)	!r[9]=c1;
+	or	c_12,c_3,c_12
+
+	mulx	a_7,a_3,t_1	!sqr_add_c2(a,7,3,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_6,a_4,t_1	!sqr_add_c2(a,6,4,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_5,a_5,t_1	!sqr_add_c(a,5,c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(10)	!r[10]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_4,a_7,t_1	!sqr_add_c2(a,7,4,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_5,a_6,t_1	!sqr_add_c2(a,6,5,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(11)	!r[11]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_7,a_5,t_1	!sqr_add_c2(a,7,5,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_6,a_6,t_1	!sqr_add_c(a,6,c1,c2,c3);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(12)	!r[12]=c1;
+	or	c_12,c_3,c_12
+
+	mulx	a_6,a_7,t_1	!sqr_add_c2(a,7,6,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(13)	!r[13]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_7,a_7,t_1	!sqr_add_c(a,7,c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(14)	!r[14]=c3;
+	stuw	c_12,rp(15)	!r[15]=c1;
+
+	ret
+	restore	%g0,%g0,%o0
+
+.type	bn_sqr_comba8,#function
+.size	bn_sqr_comba8,(.-bn_sqr_comba8)
+
+.align	32
+
+.global bn_sqr_comba4
+/*
+ * void bn_sqr_comba4(r,a)
+ * BN_ULONG *r,*a;
+ */
+bn_sqr_comba4:
+	save	%sp,FRAME_SIZE,%sp
+	mov	1,t_2
+	lduw	ap(0),a_0
+	sllx	t_2,32,t_2
+	lduw	ap(1),a_1
+	mulx	a_0,a_0,t_1	!sqr_add_c(a,0,c1,c2,c3);
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(0)	!r[0]=c1;
+
+	lduw	ap(2),a_2
+	mulx	a_0,a_1,t_1	!sqr_add_c2(a,1,0,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(1)	!r[1]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,a_0,t_1	!sqr_add_c2(a,2,0,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(3),a_3
+	mulx	a_1,a_1,t_1	!sqr_add_c(a,1,c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(2)	!r[2]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_0,a_3,t_1	!sqr_add_c2(a,3,0,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_1,a_2,t_1	!sqr_add_c2(a,2,1,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(3)	!r[3]=c1;
+	or	c_12,c_3,c_12
+
+	mulx	a_3,a_1,t_1	!sqr_add_c2(a,3,1,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_2,a_2,t_1	!sqr_add_c(a,2,c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(4)	!r[4]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,a_3,t_1	!sqr_add_c2(a,3,2,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(5)	!r[5]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_3,a_3,t_1	!sqr_add_c(a,3,c1,c2,c3);
+	addcc	c_12,t_1,t_1
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(6)	!r[6]=c1;
+	stuw	c_12,rp(7)	!r[7]=c2;
+	
+	ret
+	restore	%g0,%g0,%o0
+
+.type	bn_sqr_comba4,#function
+.size	bn_sqr_comba4,(.-bn_sqr_comba4)
+
+.align	32
diff --git a/lib/libssl/src/crypto/bn/asm/vms.mar b/lib/libssl/src/crypto/bn/asm/vms.mar
new file mode 100644
index 00000000000..ac9d57d7b0d
--- /dev/null
+++ b/lib/libssl/src/crypto/bn/asm/vms.mar
@@ -0,0 +1,6695 @@
+	.title	vax_bn_mul_add_word  unsigned multiply & add, 32*32+32+32=>64
+;
+; w.j.m. 15-jan-1999
+;
+; it's magic ...
+;
+; ULONG bn_mul_add_words(ULONG r[],ULONG a[],int n,ULONG w) {
+;	ULONG c = 0;
+;	int i;
+;	for(i = 0; i < n; i++) <c,r[i]> := r[i] + c + a[i] * w ;
+;	return c;
+; }
+
+r=4 ;(AP)
+a=8 ;(AP)
+n=12 ;(AP)	n	by value (input)
+w=16 ;(AP)	w	by value (input)
+
+
+	.psect	code,nowrt
+
+.entry	bn_mul_add_words,^m<r2,r3,r4,r5,r6>
+
+	moval	@r(ap),r2
+	moval	@a(ap),r3
+	movl	n(ap),r4	; assumed >0 by C code
+	movl	w(ap),r5
+	clrl	r6		; c
+
+0$:
+	emul	r5,(r3),(r2),r0		; w, a[], r[] considered signed
+
+	; fixup for "negative" r[]
+	tstl	(r2)
+	bgeq	10$
+	incl	r1
+10$:
+
+	; add in c
+	addl2	r6,r0
+	adwc	#0,r1
+
+	; combined fixup for "negative" w, a[]
+	tstl	r5
+	bgeq	20$
+	addl2	(r3),r1
+20$:
+	tstl	(r3)
+	bgeq	30$
+	addl2	r5,r1
+30$:
+
+	movl	r0,(r2)+		; store lo result in r[] & advance
+	addl	#4,r3			; advance a[]
+	movl	r1,r6			; store hi result => c
+
+	sobgtr	r4,0$
+
+	movl	r6,r0			; return c
+	ret
+
+	.title	vax_bn_mul_word  unsigned multiply & add, 32*32+32=>64
+;
+; w.j.m. 15-jan-1999
+;
+; it's magic ...
+;
+; ULONG bn_mul_words(ULONG r[],ULONG a[],int n,ULONG w) {
+;	ULONG c = 0;
+;	int i;
+;	for(i = 0; i < num; i++) <c,r[i]> := a[i] * w + c ;
+;	return(c);
+; }
+
+r=4 ;(AP)
+a=8 ;(AP)
+n=12 ;(AP)	n	by value (input)
+w=16 ;(AP)	w	by value (input)
+
+
+	.psect	code,nowrt
+
+.entry	bn_mul_words,^m<r2,r3,r4,r5,r6>
+
+	moval	@r(ap),r2	; r2 -> r[]
+	moval	@a(ap),r3	; r3 -> a[]
+	movl	n(ap),r4	; r4 = loop count (assumed >0 by C code)
+	movl	w(ap),r5	; r5 = w
+	clrl	r6		; r6 = c
+
+0$:
+	; <r1,r0> := w * a[] + c
+	emul	r5,(r3),r6,r0		; w, a[], c considered signed
+
+	; fixup for "negative" c
+	tstl	r6			; c
+	bgeq	10$
+	incl	r1
+10$:
+
+	; combined fixup for "negative" w, a[]
+	tstl	r5			; w
+	bgeq	20$
+	addl2	(r3),r1			; a[]
+20$:
+	tstl	(r3)			; a[]
+	bgeq	30$
+	addl2	r5,r1			; w
+30$:
+
+	movl	r0,(r2)+		; store lo result in r[] & advance
+	addl	#4,r3			; advance a[]
+	movl	r1,r6			; store hi result => c
+
+	sobgtr	r4,0$
+
+	movl	r6,r0			; return c
+	ret
+
+	.title	vax_bn_sqr_words  unsigned square, 32*32=>64
+;
+; w.j.m. 15-jan-1999
+;
+; it's magic ...
+;
+; void bn_sqr_words(ULONG r[],ULONG a[],int n) {
+;	int i;
+;	for(i = 0; i < n; i++) <r[2*i+1],r[2*i]> := a[i] * a[i] ;
+; }
+
+r=4 ;(AP)
+a=8 ;(AP)
+n=12 ;(AP)	n	by value (input)
+
+
+	.psect	code,nowrt
+
+.entry	bn_sqr_words,^m<r2,r3,r4,r5>
+
+	moval	@r(ap),r2	; r2 -> r[]
+	moval	@a(ap),r3	; r3 -> a[]
+	movl	n(ap),r4	; r4 = n (assumed >0 by C code)
+
+0$:
+	movl	(r3)+,r5		; r5 = a[] & advance
+
+	; <r1,r0> := a[] * a[]
+	emul	r5,r5,#0,r0		; a[] considered signed
+
+	; fixup for "negative" a[]
+	tstl	r5			; a[]
+	bgeq	30$
+	addl2	r5,r1			; a[]
+	addl2	r5,r1			; a[]
+30$:
+
+	movl	r0,(r2)+		; store lo result in r[] & advance
+	movl	r1,(r2)+		; store hi result in r[] & advance
+
+	sobgtr	r4,0$
+
+	movl	#1,r0			; return SS$_NORMAL
+	ret
+
+	.title	(generated)
+
+	.psect	code,nowrt
+
+.entry	BN_DIV_WORDS,^m<r2,r3,r4,r5,r6,r7,r8,r9,r10>
+	subl2	#4,sp
+
+	clrl	r9
+	movl	#2,r8
+
+	tstl	12(ap)
+	bneq	noname.2
+	mnegl	#1,r10
+	brw	noname.3
+	tstl	r0
+	nop	
+noname.2:
+
+	pushl	12(ap)
+	calls	#1,BN_NUM_BITS_WORD
+	movl	r0,r7
+
+	cmpl	r7,#32
+	beql	noname.4
+	ashl	r7,#1,r2
+	cmpl	4(ap),r2
+	blequ	noname.4
+
+	pushl	r7
+	calls	#1,BN_DIV_WORDS_ABORT
+noname.4:
+
+	subl3	r7,#32,r7
+
+	movl	12(ap),r2
+	cmpl	4(ap),r2
+	blssu	noname.5
+	subl2	r2,4(ap)
+noname.5:
+
+	tstl	r7
+	beql	noname.6
+
+	ashl	r7,r2,12(ap)
+
+	ashl	r7,4(ap),r4
+	subl3	r7,#32,r3
+	subl3	r3,#32,r2
+	extzv	r3,r2,8(ap),r2
+	bisl3	r4,r2,4(ap)
+
+	ashl	r7,8(ap),8(ap)
+noname.6:
+
+	bicl3	#65535,12(ap),r2
+	extzv	#16,#16,r2,r5
+
+	bicl3	#-65536,12(ap),r6
+
+noname.7:
+
+	moval	4(ap),r2
+	movzwl	2(r2),r0
+	cmpl	r0,r5
+	bneq	noname.8
+
+	movzwl	#65535,r4
+	brb	noname.9
+noname.8:
+
+	clrl	r1
+	movl	(r2),r0
+	movl	r5,r2
+	bgeq	vcg.1
+	cmpl	r2,r0
+	bgtru	vcg.2
+	incl	r1
+	brb	vcg.2
+	nop	
+vcg.1:
+	ediv	r2,r0,r1,r0
+vcg.2:
+	movl	r1,r4
+noname.9:
+
+noname.10:
+
+	mull3	r5,r4,r0
+	subl3	r0,4(ap),r3
+
+	bicl3	#65535,r3,r0
+	bneq	noname.13
+	mull3	r6,r4,r2
+	ashl	#16,r3,r1
+	bicl3	#65535,8(ap),r0
+	extzv	#16,#16,r0,r0
+	addl2	r0,r1
+	cmpl	r2,r1
+	bgtru	noname.12
+noname.11:
+
+	brb	noname.13
+	nop	
+noname.12:
+
+	decl	r4
+	brb	noname.10
+noname.13:
+
+	mull3	r5,r4,r1
+
+	mull3	r6,r4,r0
+
+	extzv	#16,#16,r0,r3
+
+	ashl	#16,r0,r2
+	bicl3	#65535,r2,r0
+
+	addl2	r3,r1
+
+	moval	8(ap),r3
+	cmpl	(r3),r0
+	bgequ	noname.15
+	incl	r1
+noname.15:
+
+	subl2	r0,(r3)
+
+	cmpl	4(ap),r1
+	bgequ	noname.16
+
+	addl2	12(ap),4(ap)
+
+	decl	r4
+noname.16:
+
+	subl2	r1,4(ap)
+
+	decl	r8
+	beql	noname.18
+noname.17:
+
+	ashl	#16,r4,r9
+
+	ashl	#16,4(ap),r2
+	movzwl	2(r3),r0
+	bisl2	r0,r2
+	bicl3	#0,r2,4(ap)
+
+	bicl3	#-65536,(r3),r0
+	ashl	#16,r0,(r3)
+	brw	noname.7
+	nop	
+noname.18:
+
+	bisl2	r4,r9
+
+	movl	r9,r10
+
+noname.3:
+	movl	r10,r0
+	ret	
+	tstl	r0
+
+
+	.psect	code,nowrt
+
+.entry	BN_ADD_WORDS,^m<r2,r3,r4,r5,r6,r7>
+
+	tstl	16(ap)
+	bgtr	noname.21
+	clrl	r7
+	brw	noname.22
+noname.21:
+
+	clrl	r4
+
+	tstl	r0
+noname.23:
+
+	movl	8(ap),r6
+	addl3	r4,(r6),r2
+
+	bicl2	#0,r2
+
+	clrl	r0
+	cmpl	r2,r4
+	bgequ	vcg.3
+	incl	r0
+vcg.3:
+	movl	r0,r4
+
+	movl	12(ap),r5
+	addl3	(r5),r2,r1
+	bicl2	#0,r1
+
+	clrl	r0
+	cmpl	r1,r2
+	bgequ	vcg.4
+	incl	r0
+vcg.4:
+	addl2	r0,r4
+
+	movl	4(ap),r3
+	movl	r1,(r3)
+
+	decl	16(ap)
+	bgtr	gen.1
+	brw	noname.25
+gen.1:
+noname.24:
+
+	addl3	r4,4(r6),r2
+
+	bicl2	#0,r2
+
+	clrl	r0
+	cmpl	r2,r4
+	bgequ	vcg.5
+	incl	r0
+vcg.5:
+	movl	r0,r4
+
+	addl3	4(r5),r2,r1
+	bicl2	#0,r1
+
+	clrl	r0
+	cmpl	r1,r2
+	bgequ	vcg.6
+	incl	r0
+vcg.6:
+	addl2	r0,r4
+
+	movl	r1,4(r3)
+
+	decl	16(ap)
+	bleq	noname.25
+noname.26:
+
+	addl3	r4,8(r6),r2
+
+	bicl2	#0,r2
+
+	clrl	r0
+	cmpl	r2,r4
+	bgequ	vcg.7
+	incl	r0
+vcg.7:
+	movl	r0,r4
+
+	addl3	8(r5),r2,r1
+	bicl2	#0,r1
+
+	clrl	r0
+	cmpl	r1,r2
+	bgequ	vcg.8
+	incl	r0
+vcg.8:
+	addl2	r0,r4
+
+	movl	r1,8(r3)
+
+	decl	16(ap)
+	bleq	noname.25
+noname.27:
+
+	addl3	r4,12(r6),r2
+
+	bicl2	#0,r2
+
+	clrl	r0
+	cmpl	r2,r4
+	bgequ	vcg.9
+	incl	r0
+vcg.9:
+	movl	r0,r4
+
+	addl3	12(r5),r2,r1
+	bicl2	#0,r1
+
+	clrl	r0
+	cmpl	r1,r2
+	bgequ	vcg.10
+	incl	r0
+vcg.10:
+	addl2	r0,r4
+
+	movl	r1,12(r3)
+
+	decl	16(ap)
+	bleq	noname.25
+noname.28:
+
+	addl3	#16,r6,8(ap)
+
+	addl3	#16,r5,12(ap)
+
+	addl3	#16,r3,4(ap)
+	brw	noname.23
+	tstl	r0
+noname.25:
+
+	movl	r4,r7
+
+noname.22:
+	movl	r7,r0
+	ret	
+	nop	
+
+
+
+;r=4 ;(AP)
+;a=8 ;(AP)
+;b=12 ;(AP)
+;n=16 ;(AP)	n	by value (input)
+
+	.psect	code,nowrt
+
+.entry	BN_SUB_WORDS,^m<r2,r3,r4,r5,r6,r7>
+
+	clrl	r6
+
+	tstl	16(ap)
+	bgtr	noname.31
+	clrl	r7
+	brw	noname.32
+	tstl	r0
+noname.31:
+
+noname.33:
+
+	movl	8(ap),r5
+	movl	(r5),r1
+	movl	12(ap),r4
+	movl	(r4),r2
+
+	movl	4(ap),r3
+	subl3	r2,r1,r0
+	subl2	r6,r0
+	bicl3	#0,r0,(r3)
+
+	cmpl	r1,r2
+	beql	noname.34
+	clrl	r0
+	cmpl	r1,r2
+	bgequ	vcg.11
+	incl	r0
+vcg.11:
+	movl	r0,r6
+noname.34:
+
+	decl	16(ap)
+	bgtr	gen.2
+	brw	noname.36
+gen.2:
+noname.35:
+
+	movl	4(r5),r2
+	movl	4(r4),r1
+
+	subl3	r1,r2,r0
+	subl2	r6,r0
+	bicl3	#0,r0,4(r3)
+
+	cmpl	r2,r1
+	beql	noname.37
+	clrl	r0
+	cmpl	r2,r1
+	bgequ	vcg.12
+	incl	r0
+vcg.12:
+	movl	r0,r6
+noname.37:
+
+	decl	16(ap)
+	bleq	noname.36
+noname.38:
+
+	movl	8(r5),r1
+	movl	8(r4),r2
+
+	subl3	r2,r1,r0
+	subl2	r6,r0
+	bicl3	#0,r0,8(r3)
+
+	cmpl	r1,r2
+	beql	noname.39
+	clrl	r0
+	cmpl	r1,r2
+	bgequ	vcg.13
+	incl	r0
+vcg.13:
+	movl	r0,r6
+noname.39:
+
+	decl	16(ap)
+	bleq	noname.36
+noname.40:
+
+	movl	12(r5),r1
+	movl	12(r4),r2
+
+	subl3	r2,r1,r0
+	subl2	r6,r0
+	bicl3	#0,r0,12(r3)
+
+	cmpl	r1,r2
+	beql	noname.41
+	clrl	r0
+	cmpl	r1,r2
+	bgequ	vcg.14
+	incl	r0
+vcg.14:
+	movl	r0,r6
+noname.41:
+
+	decl	16(ap)
+	bleq	noname.36
+noname.42:
+
+	addl3	#16,r5,8(ap)
+
+	addl3	#16,r4,12(ap)
+
+	addl3	#16,r3,4(ap)
+	brw	noname.33
+	tstl	r0
+noname.36:
+
+	movl	r6,r7
+
+noname.32:
+	movl	r7,r0
+	ret	
+	nop	
+
+
+
+;r=4 ;(AP)
+;a=8 ;(AP)
+;b=12 ;(AP)
+;n=16 ;(AP)	n	by value (input)
+
+	.psect	code,nowrt
+
+.entry	BN_MUL_COMBA8,^m<r2,r3,r4,r5,r6,r7,r8,r9,r10,r11>
+	movab	-924(sp),sp
+	clrq	r8
+
+	clrl	r10
+
+	movl	8(ap),r6
+	movzwl	2(r6),r3
+	movl	12(ap),r7
+	bicl3	#-65536,(r7),r2
+	movzwl	2(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,(r6),-12(fp)
+	bicl3	#-65536,r3,-16(fp)
+	mull3	r0,-12(fp),-4(fp)
+	mull2	r2,-12(fp)
+	mull3	r2,-16(fp),-8(fp)
+	mull2	r0,-16(fp)
+	addl3	-4(fp),-8(fp),r0
+	bicl3	#0,r0,-4(fp)
+	cmpl	-4(fp),-8(fp)
+	bgequ	noname.45
+	addl2	#65536,-16(fp)
+noname.45:
+	movzwl	-2(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-16(fp)
+	bicl3	#-65536,-4(fp),r0
+	ashl	#16,r0,-8(fp)
+	addl3	-8(fp),-12(fp),r0
+	bicl3	#0,r0,-12(fp)
+	cmpl	-12(fp),-8(fp)
+	bgequ	noname.46
+	incl	-16(fp)
+noname.46:
+	movl	-12(fp),r1
+	movl	-16(fp),r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.47
+	incl	r2
+noname.47:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.48
+	incl	r10
+noname.48:
+
+	movl	4(ap),r11
+	movl	r9,(r11)
+
+	clrl	r9
+
+	movzwl	2(r6),r2
+	bicl3	#-65536,4(r7),r3
+	movzwl	6(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,(r6),-28(fp)
+	bicl3	#-65536,r2,-32(fp)
+	mull3	r0,-28(fp),-20(fp)
+	mull2	r3,-28(fp)
+	mull3	r3,-32(fp),-24(fp)
+	mull2	r0,-32(fp)
+	addl3	-20(fp),-24(fp),r0
+	bicl3	#0,r0,-20(fp)
+	cmpl	-20(fp),-24(fp)
+	bgequ	noname.49
+	addl2	#65536,-32(fp)
+noname.49:
+	movzwl	-18(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-32(fp)
+	bicl3	#-65536,-20(fp),r0
+	ashl	#16,r0,-24(fp)
+	addl3	-24(fp),-28(fp),r0
+	bicl3	#0,r0,-28(fp)
+	cmpl	-28(fp),-24(fp)
+	bgequ	noname.50
+	incl	-32(fp)
+noname.50:
+	movl	-28(fp),r1
+	movl	-32(fp),r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.51
+	incl	r2
+noname.51:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.52
+	incl	r9
+noname.52:
+
+	movzwl	6(r6),r2
+	bicl3	#-65536,(r7),r3
+	movzwl	2(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,4(r6),-44(fp)
+	bicl3	#-65536,r2,-48(fp)
+	mull3	r0,-44(fp),-36(fp)
+	mull2	r3,-44(fp)
+	mull3	r3,-48(fp),-40(fp)
+	mull2	r0,-48(fp)
+	addl3	-36(fp),-40(fp),r0
+	bicl3	#0,r0,-36(fp)
+	cmpl	-36(fp),-40(fp)
+	bgequ	noname.53
+	addl2	#65536,-48(fp)
+noname.53:
+	movzwl	-34(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-48(fp)
+	bicl3	#-65536,-36(fp),r0
+	ashl	#16,r0,-40(fp)
+	addl3	-40(fp),-44(fp),r0
+	bicl3	#0,r0,-44(fp)
+	cmpl	-44(fp),-40(fp)
+	bgequ	noname.54
+	incl	-48(fp)
+noname.54:
+	movl	-44(fp),r1
+	movl	-48(fp),r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.55
+	incl	r2
+noname.55:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.56
+	incl	r9
+noname.56:
+
+	movl	r8,4(r11)
+
+	clrl	r8
+
+	movzwl	10(r6),r2
+	bicl3	#-65536,(r7),r3
+	movzwl	2(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,8(r6),-60(fp)
+	bicl3	#-65536,r2,-64(fp)
+	mull3	r0,-60(fp),-52(fp)
+	mull2	r3,-60(fp)
+	mull3	r3,-64(fp),-56(fp)
+	mull2	r0,-64(fp)
+	addl3	-52(fp),-56(fp),r0
+	bicl3	#0,r0,-52(fp)
+	cmpl	-52(fp),-56(fp)
+	bgequ	noname.57
+	addl2	#65536,-64(fp)
+noname.57:
+	movzwl	-50(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-64(fp)
+	bicl3	#-65536,-52(fp),r0
+	ashl	#16,r0,-56(fp)
+	addl3	-56(fp),-60(fp),r0
+	bicl3	#0,r0,-60(fp)
+	cmpl	-60(fp),-56(fp)
+	bgequ	noname.58
+	incl	-64(fp)
+noname.58:
+	movl	-60(fp),r1
+	movl	-64(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.59
+	incl	r2
+noname.59:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.60
+	incl	r8
+noname.60:
+
+	movzwl	6(r6),r2
+	bicl3	#-65536,4(r7),r3
+	movzwl	6(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,4(r6),-76(fp)
+	bicl3	#-65536,r2,-80(fp)
+	mull3	r0,-76(fp),-68(fp)
+	mull2	r3,-76(fp)
+	mull3	r3,-80(fp),-72(fp)
+	mull2	r0,-80(fp)
+	addl3	-68(fp),-72(fp),r0
+	bicl3	#0,r0,-68(fp)
+	cmpl	-68(fp),-72(fp)
+	bgequ	noname.61
+	addl2	#65536,-80(fp)
+noname.61:
+	movzwl	-66(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-80(fp)
+	bicl3	#-65536,-68(fp),r0
+	ashl	#16,r0,-72(fp)
+	addl3	-72(fp),-76(fp),r0
+	bicl3	#0,r0,-76(fp)
+	cmpl	-76(fp),-72(fp)
+	bgequ	noname.62
+	incl	-80(fp)
+noname.62:
+	movl	-76(fp),r1
+	movl	-80(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.63
+	incl	r2
+noname.63:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.64
+	incl	r8
+noname.64:
+
+	movzwl	2(r6),r2
+	bicl3	#-65536,8(r7),r3
+	movzwl	10(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,(r6),-92(fp)
+	bicl3	#-65536,r2,-96(fp)
+	mull3	r0,-92(fp),-84(fp)
+	mull2	r3,-92(fp)
+	mull3	r3,-96(fp),-88(fp)
+	mull2	r0,-96(fp)
+	addl3	-84(fp),-88(fp),r0
+	bicl3	#0,r0,-84(fp)
+	cmpl	-84(fp),-88(fp)
+	bgequ	noname.65
+	addl2	#65536,-96(fp)
+noname.65:
+	movzwl	-82(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-96(fp)
+	bicl3	#-65536,-84(fp),r0
+	ashl	#16,r0,-88(fp)
+	addl3	-88(fp),-92(fp),r0
+	bicl3	#0,r0,-92(fp)
+	cmpl	-92(fp),-88(fp)
+	bgequ	noname.66
+	incl	-96(fp)
+noname.66:
+	movl	-92(fp),r1
+	movl	-96(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.67
+	incl	r2
+noname.67:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.68
+	incl	r8
+noname.68:
+
+	movl	r10,8(r11)
+
+	clrl	r10
+
+	movzwl	2(r6),r2
+	bicl3	#-65536,12(r7),r3
+	movzwl	14(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,(r6),-108(fp)
+	bicl3	#-65536,r2,-112(fp)
+	mull3	r0,-108(fp),-100(fp)
+	mull2	r3,-108(fp)
+	mull3	r3,-112(fp),-104(fp)
+	mull2	r0,-112(fp)
+	addl3	-100(fp),-104(fp),r0
+	bicl3	#0,r0,-100(fp)
+	cmpl	-100(fp),-104(fp)
+	bgequ	noname.69
+	addl2	#65536,-112(fp)
+noname.69:
+	movzwl	-98(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-112(fp)
+	bicl3	#-65536,-100(fp),r0
+	ashl	#16,r0,-104(fp)
+	addl3	-104(fp),-108(fp),r0
+	bicl3	#0,r0,-108(fp)
+	cmpl	-108(fp),-104(fp)
+	bgequ	noname.70
+	incl	-112(fp)
+noname.70:
+	movl	-108(fp),r1
+	movl	-112(fp),r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.71
+	incl	r2
+noname.71:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.72
+	incl	r10
+noname.72:
+
+	movzwl	6(r6),r2
+	bicl3	#-65536,8(r7),r3
+	movzwl	10(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,4(r6),-124(fp)
+	bicl3	#-65536,r2,-128(fp)
+	mull3	r0,-124(fp),-116(fp)
+	mull2	r3,-124(fp)
+	mull3	r3,-128(fp),-120(fp)
+	mull2	r0,-128(fp)
+	addl3	-116(fp),-120(fp),r0
+	bicl3	#0,r0,-116(fp)
+	cmpl	-116(fp),-120(fp)
+	bgequ	noname.73
+	addl2	#65536,-128(fp)
+noname.73:
+	movzwl	-114(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-128(fp)
+	bicl3	#-65536,-116(fp),r0
+	ashl	#16,r0,-120(fp)
+	addl3	-120(fp),-124(fp),r0
+	bicl3	#0,r0,-124(fp)
+	cmpl	-124(fp),-120(fp)
+	bgequ	noname.74
+	incl	-128(fp)
+noname.74:
+	movl	-124(fp),r1
+	movl	-128(fp),r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.75
+	incl	r2
+noname.75:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.76
+	incl	r10
+noname.76:
+
+	movzwl	10(r6),r2
+	bicl3	#-65536,4(r7),r3
+	movzwl	6(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,8(r6),-140(fp)
+	bicl3	#-65536,r2,-144(fp)
+	mull3	r0,-140(fp),-132(fp)
+	mull2	r3,-140(fp)
+	mull3	r3,-144(fp),-136(fp)
+	mull2	r0,-144(fp)
+	addl3	-132(fp),-136(fp),r0
+	bicl3	#0,r0,-132(fp)
+	cmpl	-132(fp),-136(fp)
+	bgequ	noname.77
+	addl2	#65536,-144(fp)
+noname.77:
+	movzwl	-130(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-144(fp)
+	bicl3	#-65536,-132(fp),r0
+	ashl	#16,r0,-136(fp)
+	addl3	-136(fp),-140(fp),r0
+	bicl3	#0,r0,-140(fp)
+	cmpl	-140(fp),-136(fp)
+	bgequ	noname.78
+	incl	-144(fp)
+noname.78:
+	movl	-140(fp),r1
+	movl	-144(fp),r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.79
+	incl	r2
+noname.79:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.80
+	incl	r10
+noname.80:
+
+	movzwl	14(r6),r2
+	bicl3	#-65536,(r7),r3
+	movzwl	2(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,12(r6),-156(fp)
+	bicl3	#-65536,r2,-160(fp)
+	mull3	r0,-156(fp),-148(fp)
+	mull2	r3,-156(fp)
+	mull3	r3,-160(fp),-152(fp)
+	mull2	r0,-160(fp)
+	addl3	-148(fp),-152(fp),r0
+	bicl3	#0,r0,-148(fp)
+	cmpl	-148(fp),-152(fp)
+	bgequ	noname.81
+	addl2	#65536,-160(fp)
+noname.81:
+	movzwl	-146(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-160(fp)
+	bicl3	#-65536,-148(fp),r0
+	ashl	#16,r0,-152(fp)
+	addl3	-152(fp),-156(fp),r0
+	bicl3	#0,r0,-156(fp)
+	cmpl	-156(fp),-152(fp)
+	bgequ	noname.82
+	incl	-160(fp)
+noname.82:
+	movl	-156(fp),r1
+	movl	-160(fp),r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.83
+	incl	r2
+noname.83:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.84
+	incl	r10
+noname.84:
+
+	movl	r9,12(r11)
+
+	clrl	r9
+
+	movzwl	18(r6),r2
+	bicl3	#-65536,(r7),r3
+	movzwl	2(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,16(r6),-172(fp)
+	bicl3	#-65536,r2,-176(fp)
+	mull3	r0,-172(fp),-164(fp)
+	mull2	r3,-172(fp)
+	mull3	r3,-176(fp),-168(fp)
+	mull2	r0,-176(fp)
+	addl3	-164(fp),-168(fp),r0
+	bicl3	#0,r0,-164(fp)
+	cmpl	-164(fp),-168(fp)
+	bgequ	noname.85
+	addl2	#65536,-176(fp)
+noname.85:
+	movzwl	-162(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-176(fp)
+	bicl3	#-65536,-164(fp),r0
+	ashl	#16,r0,-168(fp)
+	addl3	-168(fp),-172(fp),r0
+	bicl3	#0,r0,-172(fp)
+	cmpl	-172(fp),-168(fp)
+	bgequ	noname.86
+	incl	-176(fp)
+noname.86:
+	movl	-172(fp),r1
+	movl	-176(fp),r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.87
+	incl	r2
+noname.87:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.88
+	incl	r9
+noname.88:
+
+	movzwl	14(r6),r2
+	bicl3	#-65536,4(r7),r3
+	movzwl	6(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,12(r6),-188(fp)
+	bicl3	#-65536,r2,-192(fp)
+	mull3	r0,-188(fp),-180(fp)
+	mull2	r3,-188(fp)
+	mull3	r3,-192(fp),-184(fp)
+	mull2	r0,-192(fp)
+	addl3	-180(fp),-184(fp),r0
+	bicl3	#0,r0,-180(fp)
+	cmpl	-180(fp),-184(fp)
+	bgequ	noname.89
+	addl2	#65536,-192(fp)
+noname.89:
+	movzwl	-178(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-192(fp)
+	bicl3	#-65536,-180(fp),r0
+	ashl	#16,r0,-184(fp)
+	addl3	-184(fp),-188(fp),r0
+	bicl3	#0,r0,-188(fp)
+	cmpl	-188(fp),-184(fp)
+	bgequ	noname.90
+	incl	-192(fp)
+noname.90:
+	movl	-188(fp),r1
+	movl	-192(fp),r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.91
+	incl	r2
+noname.91:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.92
+	incl	r9
+noname.92:
+
+	movzwl	10(r6),r2
+	bicl3	#-65536,8(r7),r3
+	movzwl	10(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,8(r6),-204(fp)
+	bicl3	#-65536,r2,-208(fp)
+	mull3	r0,-204(fp),-196(fp)
+	mull2	r3,-204(fp)
+	mull3	r3,-208(fp),-200(fp)
+	mull2	r0,-208(fp)
+	addl3	-196(fp),-200(fp),r0
+	bicl3	#0,r0,-196(fp)
+	cmpl	-196(fp),-200(fp)
+	bgequ	noname.93
+	addl2	#65536,-208(fp)
+noname.93:
+	movzwl	-194(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-208(fp)
+	bicl3	#-65536,-196(fp),r0
+	ashl	#16,r0,-200(fp)
+	addl3	-200(fp),-204(fp),r0
+	bicl3	#0,r0,-204(fp)
+	cmpl	-204(fp),-200(fp)
+	bgequ	noname.94
+	incl	-208(fp)
+noname.94:
+	movl	-204(fp),r1
+	movl	-208(fp),r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.95
+	incl	r2
+noname.95:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.96
+	incl	r9
+noname.96:
+
+	movzwl	6(r6),r2
+	bicl3	#-65536,12(r7),r3
+	movzwl	14(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,4(r6),-220(fp)
+	bicl3	#-65536,r2,-224(fp)
+	mull3	r0,-220(fp),-212(fp)
+	mull2	r3,-220(fp)
+	mull3	r3,-224(fp),-216(fp)
+	mull2	r0,-224(fp)
+	addl3	-212(fp),-216(fp),r0
+	bicl3	#0,r0,-212(fp)
+	cmpl	-212(fp),-216(fp)
+	bgequ	noname.97
+	addl2	#65536,-224(fp)
+noname.97:
+	movzwl	-210(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-224(fp)
+	bicl3	#-65536,-212(fp),r0
+	ashl	#16,r0,-216(fp)
+	addl3	-216(fp),-220(fp),r0
+	bicl3	#0,r0,-220(fp)
+	cmpl	-220(fp),-216(fp)
+	bgequ	noname.98
+	incl	-224(fp)
+noname.98:
+	movl	-220(fp),r1
+	movl	-224(fp),r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.99
+	incl	r2
+noname.99:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.100
+	incl	r9
+noname.100:
+
+	movzwl	2(r6),r2
+	bicl3	#-65536,16(r7),r3
+	movzwl	18(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,(r6),-236(fp)
+	bicl3	#-65536,r2,-240(fp)
+	mull3	r0,-236(fp),-228(fp)
+	mull2	r3,-236(fp)
+	mull3	r3,-240(fp),-232(fp)
+	mull2	r0,-240(fp)
+	addl3	-228(fp),-232(fp),r0
+	bicl3	#0,r0,-228(fp)
+	cmpl	-228(fp),-232(fp)
+	bgequ	noname.101
+	addl2	#65536,-240(fp)
+noname.101:
+	movzwl	-226(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-240(fp)
+	bicl3	#-65536,-228(fp),r0
+	ashl	#16,r0,-232(fp)
+	addl3	-232(fp),-236(fp),r0
+	bicl3	#0,r0,-236(fp)
+	cmpl	-236(fp),-232(fp)
+	bgequ	noname.102
+	incl	-240(fp)
+noname.102:
+	movl	-236(fp),r1
+	movl	-240(fp),r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.103
+	incl	r2
+noname.103:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.104
+	incl	r9
+noname.104:
+
+	movl	r8,16(r11)
+
+	clrl	r8
+
+	movzwl	2(r6),r2
+	bicl3	#-65536,20(r7),r3
+	movzwl	22(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,(r6),-252(fp)
+	bicl3	#-65536,r2,-256(fp)
+	mull3	r0,-252(fp),-244(fp)
+	mull2	r3,-252(fp)
+	mull3	r3,-256(fp),-248(fp)
+	mull2	r0,-256(fp)
+	addl3	-244(fp),-248(fp),r0
+	bicl3	#0,r0,-244(fp)
+	cmpl	-244(fp),-248(fp)
+	bgequ	noname.105
+	addl2	#65536,-256(fp)
+noname.105:
+	movzwl	-242(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-256(fp)
+	bicl3	#-65536,-244(fp),r0
+	ashl	#16,r0,-248(fp)
+	addl3	-248(fp),-252(fp),r0
+	bicl3	#0,r0,-252(fp)
+	cmpl	-252(fp),-248(fp)
+	bgequ	noname.106
+	incl	-256(fp)
+noname.106:
+	movl	-252(fp),r1
+	movl	-256(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.107
+	incl	r2
+noname.107:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.108
+	incl	r8
+noname.108:
+
+	movzwl	6(r6),r2
+	bicl3	#-65536,16(r7),r3
+	movzwl	18(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,4(r6),-268(fp)
+	bicl3	#-65536,r2,-272(fp)
+	mull3	r0,-268(fp),-260(fp)
+	mull2	r3,-268(fp)
+	mull3	r3,-272(fp),-264(fp)
+	mull2	r0,-272(fp)
+	addl3	-260(fp),-264(fp),r0
+	bicl3	#0,r0,-260(fp)
+	cmpl	-260(fp),-264(fp)
+	bgequ	noname.109
+	addl2	#65536,-272(fp)
+noname.109:
+	movzwl	-258(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-272(fp)
+	bicl3	#-65536,-260(fp),r0
+	ashl	#16,r0,-264(fp)
+	addl3	-264(fp),-268(fp),r0
+	bicl3	#0,r0,-268(fp)
+	cmpl	-268(fp),-264(fp)
+	bgequ	noname.110
+	incl	-272(fp)
+noname.110:
+	movl	-268(fp),r1
+	movl	-272(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.111
+	incl	r2
+noname.111:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.112
+	incl	r8
+noname.112:
+
+	movzwl	10(r6),r2
+	bicl3	#-65536,12(r7),r3
+	movzwl	14(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,8(r6),-284(fp)
+	bicl3	#-65536,r2,-288(fp)
+	mull3	r0,-284(fp),-276(fp)
+	mull2	r3,-284(fp)
+	mull3	r3,-288(fp),-280(fp)
+	mull2	r0,-288(fp)
+	addl3	-276(fp),-280(fp),r0
+	bicl3	#0,r0,-276(fp)
+	cmpl	-276(fp),-280(fp)
+	bgequ	noname.113
+	addl2	#65536,-288(fp)
+noname.113:
+	movzwl	-274(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-288(fp)
+	bicl3	#-65536,-276(fp),r0
+	ashl	#16,r0,-280(fp)
+	addl3	-280(fp),-284(fp),r0
+	bicl3	#0,r0,-284(fp)
+	cmpl	-284(fp),-280(fp)
+	bgequ	noname.114
+	incl	-288(fp)
+noname.114:
+	movl	-284(fp),r1
+	movl	-288(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.115
+	incl	r2
+noname.115:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.116
+	incl	r8
+noname.116:
+
+	movzwl	14(r6),r2
+	bicl3	#-65536,8(r7),r3
+	movzwl	10(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,12(r6),-300(fp)
+	bicl3	#-65536,r2,-304(fp)
+	mull3	r0,-300(fp),-292(fp)
+	mull2	r3,-300(fp)
+	mull3	r3,-304(fp),-296(fp)
+	mull2	r0,-304(fp)
+	addl3	-292(fp),-296(fp),r0
+	bicl3	#0,r0,-292(fp)
+	cmpl	-292(fp),-296(fp)
+	bgequ	noname.117
+	addl2	#65536,-304(fp)
+noname.117:
+	movzwl	-290(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-304(fp)
+	bicl3	#-65536,-292(fp),r0
+	ashl	#16,r0,-296(fp)
+	addl3	-296(fp),-300(fp),r0
+	bicl3	#0,r0,-300(fp)
+	cmpl	-300(fp),-296(fp)
+	bgequ	noname.118
+	incl	-304(fp)
+noname.118:
+	movl	-300(fp),r1
+	movl	-304(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.119
+	incl	r2
+noname.119:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.120
+	incl	r8
+noname.120:
+
+	movzwl	18(r6),r2
+	bicl3	#-65536,4(r7),r3
+	movzwl	6(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,16(r6),-316(fp)
+	bicl3	#-65536,r2,-320(fp)
+	mull3	r0,-316(fp),-308(fp)
+	mull2	r3,-316(fp)
+	mull3	r3,-320(fp),-312(fp)
+	mull2	r0,-320(fp)
+	addl3	-308(fp),-312(fp),r0
+	bicl3	#0,r0,-308(fp)
+	cmpl	-308(fp),-312(fp)
+	bgequ	noname.121
+	addl2	#65536,-320(fp)
+noname.121:
+	movzwl	-306(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-320(fp)
+	bicl3	#-65536,-308(fp),r0
+	ashl	#16,r0,-312(fp)
+	addl3	-312(fp),-316(fp),r0
+	bicl3	#0,r0,-316(fp)
+	cmpl	-316(fp),-312(fp)
+	bgequ	noname.122
+	incl	-320(fp)
+noname.122:
+	movl	-316(fp),r1
+	movl	-320(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.123
+	incl	r2
+
+noname.123:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.124
+	incl	r8
+noname.124:
+
+	movzwl	22(r6),r2
+	bicl3	#-65536,(r7),r3
+	movzwl	2(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,20(r6),-332(fp)
+	bicl3	#-65536,r2,-336(fp)
+	mull3	r0,-332(fp),-324(fp)
+	mull2	r3,-332(fp)
+	mull3	r3,-336(fp),-328(fp)
+	mull2	r0,-336(fp)
+	addl3	-324(fp),-328(fp),r0
+	bicl3	#0,r0,-324(fp)
+	cmpl	-324(fp),-328(fp)
+	bgequ	noname.125
+	addl2	#65536,-336(fp)
+noname.125:
+	movzwl	-322(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-336(fp)
+	bicl3	#-65536,-324(fp),r0
+	ashl	#16,r0,-328(fp)
+	addl3	-328(fp),-332(fp),r0
+	bicl3	#0,r0,-332(fp)
+	cmpl	-332(fp),-328(fp)
+	bgequ	noname.126
+	incl	-336(fp)
+noname.126:
+	movl	-332(fp),r1
+	movl	-336(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.127
+	incl	r2
+noname.127:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.128
+	incl	r8
+noname.128:
+
+	movl	r10,20(r11)
+
+	clrl	r10
+
+	movzwl	26(r6),r2
+	bicl3	#-65536,(r7),r3
+	movzwl	2(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,24(r6),-348(fp)
+	bicl3	#-65536,r2,-352(fp)
+	mull3	r0,-348(fp),-340(fp)
+	mull2	r3,-348(fp)
+	mull3	r3,-352(fp),-344(fp)
+	mull2	r0,-352(fp)
+	addl3	-340(fp),-344(fp),r0
+	bicl3	#0,r0,-340(fp)
+	cmpl	-340(fp),-344(fp)
+	bgequ	noname.129
+	addl2	#65536,-352(fp)
+noname.129:
+	movzwl	-338(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-352(fp)
+	bicl3	#-65536,-340(fp),r0
+	ashl	#16,r0,-344(fp)
+	addl3	-344(fp),-348(fp),r0
+	bicl3	#0,r0,-348(fp)
+	cmpl	-348(fp),-344(fp)
+	bgequ	noname.130
+	incl	-352(fp)
+noname.130:
+	movl	-348(fp),r1
+	movl	-352(fp),r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.131
+	incl	r2
+noname.131:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.132
+	incl	r10
+noname.132:
+
+	movzwl	22(r6),r2
+	bicl3	#-65536,4(r7),r3
+	movzwl	6(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,20(r6),-364(fp)
+	bicl3	#-65536,r2,-368(fp)
+	mull3	r0,-364(fp),-356(fp)
+	mull2	r3,-364(fp)
+	mull3	r3,-368(fp),-360(fp)
+	mull2	r0,-368(fp)
+	addl3	-356(fp),-360(fp),r0
+	bicl3	#0,r0,-356(fp)
+	cmpl	-356(fp),-360(fp)
+	bgequ	noname.133
+	addl2	#65536,-368(fp)
+noname.133:
+	movzwl	-354(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-368(fp)
+	bicl3	#-65536,-356(fp),r0
+	ashl	#16,r0,-360(fp)
+	addl3	-360(fp),-364(fp),r0
+	bicl3	#0,r0,-364(fp)
+	cmpl	-364(fp),-360(fp)
+	bgequ	noname.134
+	incl	-368(fp)
+noname.134:
+	movl	-364(fp),r1
+	movl	-368(fp),r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.135
+	incl	r2
+noname.135:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.136
+	incl	r10
+noname.136:
+
+	movzwl	18(r6),r2
+	bicl3	#-65536,8(r7),r3
+	movzwl	10(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,16(r6),-380(fp)
+	bicl3	#-65536,r2,-384(fp)
+	mull3	r0,-380(fp),-372(fp)
+	mull2	r3,-380(fp)
+	mull3	r3,-384(fp),-376(fp)
+	mull2	r0,-384(fp)
+	addl3	-372(fp),-376(fp),r0
+	bicl3	#0,r0,-372(fp)
+	cmpl	-372(fp),-376(fp)
+	bgequ	noname.137
+	addl2	#65536,-384(fp)
+noname.137:
+	movzwl	-370(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-384(fp)
+	bicl3	#-65536,-372(fp),r0
+	ashl	#16,r0,-376(fp)
+	addl3	-376(fp),-380(fp),r0
+	bicl3	#0,r0,-380(fp)
+	cmpl	-380(fp),-376(fp)
+	bgequ	noname.138
+	incl	-384(fp)
+noname.138:
+	movl	-380(fp),r1
+	movl	-384(fp),r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.139
+	incl	r2
+noname.139:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.140
+	incl	r10
+noname.140:
+
+	movzwl	14(r6),r2
+	bicl3	#-65536,12(r7),r3
+	movzwl	14(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,12(r6),-396(fp)
+	bicl3	#-65536,r2,-400(fp)
+	mull3	r0,-396(fp),-388(fp)
+	mull2	r3,-396(fp)
+	mull3	r3,-400(fp),-392(fp)
+	mull2	r0,-400(fp)
+	addl3	-388(fp),-392(fp),r0
+	bicl3	#0,r0,-388(fp)
+	cmpl	-388(fp),-392(fp)
+	bgequ	noname.141
+	addl2	#65536,-400(fp)
+noname.141:
+	movzwl	-386(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-400(fp)
+	bicl3	#-65536,-388(fp),r0
+	ashl	#16,r0,-392(fp)
+	addl3	-392(fp),-396(fp),r0
+	bicl3	#0,r0,-396(fp)
+	cmpl	-396(fp),-392(fp)
+	bgequ	noname.142
+	incl	-400(fp)
+noname.142:
+	movl	-396(fp),r1
+	movl	-400(fp),r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.143
+	incl	r2
+noname.143:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.144
+	incl	r10
+noname.144:
+
+	movzwl	10(r6),r2
+	bicl3	#-65536,16(r7),r3
+	movzwl	18(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,8(r6),-412(fp)
+	bicl3	#-65536,r2,-416(fp)
+	mull3	r0,-412(fp),-404(fp)
+	mull2	r3,-412(fp)
+	mull3	r3,-416(fp),-408(fp)
+	mull2	r0,-416(fp)
+	addl3	-404(fp),-408(fp),r0
+	bicl3	#0,r0,-404(fp)
+	cmpl	-404(fp),-408(fp)
+	bgequ	noname.145
+	addl2	#65536,-416(fp)
+noname.145:
+	movzwl	-402(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-416(fp)
+	bicl3	#-65536,-404(fp),r0
+	ashl	#16,r0,-408(fp)
+	addl3	-408(fp),-412(fp),r0
+	bicl3	#0,r0,-412(fp)
+	cmpl	-412(fp),-408(fp)
+	bgequ	noname.146
+	incl	-416(fp)
+noname.146:
+	movl	-412(fp),r1
+	movl	-416(fp),r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.147
+	incl	r2
+noname.147:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.148
+	incl	r10
+noname.148:
+
+	movzwl	6(r6),r2
+	bicl3	#-65536,20(r7),r3
+	movzwl	22(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,4(r6),-428(fp)
+	bicl3	#-65536,r2,-432(fp)
+	mull3	r0,-428(fp),-420(fp)
+	mull2	r3,-428(fp)
+	mull3	r3,-432(fp),-424(fp)
+	mull2	r0,-432(fp)
+	addl3	-420(fp),-424(fp),r0
+	bicl3	#0,r0,-420(fp)
+	cmpl	-420(fp),-424(fp)
+	bgequ	noname.149
+	addl2	#65536,-432(fp)
+noname.149:
+	movzwl	-418(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-432(fp)
+	bicl3	#-65536,-420(fp),r0
+	ashl	#16,r0,-424(fp)
+	addl3	-424(fp),-428(fp),r0
+	bicl3	#0,r0,-428(fp)
+	cmpl	-428(fp),-424(fp)
+	bgequ	noname.150
+	incl	-432(fp)
+noname.150:
+	movl	-428(fp),r1
+	movl	-432(fp),r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.151
+	incl	r2
+noname.151:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.152
+	incl	r10
+noname.152:
+
+	movzwl	2(r6),r2
+	bicl3	#-65536,24(r7),r3
+	movzwl	26(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,(r6),-444(fp)
+	bicl3	#-65536,r2,-448(fp)
+	mull3	r0,-444(fp),-436(fp)
+	mull2	r3,-444(fp)
+	mull3	r3,-448(fp),-440(fp)
+	mull2	r0,-448(fp)
+	addl3	-436(fp),-440(fp),r0
+	bicl3	#0,r0,-436(fp)
+	cmpl	-436(fp),-440(fp)
+	bgequ	noname.153
+	addl2	#65536,-448(fp)
+noname.153:
+	movzwl	-434(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-448(fp)
+	bicl3	#-65536,-436(fp),r0
+	ashl	#16,r0,-440(fp)
+	addl3	-440(fp),-444(fp),r0
+	bicl3	#0,r0,-444(fp)
+	cmpl	-444(fp),-440(fp)
+	bgequ	noname.154
+	incl	-448(fp)
+noname.154:
+	movl	-444(fp),r1
+	movl	-448(fp),r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.155
+	incl	r2
+noname.155:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.156
+	incl	r10
+noname.156:
+
+	movl	r9,24(r11)
+
+	clrl	r9
+
+	movzwl	2(r6),r2
+	bicl3	#-65536,28(r7),r3
+	movzwl	30(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,(r6),-460(fp)
+	bicl3	#-65536,r2,-464(fp)
+	mull3	r0,-460(fp),-452(fp)
+	mull2	r3,-460(fp)
+	mull3	r3,-464(fp),-456(fp)
+	mull2	r0,-464(fp)
+	addl3	-452(fp),-456(fp),r0
+	bicl3	#0,r0,-452(fp)
+	cmpl	-452(fp),-456(fp)
+	bgequ	noname.157
+	addl2	#65536,-464(fp)
+noname.157:
+	movzwl	-450(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-464(fp)
+	bicl3	#-65536,-452(fp),r0
+	ashl	#16,r0,-456(fp)
+	addl3	-456(fp),-460(fp),r0
+	bicl3	#0,r0,-460(fp)
+	cmpl	-460(fp),-456(fp)
+	bgequ	noname.158
+	incl	-464(fp)
+noname.158:
+	movl	-460(fp),r1
+	movl	-464(fp),r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.159
+	incl	r2
+noname.159:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.160
+	incl	r9
+noname.160:
+
+	movzwl	6(r6),r2
+	bicl3	#-65536,24(r7),r3
+	movzwl	26(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,4(r6),-476(fp)
+	bicl3	#-65536,r2,-480(fp)
+	mull3	r0,-476(fp),-468(fp)
+	mull2	r3,-476(fp)
+	mull3	r3,-480(fp),-472(fp)
+	mull2	r0,-480(fp)
+	addl3	-468(fp),-472(fp),r0
+	bicl3	#0,r0,-468(fp)
+	cmpl	-468(fp),-472(fp)
+	bgequ	noname.161
+	addl2	#65536,-480(fp)
+noname.161:
+	movzwl	-466(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-480(fp)
+	bicl3	#-65536,-468(fp),r0
+	ashl	#16,r0,-472(fp)
+	addl3	-472(fp),-476(fp),r0
+	bicl3	#0,r0,-476(fp)
+	cmpl	-476(fp),-472(fp)
+	bgequ	noname.162
+	incl	-480(fp)
+noname.162:
+	movl	-476(fp),r1
+	movl	-480(fp),r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.163
+	incl	r2
+noname.163:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.164
+	incl	r9
+noname.164:
+
+	movzwl	10(r6),r2
+	bicl3	#-65536,20(r7),r3
+	movzwl	22(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,8(r6),-492(fp)
+	bicl3	#-65536,r2,-496(fp)
+	mull3	r0,-492(fp),-484(fp)
+	mull2	r3,-492(fp)
+	mull3	r3,-496(fp),-488(fp)
+	mull2	r0,-496(fp)
+	addl3	-484(fp),-488(fp),r0
+	bicl3	#0,r0,-484(fp)
+	cmpl	-484(fp),-488(fp)
+	bgequ	noname.165
+	addl2	#65536,-496(fp)
+noname.165:
+	movzwl	-482(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-496(fp)
+	bicl3	#-65536,-484(fp),r0
+	ashl	#16,r0,-488(fp)
+	addl3	-488(fp),-492(fp),r0
+	bicl3	#0,r0,-492(fp)
+	cmpl	-492(fp),-488(fp)
+	bgequ	noname.166
+	incl	-496(fp)
+noname.166:
+	movl	-492(fp),r1
+	movl	-496(fp),r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.167
+	incl	r2
+noname.167:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.168
+	incl	r9
+noname.168:
+
+	movzwl	14(r6),r2
+	bicl3	#-65536,16(r7),r3
+	movzwl	18(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,12(r6),-508(fp)
+	bicl3	#-65536,r2,-512(fp)
+	mull3	r0,-508(fp),-500(fp)
+	mull2	r3,-508(fp)
+	mull3	r3,-512(fp),-504(fp)
+	mull2	r0,-512(fp)
+	addl3	-500(fp),-504(fp),r0
+	bicl3	#0,r0,-500(fp)
+	cmpl	-500(fp),-504(fp)
+	bgequ	noname.169
+	addl2	#65536,-512(fp)
+noname.169:
+	movzwl	-498(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-512(fp)
+	bicl3	#-65536,-500(fp),r0
+	ashl	#16,r0,-504(fp)
+	addl3	-504(fp),-508(fp),r0
+	bicl3	#0,r0,-508(fp)
+	cmpl	-508(fp),-504(fp)
+	bgequ	noname.170
+	incl	-512(fp)
+noname.170:
+	movl	-508(fp),r1
+	movl	-512(fp),r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.171
+	incl	r2
+noname.171:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.172
+	incl	r9
+noname.172:
+
+	movzwl	18(r6),r2
+	bicl3	#-65536,12(r7),r3
+	movzwl	14(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,16(r6),-524(fp)
+	bicl3	#-65536,r2,-528(fp)
+	mull3	r0,-524(fp),-516(fp)
+	mull2	r3,-524(fp)
+	mull3	r3,-528(fp),-520(fp)
+	mull2	r0,-528(fp)
+	addl3	-516(fp),-520(fp),r0
+	bicl3	#0,r0,-516(fp)
+	cmpl	-516(fp),-520(fp)
+	bgequ	noname.173
+	addl2	#65536,-528(fp)
+noname.173:
+	movzwl	-514(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-528(fp)
+	bicl3	#-65536,-516(fp),r0
+	ashl	#16,r0,-520(fp)
+	addl3	-520(fp),-524(fp),r0
+	bicl3	#0,r0,-524(fp)
+	cmpl	-524(fp),-520(fp)
+	bgequ	noname.174
+	incl	-528(fp)
+noname.174:
+	movl	-524(fp),r1
+	movl	-528(fp),r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.175
+	incl	r2
+noname.175:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.176
+	incl	r9
+noname.176:
+
+	movzwl	22(r6),r2
+	bicl3	#-65536,8(r7),r3
+	movzwl	10(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,20(r6),-540(fp)
+	bicl3	#-65536,r2,-544(fp)
+	mull3	r0,-540(fp),-532(fp)
+	mull2	r3,-540(fp)
+	mull3	r3,-544(fp),-536(fp)
+	mull2	r0,-544(fp)
+	addl3	-532(fp),-536(fp),r0
+	bicl3	#0,r0,-532(fp)
+	cmpl	-532(fp),-536(fp)
+	bgequ	noname.177
+	addl2	#65536,-544(fp)
+noname.177:
+	movzwl	-530(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-544(fp)
+	bicl3	#-65536,-532(fp),r0
+	ashl	#16,r0,-536(fp)
+	addl3	-536(fp),-540(fp),r0
+	bicl3	#0,r0,-540(fp)
+	cmpl	-540(fp),-536(fp)
+	bgequ	noname.178
+	incl	-544(fp)
+noname.178:
+	movl	-540(fp),r1
+	movl	-544(fp),r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.179
+	incl	r2
+noname.179:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.180
+	incl	r9
+noname.180:
+
+	movzwl	26(r6),r2
+	bicl3	#-65536,4(r7),r3
+	movzwl	6(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,24(r6),-556(fp)
+	bicl3	#-65536,r2,-560(fp)
+	mull3	r0,-556(fp),-548(fp)
+	mull2	r3,-556(fp)
+	mull3	r3,-560(fp),-552(fp)
+	mull2	r0,-560(fp)
+	addl3	-548(fp),-552(fp),r0
+	bicl3	#0,r0,-548(fp)
+	cmpl	-548(fp),-552(fp)
+	bgequ	noname.181
+	addl2	#65536,-560(fp)
+noname.181:
+	movzwl	-546(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-560(fp)
+	bicl3	#-65536,-548(fp),r0
+	ashl	#16,r0,-552(fp)
+	addl3	-552(fp),-556(fp),r0
+	bicl3	#0,r0,-556(fp)
+	cmpl	-556(fp),-552(fp)
+	bgequ	noname.182
+	incl	-560(fp)
+noname.182:
+	movl	-556(fp),r1
+	movl	-560(fp),r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.183
+	incl	r2
+noname.183:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.184
+	incl	r9
+noname.184:
+
+	movzwl	30(r6),r2
+	bicl3	#-65536,(r7),r3
+	movzwl	2(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,28(r6),-572(fp)
+	bicl3	#-65536,r2,-576(fp)
+	mull3	r0,-572(fp),-564(fp)
+	mull2	r3,-572(fp)
+	mull3	r3,-576(fp),-568(fp)
+	mull2	r0,-576(fp)
+	addl3	-564(fp),-568(fp),r0
+	bicl3	#0,r0,-564(fp)
+	cmpl	-564(fp),-568(fp)
+	bgequ	noname.185
+	addl2	#65536,-576(fp)
+noname.185:
+	movzwl	-562(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-576(fp)
+	bicl3	#-65536,-564(fp),r0
+	ashl	#16,r0,-568(fp)
+	addl3	-568(fp),-572(fp),r0
+	bicl3	#0,r0,-572(fp)
+	cmpl	-572(fp),-568(fp)
+	bgequ	noname.186
+	incl	-576(fp)
+noname.186:
+	movl	-572(fp),r1
+	movl	-576(fp),r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.187
+	incl	r2
+noname.187:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.188
+	incl	r9
+noname.188:
+
+	movl	r8,28(r11)
+
+	clrl	r8
+
+	movzwl	30(r6),r2
+	bicl3	#-65536,4(r7),r3
+	movzwl	6(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,28(r6),-588(fp)
+	bicl3	#-65536,r2,-592(fp)
+	mull3	r0,-588(fp),-580(fp)
+	mull2	r3,-588(fp)
+	mull3	r3,-592(fp),-584(fp)
+	mull2	r0,-592(fp)
+	addl3	-580(fp),-584(fp),r0
+	bicl3	#0,r0,-580(fp)
+	cmpl	-580(fp),-584(fp)
+	bgequ	noname.189
+	addl2	#65536,-592(fp)
+noname.189:
+	movzwl	-578(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-592(fp)
+	bicl3	#-65536,-580(fp),r0
+	ashl	#16,r0,-584(fp)
+	addl3	-584(fp),-588(fp),r0
+	bicl3	#0,r0,-588(fp)
+	cmpl	-588(fp),-584(fp)
+	bgequ	noname.190
+	incl	-592(fp)
+noname.190:
+	movl	-588(fp),r1
+	movl	-592(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.191
+	incl	r2
+noname.191:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.192
+	incl	r8
+noname.192:
+
+	movzwl	26(r6),r2
+	bicl3	#-65536,8(r7),r3
+	movzwl	10(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,24(r6),-604(fp)
+	bicl3	#-65536,r2,-608(fp)
+	mull3	r0,-604(fp),-596(fp)
+	mull2	r3,-604(fp)
+	mull3	r3,-608(fp),-600(fp)
+	mull2	r0,-608(fp)
+	addl3	-596(fp),-600(fp),r0
+	bicl3	#0,r0,-596(fp)
+	cmpl	-596(fp),-600(fp)
+	bgequ	noname.193
+	addl2	#65536,-608(fp)
+noname.193:
+	movzwl	-594(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-608(fp)
+	bicl3	#-65536,-596(fp),r0
+	ashl	#16,r0,-600(fp)
+	addl3	-600(fp),-604(fp),r0
+	bicl3	#0,r0,-604(fp)
+	cmpl	-604(fp),-600(fp)
+	bgequ	noname.194
+	incl	-608(fp)
+noname.194:
+	movl	-604(fp),r1
+	movl	-608(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.195
+	incl	r2
+noname.195:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.196
+	incl	r8
+noname.196:
+
+	movzwl	22(r6),r2
+	bicl3	#-65536,12(r7),r3
+	movzwl	14(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,20(r6),-620(fp)
+	bicl3	#-65536,r2,-624(fp)
+	mull3	r0,-620(fp),-612(fp)
+	mull2	r3,-620(fp)
+	mull3	r3,-624(fp),-616(fp)
+	mull2	r0,-624(fp)
+	addl3	-612(fp),-616(fp),r0
+	bicl3	#0,r0,-612(fp)
+	cmpl	-612(fp),-616(fp)
+	bgequ	noname.197
+	addl2	#65536,-624(fp)
+noname.197:
+	movzwl	-610(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-624(fp)
+	bicl3	#-65536,-612(fp),r0
+	ashl	#16,r0,-616(fp)
+	addl3	-616(fp),-620(fp),r0
+	bicl3	#0,r0,-620(fp)
+	cmpl	-620(fp),-616(fp)
+	bgequ	noname.198
+	incl	-624(fp)
+noname.198:
+	movl	-620(fp),r1
+	movl	-624(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.199
+	incl	r2
+noname.199:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.200
+	incl	r8
+noname.200:
+
+	movzwl	18(r6),r2
+	bicl3	#-65536,16(r7),r3
+	movzwl	18(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,16(r6),-636(fp)
+	bicl3	#-65536,r2,-640(fp)
+	mull3	r0,-636(fp),-628(fp)
+	mull2	r3,-636(fp)
+	mull3	r3,-640(fp),-632(fp)
+	mull2	r0,-640(fp)
+	addl3	-628(fp),-632(fp),r0
+	bicl3	#0,r0,-628(fp)
+	cmpl	-628(fp),-632(fp)
+	bgequ	noname.201
+	addl2	#65536,-640(fp)
+noname.201:
+	movzwl	-626(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-640(fp)
+	bicl3	#-65536,-628(fp),r0
+	ashl	#16,r0,-632(fp)
+	addl3	-632(fp),-636(fp),r0
+	bicl3	#0,r0,-636(fp)
+	cmpl	-636(fp),-632(fp)
+	bgequ	noname.202
+	incl	-640(fp)
+noname.202:
+	movl	-636(fp),r1
+	movl	-640(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.203
+	incl	r2
+noname.203:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.204
+	incl	r8
+noname.204:
+
+	movzwl	14(r6),r2
+	bicl3	#-65536,20(r7),r3
+	movzwl	22(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,12(r6),-652(fp)
+	bicl3	#-65536,r2,-656(fp)
+	mull3	r0,-652(fp),-644(fp)
+	mull2	r3,-652(fp)
+	mull3	r3,-656(fp),-648(fp)
+	mull2	r0,-656(fp)
+	addl3	-644(fp),-648(fp),r0
+	bicl3	#0,r0,-644(fp)
+	cmpl	-644(fp),-648(fp)
+	bgequ	noname.205
+	addl2	#65536,-656(fp)
+noname.205:
+	movzwl	-642(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-656(fp)
+	bicl3	#-65536,-644(fp),r0
+	ashl	#16,r0,-648(fp)
+	addl3	-648(fp),-652(fp),r0
+	bicl3	#0,r0,-652(fp)
+	cmpl	-652(fp),-648(fp)
+	bgequ	noname.206
+	incl	-656(fp)
+noname.206:
+	movl	-652(fp),r1
+	movl	-656(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.207
+	incl	r2
+noname.207:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.208
+	incl	r8
+noname.208:
+
+	movzwl	10(r6),r2
+	bicl3	#-65536,24(r7),r3
+	movzwl	26(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,8(r6),-668(fp)
+	bicl3	#-65536,r2,-672(fp)
+	mull3	r0,-668(fp),-660(fp)
+	mull2	r3,-668(fp)
+	mull3	r3,-672(fp),-664(fp)
+	mull2	r0,-672(fp)
+	addl3	-660(fp),-664(fp),r0
+	bicl3	#0,r0,-660(fp)
+	cmpl	-660(fp),-664(fp)
+	bgequ	noname.209
+	addl2	#65536,-672(fp)
+noname.209:
+	movzwl	-658(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-672(fp)
+	bicl3	#-65536,-660(fp),r0
+	ashl	#16,r0,-664(fp)
+	addl3	-664(fp),-668(fp),r0
+	bicl3	#0,r0,-668(fp)
+	cmpl	-668(fp),-664(fp)
+	bgequ	noname.210
+	incl	-672(fp)
+noname.210:
+	movl	-668(fp),r1
+	movl	-672(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.211
+	incl	r2
+noname.211:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.212
+	incl	r8
+noname.212:
+
+	movzwl	6(r6),r2
+	bicl3	#-65536,28(r7),r3
+	movzwl	30(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,4(r6),-684(fp)
+	bicl3	#-65536,r2,-688(fp)
+	mull3	r0,-684(fp),-676(fp)
+	mull2	r3,-684(fp)
+	mull3	r3,-688(fp),-680(fp)
+	mull2	r0,-688(fp)
+	addl3	-676(fp),-680(fp),r0
+	bicl3	#0,r0,-676(fp)
+	cmpl	-676(fp),-680(fp)
+	bgequ	noname.213
+	addl2	#65536,-688(fp)
+noname.213:
+	movzwl	-674(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-688(fp)
+	bicl3	#-65536,-676(fp),r0
+	ashl	#16,r0,-680(fp)
+	addl3	-680(fp),-684(fp),r0
+	bicl3	#0,r0,-684(fp)
+	cmpl	-684(fp),-680(fp)
+	bgequ	noname.214
+	incl	-688(fp)
+noname.214:
+	movl	-684(fp),r1
+	movl	-688(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.215
+	incl	r2
+noname.215:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.216
+	incl	r8
+noname.216:
+
+	movl	r10,32(r11)
+
+	clrl	r10
+
+	movzwl	10(r6),r2
+	bicl3	#-65536,28(r7),r3
+	movzwl	30(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,8(r6),-700(fp)
+	bicl3	#-65536,r2,-704(fp)
+	mull3	r0,-700(fp),-692(fp)
+	mull2	r3,-700(fp)
+	mull3	r3,-704(fp),-696(fp)
+	mull2	r0,-704(fp)
+	addl3	-692(fp),-696(fp),r0
+	bicl3	#0,r0,-692(fp)
+	cmpl	-692(fp),-696(fp)
+	bgequ	noname.217
+	addl2	#65536,-704(fp)
+noname.217:
+	movzwl	-690(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-704(fp)
+	bicl3	#-65536,-692(fp),r0
+	ashl	#16,r0,-696(fp)
+	addl3	-696(fp),-700(fp),r0
+	bicl3	#0,r0,-700(fp)
+	cmpl	-700(fp),-696(fp)
+	bgequ	noname.218
+	incl	-704(fp)
+noname.218:
+	movl	-700(fp),r1
+	movl	-704(fp),r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.219
+	incl	r2
+noname.219:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.220
+	incl	r10
+noname.220:
+
+	movzwl	14(r6),r2
+	bicl3	#-65536,24(r7),r3
+	movzwl	26(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,12(r6),-716(fp)
+	bicl3	#-65536,r2,-720(fp)
+	mull3	r0,-716(fp),-708(fp)
+	mull2	r3,-716(fp)
+	mull3	r3,-720(fp),-712(fp)
+	mull2	r0,-720(fp)
+	addl3	-708(fp),-712(fp),r0
+	bicl3	#0,r0,-708(fp)
+	cmpl	-708(fp),-712(fp)
+	bgequ	noname.221
+	addl2	#65536,-720(fp)
+noname.221:
+	movzwl	-706(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-720(fp)
+	bicl3	#-65536,-708(fp),r0
+	ashl	#16,r0,-712(fp)
+	addl3	-712(fp),-716(fp),r0
+	bicl3	#0,r0,-716(fp)
+	cmpl	-716(fp),-712(fp)
+	bgequ	noname.222
+	incl	-720(fp)
+noname.222:
+	movl	-716(fp),r1
+	movl	-720(fp),r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.223
+	incl	r2
+noname.223:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.224
+	incl	r10
+noname.224:
+
+	movzwl	18(r6),r2
+	bicl3	#-65536,20(r7),r3
+	movzwl	22(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,16(r6),-732(fp)
+	bicl3	#-65536,r2,-736(fp)
+	mull3	r0,-732(fp),-724(fp)
+	mull2	r3,-732(fp)
+	mull3	r3,-736(fp),-728(fp)
+	mull2	r0,-736(fp)
+	addl3	-724(fp),-728(fp),r0
+	bicl3	#0,r0,-724(fp)
+	cmpl	-724(fp),-728(fp)
+	bgequ	noname.225
+	addl2	#65536,-736(fp)
+noname.225:
+	movzwl	-722(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-736(fp)
+	bicl3	#-65536,-724(fp),r0
+	ashl	#16,r0,-728(fp)
+	addl3	-728(fp),-732(fp),r0
+	bicl3	#0,r0,-732(fp)
+	cmpl	-732(fp),-728(fp)
+	bgequ	noname.226
+	incl	-736(fp)
+noname.226:
+	movl	-732(fp),r1
+	movl	-736(fp),r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.227
+	incl	r2
+noname.227:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.228
+	incl	r10
+noname.228:
+
+	movzwl	22(r6),r2
+	bicl3	#-65536,16(r7),r3
+	movzwl	18(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,20(r6),-748(fp)
+	bicl3	#-65536,r2,-752(fp)
+	mull3	r0,-748(fp),-740(fp)
+	mull2	r3,-748(fp)
+	mull3	r3,-752(fp),-744(fp)
+	mull2	r0,-752(fp)
+	addl3	-740(fp),-744(fp),r0
+	bicl3	#0,r0,-740(fp)
+	cmpl	-740(fp),-744(fp)
+	bgequ	noname.229
+	addl2	#65536,-752(fp)
+noname.229:
+	movzwl	-738(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-752(fp)
+	bicl3	#-65536,-740(fp),r0
+	ashl	#16,r0,-744(fp)
+	addl3	-744(fp),-748(fp),r0
+	bicl3	#0,r0,-748(fp)
+	cmpl	-748(fp),-744(fp)
+	bgequ	noname.230
+	incl	-752(fp)
+noname.230:
+	movl	-748(fp),r1
+	movl	-752(fp),r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.231
+	incl	r2
+noname.231:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.232
+	incl	r10
+noname.232:
+
+	movzwl	26(r6),r2
+	bicl3	#-65536,12(r7),r3
+	movzwl	14(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,24(r6),-764(fp)
+	bicl3	#-65536,r2,-768(fp)
+	mull3	r0,-764(fp),-756(fp)
+	mull2	r3,-764(fp)
+	mull3	r3,-768(fp),-760(fp)
+	mull2	r0,-768(fp)
+	addl3	-756(fp),-760(fp),r0
+	bicl3	#0,r0,-756(fp)
+	cmpl	-756(fp),-760(fp)
+	bgequ	noname.233
+	addl2	#65536,-768(fp)
+noname.233:
+	movzwl	-754(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-768(fp)
+	bicl3	#-65536,-756(fp),r0
+	ashl	#16,r0,-760(fp)
+	addl3	-760(fp),-764(fp),r0
+	bicl3	#0,r0,-764(fp)
+	cmpl	-764(fp),-760(fp)
+	bgequ	noname.234
+	incl	-768(fp)
+noname.234:
+	movl	-764(fp),r1
+	movl	-768(fp),r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.235
+	incl	r2
+noname.235:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.236
+	incl	r10
+noname.236:
+
+	bicl3	#-65536,28(r6),r3
+	movzwl	30(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,8(r7),r2
+	movzwl	10(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-772(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-776(fp)
+	mull2	r0,r4
+	addl3	-772(fp),-776(fp),r0
+	bicl3	#0,r0,-772(fp)
+	cmpl	-772(fp),-776(fp)
+	bgequ	noname.237
+	addl2	#65536,r4
+noname.237:
+	movzwl	-770(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-772(fp),r0
+	ashl	#16,r0,-776(fp)
+	addl2	-776(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-776(fp)
+	bgequ	noname.238
+	incl	r4
+noname.238:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.239
+	incl	r2
+noname.239:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.240
+	incl	r10
+noname.240:
+
+	movl	r9,36(r11)
+
+	clrl	r9
+
+	bicl3	#-65536,28(r6),r3
+	movzwl	30(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,12(r7),r2
+	movzwl	14(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-780(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-784(fp)
+	mull2	r0,r4
+	addl3	-780(fp),-784(fp),r0
+	bicl3	#0,r0,-780(fp)
+	cmpl	-780(fp),-784(fp)
+	bgequ	noname.241
+	addl2	#65536,r4
+noname.241:
+	movzwl	-778(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-780(fp),r0
+	ashl	#16,r0,-784(fp)
+	addl2	-784(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-784(fp)
+	bgequ	noname.242
+	incl	r4
+noname.242:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.243
+	incl	r2
+noname.243:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.244
+	incl	r9
+noname.244:
+
+	bicl3	#-65536,24(r6),r3
+	movzwl	26(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,16(r7),r2
+	movzwl	18(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-788(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-792(fp)
+	mull2	r0,r4
+	addl3	-788(fp),-792(fp),r0
+	bicl3	#0,r0,-788(fp)
+	cmpl	-788(fp),-792(fp)
+	bgequ	noname.245
+	addl2	#65536,r4
+noname.245:
+	movzwl	-786(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-788(fp),r0
+	ashl	#16,r0,-792(fp)
+	addl2	-792(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-792(fp)
+	bgequ	noname.246
+	incl	r4
+noname.246:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.247
+	incl	r2
+noname.247:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.248
+	incl	r9
+noname.248:
+
+	bicl3	#-65536,20(r6),r3
+	movzwl	22(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,20(r7),r2
+	movzwl	22(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-796(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-800(fp)
+	mull2	r0,r4
+	addl3	-796(fp),-800(fp),r0
+	bicl3	#0,r0,-796(fp)
+	cmpl	-796(fp),-800(fp)
+	bgequ	noname.249
+	addl2	#65536,r4
+noname.249:
+	movzwl	-794(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-796(fp),r0
+	ashl	#16,r0,-800(fp)
+	addl2	-800(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-800(fp)
+	bgequ	noname.250
+	incl	r4
+noname.250:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.251
+	incl	r2
+noname.251:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.252
+	incl	r9
+noname.252:
+
+	bicl3	#-65536,16(r6),r3
+	movzwl	18(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,24(r7),r2
+	movzwl	26(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-804(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-808(fp)
+	mull2	r0,r4
+	addl3	-804(fp),-808(fp),r0
+	bicl3	#0,r0,-804(fp)
+	cmpl	-804(fp),-808(fp)
+	bgequ	noname.253
+	addl2	#65536,r4
+noname.253:
+	movzwl	-802(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-804(fp),r0
+	ashl	#16,r0,-808(fp)
+	addl2	-808(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-808(fp)
+	bgequ	noname.254
+	incl	r4
+noname.254:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.255
+	incl	r2
+noname.255:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.256
+	incl	r9
+noname.256:
+
+	bicl3	#-65536,12(r6),r3
+	movzwl	14(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,28(r7),r2
+	movzwl	30(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-812(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-816(fp)
+	mull2	r0,r4
+	addl3	-812(fp),-816(fp),r0
+	bicl3	#0,r0,-812(fp)
+	cmpl	-812(fp),-816(fp)
+	bgequ	noname.257
+	addl2	#65536,r4
+noname.257:
+	movzwl	-810(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-812(fp),r0
+	ashl	#16,r0,-816(fp)
+	addl2	-816(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-816(fp)
+	bgequ	noname.258
+	incl	r4
+noname.258:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.259
+	incl	r2
+noname.259:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.260
+	incl	r9
+noname.260:
+
+	movl	r8,40(r11)
+
+	clrl	r8
+
+	bicl3	#-65536,16(r6),r3
+	movzwl	18(r6),r2
+	bicl3	#-65536,28(r7),r1
+	movzwl	30(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r4
+	bicl3	#-65536,r2,-828(fp)
+	mull3	r0,r4,-820(fp)
+	mull2	r1,r4
+	mull3	r1,-828(fp),-824(fp)
+	mull2	r0,-828(fp)
+	addl3	-820(fp),-824(fp),r0
+	bicl3	#0,r0,-820(fp)
+	cmpl	-820(fp),-824(fp)
+	bgequ	noname.261
+	addl2	#65536,-828(fp)
+noname.261:
+	movzwl	-818(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-828(fp)
+	bicl3	#-65536,-820(fp),r0
+	ashl	#16,r0,-824(fp)
+	addl2	-824(fp),r4
+	bicl2	#0,r4
+	cmpl	r4,-824(fp)
+	bgequ	noname.262
+	incl	-828(fp)
+noname.262:
+	movl	r4,r1
+	movl	-828(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.263
+	incl	r2
+noname.263:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.264
+	incl	r8
+noname.264:
+
+	movzwl	22(r6),r2
+	bicl3	#-65536,24(r7),r3
+	movzwl	26(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,20(r6),-840(fp)
+	bicl3	#-65536,r2,-844(fp)
+	mull3	r0,-840(fp),-832(fp)
+	mull2	r3,-840(fp)
+	mull3	r3,-844(fp),-836(fp)
+	mull2	r0,-844(fp)
+	addl3	-832(fp),-836(fp),r0
+	bicl3	#0,r0,-832(fp)
+	cmpl	-832(fp),-836(fp)
+	bgequ	noname.265
+	addl2	#65536,-844(fp)
+noname.265:
+	movzwl	-830(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-844(fp)
+	bicl3	#-65536,-832(fp),r0
+	ashl	#16,r0,-836(fp)
+	addl3	-836(fp),-840(fp),r0
+	bicl3	#0,r0,-840(fp)
+	cmpl	-840(fp),-836(fp)
+	bgequ	noname.266
+	incl	-844(fp)
+noname.266:
+	movl	-840(fp),r1
+	movl	-844(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.267
+	incl	r2
+noname.267:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.268
+	incl	r8
+noname.268:
+
+	bicl3	#-65536,24(r6),r3
+	movzwl	26(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,20(r7),r2
+	movzwl	22(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-848(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-852(fp)
+	mull2	r0,r4
+	addl3	-848(fp),-852(fp),r0
+	bicl3	#0,r0,-848(fp)
+	cmpl	-848(fp),-852(fp)
+	bgequ	noname.269
+	addl2	#65536,r4
+noname.269:
+	movzwl	-846(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-848(fp),r0
+	ashl	#16,r0,-852(fp)
+	addl2	-852(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-852(fp)
+	bgequ	noname.270
+	incl	r4
+noname.270:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.271
+	incl	r2
+noname.271:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.272
+	incl	r8
+noname.272:
+
+	bicl3	#-65536,28(r6),r3
+	movzwl	30(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,16(r7),r2
+	movzwl	18(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-856(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-860(fp)
+	mull2	r0,r4
+	addl3	-856(fp),-860(fp),r0
+	bicl3	#0,r0,-856(fp)
+	cmpl	-856(fp),-860(fp)
+	bgequ	noname.273
+	addl2	#65536,r4
+noname.273:
+	movzwl	-854(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-856(fp),r0
+	ashl	#16,r0,-860(fp)
+	addl2	-860(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-860(fp)
+	bgequ	noname.274
+	incl	r4
+noname.274:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.275
+	incl	r2
+noname.275:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.276
+	incl	r8
+noname.276:
+
+	movl	r10,44(r11)
+
+	clrl	r10
+
+	bicl3	#-65536,28(r6),r3
+	movzwl	30(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,20(r7),r2
+	movzwl	22(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-864(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-868(fp)
+	mull2	r0,r4
+	addl3	-864(fp),-868(fp),r0
+	bicl3	#0,r0,-864(fp)
+	cmpl	-864(fp),-868(fp)
+	bgequ	noname.277
+	addl2	#65536,r4
+noname.277:
+	movzwl	-862(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-864(fp),r0
+	ashl	#16,r0,-868(fp)
+	addl2	-868(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-868(fp)
+	bgequ	noname.278
+	incl	r4
+noname.278:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.279
+	incl	r2
+noname.279:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.280
+	incl	r10
+noname.280:
+
+	bicl3	#-65536,24(r6),r3
+	movzwl	26(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,24(r7),r2
+	movzwl	26(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-872(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-876(fp)
+	mull2	r0,r4
+	addl3	-872(fp),-876(fp),r0
+	bicl3	#0,r0,-872(fp)
+	cmpl	-872(fp),-876(fp)
+	bgequ	noname.281
+	addl2	#65536,r4
+noname.281:
+	movzwl	-870(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-872(fp),r0
+	ashl	#16,r0,-876(fp)
+	addl2	-876(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-876(fp)
+	bgequ	noname.282
+	incl	r4
+noname.282:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.283
+	incl	r2
+noname.283:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.284
+	incl	r10
+noname.284:
+
+	bicl3	#-65536,20(r6),r3
+	movzwl	22(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,28(r7),r2
+	movzwl	30(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-880(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-884(fp)
+	mull2	r0,r4
+	addl3	-880(fp),-884(fp),r0
+	bicl3	#0,r0,-880(fp)
+	cmpl	-880(fp),-884(fp)
+	bgequ	noname.285
+	addl2	#65536,r4
+noname.285:
+	movzwl	-878(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-880(fp),r0
+	ashl	#16,r0,-884(fp)
+	addl2	-884(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-884(fp)
+	bgequ	noname.286
+	incl	r4
+noname.286:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.287
+	incl	r2
+noname.287:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.288
+	incl	r10
+noname.288:
+
+	movl	r9,48(r11)
+
+	clrl	r9
+
+	bicl3	#-65536,24(r6),r3
+	movzwl	26(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,28(r7),r2
+	movzwl	30(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-888(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-892(fp)
+	mull2	r0,r4
+	addl3	-888(fp),-892(fp),r0
+	bicl3	#0,r0,-888(fp)
+	cmpl	-888(fp),-892(fp)
+	bgequ	noname.289
+	addl2	#65536,r4
+noname.289:
+	movzwl	-886(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-888(fp),r0
+	ashl	#16,r0,-892(fp)
+	addl2	-892(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-892(fp)
+	bgequ	noname.290
+	incl	r4
+noname.290:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.291
+	incl	r2
+noname.291:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.292
+	incl	r9
+noname.292:
+
+	movzwl	30(r6),r2
+	bicl3	#-65536,24(r7),r3
+	movzwl	26(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,28(r6),-904(fp)
+	bicl3	#-65536,r2,-908(fp)
+	mull3	r0,-904(fp),-896(fp)
+	mull2	r3,-904(fp)
+	mull3	r3,-908(fp),-900(fp)
+	mull2	r0,-908(fp)
+	addl3	-896(fp),-900(fp),r0
+	bicl3	#0,r0,-896(fp)
+	cmpl	-896(fp),-900(fp)
+	bgequ	noname.293
+	addl2	#65536,-908(fp)
+noname.293:
+	movzwl	-894(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-908(fp)
+	bicl3	#-65536,-896(fp),r0
+	ashl	#16,r0,-900(fp)
+	addl3	-900(fp),-904(fp),r0
+	bicl3	#0,r0,-904(fp)
+	cmpl	-904(fp),-900(fp)
+	bgequ	noname.294
+	incl	-908(fp)
+noname.294:
+	movl	-904(fp),r1
+	movl	-908(fp),r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.295
+	incl	r2
+noname.295:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.296
+	incl	r9
+noname.296:
+
+	movl	r8,52(r11)
+
+	clrl	r8
+
+	movzwl	30(r6),r2
+	bicl3	#-65536,28(r7),r3
+	movzwl	30(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,28(r6),-920(fp)
+	bicl3	#-65536,r2,-924(fp)
+	mull3	r0,-920(fp),-912(fp)
+	mull2	r3,-920(fp)
+	mull3	r3,-924(fp),-916(fp)
+	mull2	r0,-924(fp)
+	addl3	-912(fp),-916(fp),r0
+	bicl3	#0,r0,-912(fp)
+	cmpl	-912(fp),-916(fp)
+	bgequ	noname.297
+	addl2	#65536,-924(fp)
+noname.297:
+	movzwl	-910(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-924(fp)
+	bicl3	#-65536,-912(fp),r0
+	ashl	#16,r0,-916(fp)
+	addl3	-916(fp),-920(fp),r0
+	bicl3	#0,r0,-920(fp)
+	cmpl	-920(fp),-916(fp)
+	bgequ	noname.298
+	incl	-924(fp)
+noname.298:
+	movl	-920(fp),r1
+	movl	-924(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.299
+	incl	r2
+noname.299:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.300
+	incl	r8
+noname.300:
+
+	movl	r10,56(r11)
+
+	movl	r9,60(r11)
+
+	ret	
+
+
+
+;r=4 ;(AP)
+;a=8 ;(AP)
+;b=12 ;(AP)
+;n=16 ;(AP)	n	by value (input)
+
+	.psect	code,nowrt
+
+.entry	BN_MUL_COMBA4,^m<r2,r3,r4,r5,r6,r7,r8,r9,r10,r11>
+	movab	-156(sp),sp
+
+	clrq	r9
+
+	clrl	r8
+
+	movl	8(ap),r6
+	bicl3	#-65536,(r6),r3
+	movzwl	2(r6),r2
+	bicl2	#-65536,r2
+	movl	12(ap),r7
+	bicl3	#-65536,(r7),r1
+	movzwl	2(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r2,r4
+	mull3	r0,r5,-4(fp)
+	mull2	r1,r5
+	mull3	r1,r4,-8(fp)
+	mull2	r0,r4
+	addl3	-4(fp),-8(fp),r0
+	bicl3	#0,r0,-4(fp)
+	cmpl	-4(fp),-8(fp)
+	bgequ	noname.303
+	addl2	#65536,r4
+noname.303:
+	movzwl	-2(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-4(fp),r0
+	ashl	#16,r0,-8(fp)
+	addl2	-8(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-8(fp)
+	bgequ	noname.304
+	incl	r4
+noname.304:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.305
+	incl	r2
+noname.305:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.306
+	incl	r8
+noname.306:
+
+	movl	4(ap),r11
+	movl	r10,(r11)
+
+	clrl	r10
+
+	bicl3	#-65536,(r6),r3
+	movzwl	2(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,4(r7),r2
+	movzwl	6(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-12(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-16(fp)
+	mull2	r0,r4
+	addl3	-12(fp),-16(fp),r0
+	bicl3	#0,r0,-12(fp)
+	cmpl	-12(fp),-16(fp)
+	bgequ	noname.307
+	addl2	#65536,r4
+noname.307:
+	movzwl	-10(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-12(fp),r0
+	ashl	#16,r0,-16(fp)
+	addl2	-16(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-16(fp)
+	bgequ	noname.308
+	incl	r4
+noname.308:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.309
+	incl	r2
+noname.309:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.310
+	incl	r10
+noname.310:
+
+	bicl3	#-65536,4(r6),r3
+	movzwl	6(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,(r7),r2
+	movzwl	2(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-20(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-24(fp)
+	mull2	r0,r4
+	addl3	-20(fp),-24(fp),r0
+	bicl3	#0,r0,-20(fp)
+	cmpl	-20(fp),-24(fp)
+	bgequ	noname.311
+	addl2	#65536,r4
+noname.311:
+	movzwl	-18(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-20(fp),r0
+	ashl	#16,r0,-24(fp)
+	addl2	-24(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-24(fp)
+	bgequ	noname.312
+	incl	r4
+noname.312:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.313
+	incl	r2
+noname.313:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.314
+	incl	r10
+noname.314:
+
+	movl	r9,4(r11)
+
+	clrl	r9
+
+	bicl3	#-65536,8(r6),r3
+	movzwl	10(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,(r7),r2
+	movzwl	2(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-28(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-32(fp)
+	mull2	r0,r4
+	addl3	-28(fp),-32(fp),r0
+	bicl3	#0,r0,-28(fp)
+	cmpl	-28(fp),-32(fp)
+	bgequ	noname.315
+	addl2	#65536,r4
+noname.315:
+	movzwl	-26(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-28(fp),r0
+	ashl	#16,r0,-32(fp)
+	addl2	-32(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-32(fp)
+	bgequ	noname.316
+	incl	r4
+noname.316:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.317
+	incl	r2
+noname.317:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.318
+	incl	r9
+noname.318:
+
+	bicl3	#-65536,4(r6),r3
+	movzwl	6(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,4(r7),r2
+	movzwl	6(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-36(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-40(fp)
+	mull2	r0,r4
+	addl3	-36(fp),-40(fp),r0
+	bicl3	#0,r0,-36(fp)
+	cmpl	-36(fp),-40(fp)
+	bgequ	noname.319
+	addl2	#65536,r4
+noname.319:
+	movzwl	-34(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-36(fp),r0
+	ashl	#16,r0,-40(fp)
+	addl2	-40(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-40(fp)
+	bgequ	noname.320
+	incl	r4
+noname.320:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.321
+	incl	r2
+noname.321:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.322
+	incl	r9
+noname.322:
+
+	bicl3	#-65536,(r6),r3
+	movzwl	2(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,8(r7),r2
+	movzwl	10(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-44(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-48(fp)
+	mull2	r0,r4
+	addl3	-44(fp),-48(fp),r0
+	bicl3	#0,r0,-44(fp)
+	cmpl	-44(fp),-48(fp)
+	bgequ	noname.323
+	addl2	#65536,r4
+noname.323:
+	movzwl	-42(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-44(fp),r0
+	ashl	#16,r0,-48(fp)
+	addl2	-48(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-48(fp)
+	bgequ	noname.324
+	incl	r4
+noname.324:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.325
+	incl	r2
+noname.325:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.326
+	incl	r9
+noname.326:
+
+	movl	r8,8(r11)
+
+	clrl	r8
+
+	bicl3	#-65536,(r6),r3
+	movzwl	2(r6),r2
+	bicl3	#-65536,12(r7),r1
+	movzwl	14(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r4
+	bicl3	#-65536,r2,-60(fp)
+	mull3	r0,r4,-52(fp)
+	mull2	r1,r4
+	mull3	r1,-60(fp),-56(fp)
+	mull2	r0,-60(fp)
+	addl3	-52(fp),-56(fp),r0
+	bicl3	#0,r0,-52(fp)
+	cmpl	-52(fp),-56(fp)
+	bgequ	noname.327
+	addl2	#65536,-60(fp)
+noname.327:
+	movzwl	-50(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-60(fp)
+	bicl3	#-65536,-52(fp),r0
+	ashl	#16,r0,-56(fp)
+	addl2	-56(fp),r4
+	bicl2	#0,r4
+	cmpl	r4,-56(fp)
+	bgequ	noname.328
+	incl	-60(fp)
+noname.328:
+	movl	r4,r1
+	movl	-60(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.329
+	incl	r2
+noname.329:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.330
+	incl	r8
+noname.330:
+
+	movzwl	6(r6),r2
+	bicl3	#-65536,8(r7),r3
+	movzwl	10(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,4(r6),-72(fp)
+	bicl3	#-65536,r2,-76(fp)
+	mull3	r0,-72(fp),-64(fp)
+	mull2	r3,-72(fp)
+	mull3	r3,-76(fp),-68(fp)
+	mull2	r0,-76(fp)
+	addl3	-64(fp),-68(fp),r0
+	bicl3	#0,r0,-64(fp)
+	cmpl	-64(fp),-68(fp)
+	bgequ	noname.331
+	addl2	#65536,-76(fp)
+noname.331:
+	movzwl	-62(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-76(fp)
+	bicl3	#-65536,-64(fp),r0
+	ashl	#16,r0,-68(fp)
+	addl3	-68(fp),-72(fp),r0
+	bicl3	#0,r0,-72(fp)
+	cmpl	-72(fp),-68(fp)
+	bgequ	noname.332
+	incl	-76(fp)
+noname.332:
+	movl	-72(fp),r1
+	movl	-76(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.333
+	incl	r2
+noname.333:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.334
+	incl	r8
+noname.334:
+
+	bicl3	#-65536,8(r6),r3
+	movzwl	10(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,4(r7),r2
+	movzwl	6(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-80(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-84(fp)
+	mull2	r0,r4
+	addl3	-80(fp),-84(fp),r0
+	bicl3	#0,r0,-80(fp)
+	cmpl	-80(fp),-84(fp)
+	bgequ	noname.335
+	addl2	#65536,r4
+noname.335:
+	movzwl	-78(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-80(fp),r0
+	ashl	#16,r0,-84(fp)
+	addl2	-84(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-84(fp)
+	bgequ	noname.336
+	incl	r4
+noname.336:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.337
+	incl	r2
+noname.337:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.338
+	incl	r8
+noname.338:
+
+	bicl3	#-65536,12(r6),r3
+	movzwl	14(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,(r7),r2
+	movzwl	2(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-88(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-92(fp)
+	mull2	r0,r4
+	addl3	-88(fp),-92(fp),r0
+	bicl3	#0,r0,-88(fp)
+	cmpl	-88(fp),-92(fp)
+	bgequ	noname.339
+	addl2	#65536,r4
+noname.339:
+	movzwl	-86(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-88(fp),r0
+	ashl	#16,r0,-92(fp)
+	addl2	-92(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-92(fp)
+	bgequ	noname.340
+	incl	r4
+noname.340:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.341
+	incl	r2
+noname.341:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.342
+	incl	r8
+noname.342:
+
+	movl	r10,12(r11)
+
+	clrl	r10
+
+	bicl3	#-65536,12(r6),r3
+	movzwl	14(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,4(r7),r2
+	movzwl	6(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-96(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-100(fp)
+	mull2	r0,r4
+	addl3	-96(fp),-100(fp),r0
+	bicl3	#0,r0,-96(fp)
+	cmpl	-96(fp),-100(fp)
+	bgequ	noname.343
+	addl2	#65536,r4
+noname.343:
+	movzwl	-94(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-96(fp),r0
+	ashl	#16,r0,-100(fp)
+	addl2	-100(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-100(fp)
+	bgequ	noname.344
+	incl	r4
+noname.344:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.345
+	incl	r2
+noname.345:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.346
+	incl	r10
+noname.346:
+
+	bicl3	#-65536,8(r6),r3
+	movzwl	10(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,8(r7),r2
+	movzwl	10(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-104(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-108(fp)
+	mull2	r0,r4
+	addl3	-104(fp),-108(fp),r0
+	bicl3	#0,r0,-104(fp)
+	cmpl	-104(fp),-108(fp)
+	bgequ	noname.347
+	addl2	#65536,r4
+noname.347:
+	movzwl	-102(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-104(fp),r0
+	ashl	#16,r0,-108(fp)
+	addl2	-108(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-108(fp)
+	bgequ	noname.348
+	incl	r4
+noname.348:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.349
+	incl	r2
+noname.349:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.350
+	incl	r10
+noname.350:
+
+	bicl3	#-65536,4(r6),r3
+	movzwl	6(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,12(r7),r2
+	movzwl	14(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-112(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-116(fp)
+	mull2	r0,r4
+	addl3	-112(fp),-116(fp),r0
+	bicl3	#0,r0,-112(fp)
+	cmpl	-112(fp),-116(fp)
+	bgequ	noname.351
+	addl2	#65536,r4
+noname.351:
+	movzwl	-110(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-112(fp),r0
+	ashl	#16,r0,-116(fp)
+	addl2	-116(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-116(fp)
+	bgequ	noname.352
+	incl	r4
+noname.352:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.353
+	incl	r2
+noname.353:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.354
+	incl	r10
+noname.354:
+
+	movl	r9,16(r11)
+
+	clrl	r9
+
+	bicl3	#-65536,8(r6),r3
+	movzwl	10(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,12(r7),r2
+	movzwl	14(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-120(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-124(fp)
+	mull2	r0,r4
+	addl3	-120(fp),-124(fp),r0
+	bicl3	#0,r0,-120(fp)
+	cmpl	-120(fp),-124(fp)
+	bgequ	noname.355
+	addl2	#65536,r4
+noname.355:
+	movzwl	-118(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-120(fp),r0
+	ashl	#16,r0,-124(fp)
+	addl2	-124(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-124(fp)
+	bgequ	noname.356
+	incl	r4
+noname.356:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.357
+	incl	r2
+noname.357:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.358
+	incl	r9
+noname.358:
+
+	movzwl	14(r6),r2
+	bicl3	#-65536,8(r7),r3
+	movzwl	10(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,12(r6),-136(fp)
+	bicl3	#-65536,r2,-140(fp)
+	mull3	r0,-136(fp),-128(fp)
+	mull2	r3,-136(fp)
+	mull3	r3,-140(fp),-132(fp)
+	mull2	r0,-140(fp)
+	addl3	-128(fp),-132(fp),r0
+	bicl3	#0,r0,-128(fp)
+	cmpl	-128(fp),-132(fp)
+	bgequ	noname.359
+	addl2	#65536,-140(fp)
+noname.359:
+	movzwl	-126(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-140(fp)
+	bicl3	#-65536,-128(fp),r0
+	ashl	#16,r0,-132(fp)
+	addl3	-132(fp),-136(fp),r0
+	bicl3	#0,r0,-136(fp)
+	cmpl	-136(fp),-132(fp)
+	bgequ	noname.360
+	incl	-140(fp)
+noname.360:
+	movl	-136(fp),r1
+	movl	-140(fp),r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.361
+	incl	r2
+noname.361:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.362
+	incl	r9
+noname.362:
+
+	movl	r8,20(r11)
+
+	clrl	r8
+
+	movzwl	14(r6),r2
+	bicl3	#-65536,12(r7),r3
+	movzwl	14(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,12(r6),-152(fp)
+	bicl3	#-65536,r2,-156(fp)
+	mull3	r0,-152(fp),-144(fp)
+	mull2	r3,-152(fp)
+	mull3	r3,-156(fp),-148(fp)
+	mull2	r0,-156(fp)
+	addl3	-144(fp),-148(fp),r0
+	bicl3	#0,r0,-144(fp)
+	cmpl	-144(fp),-148(fp)
+	bgequ	noname.363
+	addl2	#65536,-156(fp)
+noname.363:
+	movzwl	-142(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-156(fp)
+	bicl3	#-65536,-144(fp),r0
+	ashl	#16,r0,-148(fp)
+	addl3	-148(fp),-152(fp),r0
+	bicl3	#0,r0,-152(fp)
+	cmpl	-152(fp),-148(fp)
+	bgequ	noname.364
+	incl	-156(fp)
+noname.364:
+	movl	-152(fp),r1
+	movl	-156(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.365
+	incl	r2
+noname.365:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.366
+	incl	r8
+noname.366:
+
+	movl	r10,24(r11)
+
+	movl	r9,28(r11)
+
+	ret	
+
+
+
+;r=4 ;(AP)
+;a=8 ;(AP)
+;b=12 ;(AP)
+;n=16 ;(AP)	n	by value (input)
+
+	.psect	code,nowrt
+
+.entry	BN_SQR_COMBA8,^m<r2,r3,r4,r5,r6,r7,r8,r9>
+	movab	-444(sp),sp
+
+	clrq	r8
+
+	clrl	r7
+
+	movl	8(ap),r4
+	movl	(r4),r3
+	bicl3	#-65536,r3,-4(fp)
+	extzv	#16,#16,r3,r0
+	bicl3	#-65536,r0,r3
+	movl	-4(fp),r0
+	mull3	r0,r3,-8(fp)
+	mull3	r0,r0,-4(fp)
+	mull2	r3,r3
+	bicl3	#32767,-8(fp),r0
+	extzv	#15,#17,r0,r0
+	addl2	r0,r3
+	bicl3	#-65536,-8(fp),r0
+	ashl	#17,r0,-8(fp)
+	addl3	-4(fp),-8(fp),r0
+	bicl3	#0,r0,-4(fp)
+	cmpl	-4(fp),-8(fp)
+	bgequ	noname.369
+	incl	r3
+noname.369:
+	movl	-4(fp),r1
+	movl	r3,r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.370
+	incl	r2
+noname.370:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.371
+	incl	r7
+noname.371:
+
+	movl	r9,@4(ap)
+
+	clrl	r9
+
+	movzwl	6(r4),r2
+	bicl3	#-65536,(r4),r3
+	movzwl	2(r4),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,4(r4),-20(fp)
+	bicl3	#-65536,r2,-24(fp)
+	mull3	r0,-20(fp),-12(fp)
+	mull2	r3,-20(fp)
+	mull3	r3,-24(fp),-16(fp)
+	mull2	r0,-24(fp)
+	addl3	-12(fp),-16(fp),r0
+	bicl3	#0,r0,-12(fp)
+	cmpl	-12(fp),-16(fp)
+	bgequ	noname.372
+	addl2	#65536,-24(fp)
+noname.372:
+	movzwl	-10(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-24(fp)
+	bicl3	#-65536,-12(fp),r0
+	ashl	#16,r0,-16(fp)
+	addl3	-16(fp),-20(fp),r0
+	bicl3	#0,r0,-20(fp)
+	cmpl	-20(fp),-16(fp)
+	bgequ	noname.373
+	incl	-24(fp)
+noname.373:
+	movl	-20(fp),r3
+	movl	-24(fp),r2
+	bbc	#31,r2,noname.374
+	incl	r9
+noname.374:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.375
+	incl	r2
+noname.375:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r8
+	bicl2	#0,r8
+	cmpl	r8,r3
+	bgequ	noname.376
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.376
+	incl	r9
+noname.376:
+	addl2	r2,r7
+	bicl2	#0,r7
+	cmpl	r7,r2
+	bgequ	noname.377
+	incl	r9
+noname.377:
+
+	movl	4(ap),r0
+	movl	r8,4(r0)
+
+	clrl	r8
+
+	movl	8(ap),r4
+	movl	4(r4),r3
+	bicl3	#-65536,r3,-28(fp)
+	extzv	#16,#16,r3,r0
+	bicl3	#-65536,r0,r3
+	movl	-28(fp),r0
+	mull3	r0,r3,-32(fp)
+	mull3	r0,r0,-28(fp)
+	mull2	r3,r3
+	bicl3	#32767,-32(fp),r0
+	extzv	#15,#17,r0,r0
+	addl2	r0,r3
+	bicl3	#-65536,-32(fp),r0
+	ashl	#17,r0,-32(fp)
+	addl3	-28(fp),-32(fp),r0
+	bicl3	#0,r0,-28(fp)
+	cmpl	-28(fp),-32(fp)
+	bgequ	noname.378
+	incl	r3
+noname.378:
+	movl	-28(fp),r1
+	movl	r3,r2
+	addl2	r1,r7
+	bicl2	#0,r7
+	cmpl	r7,r1
+	bgequ	noname.379
+	incl	r2
+noname.379:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.380
+	incl	r8
+noname.380:
+
+	movzwl	10(r4),r2
+	bicl3	#-65536,(r4),r3
+	movzwl	2(r4),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,8(r4),-44(fp)
+	bicl3	#-65536,r2,-48(fp)
+	mull3	r0,-44(fp),-36(fp)
+	mull2	r3,-44(fp)
+	mull3	r3,-48(fp),-40(fp)
+	mull2	r0,-48(fp)
+	addl3	-36(fp),-40(fp),r0
+	bicl3	#0,r0,-36(fp)
+	cmpl	-36(fp),-40(fp)
+	bgequ	noname.381
+	addl2	#65536,-48(fp)
+noname.381:
+	movzwl	-34(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-48(fp)
+	bicl3	#-65536,-36(fp),r0
+	ashl	#16,r0,-40(fp)
+	addl3	-40(fp),-44(fp),r0
+	bicl3	#0,r0,-44(fp)
+	cmpl	-44(fp),-40(fp)
+	bgequ	noname.382
+	incl	-48(fp)
+noname.382:
+	movl	-44(fp),r3
+	movl	-48(fp),r2
+	bbc	#31,r2,noname.383
+	incl	r8
+noname.383:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.384
+	incl	r2
+noname.384:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r7
+	bicl2	#0,r7
+	cmpl	r7,r3
+	bgequ	noname.385
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.385
+	incl	r8
+noname.385:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.386
+	incl	r8
+noname.386:
+
+	movl	4(ap),r0
+	movl	r7,8(r0)
+
+	clrl	r7
+
+	movl	8(ap),r0
+	movzwl	14(r0),r2
+	bicl3	#-65536,(r0),r3
+	movzwl	2(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,12(r0),-60(fp)
+	bicl3	#-65536,r2,-64(fp)
+	mull3	r1,-60(fp),-52(fp)
+	mull2	r3,-60(fp)
+	mull3	r3,-64(fp),-56(fp)
+	mull2	r1,-64(fp)
+	addl3	-52(fp),-56(fp),r0
+	bicl3	#0,r0,-52(fp)
+	cmpl	-52(fp),-56(fp)
+	bgequ	noname.387
+	addl2	#65536,-64(fp)
+noname.387:
+	movzwl	-50(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-64(fp)
+	bicl3	#-65536,-52(fp),r0
+	ashl	#16,r0,-56(fp)
+	addl3	-56(fp),-60(fp),r0
+	bicl3	#0,r0,-60(fp)
+	cmpl	-60(fp),-56(fp)
+	bgequ	noname.388
+	incl	-64(fp)
+noname.388:
+	movl	-60(fp),r3
+	movl	-64(fp),r2
+	bbc	#31,r2,noname.389
+	incl	r7
+noname.389:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.390
+	incl	r2
+noname.390:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r9
+	bicl2	#0,r9
+	cmpl	r9,r3
+	bgequ	noname.391
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.391
+	incl	r7
+noname.391:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.392
+	incl	r7
+noname.392:
+
+	movl	8(ap),r0
+	movzwl	10(r0),r2
+	bicl3	#-65536,4(r0),r3
+	movzwl	6(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,8(r0),-76(fp)
+	bicl3	#-65536,r2,-80(fp)
+	mull3	r1,-76(fp),-68(fp)
+	mull2	r3,-76(fp)
+	mull3	r3,-80(fp),-72(fp)
+	mull2	r1,-80(fp)
+	addl3	-68(fp),-72(fp),r0
+	bicl3	#0,r0,-68(fp)
+	cmpl	-68(fp),-72(fp)
+	bgequ	noname.393
+	addl2	#65536,-80(fp)
+noname.393:
+	movzwl	-66(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-80(fp)
+	bicl3	#-65536,-68(fp),r0
+	ashl	#16,r0,-72(fp)
+	addl3	-72(fp),-76(fp),r0
+	bicl3	#0,r0,-76(fp)
+	cmpl	-76(fp),-72(fp)
+	bgequ	noname.394
+	incl	-80(fp)
+noname.394:
+	movl	-76(fp),r3
+	movl	-80(fp),r2
+	bbc	#31,r2,noname.395
+	incl	r7
+noname.395:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.396
+	incl	r2
+noname.396:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r9
+	bicl2	#0,r9
+	cmpl	r9,r3
+	bgequ	noname.397
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.397
+	incl	r7
+noname.397:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.398
+	incl	r7
+noname.398:
+
+	movl	4(ap),r0
+	movl	r9,12(r0)
+
+	clrl	r9
+
+	movl	8(ap),r2
+	movl	8(r2),r4
+	bicl3	#-65536,r4,-84(fp)
+	extzv	#16,#16,r4,r0
+	bicl3	#-65536,r0,r4
+	movl	-84(fp),r0
+	mull3	r0,r4,-88(fp)
+	mull3	r0,r0,-84(fp)
+	mull2	r4,r4
+	bicl3	#32767,-88(fp),r0
+	extzv	#15,#17,r0,r0
+	addl2	r0,r4
+	bicl3	#-65536,-88(fp),r0
+	ashl	#17,r0,-88(fp)
+	addl3	-84(fp),-88(fp),r0
+	bicl3	#0,r0,-84(fp)
+	cmpl	-84(fp),-88(fp)
+	bgequ	noname.399
+	incl	r4
+noname.399:
+	movl	-84(fp),r1
+	movl	r4,r3
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.400
+	incl	r3
+noname.400:
+	addl2	r3,r7
+	bicl2	#0,r7
+	cmpl	r7,r3
+	bgequ	noname.401
+	incl	r9
+noname.401:
+
+	movzwl	14(r2),r3
+	bicl3	#-65536,4(r2),r1
+	movzwl	6(r2),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,12(r2),-100(fp)
+	bicl3	#-65536,r3,-104(fp)
+	mull3	r0,-100(fp),-92(fp)
+	mull2	r1,-100(fp)
+	mull3	r1,-104(fp),-96(fp)
+	mull2	r0,-104(fp)
+	addl3	-92(fp),-96(fp),r0
+	bicl3	#0,r0,-92(fp)
+	cmpl	-92(fp),-96(fp)
+	bgequ	noname.402
+	addl2	#65536,-104(fp)
+noname.402:
+	movzwl	-90(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-104(fp)
+	bicl3	#-65536,-92(fp),r0
+	ashl	#16,r0,-96(fp)
+	addl3	-96(fp),-100(fp),r0
+	bicl3	#0,r0,-100(fp)
+	cmpl	-100(fp),-96(fp)
+	bgequ	noname.403
+	incl	-104(fp)
+noname.403:
+	movl	-100(fp),r3
+	movl	-104(fp),r2
+	bbc	#31,r2,noname.404
+	incl	r9
+noname.404:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.405
+	incl	r2
+noname.405:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r8
+	bicl2	#0,r8
+	cmpl	r8,r3
+	bgequ	noname.406
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.406
+	incl	r9
+noname.406:
+	addl2	r2,r7
+	bicl2	#0,r7
+	cmpl	r7,r2
+	bgequ	noname.407
+	incl	r9
+noname.407:
+
+	movl	8(ap),r0
+	movzwl	18(r0),r2
+	bicl3	#-65536,(r0),r3
+	movzwl	2(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,16(r0),-116(fp)
+	bicl3	#-65536,r2,-120(fp)
+	mull3	r1,-116(fp),-108(fp)
+	mull2	r3,-116(fp)
+	mull3	r3,-120(fp),-112(fp)
+	mull2	r1,-120(fp)
+	addl3	-108(fp),-112(fp),r0
+	bicl3	#0,r0,-108(fp)
+	cmpl	-108(fp),-112(fp)
+	bgequ	noname.408
+	addl2	#65536,-120(fp)
+noname.408:
+	movzwl	-106(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-120(fp)
+	bicl3	#-65536,-108(fp),r0
+	ashl	#16,r0,-112(fp)
+	addl3	-112(fp),-116(fp),r0
+	bicl3	#0,r0,-116(fp)
+	cmpl	-116(fp),-112(fp)
+	bgequ	noname.409
+	incl	-120(fp)
+noname.409:
+	movl	-116(fp),r3
+	movl	-120(fp),r2
+	bbc	#31,r2,noname.410
+	incl	r9
+noname.410:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.411
+	incl	r2
+noname.411:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r8
+	bicl2	#0,r8
+	cmpl	r8,r3
+	bgequ	noname.412
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.412
+	incl	r9
+noname.412:
+	addl2	r2,r7
+	bicl2	#0,r7
+	cmpl	r7,r2
+	bgequ	noname.413
+	incl	r9
+noname.413:
+
+	movl	4(ap),r0
+	movl	r8,16(r0)
+
+	clrl	r8
+
+	movl	8(ap),r0
+	movzwl	22(r0),r2
+	bicl3	#-65536,(r0),r3
+	movzwl	2(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,20(r0),-132(fp)
+	bicl3	#-65536,r2,-136(fp)
+	mull3	r1,-132(fp),-124(fp)
+	mull2	r3,-132(fp)
+	mull3	r3,-136(fp),-128(fp)
+	mull2	r1,-136(fp)
+	addl3	-124(fp),-128(fp),r0
+	bicl3	#0,r0,-124(fp)
+	cmpl	-124(fp),-128(fp)
+	bgequ	noname.414
+	addl2	#65536,-136(fp)
+noname.414:
+	movzwl	-122(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-136(fp)
+	bicl3	#-65536,-124(fp),r0
+	ashl	#16,r0,-128(fp)
+	addl3	-128(fp),-132(fp),r0
+	bicl3	#0,r0,-132(fp)
+	cmpl	-132(fp),-128(fp)
+	bgequ	noname.415
+	incl	-136(fp)
+noname.415:
+	movl	-132(fp),r3
+	movl	-136(fp),r2
+	bbc	#31,r2,noname.416
+	incl	r8
+noname.416:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.417
+	incl	r2
+noname.417:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r7
+	bicl2	#0,r7
+	cmpl	r7,r3
+	bgequ	noname.418
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.418
+	incl	r8
+noname.418:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.419
+	incl	r8
+noname.419:
+
+	movl	8(ap),r0
+	movzwl	18(r0),r2
+	bicl3	#-65536,4(r0),r3
+	movzwl	6(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,16(r0),-148(fp)
+	bicl3	#-65536,r2,-152(fp)
+	mull3	r1,-148(fp),-140(fp)
+	mull2	r3,-148(fp)
+	mull3	r3,-152(fp),-144(fp)
+	mull2	r1,-152(fp)
+	addl3	-140(fp),-144(fp),r0
+	bicl3	#0,r0,-140(fp)
+	cmpl	-140(fp),-144(fp)
+	bgequ	noname.420
+	addl2	#65536,-152(fp)
+noname.420:
+	movzwl	-138(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-152(fp)
+	bicl3	#-65536,-140(fp),r0
+	ashl	#16,r0,-144(fp)
+	addl3	-144(fp),-148(fp),r0
+	bicl3	#0,r0,-148(fp)
+	cmpl	-148(fp),-144(fp)
+	bgequ	noname.421
+	incl	-152(fp)
+noname.421:
+	movl	-148(fp),r3
+	movl	-152(fp),r2
+	bbc	#31,r2,noname.422
+	incl	r8
+noname.422:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.423
+	incl	r2
+noname.423:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r7
+	bicl2	#0,r7
+	cmpl	r7,r3
+	bgequ	noname.424
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.424
+	incl	r8
+noname.424:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.425
+	incl	r8
+noname.425:
+
+	movl	8(ap),r0
+	movzwl	14(r0),r2
+	bicl3	#-65536,8(r0),r3
+	movzwl	10(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,12(r0),-164(fp)
+	bicl3	#-65536,r2,-168(fp)
+	mull3	r1,-164(fp),-156(fp)
+	mull2	r3,-164(fp)
+	mull3	r3,-168(fp),-160(fp)
+	mull2	r1,-168(fp)
+	addl3	-156(fp),-160(fp),r0
+	bicl3	#0,r0,-156(fp)
+	cmpl	-156(fp),-160(fp)
+	bgequ	noname.426
+	addl2	#65536,-168(fp)
+noname.426:
+	movzwl	-154(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-168(fp)
+	bicl3	#-65536,-156(fp),r0
+	ashl	#16,r0,-160(fp)
+	addl3	-160(fp),-164(fp),r0
+	bicl3	#0,r0,-164(fp)
+	cmpl	-164(fp),-160(fp)
+	bgequ	noname.427
+	incl	-168(fp)
+noname.427:
+	movl	-164(fp),r3
+	movl	-168(fp),r2
+	bbc	#31,r2,noname.428
+	incl	r8
+noname.428:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.429
+	incl	r2
+noname.429:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r7
+	bicl2	#0,r7
+	cmpl	r7,r3
+	bgequ	noname.430
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.430
+	incl	r8
+noname.430:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.431
+	incl	r8
+noname.431:
+
+	movl	4(ap),r0
+	movl	r7,20(r0)
+
+	clrl	r7
+
+	movl	8(ap),r2
+	movl	12(r2),r4
+	bicl3	#-65536,r4,-172(fp)
+	extzv	#16,#16,r4,r0
+	bicl3	#-65536,r0,r4
+	movl	-172(fp),r0
+	mull3	r0,r4,-176(fp)
+	mull3	r0,r0,-172(fp)
+	mull2	r4,r4
+	bicl3	#32767,-176(fp),r0
+	extzv	#15,#17,r0,r0
+	addl2	r0,r4
+	bicl3	#-65536,-176(fp),r0
+	ashl	#17,r0,-176(fp)
+	addl3	-172(fp),-176(fp),r0
+	bicl3	#0,r0,-172(fp)
+	cmpl	-172(fp),-176(fp)
+	bgequ	noname.432
+	incl	r4
+noname.432:
+	movl	-172(fp),r1
+	movl	r4,r3
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.433
+	incl	r3
+noname.433:
+	addl2	r3,r8
+	bicl2	#0,r8
+	cmpl	r8,r3
+	bgequ	noname.434
+	incl	r7
+noname.434:
+
+	movzwl	18(r2),r3
+	bicl3	#-65536,8(r2),r1
+	movzwl	10(r2),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,16(r2),-188(fp)
+	bicl3	#-65536,r3,-192(fp)
+	mull3	r0,-188(fp),-180(fp)
+	mull2	r1,-188(fp)
+	mull3	r1,-192(fp),-184(fp)
+	mull2	r0,-192(fp)
+	addl3	-180(fp),-184(fp),r0
+	bicl3	#0,r0,-180(fp)
+	cmpl	-180(fp),-184(fp)
+	bgequ	noname.435
+	addl2	#65536,-192(fp)
+noname.435:
+	movzwl	-178(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-192(fp)
+	bicl3	#-65536,-180(fp),r0
+	ashl	#16,r0,-184(fp)
+	addl3	-184(fp),-188(fp),r0
+	bicl3	#0,r0,-188(fp)
+	cmpl	-188(fp),-184(fp)
+	bgequ	noname.436
+	incl	-192(fp)
+noname.436:
+	movl	-188(fp),r3
+	movl	-192(fp),r2
+	bbc	#31,r2,noname.437
+	incl	r7
+noname.437:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.438
+	incl	r2
+noname.438:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r9
+	bicl2	#0,r9
+	cmpl	r9,r3
+	bgequ	noname.439
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.439
+	incl	r7
+noname.439:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.440
+	incl	r7
+noname.440:
+
+	movl	8(ap),r0
+	movzwl	22(r0),r2
+	bicl3	#-65536,4(r0),r3
+	movzwl	6(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,20(r0),-204(fp)
+	bicl3	#-65536,r2,-208(fp)
+	mull3	r1,-204(fp),-196(fp)
+	mull2	r3,-204(fp)
+	mull3	r3,-208(fp),-200(fp)
+	mull2	r1,-208(fp)
+	addl3	-196(fp),-200(fp),r0
+	bicl3	#0,r0,-196(fp)
+	cmpl	-196(fp),-200(fp)
+	bgequ	noname.441
+	addl2	#65536,-208(fp)
+noname.441:
+	movzwl	-194(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-208(fp)
+	bicl3	#-65536,-196(fp),r0
+	ashl	#16,r0,-200(fp)
+	addl3	-200(fp),-204(fp),r0
+	bicl3	#0,r0,-204(fp)
+	cmpl	-204(fp),-200(fp)
+	bgequ	noname.442
+	incl	-208(fp)
+noname.442:
+	movl	-204(fp),r3
+	movl	-208(fp),r2
+	bbc	#31,r2,noname.443
+	incl	r7
+noname.443:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.444
+	incl	r2
+noname.444:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r9
+	bicl2	#0,r9
+	cmpl	r9,r3
+	bgequ	noname.445
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.445
+	incl	r7
+noname.445:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.446
+	incl	r7
+noname.446:
+
+	movl	8(ap),r0
+	movzwl	26(r0),r2
+	bicl3	#-65536,(r0),r3
+	movzwl	2(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,24(r0),-220(fp)
+	bicl3	#-65536,r2,-224(fp)
+	mull3	r1,-220(fp),-212(fp)
+	mull2	r3,-220(fp)
+	mull3	r3,-224(fp),-216(fp)
+	mull2	r1,-224(fp)
+	addl3	-212(fp),-216(fp),r0
+	bicl3	#0,r0,-212(fp)
+	cmpl	-212(fp),-216(fp)
+	bgequ	noname.447
+	addl2	#65536,-224(fp)
+noname.447:
+	movzwl	-210(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-224(fp)
+	bicl3	#-65536,-212(fp),r0
+	ashl	#16,r0,-216(fp)
+	addl3	-216(fp),-220(fp),r0
+	bicl3	#0,r0,-220(fp)
+	cmpl	-220(fp),-216(fp)
+	bgequ	noname.448
+	incl	-224(fp)
+noname.448:
+	movl	-220(fp),r3
+	movl	-224(fp),r2
+	bbc	#31,r2,noname.449
+	incl	r7
+noname.449:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.450
+	incl	r2
+noname.450:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r9
+	bicl2	#0,r9
+	cmpl	r9,r3
+	bgequ	noname.451
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.451
+	incl	r7
+noname.451:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.452
+	incl	r7
+noname.452:
+
+	movl	4(ap),r0
+	movl	r9,24(r0)
+
+	clrl	r9
+
+	movl	8(ap),r0
+	movzwl	30(r0),r2
+	bicl3	#-65536,(r0),r3
+	movzwl	2(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,28(r0),-236(fp)
+	bicl3	#-65536,r2,-240(fp)
+	mull3	r1,-236(fp),-228(fp)
+	mull2	r3,-236(fp)
+	mull3	r3,-240(fp),-232(fp)
+	mull2	r1,-240(fp)
+	addl3	-228(fp),-232(fp),r0
+	bicl3	#0,r0,-228(fp)
+	cmpl	-228(fp),-232(fp)
+	bgequ	noname.453
+	addl2	#65536,-240(fp)
+noname.453:
+	movzwl	-226(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-240(fp)
+	bicl3	#-65536,-228(fp),r0
+	ashl	#16,r0,-232(fp)
+	addl3	-232(fp),-236(fp),r0
+	bicl3	#0,r0,-236(fp)
+	cmpl	-236(fp),-232(fp)
+	bgequ	noname.454
+	incl	-240(fp)
+noname.454:
+	movl	-236(fp),r3
+	movl	-240(fp),r2
+	bbc	#31,r2,noname.455
+	incl	r9
+noname.455:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.456
+	incl	r2
+noname.456:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r8
+	bicl2	#0,r8
+	cmpl	r8,r3
+	bgequ	noname.457
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.457
+	incl	r9
+noname.457:
+	addl2	r2,r7
+	bicl2	#0,r7
+	cmpl	r7,r2
+	bgequ	noname.458
+	incl	r9
+noname.458:
+
+	movl	8(ap),r0
+	movzwl	26(r0),r2
+	bicl3	#-65536,4(r0),r3
+	movzwl	6(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,24(r0),-252(fp)
+	bicl3	#-65536,r2,-256(fp)
+	mull3	r1,-252(fp),-244(fp)
+	mull2	r3,-252(fp)
+	mull3	r3,-256(fp),-248(fp)
+	mull2	r1,-256(fp)
+	addl3	-244(fp),-248(fp),r0
+	bicl3	#0,r0,-244(fp)
+	cmpl	-244(fp),-248(fp)
+	bgequ	noname.459
+	addl2	#65536,-256(fp)
+noname.459:
+	movzwl	-242(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-256(fp)
+	bicl3	#-65536,-244(fp),r0
+	ashl	#16,r0,-248(fp)
+	addl3	-248(fp),-252(fp),r0
+	bicl3	#0,r0,-252(fp)
+	cmpl	-252(fp),-248(fp)
+	bgequ	noname.460
+	incl	-256(fp)
+noname.460:
+	movl	-252(fp),r3
+	movl	-256(fp),r2
+	bbc	#31,r2,noname.461
+	incl	r9
+noname.461:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.462
+	incl	r2
+noname.462:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r8
+	bicl2	#0,r8
+	cmpl	r8,r3
+	bgequ	noname.463
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.463
+	incl	r9
+noname.463:
+	addl2	r2,r7
+	bicl2	#0,r7
+	cmpl	r7,r2
+	bgequ	noname.464
+	incl	r9
+noname.464:
+
+	movl	8(ap),r0
+	movzwl	22(r0),r2
+	bicl3	#-65536,8(r0),r3
+	movzwl	10(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,20(r0),-268(fp)
+	bicl3	#-65536,r2,-272(fp)
+	mull3	r1,-268(fp),-260(fp)
+	mull2	r3,-268(fp)
+	mull3	r3,-272(fp),-264(fp)
+	mull2	r1,-272(fp)
+	addl3	-260(fp),-264(fp),r0
+	bicl3	#0,r0,-260(fp)
+	cmpl	-260(fp),-264(fp)
+	bgequ	noname.465
+	addl2	#65536,-272(fp)
+noname.465:
+	movzwl	-258(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-272(fp)
+	bicl3	#-65536,-260(fp),r0
+	ashl	#16,r0,-264(fp)
+	addl3	-264(fp),-268(fp),r0
+	bicl3	#0,r0,-268(fp)
+	cmpl	-268(fp),-264(fp)
+	bgequ	noname.466
+	incl	-272(fp)
+noname.466:
+	movl	-268(fp),r3
+	movl	-272(fp),r2
+	bbc	#31,r2,noname.467
+	incl	r9
+noname.467:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.468
+	incl	r2
+noname.468:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r8
+	bicl2	#0,r8
+	cmpl	r8,r3
+	bgequ	noname.469
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.469
+	incl	r9
+noname.469:
+	addl2	r2,r7
+	bicl2	#0,r7
+	cmpl	r7,r2
+	bgequ	noname.470
+	incl	r9
+noname.470:
+
+	movl	8(ap),r0
+	movzwl	18(r0),r2
+	bicl3	#-65536,12(r0),r3
+	movzwl	14(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,16(r0),-284(fp)
+	bicl3	#-65536,r2,-288(fp)
+	mull3	r1,-284(fp),-276(fp)
+	mull2	r3,-284(fp)
+	mull3	r3,-288(fp),-280(fp)
+	mull2	r1,-288(fp)
+	addl3	-276(fp),-280(fp),r0
+	bicl3	#0,r0,-276(fp)
+	cmpl	-276(fp),-280(fp)
+	bgequ	noname.471
+	addl2	#65536,-288(fp)
+noname.471:
+	movzwl	-274(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-288(fp)
+	bicl3	#-65536,-276(fp),r0
+	ashl	#16,r0,-280(fp)
+	addl3	-280(fp),-284(fp),r0
+	bicl3	#0,r0,-284(fp)
+	cmpl	-284(fp),-280(fp)
+	bgequ	noname.472
+	incl	-288(fp)
+noname.472:
+	movl	-284(fp),r3
+	movl	-288(fp),r2
+	bbc	#31,r2,noname.473
+	incl	r9
+noname.473:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.474
+	incl	r2
+noname.474:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r8
+	bicl2	#0,r8
+	cmpl	r8,r3
+	bgequ	noname.475
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.475
+	incl	r9
+noname.475:
+	addl2	r2,r7
+	bicl2	#0,r7
+	cmpl	r7,r2
+	bgequ	noname.476
+	incl	r9
+noname.476:
+
+	movl	4(ap),r0
+	movl	r8,28(r0)
+
+	clrl	r8
+
+	movl	8(ap),r3
+	movl	16(r3),r4
+	bicl3	#-65536,r4,r5
+	extzv	#16,#16,r4,r0
+	bicl3	#-65536,r0,r4
+	mull3	r5,r4,-292(fp)
+	mull2	r5,r5
+	mull2	r4,r4
+	bicl3	#32767,-292(fp),r0
+	extzv	#15,#17,r0,r0
+	addl2	r0,r4
+	bicl3	#-65536,-292(fp),r0
+	ashl	#17,r0,-292(fp)
+	addl2	-292(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-292(fp)
+	bgequ	noname.477
+	incl	r4
+noname.477:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r7
+	bicl2	#0,r7
+	cmpl	r7,r1
+	bgequ	noname.478
+	incl	r2
+noname.478:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.479
+	incl	r8
+noname.479:
+
+	bicl3	#-65536,20(r3),r4
+	movzwl	22(r3),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,12(r3),r2
+	movzwl	14(r3),r0
+	bicl2	#-65536,r0
+	movl	r4,r6
+	movl	r1,r5
+	mull3	r0,r6,-296(fp)
+	mull2	r2,r6
+	mull3	r2,r5,-300(fp)
+	mull2	r0,r5
+	addl3	-296(fp),-300(fp),r0
+	bicl3	#0,r0,-296(fp)
+	cmpl	-296(fp),-300(fp)
+	bgequ	noname.480
+	addl2	#65536,r5
+noname.480:
+	movzwl	-294(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r5
+	bicl3	#-65536,-296(fp),r0
+	ashl	#16,r0,-300(fp)
+	addl2	-300(fp),r6
+	bicl2	#0,r6
+	cmpl	r6,-300(fp)
+	bgequ	noname.481
+	incl	r5
+noname.481:
+	movl	r6,r3
+	movl	r5,r2
+	bbc	#31,r2,noname.482
+	incl	r8
+noname.482:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.483
+	incl	r2
+noname.483:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r7
+	bicl2	#0,r7
+	cmpl	r7,r3
+	bgequ	noname.484
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.484
+	incl	r8
+noname.484:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.485
+	incl	r8
+noname.485:
+
+	movl	8(ap),r0
+	bicl3	#-65536,24(r0),r3
+	movzwl	26(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,8(r0),r2
+	movzwl	10(r0),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-304(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-308(fp)
+	mull2	r0,r4
+	addl3	-304(fp),-308(fp),r0
+	bicl3	#0,r0,-304(fp)
+	cmpl	-304(fp),-308(fp)
+	bgequ	noname.486
+	addl2	#65536,r4
+noname.486:
+	movzwl	-302(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-304(fp),r0
+	ashl	#16,r0,-308(fp)
+	addl2	-308(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-308(fp)
+	bgequ	noname.487
+	incl	r4
+noname.487:
+	movl	r5,r3
+	movl	r4,r2
+	bbc	#31,r2,noname.488
+	incl	r8
+noname.488:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.489
+	incl	r2
+noname.489:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r7
+	bicl2	#0,r7
+	cmpl	r7,r3
+	bgequ	noname.490
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.490
+	incl	r8
+noname.490:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.491
+	incl	r8
+noname.491:
+
+	movl	8(ap),r0
+	bicl3	#-65536,28(r0),r3
+	movzwl	30(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,4(r0),r2
+	movzwl	6(r0),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-312(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-316(fp)
+	mull2	r0,r4
+	addl3	-312(fp),-316(fp),r0
+	bicl3	#0,r0,-312(fp)
+	cmpl	-312(fp),-316(fp)
+	bgequ	noname.492
+	addl2	#65536,r4
+noname.492:
+	movzwl	-310(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-312(fp),r0
+	ashl	#16,r0,-316(fp)
+	addl2	-316(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-316(fp)
+	bgequ	noname.493
+	incl	r4
+noname.493:
+	movl	r5,r3
+	movl	r4,r2
+	bbc	#31,r2,noname.494
+	incl	r8
+noname.494:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.495
+	incl	r2
+noname.495:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r7
+	bicl2	#0,r7
+	cmpl	r7,r3
+	bgequ	noname.496
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.496
+	incl	r8
+noname.496:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.497
+	incl	r8
+noname.497:
+
+	movl	4(ap),r0
+	movl	r7,32(r0)
+
+	clrl	r7
+
+	movl	8(ap),r0
+	bicl3	#-65536,28(r0),r3
+	movzwl	30(r0),r2
+	bicl3	#-65536,8(r0),r1
+	movzwl	10(r0),r0
+	bicl2	#-65536,r0
+	movl	r3,r4
+	bicl3	#-65536,r2,-328(fp)
+	mull3	r0,r4,-320(fp)
+	mull2	r1,r4
+	mull3	r1,-328(fp),-324(fp)
+	mull2	r0,-328(fp)
+	addl3	-320(fp),-324(fp),r0
+	bicl3	#0,r0,-320(fp)
+	cmpl	-320(fp),-324(fp)
+	bgequ	noname.498
+	addl2	#65536,-328(fp)
+noname.498:
+	movzwl	-318(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-328(fp)
+	bicl3	#-65536,-320(fp),r0
+	ashl	#16,r0,-324(fp)
+	addl2	-324(fp),r4
+	bicl2	#0,r4
+	cmpl	r4,-324(fp)
+	bgequ	noname.499
+	incl	-328(fp)
+noname.499:
+	movl	r4,r3
+	movl	-328(fp),r2
+	bbc	#31,r2,noname.500
+	incl	r7
+noname.500:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.501
+	incl	r2
+noname.501:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r9
+	bicl2	#0,r9
+	cmpl	r9,r3
+	bgequ	noname.502
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.502
+	incl	r7
+noname.502:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.503
+	incl	r7
+noname.503:
+
+	movl	8(ap),r0
+	movzwl	26(r0),r2
+	bicl3	#-65536,12(r0),r3
+	movzwl	14(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,24(r0),-340(fp)
+	bicl3	#-65536,r2,-344(fp)
+	mull3	r1,-340(fp),-332(fp)
+	mull2	r3,-340(fp)
+	mull3	r3,-344(fp),-336(fp)
+	mull2	r1,-344(fp)
+	addl3	-332(fp),-336(fp),r0
+	bicl3	#0,r0,-332(fp)
+	cmpl	-332(fp),-336(fp)
+	bgequ	noname.504
+	addl2	#65536,-344(fp)
+noname.504:
+	movzwl	-330(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-344(fp)
+	bicl3	#-65536,-332(fp),r0
+	ashl	#16,r0,-336(fp)
+	addl3	-336(fp),-340(fp),r0
+	bicl3	#0,r0,-340(fp)
+	cmpl	-340(fp),-336(fp)
+	bgequ	noname.505
+	incl	-344(fp)
+noname.505:
+	movl	-340(fp),r3
+	movl	-344(fp),r2
+	bbc	#31,r2,noname.506
+	incl	r7
+noname.506:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.507
+	incl	r2
+noname.507:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r9
+	bicl2	#0,r9
+	cmpl	r9,r3
+	bgequ	noname.508
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.508
+	incl	r7
+noname.508:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.509
+	incl	r7
+noname.509:
+
+	movl	8(ap),r0
+	movzwl	22(r0),r2
+	bicl3	#-65536,16(r0),r3
+	movzwl	18(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,20(r0),-356(fp)
+	bicl3	#-65536,r2,-360(fp)
+	mull3	r1,-356(fp),-348(fp)
+	mull2	r3,-356(fp)
+	mull3	r3,-360(fp),-352(fp)
+	mull2	r1,-360(fp)
+	addl3	-348(fp),-352(fp),r0
+	bicl3	#0,r0,-348(fp)
+	cmpl	-348(fp),-352(fp)
+	bgequ	noname.510
+	addl2	#65536,-360(fp)
+noname.510:
+	movzwl	-346(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-360(fp)
+	bicl3	#-65536,-348(fp),r0
+	ashl	#16,r0,-352(fp)
+	addl3	-352(fp),-356(fp),r0
+	bicl3	#0,r0,-356(fp)
+	cmpl	-356(fp),-352(fp)
+	bgequ	noname.511
+	incl	-360(fp)
+noname.511:
+	movl	-356(fp),r3
+	movl	-360(fp),r2
+	bbc	#31,r2,noname.512
+	incl	r7
+noname.512:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.513
+	incl	r2
+noname.513:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r9
+	bicl2	#0,r9
+	cmpl	r9,r3
+	bgequ	noname.514
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.514
+	incl	r7
+noname.514:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.515
+	incl	r7
+noname.515:
+
+	movl	4(ap),r0
+	movl	r9,36(r0)
+
+	clrl	r9
+
+	movl	8(ap),r3
+	movl	20(r3),r4
+	bicl3	#-65536,r4,-364(fp)
+	extzv	#16,#16,r4,r0
+	bicl3	#-65536,r0,r4
+	movl	-364(fp),r0
+	mull3	r0,r4,-368(fp)
+	mull3	r0,r0,-364(fp)
+	mull2	r4,r4
+	bicl3	#32767,-368(fp),r0
+	extzv	#15,#17,r0,r0
+	addl2	r0,r4
+	bicl3	#-65536,-368(fp),r0
+	ashl	#17,r0,-368(fp)
+	addl3	-364(fp),-368(fp),r0
+	bicl3	#0,r0,-364(fp)
+	cmpl	-364(fp),-368(fp)
+	bgequ	noname.516
+	incl	r4
+noname.516:
+	movl	-364(fp),r1
+	movl	r4,r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.517
+	incl	r2
+noname.517:
+	addl2	r2,r7
+	bicl2	#0,r7
+	cmpl	r7,r2
+	bgequ	noname.518
+	incl	r9
+noname.518:
+
+	bicl3	#-65536,24(r3),r4
+	movzwl	26(r3),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,16(r3),r2
+	movzwl	18(r3),r0
+	bicl2	#-65536,r0
+	movl	r4,r6
+	movl	r1,r5
+	mull3	r0,r6,-372(fp)
+	mull2	r2,r6
+	mull3	r2,r5,-376(fp)
+	mull2	r0,r5
+	addl3	-372(fp),-376(fp),r0
+	bicl3	#0,r0,-372(fp)
+	cmpl	-372(fp),-376(fp)
+	bgequ	noname.519
+	addl2	#65536,r5
+noname.519:
+	movzwl	-370(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r5
+	bicl3	#-65536,-372(fp),r0
+	ashl	#16,r0,-376(fp)
+	addl2	-376(fp),r6
+	bicl2	#0,r6
+	cmpl	r6,-376(fp)
+	bgequ	noname.520
+	incl	r5
+noname.520:
+	movl	r6,r3
+	movl	r5,r2
+	bbc	#31,r2,noname.521
+	incl	r9
+noname.521:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.522
+	incl	r2
+noname.522:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r8
+	bicl2	#0,r8
+	cmpl	r8,r3
+	bgequ	noname.523
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.523
+	incl	r9
+noname.523:
+	addl2	r2,r7
+	bicl2	#0,r7
+	cmpl	r7,r2
+	bgequ	noname.524
+	incl	r9
+noname.524:
+
+	movl	8(ap),r0
+	bicl3	#-65536,28(r0),r3
+	movzwl	30(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,12(r0),r2
+	movzwl	14(r0),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-380(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-384(fp)
+	mull2	r0,r4
+	addl3	-380(fp),-384(fp),r0
+	bicl3	#0,r0,-380(fp)
+	cmpl	-380(fp),-384(fp)
+	bgequ	noname.525
+	addl2	#65536,r4
+noname.525:
+	movzwl	-378(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-380(fp),r0
+	ashl	#16,r0,-384(fp)
+	addl2	-384(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-384(fp)
+	bgequ	noname.526
+	incl	r4
+noname.526:
+	movl	r5,r3
+	movl	r4,r2
+	bbc	#31,r2,noname.527
+	incl	r9
+noname.527:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.528
+	incl	r2
+noname.528:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r8
+	bicl2	#0,r8
+	cmpl	r8,r3
+	bgequ	noname.529
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.529
+	incl	r9
+noname.529:
+	addl2	r2,r7
+	bicl2	#0,r7
+	cmpl	r7,r2
+	bgequ	noname.530
+	incl	r9
+noname.530:
+	movl	4(ap),r0
+	movl	r8,40(r0)
+
+	clrl	r8
+
+	movl	8(ap),r0
+	bicl3	#-65536,28(r0),r3
+	movzwl	30(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,16(r0),r2
+	movzwl	18(r0),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-388(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-392(fp)
+	mull2	r0,r4
+	addl3	-388(fp),-392(fp),r0
+	bicl3	#0,r0,-388(fp)
+	cmpl	-388(fp),-392(fp)
+	bgequ	noname.531
+	addl2	#65536,r4
+noname.531:
+	movzwl	-386(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-388(fp),r0
+	ashl	#16,r0,-392(fp)
+	addl2	-392(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-392(fp)
+	bgequ	noname.532
+	incl	r4
+noname.532:
+	movl	r5,r3
+	movl	r4,r2
+	bbc	#31,r2,noname.533
+	incl	r8
+noname.533:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.534
+	incl	r2
+noname.534:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r7
+	bicl2	#0,r7
+	cmpl	r7,r3
+	bgequ	noname.535
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.535
+	incl	r8
+noname.535:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.536
+	incl	r8
+noname.536:
+
+	movl	8(ap),r0
+	bicl3	#-65536,24(r0),r3
+	movzwl	26(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,20(r0),r2
+	movzwl	22(r0),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-396(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-400(fp)
+	mull2	r0,r4
+	addl3	-396(fp),-400(fp),r0
+	bicl3	#0,r0,-396(fp)
+	cmpl	-396(fp),-400(fp)
+	bgequ	noname.537
+	addl2	#65536,r4
+noname.537:
+	movzwl	-394(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-396(fp),r0
+	ashl	#16,r0,-400(fp)
+	addl2	-400(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-400(fp)
+	bgequ	noname.538
+	incl	r4
+noname.538:
+	movl	r5,r3
+	movl	r4,r2
+	bbc	#31,r2,noname.539
+	incl	r8
+noname.539:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.540
+	incl	r2
+noname.540:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r7
+	bicl2	#0,r7
+	cmpl	r7,r3
+	bgequ	noname.541
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.541
+	incl	r8
+noname.541:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.542
+	incl	r8
+noname.542:
+
+	movl	4(ap),r0
+	movl	r7,44(r0)
+
+	clrl	r7
+
+	movl	8(ap),r3
+	movl	24(r3),r4
+	bicl3	#-65536,r4,r5
+	extzv	#16,#16,r4,r0
+	bicl3	#-65536,r0,r4
+	mull3	r5,r4,-404(fp)
+	mull2	r5,r5
+	mull2	r4,r4
+	bicl3	#32767,-404(fp),r0
+	extzv	#15,#17,r0,r0
+	addl2	r0,r4
+	bicl3	#-65536,-404(fp),r0
+	ashl	#17,r0,-404(fp)
+	addl2	-404(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-404(fp)
+	bgequ	noname.543
+	incl	r4
+noname.543:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.544
+	incl	r2
+noname.544:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.545
+	incl	r7
+noname.545:
+
+	movzwl	30(r3),r2
+	bicl3	#-65536,20(r3),r1
+	movzwl	22(r3),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,28(r3),-416(fp)
+	bicl3	#-65536,r2,-420(fp)
+	mull3	r0,-416(fp),-408(fp)
+	mull2	r1,-416(fp)
+	mull3	r1,-420(fp),-412(fp)
+	mull2	r0,-420(fp)
+	addl3	-408(fp),-412(fp),r0
+	bicl3	#0,r0,-408(fp)
+	cmpl	-408(fp),-412(fp)
+	bgequ	noname.546
+	addl2	#65536,-420(fp)
+noname.546:
+	movzwl	-406(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-420(fp)
+	bicl3	#-65536,-408(fp),r0
+	ashl	#16,r0,-412(fp)
+	addl3	-412(fp),-416(fp),r0
+	bicl3	#0,r0,-416(fp)
+	cmpl	-416(fp),-412(fp)
+	bgequ	noname.547
+	incl	-420(fp)
+noname.547:
+	movl	-416(fp),r3
+	movl	-420(fp),r2
+	bbc	#31,r2,noname.548
+	incl	r7
+noname.548:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.549
+	incl	r2
+noname.549:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r9
+	bicl2	#0,r9
+	cmpl	r9,r3
+	bgequ	noname.550
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.550
+	incl	r7
+noname.550:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.551
+	incl	r7
+noname.551:
+
+	movl	4(ap),r0
+	movl	r9,48(r0)
+
+	clrl	r9
+
+	movl	8(ap),r0
+	movzwl	30(r0),r2
+	bicl3	#-65536,24(r0),r3
+	movzwl	26(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,28(r0),-432(fp)
+	bicl3	#-65536,r2,-436(fp)
+	mull3	r1,-432(fp),-424(fp)
+	mull2	r3,-432(fp)
+	mull3	r3,-436(fp),-428(fp)
+	mull2	r1,-436(fp)
+	addl3	-424(fp),-428(fp),r0
+	bicl3	#0,r0,-424(fp)
+	cmpl	-424(fp),-428(fp)
+	bgequ	noname.552
+	addl2	#65536,-436(fp)
+noname.552:
+	movzwl	-422(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-436(fp)
+	bicl3	#-65536,-424(fp),r0
+	ashl	#16,r0,-428(fp)
+	addl3	-428(fp),-432(fp),r0
+	bicl3	#0,r0,-432(fp)
+	cmpl	-432(fp),-428(fp)
+	bgequ	noname.553
+	incl	-436(fp)
+noname.553:
+	movl	-432(fp),r3
+	movl	-436(fp),r2
+	bbc	#31,r2,noname.554
+	incl	r9
+noname.554:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.555
+	incl	r2
+noname.555:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r8
+	bicl2	#0,r8
+	cmpl	r8,r3
+	bgequ	noname.556
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.556
+	incl	r9
+noname.556:
+	addl2	r2,r7
+	bicl2	#0,r7
+	cmpl	r7,r2
+	bgequ	noname.557
+	incl	r9
+noname.557:
+
+	movl	4(ap),r4
+	movl	r8,52(r4)
+
+	clrl	r8
+
+	movl	8(ap),r0
+	movl	28(r0),r3
+	bicl3	#-65536,r3,-440(fp)
+	extzv	#16,#16,r3,r0
+	bicl3	#-65536,r0,r3
+	movl	-440(fp),r0
+	mull3	r0,r3,-444(fp)
+	mull3	r0,r0,-440(fp)
+	mull2	r3,r3
+	bicl3	#32767,-444(fp),r0
+	extzv	#15,#17,r0,r0
+	addl2	r0,r3
+	bicl3	#-65536,-444(fp),r0
+	ashl	#17,r0,-444(fp)
+	addl3	-440(fp),-444(fp),r0
+	bicl3	#0,r0,-440(fp)
+	cmpl	-440(fp),-444(fp)
+	bgequ	noname.558
+	incl	r3
+noname.558:
+	movl	-440(fp),r1
+	movl	r3,r2
+	addl2	r1,r7
+	bicl2	#0,r7
+	cmpl	r7,r1
+	bgequ	noname.559
+	incl	r2
+noname.559:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.560
+	incl	r8
+noname.560:
+
+	movl	r7,56(r4)
+
+	movl	r9,60(r4)
+
+	ret	
+
+
+
+;r=4 ;(AP)
+;a=8 ;(AP)
+;b=12 ;(AP)
+;n=16 ;(AP)	n	by value (input)
+
+	.psect	code,nowrt
+
+.entry	BN_SQR_COMBA4,^m<r2,r3,r4,r5,r6,r7,r8,r9,r10>
+	subl2	#44,sp
+
+	clrq	r8
+
+	clrl	r10
+
+	movl	8(ap),r5
+	movl	(r5),r3
+	bicl3	#-65536,r3,r4
+	extzv	#16,#16,r3,r0
+	bicl3	#-65536,r0,r3
+	mull3	r4,r3,-4(fp)
+	mull2	r4,r4
+	mull2	r3,r3
+	bicl3	#32767,-4(fp),r0
+	extzv	#15,#17,r0,r0
+	addl2	r0,r3
+	bicl3	#-65536,-4(fp),r0
+	ashl	#17,r0,-4(fp)
+	addl2	-4(fp),r4
+	bicl2	#0,r4
+	cmpl	r4,-4(fp)
+	bgequ	noname.563
+	incl	r3
+noname.563:
+	movl	r4,r1
+	movl	r3,r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.564
+	incl	r2
+noname.564:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.565
+	incl	r10
+noname.565:
+
+	movl	r9,@4(ap)
+
+	clrl	r9
+
+	bicl3	#-65536,4(r5),r3
+	movzwl	6(r5),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,(r5),r2
+	movzwl	2(r5),r0
+	bicl2	#-65536,r0
+	movl	r3,r6
+	movl	r1,r4
+	mull3	r0,r6,-8(fp)
+	mull2	r2,r6
+	mull2	r4,r2
+	mull2	r0,r4
+	addl3	-8(fp),r2,r0
+	bicl3	#0,r0,-8(fp)
+	cmpl	-8(fp),r2
+	bgequ	noname.566
+	addl2	#65536,r4
+noname.566:
+	movzwl	-6(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-8(fp),r0
+	ashl	#16,r0,r1
+	addl2	r1,r6
+	bicl2	#0,r6
+	cmpl	r6,r1
+	bgequ	noname.567
+	incl	r4
+noname.567:
+	movl	r6,r3
+	movl	r4,r2
+	bbc	#31,r2,noname.568
+	incl	r9
+noname.568:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.569
+	incl	r2
+noname.569:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r8
+	bicl2	#0,r8
+	cmpl	r8,r3
+	bgequ	noname.570
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.570
+	incl	r9
+noname.570:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.571
+	incl	r9
+noname.571:
+
+	movl	4(ap),r0
+	movl	r8,4(r0)
+
+	clrl	r8
+
+	movl	8(ap),r4
+	movl	4(r4),r3
+	bicl3	#-65536,r3,r5
+	extzv	#16,#16,r3,r0
+	bicl3	#-65536,r0,r3
+	mull3	r5,r3,r1
+	mull2	r5,r5
+	mull2	r3,r3
+	bicl3	#32767,r1,r0
+	extzv	#15,#17,r0,r0
+	addl2	r0,r3
+	bicl2	#-65536,r1
+	ashl	#17,r1,r1
+	addl2	r1,r5
+	bicl2	#0,r5
+	cmpl	r5,r1
+	bgequ	noname.572
+	incl	r3
+noname.572:
+	movl	r5,r1
+	movl	r3,r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.573
+	incl	r2
+noname.573:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.574
+	incl	r8
+noname.574:
+
+	bicl3	#-65536,8(r4),r3
+	movzwl	10(r4),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,(r4),r2
+	movzwl	2(r4),r0
+	bicl2	#-65536,r0
+	movl	r3,r6
+	movl	r1,r5
+	mull3	r0,r6,r7
+	mull2	r2,r6
+	mull2	r5,r2
+	mull2	r0,r5
+	addl2	r2,r7
+	bicl2	#0,r7
+	cmpl	r7,r2
+	bgequ	noname.575
+	addl2	#65536,r5
+noname.575:
+	extzv	#16,#16,r7,r0
+	bicl2	#-65536,r0
+	addl2	r0,r5
+	bicl3	#-65536,r7,r0
+	ashl	#16,r0,r1
+	addl2	r1,r6
+	bicl2	#0,r6
+	cmpl	r6,r1
+	bgequ	noname.576
+	incl	r5
+noname.576:
+	movl	r6,r3
+	movl	r5,r2
+	bbc	#31,r2,noname.577
+	incl	r8
+noname.577:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.578
+	incl	r2
+noname.578:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r10
+	bicl2	#0,r10
+	cmpl	r10,r3
+	bgequ	noname.579
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.579
+	incl	r8
+noname.579:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.580
+	incl	r8
+noname.580:
+
+	movl	4(ap),r0
+	movl	r10,8(r0)
+
+	clrl	r10
+
+	movl	8(ap),r0
+	bicl3	#-65536,12(r0),r3
+	movzwl	14(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,(r0),r2
+	movzwl	2(r0),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,r6
+	mull2	r2,r5
+	mull3	r2,r4,-12(fp)
+	mull2	r0,r4
+	addl2	-12(fp),r6
+	bicl2	#0,r6
+	cmpl	r6,-12(fp)
+	bgequ	noname.581
+	addl2	#65536,r4
+noname.581:
+	extzv	#16,#16,r6,r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,r6,r0
+	ashl	#16,r0,-12(fp)
+	addl2	-12(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-12(fp)
+	bgequ	noname.582
+	incl	r4
+noname.582:
+	movl	r5,r3
+	movl	r4,r2
+	bbc	#31,r2,noname.583
+	incl	r10
+noname.583:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.584
+	incl	r2
+noname.584:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r9
+	bicl2	#0,r9
+	cmpl	r9,r3
+	bgequ	noname.585
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.585
+	incl	r10
+noname.585:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.586
+	incl	r10
+noname.586:
+
+	movl	8(ap),r0
+	bicl3	#-65536,8(r0),r3
+	movzwl	10(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,4(r0),r2
+	movzwl	6(r0),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-16(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-20(fp)
+	mull2	r0,r4
+	addl3	-16(fp),-20(fp),r0
+	bicl3	#0,r0,-16(fp)
+	cmpl	-16(fp),-20(fp)
+	bgequ	noname.587
+	addl2	#65536,r4
+noname.587:
+	movzwl	-14(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-16(fp),r0
+	ashl	#16,r0,-20(fp)
+	addl2	-20(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-20(fp)
+	bgequ	noname.588
+	incl	r4
+noname.588:
+	movl	r5,r3
+	movl	r4,r2
+	bbc	#31,r2,noname.589
+	incl	r10
+noname.589:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.590
+	incl	r2
+noname.590:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r9
+	bicl2	#0,r9
+	cmpl	r9,r3
+	bgequ	noname.591
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.591
+	incl	r10
+noname.591:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.592
+	incl	r10
+noname.592:
+	movl	4(ap),r0
+	movl	r9,12(r0)
+
+	clrl	r9
+
+	movl	8(ap),r3
+	movl	8(r3),r4
+	bicl3	#-65536,r4,r5
+	extzv	#16,#16,r4,r0
+	bicl3	#-65536,r0,r4
+	mull3	r5,r4,-24(fp)
+	mull2	r5,r5
+	mull2	r4,r4
+	bicl3	#32767,-24(fp),r0
+	extzv	#15,#17,r0,r0
+	addl2	r0,r4
+	bicl3	#-65536,-24(fp),r0
+	ashl	#17,r0,-24(fp)
+	addl2	-24(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-24(fp)
+	bgequ	noname.593
+	incl	r4
+noname.593:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.594
+	incl	r2
+noname.594:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.595
+	incl	r9
+noname.595:
+
+	bicl3	#-65536,12(r3),r4
+	movzwl	14(r3),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,4(r3),r2
+	movzwl	6(r3),r0
+	bicl2	#-65536,r0
+	movl	r4,r6
+	movl	r1,r5
+	mull3	r0,r6,-28(fp)
+	mull2	r2,r6
+	mull3	r2,r5,-32(fp)
+	mull2	r0,r5
+	addl3	-28(fp),-32(fp),r0
+	bicl3	#0,r0,-28(fp)
+	cmpl	-28(fp),-32(fp)
+	bgequ	noname.596
+	addl2	#65536,r5
+noname.596:
+	movzwl	-26(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r5
+	bicl3	#-65536,-28(fp),r0
+	ashl	#16,r0,-32(fp)
+	addl2	-32(fp),r6
+	bicl2	#0,r6
+	cmpl	r6,-32(fp)
+	bgequ	noname.597
+	incl	r5
+noname.597:
+	movl	r6,r3
+	movl	r5,r2
+	bbc	#31,r2,noname.598
+	incl	r9
+noname.598:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.599
+	incl	r2
+noname.599:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r8
+	bicl2	#0,r8
+	cmpl	r8,r3
+	bgequ	noname.600
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.600
+	incl	r9
+noname.600:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.601
+	incl	r9
+noname.601:
+
+	movl	4(ap),r0
+	movl	r8,16(r0)
+
+	clrl	r8
+
+	movl	8(ap),r0
+	bicl3	#-65536,12(r0),r3
+	movzwl	14(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,8(r0),r2
+	movzwl	10(r0),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-36(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-40(fp)
+	mull2	r0,r4
+	addl3	-36(fp),-40(fp),r0
+	bicl3	#0,r0,-36(fp)
+	cmpl	-36(fp),-40(fp)
+	bgequ	noname.602
+	addl2	#65536,r4
+noname.602:
+	movzwl	-34(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-36(fp),r0
+	ashl	#16,r0,-40(fp)
+	addl2	-40(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-40(fp)
+	bgequ	noname.603
+	incl	r4
+noname.603:
+	movl	r5,r3
+	movl	r4,r2
+	bbc	#31,r2,noname.604
+	incl	r8
+noname.604:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.605
+	incl	r2
+noname.605:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r10
+	bicl2	#0,r10
+	cmpl	r10,r3
+	bgequ	noname.606
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.606
+	incl	r8
+noname.606:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.607
+	incl	r8
+noname.607:
+
+	movl	4(ap),r4
+	movl	r10,20(r4)
+
+	clrl	r10
+
+	movl	8(ap),r0
+	movl	12(r0),r3
+	bicl3	#-65536,r3,r5
+	extzv	#16,#16,r3,r0
+	bicl3	#-65536,r0,r3
+	mull3	r5,r3,-44(fp)
+	mull2	r5,r5
+	mull2	r3,r3
+	bicl3	#32767,-44(fp),r0
+	extzv	#15,#17,r0,r0
+	addl2	r0,r3
+	bicl3	#-65536,-44(fp),r0
+	ashl	#17,r0,-44(fp)
+	addl2	-44(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-44(fp)
+	bgequ	noname.608
+	incl	r3
+noname.608:
+	movl	r5,r1
+	movl	r3,r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.609
+	incl	r2
+noname.609:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.610
+	incl	r10
+noname.610:
+
+	movl	r9,24(r4)
+
+	movl	r8,28(r4)
+
+	ret	
+
+; For now, the code below doesn't work, so I end this prematurely.
+.end
+
+	.title	vax_bn_div64	division 64/32=>32
+; 
+; r.l. 16-jan-1998
+;
+; unsigned int bn_div64(unsigned long h, unsigned long l, unsigned long d)
+;	return <h,l>/d;
+;
+
+	.psect	code,nowrt
+
+h=4 ;(AP)	by value (input)
+l=8 ;(AP)	by value (input)
+d=12 ;(AP)	by value (input)
+
+.entry	bn_div64,^m<r2,r3,r4,r5,r6,r7,r8,r9>
+
+	movl	l(ap),r2	; l
+	movl	h(ap),r3	; h
+	movl	d(ap),r4	; d
+	clrl	r5		; q
+	clrl	r6		; r
+
+	; Treat "negative" specially
+	tstl	r3
+	blss	30$
+
+	tstl	r4
+	beql	90$
+
+	ediv	r4,r2,r5,r6
+	bvs	666$
+
+	movl	r5,r0
+	ret
+
+30$:
+	; The theory here is to do some harmless shifting and a little
+	; bit of rounding (brackets are to designate when decimals are
+	; cut off):
+	;
+	;	result = 2 * [ ([<h,0>/2] + [d/2]) / d ] + [ l / d ]
+
+	movl	#0,r7
+	movl	r3,r8		; copy h
+	ashq	#-1,r7,r7	; [<h,0>/2] => <r8,r7>
+	bicl2	#^X80000000,r8	; Remove "sign"
+
+	movl	r4,r9		; copy d
+	ashl	#-1,r9,r9	; [d/2] => r9
+	bicl2	#^X80000000,r9	; Remove "sign"
+
+	addl2	r9,r7
+	adwc	#0,r8		; [<h,0>/2] + [d/2] => <r8,r7>
+
+	ediv	r4,r7,r5,r6	; [ ([<h,0>/2] + [d/2]) / d ] => <r5,r6>
+	bvs	666$
+
+	movl	#0,r6
+	ashq	#1,r5,r5	; 2 * [ ([<h,0>/2] + [d/2]) / d ] => r5
+
+	movl	#0,r3
+	ediv	r4,r2,r8,r9	; [ l / d ] => <r8,r9>
+
+	addl2	r8,r5		;
+	bcs	666$
+
+	movl	r5,r0
+	ret
+		
+90$:
+	movl	#-1,r0
+	ret
+
+666$:
+
+	
+.end
diff --git a/lib/libssl/src/crypto/bn/asm/x86.pl b/lib/libssl/src/crypto/bn/asm/x86.pl
new file mode 100644
index 00000000000..1bc4f1bb274
--- /dev/null
+++ b/lib/libssl/src/crypto/bn/asm/x86.pl
@@ -0,0 +1,28 @@
+#!/usr/local/bin/perl
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+
+require("x86/mul_add.pl");
+require("x86/mul.pl");
+require("x86/sqr.pl");
+require("x86/div.pl");
+require("x86/add.pl");
+require("x86/sub.pl");
+require("x86/comba.pl");
+
+&asm_init($ARGV[0],$0);
+
+&bn_mul_add_words("bn_mul_add_words");
+&bn_mul_words("bn_mul_words");
+&bn_sqr_words("bn_sqr_words");
+&bn_div_words("bn_div_words");
+&bn_add_words("bn_add_words");
+&bn_sub_words("bn_sub_words");
+&bn_mul_comba("bn_mul_comba8",8);
+&bn_mul_comba("bn_mul_comba4",4);
+&bn_sqr_comba("bn_sqr_comba8",8);
+&bn_sqr_comba("bn_sqr_comba4",4);
+
+&asm_finish();
+
diff --git a/lib/libssl/src/crypto/bn/asm/x86w16.asm b/lib/libssl/src/crypto/bn/asm/x86w16.asm
index 74a933a8cdd..80a9ed6eef1 100644
--- a/lib/libssl/src/crypto/bn/asm/x86w16.asm
+++ b/lib/libssl/src/crypto/bn/asm/x86w16.asm
@@ -6,11 +6,11 @@ F_TEXT	SEGMENT  WORD PUBLIC 'CODE'
 F_TEXT	ENDS
 _DATA	SEGMENT  WORD PUBLIC 'DATA'
 _DATA	ENDS
-CONST	SEGMENT  WORD PUBLIC 'CONST'
-CONST	ENDS
+_CONST	SEGMENT  WORD PUBLIC 'CONST'
+_CONST	ENDS
 _BSS	SEGMENT  WORD PUBLIC 'BSS'
 _BSS	ENDS
-DGROUP	GROUP	CONST, _BSS, _DATA
+DGROUP	GROUP	_CONST, _BSS, _DATA
 	ASSUME DS: DGROUP, SS: DGROUP
 F_TEXT      SEGMENT
 	ASSUME	CS: F_TEXT
diff --git a/lib/libssl/src/crypto/bn/asm/x86w32.asm b/lib/libssl/src/crypto/bn/asm/x86w32.asm
index fc6f9177145..957d71e3b18 100644
--- a/lib/libssl/src/crypto/bn/asm/x86w32.asm
+++ b/lib/libssl/src/crypto/bn/asm/x86w32.asm
@@ -6,11 +6,11 @@ F_TEXT	SEGMENT  WORD USE16 PUBLIC 'CODE'
 F_TEXT	ENDS
 _DATA	SEGMENT  WORD USE16 PUBLIC 'DATA'
 _DATA	ENDS
-CONST	SEGMENT  WORD USE16 PUBLIC 'CONST'
-CONST	ENDS
+_CONST	SEGMENT  WORD USE16 PUBLIC 'CONST'
+_CONST	ENDS
 _BSS	SEGMENT  WORD USE16 PUBLIC 'BSS'
 _BSS	ENDS
-DGROUP	GROUP	CONST, _BSS, _DATA
+DGROUP	GROUP	_CONST, _BSS, _DATA
 	ASSUME DS: DGROUP, SS: DGROUP
 F_TEXT      SEGMENT
 	ASSUME	CS: F_TEXT
@@ -89,7 +89,7 @@ $L555:
 	mov	bp,WORD PTR [bp+26]	; load num
 	and	bp,3
 	dec	bp
-	js	$L547
+	js	$L547m
 
 	mov	eax,ecx
 	mul	DWORD PTR es:[bx]	; w* *a
@@ -100,7 +100,7 @@ $L555:
 	mov	DWORD PTR ds:[di],eax
 	mov	esi,edx
 	dec	bp
-	js	$L547			; Note that we are now testing for -1
+	js	$L547m			; Note that we are now testing for -1
 	;
 	mov	eax,ecx
 	mul	DWORD PTR es:[bx+4]	; w* *a
@@ -111,7 +111,7 @@ $L555:
 	mov	DWORD PTR ds:[di+4],eax
 	mov	esi,edx
 	dec	bp
-	js	$L547
+	js	$L547m
 	;
 	mov	eax,ecx
 	mul	DWORD PTR es:[bx+8]	; w* *a
@@ -121,7 +121,7 @@ $L555:
 	adc	edx,0
 	mov	DWORD PTR ds:[di+8],eax
 	mov	esi,edx
-$L547:
+$L547m:
 	mov	eax,esi
 	mov	edx,esi
 	shr	edx,16
@@ -315,37 +315,35 @@ _bn_add_words	PROC FAR
 ;	ap = 22
 ;	rp = 18
 	xor	esi,esi			;c=0;
+	mov	bx,WORD PTR [bp+18]	; load low r
 	mov	si,WORD PTR [bp+22]	; load a
 	mov	es,WORD PTR [bp+24]	; load a
 	mov	di,WORD PTR [bp+26]	; load b
 	mov	ds,WORD PTR [bp+28]	; load b
 
 	mov	dx,WORD PTR [bp+30]	; load num
-	dec	dx
-	js	$L547
 	xor	ecx,ecx
+	dec	dx
+	js	$L547a
 
 $L5477:
-	xor	ebx,ebx
 	mov	eax,DWORD PTR es:[si]	; *a
 	add	eax,ecx
-	adc	ebx,0
+	mov	ecx,0
+	adc	ecx,0
 	add	si,4			; a++
 	add	eax,DWORD PTR ds:[di]	; + *b
-	mov	ecx,ebx
 	adc	ecx,0
-	add	di,4
-	mov	bx,WORD PTR [bp+18]
 	mov	ds,WORD PTR [bp+20]
+	add	di,4
 	mov	DWORD PTR ds:[bx],eax
-	add	bx,4
 	mov	ds,WORD PTR [bp+28]
-	mov	WORD PTR [bp+18],bx
+	add	bx,4
 	dec	dx
-	js	$L547			; Note that we are now testing for -1
+	js	$L547a			; Note that we are now testing for -1
 	jmp	$L5477
 	;
-$L547:
+$L547a:
 	mov	eax,ecx
 	mov	edx,ecx
 	shr	edx,16
diff --git a/lib/libssl/src/crypto/bn/bn.err b/lib/libssl/src/crypto/bn/bn.err
deleted file mode 100644
index 7ccc247c41c..00000000000
--- a/lib/libssl/src/crypto/bn/bn.err
+++ /dev/null
@@ -1,27 +0,0 @@
-/* Error codes for the BN functions. */
-
-/* Function codes. */
-#define BN_F_BN_BLINDING_CONVERT			 100
-#define BN_F_BN_BLINDING_INVERT				 101
-#define BN_F_BN_BLINDING_NEW				 102
-#define BN_F_BN_BLINDING_UPDATE				 103
-#define BN_F_BN_BN2DEC					 104
-#define BN_F_BN_BN2HEX					 105
-#define BN_F_BN_CTX_NEW					 106
-#define BN_F_BN_DIV					 107
-#define BN_F_BN_EXPAND2					 108
-#define BN_F_BN_MOD_EXP_MONT				 109
-#define BN_F_BN_MOD_INVERSE				 110
-#define BN_F_BN_MOD_MUL_RECIPROCAL			 111
-#define BN_F_BN_MPI2BN					 112
-#define BN_F_BN_NEW					 113
-#define BN_F_BN_RAND					 114
-
-/* Reason codes. */
-#define BN_R_BAD_RECIPROCAL				 100
-#define BN_R_CALLED_WITH_EVEN_MODULUS			 101
-#define BN_R_DIV_BY_ZERO				 102
-#define BN_R_ENCODING_ERROR				 103
-#define BN_R_INVALID_LENGTH				 104
-#define BN_R_NOT_INITALISED				 105
-#define BN_R_NO_INVERSE					 106
diff --git a/lib/libssl/src/crypto/bn/bn.org b/lib/libssl/src/crypto/bn/bn.h
index 66dde285d64..f935e1ca79d 100644
--- a/lib/libssl/src/crypto/bn/bn.org
+++ b/lib/libssl/src/crypto/bn/bn.h
@@ -1,4 +1,4 @@
-/* crypto/bn/bn.org */
+/* crypto/bn/bn.h */
 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,27 +56,25 @@
  * [including the GNU Public Licence.]
  */
 
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 
- *
- * Always modify bn.org since bn.h is automatically generated from
- * it during SSLeay configuration.
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
 #ifndef HEADER_BN_H
 #define HEADER_BN_H
 
+#ifndef WIN16
+#include <stdio.h> /* FILE */
+#endif
+#include <openssl/opensslconf.h>
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-#undef BN_LLONG
-
-#ifdef WIN32
-#define BN_LLONG /* This comment stops Configure mutilating things */
+#ifdef VMS
+#undef BN_LLONG /* experimental, so far... */
 #endif
 
+#define BN_MUL_COMBA
+#define BN_SQR_COMBA
+#define BN_RECURSION
 #define RECP_MUL_MOD
 #define MONT_MUL_MOD
 
@@ -95,16 +93,6 @@ extern "C" {
 #define BN_DIV2W
 #endif
 
-/* Only one for the following should be defined */
-/* The prime number generation stuff may not work when
- * EIGHT_BIT but I don't care since I've only used this mode
- * for debuging the bignum libraries */
-#undef SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
-#define THIRTY_TWO_BIT
-#undef SIXTEEN_BIT
-#undef EIGHT_BIT
-
 /* assuming long is 64bit - this is the DEC Alpha
  * unsigned long long is only 64 bits :-(, don't define
  * BN_LLONG for the DEC Alpha */
@@ -116,20 +104,26 @@ extern "C" {
 #define BN_BYTES	8
 #define BN_BITS2	64
 #define BN_BITS4	32
+#define BN_MASK		(0xffffffffffffffffffffffffffffffffLL)
 #define BN_MASK2	(0xffffffffffffffffL)
 #define BN_MASK2l	(0xffffffffL)
 #define BN_MASK2h	(0xffffffff00000000L)
 #define BN_MASK2h1	(0xffffffff80000000L)
 #define BN_TBIT		(0x8000000000000000L)
-#define BN_DEC_CONV	(10000000000000000000L)
+#define BN_DEC_CONV	(10000000000000000000UL)
 #define BN_DEC_FMT1	"%lu"
 #define BN_DEC_FMT2	"%019lu"
 #define BN_DEC_NUM	19
 #endif
 
+/* This is where the long long data type is 64 bits, but long is 32.
+ * For machines where there are 64bit registers, this is the mode to use.
+ * IRIX, on R4000 and above should use this mode, along with the relevent
+ * assember code :-).  Do NOT define BN_LLONG.
+ */
 #ifdef SIXTY_FOUR_BIT
 #undef BN_LLONG
-/* #define BN_ULLONG	unsigned long long */
+#undef BN_ULLONG
 #define BN_ULONG	unsigned long long
 #define BN_LONG		long long
 #define BN_BITS		128
@@ -141,14 +135,14 @@ extern "C" {
 #define BN_MASK2h	(0xffffffff00000000LL)
 #define BN_MASK2h1	(0xffffffff80000000LL)
 #define BN_TBIT		(0x8000000000000000LL)
-#define BN_DEC_CONV	(10000000000000000000L)
-#define BN_DEC_FMT1	"%lu"
-#define BN_DEC_FMT2	"%019lu"
+#define BN_DEC_CONV	(10000000000000000000LL)
+#define BN_DEC_FMT1	"%llu"
+#define BN_DEC_FMT2	"%019llu"
 #define BN_DEC_NUM	19
 #endif
 
 #ifdef THIRTY_TWO_BIT
-#ifdef WIN32
+#if defined(WIN32) && !defined(__GNUC__)
 #define BN_ULLONG	unsigned _int64
 #else
 #define BN_ULLONG	unsigned long long
@@ -159,6 +153,12 @@ extern "C" {
 #define BN_BYTES	4
 #define BN_BITS2	32
 #define BN_BITS4	16
+#ifdef WIN32
+/* VC++ doesn't like the LL suffix */
+#define BN_MASK		(0xffffffffffffffffL)
+#else
+#define BN_MASK		(0xffffffffffffffffLL)
+#endif
 #define BN_MASK2	(0xffffffffL)
 #define BN_MASK2l	(0xffff)
 #define BN_MASK2h1	(0xffff8000L)
@@ -181,6 +181,7 @@ extern "C" {
 #define BN_BYTES	2
 #define BN_BITS2	16
 #define BN_BITS4	8
+#define BN_MASK		(0xffffffff)
 #define BN_MASK2	(0xffff)
 #define BN_MASK2l	(0xff)
 #define BN_MASK2h1	(0xff80)
@@ -203,6 +204,7 @@ extern "C" {
 #define BN_BYTES	1
 #define BN_BITS2	8
 #define BN_BITS4	4
+#define BN_MASK		(0xffff)
 #define BN_MASK2	(0xff)
 #define BN_MASK2l	(0xf)
 #define BN_MASK2h1	(0xf8)
@@ -220,6 +222,12 @@ extern "C" {
 #undef BIGNUM
 #endif
 
+#define BN_FLG_MALLOCED		0x01
+#define BN_FLG_STATIC_DATA	0x02
+#define BN_FLG_FREE		0x8000	/* used for debuging */
+#define BN_set_flags(b,n)	((b)->flags|=(n))
+#define BN_get_flags(b,n)	((b)->flags&(n))
+
 typedef struct bignum_st
 	{
 	BN_ULONG *d;	/* Pointer to an array of 'BN_BITS2' bit chunks. */
@@ -227,6 +235,7 @@ typedef struct bignum_st
 	/* The next are internal book keeping for bn_expand. */
 	int max;	/* Size of the d array. */
 	int neg;	/* one if the number is negative */
+	int flags;
 	} BIGNUM;
 
 /* Used for temp variables */
@@ -234,7 +243,8 @@ typedef struct bignum_st
 typedef struct bignum_ctx
 	{
 	int tos;
-	BIGNUM *bn[BN_CTX_NUM+1];
+	BIGNUM bn[BN_CTX_NUM+1];
+	int flags;
 	} BN_CTX;
 
 typedef struct bn_blinding_st
@@ -248,130 +258,150 @@ typedef struct bn_blinding_st
 /* Used for montgomery multiplication */
 typedef struct bn_mont_ctx_st
         {
+	int use_word;	/* 0 for word form, 1 for long form */
         int ri;         /* number of bits in R */
-        BIGNUM *RR;     /* used to convert to montgomery form */
-        BIGNUM *N;      /* The modulus */
-        BIGNUM *Ni;     /* The inverse of N */
+        BIGNUM RR;     /* used to convert to montgomery form */
+        BIGNUM N;      /* The modulus */
+        BIGNUM Ni;     /* The inverse of N */
 	BN_ULONG n0;	/* word form of inverse, normally only one of
 			 * Ni or n0 is defined */
+	int flags;
         } BN_MONT_CTX;
 
+/* Used for reciprocal division/mod functions
+ * It cannot be shared between threads
+ */
+typedef struct bn_recp_ctx_st
+	{
+	BIGNUM N;	/* the divisor */
+	BIGNUM Nr;	/* the reciprocal */
+	int num_bits;
+	int shift;
+	int flags;
+	} BN_RECP_CTX;
+
 #define BN_to_montgomery(r,a,mont,ctx)	BN_mod_mul_montgomery(\
-	r,a,(mont)->RR,(mont),ctx)
+	r,a,&((mont)->RR),(mont),ctx)
 
 #define BN_prime_checks		(5)
 
 #define BN_num_bytes(a)	((BN_num_bits(a)+7)/8)
 #define BN_is_word(a,w)	(((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w)))
-#define BN_is_zero(a)	(((a)->top <= 1) && ((a)->d[0] == (BN_ULONG)0))
+#define BN_is_zero(a)	(((a)->top == 0) || BN_is_word(a,0))
 #define BN_is_one(a)	(BN_is_word((a),1))
-#define BN_is_odd(a)	((a)->d[0] & 1)
+#define BN_is_odd(a)	(((a)->top > 0) && ((a)->d[0] & 1))
 #define BN_one(a)	(BN_set_word((a),1))
 #define BN_zero(a)	(BN_set_word((a),0))
 
-#define BN_ascii2bn(a)	BN_hex2bn(a)
-#define BN_bn2ascii(a)	BN_bn2hex(a)
+/*#define BN_ascii2bn(a)	BN_hex2bn(a) */
+/*#define BN_bn2ascii(a)	BN_bn2hex(a) */
 
-#define bn_fix_top(a) \
-	{ \
-	BN_ULONG *fix_top_l; \
-	for (fix_top_l= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \
-		if (*(fix_top_l--)) break; \
-	}
-
-#define bn_expand(n,b) ((((b)/BN_BITS2) <= (n)->max)?\
-	(n):bn_expand2((n),(b)/BN_BITS2))
+#define bn_expand(n,b) ((((((b+BN_BITS2-1))/BN_BITS2)) <= (n)->max)?\
+	(n):bn_expand2((n),(b)/BN_BITS2+1))
 #define bn_wexpand(n,b) (((b) <= (n)->max)?(n):bn_expand2((n),(b)))
 
+#define bn_fix_top(a) \
+        { \
+        BN_ULONG *ftl; \
+	if ((a)->top > 0) \
+		{ \
+		for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \
+		if (*(ftl--)) break; \
+		} \
+	}
 
-#ifndef NOPROTO
 BIGNUM *BN_value_one(void);
 char *	BN_options(void);
 BN_CTX *BN_CTX_new(void);
+void	BN_CTX_init(BN_CTX *c);
 void	BN_CTX_free(BN_CTX *c);
 int     BN_rand(BIGNUM *rnd, int bits, int top,int bottom);
-int	BN_num_bits(BIGNUM *a);
+int	BN_num_bits(const BIGNUM *a);
 int	BN_num_bits_word(BN_ULONG);
 BIGNUM *BN_new(void);
+void	BN_init(BIGNUM *);
 void	BN_clear_free(BIGNUM *a);
-BIGNUM *BN_copy(BIGNUM *a, BIGNUM *b);
-BIGNUM *BN_bin2bn(unsigned char *s,int len,BIGNUM *ret);
-int	BN_bn2bin(BIGNUM *a, unsigned char *to);
+BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
+BIGNUM *BN_bin2bn(const unsigned char *s,int len,BIGNUM *ret);
+int	BN_bn2bin(const BIGNUM *a, unsigned char *to);
 BIGNUM *BN_mpi2bn(unsigned char *s,int len,BIGNUM *ret);
-int	BN_bn2mpi(BIGNUM *a, unsigned char *to);
-int	BN_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b);
-void	bn_qsub(BIGNUM *r, BIGNUM *a, BIGNUM *b);
-void	bn_qadd(BIGNUM *r, BIGNUM *a, BIGNUM *b);
+int	BN_bn2mpi(const BIGNUM *a, unsigned char *to);
+int	BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int	BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int	BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
 int	BN_add(BIGNUM *r, BIGNUM *a, BIGNUM *b);
-int	BN_mod(BIGNUM *rem, BIGNUM *m, BIGNUM *d, BN_CTX *ctx);
-int	BN_div(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BIGNUM *d, BN_CTX *ctx);
-int	BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b);
+int	BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx);
+int	BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
+	       BN_CTX *ctx);
+int	BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b,BN_CTX *ctx);
 int	BN_sqr(BIGNUM *r, BIGNUM *a,BN_CTX *ctx);
-BN_ULONG BN_mod_word(BIGNUM *a, unsigned long w);
-BN_ULONG BN_div_word(BIGNUM *a, unsigned long w);
-int	BN_mul_word(BIGNUM *a, unsigned long w);
-int	BN_add_word(BIGNUM *a, unsigned long w);
-int	BN_sub_word(BIGNUM *a, unsigned long w);
-int	BN_set_word(BIGNUM *a, unsigned long w);
-unsigned long BN_get_word(BIGNUM *a);
-int	BN_cmp(BIGNUM *a, BIGNUM *b);
+BN_ULONG BN_mod_word(BIGNUM *a, BN_ULONG w);
+BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
+int	BN_mul_word(BIGNUM *a, BN_ULONG w);
+int	BN_add_word(BIGNUM *a, BN_ULONG w);
+int	BN_sub_word(BIGNUM *a, BN_ULONG w);
+int	BN_set_word(BIGNUM *a, BN_ULONG w);
+BN_ULONG BN_get_word(BIGNUM *a);
+int	BN_cmp(const BIGNUM *a, const BIGNUM *b);
 void	BN_free(BIGNUM *a);
-int	BN_is_bit_set(BIGNUM *a, int n);
-int	BN_lshift(BIGNUM *r, BIGNUM *a, int n);
+int	BN_is_bit_set(const BIGNUM *a, int n);
+int	BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
 int	BN_lshift1(BIGNUM *r, BIGNUM *a);
 int	BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p,BN_CTX *ctx);
-int	BN_mod_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,BN_CTX *ctx);
-int	BN_mod_exp_mont(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,BN_CTX *ctx,
-		BN_MONT_CTX *m_ctx);
-int	BN_mod_exp_recp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,BN_CTX *ctx);
+int	BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+		   const BIGNUM *m,BN_CTX *ctx);
+int	BN_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+			const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int	BN_mod_exp2_mont(BIGNUM *r, BIGNUM *a1, BIGNUM *p1,BIGNUM *a2,
+		BIGNUM *p2,BIGNUM *m,BN_CTX *ctx,BN_MONT_CTX *m_ctx);
 int	BN_mod_exp_simple(BIGNUM *r, BIGNUM *a, BIGNUM *p,
 	BIGNUM *m,BN_CTX *ctx);
 int	BN_mask_bits(BIGNUM *a,int n);
-int	BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *x, BIGNUM *y, BIGNUM *m, 
-	BIGNUM *i, int nb, BN_CTX *ctx);
-int	BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, BIGNUM *m,
-	BN_CTX *ctx);
+int	BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
 #ifndef WIN16
 int	BN_print_fp(FILE *fp, BIGNUM *a);
 #endif
 #ifdef HEADER_BIO_H
-int	BN_print(BIO *fp, BIGNUM *a);
+int	BN_print(BIO *fp, const BIGNUM *a);
 #else
-int	BN_print(char *fp, BIGNUM *a);
+int	BN_print(char *fp, const BIGNUM *a);
 #endif
-int	BN_reciprocal(BIGNUM *r, BIGNUM *m, BN_CTX *ctx);
+int	BN_reciprocal(BIGNUM *r, BIGNUM *m, int len, BN_CTX *ctx);
 int	BN_rshift(BIGNUM *r, BIGNUM *a, int n);
 int	BN_rshift1(BIGNUM *r, BIGNUM *a);
 void	BN_clear(BIGNUM *a);
 BIGNUM *bn_expand2(BIGNUM *b, int bits);
-BIGNUM *BN_dup(BIGNUM *a);
-int	BN_ucmp(BIGNUM *a, BIGNUM *b);
+BIGNUM *BN_dup(const BIGNUM *a);
+int	BN_ucmp(const BIGNUM *a, const BIGNUM *b);
 int	BN_set_bit(BIGNUM *a, int n);
 int	BN_clear_bit(BIGNUM *a, int n);
-char *	BN_bn2hex(BIGNUM *a);
-char *	BN_bn2dec(BIGNUM *a);
-int 	BN_hex2bn(BIGNUM **a,char *str);
-int 	BN_dec2bn(BIGNUM **a,char *str);
+char *	BN_bn2hex(const BIGNUM *a);
+char *	BN_bn2dec(const BIGNUM *a);
+int 	BN_hex2bn(BIGNUM **a, const char *str);
+int 	BN_dec2bn(BIGNUM **a, const char *str);
 int	BN_gcd(BIGNUM *r,BIGNUM *in_a,BIGNUM *in_b,BN_CTX *ctx);
-BIGNUM *BN_mod_inverse(BIGNUM *a, BIGNUM *n,BN_CTX *ctx);
-BIGNUM *BN_generate_prime(int bits,int strong,BIGNUM *add,
-		BIGNUM *rem,void (*callback)(int,int,char *),char *cb_arg);
-int	BN_is_prime(BIGNUM *p,int nchecks,void (*callback)(int,int,char *),
-		BN_CTX *ctx,char *cb_arg);
+BIGNUM *BN_mod_inverse(BIGNUM *ret,BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
+BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int strong,BIGNUM *add,
+		BIGNUM *rem,void (*callback)(int,int,void *),void *cb_arg);
+int	BN_is_prime(BIGNUM *p,int nchecks,void (*callback)(int,int,void *),
+		BN_CTX *ctx,void *cb_arg);
 void	ERR_load_BN_strings(void );
 
 BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
 BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
 void     bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num);
-BN_ULONG bn_div64(BN_ULONG h, BN_ULONG l, BN_ULONG d);
+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
 BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num);
+BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num);
 
 BN_MONT_CTX *BN_MONT_CTX_new(void );
+void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
 int BN_mod_mul_montgomery(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_MONT_CTX *mont,
-	BN_CTX *ctx);
+			  BN_CTX *ctx);
 int BN_from_montgomery(BIGNUM *r,BIGNUM *a,BN_MONT_CTX *mont,BN_CTX *ctx);
 void BN_MONT_CTX_free(BN_MONT_CTX *mont);
-int BN_MONT_CTX_set(BN_MONT_CTX *mont,BIGNUM *modulus,BN_CTX *ctx);
+int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *modulus,BN_CTX *ctx);
+BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);
 
 BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod);
 void BN_BLINDING_free(BN_BLINDING *b);
@@ -379,94 +409,26 @@ int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx);
 int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *r, BN_CTX *ctx);
 int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
 
-#else
+void BN_set_params(int mul,int high,int low,int mont);
+int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */
 
-BIGNUM *BN_value_one();
-char *	BN_options();
-BN_CTX *BN_CTX_new();
-void	BN_CTX_free();
-int     BN_rand();
-int	BN_num_bits();
-int	BN_num_bits_word();
-BIGNUM *BN_new();
-void	BN_clear_free();
-BIGNUM *BN_copy();
-BIGNUM *BN_bin2bn();
-int	BN_bn2bin();
-BIGNUM *BN_mpi2bn();
-int	BN_bn2mpi();
-int	BN_sub();
-void	bn_qsub();
-void	bn_qadd();
-int	BN_add();
-int	BN_mod();
-int	BN_div();
-int	BN_mul();
-int	BN_sqr();
-BN_ULONG BN_mod_word();
-BN_ULONG BN_div_word();
-int	BN_add_word();
-int	BN_sub_word();
-int	BN_mul_word();
-int	BN_set_word();
-unsigned long BN_get_word();
-int	BN_cmp();
-void	BN_free();
-int	BN_is_bit_set();
-int	BN_lshift();
-int	BN_lshift1();
-int	BN_exp();
-int	BN_mod_exp();
-int	BN_mod_exp_mont();
-int	BN_mod_exp_recp();
-int	BN_mod_exp_simple();
-int	BN_mask_bits();
-int	BN_mod_mul_reciprocal();
-int	BN_mod_mul();
-#ifndef WIN16
-int	BN_print_fp();
-#endif
-int	BN_print();
-int	BN_reciprocal();
-int	BN_rshift();
-int	BN_rshift1();
-void	BN_clear();
-BIGNUM *bn_expand2();
-BIGNUM *BN_dup();
-int	BN_ucmp();
-int	BN_set_bit();
-int	BN_clear_bit();
-char *	BN_bn2hex();
-char *	BN_bn2dec();
-int 	BN_hex2bn();
-int 	BN_dec2bn();
-int	BN_gcd();
-BIGNUM *BN_mod_inverse();
-BIGNUM *BN_generate_prime();
-int	BN_is_prime();
-void	ERR_load_BN_strings();
-
-BN_ULONG bn_mul_add_words();
-BN_ULONG bn_mul_words();
-void     bn_sqr_words();
-BN_ULONG bn_div64();
-BN_ULONG bn_add_words();
-
-int BN_mod_mul_montgomery();
-int BN_from_montgomery();
-BN_MONT_CTX *BN_MONT_CTX_new();
-void BN_MONT_CTX_free();
-int BN_MONT_CTX_set();
-
-BN_BLINDING *BN_BLINDING_new();
-void BN_BLINDING_free();
-int BN_BLINDING_update();
-int BN_BLINDING_convert();
-int BN_BLINDING_invert();
+void	BN_RECP_CTX_init(BN_RECP_CTX *recp);
+BN_RECP_CTX *BN_RECP_CTX_new(void);
+void	BN_RECP_CTX_free(BN_RECP_CTX *recp);
+int	BN_RECP_CTX_set(BN_RECP_CTX *recp,const BIGNUM *rdiv,BN_CTX *ctx);
+int	BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *x, BIGNUM *y,
+		BN_RECP_CTX *recp,BN_CTX *ctx);
+int	BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+			const BIGNUM *m, BN_CTX *ctx);
+int	BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m,
+		BN_RECP_CTX *recp, BN_CTX *ctx);
 
-#endif
 
 /* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
 /* Error codes for the BN functions. */
 
 /* Function codes. */
@@ -485,16 +447,19 @@ int BN_BLINDING_invert();
 #define BN_F_BN_MPI2BN					 112
 #define BN_F_BN_NEW					 113
 #define BN_F_BN_RAND					 114
+#define BN_F_BN_USUB					 115
 
 /* Reason codes. */
-#define BN_R_BAD_RECIPROCAL				 100
-#define BN_R_CALLED_WITH_EVEN_MODULUS			 101
-#define BN_R_DIV_BY_ZERO				 102
-#define BN_R_ENCODING_ERROR				 103
-#define BN_R_INVALID_LENGTH				 104
-#define BN_R_NOT_INITALISED				 105
-#define BN_R_NO_INVERSE					 106
- 
+#define BN_R_ARG2_LT_ARG3				 100
+#define BN_R_BAD_RECIPROCAL				 101
+#define BN_R_CALLED_WITH_EVEN_MODULUS			 102
+#define BN_R_DIV_BY_ZERO				 103
+#define BN_R_ENCODING_ERROR				 104
+#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA		 105
+#define BN_R_INVALID_LENGTH				 106
+#define BN_R_NOT_INITIALIZED				 107
+#define BN_R_NO_INVERSE					 108
+
 #ifdef  __cplusplus
 }
 #endif
diff --git a/lib/libssl/src/crypto/bn/bn.mul b/lib/libssl/src/crypto/bn/bn.mul
new file mode 100644
index 00000000000..9728870d38a
--- /dev/null
+++ b/lib/libssl/src/crypto/bn/bn.mul
@@ -0,0 +1,19 @@
+We need
+
+* bn_mul_comba8
+* bn_mul_comba4
+* bn_mul_normal
+* bn_mul_recursive
+
+* bn_sqr_comba8
+* bn_sqr_comba4
+bn_sqr_normal -> BN_sqr
+* bn_sqr_recursive
+
+* bn_mul_low_recursive
+* bn_mul_low_normal
+* bn_mul_high
+
+* bn_mul_part_recursive	# symetric but not power of 2
+
+bn_mul_asymetric_recursive # uneven, but do the chop up.
diff --git a/lib/libssl/src/crypto/bn/bn_add.c b/lib/libssl/src/crypto/bn/bn_add.c
index efb2e312e85..c5ab066c9e4 100644
--- a/lib/libssl/src/crypto/bn/bn_add.c
+++ b/lib/libssl/src/crypto/bn/bn_add.c
@@ -61,14 +61,13 @@
 #include "bn_lcl.h"
 
 /* r can == a or b */
-int BN_add(r, a, b)
-BIGNUM *r;
-BIGNUM *a;
-BIGNUM *b;
+int BN_add(BIGNUM *r, BIGNUM *a, BIGNUM *b)
 	{
-	int i;
 	BIGNUM *tmp;
 
+	bn_check_top(a);
+	bn_check_top(b);
+
 	/*  a +  b	a+b
 	 *  a + -b	a-b
 	 * -a +  b	b-a
@@ -84,14 +83,12 @@ BIGNUM *b;
 
 		if (BN_ucmp(a,b) < 0)
 			{
-			if (bn_wexpand(r,b->top) == NULL) return(0);
-			bn_qsub(r,b,a);
+			if (!BN_usub(r,b,a)) return(0);
 			r->neg=1;
 			}
 		else
 			{
-			if (bn_wexpand(r,a->top) == NULL) return(0);
-			bn_qsub(r,a,b);
+			if (!BN_usub(r,a,b)) return(0);
 			r->neg=0;
 			}
 		return(1);
@@ -102,35 +99,32 @@ BIGNUM *b;
 	else
 		r->neg=0;
 
-	i=(a->top > b->top);
-
-	if (i)
-		{
-		if (bn_wexpand(r,a->top+1) == NULL) return(0);
-		bn_qadd(r,a,b);
-		}
-	else
-		{
-		if (bn_wexpand(r,b->top+1) == NULL) return(0);
-		bn_qadd(r,b,a);
-		}
+	if (!BN_uadd(r,a,b)) return(0);
 	return(1);
 	}
 
 /* unsigned add of b to a, r must be large enough */
-void bn_qadd(r,a,b)
-BIGNUM *r;
-BIGNUM *a;
-BIGNUM *b;
+int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
 	{
 	register int i;
 	int max,min;
 	BN_ULONG *ap,*bp,*rp,carry,t1;
+	const BIGNUM *tmp;
+
+	bn_check_top(a);
+	bn_check_top(b);
 
+	if (a->top < b->top)
+		{ tmp=a; a=b; b=tmp; }
 	max=a->top;
 	min=b->top;
+
+	if (bn_wexpand(r,max+1) == NULL)
+		return(0);
+
 	r->top=max;
 
+
 	ap=a->d;
 	bp=b->d;
 	rp=r->d;
@@ -160,8 +154,154 @@ BIGNUM *b;
 			r->top++;
 			}
 		}
-	for (; i<max; i++)
-		*(rp++)= *(ap++);
+	if (rp != ap)
+		{
+		for (; i<max; i++)
+			*(rp++)= *(ap++);
+		}
 	/* memcpy(rp,ap,sizeof(*ap)*(max-i));*/
+	return(1);
+	}
+
+/* unsigned subtraction of b from a, a must be larger than b. */
+int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+	{
+	int max,min;
+	register BN_ULONG t1,t2,*ap,*bp,*rp;
+	int i,carry;
+#if defined(IRIX_CC_BUG) && !defined(LINT)
+	int dummy;
+#endif
+
+	bn_check_top(a);
+	bn_check_top(b);
+
+	if (a->top < b->top) /* hmm... should not be happening */
+		{
+		BNerr(BN_F_BN_USUB,BN_R_ARG2_LT_ARG3);
+		return(0);
+		}
+
+	max=a->top;
+	min=b->top;
+	if (bn_wexpand(r,max) == NULL) return(0);
+
+	ap=a->d;
+	bp=b->d;
+	rp=r->d;
+
+#if 1
+	carry=0;
+	for (i=0; i<min; i++)
+		{
+		t1= *(ap++);
+		t2= *(bp++);
+		if (carry)
+			{
+			carry=(t1 <= t2);
+			t1=(t1-t2-1)&BN_MASK2;
+			}
+		else
+			{
+			carry=(t1 < t2);
+			t1=(t1-t2)&BN_MASK2;
+			}
+#if defined(IRIX_CC_BUG) && !defined(LINT)
+		dummy=t1;
+#endif
+		*(rp++)=t1&BN_MASK2;
+		}
+#else
+	carry=bn_sub_words(rp,ap,bp,min);
+	ap+=min;
+	bp+=min;
+	rp+=min;
+	i=min;
+#endif
+	if (carry) /* subtracted */
+		{
+		while (i < max)
+			{
+			i++;
+			t1= *(ap++);
+			t2=(t1-1)&BN_MASK2;
+			*(rp++)=t2;
+			if (t1 > t2) break;
+			}
+		}
+#if 0
+	memcpy(rp,ap,sizeof(*rp)*(max-i));
+#else
+	if (rp != ap)
+		{
+		for (;;)
+			{
+			if (i++ >= max) break;
+			rp[0]=ap[0];
+			if (i++ >= max) break;
+			rp[1]=ap[1];
+			if (i++ >= max) break;
+			rp[2]=ap[2];
+			if (i++ >= max) break;
+			rp[3]=ap[3];
+			rp+=4;
+			ap+=4;
+			}
+		}
+#endif
+
+	r->top=max;
+	bn_fix_top(r);
+	return(1);
+	}
+
+int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+	{
+	int max;
+	int add=0,neg=0;
+	const BIGNUM *tmp;
+
+	bn_check_top(a);
+	bn_check_top(b);
+
+	/*  a -  b	a-b
+	 *  a - -b	a+b
+	 * -a -  b	-(a+b)
+	 * -a - -b	b-a
+	 */
+	if (a->neg)
+		{
+		if (b->neg)
+			{ tmp=a; a=b; b=tmp; }
+		else
+			{ add=1; neg=1; }
+		}
+	else
+		{
+		if (b->neg) { add=1; neg=0; }
+		}
+
+	if (add)
+		{
+		if (!BN_uadd(r,a,b)) return(0);
+		r->neg=neg;
+		return(1);
+		}
+
+	/* We are actually doing a - b :-) */
+
+	max=(a->top > b->top)?a->top:b->top;
+	if (bn_wexpand(r,max) == NULL) return(0);
+	if (BN_ucmp(a,b) < 0)
+		{
+		if (!BN_usub(r,b,a)) return(0);
+		r->neg=1;
+		}
+	else
+		{
+		if (!BN_usub(r,a,b)) return(0);
+		r->neg=0;
+		}
+	return(1);
 	}
 
diff --git a/lib/libssl/src/crypto/bn/bn_asm.c b/lib/libssl/src/crypto/bn/bn_asm.c
new file mode 100644
index 00000000000..4d3da16a0c9
--- /dev/null
+++ b/lib/libssl/src/crypto/bn/bn_asm.c
@@ -0,0 +1,802 @@
+/* crypto/bn/bn_asm.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+#ifdef BN_LLONG 
+
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+	{
+	BN_ULONG c1=0;
+
+	bn_check_num(num);
+	if (num <= 0) return(c1);
+
+	for (;;)
+		{
+		mul_add(rp[0],ap[0],w,c1);
+		if (--num == 0) break;
+		mul_add(rp[1],ap[1],w,c1);
+		if (--num == 0) break;
+		mul_add(rp[2],ap[2],w,c1);
+		if (--num == 0) break;
+		mul_add(rp[3],ap[3],w,c1);
+		if (--num == 0) break;
+		ap+=4;
+		rp+=4;
+		}
+	
+	return(c1);
+	} 
+
+BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+	{
+	BN_ULONG c1=0;
+
+	bn_check_num(num);
+	if (num <= 0) return(c1);
+
+	/* for (;;) */
+	while (1) /* circumvent egcs-1.1.2 bug */
+		{
+		mul(rp[0],ap[0],w,c1);
+		if (--num == 0) break;
+		mul(rp[1],ap[1],w,c1);
+		if (--num == 0) break;
+		mul(rp[2],ap[2],w,c1);
+		if (--num == 0) break;
+		mul(rp[3],ap[3],w,c1);
+		if (--num == 0) break;
+		ap+=4;
+		rp+=4;
+		}
+	return(c1);
+	} 
+
+void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n)
+        {
+	bn_check_num(n);
+	if (n <= 0) return;
+	for (;;)
+		{
+		BN_ULLONG t;
+
+		t=(BN_ULLONG)(a[0])*(a[0]);
+		r[0]=Lw(t); r[1]=Hw(t);
+		if (--n == 0) break;
+
+		t=(BN_ULLONG)(a[1])*(a[1]);
+		r[2]=Lw(t); r[3]=Hw(t);
+		if (--n == 0) break;
+
+		t=(BN_ULLONG)(a[2])*(a[2]);
+		r[4]=Lw(t); r[5]=Hw(t);
+		if (--n == 0) break;
+
+		t=(BN_ULLONG)(a[3])*(a[3]);
+		r[6]=Lw(t); r[7]=Hw(t);
+		if (--n == 0) break;
+
+		a+=4;
+		r+=8;
+		}
+	}
+
+#else
+
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+	{
+	BN_ULONG c=0;
+	BN_ULONG bl,bh;
+
+	bn_check_num(num);
+	if (num <= 0) return((BN_ULONG)0);
+
+	bl=LBITS(w);
+	bh=HBITS(w);
+
+	for (;;)
+		{
+		mul_add(rp[0],ap[0],bl,bh,c);
+		if (--num == 0) break;
+		mul_add(rp[1],ap[1],bl,bh,c);
+		if (--num == 0) break;
+		mul_add(rp[2],ap[2],bl,bh,c);
+		if (--num == 0) break;
+		mul_add(rp[3],ap[3],bl,bh,c);
+		if (--num == 0) break;
+		ap+=4;
+		rp+=4;
+		}
+	return(c);
+	} 
+
+BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+	{
+	BN_ULONG carry=0;
+	BN_ULONG bl,bh;
+
+	bn_check_num(num);
+	if (num <= 0) return((BN_ULONG)0);
+
+	bl=LBITS(w);
+	bh=HBITS(w);
+
+	for (;;)
+		{
+		mul(rp[0],ap[0],bl,bh,carry);
+		if (--num == 0) break;
+		mul(rp[1],ap[1],bl,bh,carry);
+		if (--num == 0) break;
+		mul(rp[2],ap[2],bl,bh,carry);
+		if (--num == 0) break;
+		mul(rp[3],ap[3],bl,bh,carry);
+		if (--num == 0) break;
+		ap+=4;
+		rp+=4;
+		}
+	return(carry);
+	} 
+
+void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n)
+        {
+	bn_check_num(n);
+	if (n <= 0) return;
+	for (;;)
+		{
+		sqr64(r[0],r[1],a[0]);
+		if (--n == 0) break;
+
+		sqr64(r[2],r[3],a[1]);
+		if (--n == 0) break;
+
+		sqr64(r[4],r[5],a[2]);
+		if (--n == 0) break;
+
+		sqr64(r[6],r[7],a[3]);
+		if (--n == 0) break;
+
+		a+=4;
+		r+=8;
+		}
+	}
+
+#endif
+
+#if defined(BN_LLONG) && defined(BN_DIV2W)
+
+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
+	{
+	return((BN_ULONG)(((((BN_ULLONG)h)<<BN_BITS2)|l)/(BN_ULLONG)d));
+	}
+
+#else
+
+/* Divide h-l by d and return the result. */
+/* I need to test this some more :-( */
+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
+	{
+	BN_ULONG dh,dl,q,ret=0,th,tl,t;
+	int i,count=2;
+
+	if (d == 0) return(BN_MASK2);
+
+	i=BN_num_bits_word(d);
+	if ((i != BN_BITS2) && (h > (BN_ULONG)1<<i))
+		{
+#if !defined(NO_STDIO) && !defined(WIN16)
+		fprintf(stderr,"Division would overflow (%d)\n",i);
+#endif
+		abort();
+		}
+	i=BN_BITS2-i;
+	if (h >= d) h-=d;
+
+	if (i)
+		{
+		d<<=i;
+		h=(h<<i)|(l>>(BN_BITS2-i));
+		l<<=i;
+		}
+	dh=(d&BN_MASK2h)>>BN_BITS4;
+	dl=(d&BN_MASK2l);
+	for (;;)
+		{
+		if ((h>>BN_BITS4) == dh)
+			q=BN_MASK2l;
+		else
+			q=h/dh;
+
+		th=q*dh;
+		tl=dl*q;
+		for (;;)
+			{
+			t=h-th;
+			if ((t&BN_MASK2h) ||
+				((tl) <= (
+					(t<<BN_BITS4)|
+					((l&BN_MASK2h)>>BN_BITS4))))
+				break;
+			q--;
+			th-=dh;
+			tl-=dl;
+			}
+		t=(tl>>BN_BITS4);
+		tl=(tl<<BN_BITS4)&BN_MASK2h;
+		th+=t;
+
+		if (l < tl) th++;
+		l-=tl;
+		if (h < th)
+			{
+			h+=d;
+			q--;
+			}
+		h-=th;
+
+		if (--count == 0) break;
+
+		ret=q<<BN_BITS4;
+		h=((h<<BN_BITS4)|(l>>BN_BITS4))&BN_MASK2;
+		l=(l&BN_MASK2l)<<BN_BITS4;
+		}
+	ret|=q;
+	return(ret);
+	}
+#endif
+
+#ifdef BN_LLONG
+BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+        {
+	BN_ULLONG ll=0;
+
+	bn_check_num(n);
+	if (n <= 0) return((BN_ULONG)0);
+
+	for (;;)
+		{
+		ll+=(BN_ULLONG)a[0]+b[0];
+		r[0]=(BN_ULONG)ll&BN_MASK2;
+		ll>>=BN_BITS2;
+		if (--n <= 0) break;
+
+		ll+=(BN_ULLONG)a[1]+b[1];
+		r[1]=(BN_ULONG)ll&BN_MASK2;
+		ll>>=BN_BITS2;
+		if (--n <= 0) break;
+
+		ll+=(BN_ULLONG)a[2]+b[2];
+		r[2]=(BN_ULONG)ll&BN_MASK2;
+		ll>>=BN_BITS2;
+		if (--n <= 0) break;
+
+		ll+=(BN_ULLONG)a[3]+b[3];
+		r[3]=(BN_ULONG)ll&BN_MASK2;
+		ll>>=BN_BITS2;
+		if (--n <= 0) break;
+
+		a+=4;
+		b+=4;
+		r+=4;
+		}
+	return((BN_ULONG)ll);
+	}
+#else
+BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+        {
+	BN_ULONG c,l,t;
+
+	bn_check_num(n);
+	if (n <= 0) return((BN_ULONG)0);
+
+	c=0;
+	for (;;)
+		{
+		t=a[0];
+		t=(t+c)&BN_MASK2;
+		c=(t < c);
+		l=(t+b[0])&BN_MASK2;
+		c+=(l < t);
+		r[0]=l;
+		if (--n <= 0) break;
+
+		t=a[1];
+		t=(t+c)&BN_MASK2;
+		c=(t < c);
+		l=(t+b[1])&BN_MASK2;
+		c+=(l < t);
+		r[1]=l;
+		if (--n <= 0) break;
+
+		t=a[2];
+		t=(t+c)&BN_MASK2;
+		c=(t < c);
+		l=(t+b[2])&BN_MASK2;
+		c+=(l < t);
+		r[2]=l;
+		if (--n <= 0) break;
+
+		t=a[3];
+		t=(t+c)&BN_MASK2;
+		c=(t < c);
+		l=(t+b[3])&BN_MASK2;
+		c+=(l < t);
+		r[3]=l;
+		if (--n <= 0) break;
+
+		a+=4;
+		b+=4;
+		r+=4;
+		}
+	return((BN_ULONG)c);
+	}
+#endif
+
+BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+        {
+	BN_ULONG t1,t2;
+	int c=0;
+
+	bn_check_num(n);
+	if (n <= 0) return((BN_ULONG)0);
+
+	for (;;)
+		{
+		t1=a[0]; t2=b[0];
+		r[0]=(t1-t2-c)&BN_MASK2;
+		if (t1 != t2) c=(t1 < t2);
+		if (--n <= 0) break;
+
+		t1=a[1]; t2=b[1];
+		r[1]=(t1-t2-c)&BN_MASK2;
+		if (t1 != t2) c=(t1 < t2);
+		if (--n <= 0) break;
+
+		t1=a[2]; t2=b[2];
+		r[2]=(t1-t2-c)&BN_MASK2;
+		if (t1 != t2) c=(t1 < t2);
+		if (--n <= 0) break;
+
+		t1=a[3]; t2=b[3];
+		r[3]=(t1-t2-c)&BN_MASK2;
+		if (t1 != t2) c=(t1 < t2);
+		if (--n <= 0) break;
+
+		a+=4;
+		b+=4;
+		r+=4;
+		}
+	return(c);
+	}
+
+#ifdef BN_MUL_COMBA
+
+#undef bn_mul_comba8
+#undef bn_mul_comba4
+#undef bn_sqr_comba8
+#undef bn_sqr_comba4
+
+#ifdef BN_LLONG
+#define mul_add_c(a,b,c0,c1,c2) \
+	t=(BN_ULLONG)a*b; \
+	t1=(BN_ULONG)Lw(t); \
+	t2=(BN_ULONG)Hw(t); \
+	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define mul_add_c2(a,b,c0,c1,c2) \
+	t=(BN_ULLONG)a*b; \
+	tt=(t+t)&BN_MASK; \
+	if (tt < t) c2++; \
+	t1=(BN_ULONG)Lw(tt); \
+	t2=(BN_ULONG)Hw(tt); \
+	c0=(c0+t1)&BN_MASK2;  \
+	if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \
+	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define sqr_add_c(a,i,c0,c1,c2) \
+	t=(BN_ULLONG)a[i]*a[i]; \
+	t1=(BN_ULONG)Lw(t); \
+	t2=(BN_ULONG)Hw(t); \
+	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define sqr_add_c2(a,i,j,c0,c1,c2) \
+	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+#else
+#define mul_add_c(a,b,c0,c1,c2) \
+	t1=LBITS(a); t2=HBITS(a); \
+	bl=LBITS(b); bh=HBITS(b); \
+	mul64(t1,t2,bl,bh); \
+	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define mul_add_c2(a,b,c0,c1,c2) \
+	t1=LBITS(a); t2=HBITS(a); \
+	bl=LBITS(b); bh=HBITS(b); \
+	mul64(t1,t2,bl,bh); \
+	if (t2 & BN_TBIT) c2++; \
+	t2=(t2+t2)&BN_MASK2; \
+	if (t1 & BN_TBIT) t2++; \
+	t1=(t1+t1)&BN_MASK2; \
+	c0=(c0+t1)&BN_MASK2;  \
+	if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \
+	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define sqr_add_c(a,i,c0,c1,c2) \
+	sqr64(t1,t2,(a)[i]); \
+	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define sqr_add_c2(a,i,j,c0,c1,c2) \
+	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+#endif
+
+void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+	{
+#ifdef BN_LLONG
+	BN_ULLONG t;
+#else
+	BN_ULONG bl,bh;
+#endif
+	BN_ULONG t1,t2;
+	BN_ULONG c1,c2,c3;
+
+	c1=0;
+	c2=0;
+	c3=0;
+	mul_add_c(a[0],b[0],c1,c2,c3);
+	r[0]=c1;
+	c1=0;
+	mul_add_c(a[0],b[1],c2,c3,c1);
+	mul_add_c(a[1],b[0],c2,c3,c1);
+	r[1]=c2;
+	c2=0;
+	mul_add_c(a[2],b[0],c3,c1,c2);
+	mul_add_c(a[1],b[1],c3,c1,c2);
+	mul_add_c(a[0],b[2],c3,c1,c2);
+	r[2]=c3;
+	c3=0;
+	mul_add_c(a[0],b[3],c1,c2,c3);
+	mul_add_c(a[1],b[2],c1,c2,c3);
+	mul_add_c(a[2],b[1],c1,c2,c3);
+	mul_add_c(a[3],b[0],c1,c2,c3);
+	r[3]=c1;
+	c1=0;
+	mul_add_c(a[4],b[0],c2,c3,c1);
+	mul_add_c(a[3],b[1],c2,c3,c1);
+	mul_add_c(a[2],b[2],c2,c3,c1);
+	mul_add_c(a[1],b[3],c2,c3,c1);
+	mul_add_c(a[0],b[4],c2,c3,c1);
+	r[4]=c2;
+	c2=0;
+	mul_add_c(a[0],b[5],c3,c1,c2);
+	mul_add_c(a[1],b[4],c3,c1,c2);
+	mul_add_c(a[2],b[3],c3,c1,c2);
+	mul_add_c(a[3],b[2],c3,c1,c2);
+	mul_add_c(a[4],b[1],c3,c1,c2);
+	mul_add_c(a[5],b[0],c3,c1,c2);
+	r[5]=c3;
+	c3=0;
+	mul_add_c(a[6],b[0],c1,c2,c3);
+	mul_add_c(a[5],b[1],c1,c2,c3);
+	mul_add_c(a[4],b[2],c1,c2,c3);
+	mul_add_c(a[3],b[3],c1,c2,c3);
+	mul_add_c(a[2],b[4],c1,c2,c3);
+	mul_add_c(a[1],b[5],c1,c2,c3);
+	mul_add_c(a[0],b[6],c1,c2,c3);
+	r[6]=c1;
+	c1=0;
+	mul_add_c(a[0],b[7],c2,c3,c1);
+	mul_add_c(a[1],b[6],c2,c3,c1);
+	mul_add_c(a[2],b[5],c2,c3,c1);
+	mul_add_c(a[3],b[4],c2,c3,c1);
+	mul_add_c(a[4],b[3],c2,c3,c1);
+	mul_add_c(a[5],b[2],c2,c3,c1);
+	mul_add_c(a[6],b[1],c2,c3,c1);
+	mul_add_c(a[7],b[0],c2,c3,c1);
+	r[7]=c2;
+	c2=0;
+	mul_add_c(a[7],b[1],c3,c1,c2);
+	mul_add_c(a[6],b[2],c3,c1,c2);
+	mul_add_c(a[5],b[3],c3,c1,c2);
+	mul_add_c(a[4],b[4],c3,c1,c2);
+	mul_add_c(a[3],b[5],c3,c1,c2);
+	mul_add_c(a[2],b[6],c3,c1,c2);
+	mul_add_c(a[1],b[7],c3,c1,c2);
+	r[8]=c3;
+	c3=0;
+	mul_add_c(a[2],b[7],c1,c2,c3);
+	mul_add_c(a[3],b[6],c1,c2,c3);
+	mul_add_c(a[4],b[5],c1,c2,c3);
+	mul_add_c(a[5],b[4],c1,c2,c3);
+	mul_add_c(a[6],b[3],c1,c2,c3);
+	mul_add_c(a[7],b[2],c1,c2,c3);
+	r[9]=c1;
+	c1=0;
+	mul_add_c(a[7],b[3],c2,c3,c1);
+	mul_add_c(a[6],b[4],c2,c3,c1);
+	mul_add_c(a[5],b[5],c2,c3,c1);
+	mul_add_c(a[4],b[6],c2,c3,c1);
+	mul_add_c(a[3],b[7],c2,c3,c1);
+	r[10]=c2;
+	c2=0;
+	mul_add_c(a[4],b[7],c3,c1,c2);
+	mul_add_c(a[5],b[6],c3,c1,c2);
+	mul_add_c(a[6],b[5],c3,c1,c2);
+	mul_add_c(a[7],b[4],c3,c1,c2);
+	r[11]=c3;
+	c3=0;
+	mul_add_c(a[7],b[5],c1,c2,c3);
+	mul_add_c(a[6],b[6],c1,c2,c3);
+	mul_add_c(a[5],b[7],c1,c2,c3);
+	r[12]=c1;
+	c1=0;
+	mul_add_c(a[6],b[7],c2,c3,c1);
+	mul_add_c(a[7],b[6],c2,c3,c1);
+	r[13]=c2;
+	c2=0;
+	mul_add_c(a[7],b[7],c3,c1,c2);
+	r[14]=c3;
+	r[15]=c1;
+	}
+
+void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+	{
+#ifdef BN_LLONG
+	BN_ULLONG t;
+#else
+	BN_ULONG bl,bh;
+#endif
+	BN_ULONG t1,t2;
+	BN_ULONG c1,c2,c3;
+
+	c1=0;
+	c2=0;
+	c3=0;
+	mul_add_c(a[0],b[0],c1,c2,c3);
+	r[0]=c1;
+	c1=0;
+	mul_add_c(a[0],b[1],c2,c3,c1);
+	mul_add_c(a[1],b[0],c2,c3,c1);
+	r[1]=c2;
+	c2=0;
+	mul_add_c(a[2],b[0],c3,c1,c2);
+	mul_add_c(a[1],b[1],c3,c1,c2);
+	mul_add_c(a[0],b[2],c3,c1,c2);
+	r[2]=c3;
+	c3=0;
+	mul_add_c(a[0],b[3],c1,c2,c3);
+	mul_add_c(a[1],b[2],c1,c2,c3);
+	mul_add_c(a[2],b[1],c1,c2,c3);
+	mul_add_c(a[3],b[0],c1,c2,c3);
+	r[3]=c1;
+	c1=0;
+	mul_add_c(a[3],b[1],c2,c3,c1);
+	mul_add_c(a[2],b[2],c2,c3,c1);
+	mul_add_c(a[1],b[3],c2,c3,c1);
+	r[4]=c2;
+	c2=0;
+	mul_add_c(a[2],b[3],c3,c1,c2);
+	mul_add_c(a[3],b[2],c3,c1,c2);
+	r[5]=c3;
+	c3=0;
+	mul_add_c(a[3],b[3],c1,c2,c3);
+	r[6]=c1;
+	r[7]=c2;
+	}
+
+void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
+	{
+#ifdef BN_LLONG
+	BN_ULLONG t,tt;
+#else
+	BN_ULONG bl,bh;
+#endif
+	BN_ULONG t1,t2;
+	BN_ULONG c1,c2,c3;
+
+	c1=0;
+	c2=0;
+	c3=0;
+	sqr_add_c(a,0,c1,c2,c3);
+	r[0]=c1;
+	c1=0;
+	sqr_add_c2(a,1,0,c2,c3,c1);
+	r[1]=c2;
+	c2=0;
+	sqr_add_c(a,1,c3,c1,c2);
+	sqr_add_c2(a,2,0,c3,c1,c2);
+	r[2]=c3;
+	c3=0;
+	sqr_add_c2(a,3,0,c1,c2,c3);
+	sqr_add_c2(a,2,1,c1,c2,c3);
+	r[3]=c1;
+	c1=0;
+	sqr_add_c(a,2,c2,c3,c1);
+	sqr_add_c2(a,3,1,c2,c3,c1);
+	sqr_add_c2(a,4,0,c2,c3,c1);
+	r[4]=c2;
+	c2=0;
+	sqr_add_c2(a,5,0,c3,c1,c2);
+	sqr_add_c2(a,4,1,c3,c1,c2);
+	sqr_add_c2(a,3,2,c3,c1,c2);
+	r[5]=c3;
+	c3=0;
+	sqr_add_c(a,3,c1,c2,c3);
+	sqr_add_c2(a,4,2,c1,c2,c3);
+	sqr_add_c2(a,5,1,c1,c2,c3);
+	sqr_add_c2(a,6,0,c1,c2,c3);
+	r[6]=c1;
+	c1=0;
+	sqr_add_c2(a,7,0,c2,c3,c1);
+	sqr_add_c2(a,6,1,c2,c3,c1);
+	sqr_add_c2(a,5,2,c2,c3,c1);
+	sqr_add_c2(a,4,3,c2,c3,c1);
+	r[7]=c2;
+	c2=0;
+	sqr_add_c(a,4,c3,c1,c2);
+	sqr_add_c2(a,5,3,c3,c1,c2);
+	sqr_add_c2(a,6,2,c3,c1,c2);
+	sqr_add_c2(a,7,1,c3,c1,c2);
+	r[8]=c3;
+	c3=0;
+	sqr_add_c2(a,7,2,c1,c2,c3);
+	sqr_add_c2(a,6,3,c1,c2,c3);
+	sqr_add_c2(a,5,4,c1,c2,c3);
+	r[9]=c1;
+	c1=0;
+	sqr_add_c(a,5,c2,c3,c1);
+	sqr_add_c2(a,6,4,c2,c3,c1);
+	sqr_add_c2(a,7,3,c2,c3,c1);
+	r[10]=c2;
+	c2=0;
+	sqr_add_c2(a,7,4,c3,c1,c2);
+	sqr_add_c2(a,6,5,c3,c1,c2);
+	r[11]=c3;
+	c3=0;
+	sqr_add_c(a,6,c1,c2,c3);
+	sqr_add_c2(a,7,5,c1,c2,c3);
+	r[12]=c1;
+	c1=0;
+	sqr_add_c2(a,7,6,c2,c3,c1);
+	r[13]=c2;
+	c2=0;
+	sqr_add_c(a,7,c3,c1,c2);
+	r[14]=c3;
+	r[15]=c1;
+	}
+
+void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
+	{
+#ifdef BN_LLONG
+	BN_ULLONG t,tt;
+#else
+	BN_ULONG bl,bh;
+#endif
+	BN_ULONG t1,t2;
+	BN_ULONG c1,c2,c3;
+
+	c1=0;
+	c2=0;
+	c3=0;
+	sqr_add_c(a,0,c1,c2,c3);
+	r[0]=c1;
+	c1=0;
+	sqr_add_c2(a,1,0,c2,c3,c1);
+	r[1]=c2;
+	c2=0;
+	sqr_add_c(a,1,c3,c1,c2);
+	sqr_add_c2(a,2,0,c3,c1,c2);
+	r[2]=c3;
+	c3=0;
+	sqr_add_c2(a,3,0,c1,c2,c3);
+	sqr_add_c2(a,2,1,c1,c2,c3);
+	r[3]=c1;
+	c1=0;
+	sqr_add_c(a,2,c2,c3,c1);
+	sqr_add_c2(a,3,1,c2,c3,c1);
+	r[4]=c2;
+	c2=0;
+	sqr_add_c2(a,3,2,c3,c1,c2);
+	r[5]=c3;
+	c3=0;
+	sqr_add_c(a,3,c1,c2,c3);
+	r[6]=c1;
+	r[7]=c2;
+	}
+#else
+
+/* hmm... is it faster just to do a multiply? */
+#undef bn_sqr_comba4
+void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
+	{
+	BN_ULONG t[8];
+	bn_sqr_normal(r,a,4,t);
+	}
+
+#undef bn_sqr_comba8
+void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
+	{
+	BN_ULONG t[16];
+	bn_sqr_normal(r,a,8,t);
+	}
+
+void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+	{
+	r[4]=bn_mul_words(    &(r[0]),a,4,b[0]);
+	r[5]=bn_mul_add_words(&(r[1]),a,4,b[1]);
+	r[6]=bn_mul_add_words(&(r[2]),a,4,b[2]);
+	r[7]=bn_mul_add_words(&(r[3]),a,4,b[3]);
+	}
+
+void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+	{
+	r[ 8]=bn_mul_words(    &(r[0]),a,8,b[0]);
+	r[ 9]=bn_mul_add_words(&(r[1]),a,8,b[1]);
+	r[10]=bn_mul_add_words(&(r[2]),a,8,b[2]);
+	r[11]=bn_mul_add_words(&(r[3]),a,8,b[3]);
+	r[12]=bn_mul_add_words(&(r[4]),a,8,b[4]);
+	r[13]=bn_mul_add_words(&(r[5]),a,8,b[5]);
+	r[14]=bn_mul_add_words(&(r[6]),a,8,b[6]);
+	r[15]=bn_mul_add_words(&(r[7]),a,8,b[7]);
+	}
+
+#endif /* BN_COMBA */
diff --git a/lib/libssl/src/crypto/bn/bn_blind.c b/lib/libssl/src/crypto/bn/bn_blind.c
index a7b34f0bf07..1b1bb060463 100644
--- a/lib/libssl/src/crypto/bn/bn_blind.c
+++ b/lib/libssl/src/crypto/bn/bn_blind.c
@@ -60,15 +60,18 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-BN_BLINDING *BN_BLINDING_new(A,Ai,mod)
-BIGNUM *A;
-BIGNUM *Ai;
-BIGNUM *mod;
+BN_BLINDING *BN_BLINDING_new(BIGNUM *A, BIGNUM *Ai, BIGNUM *mod)
 	{
 	BN_BLINDING *ret=NULL;
 
+	bn_check_top(Ai);
+	bn_check_top(mod);
+
 	if ((ret=(BN_BLINDING *)Malloc(sizeof(BN_BLINDING))) == NULL)
+		{
 		BNerr(BN_F_BN_BLINDING_NEW,ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
 	memset(ret,0,sizeof(BN_BLINDING));
 	if ((ret->A=BN_new()) == NULL) goto err;
 	if ((ret->Ai=BN_new()) == NULL) goto err;
@@ -78,26 +81,26 @@ BIGNUM *mod;
 	return(ret);
 err:
 	if (ret != NULL) BN_BLINDING_free(ret);
-	return(ret);
+	return(NULL);
 	}
 
-void BN_BLINDING_free(r)
-BN_BLINDING *r;
+void BN_BLINDING_free(BN_BLINDING *r)
 	{
+	if(r == NULL)
+	    return;
+
 	if (r->A  != NULL) BN_free(r->A );
 	if (r->Ai != NULL) BN_free(r->Ai);
 	Free(r);
 	}
 
-int BN_BLINDING_update(b,ctx)
-BN_BLINDING *b;
-BN_CTX *ctx;
+int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
 	{
 	int ret=0;
 
 	if ((b->A == NULL) || (b->Ai == NULL))
 		{
-		BNerr(BN_F_BN_BLINDING_UPDATE,BN_R_NOT_INITALISED);
+		BNerr(BN_F_BN_BLINDING_UPDATE,BN_R_NOT_INITIALIZED);
 		goto err;
 		}
 		
@@ -109,28 +112,26 @@ err:
 	return(ret);
 	}
 
-int BN_BLINDING_convert(n,b,ctx)
-BIGNUM *n;
-BN_BLINDING *b;
-BN_CTX *ctx;
+int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
 	{
+	bn_check_top(n);
+
 	if ((b->A == NULL) || (b->Ai == NULL))
 		{
-		BNerr(BN_F_BN_BLINDING_CONVERT,BN_R_NOT_INITALISED);
+		BNerr(BN_F_BN_BLINDING_CONVERT,BN_R_NOT_INITIALIZED);
 		return(0);
 		}
 	return(BN_mod_mul(n,n,b->A,b->mod,ctx));
 	}
 
-int BN_BLINDING_invert(n,b,ctx)
-BIGNUM *n;
-BN_BLINDING *b;
-BN_CTX *ctx;
+int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
 	{
 	int ret;
+
+	bn_check_top(n);
 	if ((b->A == NULL) || (b->Ai == NULL))
 		{
-		BNerr(BN_F_BN_BLINDING_INVERT,BN_R_NOT_INITALISED);
+		BNerr(BN_F_BN_BLINDING_INVERT,BN_R_NOT_INITIALIZED);
 		return(0);
 		}
 	if ((ret=BN_mod_mul(n,n,b->Ai,b->mod,ctx)) >= 0)
diff --git a/lib/libssl/src/crypto/bn/bn_comba.c b/lib/libssl/src/crypto/bn/bn_comba.c
new file mode 100644
index 00000000000..7ad09b4a6df
--- /dev/null
+++ b/lib/libssl/src/crypto/bn/bn_comba.c
@@ -0,0 +1,345 @@
+/* crypto/bn/bn_comba.c */
+#include <stdio.h>
+#include "bn_lcl.h"
+/* Auto generated from crypto/bn/comba.pl
+ */
+
+#undef bn_mul_comba8
+#undef bn_mul_comba4
+#undef bn_sqr_comba8
+#undef bn_sqr_comba4
+
+#ifdef BN_LLONG
+#define mul_add_c(a,b,c0,c1,c2) \
+	t=(BN_ULLONG)a*b; \
+	t1=(BN_ULONG)Lw(t); \
+	t2=(BN_ULONG)Hw(t); \
+	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define mul_add_c2(a,b,c0,c1,c2) \
+	t=(BN_ULLONG)a*b; \
+	tt=(t+t)&BN_MASK; \
+	if (tt < t) c2++; \
+	t1=(BN_ULONG)Lw(tt); \
+	t2=(BN_ULONG)Hw(tt); \
+	c0=(c0+t1)&BN_MASK2;  \
+	if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \
+	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define sqr_add_c(a,i,c0,c1,c2) \
+	t=(BN_ULLONG)a[i]*a[i]; \
+	t1=(BN_ULONG)Lw(t); \
+	t2=(BN_ULONG)Hw(t); \
+	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define sqr_add_c2(a,i,j,c0,c1,c2) \
+	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+#else
+#define mul_add_c(a,b,c0,c1,c2) \
+	t1=LBITS(a); t2=HBITS(a); \
+	bl=LBITS(b); bh=HBITS(b); \
+	mul64(t1,t2,bl,bh); \
+	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define mul_add_c2(a,b,c0,c1,c2) \
+	t1=LBITS(a); t2=HBITS(a); \
+	bl=LBITS(b); bh=HBITS(b); \
+	mul64(t1,t2,bl,bh); \
+	if (t2 & BN_TBIT) c2++; \
+	t2=(t2+t2)&BN_MASK2; \
+	if (t1 & BN_TBIT) t2++; \
+	t1=(t1+t1)&BN_MASK2; \
+	c0=(c0+t1)&BN_MASK2;  \
+	if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \
+	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define sqr_add_c(a,i,c0,c1,c2) \
+	sqr64(t1,t2,(a)[i]); \
+	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define sqr_add_c2(a,i,j,c0,c1,c2) \
+	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+#endif
+
+void bn_mul_comba88(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
+void bn_mul_comba44(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
+void bn_sqr_comba88(BN_ULONG *r,BN_ULONG *a);
+void bn_sqr_comba44(BN_ULONG *r,BN_ULONG *a);
+
+void bn_mul_comba88(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+	{
+#ifdef BN_LLONG
+	BN_ULLONG t;
+#else
+	BN_ULONG bl,bh;
+#endif
+	BN_ULONG t1,t2;
+	BN_ULONG c1,c2,c3;
+
+	c1=0;
+	c2=0;
+	c3=0;
+	mul_add_c(a[0],b[0],c1,c2,c3);
+	r[0]=c1;
+	c1=0;
+	mul_add_c(a[0],b[1],c2,c3,c1);
+	mul_add_c(a[1],b[0],c2,c3,c1);
+	r[1]=c2;
+	c2=0;
+	mul_add_c(a[2],b[0],c3,c1,c2);
+	mul_add_c(a[1],b[1],c3,c1,c2);
+	mul_add_c(a[0],b[2],c3,c1,c2);
+	r[2]=c3;
+	c3=0;
+	mul_add_c(a[0],b[3],c1,c2,c3);
+	mul_add_c(a[1],b[2],c1,c2,c3);
+	mul_add_c(a[2],b[1],c1,c2,c3);
+	mul_add_c(a[3],b[0],c1,c2,c3);
+	r[3]=c1;
+	c1=0;
+	mul_add_c(a[4],b[0],c2,c3,c1);
+	mul_add_c(a[3],b[1],c2,c3,c1);
+	mul_add_c(a[2],b[2],c2,c3,c1);
+	mul_add_c(a[1],b[3],c2,c3,c1);
+	mul_add_c(a[0],b[4],c2,c3,c1);
+	r[4]=c2;
+	c2=0;
+	mul_add_c(a[0],b[5],c3,c1,c2);
+	mul_add_c(a[1],b[4],c3,c1,c2);
+	mul_add_c(a[2],b[3],c3,c1,c2);
+	mul_add_c(a[3],b[2],c3,c1,c2);
+	mul_add_c(a[4],b[1],c3,c1,c2);
+	mul_add_c(a[5],b[0],c3,c1,c2);
+	r[5]=c3;
+	c3=0;
+	mul_add_c(a[6],b[0],c1,c2,c3);
+	mul_add_c(a[5],b[1],c1,c2,c3);
+	mul_add_c(a[4],b[2],c1,c2,c3);
+	mul_add_c(a[3],b[3],c1,c2,c3);
+	mul_add_c(a[2],b[4],c1,c2,c3);
+	mul_add_c(a[1],b[5],c1,c2,c3);
+	mul_add_c(a[0],b[6],c1,c2,c3);
+	r[6]=c1;
+	c1=0;
+	mul_add_c(a[0],b[7],c2,c3,c1);
+	mul_add_c(a[1],b[6],c2,c3,c1);
+	mul_add_c(a[2],b[5],c2,c3,c1);
+	mul_add_c(a[3],b[4],c2,c3,c1);
+	mul_add_c(a[4],b[3],c2,c3,c1);
+	mul_add_c(a[5],b[2],c2,c3,c1);
+	mul_add_c(a[6],b[1],c2,c3,c1);
+	mul_add_c(a[7],b[0],c2,c3,c1);
+	r[7]=c2;
+	c2=0;
+	mul_add_c(a[7],b[1],c3,c1,c2);
+	mul_add_c(a[6],b[2],c3,c1,c2);
+	mul_add_c(a[5],b[3],c3,c1,c2);
+	mul_add_c(a[4],b[4],c3,c1,c2);
+	mul_add_c(a[3],b[5],c3,c1,c2);
+	mul_add_c(a[2],b[6],c3,c1,c2);
+	mul_add_c(a[1],b[7],c3,c1,c2);
+	r[8]=c3;
+	c3=0;
+	mul_add_c(a[2],b[7],c1,c2,c3);
+	mul_add_c(a[3],b[6],c1,c2,c3);
+	mul_add_c(a[4],b[5],c1,c2,c3);
+	mul_add_c(a[5],b[4],c1,c2,c3);
+	mul_add_c(a[6],b[3],c1,c2,c3);
+	mul_add_c(a[7],b[2],c1,c2,c3);
+	r[9]=c1;
+	c1=0;
+	mul_add_c(a[7],b[3],c2,c3,c1);
+	mul_add_c(a[6],b[4],c2,c3,c1);
+	mul_add_c(a[5],b[5],c2,c3,c1);
+	mul_add_c(a[4],b[6],c2,c3,c1);
+	mul_add_c(a[3],b[7],c2,c3,c1);
+	r[10]=c2;
+	c2=0;
+	mul_add_c(a[4],b[7],c3,c1,c2);
+	mul_add_c(a[5],b[6],c3,c1,c2);
+	mul_add_c(a[6],b[5],c3,c1,c2);
+	mul_add_c(a[7],b[4],c3,c1,c2);
+	r[11]=c3;
+	c3=0;
+	mul_add_c(a[7],b[5],c1,c2,c3);
+	mul_add_c(a[6],b[6],c1,c2,c3);
+	mul_add_c(a[5],b[7],c1,c2,c3);
+	r[12]=c1;
+	c1=0;
+	mul_add_c(a[6],b[7],c2,c3,c1);
+	mul_add_c(a[7],b[6],c2,c3,c1);
+	r[13]=c2;
+	c2=0;
+	mul_add_c(a[7],b[7],c3,c1,c2);
+	r[14]=c3;
+	r[15]=c1;
+	}
+
+void bn_mul_comba44(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+	{
+#ifdef BN_LLONG
+	BN_ULLONG t;
+#else
+	BN_ULONG bl,bh;
+#endif
+	BN_ULONG t1,t2;
+	BN_ULONG c1,c2,c3;
+
+	c1=0;
+	c2=0;
+	c3=0;
+	mul_add_c(a[0],b[0],c1,c2,c3);
+	r[0]=c1;
+	c1=0;
+	mul_add_c(a[0],b[1],c2,c3,c1);
+	mul_add_c(a[1],b[0],c2,c3,c1);
+	r[1]=c2;
+	c2=0;
+	mul_add_c(a[2],b[0],c3,c1,c2);
+	mul_add_c(a[1],b[1],c3,c1,c2);
+	mul_add_c(a[0],b[2],c3,c1,c2);
+	r[2]=c3;
+	c3=0;
+	mul_add_c(a[0],b[3],c1,c2,c3);
+	mul_add_c(a[1],b[2],c1,c2,c3);
+	mul_add_c(a[2],b[1],c1,c2,c3);
+	mul_add_c(a[3],b[0],c1,c2,c3);
+	r[3]=c1;
+	c1=0;
+	mul_add_c(a[3],b[1],c2,c3,c1);
+	mul_add_c(a[2],b[2],c2,c3,c1);
+	mul_add_c(a[1],b[3],c2,c3,c1);
+	r[4]=c2;
+	c2=0;
+	mul_add_c(a[2],b[3],c3,c1,c2);
+	mul_add_c(a[3],b[2],c3,c1,c2);
+	r[5]=c3;
+	c3=0;
+	mul_add_c(a[3],b[3],c1,c2,c3);
+	r[6]=c1;
+	r[7]=c2;
+	}
+
+void bn_sqr_comba88(BN_ULONG *r, BN_ULONG *a)
+	{
+#ifdef BN_LLONG
+	BN_ULLONG t,tt;
+#else
+	BN_ULONG bl,bh;
+#endif
+	BN_ULONG t1,t2;
+	BN_ULONG c1,c2,c3;
+
+	c1=0;
+	c2=0;
+	c3=0;
+	sqr_add_c(a,0,c1,c2,c3);
+	r[0]=c1;
+	c1=0;
+	sqr_add_c2(a,1,0,c2,c3,c1);
+	r[1]=c2;
+	c2=0;
+	sqr_add_c(a,1,c3,c1,c2);
+	sqr_add_c2(a,2,0,c3,c1,c2);
+	r[2]=c3;
+	c3=0;
+	sqr_add_c2(a,3,0,c1,c2,c3);
+	sqr_add_c2(a,2,1,c1,c2,c3);
+	r[3]=c1;
+	c1=0;
+	sqr_add_c(a,2,c2,c3,c1);
+	sqr_add_c2(a,3,1,c2,c3,c1);
+	sqr_add_c2(a,4,0,c2,c3,c1);
+	r[4]=c2;
+	c2=0;
+	sqr_add_c2(a,5,0,c3,c1,c2);
+	sqr_add_c2(a,4,1,c3,c1,c2);
+	sqr_add_c2(a,3,2,c3,c1,c2);
+	r[5]=c3;
+	c3=0;
+	sqr_add_c(a,3,c1,c2,c3);
+	sqr_add_c2(a,4,2,c1,c2,c3);
+	sqr_add_c2(a,5,1,c1,c2,c3);
+	sqr_add_c2(a,6,0,c1,c2,c3);
+	r[6]=c1;
+	c1=0;
+	sqr_add_c2(a,7,0,c2,c3,c1);
+	sqr_add_c2(a,6,1,c2,c3,c1);
+	sqr_add_c2(a,5,2,c2,c3,c1);
+	sqr_add_c2(a,4,3,c2,c3,c1);
+	r[7]=c2;
+	c2=0;
+	sqr_add_c(a,4,c3,c1,c2);
+	sqr_add_c2(a,5,3,c3,c1,c2);
+	sqr_add_c2(a,6,2,c3,c1,c2);
+	sqr_add_c2(a,7,1,c3,c1,c2);
+	r[8]=c3;
+	c3=0;
+	sqr_add_c2(a,7,2,c1,c2,c3);
+	sqr_add_c2(a,6,3,c1,c2,c3);
+	sqr_add_c2(a,5,4,c1,c2,c3);
+	r[9]=c1;
+	c1=0;
+	sqr_add_c(a,5,c2,c3,c1);
+	sqr_add_c2(a,6,4,c2,c3,c1);
+	sqr_add_c2(a,7,3,c2,c3,c1);
+	r[10]=c2;
+	c2=0;
+	sqr_add_c2(a,7,4,c3,c1,c2);
+	sqr_add_c2(a,6,5,c3,c1,c2);
+	r[11]=c3;
+	c3=0;
+	sqr_add_c(a,6,c1,c2,c3);
+	sqr_add_c2(a,7,5,c1,c2,c3);
+	r[12]=c1;
+	c1=0;
+	sqr_add_c2(a,7,6,c2,c3,c1);
+	r[13]=c2;
+	c2=0;
+	sqr_add_c(a,7,c3,c1,c2);
+	r[14]=c3;
+	r[15]=c1;
+	}
+
+void bn_sqr_comba44(BN_ULONG *r, BN_ULONG *a)
+	{
+#ifdef BN_LLONG
+	BN_ULLONG t,tt;
+#else
+	BN_ULONG bl,bh;
+#endif
+	BN_ULONG t1,t2;
+	BN_ULONG c1,c2,c3;
+
+	c1=0;
+	c2=0;
+	c3=0;
+	sqr_add_c(a,0,c1,c2,c3);
+	r[0]=c1;
+	c1=0;
+	sqr_add_c2(a,1,0,c2,c3,c1);
+	r[1]=c2;
+	c2=0;
+	sqr_add_c(a,1,c3,c1,c2);
+	sqr_add_c2(a,2,0,c3,c1,c2);
+	r[2]=c3;
+	c3=0;
+	sqr_add_c2(a,3,0,c1,c2,c3);
+	sqr_add_c2(a,2,1,c1,c2,c3);
+	r[3]=c1;
+	c1=0;
+	sqr_add_c(a,2,c2,c3,c1);
+	sqr_add_c2(a,3,1,c2,c3,c1);
+	r[4]=c2;
+	c2=0;
+	sqr_add_c2(a,3,2,c3,c1,c2);
+	r[5]=c3;
+	c3=0;
+	sqr_add_c(a,3,c1,c2,c3);
+	r[6]=c1;
+	r[7]=c2;
+	}
diff --git a/lib/libssl/src/crypto/bn/bn_div.c b/lib/libssl/src/crypto/bn/bn_div.c
index 2263bdc7da0..150dd289a58 100644
--- a/lib/libssl/src/crypto/bn/bn_div.c
+++ b/lib/libssl/src/crypto/bn/bn_div.c
@@ -57,21 +57,19 @@
  */
 
 #include <stdio.h>
+#include <openssl/bn.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
 /* The old slow way */
 #if 0
-int BN_div(dv, rem, m, d,ctx)
-BIGNUM *dv;
-BIGNUM *rem;
-BIGNUM *m;
-BIGNUM *d;
-BN_CTX *ctx;
+int BN_div(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BIGNUM *d, BN_CTX *ctx)
 	{
 	int i,nm,nd;
 	BIGNUM *D;
 
+	bn_check_top(m);
+	bn_check_top(d);
 	if (BN_is_zero(d))
 		{
 		BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO);
@@ -86,9 +84,9 @@ BN_CTX *ctx;
 		return(1);
 		}
 
-	D=ctx->bn[ctx->tos];
-	if (dv == NULL) dv=ctx->bn[ctx->tos+1];
-	if (rem == NULL) rem=ctx->bn[ctx->tos+2];
+	D= &(ctx->bn[ctx->tos]);
+	if (dv == NULL) dv= &(ctx->bn[ctx->tos+1]);
+	if (rem == NULL) rem= &(ctx->bn[ctx->tos+2]);
 
 	nd=BN_num_bits(d);
 	nm=BN_num_bits(m);
@@ -98,6 +96,7 @@ BN_CTX *ctx;
 	/* The next 2 are needed so we can do a dv->d[0]|=1 later
 	 * since BN_lshift1 will only work once there is a value :-) */
 	BN_zero(dv);
+	bn_wexpand(dv,1);
 	dv->top=1;
 
 	if (!BN_lshift(D,D,nm-nd)) return(0);
@@ -107,7 +106,7 @@ BN_CTX *ctx;
 		if (BN_ucmp(rem,D) >= 0)
 			{
 			dv->d[0]|=1;
-			bn_qsub(rem,rem,D);
+			if (!BN_usub(rem,rem,D)) return(0);
 			}
 /* CAN IMPROVE (and have now :=) */
 		if (!BN_rshift1(D,D)) return(0);
@@ -119,12 +118,8 @@ BN_CTX *ctx;
 
 #else
 
-int BN_div(dv, rm, num, divisor,ctx)
-BIGNUM *dv;
-BIGNUM *rm;
-BIGNUM *num;
-BIGNUM *divisor;
-BN_CTX *ctx;
+int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
+	   BN_CTX *ctx)
 	{
 	int norm_shift,i,j,loop;
 	BIGNUM *tmp,wnum,*snum,*sdiv,*res;
@@ -132,6 +127,9 @@ BN_CTX *ctx;
 	BN_ULONG d0,d1;
 	int num_n,div_n;
 
+	bn_check_top(num);
+	bn_check_top(divisor);
+
 	if (BN_is_zero(divisor))
 		{
 		BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO);
@@ -146,12 +144,12 @@ BN_CTX *ctx;
 		return(1);
 		}
 
-	tmp=ctx->bn[ctx->tos]; 
+	tmp= &(ctx->bn[ctx->tos]);
 	tmp->neg=0;
-	snum=ctx->bn[ctx->tos+1];
-	sdiv=ctx->bn[ctx->tos+2];
+	snum= &(ctx->bn[ctx->tos+1]);
+	sdiv= &(ctx->bn[ctx->tos+2]);
 	if (dv == NULL)
-		res=ctx->bn[ctx->tos+3];
+		res= &(ctx->bn[ctx->tos+3]);
 	else	res=dv;
 
 	/* First we normalise the numbers */
@@ -168,10 +166,10 @@ BN_CTX *ctx;
 	/* Lets setup a 'window' into snum
 	 * This is the part that corresponds to the current
 	 * 'area' being divided */
+	BN_init(&wnum);
 	wnum.d=	 &(snum->d[loop]);
 	wnum.top= div_n;
-	wnum.max= snum->max; /* a bit of a lie */
-	wnum.neg= 0;
+	wnum.max= snum->max+1; /* a bit of a lie */
 
 	/* Get the top 2 words of sdiv */
 	/* i=sdiv->top; */
@@ -183,8 +181,8 @@ BN_CTX *ctx;
 
 	/* Setup to 'res' */
 	res->neg= (num->neg^divisor->neg);
-	res->top=loop;
 	if (!bn_wexpand(res,(loop+1))) goto err;
+	res->top=loop;
 	resp= &(res->d[loop-1]);
 
 	/* space for temp */
@@ -192,7 +190,7 @@ BN_CTX *ctx;
 
 	if (BN_ucmp(&wnum,sdiv) >= 0)
 		{
-		bn_qsub(&wnum,&wnum,sdiv);
+		if (!BN_usub(&wnum,&wnum,sdiv)) goto err;
 		*resp=1;
 		res->d[res->top-1]=1;
 		}
@@ -202,56 +200,98 @@ BN_CTX *ctx;
 
 	for (i=0; i<loop-1; i++)
 		{
-		BN_ULONG q,n0,n1;
-		BN_ULONG l0;
+		BN_ULONG q,l0;
+#ifdef BN_DIV3W
+		q=bn_div_3_words(wnump,d0,d1);
+#else
+
+#if !defined(NO_ASM) && !defined(PEDANTIC)
+# if defined(__GNUC__) && __GNUC__>=2
+#  if defined(__i386)
+   /*
+    * There were two reasons for implementing this template:
+    * - GNU C generates a call to a function (__udivdi3 to be exact)
+    *   in reply to ((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0 (I fail to
+    *   understand why...);
+    * - divl doesn't only calculate quotient, but also leaves
+    *   remainder in %edx which we can definitely use here:-)
+    *
+    *					<appro@fy.chalmers.se>
+    */
+#  define bn_div_words(n0,n1,d0)		\
+	({  asm volatile (			\
+		"divl	%4"			\
+		: "=a"(q), "=d"(rem)		\
+		: "a"(n1), "d"(n0), "g"(d0)	\
+		: "cc");			\
+	    q;					\
+	})
+#  define REMINDER_IS_ALREADY_CALCULATED
+#  endif /* __<cpu> */
+# endif /* __GNUC__ */
+#endif /* NO_ASM */
+		BN_ULONG n0,n1,rem=0;
 
-		wnum.d--; wnum.top++;
 		n0=wnump[0];
 		n1=wnump[-1];
 		if (n0 == d0)
 			q=BN_MASK2;
 		else
-			q=bn_div64(n0,n1,d0);
+#if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words)
+			q=((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0;
+#else
+			q=bn_div_words(n0,n1,d0);
+#endif
 		{
 #ifdef BN_LLONG
-		BN_ULLONG t1,t2,rem;
-		t1=((BN_ULLONG)n0<<BN_BITS2)|n1;
+		BN_ULLONG t2;
+
+#ifndef REMINDER_IS_ALREADY_CALCULATED
+		/*
+		 * rem doesn't have to be BN_ULLONG. The least we
+		 * know it's less that d0, isn't it?
+		 */
+		rem=(n1-q*d0)&BN_MASK2;
+#endif
+		t2=(BN_ULLONG)d1*q;
+
 		for (;;)
 			{
-			t2=(BN_ULLONG)d1*q;
-			rem=t1-(BN_ULLONG)q*d0;
-			if ((rem>>BN_BITS2) ||
-				(t2 <= ((BN_ULLONG)(rem<<BN_BITS2)+wnump[-2])))
+                        if (t2 <= ((((BN_ULLONG)rem)<<BN_BITS2)|wnump[-2]))
 				break;
 			q--;
+			rem += d0;
+			if (rem < d0) break; /* don't let rem overflow */
+			t2 -= d1;
 			}
 #else
-		BN_ULONG t1l,t1h,t2l,t2h,t3l,t3h,ql,qh,t3t;
-		t1h=n0;
-		t1l=n1;
+		BN_ULONG t2l,t2h,ql,qh;
+
+#ifndef REMINDER_IS_ALREADY_CALCULATED
+		/*
+		 * It's more than enough with the only multiplication.
+		 * See the comment above in BN_LLONG section...
+		 */
+		rem=(n1-q*d0)&BN_MASK2;
+#endif
+		t2l=LBITS(d1); t2h=HBITS(d1);
+		ql =LBITS(q);  qh =HBITS(q);
+		mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */
+
 		for (;;)
 			{
-			t2l=LBITS(d1); t2h=HBITS(d1);
-			ql =LBITS(q);  qh =HBITS(q);
-			mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */
-
-			t3t=LBITS(d0); t3h=HBITS(d0);
-			mul64(t3t,t3h,ql,qh); /* t3=t1-(BN_ULLONG)q*d0; */
-			t3l=(t1l-t3t)&BN_MASK2;
-			if (t3l > t1l) t3h++;
-			t3h=(t1h-t3h)&BN_MASK2;
-
-			/*if ((t3>>BN_BITS2) ||
-				(t2 <= ((t3<<BN_BITS2)+wnump[-2])))
-				break; */
-			if (t3h) break;
-			if (t2h < t3l) break;
-			if ((t2h == t3l) && (t2l <= wnump[-2])) break;
-
+			if ((t2h < rem) ||
+				((t2h == rem) && (t2l <= wnump[-2])))
+				break;
 			q--;
+			rem += d0;
+			if (rem < d0) break; /* don't let rem overflow */
+			if (t2l < d1) t2h--; t2l -= d1;
 			}
 #endif
 		}
+#endif /* !BN_DIV3W */
+		wnum.d--; wnum.top++;
 		l0=bn_mul_words(tmp->d,sdiv->d,div_n,q);
 		tmp->d[div_n]=l0;
 		for (j=div_n+1; j>0; j--)
@@ -284,3 +324,35 @@ err:
 	}
 
 #endif
+
+/* rem != m */
+int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
+	{
+#if 0 /* The old slow way */
+	int i,nm,nd;
+	BIGNUM *dv;
+
+	if (BN_ucmp(m,d) < 0)
+		return((BN_copy(rem,m) == NULL)?0:1);
+
+	dv= &(ctx->bn[ctx->tos]);
+
+	if (!BN_copy(rem,m)) return(0);
+
+	nm=BN_num_bits(rem);
+	nd=BN_num_bits(d);
+	if (!BN_lshift(dv,d,nm-nd)) return(0);
+	for (i=nm-nd; i>=0; i--)
+		{
+		if (BN_cmp(rem,dv) >= 0)
+			{
+			if (!BN_sub(rem,rem,dv)) return(0);
+			}
+		if (!BN_rshift1(dv,dv)) return(0);
+		}
+	return(1);
+#else
+	return(BN_div(NULL,rem,m,d,ctx));
+#endif
+	}
+
diff --git a/lib/libssl/src/crypto/bn/bn_err.c b/lib/libssl/src/crypto/bn/bn_err.c
index 029ae810d53..73e80774e57 100644
--- a/lib/libssl/src/crypto/bn/bn_err.c
+++ b/lib/libssl/src/crypto/bn/bn_err.c
@@ -1,63 +1,65 @@
-/* lib/bn/bn_err.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* crypto/bn/bn_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
+ */
+
 #include <stdio.h>
-#include "err.h"
-#include "bn.h"
+#include <openssl/err.h>
+#include <openssl/bn.h>
 
 /* BEGIN ERROR CODES */
 #ifndef NO_ERR
@@ -78,29 +80,32 @@ static ERR_STRING_DATA BN_str_functs[]=
 {ERR_PACK(0,BN_F_BN_MPI2BN,0),	"BN_mpi2bn"},
 {ERR_PACK(0,BN_F_BN_NEW,0),	"BN_new"},
 {ERR_PACK(0,BN_F_BN_RAND,0),	"BN_rand"},
-{0,NULL},
+{ERR_PACK(0,BN_F_BN_USUB,0),	"BN_usub"},
+{0,NULL}
 	};
 
 static ERR_STRING_DATA BN_str_reasons[]=
 	{
+{BN_R_ARG2_LT_ARG3                       ,"arg2 lt arg3"},
 {BN_R_BAD_RECIPROCAL                     ,"bad reciprocal"},
 {BN_R_CALLED_WITH_EVEN_MODULUS           ,"called with even modulus"},
 {BN_R_DIV_BY_ZERO                        ,"div by zero"},
 {BN_R_ENCODING_ERROR                     ,"encoding error"},
+{BN_R_EXPAND_ON_STATIC_BIGNUM_DATA       ,"expand on static bignum data"},
 {BN_R_INVALID_LENGTH                     ,"invalid length"},
-{BN_R_NOT_INITALISED                     ,"not initalised"},
+{BN_R_NOT_INITIALIZED                    ,"not initialized"},
 {BN_R_NO_INVERSE                         ,"no inverse"},
-{0,NULL},
+{0,NULL}
 	};
 
 #endif
 
-void ERR_load_BN_strings()
+void ERR_load_BN_strings(void)
 	{
 	static int init=1;
 
-	if (init);
-		{;
+	if (init)
+		{
 		init=0;
 #ifndef NO_ERR
 		ERR_load_strings(ERR_LIB_BN,BN_str_functs);
diff --git a/lib/libssl/src/crypto/bn/bn_exp.c b/lib/libssl/src/crypto/bn/bn_exp.c
index c056a5083f8..2df1614ada1 100644
--- a/lib/libssl/src/crypto/bn/bn_exp.c
+++ b/lib/libssl/src/crypto/bn/bn_exp.c
@@ -60,22 +60,23 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
+#define TABLE_SIZE	16
+
 /* slow but works */
-int BN_mod_mul(ret, a, b, m, ctx)
-BIGNUM *ret;
-BIGNUM *a;
-BIGNUM *b;
-BIGNUM *m;
-BN_CTX *ctx;
+int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
 	{
 	BIGNUM *t;
 	int r=0;
 
-	t=ctx->bn[ctx->tos++];
+	bn_check_top(a);
+	bn_check_top(b);
+	bn_check_top(m);
+
+	t= &(ctx->bn[ctx->tos++]);
 	if (a == b)
 		{ if (!BN_sqr(t,a,ctx)) goto err; }
 	else
-		{ if (!BN_mul(t,a,b)) goto err; }
+		{ if (!BN_mul(t,a,b,ctx)) goto err; }
 	if (!BN_mod(ret,t,m,ctx)) goto err;
 	r=1;
 err:
@@ -85,22 +86,20 @@ err:
 
 #if 0
 /* this one works - simple but works */
-int BN_mod_exp(r,a,p,m,ctx)
-BIGNUM *r,*a,*p,*m;
-BN_CTX *ctx;
+int BN_mod_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m, BN_CTX *ctx)
 	{
 	int i,bits,ret=0;
 	BIGNUM *v,*tmp;
 
-	v=ctx->bn[ctx->tos++];
-	tmp=ctx->bn[ctx->tos++];
+	v= &(ctx->bn[ctx->tos++]);
+	tmp= &(ctx->bn[ctx->tos++]);
 
 	if (BN_copy(v,a) == NULL) goto err;
 	bits=BN_num_bits(p);
 
 	if (BN_is_odd(p))
 		{ if (BN_copy(r,a) == NULL) goto err; }
-	else	{ if (BN_one(r)) goto err; }
+	else	{ if (!BN_one(r)) goto err; }
 
 	for (i=1; i<bits; i++)
 		{
@@ -108,7 +107,7 @@ BN_CTX *ctx;
 		if (!BN_mod(v,tmp,m,ctx)) goto err;
 		if (BN_is_bit_set(p,i))
 			{
-			if (!BN_mul(tmp,r,v)) goto err;
+			if (!BN_mul(tmp,r,v,ctx)) goto err;
 			if (!BN_mod(r,tmp,m,ctx)) goto err;
 			}
 		}
@@ -121,46 +120,49 @@ err:
 #endif
 
 /* this one works - simple but works */
-int BN_exp(r,a,p,ctx)
-BIGNUM *r,*a,*p;
-BN_CTX *ctx;
+int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx)
 	{
-	int i,bits,ret=0;
-	BIGNUM *v,*tmp;
+	int i,bits,ret=0,tos;
+	BIGNUM *v,*rr;
 
-	v=ctx->bn[ctx->tos++];
-	tmp=ctx->bn[ctx->tos++];
+	tos=ctx->tos;
+	v= &(ctx->bn[ctx->tos++]);
+	if ((r == a) || (r == p))
+		rr= &(ctx->bn[ctx->tos++]);
+	else
+		rr=r;
 
 	if (BN_copy(v,a) == NULL) goto err;
 	bits=BN_num_bits(p);
 
 	if (BN_is_odd(p))
-		{ if (BN_copy(r,a) == NULL) goto err; }
-	else	{ if (BN_one(r)) goto err; }
+		{ if (BN_copy(rr,a) == NULL) goto err; }
+	else	{ if (!BN_one(rr)) goto err; }
 
 	for (i=1; i<bits; i++)
 		{
-		if (!BN_sqr(tmp,v,ctx)) goto err;
+		if (!BN_sqr(v,v,ctx)) goto err;
 		if (BN_is_bit_set(p,i))
 			{
-			if (!BN_mul(tmp,r,v)) goto err;
+			if (!BN_mul(rr,rr,v,ctx)) goto err;
 			}
 		}
 	ret=1;
 err:
-	ctx->tos-=2;
+	ctx->tos=tos;
+	if (r != rr) BN_copy(r,rr);
 	return(ret);
 	}
 
-int BN_mod_exp(r,a,p,m,ctx)
-BIGNUM *r;
-BIGNUM *a;
-BIGNUM *p;
-BIGNUM *m;
-BN_CTX *ctx;
+int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
+	       BN_CTX *ctx)
 	{
 	int ret;
 
+	bn_check_top(a);
+	bn_check_top(p);
+	bn_check_top(m);
+
 #ifdef MONT_MUL_MOD
 	/* I have finally been able to take out this pre-condition of
 	 * the top bit being set.  It was caused by an error in BN_div
@@ -182,20 +184,16 @@ BN_CTX *ctx;
 	}
 
 /* #ifdef RECP_MUL_MOD */
-int BN_mod_exp_recp(r,a,p,m,ctx)
-BIGNUM *r;
-BIGNUM *a;
-BIGNUM *p;
-BIGNUM *m;
-BN_CTX *ctx;
+int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		    const BIGNUM *m, BN_CTX *ctx)
 	{
-	int nb,i,j,bits,ret=0,wstart,wend,window,wvalue;
-	int start=1;
-	BIGNUM *d,*aa;
-	BIGNUM *val[16];
+	int i,j,bits,ret=0,wstart,wend,window,wvalue;
+	int start=1,ts=0;
+	BIGNUM *aa;
+	BIGNUM val[TABLE_SIZE];
+	BN_RECP_CTX recp;
 
-	d=ctx->bn[ctx->tos++];
-	aa=ctx->bn[ctx->tos++];
+	aa= &(ctx->bn[ctx->tos++]);
 	bits=BN_num_bits(p);
 
 	if (bits == 0)
@@ -203,12 +201,14 @@ BN_CTX *ctx;
 		BN_one(r);
 		return(1);
 		}
-	nb=BN_reciprocal(d,m,ctx);
-	if (nb == -1) goto err;
+	BN_RECP_CTX_init(&recp);
+	if (BN_RECP_CTX_set(&recp,m,ctx) <= 0) goto err;
 
-	val[0]=BN_new();
-	if (!BN_mod(val[0],a,m,ctx)) goto err;		/* 1 */
-	if (!BN_mod_mul_reciprocal(aa,val[0],val[0],m,d,nb,ctx))
+	BN_init(&(val[0]));
+	ts=1;
+
+	if (!BN_mod(&(val[0]),a,m,ctx)) goto err;		/* 1 */
+	if (!BN_mod_mul_reciprocal(aa,&(val[0]),&(val[0]),&recp,ctx))
 		goto err;				/* 2 */
 
 	if (bits <= 17) /* This is probably 3 or 0x10001, so just do singles */
@@ -223,12 +223,11 @@ BN_CTX *ctx;
 	j=1<<(window-1);
 	for (i=1; i<j; i++)
 		{
-		val[i]=BN_new();
-		if (!BN_mod_mul_reciprocal(val[i],val[i-1],aa,m,d,nb,ctx))
+		BN_init(&val[i]);
+		if (!BN_mod_mul_reciprocal(&(val[i]),&(val[i-1]),aa,&recp,ctx))
 			goto err;
 		}
-	for (; i<16; i++)
-		val[i]=NULL;
+	ts=i;
 
 	start=1;	/* This is used to avoid multiplication etc
 			 * when there is only the value '1' in the
@@ -244,7 +243,7 @@ BN_CTX *ctx;
 		if (BN_is_bit_set(p,wstart) == 0)
 			{
 			if (!start)
-				if (!BN_mod_mul_reciprocal(r,r,r,m,d,nb,ctx))
+				if (!BN_mod_mul_reciprocal(r,r,r,&recp,ctx))
 				goto err;
 			if (wstart == 0) break;
 			wstart--;
@@ -274,12 +273,12 @@ BN_CTX *ctx;
 		if (!start)
 			for (i=0; i<j; i++)
 				{
-				if (!BN_mod_mul_reciprocal(r,r,r,m,d,nb,ctx))
+				if (!BN_mod_mul_reciprocal(r,r,r,&recp,ctx))
 					goto err;
 				}
 		
 		/* wvalue will be an odd number < 2^window */
-		if (!BN_mod_mul_reciprocal(r,r,val[wvalue>>1],m,d,nb,ctx))
+		if (!BN_mod_mul_reciprocal(r,r,&(val[wvalue>>1]),&recp,ctx))
 			goto err;
 
 		/* move the 'window' down further */
@@ -290,35 +289,36 @@ BN_CTX *ctx;
 		}
 	ret=1;
 err:
-	ctx->tos-=2;
-	for (i=0; i<16; i++)
-		if (val[i] != NULL) BN_clear_free(val[i]);
+	ctx->tos--;
+	for (i=0; i<ts; i++)
+		BN_clear_free(&(val[i]));
+	BN_RECP_CTX_free(&recp);
 	return(ret);
 	}
 /* #endif */
 
 /* #ifdef MONT_MUL_MOD */
-int BN_mod_exp_mont(r,a,p,m,ctx,in_mont)
-BIGNUM *r;
-BIGNUM *a;
-BIGNUM *p;
-BIGNUM *m;
-BN_CTX *ctx;
-BN_MONT_CTX *in_mont;
+int BN_mod_exp_mont(BIGNUM *rr, BIGNUM *a, const BIGNUM *p,
+		    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
 	{
-#define TABLE_SIZE	16
 	int i,j,bits,ret=0,wstart,wend,window,wvalue;
-	int start=1;
-	BIGNUM *d,*aa;
-	BIGNUM *val[TABLE_SIZE];
+	int start=1,ts=0;
+	BIGNUM *d,*r;
+	BIGNUM *aa;
+	BIGNUM val[TABLE_SIZE];
 	BN_MONT_CTX *mont=NULL;
 
+	bn_check_top(a);
+	bn_check_top(p);
+	bn_check_top(m);
+
 	if (!(m->d[0] & 1))
 		{
 		BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
 		return(0);
 		}
-	d=ctx->bn[ctx->tos++];
+	d= &(ctx->bn[ctx->tos++]);
+	r= &(ctx->bn[ctx->tos++]);
 	bits=BN_num_bits(p);
 	if (bits == 0)
 		{
@@ -339,22 +339,23 @@ BN_MONT_CTX *in_mont;
 		if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
 		}
 
-	val[0]=BN_new();
+	BN_init(&val[0]);
+	ts=1;
 	if (BN_ucmp(a,m) >= 0)
 		{
-		BN_mod(val[0],a,m,ctx);
-		aa=val[0];
+		BN_mod(&(val[0]),a,m,ctx);
+		aa= &(val[0]);
 		}
 	else
 		aa=a;
-	if (!BN_to_montgomery(val[0],aa,mont,ctx)) goto err; /* 1 */
-	if (!BN_mod_mul_montgomery(d,val[0],val[0],mont,ctx)) goto err; /* 2 */
+	if (!BN_to_montgomery(&(val[0]),aa,mont,ctx)) goto err; /* 1 */
+	if (!BN_mod_mul_montgomery(d,&(val[0]),&(val[0]),mont,ctx)) goto err; /* 2 */
 
 	if (bits <= 20) /* This is probably 3 or 0x10001, so just do singles */
 		window=1;
-	else if (bits > 250)
+	else if (bits >= 256)
 		window=5;	/* max size of window */
-	else if (bits >= 120)
+	else if (bits >= 128)
 		window=4;
 	else
 		window=3;
@@ -362,12 +363,11 @@ BN_MONT_CTX *in_mont;
 	j=1<<(window-1);
 	for (i=1; i<j; i++)
 		{
-		val[i]=BN_new();
-		if (!BN_mod_mul_montgomery(val[i],val[i-1],d,mont,ctx))
+		BN_init(&(val[i]));
+		if (!BN_mod_mul_montgomery(&(val[i]),&(val[i-1]),d,mont,ctx))
 			goto err;
 		}
-	for (; i<TABLE_SIZE; i++)
-		val[i]=NULL;
+	ts=i;
 
 	start=1;	/* This is used to avoid multiplication etc
 			 * when there is only the value '1' in the
@@ -419,7 +419,7 @@ BN_MONT_CTX *in_mont;
 				}
 		
 		/* wvalue will be an odd number < 2^window */
-		if (!BN_mod_mul_montgomery(r,r,val[wvalue>>1],mont,ctx))
+		if (!BN_mod_mul_montgomery(r,r,&(val[wvalue>>1]),mont,ctx))
 			goto err;
 
 		/* move the 'window' down further */
@@ -428,31 +428,27 @@ BN_MONT_CTX *in_mont;
 		start=0;
 		if (wstart < 0) break;
 		}
-	BN_from_montgomery(r,r,mont,ctx);
+	BN_from_montgomery(rr,r,mont,ctx);
 	ret=1;
 err:
 	if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
-	ctx->tos--;
-	for (i=0; i<TABLE_SIZE; i++)
-		if (val[i] != NULL) BN_clear_free(val[i]);
+	ctx->tos-=2;
+	for (i=0; i<ts; i++)
+		BN_clear_free(&(val[i]));
 	return(ret);
 	}
 /* #endif */
 
 /* The old fallback, simple version :-) */
-int BN_mod_exp_simple(r,a,p,m,ctx)
-BIGNUM *r;
-BIGNUM *a;
-BIGNUM *p;
-BIGNUM *m;
-BN_CTX *ctx;
+int BN_mod_exp_simple(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,
+	     BN_CTX *ctx)
 	{
-	int i,j,bits,ret=0,wstart,wend,window,wvalue;
+	int i,j,bits,ret=0,wstart,wend,window,wvalue,ts=0;
 	int start=1;
 	BIGNUM *d;
-	BIGNUM *val[16];
+	BIGNUM val[TABLE_SIZE];
 
-	d=ctx->bn[ctx->tos++];
+	d= &(ctx->bn[ctx->tos++]);
 	bits=BN_num_bits(p);
 
 	if (bits == 0)
@@ -461,9 +457,10 @@ BN_CTX *ctx;
 		return(1);
 		}
 
-	val[0]=BN_new();
-	if (!BN_mod(val[0],a,m,ctx)) goto err;		/* 1 */
-	if (!BN_mod_mul(d,val[0],val[0],m,ctx))
+	BN_init(&(val[0]));
+	ts=1;
+	if (!BN_mod(&(val[0]),a,m,ctx)) goto err;		/* 1 */
+	if (!BN_mod_mul(d,&(val[0]),&(val[0]),m,ctx))
 		goto err;				/* 2 */
 
 	if (bits <= 17) /* This is probably 3 or 0x10001, so just do singles */
@@ -478,12 +475,11 @@ BN_CTX *ctx;
 	j=1<<(window-1);
 	for (i=1; i<j; i++)
 		{
-		val[i]=BN_new();
-		if (!BN_mod_mul(val[i],val[i-1],d,m,ctx))
+		BN_init(&(val[i]));
+		if (!BN_mod_mul(&(val[i]),&(val[i-1]),d,m,ctx))
 			goto err;
 		}
-	for (; i<16; i++)
-		val[i]=NULL;
+	ts=i;
 
 	start=1;	/* This is used to avoid multiplication etc
 			 * when there is only the value '1' in the
@@ -534,7 +530,7 @@ BN_CTX *ctx;
 				}
 		
 		/* wvalue will be an odd number < 2^window */
-		if (!BN_mod_mul(r,r,val[wvalue>>1],m,ctx))
+		if (!BN_mod_mul(r,r,&(val[wvalue>>1]),m,ctx))
 			goto err;
 
 		/* move the 'window' down further */
@@ -546,8 +542,8 @@ BN_CTX *ctx;
 	ret=1;
 err:
 	ctx->tos--;
-	for (i=0; i<16; i++)
-		if (val[i] != NULL) BN_clear_free(val[i]);
+	for (i=0; i<ts; i++)
+		BN_clear_free(&(val[i]));
 	return(ret);
 	}
 
diff --git a/lib/libssl/src/crypto/bn/bn_exp2.c b/lib/libssl/src/crypto/bn/bn_exp2.c
new file mode 100644
index 00000000000..1132d533651
--- /dev/null
+++ b/lib/libssl/src/crypto/bn/bn_exp2.c
@@ -0,0 +1,195 @@
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+/* I've done some timing with different table sizes.
+ * The main hassle is that even with bits set at 3, this requires
+ * 63 BIGNUMs to store the pre-calculated values.
+ *          512   1024 
+ * bits=1  75.4%  79.4%
+ * bits=2  61.2%  62.4%
+ * bits=3  61.3%  59.3%
+ * The lack of speed improvment is also a function of the pre-calculation
+ * which could be removed.
+ */
+#define EXP2_TABLE_BITS	2 /* 1  2  3  4  5  */
+#define EXP2_TABLE_SIZE	4 /* 2  4  8 16 32  */
+
+int BN_mod_exp2_mont(BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2,
+	     BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+	{
+	int i,j,k,bits,bits1,bits2,ret=0,wstart,wend,window,xvalue,yvalue;
+	int start=1,ts=0,x,y;
+	BIGNUM *d,*aa1,*aa2,*r;
+	BIGNUM val[EXP2_TABLE_SIZE][EXP2_TABLE_SIZE];
+	BN_MONT_CTX *mont=NULL;
+
+	bn_check_top(a1);
+	bn_check_top(p1);
+	bn_check_top(a2);
+	bn_check_top(p2);
+	bn_check_top(m);
+
+	if (!(m->d[0] & 1))
+		{
+		BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
+		return(0);
+		}
+	d= &(ctx->bn[ctx->tos++]);
+	r= &(ctx->bn[ctx->tos++]);
+	bits1=BN_num_bits(p1);
+	bits2=BN_num_bits(p2);
+	if ((bits1 == 0) && (bits2 == 0))
+		{
+		BN_one(r);
+		return(1);
+		}
+	bits=(bits1 > bits2)?bits1:bits2;
+
+	/* If this is not done, things will break in the montgomery
+	 * part */
+
+	if (in_mont != NULL)
+		mont=in_mont;
+	else
+		{
+		if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
+		if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
+		}
+
+	BN_init(&(val[0][0]));
+	BN_init(&(val[1][1]));
+	BN_init(&(val[0][1]));
+	BN_init(&(val[1][0]));
+	ts=1;
+	if (BN_ucmp(a1,m) >= 0)
+		{
+		BN_mod(&(val[1][0]),a1,m,ctx);
+		aa1= &(val[1][0]);
+		}
+	else
+		aa1=a1;
+	if (BN_ucmp(a2,m) >= 0)
+		{
+		BN_mod(&(val[0][1]),a2,m,ctx);
+		aa2= &(val[0][1]);
+		}
+	else
+		aa2=a2;
+	if (!BN_to_montgomery(&(val[1][0]),aa1,mont,ctx)) goto err;
+	if (!BN_to_montgomery(&(val[0][1]),aa2,mont,ctx)) goto err;
+	if (!BN_mod_mul_montgomery(&(val[1][1]),
+		&(val[1][0]),&(val[0][1]),mont,ctx))
+		goto err;
+
+#if 0
+	if (bits <= 20) /* This is probably 3 or 0x10001, so just do singles */
+		window=1;
+	else if (bits > 250)
+		window=5;	/* max size of window */
+	else if (bits >= 120)
+		window=4;
+	else
+		window=3;
+#else
+	window=EXP2_TABLE_BITS;
+#endif
+
+	k=1<<window;
+	for (x=0; x<k; x++)
+		{
+		if (x >= 2)
+			{
+			BN_init(&(val[x][0]));
+			BN_init(&(val[x][1]));
+			if (!BN_mod_mul_montgomery(&(val[x][0]),
+				&(val[1][0]),&(val[x-1][0]),mont,ctx)) goto err;
+			if (!BN_mod_mul_montgomery(&(val[x][1]),
+				&(val[1][0]),&(val[x-1][1]),mont,ctx)) goto err;
+			}
+		for (y=2; y<k; y++)
+			{
+			BN_init(&(val[x][y]));
+			if (!BN_mod_mul_montgomery(&(val[x][y]),
+				&(val[x][y-1]),&(val[0][1]),mont,ctx))
+				goto err;
+			}
+		}
+	ts=k;
+
+	start=1;	/* This is used to avoid multiplication etc
+			 * when there is only the value '1' in the
+			 * buffer. */
+	xvalue=0;	/* The 'x value' of the window */
+	yvalue=0;	/* The 'y value' of the window */
+	wstart=bits-1;	/* The top bit of the window */
+	wend=0;		/* The bottom bit of the window */
+
+        if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
+	for (;;)
+		{
+		xvalue=BN_is_bit_set(p1,wstart);
+		yvalue=BN_is_bit_set(p2,wstart);
+		if (!(xvalue || yvalue))
+			{
+			if (!start)
+				{
+				if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
+					goto err;
+				}
+			wstart--;
+			if (wstart < 0) break;
+			continue;
+			}
+		/* We now have wstart on a 'set' bit, we now need to work out
+		 * how bit a window to do.  To do this we need to scan
+		 * forward until the last set bit before the end of the
+		 * window */
+		j=wstart;
+		/* xvalue=BN_is_bit_set(p1,wstart); already set */
+		/* yvalue=BN_is_bit_set(p1,wstart); already set */
+		wend=0;
+		for (i=1; i<window; i++)
+			{
+			if (wstart-i < 0) break;
+			xvalue+=xvalue;
+			xvalue|=BN_is_bit_set(p1,wstart-i);
+			yvalue+=yvalue;
+			yvalue|=BN_is_bit_set(p2,wstart-i);
+			}
+
+		/* i is the size of the current window */
+		/* add the 'bytes above' */
+		if (!start)
+			for (j=0; j<i; j++)
+				{
+				if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
+					goto err;
+				}
+		
+		/* wvalue will be an odd number < 2^window */
+		if (xvalue || yvalue)
+			{
+			if (!BN_mod_mul_montgomery(r,r,&(val[xvalue][yvalue]),
+				mont,ctx)) goto err;
+			}
+
+		/* move the 'window' down further */
+		wstart-=i;
+		start=0;
+		if (wstart < 0) break;
+		}
+	BN_from_montgomery(rr,r,mont,ctx);
+	ret=1;
+err:
+	if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
+	ctx->tos-=2;
+	for (i=0; i<ts; i++)
+		{
+		for (j=0; j<ts; j++)
+			{
+			BN_clear_free(&(val[i][j]));
+			}
+		}
+	return(ret);
+	}
diff --git a/lib/libssl/src/crypto/bn/bn_gcd.c b/lib/libssl/src/crypto/bn/bn_gcd.c
index 071bba3b4b3..64a76f44989 100644
--- a/lib/libssl/src/crypto/bn/bn_gcd.c
+++ b/lib/libssl/src/crypto/bn/bn_gcd.c
@@ -60,21 +60,17 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-#ifndef NOPROTO
 static BIGNUM *euclid(BIGNUM *a, BIGNUM *b);
-#else
-static BIGNUM *euclid();
-#endif
-
-int BN_gcd(r,in_a,in_b,ctx)
-BIGNUM *r,*in_a,*in_b;
-BN_CTX *ctx;
+int BN_gcd(BIGNUM *r, BIGNUM *in_a, BIGNUM *in_b, BN_CTX *ctx)
 	{
 	BIGNUM *a,*b,*t;
 	int ret=0;
 
-	a=ctx->bn[ctx->tos];
-	b=ctx->bn[ctx->tos+1];
+	bn_check_top(in_a);
+	bn_check_top(in_b);
+
+	a= &(ctx->bn[ctx->tos]);
+	b= &(ctx->bn[ctx->tos+1]);
 
 	if (BN_copy(a,in_a) == NULL) goto err;
 	if (BN_copy(b,in_b) == NULL) goto err;
@@ -89,12 +85,14 @@ err:
 	return(ret);
 	}
 
-static BIGNUM *euclid(a,b)
-BIGNUM *a,*b;
+static BIGNUM *euclid(BIGNUM *a, BIGNUM *b)
 	{
 	BIGNUM *t;
 	int shifts=0;
 
+	bn_check_top(a);
+	bn_check_top(b);
+
 	for (;;)
 		{
 		if (BN_is_zero(b))
@@ -142,23 +140,26 @@ err:
 	}
 
 /* solves ax == 1 (mod n) */
-BIGNUM *BN_mod_inverse(a, n, ctx)
-BIGNUM *a;
-BIGNUM *n;
-BN_CTX *ctx;
+BIGNUM *BN_mod_inverse(BIGNUM *in, BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
 	{
 	BIGNUM *A,*B,*X,*Y,*M,*D,*R;
-	BIGNUM *ret=NULL,*T;
+	BIGNUM *T,*ret=NULL;
 	int sign;
 
-	A=ctx->bn[ctx->tos];
-	B=ctx->bn[ctx->tos+1];
-	X=ctx->bn[ctx->tos+2];
-	D=ctx->bn[ctx->tos+3];
-	M=ctx->bn[ctx->tos+4];
-	Y=ctx->bn[ctx->tos+5];
+	bn_check_top(a);
+	bn_check_top(n);
+
+	A= &(ctx->bn[ctx->tos]);
+	B= &(ctx->bn[ctx->tos+1]);
+	X= &(ctx->bn[ctx->tos+2]);
+	D= &(ctx->bn[ctx->tos+3]);
+	M= &(ctx->bn[ctx->tos+4]);
+	Y= &(ctx->bn[ctx->tos+5]);
 	ctx->tos+=6;
-	R=BN_new();
+	if (in == NULL)
+		R=BN_new();
+	else
+		R=in;
 	if (R == NULL) goto err;
 
 	BN_zero(X);
@@ -175,7 +176,7 @@ BN_CTX *ctx;
 		B=M;
 		/* T has a struct, M does not */
 
-		if (!BN_mul(T,D,X)) goto err;
+		if (!BN_mul(T,D,X,ctx)) goto err;
 		if (!BN_add(T,T,Y)) goto err;
 		M=Y;
 		Y=X;
@@ -196,7 +197,7 @@ BN_CTX *ctx;
 		}
 	ret=R;
 err:
-	if ((ret == NULL) && (R != NULL)) BN_free(R);
+	if ((ret == NULL) && (in == NULL)) BN_free(R);
 	ctx->tos-=6;
 	return(ret);
 	}
diff --git a/lib/libssl/src/crypto/bn/bn_lcl.h b/lib/libssl/src/crypto/bn/bn_lcl.h
index edfd7883383..85a372695b9 100644
--- a/lib/libssl/src/crypto/bn/bn_lcl.h
+++ b/lib/libssl/src/crypto/bn/bn_lcl.h
@@ -59,23 +59,79 @@
 #ifndef HEADER_BN_LCL_H
 #define HEADER_BN_LCL_H
 
-#include "bn.h"
+#include <openssl/bn.h>
 
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
+/* Pentium pro 16,16,16,32,64 */
+/* Alpha       16,16,16,16.64 */
+#define BN_MULL_SIZE_NORMAL			(16) /* 32 */
+#define BN_MUL_RECURSIVE_SIZE_NORMAL		(16) /* 32 less than */
+#define BN_SQR_RECURSIVE_SIZE_NORMAL		(16) /* 32 */
+#define BN_MUL_LOW_RECURSIVE_SIZE_NORMAL	(32) /* 32 */
+#define BN_MONT_CTX_SET_SIZE_WORD		(64) /* 32 */
+
+#if 0
+#ifndef BN_MUL_COMBA
+/* #define bn_mul_comba8(r,a,b)	bn_mul_normal(r,a,8,b,8) */
+/* #define bn_mul_comba4(r,a,b)	bn_mul_normal(r,a,4,b,4) */
+#endif
+
+#ifndef BN_SQR_COMBA
+/* This is probably faster than using the C code - I need to check */
+#define bn_sqr_comba8(r,a)	bn_mul_normal(r,a,8,a,8)
+#define bn_sqr_comba4(r,a)	bn_mul_normal(r,a,4,a,4)
+#endif
+#endif
+
 /*************************************************************
  * Using the long long type
  */
 #define Lw(t)    (((BN_ULONG)(t))&BN_MASK2)
 #define Hw(t)    (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2)
 
-#define bn_fix_top(a) \
-        { \
-        BN_ULONG *fix_top_l; \
-        for (fix_top_l= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \
-		if (*(fix_top_l--)) break; \
+/* These are used for internal error checking and are not normally used */
+#ifdef BN_DEBUG
+#define bn_check_top(a) \
+	{ if (((a)->top < 0) || ((a)->top > (a)->max)) \
+		{ char *nullp=NULL; *nullp='z'; } }
+#define bn_check_num(a) if ((a) < 0) { char *nullp=NULL; *nullp='z'; }
+#else
+#define bn_check_top(a)
+#define bn_check_num(a)
+#endif
+
+/* This macro is to add extra stuff for development checking */
+#ifdef BN_DEBUG
+#define	bn_set_max(r) ((r)->max=(r)->top,BN_set_flags((r),BN_FLG_STATIC_DATA))
+#else
+#define	bn_set_max(r)
+#endif
+
+/* These macros are used to 'take' a section of a bignum for read only use */
+#define bn_set_low(r,a,n) \
+	{ \
+	(r)->top=((a)->top > (n))?(n):(a)->top; \
+	(r)->d=(a)->d; \
+	(r)->neg=(a)->neg; \
+	(r)->flags|=BN_FLG_STATIC_DATA; \
+	bn_set_max(r); \
+	}
+
+#define bn_set_high(r,a,n) \
+	{ \
+	if ((a)->top > (n)) \
+		{ \
+		(r)->top=(a)->top-n; \
+		(r)->d= &((a)->d[n]); \
+		} \
+	else \
+		(r)->top=0; \
+	(r)->neg=(a)->neg; \
+	(r)->flags|=BN_FLG_STATIC_DATA; \
+	bn_set_max(r); \
 	}
 
 /* #define bn_expand(n,b) ((((b)/BN_BITS2) <= (n)->max)?(n):bn_expand2((n),(b))) */
@@ -175,22 +231,35 @@ extern "C" {
 
 #endif
 
-#ifndef NOPROTO
+OPENSSL_EXTERN int bn_limit_bits;
+OPENSSL_EXTERN int bn_limit_num;        /* (1<<bn_limit_bits) */
+/* Recursive 'low' limit */
+OPENSSL_EXTERN int bn_limit_bits_low;
+OPENSSL_EXTERN int bn_limit_num_low;    /* (1<<bn_limit_bits_low) */
+/* Do modified 'high' part calculation' */
+OPENSSL_EXTERN int bn_limit_bits_high;
+OPENSSL_EXTERN int bn_limit_num_high;   /* (1<<bn_limit_bits_high) */
+OPENSSL_EXTERN int bn_limit_bits_mont;
+OPENSSL_EXTERN int bn_limit_num_mont;   /* (1<<bn_limit_bits_mont) */
 
 BIGNUM *bn_expand2(BIGNUM *b, int bits);
 
-#ifdef X86_ASM
-void bn_add_words(BN_ULONG *r,BN_ULONG *a,int num);
-#endif
-
-#else
-
-BIGNUM *bn_expand2();
-#ifdef X86_ASM
-BN_ULONG bn_add_words();
-#endif
-
-#endif
+void bn_mul_normal(BN_ULONG *r,BN_ULONG *a,int na,BN_ULONG *b,int nb);
+void bn_mul_comba8(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
+void bn_mul_comba4(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
+void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp);
+void bn_sqr_comba8(BN_ULONG *r,BN_ULONG *a);
+void bn_sqr_comba4(BN_ULONG *r,BN_ULONG *a);
+int bn_cmp_words(BN_ULONG *a,BN_ULONG *b,int n);
+void bn_mul_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,BN_ULONG *t);
+void bn_mul_part_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,
+	int tn, int n,BN_ULONG *t);
+void bn_sqr_recursive(BN_ULONG *r,BN_ULONG *a, int n2, BN_ULONG *t);
+void bn_mul_low_normal(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n);
+void bn_mul_low_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,
+	BN_ULONG *t);
+void bn_mul_high(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,BN_ULONG *l,int n2,
+	BN_ULONG *t);
 
 #ifdef  __cplusplus
 }
diff --git a/lib/libssl/src/crypto/bn/bn_lib.c b/lib/libssl/src/crypto/bn/bn_lib.c
index bfe7628ad4c..5d62d88e8b6 100644
--- a/lib/libssl/src/crypto/bn/bn_lib.c
+++ b/lib/libssl/src/crypto/bn/bn_lib.c
@@ -60,9 +60,68 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-char *BN_version="Big Number part of SSLeay 0.9.0b 29-Jun-1998";
+const char *BN_version="Big Number" OPENSSL_VERSION_PTEXT;
+
+/* For a 32 bit machine
+ * 2 -   4 ==  128
+ * 3 -   8 ==  256
+ * 4 -  16 ==  512
+ * 5 -  32 == 1024
+ * 6 -  64 == 2048
+ * 7 - 128 == 4096
+ * 8 - 256 == 8192
+ */
+OPENSSL_GLOBAL int bn_limit_bits=0;
+OPENSSL_GLOBAL int bn_limit_num=8;        /* (1<<bn_limit_bits) */
+OPENSSL_GLOBAL int bn_limit_bits_low=0;
+OPENSSL_GLOBAL int bn_limit_num_low=8;    /* (1<<bn_limit_bits_low) */
+OPENSSL_GLOBAL int bn_limit_bits_high=0;
+OPENSSL_GLOBAL int bn_limit_num_high=8;   /* (1<<bn_limit_bits_high) */
+OPENSSL_GLOBAL int bn_limit_bits_mont=0;
+OPENSSL_GLOBAL int bn_limit_num_mont=8;   /* (1<<bn_limit_bits_mont) */
+
+void BN_set_params(int mult, int high, int low, int mont)
+	{
+	if (mult >= 0)
+		{
+		if (mult > (sizeof(int)*8)-1)
+			mult=sizeof(int)*8-1;
+		bn_limit_bits=mult;
+		bn_limit_num=1<<mult;
+		}
+	if (high >= 0)
+		{
+		if (high > (sizeof(int)*8)-1)
+			high=sizeof(int)*8-1;
+		bn_limit_bits_high=high;
+		bn_limit_num_high=1<<high;
+		}
+	if (low >= 0)
+		{
+		if (low > (sizeof(int)*8)-1)
+			low=sizeof(int)*8-1;
+		bn_limit_bits_low=low;
+		bn_limit_num_low=1<<low;
+		}
+	if (mont >= 0)
+		{
+		if (mont > (sizeof(int)*8)-1)
+			mont=sizeof(int)*8-1;
+		bn_limit_bits_mont=mont;
+		bn_limit_num_mont=1<<mont;
+		}
+	}
 
-BIGNUM *BN_value_one()
+int BN_get_params(int which)
+	{
+	if      (which == 0) return(bn_limit_bits);
+	else if (which == 1) return(bn_limit_bits_high);
+	else if (which == 2) return(bn_limit_bits_low);
+	else if (which == 3) return(bn_limit_bits_mont);
+	else return(0);
+	}
+
+BIGNUM *BN_value_one(void)
 	{
 	static BN_ULONG data_one=1L;
 	static BIGNUM const_one={&data_one,1,1,0};
@@ -70,7 +129,7 @@ BIGNUM *BN_value_one()
 	return(&const_one);
 	}
 
-char *BN_options()
+char *BN_options(void)
 	{
 	static int init=0;
 	static char data[16];
@@ -89,10 +148,9 @@ char *BN_options()
 	return(data);
 	}
 
-int BN_num_bits_word(l)
-BN_ULONG l;
+int BN_num_bits_word(BN_ULONG l)
 	{
-	static char bits[256]={
+	static const char bits[256]={
 		0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4,
 		5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,
 		6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
@@ -111,24 +169,24 @@ BN_ULONG l;
 		8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
 		};
 
-#ifdef SIXTY_FOUR_BIT_LONG
+#if defined(SIXTY_FOUR_BIT_LONG)
 	if (l & 0xffffffff00000000L)
 		{
 		if (l & 0xffff000000000000L)
 			{
 			if (l & 0xff00000000000000L)
 				{
-				return(bits[l>>56]+56);
+				return(bits[(int)(l>>56)]+56);
 				}
-			else	return(bits[l>>48]+48);
+			else	return(bits[(int)(l>>48)]+48);
 			}
 		else
 			{
 			if (l & 0x0000ff0000000000L)
 				{
-				return(bits[l>>40]+40);
+				return(bits[(int)(l>>40)]+40);
 				}
-			else	return(bits[l>>32]+32);
+			else	return(bits[(int)(l>>32)]+32);
 			}
 		}
 	else
@@ -140,17 +198,17 @@ BN_ULONG l;
 			{
 			if (l & 0xff00000000000000LL)
 				{
-				return(bits[l>>56]+56);
+				return(bits[(int)(l>>56)]+56);
 				}
-			else	return(bits[l>>48]+48);
+			else	return(bits[(int)(l>>48)]+48);
 			}
 		else
 			{
 			if (l & 0x0000ff0000000000LL)
 				{
-				return(bits[l>>40]+40);
+				return(bits[(int)(l>>40)]+40);
 				}
-			else	return(bits[l>>32]+32);
+			else	return(bits[(int)(l>>32)]+32);
 			}
 		}
 	else
@@ -161,28 +219,29 @@ BN_ULONG l;
 		if (l & 0xffff0000L)
 			{
 			if (l & 0xff000000L)
-				return(bits[l>>24L]+24);
-			else	return(bits[l>>16L]+16);
+				return(bits[(int)(l>>24L)]+24);
+			else	return(bits[(int)(l>>16L)]+16);
 			}
 		else
 #endif
 			{
 #if defined(SIXTEEN_BIT) || defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
 			if (l & 0xff00L)
-				return(bits[l>>8]+8);
+				return(bits[(int)(l>>8)]+8);
 			else	
 #endif
-				return(bits[l   ]  );
+				return(bits[(int)(l   )]  );
 			}
 		}
 	}
 
-int BN_num_bits(a)
-BIGNUM *a;
+int BN_num_bits(const BIGNUM *a)
 	{
 	BN_ULONG l;
 	int i;
 
+	bn_check_top(a);
+
 	if (a->top == 0) return(0);
 	l=a->d[a->top-1];
 	i=(a->top-1)*BN_BITS2;
@@ -196,126 +255,256 @@ BIGNUM *a;
 	return(i+BN_num_bits_word(l));
 	}
 
-void BN_clear_free(a)
-BIGNUM *a;
+void BN_clear_free(BIGNUM *a)
 	{
+	int i;
+
 	if (a == NULL) return;
 	if (a->d != NULL)
 		{
 		memset(a->d,0,a->max*sizeof(a->d[0]));
-		Free(a->d);
+		if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
+			Free(a->d);
 		}
+	i=BN_get_flags(a,BN_FLG_MALLOCED);
 	memset(a,0,sizeof(BIGNUM));
-	Free(a);
+	if (i)
+		Free(a);
 	}
 
-void BN_free(a)
-BIGNUM *a;
+void BN_free(BIGNUM *a)
 	{
 	if (a == NULL) return;
-	if (a->d != NULL) Free(a->d);
-	Free(a);
+	if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA)))
+		Free(a->d);
+	a->flags|=BN_FLG_FREE; /* REMOVE? */
+	if (a->flags & BN_FLG_MALLOCED)
+		Free(a);
+	}
+
+void BN_init(BIGNUM *a)
+	{
+	memset(a,0,sizeof(BIGNUM));
 	}
 
-BIGNUM *BN_new()
+BIGNUM *BN_new(void)
 	{
 	BIGNUM *ret;
-	BN_ULONG *p;
 
-	ret=(BIGNUM *)Malloc(sizeof(BIGNUM));
-	if (ret == NULL) goto err;
+	if ((ret=(BIGNUM *)Malloc(sizeof(BIGNUM))) == NULL)
+		{
+		BNerr(BN_F_BN_NEW,ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+	ret->flags=BN_FLG_MALLOCED;
 	ret->top=0;
 	ret->neg=0;
-	ret->max=(BN_DEFAULT_BITS/BN_BITS2);
-	p=(BN_ULONG *)Malloc(sizeof(BN_ULONG)*(ret->max+1));
-	if (p == NULL) goto err;
-	ret->d=p;
-
-	memset(p,0,(ret->max+1)*sizeof(p[0]));
+	ret->max=0;
+	ret->d=NULL;
 	return(ret);
-err:
-	BNerr(BN_F_BN_NEW,ERR_R_MALLOC_FAILURE);
-	return(NULL);
 	}
 
-BN_CTX *BN_CTX_new()
+
+BN_CTX *BN_CTX_new(void)
 	{
 	BN_CTX *ret;
-	BIGNUM *n;
-	int i,j;
 
 	ret=(BN_CTX *)Malloc(sizeof(BN_CTX));
-	if (ret == NULL) goto err2;
-
-	for (i=0; i<BN_CTX_NUM; i++)
+	if (ret == NULL)
 		{
-		n=BN_new();
-		if (n == NULL) goto err;
-		ret->bn[i]=n;
+		BNerr(BN_F_BN_CTX_NEW,ERR_R_MALLOC_FAILURE);
+		return(NULL);
 		}
 
-	/* There is actually an extra one, this is for debugging my
-	 * stuff */
-	ret->bn[BN_CTX_NUM]=NULL;
-
-	ret->tos=0;
+	BN_CTX_init(ret);
+	ret->flags=BN_FLG_MALLOCED;
 	return(ret);
-err:
-	for (j=0; j<i; j++)
-		BN_free(ret->bn[j]);
-	Free(ret);
-err2:
-	BNerr(BN_F_BN_CTX_NEW,ERR_R_MALLOC_FAILURE);
-	return(NULL);
 	}
 
-void BN_CTX_free(c)
-BN_CTX *c;
+void BN_CTX_init(BN_CTX *ctx)
+	{
+	memset(ctx,0,sizeof(BN_CTX));
+	ctx->tos=0;
+	ctx->flags=0;
+	}
+
+void BN_CTX_free(BN_CTX *c)
 	{
 	int i;
 
+	if(c == NULL)
+	    return;
+
 	for (i=0; i<BN_CTX_NUM; i++)
-		BN_clear_free(c->bn[i]);
-	Free(c);
+		BN_clear_free(&(c->bn[i]));
+	if (c->flags & BN_FLG_MALLOCED)
+		Free(c);
 	}
 
-BIGNUM *bn_expand2(b, words)
-BIGNUM *b;
-int words;
+BIGNUM *bn_expand2(BIGNUM *b, int words)
 	{
-	BN_ULONG *p;
+	BN_ULONG *A,*a;
+	const BN_ULONG *B;
+	int i;
+
+	bn_check_top(b);
 
 	if (words > b->max)
 		{
-		p=(BN_ULONG *)Realloc(b->d,sizeof(BN_ULONG)*(words+1));
-		if (p == NULL)
+		bn_check_top(b);	
+		if (BN_get_flags(b,BN_FLG_STATIC_DATA))
+			{
+			BNerr(BN_F_BN_EXPAND2,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
+			return(NULL);
+			}
+		a=A=(BN_ULONG *)Malloc(sizeof(BN_ULONG)*(words+1));
+		if (A == NULL)
 			{
 			BNerr(BN_F_BN_EXPAND2,ERR_R_MALLOC_FAILURE);
 			return(NULL);
 			}
-		b->d=p;
-		memset(&(p[b->max]),0,((words+1)-b->max)*sizeof(BN_ULONG));
+#if 1
+		B=b->d;
+		/* Check if the previous number needs to be copied */
+		if (B != NULL)
+			{
+#if 0
+			/* This lot is an unrolled loop to copy b->top 
+			 * BN_ULONGs from B to A
+			 */
+/*
+ * I have nothing against unrolling but it's usually done for
+ * several reasons, namely:
+ * - minimize percentage of decision making code, i.e. branches;
+ * - avoid cache trashing;
+ * - make it possible to schedule loads earlier;
+ * Now let's examine the code below. The cornerstone of C is
+ * "programmer is always right" and that's what we love it for:-)
+ * For this very reason C compilers have to be paranoid when it
+ * comes to data aliasing and assume the worst. Yeah, but what
+ * does it mean in real life? This means that loop body below will
+ * be compiled to sequence of loads immediately followed by stores
+ * as compiler assumes the worst, something in A==B+1 style. As a
+ * result CPU pipeline is going to starve for incoming data. Secondly
+ * if A and B happen to share same cache line such code is going to
+ * cause severe cache trashing. Both factors have severe impact on
+ * performance of modern CPUs and this is the reason why this
+ * particulare piece of code is #ifdefed away and replaced by more
+ * "friendly" version found in #else section below. This comment
+ * also applies to BN_copy function.
+ *
+ *					<appro@fy.chalmers.se>
+ */
+			for (i=b->top&(~7); i>0; i-=8)
+				{
+				A[0]=B[0]; A[1]=B[1]; A[2]=B[2]; A[3]=B[3];
+				A[4]=B[4]; A[5]=B[5]; A[6]=B[6]; A[7]=B[7];
+				A+=8;
+				B+=8;
+				}
+			switch (b->top&7)
+				{
+			case 7:
+				A[6]=B[6];
+			case 6:
+				A[5]=B[5];
+			case 5:
+				A[4]=B[4];
+			case 4:
+				A[3]=B[3];
+			case 3:
+				A[2]=B[2];
+			case 2:
+				A[1]=B[1];
+			case 1:
+				A[0]=B[0];
+			case 0:
+				/* I need the 'case 0' entry for utrix cc.
+				 * If the optimiser is turned on, it does the
+				 * switch table by doing
+				 * a=top&7
+				 * a--;
+				 * goto jump_table[a];
+				 * If top is 0, this makes us jump to 0xffffffc 
+				 * which is rather bad :-(.
+				 * eric 23-Apr-1998
+				 */
+				;
+				}
+#else
+			for (i=b->top>>2; i>0; i--,A+=4,B+=4)
+				{
+				/*
+				 * The fact that the loop is unrolled
+				 * 4-wise is a tribute to Intel. It's
+				 * the one that doesn't have enough
+				 * registers to accomodate more data.
+				 * I'd unroll it 8-wise otherwise:-)
+				 *
+				 *		<appro@fy.chalmers.se>
+				 */
+				BN_ULONG a0,a1,a2,a3;
+				a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
+				A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
+				}
+			switch (b->top&3)
+				{
+				case 3:	A[2]=B[2];
+				case 2:	A[1]=B[1];
+				case 1:	A[0]=B[0];
+				case 0:	; /* ultrix cc workaround, see above */
+				}
+#endif
+			Free(b->d);
+			}
+
+		b->d=a;
 		b->max=words;
+
+		/* Now need to zero any data between b->top and b->max */
+
+		A= &(b->d[b->top]);
+		for (i=(b->max - b->top)>>3; i>0; i--,A+=8)
+			{
+			A[0]=0; A[1]=0; A[2]=0; A[3]=0;
+			A[4]=0; A[5]=0; A[6]=0; A[7]=0;
+			}
+		for (i=(b->max - b->top)&7; i>0; i--,A++)
+			A[0]=0;
+#else
+			memset(A,0,sizeof(BN_ULONG)*(words+1));
+			memcpy(A,b->d,sizeof(b->d[0])*b->top);
+			b->d=a;
+			b->max=words;
+#endif
+		
+/*		memset(&(p[b->max]),0,((words+1)-b->max)*sizeof(BN_ULONG)); */
+/*	{ int i; for (i=b->max; i<words+1; i++) p[i]=i;} */
+
 		}
 	return(b);
 	}
 
-BIGNUM *BN_dup(a)
-BIGNUM *a;
+BIGNUM *BN_dup(const BIGNUM *a)
 	{
 	BIGNUM *r;
 
+	if (a == NULL) return NULL;
+
+	bn_check_top(a);
+
 	r=BN_new();
 	if (r == NULL) return(NULL);
 	return((BIGNUM *)BN_copy(r,a));
 	}
 
-BIGNUM *BN_copy(a, b)
-BIGNUM *a;
-BIGNUM *b;
+BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
 	{
 	int i;
-	BN_ULONG *A,*B;
+	BN_ULONG *A;
+	const BN_ULONG *B;
+
+	bn_check_top(b);
 
 	if (a == b) return(a);
 	if (bn_wexpand(a,b->top) == NULL) return(NULL);
@@ -323,35 +512,18 @@ BIGNUM *b;
 #if 1
 	A=a->d;
 	B=b->d;
-	for (i=b->top&(~7); i>0; i-=8)
+	for (i=b->top>>2; i>0; i--,A+=4,B+=4)
 		{
-		A[0]=B[0];
-		A[1]=B[1];
-		A[2]=B[2];
-		A[3]=B[3];
-		A[4]=B[4];
-		A[5]=B[5];
-		A[6]=B[6];
-		A[7]=B[7];
-		A+=8;
-		B+=8;
+		BN_ULONG a0,a1,a2,a3;
+		a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
+		A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
 		}
-	switch (b->top&7)
+	switch (b->top&3)
 		{
-	case 7:
-		A[6]=B[6];
-	case 6:
-		A[5]=B[5];
-	case 5:
-		A[4]=B[4];
-	case 4:
-		A[3]=B[3];
-	case 3:
-		A[2]=B[2];
-	case 2:
-		A[1]=B[1];
-	case 1:
-		A[0]=B[0];
+		case 3: A[2]=B[2];
+		case 2: A[1]=B[1];
+		case 1: A[0]=B[0];
+		case 0: ; /* ultrix cc workaround, see comments in bn_expand2 */
 		}
 #else
 	memcpy(a->d,b->d,sizeof(b->d[0])*b->top);
@@ -359,52 +531,47 @@ BIGNUM *b;
 
 /*	memset(&(a->d[b->top]),0,sizeof(a->d[0])*(a->max-b->top));*/
 	a->top=b->top;
-	if (a->top == 0)
+	if ((a->top == 0) && (a->d != NULL))
 		a->d[0]=0;
 	a->neg=b->neg;
 	return(a);
 	}
 
-void BN_clear(a)
-BIGNUM *a;
+void BN_clear(BIGNUM *a)
 	{
-	memset(a->d,0,a->max*sizeof(a->d[0]));
+	if (a->d != NULL)
+		memset(a->d,0,a->max*sizeof(a->d[0]));
 	a->top=0;
 	a->neg=0;
 	}
 
-unsigned long BN_get_word(a)
-BIGNUM *a;
+BN_ULONG BN_get_word(BIGNUM *a)
 	{
 	int i,n;
-	unsigned long ret=0;
+	BN_ULONG ret=0;
 
 	n=BN_num_bytes(a);
-	if (n > sizeof(unsigned long))
-#ifdef SIXTY_FOUR_BIT_LONG
+	if (n > sizeof(BN_ULONG))
 		return(BN_MASK2);
-#else
-		return(0xFFFFFFFFL);
-#endif
 	for (i=a->top-1; i>=0; i--)
 		{
 #ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */
 		ret<<=BN_BITS4; /* stops the compiler complaining */
 		ret<<=BN_BITS4;
+#else
+		ret=0;
 #endif
 		ret|=a->d[i];
 		}
 	return(ret);
 	}
 
-int BN_set_word(a,w)
-BIGNUM *a;
-unsigned long w;
+int BN_set_word(BIGNUM *a, BN_ULONG w)
 	{
 	int i,n;
-	if (bn_expand(a,sizeof(unsigned long)*8) == NULL) return(0);
+	if (bn_expand(a,sizeof(BN_ULONG)*8) == NULL) return(0);
 
-	n=sizeof(unsigned long)/BN_BYTES;
+	n=sizeof(BN_ULONG)/BN_BYTES;
 	a->neg=0;
 	a->top=0;
 	a->d[0]=(BN_ULONG)w&BN_MASK2;
@@ -417,6 +584,8 @@ unsigned long w;
 #ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */
 		w>>=BN_BITS4;
 		w>>=BN_BITS4;
+#else
+		w=0;
 #endif
 		a->d[i]=(BN_ULONG)w&BN_MASK2;
 		if (a->d[i] != 0) a->top=i+1;
@@ -425,10 +594,7 @@ unsigned long w;
 	}
 
 /* ignore negative */
-BIGNUM *BN_bin2bn(s, len, ret)
-unsigned char *s;
-int len;
-BIGNUM *ret;
+BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
 	{
 	unsigned int i,m;
 	unsigned int n;
@@ -465,9 +631,7 @@ BIGNUM *ret;
 	}
 
 /* ignore negative */
-int BN_bn2bin(a, to)
-BIGNUM *a;
-unsigned char *to;
+int BN_bn2bin(const BIGNUM *a, unsigned char *to)
 	{
 	int n,i;
 	BN_ULONG l;
@@ -481,13 +645,14 @@ unsigned char *to;
 	return(n);
 	}
 
-int BN_ucmp(a, b)
-BIGNUM *a;
-BIGNUM *b;
+int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
 	{
 	int i;
 	BN_ULONG t1,t2,*ap,*bp;
 
+	bn_check_top(a);
+	bn_check_top(b);
+
 	i=a->top-b->top;
 	if (i != 0) return(i);
 	ap=a->d;
@@ -502,9 +667,7 @@ BIGNUM *b;
 	return(0);
 	}
 
-int BN_cmp(a, b)
-BIGNUM *a;
-BIGNUM *b;
+int BN_cmp(const BIGNUM *a, const BIGNUM *b)
 	{
 	int i;
 	int gt,lt;
@@ -519,6 +682,10 @@ BIGNUM *b;
 		else
 			return(0);
 		}
+
+	bn_check_top(a);
+	bn_check_top(b);
+
 	if (a->neg != b->neg)
 		{
 		if (a->neg)
@@ -541,27 +708,25 @@ BIGNUM *b;
 	return(0);
 	}
 
-int BN_set_bit(a, n)
-BIGNUM *a;
-int n;
+int BN_set_bit(BIGNUM *a, int n)
 	{
-	int i,j;
+	int i,j,k;
 
 	i=n/BN_BITS2;
 	j=n%BN_BITS2;
 	if (a->top <= i)
 		{
-		if (bn_expand(a,n) == NULL) return(0);
+		if (bn_wexpand(a,i+1) == NULL) return(0);
+		for(k=a->top; k<i+1; k++)
+			a->d[k]=0;
 		a->top=i+1;
 		}
 
-	a->d[i]|=(1L<<j);
+	a->d[i]|=(((BN_ULONG)1)<<j);
 	return(1);
 	}
 
-int BN_clear_bit(a, n)
-BIGNUM *a;
-int n;
+int BN_clear_bit(BIGNUM *a, int n)
 	{
 	int i,j;
 
@@ -569,13 +734,12 @@ int n;
 	j=n%BN_BITS2;
 	if (a->top <= i) return(0);
 
-	a->d[i]&=(~(1L<<j));
+	a->d[i]&=(~(((BN_ULONG)1)<<j));
+	bn_fix_top(a);
 	return(1);
 	}
 
-int BN_is_bit_set(a, n)
-BIGNUM *a;
-int n;
+int BN_is_bit_set(const BIGNUM *a, int n)
 	{
 	int i,j;
 
@@ -586,9 +750,7 @@ int n;
 	return((a->d[i]&(((BN_ULONG)1)<<j))?1:0);
 	}
 
-int BN_mask_bits(a,n)
-BIGNUM *a;
-int n;
+int BN_mask_bits(BIGNUM *a, int n)
 	{
 	int b,w;
 
@@ -601,11 +763,25 @@ int n;
 		{
 		a->top=w+1;
 		a->d[w]&= ~(BN_MASK2<<b);
-		while ((w >= 0) && (a->d[w] == 0))
-			{
-			a->top--;
-			w--;
-			}
 		}
+	bn_fix_top(a);
 	return(1);
 	}
+
+int bn_cmp_words(BN_ULONG *a, BN_ULONG *b, int n)
+	{
+	int i;
+	BN_ULONG aa,bb;
+
+	aa=a[n-1];
+	bb=b[n-1];
+	if (aa != bb) return((aa > bb)?1:-1);
+	for (i=n-2; i>=0; i--)
+		{
+		aa=a[i];
+		bb=b[i];
+		if (aa != bb) return((aa > bb)?1:-1);
+		}
+	return(0);
+	}
+
diff --git a/lib/libssl/src/crypto/bn/bn_m.c b/lib/libssl/src/crypto/bn/bn_m.c
deleted file mode 100644
index 5166daaeec8..00000000000
--- a/lib/libssl/src/crypto/bn/bn_m.c
+++ /dev/null
@@ -1,169 +0,0 @@
-/* crypto/bn/bn_m.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-#include "stack.h"
-
-int limit=16;
-
-typedef struct bn_pool_st
-	{
-	int used;
-	int tos;
-	STACK *sk; 
-	} BN_POOL;
-
-BIGNUM *BN_POOL_push(bp)
-BN_POOL *bp;
-	{
-	BIGNUM *ret;
-
-	if (bp->used >= bp->tos)
-		{
-		ret=BN_new();
-		sk_push(bp->sk,(char *)ret);
-		bp->tos++;
-		bp->used++;
-		}
-	else
-		{
-		ret=(BIGNUM *)sk_value(bp->sk,bp->used);
-		bp->used++;
-		}
-	return(ret);
-	}
-
-void BN_POOL_pop(bp,num)
-BN_POOL *bp;
-int num;
-	{
-	bp->used-=num;
-	}
-
-int BN_m(r,a,b)
-BIGNUM *r,*a,*b;
-	{
-	static BN_POOL bp;
-	static init=1;
-
-	if (init)
-		{
-		bp.used=0;
-		bp.tos=0;
-		bp.sk=sk_new_null();
-		init=0;
-		}
-	return(BN_mm(r,a,b,&bp));
-	}
-
-/* r must be different to a and b */
-int BN_mm(m, A, B, bp)
-BIGNUM *m,*A,*B;
-BN_POOL *bp;
-	{
-	int i,num;
-	int an,bn;
-	BIGNUM *a,*b,*c,*d,*ac,*bd;
-
-	an=A->top;
-	bn=B->top;
-	if ((an <= limit) || (bn <= limit))
-		{
-		return(BN_mul(m,A,B));
-		}
-
-	a=BN_POOL_push(bp);
-	b=BN_POOL_push(bp);
-	c=BN_POOL_push(bp);
-	d=BN_POOL_push(bp);
-	ac=BN_POOL_push(bp);
-	bd=BN_POOL_push(bp);
-
-	num=(an <= bn)?an:bn;
-	num=1<<(BN_num_bits_word(num-1)-1);
-
-	/* Are going to now chop things into 'num' word chunks. */
-	num*=BN_BITS2;
-
-	BN_copy(a,A);
-	BN_mask_bits(a,num);
-	BN_rshift(b,A,num);
-
-	BN_copy(c,B);
-	BN_mask_bits(c,num);
-	BN_rshift(d,B,num);
-
-	BN_sub(ac ,b,a);
-	BN_sub(bd,c,d);
-	BN_mm(m,ac,bd,bp);
-	BN_mm(ac,a,c,bp);
-	BN_mm(bd,b,d,bp);
-
-	BN_add(m,m,ac);
-	BN_add(m,m,bd);
-	BN_lshift(m,m,num);
-	BN_lshift(bd,bd,num*2);
-
-	BN_add(m,m,ac);
-	BN_add(m,m,bd);
-	BN_POOL_pop(bp,6);
-	return(1);
-	}
-
diff --git a/lib/libssl/src/crypto/bn/bn_mont.c b/lib/libssl/src/crypto/bn/bn_mont.c
index e435df61f86..ee0f410c22a 100644
--- a/lib/libssl/src/crypto/bn/bn_mont.c
+++ b/lib/libssl/src/crypto/bn/bn_mont.c
@@ -56,251 +56,352 @@
  * [including the GNU Public Licence.]
  */
 
+/*
+ * Details about Montgomery multiplication algorithms can be found at:
+ * http://www.ece.orst.edu/ISL/Publications.html
+ * http://www.ece.orst.edu/ISL/Koc/papers/j37acmon.pdf
+ */
+
 #include <stdio.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-int BN_mod_mul_montgomery(r,a,b,mont,ctx)
-BIGNUM *r,*a,*b;
-BN_MONT_CTX *mont;
-BN_CTX *ctx;
+#define MONT_WORD
+
+int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
+			  BN_MONT_CTX *mont, BN_CTX *ctx)
 	{
-	BIGNUM *tmp;
+	BIGNUM *tmp,*tmp2;
+
+        tmp= &(ctx->bn[ctx->tos]);
+        tmp2= &(ctx->bn[ctx->tos]);
+	ctx->tos+=2;
 
-        tmp=ctx->bn[ctx->tos++];
+	bn_check_top(tmp);
+	bn_check_top(tmp2);
 
 	if (a == b)
 		{
+#if 0
+		bn_wexpand(tmp,a->top*2);
+		bn_wexpand(tmp2,a->top*4);
+		bn_sqr_recursive(tmp->d,a->d,a->top,tmp2->d);
+		tmp->top=a->top*2;
+		if (tmp->d[tmp->top-1] == 0)
+			tmp->top--;
+#else
 		if (!BN_sqr(tmp,a,ctx)) goto err;
+#endif
 		}
 	else
 		{
-		if (!BN_mul(tmp,a,b)) goto err;
+		if (!BN_mul(tmp,a,b,ctx)) goto err;
 		}
 	/* reduce from aRR to aR */
 	if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err;
-	ctx->tos--;
+	ctx->tos-=2;
 	return(1);
 err:
 	return(0);
 	}
 
-#define MONT_WORD
-
-#ifdef MONT_WORD
-int BN_from_montgomery(ret,a,mont,ctx)
-BIGNUM *ret;
-BIGNUM *a;
-BN_MONT_CTX *mont;
-BN_CTX *ctx;
+int BN_from_montgomery(BIGNUM *ret, BIGNUM *a, BN_MONT_CTX *mont,
+	     BN_CTX *ctx)
 	{
-	BIGNUM *n,*t1,*r;
-	BN_ULONG *ap,*np,*rp,n0,v;
-	int al,nl,max,i,x,ri;
-	int retn=0;
+#ifdef BN_RECURSION_MONT
+	if (mont->use_word)
+#endif
+		{
+		BIGNUM *n,*r;
+		BN_ULONG *ap,*np,*rp,n0,v,*nrp;
+		int al,nl,max,i,x,ri;
+		int retn=0;
 
-	t1=ctx->bn[ctx->tos];
-	r=ctx->bn[ctx->tos+1];
+		r= &(ctx->bn[ctx->tos]);
 
-	if (!BN_copy(r,a)) goto err;
-	n=mont->N;
+		if (!BN_copy(r,a)) goto err1;
+		n= &(mont->N);
 
-	ap=a->d;
-	/* mont->ri is the size of mont->N in bits/words */
-	al=ri=mont->ri/BN_BITS2;
+		ap=a->d;
+		/* mont->ri is the size of mont->N in bits/words */
+		al=ri=mont->ri/BN_BITS2;
 
-	nl=n->top;
-	if ((al == 0) || (nl == 0)) { r->top=0; return(1); }
+		nl=n->top;
+		if ((al == 0) || (nl == 0)) { r->top=0; return(1); }
 
-	max=(nl+al+1); /* allow for overflow (no?) XXX */
-	if (bn_wexpand(r,max) == NULL) goto err;
-	if (bn_wexpand(ret,max) == NULL) goto err;
+		max=(nl+al+1); /* allow for overflow (no?) XXX */
+		if (bn_wexpand(r,max) == NULL) goto err1;
+		if (bn_wexpand(ret,max) == NULL) goto err1;
 
-	r->neg=a->neg^n->neg;
-	np=n->d;
-	rp=r->d;
+		r->neg=a->neg^n->neg;
+		np=n->d;
+		rp=r->d;
+		nrp= &(r->d[nl]);
 
-	/* clear the top words of T */
+		/* clear the top words of T */
 #if 1
-	for (i=r->top; i<max; i++) /* memset? XXX */
-		r->d[i]=0;
+		for (i=r->top; i<max; i++) /* memset? XXX */
+			r->d[i]=0;
 #else
-	memset(&(r->d[r->top]),0,(max-r->top)*sizeof(BN_ULONG)); 
+		memset(&(r->d[r->top]),0,(max-r->top)*sizeof(BN_ULONG)); 
 #endif
 
-	r->top=max;
-	n0=mont->n0;
-
-	for (i=0; i<nl; i++)
-		{
-#if 0
-		int x1,x2;
+		r->top=max;
+		n0=mont->n0;
 
-		if (i+4 > nl)
+#ifdef BN_COUNT
+printf("word BN_from_montgomery %d * %d\n",nl,nl);
+#endif
+		for (i=0; i<nl; i++)
 			{
-			x2=nl;
-			x1=0;
+			v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2);
+			nrp++;
+			rp++;
+			if (((nrp[-1]+=v)&BN_MASK2) >= v)
+				continue;
+			else
+				{
+				if (((++nrp[0])&BN_MASK2) != 0) continue;
+				if (((++nrp[1])&BN_MASK2) != 0) continue;
+				for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ;
+				}
 			}
+		bn_fix_top(r);
+
+		/* mont->ri will be a multiple of the word size */
+#if 0
+		BN_rshift(ret,r,mont->ri);
+#else
+		x=ri;
+		rp=ret->d;
+		ap= &(r->d[x]);
+		if (r->top < x)
+			al=0;
 		else
+			al=r->top-x;
+		ret->top=al;
+		al-=4;
+		for (i=0; i<al; i+=4)
 			{
-			x2=i+4;
-			x1=nl-x2;
+			BN_ULONG t1,t2,t3,t4;
+
+			t1=ap[i+0];
+			t2=ap[i+1];
+			t3=ap[i+2];
+			t4=ap[i+3];
+			rp[i+0]=t1;
+			rp[i+1]=t2;
+			rp[i+2]=t3;
+			rp[i+3]=t4;
 			}
-		v=bn_mul_add_words(&(rp[x1]),&(np[x1]),x2,(rp[x1]*n0)&BN_MASK2);
-#else
-		v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2);
+		al+=4;
+		for (; i<al; i++)
+			rp[i]=ap[i];
 #endif
 
-		if (((rp[nl]+=v)&BN_MASK2) < v)
+		if (BN_ucmp(ret, &(mont->N)) >= 0)
 			{
-			for (x=(nl+1); (((++rp[x])&BN_MASK2) == 0); x++)
-				;
+			BN_usub(ret,ret,&(mont->N)); /* XXX */
 			}
-		rp++;
+		retn=1;
+err1:
+		return(retn);
 		}
-	while (r->d[r->top-1] == 0)
-		r->top--;
-
-	/* mont->ri will be a multiple of the word size */
-#if 0
-	BN_rshift(ret,r,mont->ri);
-#else
-	ap=r->d;
-	rp=ret->d;
-	x=ri;
-	al=r->top-x;
-	for (i=0; i<al; i++)
+#ifdef BN_RECURSION_MONT
+	else /* bignum version */ 
 		{
-		rp[i]=ap[i+x];
-		}
-	ret->top=al;
+		BIGNUM *t1,*t2,*t3;
+		int j,i;
+
+#ifdef BN_COUNT
+printf("number BN_from_montgomery\n");
 #endif
 
-	if (BN_ucmp(ret,mont->N) >= 0)
-		{
-		bn_qsub(ret,ret,mont->N); /* XXX */
-		}
-	retn=1;
-err:
-	return(retn);
-	}
-#else
-int BN_from_montgomery(r,a,mont,ctx)
-BIGNUM *r;
-BIGNUM *a;
-BN_MONT_CTX *mont;
-BN_CTX *ctx;
-	{
-	BIGNUM *t1,*t2;
+		t1= &(ctx->bn[ctx->tos]);
+		t2= &(ctx->bn[ctx->tos+1]);
+		t3= &(ctx->bn[ctx->tos+2]);
 
-	t1=ctx->bn[ctx->tos];
-	t2=ctx->bn[ctx->tos+1];
+		i=mont->Ni.top;
+		bn_wexpand(ret,i); /* perhaps only i*2 */
+		bn_wexpand(t1,i*4); /* perhaps only i*2 */
+		bn_wexpand(t2,i*2); /* perhaps only i   */
 
-	if (!BN_copy(t1,a)) goto err;
-	/* can cheat */
-	BN_mask_bits(t1,mont->ri);
+		bn_mul_low_recursive(t2->d,a->d,mont->Ni.d,i,t1->d);
 
-	if (!BN_mul(t2,t1,mont->Ni)) goto err;
-	BN_mask_bits(t2,mont->ri);
+		BN_zero(t3);
+		BN_set_bit(t3,mont->N.top*BN_BITS2);
+		bn_sub_words(t3->d,t3->d,a->d,i);
+		bn_mul_high(ret->d,t2->d,mont->N.d,t3->d,i,t1->d);
 
-	if (!BN_mul(t1,t2,mont->N)) goto err;
-	if (!BN_add(t2,a,t1)) goto err;
-	BN_rshift(r,t2,mont->ri);
+		/* hmm... if a is between i and 2*i, things are bad */
+		if (a->top > i)
+			{
+			j=(int)(bn_add_words(ret->d,ret->d,&(a->d[i]),i));
+			if (j) /* overflow */
+				bn_sub_words(ret->d,ret->d,mont->N.d,i);
+			}
+		ret->top=i;
+		bn_fix_top(ret);
+		if (a->d[0])
+			BN_add_word(ret,1); /* Always? */
+		else	/* Very very rare */
+			{
+			for (i=1; i<mont->N.top-1; i++)
+				{
+				if (a->d[i])
+					{
+					BN_add_word(ret,1); /* Always? */
+					break;
+					}
+				}
+			}
 
-	if (BN_ucmp(r,mont->N) >= 0)
-		bn_qsub(r,r,mont->N);
+		if (BN_ucmp(ret,&(mont->N)) >= 0)
+			BN_usub(ret,ret,&(mont->N));
 
-	return(1);
-err:
-	return(0);
-	}
+		return(1);
+		}
 #endif
+	}
 
-BN_MONT_CTX *BN_MONT_CTX_new()
+BN_MONT_CTX *BN_MONT_CTX_new(void)
 	{
 	BN_MONT_CTX *ret;
 
 	if ((ret=(BN_MONT_CTX *)Malloc(sizeof(BN_MONT_CTX))) == NULL)
 		return(NULL);
-	ret->ri=0;
-	ret->RR=BN_new();
-	ret->N=BN_new();
-	ret->Ni=NULL;
-	if ((ret->RR == NULL) || (ret->N == NULL))
-		{
-		BN_MONT_CTX_free(ret);
-		return(NULL);
-		}
+
+	BN_MONT_CTX_init(ret);
+	ret->flags=BN_FLG_MALLOCED;
 	return(ret);
 	}
 
-void BN_MONT_CTX_free(mont)
-BN_MONT_CTX *mont;
+void BN_MONT_CTX_init(BN_MONT_CTX *ctx)
+	{
+	ctx->use_word=0;
+	ctx->ri=0;
+	BN_init(&(ctx->RR));
+	BN_init(&(ctx->N));
+	BN_init(&(ctx->Ni));
+	ctx->flags=0;
+	}
+
+void BN_MONT_CTX_free(BN_MONT_CTX *mont)
 	{
-	if (mont->RR != NULL) BN_free(mont->RR);
-	if (mont->N != NULL) BN_free(mont->N);
-	if (mont->Ni != NULL) BN_free(mont->Ni);
-	Free(mont);
+	if(mont == NULL)
+	    return;
+
+	BN_free(&(mont->RR));
+	BN_free(&(mont->N));
+	BN_free(&(mont->Ni));
+	if (mont->flags & BN_FLG_MALLOCED)
+		Free(mont);
 	}
 
-int BN_MONT_CTX_set(mont,mod,ctx)
-BN_MONT_CTX *mont;
-BIGNUM *mod;
-BN_CTX *ctx;
+int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
 	{
-	BIGNUM *Ri=NULL,*R=NULL;
-
-	if (mont->RR == NULL) mont->RR=BN_new();
-	if (mont->N == NULL)  mont->N=BN_new();
-
-	R=mont->RR;					/* grab RR as a temp */
-	BN_copy(mont->N,mod);				/* Set N */
-
-#ifdef MONT_WORD
-{
-	BIGNUM tmod;
-	BN_ULONG buf[2];
-	/* int z; */
-
-	mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
-	BN_lshift(R,BN_value_one(),BN_BITS2);		/* R */
-	/* I was bad, this modification of a passed variable was
-	 * breaking the multithreaded stuff :-(
-	 * z=mod->top;
-	 * mod->top=1; */
-
-	buf[0]=mod->d[0];
-	buf[1]=0;
-	tmod.d=buf;
-	tmod.top=1;
-	tmod.max=mod->max;
-	tmod.neg=mod->neg;
-
-	if ((Ri=BN_mod_inverse(R,&tmod,ctx)) == NULL) goto err; /* Ri */
-	BN_lshift(Ri,Ri,BN_BITS2);			/* R*Ri */
-	bn_qsub(Ri,Ri,BN_value_one());			/* R*Ri - 1 */
-	BN_div(Ri,NULL,Ri,&tmod,ctx);
-	mont->n0=Ri->d[0];
-	BN_free(Ri);
-	/* mod->top=z; */
-}
+	BIGNUM Ri,*R;
+
+	BN_init(&Ri);
+	R= &(mont->RR);					/* grab RR as a temp */
+	BN_copy(&(mont->N),mod);			/* Set N */
+
+#ifdef BN_RECURSION_MONT
+	if (mont->N.top < BN_MONT_CTX_SET_SIZE_WORD)
+#endif
+		{
+		BIGNUM tmod;
+		BN_ULONG buf[2];
+
+		mont->use_word=1;
+
+		mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
+		BN_zero(R);
+		BN_set_bit(R,BN_BITS2);
+		/* I was bad, this modification of a passed variable was
+		 * breaking the multithreaded stuff :-(
+		 * z=mod->top;
+		 * mod->top=1; */
+
+		buf[0]=mod->d[0];
+		buf[1]=0;
+		tmod.d=buf;
+		tmod.top=1;
+		tmod.max=mod->max;
+		tmod.neg=mod->neg;
+
+		if ((BN_mod_inverse(&Ri,R,&tmod,ctx)) == NULL)
+			goto err;
+		BN_lshift(&Ri,&Ri,BN_BITS2);			/* R*Ri */
+		if (!BN_is_zero(&Ri))
+			{
+#if 1
+			BN_sub_word(&Ri,1);
 #else
-	mont->ri=BN_num_bits(mod);
-	BN_lshift(R,BN_value_one(),mont->ri);			/* R */
-	if ((Ri=BN_mod_inverse(R,mod,ctx)) == NULL) goto err;	/* Ri */
-	BN_lshift(Ri,Ri,mont->ri);				/* R*Ri */
-	bn_qsub(Ri,Ri,BN_value_one());				/* R*Ri - 1 */
-	BN_div(Ri,NULL,Ri,mod,ctx);
-	if (mont->Ni != NULL) BN_free(mont->Ni);
-	mont->Ni=Ri;					/* Ni=(R*Ri-1)/N */
+			BN_usub(&Ri,&Ri,BN_value_one());	/* R*Ri - 1 */
+#endif
+			}
+		else
+			{
+			/* This is not common..., 1 in BN_MASK2,
+			 * It happens when buf[0] was == 1.  So for 8 bit,
+			 * this is 1/256, 16bit, 1 in 2^16 etc.
+			 */
+			BN_set_word(&Ri,BN_MASK2);
+			}
+		BN_div(&Ri,NULL,&Ri,&tmod,ctx);
+		mont->n0=Ri.d[0];
+		BN_free(&Ri);
+		/* mod->top=z; */
+		}
+#ifdef BN_RECURSION_MONT
+	else
+		{
+		mont->use_word=0;
+		mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
+#if 1
+		BN_zero(R);
+		BN_set_bit(R,mont->ri);
+#else
+		BN_lshift(R,BN_value_one(),mont->ri);	/* R */
+#endif
+		if ((BN_mod_inverse(&Ri,R,mod,ctx)) == NULL)
+			goto err;
+		BN_lshift(&Ri,&Ri,mont->ri);		/* R*Ri */
+#if 1
+		BN_sub_word(&Ri,1);
+#else
+		BN_usub(&Ri,&Ri,BN_value_one());	/* R*Ri - 1 */
+#endif
+		BN_div(&(mont->Ni),NULL,&Ri,mod,ctx);
+		BN_free(&Ri);
+		}
 #endif
 
 	/* setup RR for conversions */
+#if 1
+	BN_zero(&(mont->RR));
+	BN_set_bit(&(mont->RR),mont->ri*2);
+#else
 	BN_lshift(mont->RR,BN_value_one(),mont->ri*2);
-	BN_mod(mont->RR,mont->RR,mont->N,ctx);
+#endif
+	BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx);
 
 	return(1);
 err:
 	return(0);
 	}
 
+BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
+	{
+	if (to == from) return(to);
+
+	BN_copy(&(to->RR),&(from->RR));
+	BN_copy(&(to->N),&(from->N));
+	BN_copy(&(to->Ni),&(from->Ni));
+	to->use_word=from->use_word;
+	to->ri=from->ri;
+	to->n0=from->n0;
+	return(to);
+	}
+
diff --git a/lib/libssl/src/crypto/bn/bn_mpi.c b/lib/libssl/src/crypto/bn/bn_mpi.c
index 53945c10571..80e1dca6b73 100644
--- a/lib/libssl/src/crypto/bn/bn_mpi.c
+++ b/lib/libssl/src/crypto/bn/bn_mpi.c
@@ -60,9 +60,7 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-int BN_bn2mpi(a,d)
-BIGNUM *a;
-unsigned char *d;
+int BN_bn2mpi(const BIGNUM *a, unsigned char *d)
 	{
 	int bits;
 	int num=0;
@@ -90,10 +88,7 @@ unsigned char *d;
 	return(num+4+ext);
 	}
 
-BIGNUM *BN_mpi2bn(d,n,a)
-unsigned char *d;
-int n;
-BIGNUM *a;
+BIGNUM *BN_mpi2bn(unsigned char *d, int n, BIGNUM *a)
 	{
 	long len;
 	int neg=0;
@@ -103,7 +98,7 @@ BIGNUM *a;
 		BNerr(BN_F_BN_MPI2BN,BN_R_INVALID_LENGTH);
 		return(NULL);
 		}
-	len=(d[0]<<24)|(d[1]<<16)|(d[2]<<8)|d[3];
+	len=((long)d[0]<<24)|((long)d[1]<<16)|((int)d[2]<<8)|(int)d[3];
 	if ((len+4) != n)
 		{
 		BNerr(BN_F_BN_MPI2BN,BN_R_ENCODING_ERROR);
diff --git a/lib/libssl/src/crypto/bn/bn_mul.c b/lib/libssl/src/crypto/bn/bn_mul.c
index d0c04e1d4b9..38c47f3d1f0 100644
--- a/lib/libssl/src/crypto/bn/bn_mul.c
+++ b/lib/libssl/src/crypto/bn/bn_mul.c
@@ -60,150 +60,697 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-/* r must be different to a and b */
-/* int BN_mmul(r, a, b) */
-int BN_mul(r, a, b)
-BIGNUM *r;
-BIGNUM *a;
-BIGNUM *b;
+#ifdef BN_RECURSION
+/* r is 2*n2 words in size,
+ * a and b are both n2 words in size.
+ * n2 must be a power of 2.
+ * We multiply and return the result.
+ * t must be 2*n2 words in size
+ * We calulate
+ * a[0]*b[0]
+ * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
+ * a[1]*b[1]
+ */
+void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+	     BN_ULONG *t)
 	{
-	int i;
-	int max,al,bl;
-	BN_ULONG *ap,*bp,*rp;
+	int n=n2/2,c1,c2;
+	unsigned int neg,zero;
+	BN_ULONG ln,lo,*p;
 
-	al=a->top;
-	bl=b->top;
-	if ((al == 0) || (bl == 0))
+#ifdef BN_COUNT
+printf(" bn_mul_recursive %d * %d\n",n2,n2);
+#endif
+#ifdef BN_MUL_COMBA
+/*	if (n2 == 4)
 		{
-		r->top=0;
-		return(1);
+		bn_mul_comba4(r,a,b);
+		return;
+		}
+	else */ if (n2 == 8)
+		{
+		bn_mul_comba8(r,a,b);
+		return; 
+		}
+#endif
+	if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL)
+		{
+		/* This should not happen */
+		bn_mul_normal(r,a,n2,b,n2);
+		return;
+		}
+	/* r=(a[0]-a[1])*(b[1]-b[0]) */
+	c1=bn_cmp_words(a,&(a[n]),n);
+	c2=bn_cmp_words(&(b[n]),b,n);
+	zero=neg=0;
+	switch (c1*3+c2)
+		{
+	case -4:
+		bn_sub_words(t,      &(a[n]),a,      n); /* - */
+		bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
+		break;
+	case -3:
+		zero=1;
+		break;
+	case -2:
+		bn_sub_words(t,      &(a[n]),a,      n); /* - */
+		bn_sub_words(&(t[n]),&(b[n]),b,      n); /* + */
+		neg=1;
+		break;
+	case -1:
+	case 0:
+	case 1:
+		zero=1;
+		break;
+	case 2:
+		bn_sub_words(t,      a,      &(a[n]),n); /* + */
+		bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
+		neg=1;
+		break;
+	case 3:
+		zero=1;
+		break;
+	case 4:
+		bn_sub_words(t,      a,      &(a[n]),n);
+		bn_sub_words(&(t[n]),&(b[n]),b,      n);
+		break;
 		}
 
-	max=(al+bl);
-	if (bn_wexpand(r,max) == NULL) return(0);
-	r->top=max;
-	r->neg=a->neg^b->neg;
-	ap=a->d;
-	bp=b->d;
-	rp=r->d;
+#ifdef BN_MUL_COMBA
+	if (n == 4)
+		{
+		if (!zero)
+			bn_mul_comba4(&(t[n2]),t,&(t[n]));
+		else
+			memset(&(t[n2]),0,8*sizeof(BN_ULONG));
+		
+		bn_mul_comba4(r,a,b);
+		bn_mul_comba4(&(r[n2]),&(a[n]),&(b[n]));
+		}
+	else if (n == 8)
+		{
+		if (!zero)
+			bn_mul_comba8(&(t[n2]),t,&(t[n]));
+		else
+			memset(&(t[n2]),0,16*sizeof(BN_ULONG));
+		
+		bn_mul_comba8(r,a,b);
+		bn_mul_comba8(&(r[n2]),&(a[n]),&(b[n]));
+		}
+	else
+#endif
+		{
+		p= &(t[n2*2]);
+		if (!zero)
+			bn_mul_recursive(&(t[n2]),t,&(t[n]),n,p);
+		else
+			memset(&(t[n2]),0,n2*sizeof(BN_ULONG));
+		bn_mul_recursive(r,a,b,n,p);
+		bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,p);
+		}
 
-	rp[al]=bn_mul_words(rp,ap,al,*(bp++));
-	rp++;
-	for (i=1; i<bl; i++)
+	/* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
+	 * r[10] holds (a[0]*b[0])
+	 * r[32] holds (b[1]*b[1])
+	 */
+
+	c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
+
+	if (neg) /* if t[32] is negative */
 		{
-		rp[al]=bn_mul_add_words(rp,ap,al,*(bp++));
-		rp++;
+		c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
+		}
+	else
+		{
+		/* Might have a carry */
+		c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2));
 		}
-	if (r->d[max-1] == 0) r->top--;
-	return(1);
-	}
 
-#if 0
-#include "stack.h"
+	/* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
+	 * r[10] holds (a[0]*b[0])
+	 * r[32] holds (b[1]*b[1])
+	 * c1 holds the carry bits
+	 */
+	c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));
+	if (c1)
+		{
+		p= &(r[n+n2]);
+		lo= *p;
+		ln=(lo+c1)&BN_MASK2;
+		*p=ln;
 
-int limit=16;
+		/* The overflow will stop before we over write
+		 * words we should not overwrite */
+		if (ln < (BN_ULONG)c1)
+			{
+			do	{
+				p++;
+				lo= *p;
+				ln=(lo+1)&BN_MASK2;
+				*p=ln;
+				} while (ln == 0);
+			}
+		}
+	}
 
-typedef struct bn_pool_st
+/* n+tn is the word length
+ * t needs to be n*4 is size, as does r */
+void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn,
+	     int n, BN_ULONG *t)
 	{
-	int used;
-	int tos;
-	STACK *sk; 
-	} BN_POOL;
+	int i,j,n2=n*2;
+	unsigned int c1;
+	BN_ULONG ln,lo,*p;
 
-BIGNUM *BN_POOL_push(bp)
-BN_POOL *bp;
-	{
-	BIGNUM *ret;
+#ifdef BN_COUNT
+printf(" bn_mul_part_recursive %d * %d\n",tn+n,tn+n);
+#endif
+	if (n < 8)
+		{
+		i=tn+n;
+		bn_mul_normal(r,a,i,b,i);
+		return;
+		}
+
+	/* r=(a[0]-a[1])*(b[1]-b[0]) */
+	bn_sub_words(t,      a,      &(a[n]),n); /* + */
+	bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
 
-	if (bp->used >= bp->tos)
+/*	if (n == 4)
+		{
+		bn_mul_comba4(&(t[n2]),t,&(t[n]));
+		bn_mul_comba4(r,a,b);
+		bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn);
+		memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2));
+		}
+	else */ if (n == 8)
 		{
-		ret=BN_new();
-		sk_push(bp->sk,(char *)ret);
-		bp->tos++;
-		bp->used++;
+		bn_mul_comba8(&(t[n2]),t,&(t[n]));
+		bn_mul_comba8(r,a,b);
+		bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn);
+		memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2));
 		}
 	else
 		{
-		ret=(BIGNUM *)sk_value(bp->sk,bp->used);
-		bp->used++;
+		p= &(t[n2*2]);
+		bn_mul_recursive(&(t[n2]),t,&(t[n]),n,p);
+		bn_mul_recursive(r,a,b,n,p);
+		i=n/2;
+		/* If there is only a bottom half to the number,
+		 * just do it */
+		j=tn-i;
+		if (j == 0)
+			{
+			bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),i,p);
+			memset(&(r[n2+i*2]),0,sizeof(BN_ULONG)*(n2-i*2));
+			}
+		else if (j > 0) /* eg, n == 16, i == 8 and tn == 11 */
+				{
+				bn_mul_part_recursive(&(r[n2]),&(a[n]),&(b[n]),
+					j,i,p);
+				memset(&(r[n2+tn*2]),0,
+					sizeof(BN_ULONG)*(n2-tn*2));
+				}
+		else /* (j < 0) eg, n == 16, i == 8 and tn == 5 */
+			{
+			memset(&(r[n2]),0,sizeof(BN_ULONG)*n2);
+			if (tn < BN_MUL_RECURSIVE_SIZE_NORMAL)
+				{
+				bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn);
+				}
+			else
+				{
+				for (;;)
+					{
+					i/=2;
+					if (i < tn)
+						{
+						bn_mul_part_recursive(&(r[n2]),
+							&(a[n]),&(b[n]),
+							tn-i,i,p);
+						break;
+						}
+					else if (i == tn)
+						{
+						bn_mul_recursive(&(r[n2]),
+							&(a[n]),&(b[n]),
+							i,p);
+						break;
+						}
+					}
+				}
+			}
+		}
+
+	/* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
+	 * r[10] holds (a[0]*b[0])
+	 * r[32] holds (b[1]*b[1])
+	 */
+
+	c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
+	c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
+
+	/* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
+	 * r[10] holds (a[0]*b[0])
+	 * r[32] holds (b[1]*b[1])
+	 * c1 holds the carry bits
+	 */
+	c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));
+	if (c1)
+		{
+		p= &(r[n+n2]);
+		lo= *p;
+		ln=(lo+c1)&BN_MASK2;
+		*p=ln;
+
+		/* The overflow will stop before we over write
+		 * words we should not overwrite */
+		if (ln < c1)
+			{
+			do	{
+				p++;
+				lo= *p;
+				ln=(lo+1)&BN_MASK2;
+				*p=ln;
+				} while (ln == 0);
+			}
 		}
-	return(ret);
 	}
 
-void BN_POOL_pop(bp,num)
-BN_POOL *bp;
-int num;
+/* a and b must be the same size, which is n2.
+ * r needs to be n2 words and t needs to be n2*2
+ */
+void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+	     BN_ULONG *t)
 	{
-	bp->used-=num;
+	int n=n2/2;
+
+#ifdef BN_COUNT
+printf(" bn_mul_low_recursive %d * %d\n",n2,n2);
+#endif
+
+	bn_mul_recursive(r,a,b,n,&(t[0]));
+	if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL)
+		{
+		bn_mul_low_recursive(&(t[0]),&(a[0]),&(b[n]),n,&(t[n2]));
+		bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
+		bn_mul_low_recursive(&(t[0]),&(a[n]),&(b[0]),n,&(t[n2]));
+		bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
+		}
+	else
+		{
+		bn_mul_low_normal(&(t[0]),&(a[0]),&(b[n]),n);
+		bn_mul_low_normal(&(t[n]),&(a[n]),&(b[0]),n);
+		bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
+		bn_add_words(&(r[n]),&(r[n]),&(t[n]),n);
+		}
 	}
 
-int BN_mul(r,a,b)
-BIGNUM *r,*a,*b;
+/* a and b must be the same size, which is n2.
+ * r needs to be n2 words and t needs to be n2*2
+ * l is the low words of the output.
+ * t needs to be n2*3
+ */
+void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
+	     BN_ULONG *t)
 	{
-	static BN_POOL bp;
-	static init=1;
+	int i,n;
+	int c1,c2;
+	int neg,oneg,zero;
+	BN_ULONG ll,lc,*lp,*mp;
+
+#ifdef BN_COUNT
+printf(" bn_mul_high %d * %d\n",n2,n2);
+#endif
+	n=n2/2;
+
+	/* Calculate (al-ah)*(bh-bl) */
+	neg=zero=0;
+	c1=bn_cmp_words(&(a[0]),&(a[n]),n);
+	c2=bn_cmp_words(&(b[n]),&(b[0]),n);
+	switch (c1*3+c2)
+		{
+	case -4:
+		bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n);
+		bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n);
+		break;
+	case -3:
+		zero=1;
+		break;
+	case -2:
+		bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n);
+		bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n);
+		neg=1;
+		break;
+	case -1:
+	case 0:
+	case 1:
+		zero=1;
+		break;
+	case 2:
+		bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n);
+		bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n);
+		neg=1;
+		break;
+	case 3:
+		zero=1;
+		break;
+	case 4:
+		bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n);
+		bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n);
+		break;
+		}
+		
+	oneg=neg;
+	/* t[10] = (a[0]-a[1])*(b[1]-b[0]) */
+	/* r[10] = (a[1]*b[1]) */
+#ifdef BN_MUL_COMBA
+	if (n == 8)
+		{
+		bn_mul_comba8(&(t[0]),&(r[0]),&(r[n]));
+		bn_mul_comba8(r,&(a[n]),&(b[n]));
+		}
+	else
+#endif
+		{
+		bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,&(t[n2]));
+		bn_mul_recursive(r,&(a[n]),&(b[n]),n,&(t[n2]));
+		}
+
+	/* s0 == low(al*bl)
+	 * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl)
+	 * We know s0 and s1 so the only unknown is high(al*bl)
+	 * high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl))
+	 * high(al*bl) == s1 - (r[0]+l[0]+t[0])
+	 */
+	if (l != NULL)
+		{
+		lp= &(t[n2+n]);
+		c1=(int)(bn_add_words(lp,&(r[0]),&(l[0]),n));
+		}
+	else
+		{
+		c1=0;
+		lp= &(r[0]);
+		}
+
+	if (neg)
+		neg=(int)(bn_sub_words(&(t[n2]),lp,&(t[0]),n));
+	else
+		{
+		bn_add_words(&(t[n2]),lp,&(t[0]),n);
+		neg=0;
+		}
+
+	if (l != NULL)
+		{
+		bn_sub_words(&(t[n2+n]),&(l[n]),&(t[n2]),n);
+		}
+	else
+		{
+		lp= &(t[n2+n]);
+		mp= &(t[n2]);
+		for (i=0; i<n; i++)
+			lp[i]=((~mp[i])+1)&BN_MASK2;
+		}
+
+	/* s[0] = low(al*bl)
+	 * t[3] = high(al*bl)
+	 * t[10] = (a[0]-a[1])*(b[1]-b[0]) neg is the sign
+	 * r[10] = (a[1]*b[1])
+	 */
+	/* R[10] = al*bl
+	 * R[21] = al*bl + ah*bh + (a[0]-a[1])*(b[1]-b[0])
+	 * R[32] = ah*bh
+	 */
+	/* R[1]=t[3]+l[0]+r[0](+-)t[0] (have carry/borrow)
+	 * R[2]=r[0]+t[3]+r[1](+-)t[1] (have carry/borrow)
+	 * R[3]=r[1]+(carry/borrow)
+	 */
+	if (l != NULL)
+		{
+		lp= &(t[n2]);
+		c1= (int)(bn_add_words(lp,&(t[n2+n]),&(l[0]),n));
+		}
+	else
+		{
+		lp= &(t[n2+n]);
+		c1=0;
+		}
+	c1+=(int)(bn_add_words(&(t[n2]),lp,  &(r[0]),n));
+	if (oneg)
+		c1-=(int)(bn_sub_words(&(t[n2]),&(t[n2]),&(t[0]),n));
+	else
+		c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),&(t[0]),n));
 
-	if (init)
+	c2 =(int)(bn_add_words(&(r[0]),&(r[0]),&(t[n2+n]),n));
+	c2+=(int)(bn_add_words(&(r[0]),&(r[0]),&(r[n]),n));
+	if (oneg)
+		c2-=(int)(bn_sub_words(&(r[0]),&(r[0]),&(t[n]),n));
+	else
+		c2+=(int)(bn_add_words(&(r[0]),&(r[0]),&(t[n]),n));
+	
+	if (c1 != 0) /* Add starting at r[0], could be +ve or -ve */
 		{
-		bp.used=0;
-		bp.tos=0;
-		bp.sk=sk_new_null();
-		init=0;
+		i=0;
+		if (c1 > 0)
+			{
+			lc=c1;
+			do	{
+				ll=(r[i]+lc)&BN_MASK2;
+				r[i++]=ll;
+				lc=(lc > ll);
+				} while (lc);
+			}
+		else
+			{
+			lc= -c1;
+			do	{
+				ll=r[i];
+				r[i++]=(ll-lc)&BN_MASK2;
+				lc=(lc > ll);
+				} while (lc);
+			}
+		}
+	if (c2 != 0) /* Add starting at r[1] */
+		{
+		i=n;
+		if (c2 > 0)
+			{
+			lc=c2;
+			do	{
+				ll=(r[i]+lc)&BN_MASK2;
+				r[i++]=ll;
+				lc=(lc > ll);
+				} while (lc);
+			}
+		else
+			{
+			lc= -c2;
+			do	{
+				ll=r[i];
+				r[i++]=(ll-lc)&BN_MASK2;
+				lc=(lc > ll);
+				} while (lc);
+			}
 		}
-	return(BN_mm(r,a,b,&bp));
 	}
+#endif
 
-/* r must be different to a and b */
-int BN_mm(m, A, B, bp)
-BIGNUM *m,*A,*B;
-BN_POOL *bp;
+int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
 	{
-	int i,num;
-	int an,bn;
-	BIGNUM *a,*b,*c,*d,*ac,*bd;
+	int top,al,bl;
+	BIGNUM *rr;
+#ifdef BN_RECURSION
+	BIGNUM *t;
+	int i,j,k;
+#endif
+
+#ifdef BN_COUNT
+printf("BN_mul %d * %d\n",a->top,b->top);
+#endif
+
+	bn_check_top(a);
+	bn_check_top(b);
+	bn_check_top(r);
+
+	al=a->top;
+	bl=b->top;
+	r->neg=a->neg^b->neg;
+
+	if ((al == 0) || (bl == 0))
+		{
+		BN_zero(r);
+		return(1);
+		}
+	top=al+bl;
 
-	an=A->top;
-	bn=B->top;
-	if ((an <= limit) || (bn <= limit))
+	if ((r == a) || (r == b))
+		rr= &(ctx->bn[ctx->tos+1]);
+	else
+		rr=r;
+
+#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
+	if (al == bl)
 		{
-		return(BN_mmul(m,A,B));
+#  ifdef BN_MUL_COMBA
+/*		if (al == 4)
+			{
+			if (bn_wexpand(rr,8) == NULL) return(0);
+			rr->top=8;
+			bn_mul_comba4(rr->d,a->d,b->d);
+			goto end;
+			}
+		else */ if (al == 8)
+			{
+			if (bn_wexpand(rr,16) == NULL) return(0);
+			rr->top=16;
+			bn_mul_comba8(rr->d,a->d,b->d);
+			goto end;
+			}
+		else
+#  endif
+#ifdef BN_RECURSION
+		if (al < BN_MULL_SIZE_NORMAL)
+#endif
+			{
+			if (bn_wexpand(rr,top) == NULL) return(0);
+			rr->top=top;
+			bn_mul_normal(rr->d,a->d,al,b->d,bl);
+			goto end;
+			}
+#  ifdef BN_RECURSION
+		goto symetric;
+#  endif
 		}
+#endif
+#ifdef BN_RECURSION
+	else if ((al < BN_MULL_SIZE_NORMAL) || (bl < BN_MULL_SIZE_NORMAL))
+		{
+		if (bn_wexpand(rr,top) == NULL) return(0);
+		rr->top=top;
+		bn_mul_normal(rr->d,a->d,al,b->d,bl);
+		goto end;
+		}
+	else
+		{
+		i=(al-bl);
+		if ((i ==  1) && !BN_get_flags(b,BN_FLG_STATIC_DATA))
+			{
+			bn_wexpand(b,al);
+			b->d[bl]=0;
+			bl++;
+			goto symetric;
+			}
+		else if ((i ==  -1) && !BN_get_flags(a,BN_FLG_STATIC_DATA))
+			{
+			bn_wexpand(a,bl);
+			a->d[al]=0;
+			al++;
+			goto symetric;
+			}
+		}
+#endif
 
-	a=BN_POOL_push(bp);
-	b=BN_POOL_push(bp);
-	c=BN_POOL_push(bp);
-	d=BN_POOL_push(bp);
-	ac=BN_POOL_push(bp);
-	bd=BN_POOL_push(bp);
+	/* asymetric and >= 4 */ 
+	if (bn_wexpand(rr,top) == NULL) return(0);
+	rr->top=top;
+	bn_mul_normal(rr->d,a->d,al,b->d,bl);
 
-	num=(an <= bn)?an:bn;
-	num=1<<(BN_num_bits_word(num-1)-1);
+#ifdef BN_RECURSION
+	if (0)
+		{
+symetric:
+		/* symetric and > 4 */
+		/* 16 or larger */
+		j=BN_num_bits_word((BN_ULONG)al);
+		j=1<<(j-1);
+		k=j+j;
+		t= &(ctx->bn[ctx->tos]);
+		if (al == j) /* exact multiple */
+			{
+			bn_wexpand(t,k*2);
+			bn_wexpand(rr,k*2);
+			bn_mul_recursive(rr->d,a->d,b->d,al,t->d);
+			}
+		else
+			{
+			bn_wexpand(a,k);
+			bn_wexpand(b,k);
+			bn_wexpand(t,k*4);
+			bn_wexpand(rr,k*4);
+			for (i=a->top; i<k; i++)
+				a->d[i]=0;
+			for (i=b->top; i<k; i++)
+				b->d[i]=0;
+			bn_mul_part_recursive(rr->d,a->d,b->d,al-j,j,t->d);
+			}
+		rr->top=top;
+		}
+#endif
+#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
+end:
+#endif
+	bn_fix_top(rr);
+	if (r != rr) BN_copy(r,rr);
+	return(1);
+	}
 
-	/* Are going to now chop things into 'num' word chunks. */
-	num*=BN_BITS2;
+void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb)
+	{
+	BN_ULONG *rr;
 
-	BN_copy(a,A);
-	BN_mask_bits(a,num);
-	BN_rshift(b,A,num);
+#ifdef BN_COUNT
+printf(" bn_mul_normal %d * %d\n",na,nb);
+#endif
 
-	BN_copy(c,B);
-	BN_mask_bits(c,num);
-	BN_rshift(d,B,num);
+	if (na < nb)
+		{
+		int itmp;
+		BN_ULONG *ltmp;
 
-	BN_sub(ac ,b,a);
-	BN_sub(bd,c,d);
-	BN_mm(m,ac,bd,bp);
-	BN_mm(ac,a,c,bp);
-	BN_mm(bd,b,d,bp);
+		itmp=na; na=nb; nb=itmp;
+		ltmp=a;   a=b;   b=ltmp;
 
-	BN_add(m,m,ac);
-	BN_add(m,m,bd);
-	BN_lshift(m,m,num);
-	BN_lshift(bd,bd,num*2);
+		}
+	rr= &(r[na]);
+	rr[0]=bn_mul_words(r,a,na,b[0]);
 
-	BN_add(m,m,ac);
-	BN_add(m,m,bd);
-	BN_POOL_pop(bp,6);
-	return(1);
+	for (;;)
+		{
+		if (--nb <= 0) return;
+		rr[1]=bn_mul_add_words(&(r[1]),a,na,b[1]);
+		if (--nb <= 0) return;
+		rr[2]=bn_mul_add_words(&(r[2]),a,na,b[2]);
+		if (--nb <= 0) return;
+		rr[3]=bn_mul_add_words(&(r[3]),a,na,b[3]);
+		if (--nb <= 0) return;
+		rr[4]=bn_mul_add_words(&(r[4]),a,na,b[4]);
+		rr+=4;
+		r+=4;
+		b+=4;
+		}
 	}
+
+void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+	{
+#ifdef BN_COUNT
+printf(" bn_mul_low_normal %d * %d\n",n,n);
 #endif
+	bn_mul_words(r,a,n,b[0]);
+
+	for (;;)
+		{
+		if (--n <= 0) return;
+		bn_mul_add_words(&(r[1]),a,n,b[1]);
+		if (--n <= 0) return;
+		bn_mul_add_words(&(r[2]),a,n,b[2]);
+		if (--n <= 0) return;
+		bn_mul_add_words(&(r[3]),a,n,b[3]);
+		if (--n <= 0) return;
+		bn_mul_add_words(&(r[4]),a,n,b[4]);
+		r+=4;
+		b+=4;
+		}
+	}
+
diff --git a/lib/libssl/src/crypto/bn/bn_mulw.c b/lib/libssl/src/crypto/bn/bn_mulw.c
deleted file mode 100644
index abfc7e4d6c2..00000000000
--- a/lib/libssl/src/crypto/bn/bn_mulw.c
+++ /dev/null
@@ -1,366 +0,0 @@
-/* crypto/bn/bn_mulw.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-#ifdef BN_LLONG 
-
-BN_ULONG bn_mul_add_words(rp,ap,num,w)
-BN_ULONG *rp,*ap;
-int num;
-BN_ULONG w;
-	{
-	BN_ULONG c1=0;
-
-	for (;;)
-		{
-		mul_add(rp[0],ap[0],w,c1);
-		if (--num == 0) break;
-		mul_add(rp[1],ap[1],w,c1);
-		if (--num == 0) break;
-		mul_add(rp[2],ap[2],w,c1);
-		if (--num == 0) break;
-		mul_add(rp[3],ap[3],w,c1);
-		if (--num == 0) break;
-		ap+=4;
-		rp+=4;
-		}
-	
-	return(c1);
-	} 
-
-BN_ULONG bn_mul_words(rp,ap,num,w)
-BN_ULONG *rp,*ap;
-int num;
-BN_ULONG w;
-	{
-	BN_ULONG c1=0;
-
-	for (;;)
-		{
-		mul(rp[0],ap[0],w,c1);
-		if (--num == 0) break;
-		mul(rp[1],ap[1],w,c1);
-		if (--num == 0) break;
-		mul(rp[2],ap[2],w,c1);
-		if (--num == 0) break;
-		mul(rp[3],ap[3],w,c1);
-		if (--num == 0) break;
-		ap+=4;
-		rp+=4;
-		}
-	return(c1);
-	} 
-
-void bn_sqr_words(r,a,n)
-BN_ULONG *r,*a;
-int n;
-        {
-	for (;;)
-		{
-		BN_ULLONG t;
-
-		t=(BN_ULLONG)(a[0])*(a[0]);
-		r[0]=Lw(t); r[1]=Hw(t);
-		if (--n == 0) break;
-
-		t=(BN_ULLONG)(a[1])*(a[1]);
-		r[2]=Lw(t); r[3]=Hw(t);
-		if (--n == 0) break;
-
-		t=(BN_ULLONG)(a[2])*(a[2]);
-		r[4]=Lw(t); r[5]=Hw(t);
-		if (--n == 0) break;
-
-		t=(BN_ULLONG)(a[3])*(a[3]);
-		r[6]=Lw(t); r[7]=Hw(t);
-		if (--n == 0) break;
-
-		a+=4;
-		r+=8;
-		}
-	}
-
-BN_ULONG bn_add_words(r,a,b,n)
-BN_ULONG *r,*a,*b;
-int n;
-        {
-	BN_ULLONG ll;
-
-	ll=0;
-	for (;;)
-		{
-		ll+= (BN_ULLONG)a[0]+b[0];
-		r[0]=(BN_ULONG)ll&BN_MASK2;
-		ll>>=BN_BITS2;
-		if (--n <= 0) break;
-
-		ll+= (BN_ULLONG)a[1]+b[1];
-		r[1]=(BN_ULONG)ll&BN_MASK2;
-		ll>>=BN_BITS2;
-		if (--n <= 0) break;
-
-		ll+= (BN_ULLONG)a[2]+b[2];
-		r[2]=(BN_ULONG)ll&BN_MASK2;
-		ll>>=BN_BITS2;
-		if (--n <= 0) break;
-
-		ll+= (BN_ULLONG)a[3]+b[3];
-		r[3]=(BN_ULONG)ll&BN_MASK2;
-		ll>>=BN_BITS2;
-		if (--n <= 0) break;
-
-		a+=4;
-		b+=4;
-		r+=4;
-		}
-	return(ll&BN_MASK2);
-	}
-
-#else
-
-BN_ULONG bn_mul_add_words(rp,ap,num,w)
-BN_ULONG *rp,*ap;
-int num;
-BN_ULONG w;
-	{
-	BN_ULONG c=0;
-	BN_ULONG bl,bh;
-
-	bl=LBITS(w);
-	bh=HBITS(w);
-
-	for (;;)
-		{
-		mul_add(rp[0],ap[0],bl,bh,c);
-		if (--num == 0) break;
-		mul_add(rp[1],ap[1],bl,bh,c);
-		if (--num == 0) break;
-		mul_add(rp[2],ap[2],bl,bh,c);
-		if (--num == 0) break;
-		mul_add(rp[3],ap[3],bl,bh,c);
-		if (--num == 0) break;
-		ap+=4;
-		rp+=4;
-		}
-	return(c);
-	} 
-
-BN_ULONG bn_mul_words(rp,ap,num,w)
-BN_ULONG *rp,*ap;
-int num;
-BN_ULONG w;
-	{
-	BN_ULONG carry=0;
-	BN_ULONG bl,bh;
-
-	bl=LBITS(w);
-	bh=HBITS(w);
-
-	for (;;)
-		{
-		mul(rp[0],ap[0],bl,bh,carry);
-		if (--num == 0) break;
-		mul(rp[1],ap[1],bl,bh,carry);
-		if (--num == 0) break;
-		mul(rp[2],ap[2],bl,bh,carry);
-		if (--num == 0) break;
-		mul(rp[3],ap[3],bl,bh,carry);
-		if (--num == 0) break;
-		ap+=4;
-		rp+=4;
-		}
-	return(carry);
-	} 
-
-void bn_sqr_words(r,a,n)
-BN_ULONG *r,*a;
-int n;
-        {
-	for (;;)
-		{
-		sqr64(r[0],r[1],a[0]);
-		if (--n == 0) break;
-
-		sqr64(r[2],r[3],a[1]);
-		if (--n == 0) break;
-
-		sqr64(r[4],r[5],a[2]);
-		if (--n == 0) break;
-
-		sqr64(r[6],r[7],a[3]);
-		if (--n == 0) break;
-
-		a+=4;
-		r+=8;
-		}
-	}
-
-BN_ULONG bn_add_words(r,a,b,n)
-BN_ULONG *r,*a,*b;
-int n;
-        {
-	BN_ULONG t1,t2;
-	int carry,i;
-
-	carry=0;
-	for (i=0; i<n; i++)
-		{
-		t1= *(a++);
-		t2= *(b++);
-		if (carry)
-			{
-			carry=(t2 >= ((~t1)&BN_MASK2));
-			t2=(t1+t2+1)&BN_MASK2;
-			}
-		else
-			{
-			t2=(t1+t2)&BN_MASK2;
-			carry=(t2<t1);
-			}
-		*(r++)=t2;
-		}
-	return(carry);
-	}
-
-#endif
-
-#if defined(BN_LLONG) && defined(BN_DIV2W)
-
-BN_ULONG bn_div64(h,l,d)
-BN_ULONG h,l,d;
-	{
-	return((BN_ULONG)(((((BN_ULLONG)h)<<BN_BITS2)|l)/(BN_ULLONG)d));
-	}
-
-#else
-
-/* Divide h-l by d and return the result. */
-/* I need to test this some more :-( */
-BN_ULONG bn_div64(h,l,d)
-BN_ULONG h,l,d;
-	{
-	BN_ULONG dh,dl,q,ret=0,th,tl,t;
-	int i,count=2;
-
-	if (d == 0) return(BN_MASK2);
-
-	i=BN_num_bits_word(d);
-	if ((i != BN_BITS2) && (h > (BN_ULONG)1<<i))
-		{
-#if !defined(NO_STDIO) && !defined(WIN16)
-		fprintf(stderr,"Division would overflow (%d)\n",i);
-#endif
-		abort();
-		}
-	i=BN_BITS2-i;
-	if (h >= d) h-=d;
-
-	if (i)
-		{
-		d<<=i;
-		h=(h<<i)|(l>>(BN_BITS2-i));
-		l<<=i;
-		}
-	dh=(d&BN_MASK2h)>>BN_BITS4;
-	dl=(d&BN_MASK2l);
-	for (;;)
-		{
-		if ((h>>BN_BITS4) == dh)
-			q=BN_MASK2l;
-		else
-			q=h/dh;
-
-		for (;;)
-			{
-			t=(h-q*dh);
-			if ((t&BN_MASK2h) ||
-				((dl*q) <= (
-					(t<<BN_BITS4)+
-					((l&BN_MASK2h)>>BN_BITS4))))
-				break;
-			q--;
-			}
-		th=q*dh;
-		tl=q*dl;
-		t=(tl>>BN_BITS4);
-		tl=(tl<<BN_BITS4)&BN_MASK2h;
-		th+=t;
-
-		if (l < tl) th++;
-		l-=tl;
-		if (h < th)
-			{
-			h+=d;
-			q--;
-			}
-		h-=th;
-
-		if (--count == 0) break;
-
-		ret=q<<BN_BITS4;
-		h=((h<<BN_BITS4)|(l>>BN_BITS4))&BN_MASK2;
-		l=(l&BN_MASK2l)<<BN_BITS4;
-		}
-	ret|=q;
-	return(ret);
-	}
-#endif
-
diff --git a/lib/libssl/src/crypto/bn/bn_opts.c b/lib/libssl/src/crypto/bn/bn_opts.c
new file mode 100644
index 00000000000..381be529b2f
--- /dev/null
+++ b/lib/libssl/src/crypto/bn/bn_opts.c
@@ -0,0 +1,324 @@
+/* crypto/bn/expspeed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* most of this code has been pilfered from my libdes speed.c program */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <signal.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/tmdiff.h>
+#include <openssl/bn.h>
+#include <openssl/err.h>
+
+#define DEFAULT_SIZE	512
+#define DEFAULT_TIME	3
+
+int verbose=1;
+
+typedef struct parms_st
+	{
+	char *name;
+	void (*func)();
+	BIGNUM r;
+	BIGNUM a;
+	BIGNUM b;
+	BIGNUM c;
+	BIGNUM low;
+	BN_CTX *ctx;
+	BN_MONT_CTX *mont;
+	int w;
+	} PARMS;
+
+void do_mul_exp(int num,PARMS *p);
+void do_mul(int num,PARMS *p);
+void do_sqr(int num,PARMS *p);
+void do_mul_low(int num,PARMS *p);
+void do_mul_high(int num,PARMS *p);
+void do_from_montgomery(int num,PARMS *p);
+int time_it(int sec, PARMS *p);
+void do_it(int sec, PARMS *p);
+
+#define P_EXP	1
+#define P_MUL	2
+#define P_SQR	3
+#define P_MULL	4
+#define P_MULH	5
+#define P_MRED	6
+
+int main(int argc, char **argv)
+	{
+	PARMS p;
+	BN_MONT_CTX *mont;
+	int size=0,num;
+	char *name;
+	int type=P_EXP;
+
+	mont=BN_MONT_CTX_new();
+	p.mont=NULL;
+	p.ctx=BN_CTX_new();
+	BN_init(&p.r);
+	BN_init(&p.a);
+	BN_init(&p.b);
+	BN_init(&p.c);
+	BN_init(&p.low);
+	p.w=0;
+
+	for (;;)
+		{
+		if (argc > 1)
+			{
+			if (argv[1][0] == '-')
+				{
+				switch(argv[1][1])
+					{
+				case 'e': type=P_EXP; break;
+				case 'm': type=P_MUL; break;
+				case 's': type=P_SQR; break;
+				case 'l': type=P_MULL; break;
+				case 'h': type=P_MULH; break;
+				case 'r': type=P_MRED; break;
+				default:
+					fprintf(stderr,"options: -[emslhr]\n");
+					exit(1);
+					}
+				}
+			else
+				{
+				size=atoi(argv[1]);
+				}
+			argc--;
+			argv++;
+			}
+		else
+			break;
+		}
+	if (size == 0)
+		size=DEFAULT_SIZE;
+
+	printf("bit size:%5d\n",size);
+
+	BN_rand(&p.a,size,1,0);
+	BN_rand(&p.b,size,1,0);
+	BN_rand(&p.c,size,1,1);
+	BN_mod(&p.a,&p.a,&p.c,p.ctx);
+	BN_mod(&p.b,&p.b,&p.c,p.ctx);
+	p.w=(p.a.top+1)/2;
+
+	BN_mul(&p.low,&p.a,&p.b,p.ctx);
+	p.low.top=p.a.top;
+	
+	switch(type)
+		{
+	case P_EXP:
+		p.name="r=a^b%c";
+		p.func=do_mul_exp;
+		p.mont=mont;
+		break;
+	case P_MUL:
+		p.name="r=a*b";
+		p.func=do_mul;
+		break;
+	case P_SQR:
+		p.name="r=a*a";
+		p.func=do_sqr;
+		break;
+	case P_MULL:
+		p.name="r=low(a*b)";
+		p.func=do_mul_low;
+		break;
+	case P_MULH:
+		p.name="r=high(a*b)";
+		p.func=do_mul_high;
+		break;
+	case P_MRED:
+		p.name="r=montgomery_reduction(a)";
+		p.func=do_from_montgomery;
+		p.mont=mont;
+		break;
+	default:
+		fprintf(stderr,"options: -[emslhr]\n");
+		exit(1);
+		}
+
+	num=time_it(DEFAULT_TIME,&p);
+	do_it(num,&p);
+	}
+
+void do_it(int num, PARMS *p)
+	{
+	char *start,*end;
+	int i,j,number;
+	double d;
+
+	start=ms_time_new();
+	end=ms_time_new();
+
+	number=BN_num_bits_word((BN_ULONG)BN_num_bits(&(p->c)))-
+		BN_num_bits_word(BN_BITS2)+2;
+	for (i=number-1; i >=0; i--)
+		{
+		if (i == 1) continue;
+		BN_set_params(i,i,i,1);
+		if (p->mont != NULL)
+			BN_MONT_CTX_set(p->mont,&(p->c),p->ctx);
+
+		printf("Timing %5d (%2d bit) %2d %2d %2d %2d :",
+			(1<<i)*BN_BITS2,i,
+				BN_get_params(0),
+				BN_get_params(1),
+				BN_get_params(2),
+				BN_get_params(3));
+		fflush(stdout);
+
+		ms_time_get(start);
+		p->func(num,p);
+		ms_time_get(end);
+		d=ms_time_diff(start,end);
+		printf("%6.6f sec, or %d in %.4f seconds\n",
+			(double)d/num,num,d);
+		}
+	}
+
+int time_it(int sec, PARMS *p)
+	{
+	char *start,*end;
+	int i,j;
+	double d;
+
+	if (p->mont != NULL)
+		BN_MONT_CTX_set(p->mont,&(p->c),p->ctx);
+
+	start=ms_time_new();
+	end=ms_time_new();
+
+	i=1;
+	for (;;)
+		{
+		if (verbose)
+			printf("timing %s for %d interations\n",p->name,i);
+
+		ms_time_get(start);
+		p->func(i,p);
+		ms_time_get(end);
+		d=ms_time_diff(start,end);
+
+		if 	(d < 0.01) i*=100;
+		else if (d < 0.1 ) i*=10;
+		else if (d > (double)sec) break;
+		else
+			{
+			i=(int)(1.0*i*sec/d);
+			break;
+			}
+		}
+	if (verbose)
+		printf("using %d interations\n",i);
+	return(i);
+	}
+
+void do_mul_exp(int num, PARMS *p)
+	{
+	int i;
+
+	for (i=0; i<num; i++)
+		BN_mod_exp_mont(&(p->r),&(p->a),&(p->b),&(p->c),
+			p->ctx,p->mont);
+	}
+
+void do_mul(int num, PARMS *p)
+	{
+	int i;
+
+	for (i=0; i<num; i++)
+		BN_mul(&(p->r),&(p->a),&(p->b),p->ctx);
+	}
+
+void do_sqr(int num, PARMS *p)
+	{
+	int i;
+
+	for (i=0; i<num; i++)
+			BN_sqr(&(p->r),&(p->a),p->ctx);
+	}
+
+void do_mul_low(int num, PARMS *p)
+	{
+	int i;
+	
+	for (i=0; i<num; i++)
+		BN_mul_low(&(p->r),&(p->a),&(p->b),p->w,p->ctx);
+	}
+
+void do_mul_high(int num, PARMS *p)
+	{
+	int i;
+
+	for (i=0; i<num; i++)
+		BN_mul_low(&(p->r),&(p->a),&(p->b),&(p->low),p->w,p->ctx);
+	}
+
+void do_from_montgomery(int num, PARMS *p)
+	{
+	int i;
+	
+	for (i=0; i<num; i++)
+		BN_from_montgomery(&(p->r),&(p->a),p->mont,p->ctx);
+	}
+
diff --git a/lib/libssl/src/crypto/bn/bn_prime.c b/lib/libssl/src/crypto/bn/bn_prime.c
index 0c85f70b59c..6fa0f9be1ee 100644
--- a/lib/libssl/src/crypto/bn/bn_prime.c
+++ b/lib/libssl/src/crypto/bn/bn_prime.c
@@ -60,7 +60,7 @@
 #include <time.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
-#include "rand.h"
+#include <openssl/rand.h>
 
 /* The quick seive algorithm approach to weeding out primes is
  * Philip Zimmermann's, as implemented in PGP.  I have had a read of
@@ -68,7 +68,6 @@
  */
 #include "bn_prime.h"
 
-#ifndef NOPROTO
 static int witness(BIGNUM *a, BIGNUM *n, BN_CTX *ctx,BN_CTX *ctx2,
 	BN_MONT_CTX *mont);
 static int probable_prime(BIGNUM *rnd, int bits);
@@ -76,32 +75,23 @@ static int probable_prime_dh(BIGNUM *rnd, int bits,
 	BIGNUM *add, BIGNUM *rem, BN_CTX *ctx);
 static int probable_prime_dh_strong(BIGNUM *rnd, int bits,
 	BIGNUM *add, BIGNUM *rem, BN_CTX *ctx);
-#else
-static int witness();
-static int probable_prime();
-static int probable_prime_dh();
-static int probable_prime_dh_strong();
-#endif
-
-BIGNUM *BN_generate_prime(bits,strong,add,rem,callback,cb_arg)
-int bits;
-int strong;
-BIGNUM *add;
-BIGNUM *rem;
-void (*callback)(P_I_I_P); 
-char *cb_arg;
+BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int strong, BIGNUM *add,
+	     BIGNUM *rem, void (*callback)(int,int,void *), void *cb_arg)
 	{
 	BIGNUM *rnd=NULL;
-	BIGNUM *ret=NULL;
-	BIGNUM *t=NULL;
+	BIGNUM t;
 	int i,j,c1=0;
 	BN_CTX *ctx;
 
 	ctx=BN_CTX_new();
 	if (ctx == NULL) goto err;
-	if ((rnd=BN_new()) == NULL) goto err;
-	if (strong)
-		if ((t=BN_new()) == NULL) goto err;
+	if (ret == NULL)
+		{
+		if ((rnd=BN_new()) == NULL) goto err;
+		}
+	else
+		rnd=ret;
+	BN_init(&t);
 loop: 
 	/* make a random number and set the top and bottom bits */
 	if (add == NULL)
@@ -136,7 +126,7 @@ loop:
 		 * check that (p-1)/2 is prime.
 		 * Since a prime is odd, We just
 		 * need to divide by 2 */
-		if (!BN_rshift1(t,rnd)) goto err;
+		if (!BN_rshift1(&t,rnd)) goto err;
 
 		for (i=0; i<BN_prime_checks; i++)
 			{
@@ -144,7 +134,7 @@ loop:
 			if (j == -1) goto err;
 			if (j == 0) goto loop;
 
-			j=BN_is_prime(t,1,callback,ctx,cb_arg);
+			j=BN_is_prime(&t,1,callback,ctx,cb_arg);
 			if (j == -1) goto err;
 			if (j == 0) goto loop;
 
@@ -156,17 +146,13 @@ loop:
 	ret=rnd;
 err:
 	if ((ret == NULL) && (rnd != NULL)) BN_free(rnd);
-	if (t != NULL) BN_free(t);
+	BN_free(&t);
 	if (ctx != NULL) BN_CTX_free(ctx);
 	return(ret);
 	}
 
-int BN_is_prime(a,checks,callback,ctx_passed,cb_arg)
-BIGNUM *a;
-int checks;
-void (*callback)(P_I_I_P);
-BN_CTX *ctx_passed;
-char *cb_arg;
+int BN_is_prime(BIGNUM *a, int checks, void (*callback)(int,int,void *),
+	     BN_CTX *ctx_passed, void *cb_arg)
 	{
 	int i,j,c2=0,ret= -1;
 	BIGNUM *check;
@@ -183,7 +169,7 @@ char *cb_arg;
 	if ((ctx2=BN_CTX_new()) == NULL) goto err;
 	if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
 
-	check=ctx->bn[ctx->tos++];
+	check= &(ctx->bn[ctx->tos++]);
 
 	/* Setup the montgomery structure */
 	if (!BN_MONT_CTX_set(mont,a,ctx2)) goto err;
@@ -214,24 +200,21 @@ err:
 
 #define RECP_MUL_MOD
 
-static int witness(a,n,ctx,ctx2,mont)
-BIGNUM *a;
-BIGNUM *n;
-BN_CTX *ctx,*ctx2;
-BN_MONT_CTX *mont;
+static int witness(BIGNUM *a, BIGNUM *n, BN_CTX *ctx, BN_CTX *ctx2,
+	     BN_MONT_CTX *mont)
 	{
 	int k,i,ret= -1,good;
 	BIGNUM *d,*dd,*tmp,*d1,*d2,*n1;
 	BIGNUM *mont_one,*mont_n1,*mont_a;
 
-	d1=ctx->bn[ctx->tos];
-	d2=ctx->bn[ctx->tos+1];
-	n1=ctx->bn[ctx->tos+2];
+	d1= &(ctx->bn[ctx->tos]);
+	d2= &(ctx->bn[ctx->tos+1]);
+	n1= &(ctx->bn[ctx->tos+2]);
 	ctx->tos+=3;
 
-	mont_one=ctx2->bn[ctx2->tos];
-	mont_n1=ctx2->bn[ctx2->tos+1];
-	mont_a=ctx2->bn[ctx2->tos+2];
+	mont_one= &(ctx2->bn[ctx2->tos]);
+	mont_n1= &(ctx2->bn[ctx2->tos+1]);
+	mont_a= &(ctx2->bn[ctx2->tos+2]);
 	ctx2->tos+=3;
 
 	d=d1;
@@ -254,7 +237,7 @@ BN_MONT_CTX *mont;
 			good=0;
 
 		BN_mod_mul_montgomery(dd,d,d,mont,ctx2);
-		
+
 		if (good && (BN_cmp(dd,mont_one) == 0))
 			{
 			ret=1;
@@ -281,14 +264,13 @@ err:
 	return(ret);
 	}
 
-static int probable_prime(rnd, bits)
-BIGNUM *rnd;
-int bits;
+static int probable_prime(BIGNUM *rnd, int bits)
 	{
 	int i;
 	MS_STATIC BN_ULONG mods[NUMPRIMES];
-	BN_ULONG delta;
+	BN_ULONG delta,d;
 
+again:
 	if (!BN_rand(rnd,bits,1,1)) return(0);
 	/* we now have a random number 'rand' to test. */
 	for (i=1; i<NUMPRIMES; i++)
@@ -300,9 +282,12 @@ int bits;
 		 * that gcd(rnd-1,primes) == 1 (except for 2) */
 		if (((mods[i]+delta)%primes[i]) <= 1)
 			{
+			d=delta;
 			delta+=2;
 			/* perhaps need to check for overflow of
-			 * delta (but delta can be upto 2^32) */
+			 * delta (but delta can be upto 2^32)
+			 * 21-May-98 eay - added overflow check */
+			if (delta < d) goto again;
 			goto loop;
 			}
 		}
@@ -310,17 +295,13 @@ int bits;
 	return(1);
 	}
 
-static int probable_prime_dh(rnd, bits, add, rem,ctx)
-BIGNUM *rnd;
-int bits;
-BIGNUM *add;
-BIGNUM *rem;
-BN_CTX *ctx;
+static int probable_prime_dh(BIGNUM *rnd, int bits, BIGNUM *add, BIGNUM *rem,
+	     BN_CTX *ctx)
 	{
 	int i,ret=0;
 	BIGNUM *t1;
 
-	t1=ctx->bn[ctx->tos++];
+	t1= &(ctx->bn[ctx->tos++]);
 
 	if (!BN_rand(rnd,bits,0,1)) goto err;
 
@@ -338,7 +319,7 @@ BN_CTX *ctx;
 	loop: for (i=1; i<NUMPRIMES; i++)
 		{
 		/* check that rnd is a prime */
-		if (BN_mod_word(rnd,(BN_LONG)primes[i]) <= 1)
+		if (BN_mod_word(rnd,(BN_ULONG)primes[i]) <= 1)
 			{
 			if (!BN_add(rnd,rnd,add)) goto err;
 			goto loop;
@@ -350,20 +331,16 @@ err:
 	return(ret);
 	}
 
-static int probable_prime_dh_strong(p, bits, padd, rem,ctx)
-BIGNUM *p;
-int bits;
-BIGNUM *padd;
-BIGNUM *rem;
-BN_CTX *ctx;
+static int probable_prime_dh_strong(BIGNUM *p, int bits, BIGNUM *padd,
+	     BIGNUM *rem, BN_CTX *ctx)
 	{
 	int i,ret=0;
 	BIGNUM *t1,*qadd=NULL,*q=NULL;
 
 	bits--;
-	t1=ctx->bn[ctx->tos++];
-	q=ctx->bn[ctx->tos++];
-	qadd=ctx->bn[ctx->tos++];
+	t1= &(ctx->bn[ctx->tos++]);
+	q= &(ctx->bn[ctx->tos++]);
+	qadd= &(ctx->bn[ctx->tos++]);
 
 	if (!BN_rshift1(qadd,padd)) goto err;
 		
@@ -389,8 +366,8 @@ BN_CTX *ctx;
 		/* check that p and q are prime */
 		/* check that for p and q
 		 * gcd(p-1,primes) == 1 (except for 2) */
-		if (	(BN_mod_word(p,(BN_LONG)primes[i]) == 0) ||
-			(BN_mod_word(q,(BN_LONG)primes[i]) == 0))
+		if (	(BN_mod_word(p,(BN_ULONG)primes[i]) == 0) ||
+			(BN_mod_word(q,(BN_ULONG)primes[i]) == 0))
 			{
 			if (!BN_add(p,p,padd)) goto err;
 			if (!BN_add(q,q,qadd)) goto err;
@@ -404,20 +381,17 @@ err:
 	}
 
 #if 0
-static int witness(a, n,ctx)
-BIGNUM *a;
-BIGNUM *n;
-BN_CTX *ctx;
+static int witness(BIGNUM *a, BIGNUM *n, BN_CTX *ctx)
 	{
 	int k,i,nb,ret= -1;
 	BIGNUM *d,*dd,*tmp;
 	BIGNUM *d1,*d2,*x,*n1,*inv;
 
-	d1=ctx->bn[ctx->tos];
-	d2=ctx->bn[ctx->tos+1];
-	x=ctx->bn[ctx->tos+2];
-	n1=ctx->bn[ctx->tos+3];
-	inv=ctx->bn[ctx->tos+4];
+	d1= &(ctx->bn[ctx->tos]);
+	d2= &(ctx->bn[ctx->tos+1]);
+	x=  &(ctx->bn[ctx->tos+2]);
+	n1= &(ctx->bn[ctx->tos+3]);
+	inv=&(ctx->bn[ctx->tos+4]);
 	ctx->tos+=5;
 
 	d=d1;
diff --git a/lib/libssl/src/crypto/bn/bn_prime.pl b/lib/libssl/src/crypto/bn/bn_prime.pl
index 1b00c21a774..979385a3343 100644
--- a/lib/libssl/src/crypto/bn/bn_prime.pl
+++ b/lib/libssl/src/crypto/bn/bn_prime.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 # bn_prime.pl
 
 $num=2048;
diff --git a/lib/libssl/src/crypto/bn/bn_print.c b/lib/libssl/src/crypto/bn/bn_print.c
index 2bcc11c852f..2f5ab2617bd 100644
--- a/lib/libssl/src/crypto/bn/bn_print.c
+++ b/lib/libssl/src/crypto/bn/bn_print.c
@@ -59,14 +59,13 @@
 #include <stdio.h>
 #include <ctype.h>
 #include "cryptlib.h"
-#include "buffer.h"
+#include <openssl/buffer.h>
 #include "bn_lcl.h"
 
-static char *Hex="0123456789ABCDEF";
+static const char *Hex="0123456789ABCDEF";
 
 /* Must 'Free' the returned data */
-char *BN_bn2hex(a)
-BIGNUM *a;
+char *BN_bn2hex(const BIGNUM *a)
 	{
 	int i,j,v,z=0;
 	char *buf;
@@ -101,8 +100,7 @@ err:
 	}
 
 /* Must 'Free' the returned data */
-char *BN_bn2dec(a)
-BIGNUM *a;
+char *BN_bn2dec(const BIGNUM *a)
 	{
 	int i=0,num;
 	char *buf=NULL;
@@ -156,9 +154,7 @@ err:
 	return(buf);
 	}
 
-int BN_hex2bn(bn,a)
-BIGNUM **bn;
-char *a;
+int BN_hex2bn(BIGNUM **bn, const char *a)
 	{
 	BIGNUM *ret=NULL;
 	BN_ULONG l=0;
@@ -169,7 +165,7 @@ char *a;
 
 	if (*a == '-') { neg=1; a++; }
 
-	for (i=0; isxdigit(a[i]); i++)
+	for (i=0; isxdigit((unsigned char) a[i]); i++)
 		;
 
 	num=i+neg;
@@ -224,9 +220,7 @@ err:
 	return(0);
 	}
 
-int BN_dec2bn(bn,a)
-BIGNUM **bn;
-char *a;
+int BN_dec2bn(BIGNUM **bn, const char *a)
 	{
 	BIGNUM *ret=NULL;
 	BN_ULONG l=0;
@@ -236,7 +230,7 @@ char *a;
 	if ((a == NULL) || (*a == '\0')) return(0);
 	if (*a == '-') { neg=1; a++; }
 
-	for (i=0; isdigit(a[i]); i++)
+	for (i=0; isdigit((unsigned char) a[i]); i++)
 		;
 
 	num=i+neg;
@@ -286,9 +280,7 @@ err:
 #ifndef NO_BIO
 
 #ifndef NO_FP_API
-int BN_print_fp(fp, a)
-FILE *fp;
-BIGNUM *a;
+int BN_print_fp(FILE *fp, BIGNUM *a)
 	{
 	BIO *b;
 	int ret;
@@ -302,9 +294,7 @@ BIGNUM *a;
 	}
 #endif
 
-int BN_print(bp, a)
-BIO *bp;
-BIGNUM *a;
+int BN_print(BIO *bp, const BIGNUM *a)
 	{
 	int i,j,v,z=0;
 	int ret=0;
diff --git a/lib/libssl/src/crypto/bn/bn_rand.c b/lib/libssl/src/crypto/bn/bn_rand.c
index 75b6b0493b1..91b8e34ae65 100644
--- a/lib/libssl/src/crypto/bn/bn_rand.c
+++ b/lib/libssl/src/crypto/bn/bn_rand.c
@@ -60,13 +60,9 @@
 #include <time.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
-#include "rand.h"
+#include <openssl/rand.h>
 
-int BN_rand(rnd, bits, top, bottom)
-BIGNUM *rnd;
-int bits;
-int top;
-int bottom;
+int BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
 	{
 	unsigned char *buf=NULL;
 	int ret=0,bit,bytes,mask;
@@ -85,7 +81,7 @@ int bottom;
 
 	/* make a random number and set the top and bottom bits */
 	time(&tim);
-	RAND_seed((unsigned char *)&tim,sizeof(tim));
+	RAND_seed(&tim,sizeof(tim));
 
 	RAND_bytes(buf,(int)bytes);
 	if (top)
diff --git a/lib/libssl/src/crypto/bn/bn_recp.c b/lib/libssl/src/crypto/bn/bn_recp.c
index 72cd69d3fc9..c1b0e230ea2 100644
--- a/lib/libssl/src/crypto/bn/bn_recp.c
+++ b/lib/libssl/src/crypto/bn/bn_recp.c
@@ -60,66 +60,168 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-int BN_mod_mul_reciprocal(r, x, y, m, i, nb, ctx)
-BIGNUM *r;
-BIGNUM *x;
-BIGNUM *y;
-BIGNUM *m;
-BIGNUM *i;
-int nb;
-BN_CTX *ctx;
+void BN_RECP_CTX_init(BN_RECP_CTX *recp)
 	{
-	int ret=0,j;
-	BIGNUM *a,*b,*c,*d;
+	BN_init(&(recp->N));
+	BN_init(&(recp->Nr));
+	recp->num_bits=0;
+	recp->flags=0;
+	}
+
+BN_RECP_CTX *BN_RECP_CTX_new(void)
+	{
+	BN_RECP_CTX *ret;
+
+	if ((ret=(BN_RECP_CTX *)Malloc(sizeof(BN_RECP_CTX))) == NULL)
+		return(NULL);
+
+	BN_RECP_CTX_init(ret);
+	ret->flags=BN_FLG_MALLOCED;
+	return(ret);
+	}
+
+void BN_RECP_CTX_free(BN_RECP_CTX *recp)
+	{
+	if(recp == NULL)
+	    return;
 
-	a=ctx->bn[ctx->tos++];
-	b=ctx->bn[ctx->tos++];
-	c=ctx->bn[ctx->tos++];
-	d=ctx->bn[ctx->tos++];
+	BN_free(&(recp->N));
+	BN_free(&(recp->Nr));
+	if (recp->flags & BN_FLG_MALLOCED)
+		Free(recp);
+	}
 
-	if (x == y)
-		{ if (!BN_sqr(a,x,ctx)) goto err; }
+int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx)
+	{
+	BN_copy(&(recp->N),d);
+	BN_zero(&(recp->Nr));
+	recp->num_bits=BN_num_bits(d);
+	recp->shift=0;
+	return(1);
+	}
+
+int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *x, BIGNUM *y, BN_RECP_CTX *recp,
+	     BN_CTX *ctx)
+	{
+	int ret=0;
+	BIGNUM *a;
+
+	a= &(ctx->bn[ctx->tos++]);
+	if (y != NULL)
+		{
+		if (x == y)
+			{ if (!BN_sqr(a,x,ctx)) goto err; }
+		else
+			{ if (!BN_mul(a,x,y,ctx)) goto err; }
+		}
 	else
-		{ if (!BN_mul(a,x,y)) goto err; }
-	if (!BN_rshift(d,a,nb)) goto err;
-	if (!BN_mul(b,d,i)) goto err;
-	if (!BN_rshift(c,b,nb)) goto err;
-	if (!BN_mul(b,m,c)) goto err;
-	if (!BN_sub(r,a,b)) goto err;
+		a=x; /* Just do the mod */
+
+	BN_div_recp(NULL,r,a,recp,ctx);
+	ret=1;
+err:
+	ctx->tos--;
+	return(ret);
+	}
+
+int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BN_RECP_CTX *recp,
+	     BN_CTX *ctx)
+	{
+	int i,j,tos,ret=0,ex;
+	BIGNUM *a,*b,*d,*r;
+
+	tos=ctx->tos;
+	a= &(ctx->bn[ctx->tos++]);
+	b= &(ctx->bn[ctx->tos++]);
+	if (dv != NULL)
+		d=dv;
+	else
+		d= &(ctx->bn[ctx->tos++]);
+	if (rem != NULL)
+		r=rem;
+	else
+		r= &(ctx->bn[ctx->tos++]);
+
+	if (BN_ucmp(m,&(recp->N)) < 0)
+		{
+		BN_zero(d);
+		BN_copy(r,m);
+		ctx->tos=tos;
+		return(1);
+		}
+
+	/* We want the remainder
+	 * Given input of ABCDEF / ab
+	 * we need multiply ABCDEF by 3 digests of the reciprocal of ab
+	 *
+	 */
+	i=BN_num_bits(m);
+
+	j=recp->num_bits*2;
+	if (j > i)
+		{
+		i=j;
+		ex=0;
+		}
+	else
+		{
+		ex=(i-j)/2;
+		}
+
+	j=i/2;
+
+	if (i != recp->shift)
+		recp->shift=BN_reciprocal(&(recp->Nr),&(recp->N),
+			i,ctx);
+
+	if (!BN_rshift(a,m,j-ex)) goto err;
+	if (!BN_mul(b,a,&(recp->Nr),ctx)) goto err;
+	if (!BN_rshift(d,b,j+ex)) goto err;
+	d->neg=0;
+	if (!BN_mul(b,&(recp->N),d,ctx)) goto err;
+	if (!BN_usub(r,m,b)) goto err;
+	r->neg=0;
+
 	j=0;
-	while (BN_cmp(r,m) >= 0)
+#if 1
+	while (BN_ucmp(r,&(recp->N)) >= 0)
 		{
 		if (j++ > 2)
 			{
 			BNerr(BN_F_BN_MOD_MUL_RECIPROCAL,BN_R_BAD_RECIPROCAL);
 			goto err;
 			}
-		if (!BN_sub(r,r,m)) goto err;
+		if (!BN_usub(r,r,&(recp->N))) goto err;
+		if (!BN_add_word(d,1)) goto err;
 		}
+#endif
 
+	r->neg=BN_is_zero(r)?0:m->neg;
+	d->neg=m->neg^recp->N.neg;
 	ret=1;
 err:
-	ctx->tos-=4;
+	ctx->tos=tos;
 	return(ret);
-	}
+	} 
 
-int BN_reciprocal(r, m,ctx)
-BIGNUM *r;
-BIGNUM *m;
-BN_CTX *ctx;
+/* len is the expected size of the result
+ * We actually calculate with an extra word of precision, so
+ * we can do faster division if the remainder is not required.
+ */
+int BN_reciprocal(BIGNUM *r, BIGNUM *m, int len, BN_CTX *ctx)
 	{
-	int nm,ret= -1;
-	BIGNUM *t;
+	int ret= -1;
+	BIGNUM t;
 
-	t=ctx->bn[ctx->tos++];
+	BN_init(&t);
 
-	nm=BN_num_bits(m);
-	if (!BN_lshift(t,BN_value_one(),nm*2)) goto err;
+	BN_zero(&t);
+	if (!BN_set_bit(&t,len)) goto err;
 
-	if (!BN_div(r,NULL,t,m,ctx)) goto err;
-	ret=nm;
+	if (!BN_div(r,NULL,&t,m,ctx)) goto err;
+	ret=len;
 err:
-	ctx->tos--;
+	BN_free(&t);
 	return(ret);
 	}
 
diff --git a/lib/libssl/src/crypto/bn/bn_shift.c b/lib/libssl/src/crypto/bn/bn_shift.c
index 944bf1794bc..61aae65a6bf 100644
--- a/lib/libssl/src/crypto/bn/bn_shift.c
+++ b/lib/libssl/src/crypto/bn/bn_shift.c
@@ -60,9 +60,7 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-int BN_lshift1(r, a)
-BIGNUM *r;
-BIGNUM *a;
+int BN_lshift1(BIGNUM *r, BIGNUM *a)
 	{
 	register BN_ULONG *ap,*rp,t,c;
 	int i;
@@ -94,9 +92,7 @@ BIGNUM *a;
 	return(1);
 	}
 
-int BN_rshift1(r, a)
-BIGNUM *r;
-BIGNUM *a;
+int BN_rshift1(BIGNUM *r, BIGNUM *a)
 	{
 	BN_ULONG *ap,*rp,t,c;
 	int i;
@@ -125,10 +121,7 @@ BIGNUM *a;
 	return(1);
 	}
 
-int BN_lshift(r, a, n)
-BIGNUM *r;
-BIGNUM *a;
-int n;
+int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
 	{
 	int i,nw,lb,rb;
 	BN_ULONG *t,*f;
@@ -160,10 +153,7 @@ int n;
 	return(1);
 	}
 
-int BN_rshift(r, a, n)
-BIGNUM *r;
-BIGNUM *a;
-int n;
+int BN_rshift(BIGNUM *r, BIGNUM *a, int n)
 	{
 	int i,j,nw,lb,rb;
 	BN_ULONG *t,*f;
diff --git a/lib/libssl/src/crypto/bn/bn_sqr.c b/lib/libssl/src/crypto/bn/bn_sqr.c
index a8464610e5a..12cce4d7ce2 100644
--- a/lib/libssl/src/crypto/bn/bn_sqr.c
+++ b/lib/libssl/src/crypto/bn/bn_sqr.c
@@ -62,35 +62,98 @@
 
 /* r must not be a */
 /* I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96 */
-int BN_sqr(r, a, ctx)
-BIGNUM *r;
-BIGNUM *a;
-BN_CTX *ctx;
+int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx)
 	{
-	int i,j,max,al;
-	BIGNUM *tmp;
-	BN_ULONG *ap,*rp;
+	int max,al;
+	BIGNUM *tmp,*rr;
 
-	tmp=ctx->bn[ctx->tos];
+#ifdef BN_COUNT
+printf("BN_sqr %d * %d\n",a->top,a->top);
+#endif
+	bn_check_top(a);
+	tmp= &(ctx->bn[ctx->tos]);
+	rr=(a != r)?r: (&ctx->bn[ctx->tos+1]);
 
 	al=a->top;
-	if (al == 0)
+	if (al <= 0)
 		{
 		r->top=0;
 		return(1);
 		}
 
-	max=(al*2);
-	if (bn_wexpand(r,1+max) == NULL) return(0);
-	if (bn_wexpand(tmp,1+max) == NULL) return(0);
+	max=(al+al);
+	if (bn_wexpand(rr,max+1) == NULL) return(0);
 
 	r->neg=0;
+	if (al == 4)
+		{
+#ifndef BN_SQR_COMBA
+		BN_ULONG t[8];
+		bn_sqr_normal(rr->d,a->d,4,t);
+#else
+		bn_sqr_comba4(rr->d,a->d);
+#endif
+		}
+	else if (al == 8)
+		{
+#ifndef BN_SQR_COMBA
+		BN_ULONG t[16];
+		bn_sqr_normal(rr->d,a->d,8,t);
+#else
+		bn_sqr_comba8(rr->d,a->d);
+#endif
+		}
+	else 
+		{
+#if defined(BN_RECURSION)
+		if (al < BN_SQR_RECURSIVE_SIZE_NORMAL)
+			{
+			BN_ULONG t[BN_SQR_RECURSIVE_SIZE_NORMAL*2];
+			bn_sqr_normal(rr->d,a->d,al,t);
+			}
+		else
+			{
+			int j,k;
+
+			j=BN_num_bits_word((BN_ULONG)al);
+			j=1<<(j-1);
+			k=j+j;
+			if (al == j)
+				{
+				if (bn_wexpand(a,k*2) == NULL) return(0);
+				if (bn_wexpand(tmp,k*2) == NULL) return(0);
+				bn_sqr_recursive(rr->d,a->d,al,tmp->d);
+				}
+			else
+				{
+				if (bn_wexpand(tmp,max) == NULL) return(0);
+				bn_sqr_normal(rr->d,a->d,al,tmp->d);
+				}
+			}
+#else
+		if (bn_wexpand(tmp,max) == NULL) return(0);
+		bn_sqr_normal(rr->d,a->d,al,tmp->d);
+#endif
+		}
+
+	rr->top=max;
+	if ((max > 0) && (rr->d[max-1] == 0)) rr->top--;
+	if (rr != r) BN_copy(r,rr);
+	return(1);
+	}
+
+/* tmp must have 2*n words */
+void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp)
+	{
+	int i,j,max;
+	BN_ULONG *ap,*rp;
 
-	ap=a->d;
-	rp=r->d;
+	max=n*2;
+	ap=a;
+	rp=r;
 	rp[0]=rp[max-1]=0;
 	rp++;
-	j=al;
+	j=n;
 
 	if (--j > 0)
 		{
@@ -99,7 +162,7 @@ BN_CTX *ctx;
 		rp+=2;
 		}
 
-	for (i=2; i<al; i++)
+	for (i=n-2; i>0; i--)
 		{
 		j--;
 		ap++;
@@ -107,16 +170,112 @@ BN_CTX *ctx;
 		rp+=2;
 		}
 
-	bn_add_words(r->d,r->d,r->d,max);
+	bn_add_words(r,r,r,max);
 
 	/* There will not be a carry */
 
-	bn_sqr_words(tmp->d,a->d,al);
+	bn_sqr_words(tmp,a,n);
 
-	bn_add_words(r->d,r->d,tmp->d,max);
-
-	r->top=max;
-	if (r->d[max-1] == 0) r->top--;
-	return(1);
+	bn_add_words(r,r,tmp,max);
 	}
 
+#ifdef BN_RECURSION
+/* r is 2*n words in size,
+ * a and b are both n words in size.
+ * n must be a power of 2.
+ * We multiply and return the result.
+ * t must be 2*n words in size
+ * We calulate
+ * a[0]*b[0]
+ * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
+ * a[1]*b[1]
+ */
+void bn_sqr_recursive(BN_ULONG *r, BN_ULONG *a, int n2, BN_ULONG *t)
+	{
+	int n=n2/2;
+	int zero,c1;
+	BN_ULONG ln,lo,*p;
+
+#ifdef BN_COUNT
+printf(" bn_sqr_recursive %d * %d\n",n2,n2);
+#endif
+	if (n2 == 4)
+		{
+#ifndef BN_SQR_COMBA
+		bn_sqr_normal(r,a,4,t);
+#else
+		bn_sqr_comba4(r,a);
+#endif
+		return;
+		}
+	else if (n2 == 8)
+		{
+#ifndef BN_SQR_COMBA
+		bn_sqr_normal(r,a,8,t);
+#else
+		bn_sqr_comba8(r,a);
+#endif
+		return;
+		}
+	if (n2 < BN_SQR_RECURSIVE_SIZE_NORMAL)
+		{
+		bn_sqr_normal(r,a,n2,t);
+		return;
+		}
+	/* r=(a[0]-a[1])*(a[1]-a[0]) */
+	c1=bn_cmp_words(a,&(a[n]),n);
+	zero=0;
+	if (c1 > 0)
+		bn_sub_words(t,a,&(a[n]),n);
+	else if (c1 < 0)
+		bn_sub_words(t,&(a[n]),a,n);
+	else
+		zero=1;
+
+	/* The result will always be negative unless it is zero */
+	p= &(t[n2*2]);
+
+	if (!zero)
+		bn_sqr_recursive(&(t[n2]),t,n,p);
+	else
+		memset(&(t[n2]),0,n*sizeof(BN_ULONG));
+	bn_sqr_recursive(r,a,n,p);
+	bn_sqr_recursive(&(r[n2]),&(a[n]),n,p);
+
+	/* t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero
+	 * r[10] holds (a[0]*b[0])
+	 * r[32] holds (b[1]*b[1])
+	 */
+
+	c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
+
+	/* t[32] is negative */
+	c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
+
+	/* t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1])
+	 * r[10] holds (a[0]*a[0])
+	 * r[32] holds (a[1]*a[1])
+	 * c1 holds the carry bits
+	 */
+	c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));
+	if (c1)
+		{
+		p= &(r[n+n2]);
+		lo= *p;
+		ln=(lo+c1)&BN_MASK2;
+		*p=ln;
+
+		/* The overflow will stop before we over write
+		 * words we should not overwrite */
+		if (ln < (BN_ULONG)c1)
+			{
+			do	{
+				p++;
+				lo= *p;
+				ln=(lo+1)&BN_MASK2;
+				*p=ln;
+				} while (ln == 0);
+			}
+		}
+	}
+#endif
diff --git a/lib/libssl/src/crypto/bn/bn_word.c b/lib/libssl/src/crypto/bn/bn_word.c
index 4b3d0f011d2..c0cfbc67970 100644
--- a/lib/libssl/src/crypto/bn/bn_word.c
+++ b/lib/libssl/src/crypto/bn/bn_word.c
@@ -60,9 +60,7 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-BN_ULONG BN_mod_word(a, w)
-BIGNUM *a;
-unsigned long w;
+BN_ULONG BN_mod_word(BIGNUM *a, BN_ULONG w)
 	{
 #ifndef BN_LLONG
 	BN_ULONG ret=0;
@@ -75,8 +73,8 @@ unsigned long w;
 	for (i=a->top-1; i>=0; i--)
 		{
 #ifndef BN_LLONG
-		ret=((ret<<BN_BITS4)|((a->d[i]>>BN_BITS4)&BN_MASK2l))%(unsigned long)w;
-		ret=((ret<<BN_BITS4)|(a->d[i]&BN_MASK2l))%(unsigned long)w;
+		ret=((ret<<BN_BITS4)|((a->d[i]>>BN_BITS4)&BN_MASK2l))%w;
+		ret=((ret<<BN_BITS4)|(a->d[i]&BN_MASK2l))%w;
 #else
 		ret=(BN_ULLONG)(((ret<<(BN_ULLONG)BN_BITS2)|a->d[i])%
 			(BN_ULLONG)w);
@@ -85,9 +83,7 @@ unsigned long w;
 	return((BN_ULONG)ret);
 	}
 
-BN_ULONG BN_div_word(a, w)
-BIGNUM *a;
-unsigned long w;
+BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w)
 	{
 	BN_ULONG ret;
 	int i;
@@ -100,18 +96,16 @@ unsigned long w;
 		BN_ULONG l,d;
 		
 		l=a->d[i];
-		d=bn_div64(ret,l,w);
+		d=bn_div_words(ret,l,w);
 		ret=(l-((d*w)&BN_MASK2))&BN_MASK2;
 		a->d[i]=d;
 		}
-	if (a->d[a->top-1] == 0)
+	if ((a->top > 0) && (a->d[a->top-1] == 0))
 		a->top--;
 	return(ret);
 	}
 
-int BN_add_word(a, w)
-BIGNUM *a;
-unsigned long w;
+int BN_add_word(BIGNUM *a, BN_ULONG w)
 	{
 	BN_ULONG l;
 	int i;
@@ -142,9 +136,7 @@ unsigned long w;
 	return(1);
 	}
 
-int BN_sub_word(a, w)
-BIGNUM *a;
-unsigned long w;
+int BN_sub_word(BIGNUM *a, BN_ULONG w)
 	{
 	int i;
 
@@ -183,9 +175,7 @@ unsigned long w;
 	return(1);
 	}
 
-int BN_mul_word(a,w)
-BIGNUM *a;
-unsigned long w;
+int BN_mul_word(BIGNUM *a, BN_ULONG w)
 	{
 	BN_ULONG ll;
 
@@ -199,6 +189,6 @@ unsigned long w;
 			a->d[a->top++]=ll;
 			}
 		}
-	return(0);
+	return(1);
 	}
 
diff --git a/lib/libssl/src/crypto/bn/bnspeed.c b/lib/libssl/src/crypto/bn/bnspeed.c
index f7c2790fff4..0922aa3e168 100644
--- a/lib/libssl/src/crypto/bn/bnspeed.c
+++ b/lib/libssl/src/crypto/bn/bnspeed.c
@@ -66,14 +66,13 @@
 #include <stdlib.h>
 #include <signal.h>
 #include <string.h>
-#include "crypto.h"
-#include "err.h"
+#include <openssl/crypto.h>
+#include <openssl/err.h>
 
-#ifndef MSDOS
+#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
 #define TIMES
 #endif
 
-#ifndef VMS
 #ifndef _IRIX
 #include <time.h>
 #endif
@@ -81,36 +80,33 @@
 #include <sys/types.h>
 #include <sys/times.h>
 #endif
-#else /* VMS */
-#include <types.h>
-struct tms {
-	time_t tms_utime;
-	time_t tms_stime;
-	time_t tms_uchild;	/* I dunno...  */
-	time_t tms_uchildsys;	/* so these names are a guess :-) */
-	}
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#undef TIMES
 #endif
+
 #ifndef TIMES
 #include <sys/timeb.h>
 #endif
 
-#ifdef sun
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
 #include <limits.h>
 #include <sys/param.h>
 #endif
 
-#include "bn.h"
-#include "x509.h"
+#include <openssl/bn.h>
+#include <openssl/x509.h>
 
 /* The following if from times(3) man page.  It may need to be changed */
 #ifndef HZ
 # ifndef CLK_TCK
 #  ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
-#   ifndef VMS
-#    define HZ	100.0
-#   else /* VMS */
-#    define HZ	100.0
-#   endif
+#   define HZ	100.0
 #  else /* _BSD_CLK_TCK_ */
 #   define HZ ((double)_BSD_CLK_TCK_)
 #  endif
@@ -123,17 +119,11 @@ struct tms {
 #define BUFSIZE	((long)1024*8)
 int run=0;
 
-#ifndef NOPROTO
 static double Time_F(int s);
-#else
-static double Time_F();
-#endif
-
 #define START	0
 #define STOP	1
 
-static double Time_F(s)
-int s;
+static double Time_F(int s)
 	{
 	double ret;
 #ifdef TIMES
@@ -175,27 +165,20 @@ static int sizes[NUM_SIZES]={128,256,512,1024,2048};
 
 void do_mul(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_CTX *ctx); 
 
-int main(argc,argv)
-int argc;
-char **argv;
+int main(int argc, char **argv)
 	{
 	BN_CTX *ctx;
-	BIGNUM *a,*b,*c,*r;
+	BIGNUM a,b,c;
 
 	ctx=BN_CTX_new();
-	a=BN_new();
-	b=BN_new();
-	c=BN_new();
-	r=BN_new();
+	BN_init(&a);
+	BN_init(&b);
+	BN_init(&c);
 
-	do_mul(a,b,c,ctx);
+	do_mul(&a,&b,&c,ctx);
 	}
 
-void do_mul(r,a,b,ctx)
-BIGNUM *r;
-BIGNUM *a;
-BIGNUM *b;
-BN_CTX *ctx;
+void do_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
 	{
 	int i,j,k;
 	double tm;
@@ -211,7 +194,7 @@ BN_CTX *ctx;
 			BN_rand(b,sizes[j],1,0);
 			Time_F(START);
 			for (k=0; k<num; k++)
-				BN_mul(r,b,a);
+				BN_mul(r,b,a,ctx);
 			tm=Time_F(STOP);
 			printf("mul %4d x %4d -> %8.3fms\n",sizes[i],sizes[j],tm*1000.0/num);
 			}
diff --git a/lib/libssl/src/crypto/bn/bntest.c b/lib/libssl/src/crypto/bn/bntest.c
index 9ebd68b4295..df4b81f5b2f 100644
--- a/lib/libssl/src/crypto/bn/bntest.c
+++ b/lib/libssl/src/crypto/bn/bntest.c
@@ -59,49 +59,35 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include "e_os.h"
-#include "bio.h"
-#include "bn.h"
-#include "rand.h"
-#include "x509.h"
-#include "err.h"
+
+#include "openssl/e_os.h"
+
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
 
 #ifdef WINDOWS
 #include "../bio/bss_file.c"
 #endif
 
-#ifndef NOPROTO
-int test_add (BIO *bp);
-int test_sub (BIO *bp);
-int test_lshift1 (BIO *bp);
-int test_lshift (BIO *bp);
-int test_rshift1 (BIO *bp);
-int test_rshift (BIO *bp);
-int test_div (BIO *bp,BN_CTX *ctx);
-int test_mul (BIO *bp);
-int test_sqr (BIO *bp,BN_CTX *ctx);
-int test_mont (BIO *bp,BN_CTX *ctx);
-int test_mod (BIO *bp,BN_CTX *ctx);
-int test_mod_mul (BIO *bp,BN_CTX *ctx);
-int test_mod_exp (BIO *bp,BN_CTX *ctx);
+int test_add(BIO *bp);
+int test_sub(BIO *bp);
+int test_lshift1(BIO *bp);
+int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_);
+int test_rshift1(BIO *bp);
+int test_rshift(BIO *bp,BN_CTX *ctx);
+int test_div(BIO *bp,BN_CTX *ctx);
+int test_div_recp(BIO *bp,BN_CTX *ctx);
+int test_mul(BIO *bp);
+int test_sqr(BIO *bp,BN_CTX *ctx);
+int test_mont(BIO *bp,BN_CTX *ctx);
+int test_mod(BIO *bp,BN_CTX *ctx);
+int test_mod_mul(BIO *bp,BN_CTX *ctx);
+int test_mod_exp(BIO *bp,BN_CTX *ctx);
+int test_exp(BIO *bp,BN_CTX *ctx);
 int rand_neg(void);
-#else
-int test_add ();
-int test_sub ();
-int test_lshift1 ();
-int test_lshift ();
-int test_rshift1 ();
-int test_rshift ();
-int test_div ();
-int test_mul ();
-int test_sqr ();
-int test_mont ();
-int test_mod ();
-int test_mod_mul ();
-int test_mod_exp ();
-int rand_neg();
-#endif
-
 static int results=0;
 
 #ifdef NO_STDIO
@@ -109,16 +95,15 @@ static int results=0;
 #include "bss_file.c"
 #endif
 
-int main(argc,argv)
-int argc;
-char *argv[];
+static unsigned char lst1[]="\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9"
+"\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0";
+
+int main(int argc, char *argv[])
 	{
 	BN_CTX *ctx;
 	BIO *out;
 	char *outfile=NULL;
 
-	srand((unsigned int)time(NULL));
-
 	argc--;
 	argv++;
 	while (argc >= 1)
@@ -168,8 +153,13 @@ char *argv[];
 	if (!test_lshift1(out)) goto err;
 	fflush(stdout);
 
+	fprintf(stderr,"test BN_lshift (fixed)\n");
+	if (!test_lshift(out,ctx,BN_bin2bn(lst1,sizeof(lst1)-1,NULL)))
+	    goto err;
+	fflush(stdout);
+
 	fprintf(stderr,"test BN_lshift\n");
-	if (!test_lshift(out)) goto err;
+	if (!test_lshift(out,ctx,NULL)) goto err;
 	fflush(stdout);
 
 	fprintf(stderr,"test BN_rshift1\n");
@@ -177,7 +167,7 @@ char *argv[];
 	fflush(stdout);
 
 	fprintf(stderr,"test BN_rshift\n");
-	if (!test_rshift(out)) goto err;
+	if (!test_rshift(out,ctx)) goto err;
 	fflush(stdout);
 
 	fprintf(stderr,"test BN_sqr\n");
@@ -192,6 +182,10 @@ char *argv[];
 	if (!test_div(out,ctx)) goto err;
 	fflush(stdout);
 
+	fprintf(stderr,"test BN_div_recp\n");
+	if (!test_div_recp(out,ctx)) goto err;
+	fflush(stdout);
+
 	fprintf(stderr,"test BN_mod\n");
 	if (!test_mod(out,ctx)) goto err;
 	fflush(stdout);
@@ -209,298 +203,423 @@ char *argv[];
 	if (!test_mod_exp(out,ctx)) goto err;
 	fflush(stdout);
 
+	fprintf(stderr,"test BN_exp\n");
+	if (!test_exp(out,ctx)) goto err;
+	fflush(stdout);
+
 /**/
 	exit(0);
 err:
+	BIO_puts(out,"1\n"); /* make sure bc fails if we are piping to it */
 	ERR_load_crypto_strings();
 	ERR_print_errors(out);
 	exit(1);
 	return(1);
 	}
 
-int test_add(bp)
-BIO *bp;
+int test_add(BIO *bp)
 	{
-	BIGNUM *a,*b,*c;
+	BIGNUM a,b,c;
 	int i;
 	int j;
 
-	a=BN_new();
-	b=BN_new();
-	c=BN_new();
+	BN_init(&a);
+	BN_init(&b);
+	BN_init(&c);
 
-	BN_rand(a,512,0,0);
+	BN_rand(&a,512,0,0);
 	for (i=0; i<100; i++)
 		{
-		BN_rand(b,450+i,0,0);
-		a->neg=rand_neg();
-		b->neg=rand_neg();
+		BN_rand(&b,450+i,0,0);
+		a.neg=rand_neg();
+		b.neg=rand_neg();
 		if (bp == NULL)
 			for (j=0; j<10000; j++)
-				BN_add(c,a,b);
-		BN_add(c,a,b);
+				BN_add(&c,&a,&b);
+		BN_add(&c,&a,&b);
 		if (bp != NULL)
 			{
 			if (!results)
 				{
-				BN_print(bp,a);
+				BN_print(bp,&a);
 				BIO_puts(bp," + ");
-				BN_print(bp,b);
+				BN_print(bp,&b);
 				BIO_puts(bp," - ");
 				}
-			BN_print(bp,c);
+			BN_print(bp,&c);
 			BIO_puts(bp,"\n");
 			}
+		a.neg=!a.neg;
+		b.neg=!b.neg;
+		BN_add(&c,&c,&b);
+		BN_add(&c,&c,&a);
+		if(!BN_is_zero(&c))
+		    {
+		    BIO_puts(bp,"Add test failed!\n");
+		    return 0;
+		    }
 		}
-	BN_free(a);
-	BN_free(b);
-	BN_free(c);
+	BN_free(&a);
+	BN_free(&b);
+	BN_free(&c);
 	return(1);
 	}
 
-int test_sub(bp)
-BIO *bp;
+int test_sub(BIO *bp)
 	{
-	BIGNUM *a,*b,*c;
+	BIGNUM a,b,c;
 	int i;
 	int j;
 
-	a=BN_new();
-	b=BN_new();
-	c=BN_new();
+	BN_init(&a);
+	BN_init(&b);
+	BN_init(&c);
 
-	BN_rand(a,512,0,0);
+	BN_rand(&a,512,0,0);
 	for (i=0; i<100; i++)
 		{
-		BN_rand(b,400+i,0,0);
-		a->neg=rand_neg();
-		b->neg=rand_neg();
+		BN_rand(&b,400+i,0,0);
+		a.neg=rand_neg();
+		b.neg=rand_neg();
 		if (bp == NULL)
 			for (j=0; j<10000; j++)
-				BN_sub(c,a,b);
-		BN_sub(c,a,b);
+				BN_sub(&c,&a,&b);
+		BN_sub(&c,&a,&b);
 		if (bp != NULL)
 			{
 			if (!results)
 				{
-				BN_print(bp,a);
+				BN_print(bp,&a);
 				BIO_puts(bp," - ");
-				BN_print(bp,b);
+				BN_print(bp,&b);
 				BIO_puts(bp," - ");
 				}
-			BN_print(bp,c);
+			BN_print(bp,&c);
 			BIO_puts(bp,"\n");
 			}
+		BN_add(&c,&c,&b);
+		BN_sub(&c,&c,&a);
+		if(!BN_is_zero(&c))
+		    {
+		    BIO_puts(bp,"Subtract test failed!\n");
+		    return 0;
+		    }
 		}
-	BN_free(a);
-	BN_free(b);
-	BN_free(c);
+	BN_free(&a);
+	BN_free(&b);
+	BN_free(&c);
 	return(1);
 	}
 
-int test_div(bp,ctx)
-BIO *bp;
-BN_CTX *ctx;
+int test_div(BIO *bp, BN_CTX *ctx)
 	{
-	BIGNUM *a,*b,*c,*d;
+	BIGNUM a,b,c,d,e;
 	int i;
 	int j;
 
-	a=BN_new();
-	b=BN_new();
-	c=BN_new();
-	d=BN_new();
+	BN_init(&a);
+	BN_init(&b);
+	BN_init(&c);
+	BN_init(&d);
+	BN_init(&e);
 
-	BN_rand(a,400,0,0);
+	BN_rand(&a,400,0,0);
 	for (i=0; i<100; i++)
 		{
-		BN_rand(b,50+i,0,0);
-		a->neg=rand_neg();
-		b->neg=rand_neg();
+		BN_rand(&b,50+i,0,0);
+		a.neg=rand_neg();
+		b.neg=rand_neg();
 		if (bp == NULL)
 			for (j=0; j<100; j++)
-				BN_div(d,c,a,b,ctx);
-		BN_div(d,c,a,b,ctx);
+				BN_div(&d,&c,&a,&b,ctx);
+		BN_div(&d,&c,&a,&b,ctx);
 		if (bp != NULL)
 			{
 			if (!results)
 				{
-				BN_print(bp,a);
+				BN_print(bp,&a);
 				BIO_puts(bp," / ");
-				BN_print(bp,b);
+				BN_print(bp,&b);
 				BIO_puts(bp," - ");
 				}
-			BN_print(bp,d);
+			BN_print(bp,&d);
 			BIO_puts(bp,"\n");
 
 			if (!results)
 				{
-				BN_print(bp,a);
+				BN_print(bp,&a);
 				BIO_puts(bp," % ");
-				BN_print(bp,b);
+				BN_print(bp,&b);
 				BIO_puts(bp," - ");
 				}
-			BN_print(bp,c);
+			BN_print(bp,&c);
 			BIO_puts(bp,"\n");
 			}
+		BN_mul(&e,&d,&b,ctx);
+		BN_add(&d,&e,&c);
+		BN_sub(&d,&d,&a);
+		if(!BN_is_zero(&d))
+		    {
+		    BIO_puts(bp,"Division test failed!\n");
+		    return 0;
+		    }
 		}
-	BN_free(a);
-	BN_free(b);
-	BN_free(c);
-	BN_free(d);
+	BN_free(&a);
+	BN_free(&b);
+	BN_free(&c);
+	BN_free(&d);
+	BN_free(&e);
 	return(1);
 	}
 
-int test_mul(bp)
-BIO *bp;
+int test_div_recp(BIO *bp, BN_CTX *ctx)
 	{
-	BIGNUM *a,*b,*c;
+	BIGNUM a,b,c,d,e;
+	BN_RECP_CTX recp;
 	int i;
 	int j;
 
-	a=BN_new();
-	b=BN_new();
-	c=BN_new();
+	BN_RECP_CTX_init(&recp);
+	BN_init(&a);
+	BN_init(&b);
+	BN_init(&c);
+	BN_init(&d);
+	BN_init(&e);
 
-	BN_rand(a,200,0,0);
+	BN_rand(&a,400,0,0);
 	for (i=0; i<100; i++)
 		{
-		BN_rand(b,250+i,0,0);
-		a->neg=rand_neg();
-		b->neg=rand_neg();
+		BN_rand(&b,50+i,0,0);
+		a.neg=rand_neg();
+		b.neg=rand_neg();
+		BN_RECP_CTX_set(&recp,&b,ctx);
 		if (bp == NULL)
 			for (j=0; j<100; j++)
-				BN_mul(c,a,b);
-		BN_mul(c,a,b);
+				BN_div_recp(&d,&c,&a,&recp,ctx);
+		BN_div_recp(&d,&c,&a,&recp,ctx);
 		if (bp != NULL)
 			{
 			if (!results)
 				{
-				BN_print(bp,a);
+				BN_print(bp,&a);
+				BIO_puts(bp," / ");
+				BN_print(bp,&b);
+				BIO_puts(bp," - ");
+				}
+			BN_print(bp,&d);
+			BIO_puts(bp,"\n");
+
+			if (!results)
+				{
+				BN_print(bp,&a);
+				BIO_puts(bp," % ");
+				BN_print(bp,&b);
+				BIO_puts(bp," - ");
+				}
+			BN_print(bp,&c);
+			BIO_puts(bp,"\n");
+			}
+		BN_mul(&e,&d,&b,ctx);
+		BN_add(&d,&e,&c);
+		BN_sub(&d,&d,&a);
+		if(!BN_is_zero(&d))
+		    {
+		    BIO_puts(bp,"Reciprocal division test failed!\n");
+		    return 0;
+		    }
+		}
+	BN_free(&a);
+	BN_free(&b);
+	BN_free(&c);
+	BN_free(&d);
+	BN_free(&e);
+	BN_RECP_CTX_free(&recp);
+	return(1);
+	}
+
+int test_mul(BIO *bp)
+	{
+	BIGNUM a,b,c,d,e;
+	int i;
+	int j;
+	BN_CTX ctx;
+
+	BN_CTX_init(&ctx);
+	BN_init(&a);
+	BN_init(&b);
+	BN_init(&c);
+	BN_init(&d);
+	BN_init(&e);
+
+	BN_rand(&a,200,0,0);
+	for (i=0; i<100; i++)
+		{
+		BN_rand(&b,250+i,0,0);
+		BN_rand(&b,200,0,0);
+		a.neg=rand_neg();
+		b.neg=rand_neg();
+		if (bp == NULL)
+			for (j=0; j<100; j++)
+				BN_mul(&c,&a,&b,&ctx);
+		BN_mul(&c,&a,&b,&ctx);
+		if (bp != NULL)
+			{
+			if (!results)
+				{
+				BN_print(bp,&a);
 				BIO_puts(bp," * ");
-				BN_print(bp,b);
+				BN_print(bp,&b);
 				BIO_puts(bp," - ");
 				}
-			BN_print(bp,c);
+			BN_print(bp,&c);
 			BIO_puts(bp,"\n");
 			}
+		BN_div(&d,&e,&c,&a,&ctx);
+		BN_sub(&d,&d,&b);
+		if(!BN_is_zero(&d) || !BN_is_zero(&e))
+		    {
+		    BIO_puts(bp,"Multiplication test failed!\n");
+		    return 0;
+		    }
 		}
-	BN_free(a);
-	BN_free(b);
-	BN_free(c);
+	BN_free(&a);
+	BN_free(&b);
+	BN_free(&c);
+	BN_free(&d);
+	BN_free(&e);
+	BN_CTX_free(&ctx);
 	return(1);
 	}
 
-int test_sqr(bp,ctx)
-BIO *bp;
-BN_CTX *ctx;
+int test_sqr(BIO *bp, BN_CTX *ctx)
 	{
-	BIGNUM *a,*c;
+	BIGNUM a,c,d,e;
 	int i;
 	int j;
 
-	a=BN_new();
-	c=BN_new();
+	BN_init(&a);
+	BN_init(&c);
+	BN_init(&d);
+	BN_init(&e);
 
 	for (i=0; i<40; i++)
 		{
-		BN_rand(a,40+i*10,0,0);
-		a->neg=rand_neg();
+		BN_rand(&a,40+i*10,0,0);
+		a.neg=rand_neg();
 		if (bp == NULL)
 			for (j=0; j<100; j++)
-				BN_sqr(c,a,ctx);
-		BN_sqr(c,a,ctx);
+				BN_sqr(&c,&a,ctx);
+		BN_sqr(&c,&a,ctx);
 		if (bp != NULL)
 			{
 			if (!results)
 				{
-				BN_print(bp,a);
+				BN_print(bp,&a);
 				BIO_puts(bp," * ");
-				BN_print(bp,a);
+				BN_print(bp,&a);
 				BIO_puts(bp," - ");
 				}
-			BN_print(bp,c);
+			BN_print(bp,&c);
 			BIO_puts(bp,"\n");
 			}
+		BN_div(&d,&e,&c,&a,ctx);
+		BN_sub(&d,&d,&a);
+		if(!BN_is_zero(&d) || !BN_is_zero(&e))
+		    {
+		    BIO_puts(bp,"Square test failed!\n");
+		    return 0;
+		    }
 		}
-	BN_free(a);
-	BN_free(c);
+	BN_free(&a);
+	BN_free(&c);
+	BN_free(&d);
+	BN_free(&e);
 	return(1);
 	}
 
-int test_mont(bp,ctx)
-BIO *bp;
-BN_CTX *ctx;
+int test_mont(BIO *bp, BN_CTX *ctx)
 	{
-	BIGNUM *a,*b,*c,*A,*B;
-	BIGNUM *n;
+	BIGNUM a,b,c,d,A,B;
+	BIGNUM n;
 	int i;
 	int j;
 	BN_MONT_CTX *mont;
 
-	a=BN_new();
-	b=BN_new();
-	c=BN_new();
-	A=BN_new();
-	B=BN_new();
-	n=BN_new();
+	BN_init(&a);
+	BN_init(&b);
+	BN_init(&c);
+	BN_init(&d);
+	BN_init(&A);
+	BN_init(&B);
+	BN_init(&n);
 
 	mont=BN_MONT_CTX_new();
 
-	BN_rand(a,100,0,0); /**/
-	BN_rand(b,100,0,0); /**/
+	BN_rand(&a,100,0,0); /**/
+	BN_rand(&b,100,0,0); /**/
 	for (i=0; i<10; i++)
 		{
-		BN_rand(n,(100%BN_BITS2+1)*BN_BITS2*i*BN_BITS2,0,1); /**/
-		BN_MONT_CTX_set(mont,n,ctx);
+		BN_rand(&n,(100%BN_BITS2+1)*BN_BITS2*i*BN_BITS2,0,1); /**/
+		BN_MONT_CTX_set(mont,&n,ctx);
 
-		BN_to_montgomery(A,a,mont,ctx);
-		BN_to_montgomery(B,b,mont,ctx);
+		BN_to_montgomery(&A,&a,mont,ctx);
+		BN_to_montgomery(&B,&b,mont,ctx);
 
 		if (bp == NULL)
 			for (j=0; j<100; j++)
-				BN_mod_mul_montgomery(c,A,B,mont,ctx);/**/
-		BN_mod_mul_montgomery(c,A,B,mont,ctx);/**/
-		BN_from_montgomery(A,c,mont,ctx);/**/
+				BN_mod_mul_montgomery(&c,&A,&B,mont,ctx);/**/
+		BN_mod_mul_montgomery(&c,&A,&B,mont,ctx);/**/
+		BN_from_montgomery(&A,&c,mont,ctx);/**/
 		if (bp != NULL)
 			{
 			if (!results)
 				{
 #ifdef undef
 fprintf(stderr,"%d * %d %% %d\n",
-BN_num_bits(a),
-BN_num_bits(b),
+BN_num_bits(&a),
+BN_num_bits(&b),
 BN_num_bits(mont->N));
 #endif
-				BN_print(bp,a);
+				BN_print(bp,&a);
 				BIO_puts(bp," * ");
-				BN_print(bp,b);
+				BN_print(bp,&b);
 				BIO_puts(bp," % ");
-				BN_print(bp,mont->N);
+				BN_print(bp,&(mont->N));
 				BIO_puts(bp," - ");
 				}
-			BN_print(bp,A);
+			BN_print(bp,&A);
 			BIO_puts(bp,"\n");
 			}
+		BN_mod_mul(&d,&a,&b,&n,ctx);
+		BN_sub(&d,&d,&A);
+		if(!BN_is_zero(&d))
+		    {
+		    BIO_puts(bp,"Montgomery multiplication test failed!\n");
+		    return 0;
+		    }
 		}
 	BN_MONT_CTX_free(mont);
-	BN_free(a);
-	BN_free(b);
-	BN_free(c);
+	BN_free(&a);
+	BN_free(&b);
+	BN_free(&c);
+	BN_free(&d);
+	BN_free(&A);
+	BN_free(&B);
+	BN_free(&n);
 	return(1);
 	}
 
-int test_mod(bp,ctx)
-BIO *bp;
-BN_CTX *ctx;
+int test_mod(BIO *bp, BN_CTX *ctx)
 	{
-	BIGNUM *a,*b,*c;
+	BIGNUM *a,*b,*c,*d,*e;
 	int i;
 	int j;
 
 	a=BN_new();
 	b=BN_new();
 	c=BN_new();
+	d=BN_new();
+	e=BN_new();
 
 	BN_rand(a,1024,0,0); /**/
 	for (i=0; i<20; i++)
@@ -524,16 +643,23 @@ BN_CTX *ctx;
 			BN_print(bp,c);
 			BIO_puts(bp,"\n");
 			}
+		BN_div(d,e,a,b,ctx);
+		BN_sub(e,e,c);
+		if(!BN_is_zero(e))
+		    {
+		    BIO_puts(bp,"Modulo test failed!\n");
+		    return 0;
+		    }
 		}
 	BN_free(a);
 	BN_free(b);
 	BN_free(c);
+	BN_free(d);
+	BN_free(e);
 	return(1);
 	}
 
-int test_mod_mul(bp,ctx)
-BIO *bp;
-BN_CTX *ctx;
+int test_mod_mul(BIO *bp, BN_CTX *ctx)
 	{
 	BIGNUM *a,*b,*c,*d,*e;
 	int i;
@@ -578,6 +704,14 @@ BN_CTX *ctx;
 			BN_print(bp,e);
 			BIO_puts(bp,"\n");
 			}
+		BN_mul(d,a,b,ctx);
+		BN_sub(d,d,e);
+		BN_div(a,b,d,c,ctx);
+		if(!BN_is_zero(b))
+		    {
+		    BIO_puts(bp,"Modulo multiply test failed!\n");
+		    return 0;
+		    }
 		}
 	BN_free(a);
 	BN_free(b);
@@ -587,9 +721,7 @@ BN_CTX *ctx;
 	return(1);
 	}
 
-int test_mod_exp(bp,ctx)
-BIO *bp;
-BN_CTX *ctx;
+int test_mod_exp(BIO *bp, BN_CTX *ctx)
 	{
 	BIGNUM *a,*b,*c,*d,*e;
 	int i;
@@ -623,6 +755,14 @@ BN_CTX *ctx;
 			BN_print(bp,d);
 			BIO_puts(bp,"\n");
 			}
+		BN_exp(e,a,b,ctx);
+		BN_sub(e,e,d);
+		BN_div(a,b,e,c,ctx);
+		if(!BN_is_zero(b))
+		    {
+		    BIO_puts(bp,"Modulo exponentiation test failed!\n");
+		    return 0;
+		    }
 		}
 	BN_free(a);
 	BN_free(b);
@@ -632,19 +772,74 @@ BN_CTX *ctx;
 	return(1);
 	}
 
-int test_lshift(bp)
-BIO *bp;
+int test_exp(BIO *bp, BN_CTX *ctx)
 	{
-	BIGNUM *a,*b,*c;
+	BIGNUM *a,*b,*d,*e,*one;
 	int i;
 
 	a=BN_new();
 	b=BN_new();
+	d=BN_new();
+	e=BN_new();
+	one=BN_new();
+	BN_one(one);
+
+	for (i=0; i<6; i++)
+		{
+		BN_rand(a,20+i*5,0,0); /**/
+		BN_rand(b,2+i,0,0); /**/
+
+		if (!BN_exp(d,a,b,ctx))
+			return(00);
+
+		if (bp != NULL)
+			{
+			if (!results)
+				{
+				BN_print(bp,a);
+				BIO_puts(bp," ^ ");
+				BN_print(bp,b);
+				BIO_puts(bp," - ");
+				}
+			BN_print(bp,d);
+			BIO_puts(bp,"\n");
+			}
+		BN_one(e);
+		for( ; !BN_is_zero(b) ; BN_sub(b,b,one))
+		    BN_mul(e,e,a,ctx);
+		BN_sub(e,e,d);
+		if(!BN_is_zero(e))
+		    {
+		    BIO_puts(bp,"Exponentiation test failed!\n");
+		    return 0;
+		    }
+		}
+	BN_free(a);
+	BN_free(b);
+	BN_free(d);
+	BN_free(e);
+	BN_free(one);
+	return(1);
+	}
+
+int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_)
+	{
+	BIGNUM *a,*b,*c,*d;
+	int i;
+
+	b=BN_new();
 	c=BN_new();
+	d=BN_new();
 	BN_one(c);
 
-	BN_rand(a,200,0,0); /**/
-	a->neg=rand_neg();
+	if(a_)
+	    a=a_;
+	else
+	    {
+	    a=BN_new();
+	    BN_rand(a,200,0,0); /**/
+	    a->neg=rand_neg();
+	    }
 	for (i=0; i<70; i++)
 		{
 		BN_lshift(b,a,i+1);
@@ -661,21 +856,38 @@ BIO *bp;
 			BN_print(bp,b);
 			BIO_puts(bp,"\n");
 			}
+		BN_mul(d,a,c,ctx);
+		BN_sub(d,d,b);
+		if(!BN_is_zero(d))
+		    {
+		    BIO_puts(bp,"Left shift test failed!\n");
+		    BIO_puts(bp,"a=");
+		    BN_print(bp,a);
+		    BIO_puts(bp,"\nb=");
+		    BN_print(bp,b);
+		    BIO_puts(bp,"\nc=");
+		    BN_print(bp,c);
+		    BIO_puts(bp,"\nd=");
+		    BN_print(bp,d);
+		    BIO_puts(bp,"\n");
+		    return 0;
+		    }
 		}
 	BN_free(a);
 	BN_free(b);
 	BN_free(c);
+	BN_free(d);
 	return(1);
 	}
 
-int test_lshift1(bp)
-BIO *bp;
+int test_lshift1(BIO *bp)
 	{
-	BIGNUM *a,*b;
+	BIGNUM *a,*b,*c;
 	int i;
 
 	a=BN_new();
 	b=BN_new();
+	c=BN_new();
 
 	BN_rand(a,200,0,0); /**/
 	a->neg=rand_neg();
@@ -693,22 +905,32 @@ BIO *bp;
 			BN_print(bp,b);
 			BIO_puts(bp,"\n");
 			}
+		BN_add(c,a,a);
+		BN_sub(a,b,c);
+		if(!BN_is_zero(a))
+		    {
+		    BIO_puts(bp,"Left shift one test failed!\n");
+		    return 0;
+		    }
+		
 		BN_copy(a,b);
 		}
 	BN_free(a);
 	BN_free(b);
+	BN_free(c);
 	return(1);
 	}
 
-int test_rshift(bp)
-BIO *bp;
+int test_rshift(BIO *bp,BN_CTX *ctx)
 	{
-	BIGNUM *a,*b,*c;
+	BIGNUM *a,*b,*c,*d,*e;
 	int i;
 
 	a=BN_new();
 	b=BN_new();
 	c=BN_new();
+	d=BN_new();
+	e=BN_new();
 	BN_one(c);
 
 	BN_rand(a,200,0,0); /**/
@@ -729,21 +951,30 @@ BIO *bp;
 			BN_print(bp,b);
 			BIO_puts(bp,"\n");
 			}
+		BN_div(d,e,a,c,ctx);
+		BN_sub(d,d,b);
+		if(!BN_is_zero(d))
+		    {
+		    BIO_puts(bp,"Right shift test failed!\n");
+		    return 0;
+		    }
 		}
 	BN_free(a);
 	BN_free(b);
 	BN_free(c);
+	BN_free(d);
+	BN_free(e);
 	return(1);
 	}
 
-int test_rshift1(bp)
-BIO *bp;
+int test_rshift1(BIO *bp)
 	{
-	BIGNUM *a,*b;
+	BIGNUM *a,*b,*c;
 	int i;
 
 	a=BN_new();
 	b=BN_new();
+	c=BN_new();
 
 	BN_rand(a,200,0,0); /**/
 	a->neg=rand_neg();
@@ -761,14 +992,22 @@ BIO *bp;
 			BN_print(bp,b);
 			BIO_puts(bp,"\n");
 			}
+		BN_sub(c,a,b);
+		BN_sub(c,c,b);
+		if(!BN_is_zero(c) && !BN_is_one(c))
+		    {
+		    BIO_puts(bp,"Right shift one test failed!\n");
+		    return 0;
+		    }
 		BN_copy(a,b);
 		}
 	BN_free(a);
 	BN_free(b);
+	BN_free(c);
 	return(1);
 	}
 
-int rand_neg()
+int rand_neg(void)
 	{
 	static unsigned int neg=0;
 	static int sign[8]={0,0,0,1,1,0,1,1};
diff --git a/lib/libssl/src/crypto/bn/comba.pl b/lib/libssl/src/crypto/bn/comba.pl
new file mode 100644
index 00000000000..211a8b45c78
--- /dev/null
+++ b/lib/libssl/src/crypto/bn/comba.pl
@@ -0,0 +1,285 @@
+#!/usr/local/bin/perl
+
+$num=8;
+$num2=8/2;
+
+print <<"EOF";
+/* crypto/bn/bn_comba.c */
+#include <stdio.h>
+#include "bn_lcl.h"
+/* Auto generated from crypto/bn/comba.pl
+ */
+
+#undef bn_mul_comba8
+#undef bn_mul_comba4
+#undef bn_sqr_comba8
+#undef bn_sqr_comba4
+
+#ifdef BN_LLONG
+#define mul_add_c(a,b,c0,c1,c2) \\
+	t=(BN_ULLONG)a*b; \\
+	t1=(BN_ULONG)Lw(t); \\
+	t2=(BN_ULONG)Hw(t); \\
+	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \\
+	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define mul_add_c2(a,b,c0,c1,c2) \\
+	t=(BN_ULLONG)a*b; \\
+	tt=(t+t)&BN_MASK; \\
+	if (tt < t) c2++; \\
+	t1=(BN_ULONG)Lw(tt); \\
+	t2=(BN_ULONG)Hw(tt); \\
+	c0=(c0+t1)&BN_MASK2;  \\
+	if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \\
+	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define sqr_add_c(a,i,c0,c1,c2) \\
+	t=(BN_ULLONG)a[i]*a[i]; \\
+	t1=(BN_ULONG)Lw(t); \\
+	t2=(BN_ULONG)Hw(t); \\
+	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \\
+	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define sqr_add_c2(a,i,j,c0,c1,c2) \\
+	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+#else
+#define mul_add_c(a,b,c0,c1,c2) \\
+	t1=LBITS(a); t2=HBITS(a); \\
+	bl=LBITS(b); bh=HBITS(b); \\
+	mul64(t1,t2,bl,bh); \\
+	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \\
+	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define mul_add_c2(a,b,c0,c1,c2) \\
+	t1=LBITS(a); t2=HBITS(a); \\
+	bl=LBITS(b); bh=HBITS(b); \\
+	mul64(t1,t2,bl,bh); \\
+	if (t2 & BN_TBIT) c2++; \\
+	t2=(t2+t2)&BN_MASK2; \\
+	if (t1 & BN_TBIT) t2++; \\
+	t1=(t1+t1)&BN_MASK2; \\
+	c0=(c0+t1)&BN_MASK2;  \\
+	if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \\
+	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define sqr_add_c(a,i,c0,c1,c2) \\
+	sqr64(t1,t2,(a)[i]); \\
+	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \\
+	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define sqr_add_c2(a,i,j,c0,c1,c2) \\
+	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+#endif
+
+void bn_mul_comba${num}(r,a,b)
+BN_ULONG *r,*a,*b;
+	{
+#ifdef BN_LLONG
+	BN_ULLONG t;
+#else
+	BN_ULONG bl,bh;
+#endif
+	BN_ULONG t1,t2;
+	BN_ULONG c1,c2,c3;
+
+EOF
+$ret=&combas_mul("r","a","b",$num,"c1","c2","c3");
+printf <<"EOF";
+	}
+
+void bn_mul_comba${num2}(r,a,b)
+BN_ULONG *r,*a,*b;
+	{
+#ifdef BN_LLONG
+	BN_ULLONG t;
+#else
+	BN_ULONG bl,bh;
+#endif
+	BN_ULONG t1,t2;
+	BN_ULONG c1,c2,c3;
+
+EOF
+$ret=&combas_mul("r","a","b",$num2,"c1","c2","c3");
+printf <<"EOF";
+	}
+
+void bn_sqr_comba${num}(r,a)
+BN_ULONG *r,*a;
+	{
+#ifdef BN_LLONG
+	BN_ULLONG t,tt;
+#else
+	BN_ULONG bl,bh;
+#endif
+	BN_ULONG t1,t2;
+	BN_ULONG c1,c2,c3;
+
+EOF
+$ret=&combas_sqr("r","a",$num,"c1","c2","c3");
+printf <<"EOF";
+	}
+
+void bn_sqr_comba${num2}(r,a)
+BN_ULONG *r,*a;
+	{
+#ifdef BN_LLONG
+	BN_ULLONG t,tt;
+#else
+	BN_ULONG bl,bh;
+#endif
+	BN_ULONG t1,t2;
+	BN_ULONG c1,c2,c3;
+
+EOF
+$ret=&combas_sqr("r","a",$num2,"c1","c2","c3");
+printf <<"EOF";
+	}
+EOF
+
+sub bn_str
+	{
+	local($var,$val)=@_;
+	print "\t$var=$val;\n";
+	}
+
+sub bn_ary
+	{
+	local($var,$idx)=@_;
+	return("${var}[$idx]");
+	}
+
+sub bn_clr
+	{
+	local($var)=@_;
+
+	print "\t$var=0;\n";
+	}
+
+sub bn_mad
+	{
+	local($a,$b,$c0,$c1,$c2,$num)=@_;
+
+	if ($num == 2)
+		{ printf("\tmul_add_c2($a,$b,$c0,$c1,$c2);\n"); }
+	else
+		{ printf("\tmul_add_c($a,$b,$c0,$c1,$c2);\n"); }
+	}
+
+sub bn_sad
+	{
+	local($a,$i,$j,$c0,$c1,$c2,$num)=@_;
+
+	if ($num == 2)
+		{ printf("\tsqr_add_c2($a,$i,$j,$c0,$c1,$c2);\n"); }
+	else
+		{ printf("\tsqr_add_c($a,$i,$c0,$c1,$c2);\n"); }
+	}
+
+sub combas_mul
+	{
+	local($r,$a,$b,$num,$c0,$c1,$c2)=@_;
+	local($i,$as,$ae,$bs,$be,$ai,$bi);
+	local($tot,$end);
+
+	$as=0;
+	$ae=0;
+	$bs=0;
+	$be=0;
+	$tot=$num+$num-1;
+	&bn_clr($c0);
+	&bn_clr($c1);
+	for ($i=0; $i<$tot; $i++)
+		{
+		$ai=$as;
+		$bi=$bs;
+		$end=$be+1;
+		@numa=@numb=();
+
+#print "($as $ae) ($bs $be) $bs -> $end [$i $num]\n";
+		for ($j=$bs; $j<$end; $j++)
+			{
+			push(@numa,$ai);
+			push(@numb,$bi);
+			$ai--;
+			$bi++;
+			}
+
+		if ($i & 1)
+			{
+			@numa=reverse(@numa);
+			@numb=reverse(@numb);
+			}
+
+		&bn_clr($c2);
+		for ($j=0; $j<=$#numa; $j++)
+			{
+			&bn_mad(&bn_ary($a,$numa[$j]),
+				&bn_ary($b,$numb[$j]),$c0,$c1,$c2,1);
+			}
+		&bn_str(&bn_ary($r,$i),$c0);
+		($c0,$c1,$c2)=($c1,$c2,$c0);
+
+		$as++ if ($i < ($num-1));
+		$ae++ if ($i >= ($num-1));
+
+		$bs++ if ($i >= ($num-1));
+		$be++ if ($i < ($num-1));
+		}
+	&bn_str(&bn_ary($r,$i),$c0);
+	}
+
+sub combas_sqr
+	{
+	local($r,$a,$num,$c0,$c1,$c2)=@_;
+	local($i,$as,$ae,$bs,$be,$ai,$bi);
+	local($b,$tot,$end,$half);
+
+	$b=$a;
+	$as=0;
+	$ae=0;
+	$bs=0;
+	$be=0;
+	$tot=$num+$num-1;
+	&bn_clr($c0);
+	&bn_clr($c1);
+	for ($i=0; $i<$tot; $i++)
+		{
+		$ai=$as;
+		$bi=$bs;
+		$end=$be+1;
+		@numa=@numb=();
+
+#print "($as $ae) ($bs $be) $bs -> $end [$i $num]\n";
+		for ($j=$bs; $j<$end; $j++)
+			{
+			push(@numa,$ai);
+			push(@numb,$bi);
+			$ai--;
+			$bi++;
+			last if ($ai < $bi);
+			}
+		if (!($i & 1))
+			{
+			@numa=reverse(@numa);
+			@numb=reverse(@numb);
+			}
+
+		&bn_clr($c2);
+		for ($j=0; $j <= $#numa; $j++)
+			{
+			if ($numa[$j] == $numb[$j])
+				{&bn_sad($a,$numa[$j],$numb[$j],$c0,$c1,$c2,1);}
+			else
+				{&bn_sad($a,$numa[$j],$numb[$j],$c0,$c1,$c2,2);}
+			}
+		&bn_str(&bn_ary($r,$i),$c0);
+		($c0,$c1,$c2)=($c1,$c2,$c0);
+
+		$as++ if ($i < ($num-1));
+		$ae++ if ($i >= ($num-1));
+
+		$bs++ if ($i >= ($num-1));
+		$be++ if ($i < ($num-1));
+		}
+	&bn_str(&bn_ary($r,$i),$c0);
+	}
diff --git a/lib/libssl/src/crypto/bn/d.c b/lib/libssl/src/crypto/bn/d.c
new file mode 100644
index 00000000000..ced2291b255
--- /dev/null
+++ b/lib/libssl/src/crypto/bn/d.c
@@ -0,0 +1,72 @@
+#include <stdio.h>
+#include <openssl/bio.h>
+#include "bn_lcl.h"
+
+#define SIZE_A (100*4+4)
+#define SIZE_B (13*4)
+
+main(argc,argv)
+int argc;
+char *argv[];
+	{
+	BN_CTX ctx;
+	BN_RECP_CTX recp;
+	BIGNUM a,b,dd,d,r,rr,t,l;
+	int i;
+
+	MemCheck_start();
+	MemCheck_on();
+	BN_CTX_init(&ctx);
+	BN_RECP_CTX_init(&recp);
+
+	BN_init(&r);
+	BN_init(&rr);
+	BN_init(&d);
+	BN_init(&dd);
+	BN_init(&a);
+	BN_init(&b);
+
+	{
+	BN_rand(&a,SIZE_A,0,0);
+	BN_rand(&b,SIZE_B,0,0);
+
+	a.neg=1;
+	BN_RECP_CTX_set(&recp,&b,&ctx);
+
+	BN_print_fp(stdout,&a); printf(" a\n");
+	BN_print_fp(stdout,&b); printf(" b\n");
+
+	BN_print_fp(stdout,&recp.N); printf(" N\n");
+	BN_print_fp(stdout,&recp.Nr); printf(" Nr num_bits=%d\n",recp.num_bits);
+
+	BN_div_recp(&r,&d,&a,&recp,&ctx);
+
+for (i=0; i<300; i++)
+	BN_div(&rr,&dd,&a,&b,&ctx);
+
+	BN_print_fp(stdout,&r); printf(" div recp\n");
+	BN_print_fp(stdout,&rr); printf(" div\n");
+	BN_print_fp(stdout,&d); printf(" rem recp\n");
+	BN_print_fp(stdout,&dd); printf(" rem\n");
+	}
+	BN_CTX_free(&ctx);
+	BN_RECP_CTX_free(&recp);
+
+	BN_free(&r);
+	BN_free(&rr);
+	BN_free(&d);
+	BN_free(&dd);
+	BN_free(&a);
+	BN_free(&b);
+
+	{
+	BIO *out;
+
+	if ((out=BIO_new(BIO_s_file())) != NULL)
+		BIO_set_fp(out,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+        CRYPTO_mem_leaks(out);
+	BIO_free(out);
+	}
+
+	}
diff --git a/lib/libssl/src/crypto/bn/exp.c b/lib/libssl/src/crypto/bn/exp.c
new file mode 100644
index 00000000000..ec443459d81
--- /dev/null
+++ b/lib/libssl/src/crypto/bn/exp.c
@@ -0,0 +1,60 @@
+#include <stdio.h>
+#include <openssl/tmdiff.h>
+#include "bn_lcl.h"
+
+#define SIZE	256
+#define NUM	(8*8*8)
+#define MOD	(8*8*8*8*8)
+
+main(argc,argv)
+int argc;
+char *argv[];
+	{
+	BN_CTX ctx;
+	BIGNUM a,b,c,r,rr,t,l;
+	int j,i,size=SIZE,num=NUM,mod=MOD;
+	char *start,*end;
+	BN_MONT_CTX mont;
+	double d,md;
+
+	BN_MONT_CTX_init(&mont);
+	BN_CTX_init(&ctx);
+	BN_init(&a);
+	BN_init(&b);
+	BN_init(&c);
+	BN_init(&r);
+
+	start=ms_time_new();
+	end=ms_time_new();
+	while (size <= 1024*8)
+		{
+		BN_rand(&a,size,0,0);
+		BN_rand(&b,size,1,0);
+		BN_rand(&c,size,0,1);
+
+		BN_mod(&a,&a,&c,&ctx);
+
+		ms_time_get(start);
+		for (i=0; i<10; i++)
+			BN_MONT_CTX_set(&mont,&c,&ctx);
+		ms_time_get(end);
+		md=ms_time_diff(start,end);
+
+		ms_time_get(start);
+		for (i=0; i<num; i++)
+			{
+			/* bn_mull(&r,&a,&b,&ctx); */
+			/* BN_sqr(&r,&a,&ctx); */
+			BN_mod_exp_mont(&r,&a,&b,&c,&ctx,&mont);
+			}
+		ms_time_get(end);
+		d=ms_time_diff(start,end)/* *50/33 */;
+		printf("%5d bit:%6.2f %6d %6.4f %4d m_set(%5.4f)\n",size,
+			d,num,d/num,(int)((d/num)*mod),md/10.0);
+		num/=8;
+		mod/=8;
+		if (num <= 0) num=1;
+		size*=2;
+		}
+
+	}
diff --git a/lib/libssl/src/crypto/bn/expspeed.c b/lib/libssl/src/crypto/bn/expspeed.c
index 344f883d35f..3656d5bb4ce 100644
--- a/lib/libssl/src/crypto/bn/expspeed.c
+++ b/lib/libssl/src/crypto/bn/expspeed.c
@@ -66,14 +66,13 @@
 #include <stdlib.h>
 #include <signal.h>
 #include <string.h>
-#include "crypto.h"
-#include "err.h"
+#include <openssl/crypto.h>
+#include <openssl/err.h>
 
-#ifndef MSDOS
+#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
 #define TIMES
 #endif
 
-#ifndef VMS
 #ifndef _IRIX
 #include <time.h>
 #endif
@@ -81,36 +80,33 @@
 #include <sys/types.h>
 #include <sys/times.h>
 #endif
-#else /* VMS */
-#include <types.h>
-struct tms {
-	time_t tms_utime;
-	time_t tms_stime;
-	time_t tms_uchild;	/* I dunno...  */
-	time_t tms_uchildsys;	/* so these names are a guess :-) */
-	}
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#undef TIMES
 #endif
+
 #ifndef TIMES
 #include <sys/timeb.h>
 #endif
 
-#ifdef sun
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
 #include <limits.h>
 #include <sys/param.h>
 #endif
 
-#include "bn.h"
-#include "x509.h"
+#include <openssl/bn.h>
+#include <openssl/x509.h>
 
 /* The following if from times(3) man page.  It may need to be changed */
 #ifndef HZ
 # ifndef CLK_TCK
 #  ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
-#   ifndef VMS
-#    define HZ	100.0
-#   else /* VMS */
-#    define HZ	100.0
-#   endif
+#   define HZ	100.0
 #  else /* _BSD_CLK_TCK_ */
 #   define HZ ((double)_BSD_CLK_TCK_)
 #  endif
@@ -123,17 +119,11 @@ struct tms {
 #define BUFSIZE	((long)1024*8)
 int run=0;
 
-#ifndef NOPROTO
 static double Time_F(int s);
-#else
-static double Time_F();
-#endif
-
 #define START	0
 #define STOP	1
 
-static double Time_F(s)
-int s;
+static double Time_F(int s)
 	{
 	double ret;
 #ifdef TIMES
@@ -176,9 +166,7 @@ static int mul_c[NUM_SIZES]={8*8*8*8*8,8*8*8*8,8*8*8,8*8,8,1};
 
 void do_mul_exp(BIGNUM *r,BIGNUM *a,BIGNUM *b,BIGNUM *c,BN_CTX *ctx); 
 
-int main(argc,argv)
-int argc;
-char **argv;
+int main(int argc, char **argv)
 	{
 	BN_CTX *ctx;
 	BIGNUM *a,*b,*c,*r;
@@ -192,12 +180,7 @@ char **argv;
 	do_mul_exp(r,a,b,c,ctx);
 	}
 
-void do_mul_exp(r,a,b,c,ctx)
-BIGNUM *r;
-BIGNUM *a;
-BIGNUM *b;
-BIGNUM *c;
-BN_CTX *ctx;
+void do_mul_exp(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *c, BN_CTX *ctx)
 	{
 	int i,k;
 	double tm;
diff --git a/lib/libssl/src/crypto/bn/exptest.c b/lib/libssl/src/crypto/bn/exptest.c
index 67dc95d7260..9e4ae91d201 100644
--- a/lib/libssl/src/crypto/bn/exptest.c
+++ b/lib/libssl/src/crypto/bn/exptest.c
@@ -59,30 +59,31 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include "bio.h"
-#include "bn.h"
-#include "rand.h"
-#include "err.h"
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
 #ifdef WINDOWS
 #include "../bio/bss_file.c"
 #endif
 
 #define NUM_BITS	(BN_BITS*2)
 
-int main(argc,argv)
-int argc;
-char *argv[];
+int main(int argc, char *argv[])
 	{
 	BN_CTX *ctx;
 	BIO *out=NULL;
 	int i,ret;
 	unsigned char c;
-	BIGNUM *r_mont,*r_recp,*a,*b,*m;
+	BIGNUM *r_mont,*r_recp,*r_simple,*a,*b,*m;
+
+	ERR_load_BN_strings();
 
 	ctx=BN_CTX_new();
 	if (ctx == NULL) exit(1);
 	r_mont=BN_new();
 	r_recp=BN_new();
+	r_simple=BN_new();
 	a=BN_new();
 	b=BN_new();
 	m=BN_new();
@@ -114,29 +115,52 @@ char *argv[];
 
 		ret=BN_mod_exp_mont(r_mont,a,b,m,ctx,NULL);
 		if (ret <= 0)
-			{ printf("BN_mod_exp_mont() problems\n"); exit(1); }
+			{
+			printf("BN_mod_exp_mont() problems\n");
+			ERR_print_errors(out);
+			exit(1);
+			}
 
 		ret=BN_mod_exp_recp(r_recp,a,b,m,ctx);
 		if (ret <= 0)
-			{ printf("BN_mod_exp_recp() problems\n"); exit(1); }
-		
-		if (BN_cmp(r_mont,r_recp) != 0)
 			{
-			printf("\nmont and recp results differ\n");
+			printf("BN_mod_exp_recp() problems\n");
+			ERR_print_errors(out);
+			exit(1);
+			}
+
+		ret=BN_mod_exp_simple(r_simple,a,b,m,ctx);
+		if (ret <= 0)
+			{
+			printf("BN_mod_exp_simple() problems\n");
+			ERR_print_errors(out);
+			exit(1);
+			}
+
+		if (BN_cmp(r_simple, r_mont) == 0
+		    && BN_cmp(r_simple,r_recp) == 0)
+			{
+			printf(".");
+			fflush(stdout);
+			}
+		else
+		  	{
+			if (BN_cmp(r_simple,r_mont) != 0)
+				printf("\nsimple and mont results differ\n");
+			if (BN_cmp(r_simple,r_recp) != 0)
+				printf("\nsimple and recp results differ\n");
+
 			printf("a (%3d) = ",BN_num_bits(a));   BN_print(out,a);
 			printf("\nb (%3d) = ",BN_num_bits(b)); BN_print(out,b);
 			printf("\nm (%3d) = ",BN_num_bits(m)); BN_print(out,m);
+			printf("\nsimple   =");	BN_print(out,r_simple);
 			printf("\nrecp     =");	BN_print(out,r_recp);
 			printf("\nmont     ="); BN_print(out,r_mont);
 			printf("\n");
 			exit(1);
 			}
-		else
-			{
-			printf(".");
-			fflush(stdout);
-			}
 		}
+	CRYPTO_mem_leaks(out);
 	printf(" done\n");
 	exit(0);
 err:
diff --git a/lib/libssl/src/crypto/bn/new b/lib/libssl/src/crypto/bn/new
new file mode 100644
index 00000000000..285d506f199
--- /dev/null
+++ b/lib/libssl/src/crypto/bn/new
@@ -0,0 +1,23 @@
+void BN_RECP_CTX_init(BN_RECP_CTX *recp);
+BN_RECP_CTX *BN_RECP_CTX_new();
+void BN_RECP_CTX_free(BN_RECP_CTX *recp);
+int BN_RECP_CTX_set(BN_RECP_CTX *recp,BIGNUM *div,BN_CTX *ctx);
+
+int BN_mod_exp_recp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,
+	BN_RECP_CTX *recp,BN_CTX *ctx);
+
+int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BIGNUM *d,
+	BN_RECP_CTX *recp, BN_CTX *ctx);
+int BN_mod_recp(BIGNUM *rem, BIGNUM *m, BIGNUM *d,
+	BN_RECP_CTX *recp, BN_CTX *ctx);
+int BN_mod_mul_recp(BIGNUM *ret,BIGNUM *a,BIGNUM *b,BIGNUM *m
+
+int BN_mod_exp_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *p,
+	BN_MONT_CTX *m_ctx,BN_CTX *ctx);
+int BN_mod_exp2_montgomery(BIGNUM *r, BIGNUM *a1, BIGNUM *p1,BIGNUM *a2,
+                BIGNUM *p2,BN_MONT_CTX *m_ctx,BN_CTX *ctx);
+
+
+bn_div64 -> bn_div_words
+
+
diff --git a/lib/libssl/src/crypto/bn/test.c b/lib/libssl/src/crypto/bn/test.c
new file mode 100644
index 00000000000..a048b9f878d
--- /dev/null
+++ b/lib/libssl/src/crypto/bn/test.c
@@ -0,0 +1,241 @@
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+#define SIZE	32
+
+#define BN_MONT_CTX_set		bn_mcs
+#define BN_from_montgomery	bn_fm
+#define BN_mod_mul_montgomery	bn_mmm
+#undef BN_to_montgomery
+#define BN_to_montgomery(r,a,mont,ctx)	bn_mmm(\
+	r,a,(mont)->RR,(mont),ctx)
+
+main()
+	{
+	BIGNUM prime,a,b,r,A,B,R;
+	BN_MONT_CTX *mont;
+	BN_CTX *ctx;
+	int i;
+
+	ctx=BN_CTX_new();
+	BN_init(&prime);
+	BN_init(&a); BN_init(&b); BN_init(&r);
+	BN_init(&A); BN_init(&B); BN_init(&R);
+
+	BN_generate_prime(&prime,SIZE,0,NULL,NULL,NULL,NULL);
+	BN_rand(&A,SIZE,1,0);
+	BN_rand(&B,SIZE,1,0);
+	BN_mod(&A,&A,&prime,ctx);
+	BN_mod(&B,&B,&prime,ctx);
+
+	i=A.top;
+	BN_mul(&R,&A,&B,ctx);
+	BN_mask_bits(&R,i*BN_BITS2);
+
+
+	BN_print_fp(stdout,&A); printf(" <- a\n");
+	BN_print_fp(stdout,&B); printf(" <- b\n");
+	BN_mul_high(&r,&A,&B,&R,i);
+	BN_print_fp(stdout,&r); printf(" <- high(BA*DC)\n");
+
+	BN_mask_bits(&A,i*32);
+	BN_mask_bits(&B,i*32);
+
+	BN_mul(&R,&A,&B);
+	BN_rshift(&R,&R,i*32);
+	BN_print_fp(stdout,&R); printf(" <- norm BA*DC\n");
+	BN_sub(&R,&R,&r);
+	BN_print_fp(stdout,&R); printf(" <- diff\n");
+	}
+
+#if 0
+int bn_mul_high(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *low, int words)
+	{
+	int i;
+	BIGNUM t1,t2,t3,h,ah,al,bh,bl,m,s0,s1;
+
+	BN_init(&al); BN_init(&ah);
+	BN_init(&bl); BN_init(&bh);
+	BN_init(&t1); BN_init(&t2); BN_init(&t3);
+	BN_init(&s0); BN_init(&s1);
+	BN_init(&h); BN_init(&m);
+
+	i=a->top;
+	if (i >= words)
+		{
+		al.top=words;
+		ah.top=a->top-words;
+		ah.d= &(a->d[ah.top]);
+		}
+	else
+		al.top=i;
+	al.d=a->d;
+
+	i=b->top;
+	if (i >= words)
+		{
+		bl.top=words;
+		bh.top=i-words;
+		bh.d= &(b->d[bh.top]);
+		}
+	else
+		bl.top=i;
+	bl.d=b->d;
+
+	i=low->top;
+	if (i >= words)
+		{
+		s0.top=words;
+		s1.top=i-words;
+		s1.d= &(low->d[s1.top]);
+		}
+	else
+		s0.top=i;
+	s0.d=low->d;
+
+al.max=al.top; ah.max=ah.top;
+bl.max=bl.top; bh.max=bh.top;
+s0.max=bl.top; s1.max=bh.top;
+
+	/* Calculate (al-ah)*(bh-bl) */
+	BN_sub(&t1,&al,&ah);
+	BN_sub(&t2,&bh,&bl);
+	BN_mul(&m,&t1,&t2);
+
+	/* Calculate ah*bh */
+	BN_mul(&h,&ah,&bh);
+
+	/* s0 == low(al*bl)
+	 * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl)
+	 * We know s0 and s1 so the only unknown is high(al*bl)
+	 * high(al*bl) == s1 - low(ah*bh+(al-ah)*(bh-bl)+s0)
+	 */
+	BN_add(&m,&m,&h);
+	BN_add(&t2,&m,&s0);
+	/* Quick and dirty mask off of high words */
+	t3.d=t2.d;
+	t3.top=(t2.top > words)?words:t2.top;
+	t3.neg=t2.neg;
+t3.max=t3.top;
+/* BN_print_fp(stdout,&s1); printf(" s1\n"); */
+/* BN_print_fp(stdout,&t2); printf(" middle value\n"); */
+/* BN_print_fp(stdout,&t3); printf(" low middle value\n"); */
+	BN_sub(&t1,&s1,&t3);
+
+	if (t1.neg)
+		{
+/*printf("neg fixup\n"); BN_print_fp(stdout,&t1); printf(" before\n"); */
+		BN_lshift(&t2,BN_value_one(),words*32);
+		BN_add(&t1,&t2,&t1);
+		BN_mask_bits(&t1,words*32);
+/* BN_print_fp(stdout,&t1); printf(" after\n"); */
+		}
+	/* al*bl == high(al*bl)<<words+s0 */
+	BN_lshift(&t1,&t1,words*32);
+	BN_add(&t1,&t1,&s0);
+	
+	/* We now have
+	 * al*bl			- t1
+	 * (al-ah)*(bh-bl)+ah*bh	- m
+	 * ah*bh			- h
+	 */
+	BN_copy(r,&t1);
+	BN_mask_bits(r,words*32*2);
+
+	/*BN_lshift(&m,&m,words*/
+
+	BN_free(&t1); BN_free(&t2);
+	BN_free(&m); BN_free(&h);
+	}
+
+int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_MONT_CTX *mont,
+	     BN_CTX *ctx)
+	{
+	BIGNUM *tmp;
+
+        tmp= &(ctx->bn[ctx->tos++]);
+
+	if (a == b)
+		{
+		if (!BN_sqr(tmp,a,ctx)) goto err;
+		}
+	else
+		{
+		if (!BN_mul(tmp,a,b)) goto err;
+		}
+	/* reduce from aRR to aR */
+	if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err;
+	ctx->tos--;
+	return(1);
+err:
+	return(0);
+	}
+
+int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont, BN_CTX *ctx)
+	{
+	BIGNUM z1;
+	BIGNUM *t1,*t2;
+	BN_ULONG *ap,*bp,*rp;
+	int j,i,bl,al;
+
+	BN_init(&z1);
+	t1= &(ctx->bn[ctx->tos]);
+	t2= &(ctx->bn[ctx->tos+1]);
+
+	if (!BN_copy(t1,a)) goto err;
+	/* can cheat */
+	BN_mask_bits(t1,mont->ri);
+	if (!BN_mul(t2,t1,mont->Ni)) goto err;
+	BN_mask_bits(t2,mont->ri);
+
+	if (!BN_mul(t1,t2,mont->N)) goto err;
+	if (!BN_add(t2,t1,a)) goto err;
+
+	/* At this point, t2 has the bottom ri bits set to zero.
+	 * This means that the bottom ri bits == the 1^ri minus the bottom
+	 * ri bits of a.
+	 * This means that only the bits above 'ri' in a need to be added,
+	 * and XXXXXXXXXXXXXXXXXXXXXXXX
+	 */
+BN_print_fp(stdout,t2); printf("\n");
+	BN_rshift(r,t2,mont->ri);
+
+	if (BN_ucmp(r,mont->N) >= 0)
+		BN_usub(r,r,mont->N);
+
+	return(1);
+err:
+	return(0);
+	}
+
+int BN_MONT_CTX_set(BN_MONT_CTX *mont, BIGNUM *mod, BN_CTX *ctx)
+	{
+	BIGNUM *Ri=NULL,*R=NULL;
+
+	if (mont->RR == NULL) mont->RR=BN_new();
+	if (mont->N == NULL)  mont->N=BN_new();
+
+	R=mont->RR;					/* grab RR as a temp */
+	BN_copy(mont->N,mod);				/* Set N */
+
+	mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
+	BN_lshift(R,BN_value_one(),mont->ri);			/* R */
+	if ((Ri=BN_mod_inverse(NULL,R,mod,ctx)) == NULL) goto err;/* Ri */
+	BN_lshift(Ri,Ri,mont->ri);				/* R*Ri */
+	BN_usub(Ri,Ri,BN_value_one());				/* R*Ri - 1 */
+	BN_div(Ri,NULL,Ri,mod,ctx);
+	if (mont->Ni != NULL) BN_free(mont->Ni);
+	mont->Ni=Ri;					/* Ni=(R*Ri-1)/N */
+
+	/* setup RR for conversions */
+	BN_lshift(mont->RR,BN_value_one(),mont->ri*2);
+	BN_mod(mont->RR,mont->RR,mont->N,ctx);
+
+	return(1);
+err:
+	return(0);
+	}
+
+
+#endif
diff --git a/lib/libssl/src/crypto/bn/todo b/lib/libssl/src/crypto/bn/todo
new file mode 100644
index 00000000000..e47e381aea1
--- /dev/null
+++ b/lib/libssl/src/crypto/bn/todo
@@ -0,0 +1,3 @@
+Cache RECP_CTX values
+make the result argument independant of the inputs.
+split up the _exp_ functions
diff --git a/lib/libssl/src/crypto/bn/vms-helper.c b/lib/libssl/src/crypto/bn/vms-helper.c
new file mode 100644
index 00000000000..73af3370695
--- /dev/null
+++ b/lib/libssl/src/crypto/bn/vms-helper.c
@@ -0,0 +1,66 @@
+/* vms-helper.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+bn_div_words_abort(int i)
+{
+#if !defined(NO_STDIO) && !defined(WIN16)
+	fprintf(stderr,"Division would overflow (%d)\n",i);
+#endif
+	abort();
+}
diff --git a/lib/libssl/src/crypto/buffer/Makefile.ssl b/lib/libssl/src/crypto/buffer/Makefile.ssl
index a5f150e5231..b615c4c12db 100644
--- a/lib/libssl/src/crypto/buffer/Makefile.ssl
+++ b/lib/libssl/src/crypto/buffer/Makefile.ssl
@@ -7,23 +7,23 @@ TOP=	../..
 CC=	cc
 INCLUDES= -I.. -I../../include
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
-ERR=buffer
-ERRC=buf_err
 GENERAL=Makefile
 TEST=
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= buffer.c $(ERRC).c
-LIBOBJ= buffer.o $(ERRC).o
+LIBSRC= buffer.c buf_err.c
+LIBOBJ= buffer.o buf_err.o
 
 SRC= $(LIBSRC)
 
@@ -39,24 +39,23 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -68,17 +67,20 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
-	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+buf_err.o: ../../include/openssl/buffer.h ../../include/openssl/err.h
+buffer.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+buffer.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+buffer.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+buffer.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+buffer.o: ../../include/openssl/stack.h ../cryptlib.h
diff --git a/lib/libssl/src/crypto/buffer/buf_err.c b/lib/libssl/src/crypto/buffer/buf_err.c
index ff988852cc7..7f9fd1f6c36 100644
--- a/lib/libssl/src/crypto/buffer/buf_err.c
+++ b/lib/libssl/src/crypto/buffer/buf_err.c
@@ -1,63 +1,65 @@
-/* lib/buf/buf_err.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* crypto/buffer/buf_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
  */
+
 #include <stdio.h>
-#include "err.h"
-#include "buffer.h"
+#include <openssl/err.h>
+#include <openssl/buffer.h>
 
 /* BEGIN ERROR CODES */
 #ifndef NO_ERR
@@ -66,21 +68,26 @@ static ERR_STRING_DATA BUF_str_functs[]=
 {ERR_PACK(0,BUF_F_BUF_MEM_GROW,0),	"BUF_MEM_grow"},
 {ERR_PACK(0,BUF_F_BUF_MEM_NEW,0),	"BUF_MEM_new"},
 {ERR_PACK(0,BUF_F_BUF_STRDUP,0),	"BUF_strdup"},
-{ERR_PACK(0,BUF_F_PXYCLNT_READ,0),	"PXYCLNT_READ"},
-{0,NULL},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA BUF_str_reasons[]=
+	{
+{0,NULL}
 	};
 
 #endif
 
-void ERR_load_BUF_strings()
+void ERR_load_BUF_strings(void)
 	{
 	static int init=1;
 
-	if (init);
-		{;
+	if (init)
+		{
 		init=0;
 #ifndef NO_ERR
 		ERR_load_strings(ERR_LIB_BUF,BUF_str_functs);
+		ERR_load_strings(ERR_LIB_BUF,BUF_str_reasons);
 #endif
 
 		}
diff --git a/lib/libssl/src/crypto/buffer/buffer.c b/lib/libssl/src/crypto/buffer/buffer.c
index 7e8af9e2fa3..c3a108ea521 100644
--- a/lib/libssl/src/crypto/buffer/buffer.c
+++ b/lib/libssl/src/crypto/buffer/buffer.c
@@ -58,13 +58,13 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "buffer.h"
+#include <openssl/buffer.h>
 
-BUF_MEM *BUF_MEM_new()
+BUF_MEM *BUF_MEM_new(void)
 	{
 	BUF_MEM *ret;
 
-	ret=(BUF_MEM *)Malloc(sizeof(BUF_MEM));
+	ret=Malloc(sizeof(BUF_MEM));
 	if (ret == NULL)
 		{
 		BUFerr(BUF_F_BUF_MEM_NEW,ERR_R_MALLOC_FAILURE);
@@ -76,9 +76,11 @@ BUF_MEM *BUF_MEM_new()
 	return(ret);
 	}
 
-void BUF_MEM_free(a)
-BUF_MEM *a;
+void BUF_MEM_free(BUF_MEM *a)
 	{
+	if(a == NULL)
+	    return;
+
 	if (a->data != NULL)
 		{
 		memset(a->data,0,(unsigned int)a->max);
@@ -87,9 +89,7 @@ BUF_MEM *a;
 	Free(a);
 	}
 
-int BUF_MEM_grow(str, len)
-BUF_MEM *str;
-int len;
+int BUF_MEM_grow(BUF_MEM *str, int len)
 	{
 	char *ret;
 	unsigned int n;
@@ -101,15 +101,15 @@ int len;
 		}
 	if (str->max >= len)
 		{
-		memset(&(str->data[str->length]),0,len-str->length);
+		memset(&str->data[str->length],0,len-str->length);
 		str->length=len;
 		return(len);
 		}
 	n=(len+3)/3*4;
 	if (str->data == NULL)
-		ret=(char *)Malloc(n);
+		ret=Malloc(n);
 	else
-		ret=(char *)Realloc(str->data,n);
+		ret=Realloc(str->data,n);
 	if (ret == NULL)
 		{
 		BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
@@ -124,8 +124,7 @@ int len;
 	return(len);
 	}
 
-char *BUF_strdup(str)
-char *str;
+char *BUF_strdup(const char *str)
 	{
 	char *ret;
 	int n;
diff --git a/lib/libssl/src/crypto/buffer/buffer.err b/lib/libssl/src/crypto/buffer/buffer.err
deleted file mode 100644
index 62b775e637f..00000000000
--- a/lib/libssl/src/crypto/buffer/buffer.err
+++ /dev/null
@@ -1,9 +0,0 @@
-/* Error codes for the BUF functions. */
-
-/* Function codes. */
-#define BUF_F_BUF_MEM_GROW				 100
-#define BUF_F_BUF_MEM_NEW				 101
-#define BUF_F_BUF_STRDUP				 102
-#define BUF_F_PXYCLNT_READ				 103
-
-/* Reason codes. */
diff --git a/lib/libssl/src/crypto/buffer/buffer.h b/lib/libssl/src/crypto/buffer/buffer.h
index 417548c04a4..bff26bf3919 100644
--- a/lib/libssl/src/crypto/buffer/buffer.h
+++ b/lib/libssl/src/crypto/buffer/buffer.h
@@ -70,36 +70,27 @@ typedef struct buf_mem_st
 	int max;	/* size of buffer */
 	} BUF_MEM;
 
-#ifndef NOPROTO
 BUF_MEM *BUF_MEM_new(void);
 void	BUF_MEM_free(BUF_MEM *a);
 int	BUF_MEM_grow(BUF_MEM *str, int len);
-char *	BUF_strdup(char *str);
+char *	BUF_strdup(const char *str);
 
 void ERR_load_BUF_strings(void );
 
-#else
-
-BUF_MEM *BUF_MEM_new();
-void	BUF_MEM_free();
-int	BUF_MEM_grow();
-char *	BUF_strdup();
-
-void ERR_load_BUF_strings();
-
-#endif
-
 /* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
 /* Error codes for the BUF functions. */
 
 /* Function codes. */
 #define BUF_F_BUF_MEM_GROW				 100
 #define BUF_F_BUF_MEM_NEW				 101
 #define BUF_F_BUF_STRDUP				 102
-#define BUF_F_PXYCLNT_READ				 103
 
 /* Reason codes. */
- 
+
 #ifdef  __cplusplus
 }
 #endif
diff --git a/lib/libssl/src/crypto/cast/Makefile.ssl b/lib/libssl/src/crypto/cast/Makefile.ssl
index 0143827ae5d..cc040576ae6 100644
--- a/lib/libssl/src/crypto/cast/Makefile.ssl
+++ b/lib/libssl/src/crypto/cast/Makefile.ssl
@@ -8,9 +8,11 @@ CC=	cc
 CPP=	$(CC) -E
 INCLUDES=
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -45,7 +47,7 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 	@touch lib
 
 # elf
@@ -64,26 +66,25 @@ asm/cx86-out.o: asm/cx86unix.cpp
 
 # bsdi
 asm/cx86bsdi.o: asm/cx86unix.cpp
-	$(CPP) -DBSDI asm/cx86unix.cpp | as -o asm/cx86bsdi.o
+	$(CPP) -DBSDI asm/cx86unix.cpp | sed 's/ :/:/' | as -o asm/cx86bsdi.o
 
-asm/cx86unix.cpp:
-	(cd asm; perl cast-586.pl cpp >cx86unix.cpp)
+asm/cx86unix.cpp: asm/cast-586.pl
+	(cd asm; $(PERL) cast-586.pl cpp $(PROCESSOR) >cx86unix.cpp)
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -95,15 +96,29 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
+	rm -f asm/cx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+c_cfb64.o: ../../include/openssl/cast.h ../../include/openssl/e_os.h
+c_cfb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_cfb64.o: cast_lcl.h
+c_ecb.o: ../../include/openssl/cast.h ../../include/openssl/e_os.h
+c_ecb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_ecb.o: ../../include/openssl/opensslv.h cast_lcl.h
+c_enc.o: ../../include/openssl/cast.h ../../include/openssl/e_os.h
+c_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_enc.o: cast_lcl.h
+c_ofb64.o: ../../include/openssl/cast.h ../../include/openssl/e_os.h
+c_ofb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_ofb64.o: cast_lcl.h
+c_skey.o: ../../include/openssl/cast.h ../../include/openssl/e_os.h
+c_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_skey.o: cast_lcl.h cast_s.h
diff --git a/lib/libssl/src/crypto/cast/Makefile.uni b/lib/libssl/src/crypto/cast/Makefile.uni
index 780073e75b9..a5870897cfa 100644
--- a/lib/libssl/src/crypto/cast/Makefile.uni
+++ b/lib/libssl/src/crypto/cast/Makefile.uni
@@ -24,6 +24,7 @@ MAKE=           make
 MAKEDEPEND=     makedepend
 MAKEFILE=       Makefile.uni
 AR=             ar r
+RANLIB=         ranlib
 
 CAST_ENC=c_enc.o
 # or use
@@ -55,7 +56,7 @@ all:    $(LIB) $(TEST) $(APPS)
 
 $(LIB):    $(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 # elf
 asm/cx86-elf.o: asm/cx86unix.cpp
 	$(CPP) -DELF asm/cx86unix.cpp | as -o asm/cx86-elf.o
diff --git a/lib/libssl/src/crypto/cast/asm/c-win32.asm b/lib/libssl/src/crypto/cast/asm/c-win32.asm
index a1d8a2671a0..ba78a3c69c5 100644
--- a/lib/libssl/src/crypto/cast/asm/c-win32.asm
+++ b/lib/libssl/src/crypto/cast/asm/c-win32.asm
@@ -25,6 +25,9 @@ _CAST_encrypt PROC NEAR
 	; Load the 2 words
 	mov	edi,		DWORD PTR [ebx]
 	mov	esi,		DWORD PTR 4[ebx]
+	; Get short key flag
+	mov	eax,		DWORD PTR 128[ebp]
+	push	eax
 	xor	eax,		eax
 	; round 0
 	mov	edx,		DWORD PTR [ebp]
@@ -278,6 +281,10 @@ _CAST_encrypt PROC NEAR
 	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
 	sub	ecx,		ebx
 	xor	esi,		ecx
+	; test short key flag
+	pop	edx
+	or	edx,		edx
+	jnz	$L000cast_enc_done
 	; round 12
 	mov	edx,		DWORD PTR 96[ebp]
 	mov	ecx,		DWORD PTR 100[ebp]
@@ -361,9 +368,10 @@ _CAST_encrypt PROC NEAR
 	sub	ecx,		ebx
 	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
 	add	ecx,		ebx
-	mov	eax,		DWORD PTR 20[esp]
 	xor	esi,		ecx
+$L000cast_enc_done:
 	nop
+	mov	eax,		DWORD PTR 20[esp]
 	mov	DWORD PTR 4[eax],edi
 	mov	DWORD PTR [eax],esi
 	pop	edi
@@ -391,6 +399,10 @@ _CAST_decrypt PROC NEAR
 	; Load the 2 words
 	mov	edi,		DWORD PTR [ebx]
 	mov	esi,		DWORD PTR 4[ebx]
+	; Get short key flag
+	mov	eax,		DWORD PTR 128[ebp]
+	or	eax,		eax
+	jnz	$L001cast_dec_skip
 	xor	eax,		eax
 	; round 15
 	mov	edx,		DWORD PTR 120[ebp]
@@ -476,6 +488,7 @@ _CAST_decrypt PROC NEAR
 	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
 	add	ecx,		ebx
 	xor	esi,		ecx
+$L001cast_dec_skip:
 	; round 11
 	mov	edx,		DWORD PTR 88[ebp]
 	mov	ecx,		DWORD PTR 92[ebp]
@@ -727,9 +740,9 @@ _CAST_decrypt PROC NEAR
 	sub	ecx,		ebx
 	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
 	add	ecx,		ebx
-	mov	eax,		DWORD PTR 20[esp]
 	xor	esi,		ecx
 	nop
+	mov	eax,		DWORD PTR 20[esp]
 	mov	DWORD PTR 4[eax],edi
 	mov	DWORD PTR [eax],esi
 	pop	edi
@@ -767,12 +780,12 @@ _CAST_cbc_encrypt PROC NEAR
 	push	eax
 	push	ebx
 	cmp	ecx,		0
-	jz	$L000decrypt
+	jz	$L002decrypt
 	and	ebp,		4294967288
 	mov	eax,		DWORD PTR 8[esp]
 	mov	ebx,		DWORD PTR 12[esp]
-	jz	$L001encrypt_finish
-L002encrypt_loop:
+	jz	$L003encrypt_finish
+L004encrypt_loop:
 	mov	ecx,		DWORD PTR [esi]
 	mov	edx,		DWORD PTR 4[esi]
 	xor	eax,		ecx
@@ -791,35 +804,35 @@ L002encrypt_loop:
 	add	esi,		8
 	add	edi,		8
 	sub	ebp,		8
-	jnz	L002encrypt_loop
-$L001encrypt_finish:
+	jnz	L004encrypt_loop
+$L003encrypt_finish:
 	mov	ebp,		DWORD PTR 52[esp]
 	and	ebp,		7
-	jz	$L003finish
+	jz	$L005finish
 	xor	ecx,		ecx
 	xor	edx,		edx
-	mov	ebp,		DWORD PTR $L004cbc_enc_jmp_table[ebp*4]
+	mov	ebp,		DWORD PTR $L006cbc_enc_jmp_table[ebp*4]
 	jmp	 ebp
-L005ej7:
+L007ej7:
 	xor	edx,		edx
 	mov	dh,		BYTE PTR 6[esi]
 	shl	edx,		8
-L006ej6:
+L008ej6:
 	mov	dh,		BYTE PTR 5[esi]
-L007ej5:
+L009ej5:
 	mov	dl,		BYTE PTR 4[esi]
-L008ej4:
+L010ej4:
 	mov	ecx,		DWORD PTR [esi]
-	jmp	$L009ejend
-L010ej3:
+	jmp	$L011ejend
+L012ej3:
 	mov	ch,		BYTE PTR 2[esi]
 	xor	ecx,		ecx
 	shl	ecx,		8
-L011ej2:
+L013ej2:
 	mov	ch,		BYTE PTR 1[esi]
-L012ej1:
+L014ej1:
 	mov	cl,		BYTE PTR [esi]
-$L009ejend:
+$L011ejend:
 	xor	eax,		ecx
 	xor	ebx,		edx
 	bswap	eax
@@ -833,13 +846,13 @@ $L009ejend:
 	bswap	ebx
 	mov	DWORD PTR [edi],eax
 	mov	DWORD PTR 4[edi],ebx
-	jmp	$L003finish
-$L000decrypt:
+	jmp	$L005finish
+$L002decrypt:
 	and	ebp,		4294967288
 	mov	eax,		DWORD PTR 16[esp]
 	mov	ebx,		DWORD PTR 20[esp]
-	jz	$L013decrypt_finish
-L014decrypt_loop:
+	jz	$L015decrypt_finish
+L016decrypt_loop:
 	mov	eax,		DWORD PTR [esi]
 	mov	ebx,		DWORD PTR 4[esi]
 	bswap	eax
@@ -864,11 +877,11 @@ L014decrypt_loop:
 	add	esi,		8
 	add	edi,		8
 	sub	ebp,		8
-	jnz	L014decrypt_loop
-$L013decrypt_finish:
+	jnz	L016decrypt_loop
+$L015decrypt_finish:
 	mov	ebp,		DWORD PTR 52[esp]
 	and	ebp,		7
-	jz	$L003finish
+	jz	$L005finish
 	mov	eax,		DWORD PTR [esi]
 	mov	ebx,		DWORD PTR 4[esi]
 	bswap	eax
@@ -886,28 +899,28 @@ $L013decrypt_finish:
 	xor	edx,		ebx
 	mov	eax,		DWORD PTR [esi]
 	mov	ebx,		DWORD PTR 4[esi]
-L015dj7:
+L017dj7:
 	ror	edx,		16
 	mov	BYTE PTR 6[edi],dl
 	shr	edx,		16
-L016dj6:
+L018dj6:
 	mov	BYTE PTR 5[edi],dh
-L017dj5:
+L019dj5:
 	mov	BYTE PTR 4[edi],dl
-L018dj4:
+L020dj4:
 	mov	DWORD PTR [edi],ecx
-	jmp	$L019djend
-L020dj3:
+	jmp	$L021djend
+L022dj3:
 	ror	ecx,		16
 	mov	BYTE PTR 2[edi],cl
 	shl	ecx,		16
-L021dj2:
+L023dj2:
 	mov	BYTE PTR 1[esi],ch
-L022dj1:
+L024dj1:
 	mov	BYTE PTR [esi],	cl
-$L019djend:
-	jmp	$L003finish
-$L003finish:
+$L021djend:
+	jmp	$L005finish
+$L005finish:
 	mov	ecx,		DWORD PTR 60[esp]
 	add	esp,		24
 	mov	DWORD PTR [ecx],eax
@@ -917,24 +930,24 @@ $L003finish:
 	pop	ebx
 	pop	ebp
 	ret
-$L004cbc_enc_jmp_table:
+$L006cbc_enc_jmp_table:
 	DD	0
-	DD	L012ej1
-	DD	L011ej2
-	DD	L010ej3
-	DD	L008ej4
-	DD	L007ej5
-	DD	L006ej6
-	DD	L005ej7
-L023cbc_dec_jmp_table:
+	DD	L014ej1
+	DD	L013ej2
+	DD	L012ej3
+	DD	L010ej4
+	DD	L009ej5
+	DD	L008ej6
+	DD	L007ej7
+L025cbc_dec_jmp_table:
 	DD	0
-	DD	L022dj1
-	DD	L021dj2
-	DD	L020dj3
-	DD	L018dj4
-	DD	L017dj5
-	DD	L016dj6
-	DD	L015dj7
+	DD	L024dj1
+	DD	L023dj2
+	DD	L022dj3
+	DD	L020dj4
+	DD	L019dj5
+	DD	L018dj6
+	DD	L017dj7
 _CAST_cbc_encrypt ENDP
 _TEXT	ENDS
 END
diff --git a/lib/libssl/src/crypto/cast/asm/cast-586.pl b/lib/libssl/src/crypto/cast/asm/cast-586.pl
index d0be004c995..6be0bfe5724 100644
--- a/lib/libssl/src/crypto/cast/asm/cast-586.pl
+++ b/lib/libssl/src/crypto/cast/asm/cast-586.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 
 # define for pentium pro friendly version
 $ppro=1;
@@ -7,7 +7,7 @@ push(@INC,"perlasm","../../perlasm");
 require "x86asm.pl";
 require "cbc.pl";
 
-&asm_init($ARGV[0],"cast-586.pl");
+&asm_init($ARGV[0],"cast-586.pl",$ARGV[$#ARGV] eq "386");
 
 $CAST_ROUNDS=16;
 $L="edi";
@@ -32,136 +32,145 @@ $S4="CAST_S_table3";
 
 &asm_finish();
 
-sub CAST_encrypt
-	{
-	local($name,$enc)=@_;
+sub CAST_encrypt {
+    local($name,$enc)=@_;
 
-	local($win_ex)=<<"EOF";
+    local($win_ex)=<<"EOF";
 EXTERN	_CAST_S_table0:DWORD
 EXTERN	_CAST_S_table1:DWORD
 EXTERN	_CAST_S_table2:DWORD
 EXTERN	_CAST_S_table3:DWORD
 EOF
-	&main'external_label(
-		"CAST_S_table0",
-		"CAST_S_table1",
-		"CAST_S_table2",
-		"CAST_S_table3",
-		);
-
-	&function_begin_B($name,$win_ex);
-
-	&comment("");
-
-	&push("ebp");
-	&push("ebx");
-	&mov($tmp2,&wparam(0));
-	&mov($K,&wparam(1));
-	&push("esi");
-	&push("edi");
-
-	&comment("Load the 2 words");
-	&mov($L,&DWP(0,$tmp2,"",0));
-	&mov($R,&DWP(4,$tmp2,"",0));
-
-	&xor(	$tmp3,	$tmp3);
-
-	# encrypting part
-
-	if ($enc)
-		{
-		&E_CAST( 0,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST( 1,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST( 2,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST( 3,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST( 4,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST( 5,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST( 6,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST( 7,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST( 8,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST( 9,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST(10,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST(11,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST(12,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST(13,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST(14,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST(15,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4,1);
-		}
-	else
-		{
-		&E_CAST(15,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST(14,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST(13,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST(12,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST(11,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST(10,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST( 9,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST( 8,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST( 7,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST( 6,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST( 5,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST( 4,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST( 3,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST( 2,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST( 1,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST( 0,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4,1);
-		}
-
-	&nop();
-	&mov(&DWP(4,$tmp3,"",0),$L);
-	&mov(&DWP(0,$tmp3,"",0),$R);
-	&function_end($name);
-	}
-
-sub E_CAST
-	{
-	local($i,$S,$L,$R,$K,$OP1,$OP2,$OP3,$tmp1,$tmp2,$tmp3,$tmp4,$lst)=@_;
-	# Ri needs to have 16 pre added.
-
-	&comment("round $i");
-	&mov(	$tmp4,		&DWP($i*8,$K,"",1));
-
-	&mov(	$tmp1,		&DWP($i*8+4,$K,"",1));# must be word
-	&$OP1(	$tmp4,		$R);
-
-	&rotl(	$tmp4,		&LB($tmp1));
-
-	if ($ppro)
-		{
-		&mov(	$tmp2,		$tmp4);		# B
-		&xor(	$tmp1,		$tmp1);
-
-		&movb(	&LB($tmp1),	&HB($tmp4));	# A
-		&and(	$tmp2,		0xff);
-
-		&shr(	$tmp4,		16); 		#
-		&xor(	$tmp3,		$tmp3);
-		}
-	else
-		{
-		&mov(	$tmp2,		$tmp4);		# B
-		&movb(	&LB($tmp1),	&HB($tmp4));	# A	# BAD BAD BAD
-
-		&shr(	$tmp4,		16); 		#
-		&and(	$tmp2,		0xff);
-		}
-
-	&movb(	&LB($tmp3),	&HB($tmp4));	# C	# BAD BAD BAD
-	&and(	$tmp4,		0xff);		# D
-
-	&mov(	$tmp1,		&DWP($S1,"",$tmp1,4));
-	&mov(	$tmp2,		&DWP($S2,"",$tmp2,4));
-
-	&$OP2(	$tmp1,		$tmp2);
-	&mov(	$tmp2,		&DWP($S3,"",$tmp3,4));
-
-	&$OP3(	$tmp1,		$tmp2);
-	&mov(	$tmp2,		&DWP($S4,"",$tmp4,4));
-
-	&$OP1(	$tmp1,		$tmp2);
-	 &mov($tmp3,&wparam(0)) if $lst;
-	 # XXX
-
-	&xor(	$L,		$tmp1);
-	 # XXX
-	}
+    &main::external_label(
+			  "CAST_S_table0",
+			  "CAST_S_table1",
+			  "CAST_S_table2",
+			  "CAST_S_table3",
+			  );
+
+    &function_begin_B($name,$win_ex);
+
+    &comment("");
+
+    &push("ebp");
+    &push("ebx");
+    &mov($tmp2,&wparam(0));
+    &mov($K,&wparam(1));
+    &push("esi");
+    &push("edi");
+
+    &comment("Load the 2 words");
+    &mov($L,&DWP(0,$tmp2,"",0));
+    &mov($R,&DWP(4,$tmp2,"",0));
+
+    &comment('Get short key flag');
+    &mov($tmp3,&DWP(128,$K,"",0));
+    if($enc) {
+	&push($tmp3);
+    } else {
+	&or($tmp3,$tmp3);
+	&jnz(&label('cast_dec_skip'));
+    }
+
+    &xor($tmp3,	$tmp3);
+
+    # encrypting part
+
+    if ($enc) {
+	&E_CAST( 0,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 1,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 2,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 3,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 4,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 5,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 6,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 7,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 8,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 9,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(10,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(11,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&comment('test short key flag');
+	&pop($tmp4);
+	&or($tmp4,$tmp4);
+	&jnz(&label('cast_enc_done'));
+	&E_CAST(12,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(13,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(14,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(15,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+    } else {
+	&E_CAST(15,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(14,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(13,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(12,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&set_label('cast_dec_skip');
+	&E_CAST(11,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(10,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 9,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 8,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 7,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 6,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 5,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 4,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 3,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 2,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 1,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 0,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+    }
+
+    &set_label('cast_enc_done') if $enc;
+# Why the nop? - Ben 17/1/99
+    &nop();
+    &mov($tmp3,&wparam(0));
+    &mov(&DWP(4,$tmp3,"",0),$L);
+    &mov(&DWP(0,$tmp3,"",0),$R);
+    &function_end($name);
+}
+
+sub E_CAST {
+    local($i,$S,$L,$R,$K,$OP1,$OP2,$OP3,$tmp1,$tmp2,$tmp3,$tmp4)=@_;
+    # Ri needs to have 16 pre added.
+
+    &comment("round $i");
+    &mov(	$tmp4,		&DWP($i*8,$K,"",1));
+
+    &mov(	$tmp1,		&DWP($i*8+4,$K,"",1));
+    &$OP1(	$tmp4,		$R);
+
+    &rotl(	$tmp4,		&LB($tmp1));
+
+    if ($ppro) {
+	&mov(	$tmp2,		$tmp4);		# B
+	&xor(	$tmp1,		$tmp1);
+	
+	&movb(	&LB($tmp1),	&HB($tmp4));	# A
+	&and(	$tmp2,		0xff);
+
+	&shr(	$tmp4,		16); 		#
+	&xor(	$tmp3,		$tmp3);
+    } else {
+	&mov(	$tmp2,		$tmp4);		# B
+	&movb(	&LB($tmp1),	&HB($tmp4));	# A	# BAD BAD BAD
+	
+	&shr(	$tmp4,		16); 		#
+	&and(	$tmp2,		0xff);
+    }
+
+    &movb(	&LB($tmp3),	&HB($tmp4));	# C	# BAD BAD BAD
+    &and(	$tmp4,		0xff);		# D
+
+    &mov(	$tmp1,		&DWP($S1,"",$tmp1,4));
+    &mov(	$tmp2,		&DWP($S2,"",$tmp2,4));
+
+    &$OP2(	$tmp1,		$tmp2);
+    &mov(	$tmp2,		&DWP($S3,"",$tmp3,4));
+
+    &$OP3(	$tmp1,		$tmp2);
+    &mov(	$tmp2,		&DWP($S4,"",$tmp4,4));
+
+    &$OP1(	$tmp1,		$tmp2);
+    # XXX
+
+    &xor(	$L,		$tmp1);
+    # XXX
+}
+
diff --git a/lib/libssl/src/crypto/cast/asm/cx86unix.cpp b/lib/libssl/src/crypto/cast/asm/cx86unix.cpp
deleted file mode 100644
index 035692a5af7..00000000000
--- a/lib/libssl/src/crypto/cast/asm/cx86unix.cpp
+++ /dev/null
@@ -1,1010 +0,0 @@
-/* Run the C pre-processor over this file with one of the following defined
- * ELF - elf object files,
- * OUT - a.out object files,
- * BSDI - BSDI style a.out object files
- * SOL - Solaris style elf
- */
-
-#define TYPE(a,b)       .type   a,b
-#define SIZE(a,b)       .size   a,b
-
-#if defined(OUT) || defined(BSDI)
-#define CAST_S_table0 _CAST_S_table0
-#define CAST_S_table1 _CAST_S_table1
-#define CAST_S_table2 _CAST_S_table2
-#define CAST_S_table3 _CAST_S_table3
-#define CAST_encrypt _CAST_encrypt
-#define CAST_S_table0 _CAST_S_table0
-#define CAST_S_table1 _CAST_S_table1
-#define CAST_S_table2 _CAST_S_table2
-#define CAST_S_table3 _CAST_S_table3
-#define CAST_decrypt _CAST_decrypt
-#define CAST_cbc_encrypt _CAST_cbc_encrypt
-
-#endif
-
-#ifdef OUT
-#define OK	1
-#define ALIGN	4
-#endif
-
-#ifdef BSDI
-#define OK              1
-#define ALIGN           4
-#undef SIZE
-#undef TYPE
-#define SIZE(a,b)
-#define TYPE(a,b)
-#endif
-
-#if defined(ELF) || defined(SOL)
-#define OK              1
-#define ALIGN           16
-#endif
-
-#ifndef OK
-You need to define one of
-ELF - elf systems - linux-elf, NetBSD and DG-UX
-OUT - a.out systems - linux-a.out and FreeBSD
-SOL - solaris systems, which are elf with strange comment lines
-BSDI - a.out with a very primative version of as.
-#endif
-
-/* Let the Assembler begin :-) */
-	/* Don't even think of reading this code */
-	/* It was automatically generated by cast-586.pl */
-	/* Which is a perl program used to generate the x86 assember for */
-	/* any of elf, a.out, BSDI,Win32, or Solaris */
-	/* eric <eay@cryptsoft.com> */
-
-	.file	"cast-586.s"
-	.version	"01.01"
-gcc2_compiled.:
-.text
-	.align ALIGN
-.globl CAST_encrypt
-	TYPE(CAST_encrypt,@function)
-CAST_encrypt:
-
-	pushl	%ebp
-	pushl	%ebx
-	movl	12(%esp),	%ebx
-	movl	16(%esp),	%ebp
-	pushl	%esi
-	pushl	%edi
-	/* Load the 2 words */
-	movl	(%ebx),		%edi
-	movl	4(%ebx),	%esi
-	xorl	%eax,		%eax
-	/* round 0 */
-	movl	(%ebp),		%edx
-	movl	4(%ebp),	%ecx
-	addl	%esi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	addl	%ebx,		%ecx
-	xorl	%ecx,		%edi
-	/* round 1 */
-	movl	8(%ebp),	%edx
-	movl	12(%ebp),	%ecx
-	xorl	%edi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	xorl	%ebx,		%ecx
-	xorl	%ecx,		%esi
-	/* round 2 */
-	movl	16(%ebp),	%edx
-	movl	20(%ebp),	%ecx
-	subl	%esi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	subl	%ebx,		%ecx
-	xorl	%ecx,		%edi
-	/* round 3 */
-	movl	24(%ebp),	%edx
-	movl	28(%ebp),	%ecx
-	addl	%edi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	addl	%ebx,		%ecx
-	xorl	%ecx,		%esi
-	/* round 4 */
-	movl	32(%ebp),	%edx
-	movl	36(%ebp),	%ecx
-	xorl	%esi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	xorl	%ebx,		%ecx
-	xorl	%ecx,		%edi
-	/* round 5 */
-	movl	40(%ebp),	%edx
-	movl	44(%ebp),	%ecx
-	subl	%edi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	subl	%ebx,		%ecx
-	xorl	%ecx,		%esi
-	/* round 6 */
-	movl	48(%ebp),	%edx
-	movl	52(%ebp),	%ecx
-	addl	%esi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	addl	%ebx,		%ecx
-	xorl	%ecx,		%edi
-	/* round 7 */
-	movl	56(%ebp),	%edx
-	movl	60(%ebp),	%ecx
-	xorl	%edi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	xorl	%ebx,		%ecx
-	xorl	%ecx,		%esi
-	/* round 8 */
-	movl	64(%ebp),	%edx
-	movl	68(%ebp),	%ecx
-	subl	%esi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	subl	%ebx,		%ecx
-	xorl	%ecx,		%edi
-	/* round 9 */
-	movl	72(%ebp),	%edx
-	movl	76(%ebp),	%ecx
-	addl	%edi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	addl	%ebx,		%ecx
-	xorl	%ecx,		%esi
-	/* round 10 */
-	movl	80(%ebp),	%edx
-	movl	84(%ebp),	%ecx
-	xorl	%esi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	xorl	%ebx,		%ecx
-	xorl	%ecx,		%edi
-	/* round 11 */
-	movl	88(%ebp),	%edx
-	movl	92(%ebp),	%ecx
-	subl	%edi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	subl	%ebx,		%ecx
-	xorl	%ecx,		%esi
-	/* round 12 */
-	movl	96(%ebp),	%edx
-	movl	100(%ebp),	%ecx
-	addl	%esi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	addl	%ebx,		%ecx
-	xorl	%ecx,		%edi
-	/* round 13 */
-	movl	104(%ebp),	%edx
-	movl	108(%ebp),	%ecx
-	xorl	%edi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	xorl	%ebx,		%ecx
-	xorl	%ecx,		%esi
-	/* round 14 */
-	movl	112(%ebp),	%edx
-	movl	116(%ebp),	%ecx
-	subl	%esi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	subl	%ebx,		%ecx
-	xorl	%ecx,		%edi
-	/* round 15 */
-	movl	120(%ebp),	%edx
-	movl	124(%ebp),	%ecx
-	addl	%edi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	addl	%ebx,		%ecx
-	movl	20(%esp),	%eax
-	xorl	%ecx,		%esi
-	nop
-	movl	%edi,		4(%eax)
-	movl	%esi,		(%eax)
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.CAST_encrypt_end:
-	SIZE(CAST_encrypt,.CAST_encrypt_end-CAST_encrypt)
-.ident	"CAST_encrypt"
-.text
-	.align ALIGN
-.globl CAST_decrypt
-	TYPE(CAST_decrypt,@function)
-CAST_decrypt:
-
-	pushl	%ebp
-	pushl	%ebx
-	movl	12(%esp),	%ebx
-	movl	16(%esp),	%ebp
-	pushl	%esi
-	pushl	%edi
-	/* Load the 2 words */
-	movl	(%ebx),		%edi
-	movl	4(%ebx),	%esi
-	xorl	%eax,		%eax
-	/* round 15 */
-	movl	120(%ebp),	%edx
-	movl	124(%ebp),	%ecx
-	addl	%esi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	addl	%ebx,		%ecx
-	xorl	%ecx,		%edi
-	/* round 14 */
-	movl	112(%ebp),	%edx
-	movl	116(%ebp),	%ecx
-	subl	%edi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	subl	%ebx,		%ecx
-	xorl	%ecx,		%esi
-	/* round 13 */
-	movl	104(%ebp),	%edx
-	movl	108(%ebp),	%ecx
-	xorl	%esi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	xorl	%ebx,		%ecx
-	xorl	%ecx,		%edi
-	/* round 12 */
-	movl	96(%ebp),	%edx
-	movl	100(%ebp),	%ecx
-	addl	%edi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	addl	%ebx,		%ecx
-	xorl	%ecx,		%esi
-	/* round 11 */
-	movl	88(%ebp),	%edx
-	movl	92(%ebp),	%ecx
-	subl	%esi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	subl	%ebx,		%ecx
-	xorl	%ecx,		%edi
-	/* round 10 */
-	movl	80(%ebp),	%edx
-	movl	84(%ebp),	%ecx
-	xorl	%edi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	xorl	%ebx,		%ecx
-	xorl	%ecx,		%esi
-	/* round 9 */
-	movl	72(%ebp),	%edx
-	movl	76(%ebp),	%ecx
-	addl	%esi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	addl	%ebx,		%ecx
-	xorl	%ecx,		%edi
-	/* round 8 */
-	movl	64(%ebp),	%edx
-	movl	68(%ebp),	%ecx
-	subl	%edi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	subl	%ebx,		%ecx
-	xorl	%ecx,		%esi
-	/* round 7 */
-	movl	56(%ebp),	%edx
-	movl	60(%ebp),	%ecx
-	xorl	%esi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	xorl	%ebx,		%ecx
-	xorl	%ecx,		%edi
-	/* round 6 */
-	movl	48(%ebp),	%edx
-	movl	52(%ebp),	%ecx
-	addl	%edi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	addl	%ebx,		%ecx
-	xorl	%ecx,		%esi
-	/* round 5 */
-	movl	40(%ebp),	%edx
-	movl	44(%ebp),	%ecx
-	subl	%esi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	subl	%ebx,		%ecx
-	xorl	%ecx,		%edi
-	/* round 4 */
-	movl	32(%ebp),	%edx
-	movl	36(%ebp),	%ecx
-	xorl	%edi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	xorl	%ebx,		%ecx
-	xorl	%ecx,		%esi
-	/* round 3 */
-	movl	24(%ebp),	%edx
-	movl	28(%ebp),	%ecx
-	addl	%esi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	addl	%ebx,		%ecx
-	xorl	%ecx,		%edi
-	/* round 2 */
-	movl	16(%ebp),	%edx
-	movl	20(%ebp),	%ecx
-	subl	%edi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	subl	%ebx,		%ecx
-	xorl	%ecx,		%esi
-	/* round 1 */
-	movl	8(%ebp),	%edx
-	movl	12(%ebp),	%ecx
-	xorl	%esi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	xorl	%ebx,		%ecx
-	xorl	%ecx,		%edi
-	/* round 0 */
-	movl	(%ebp),		%edx
-	movl	4(%ebp),	%ecx
-	addl	%edi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	addl	%ebx,		%ecx
-	movl	20(%esp),	%eax
-	xorl	%ecx,		%esi
-	nop
-	movl	%edi,		4(%eax)
-	movl	%esi,		(%eax)
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.CAST_decrypt_end:
-	SIZE(CAST_decrypt,.CAST_decrypt_end-CAST_decrypt)
-.ident	"CAST_decrypt"
-.text
-	.align ALIGN
-.globl CAST_cbc_encrypt
-	TYPE(CAST_cbc_encrypt,@function)
-CAST_cbc_encrypt:
-
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	movl	28(%esp),	%ebp
-	/* getting iv ptr from parameter 4 */
-	movl	36(%esp),	%ebx
-	movl	(%ebx),		%esi
-	movl	4(%ebx),	%edi
-	pushl	%edi
-	pushl	%esi
-	pushl	%edi
-	pushl	%esi
-	movl	%esp,		%ebx
-	movl	36(%esp),	%esi
-	movl	40(%esp),	%edi
-	/* getting encrypt flag from parameter 5 */
-	movl	56(%esp),	%ecx
-	/* get and push parameter 3 */
-	movl	48(%esp),	%eax
-	pushl	%eax
-	pushl	%ebx
-	cmpl	$0,		%ecx
-	jz	.L000decrypt
-	andl	$4294967288,	%ebp
-	movl	8(%esp),	%eax
-	movl	12(%esp),	%ebx
-	jz	.L001encrypt_finish
-.L002encrypt_loop:
-	movl	(%esi),		%ecx
-	movl	4(%esi),	%edx
-	xorl	%ecx,		%eax
-	xorl	%edx,		%ebx
-.byte 15
-.byte 200		/* bswapl  %eax */
-.byte 15
-.byte 203		/* bswapl  %ebx */
-	movl	%eax,		8(%esp)
-	movl	%ebx,		12(%esp)
-	call	CAST_encrypt
-	movl	8(%esp),	%eax
-	movl	12(%esp),	%ebx
-.byte 15
-.byte 200		/* bswapl  %eax */
-.byte 15
-.byte 203		/* bswapl  %ebx */
-	movl	%eax,		(%edi)
-	movl	%ebx,		4(%edi)
-	addl	$8,		%esi
-	addl	$8,		%edi
-	subl	$8,		%ebp
-	jnz	.L002encrypt_loop
-.L001encrypt_finish:
-	movl	52(%esp),	%ebp
-	andl	$7,		%ebp
-	jz	.L003finish
-	xorl	%ecx,		%ecx
-	xorl	%edx,		%edx
-	movl	.L004cbc_enc_jmp_table(,%ebp,4),%ebp
-	jmp	*%ebp
-.L005ej7:
-	xorl	%edx,		%edx
-	movb	6(%esi),	%dh
-	sall	$8,		%edx
-.L006ej6:
-	movb	5(%esi),	%dh
-.L007ej5:
-	movb	4(%esi),	%dl
-.L008ej4:
-	movl	(%esi),		%ecx
-	jmp	.L009ejend
-.L010ej3:
-	movb	2(%esi),	%ch
-	xorl	%ecx,		%ecx
-	sall	$8,		%ecx
-.L011ej2:
-	movb	1(%esi),	%ch
-.L012ej1:
-	movb	(%esi),		%cl
-.L009ejend:
-	xorl	%ecx,		%eax
-	xorl	%edx,		%ebx
-.byte 15
-.byte 200		/* bswapl  %eax */
-.byte 15
-.byte 203		/* bswapl  %ebx */
-	movl	%eax,		8(%esp)
-	movl	%ebx,		12(%esp)
-	call	CAST_encrypt
-	movl	8(%esp),	%eax
-	movl	12(%esp),	%ebx
-.byte 15
-.byte 200		/* bswapl  %eax */
-.byte 15
-.byte 203		/* bswapl  %ebx */
-	movl	%eax,		(%edi)
-	movl	%ebx,		4(%edi)
-	jmp	.L003finish
-.align ALIGN
-.L000decrypt:
-	andl	$4294967288,	%ebp
-	movl	16(%esp),	%eax
-	movl	20(%esp),	%ebx
-	jz	.L013decrypt_finish
-.L014decrypt_loop:
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-.byte 15
-.byte 200		/* bswapl  %eax */
-.byte 15
-.byte 203		/* bswapl  %ebx */
-	movl	%eax,		8(%esp)
-	movl	%ebx,		12(%esp)
-	call	CAST_decrypt
-	movl	8(%esp),	%eax
-	movl	12(%esp),	%ebx
-.byte 15
-.byte 200		/* bswapl  %eax */
-.byte 15
-.byte 203		/* bswapl  %ebx */
-	movl	16(%esp),	%ecx
-	movl	20(%esp),	%edx
-	xorl	%eax,		%ecx
-	xorl	%ebx,		%edx
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-	movl	%ecx,		(%edi)
-	movl	%edx,		4(%edi)
-	movl	%eax,		16(%esp)
-	movl	%ebx,		20(%esp)
-	addl	$8,		%esi
-	addl	$8,		%edi
-	subl	$8,		%ebp
-	jnz	.L014decrypt_loop
-.L013decrypt_finish:
-	movl	52(%esp),	%ebp
-	andl	$7,		%ebp
-	jz	.L003finish
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-.byte 15
-.byte 200		/* bswapl  %eax */
-.byte 15
-.byte 203		/* bswapl  %ebx */
-	movl	%eax,		8(%esp)
-	movl	%ebx,		12(%esp)
-	call	CAST_decrypt
-	movl	8(%esp),	%eax
-	movl	12(%esp),	%ebx
-.byte 15
-.byte 200		/* bswapl  %eax */
-.byte 15
-.byte 203		/* bswapl  %ebx */
-	movl	16(%esp),	%ecx
-	movl	20(%esp),	%edx
-	xorl	%eax,		%ecx
-	xorl	%ebx,		%edx
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-.L015dj7:
-	rorl	$16,		%edx
-	movb	%dl,		6(%edi)
-	shrl	$16,		%edx
-.L016dj6:
-	movb	%dh,		5(%edi)
-.L017dj5:
-	movb	%dl,		4(%edi)
-.L018dj4:
-	movl	%ecx,		(%edi)
-	jmp	.L019djend
-.L020dj3:
-	rorl	$16,		%ecx
-	movb	%cl,		2(%edi)
-	sall	$16,		%ecx
-.L021dj2:
-	movb	%ch,		1(%esi)
-.L022dj1:
-	movb	%cl,		(%esi)
-.L019djend:
-	jmp	.L003finish
-.align ALIGN
-.L003finish:
-	movl	60(%esp),	%ecx
-	addl	$24,		%esp
-	movl	%eax,		(%ecx)
-	movl	%ebx,		4(%ecx)
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.align ALIGN
-.L004cbc_enc_jmp_table:
-	.long 0
-	.long .L012ej1
-	.long .L011ej2
-	.long .L010ej3
-	.long .L008ej4
-	.long .L007ej5
-	.long .L006ej6
-	.long .L005ej7
-.align ALIGN
-.L023cbc_dec_jmp_table:
-	.long 0
-	.long .L022dj1
-	.long .L021dj2
-	.long .L020dj3
-	.long .L018dj4
-	.long .L017dj5
-	.long .L016dj6
-	.long .L015dj7
-.CAST_cbc_encrypt_end:
-	SIZE(CAST_cbc_encrypt,.CAST_cbc_encrypt_end-CAST_cbc_encrypt)
-.ident	"desasm.pl"
diff --git a/lib/libssl/src/crypto/cast/c_cfb64.c b/lib/libssl/src/crypto/cast/c_cfb64.c
index c46c375f756..514c005c325 100644
--- a/lib/libssl/src/crypto/cast/c_cfb64.c
+++ b/lib/libssl/src/crypto/cast/c_cfb64.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-#include "cast.h"
+#include <openssl/cast.h>
 #include "cast_lcl.h"
 
 /* The input and output encrypted as though 64bit cfb mode is being
@@ -64,14 +64,9 @@
  * 64bit block we have used is contained in *num;
  */
 
-void CAST_cfb64_encrypt(in, out, length, schedule, ivec, num, encrypt)
-unsigned char *in;
-unsigned char *out;
-long length;
-CAST_KEY *schedule;
-unsigned char *ivec;
-int *num;
-int encrypt;
+void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+			long length, CAST_KEY *schedule, unsigned char *ivec,
+			int *num, int enc)
 	{
 	register CAST_LONG v0,v1,t;
 	register int n= *num;
@@ -79,8 +74,8 @@ int encrypt;
 	CAST_LONG ti[2];
 	unsigned char *iv,c,cc;
 
-	iv=(unsigned char *)ivec;
-	if (encrypt)
+	iv=ivec;
+	if (enc)
 		{
 		while (l--)
 			{
@@ -89,10 +84,10 @@ int encrypt;
 				n2l(iv,v0); ti[0]=v0;
 				n2l(iv,v1); ti[1]=v1;
 				CAST_encrypt((CAST_LONG *)ti,schedule);
-				iv=(unsigned char *)ivec;
+				iv=ivec;
 				t=ti[0]; l2n(t,iv);
 				t=ti[1]; l2n(t,iv);
-				iv=(unsigned char *)ivec;
+				iv=ivec;
 				}
 			c= *(in++)^iv[n];
 			*(out++)=c;
@@ -109,10 +104,10 @@ int encrypt;
 				n2l(iv,v0); ti[0]=v0;
 				n2l(iv,v1); ti[1]=v1;
 				CAST_encrypt((CAST_LONG *)ti,schedule);
-				iv=(unsigned char *)ivec;
+				iv=ivec;
 				t=ti[0]; l2n(t,iv);
 				t=ti[1]; l2n(t,iv);
-				iv=(unsigned char *)ivec;
+				iv=ivec;
 				}
 			cc= *(in++);
 			c=iv[n];
diff --git a/lib/libssl/src/crypto/cast/c_ecb.c b/lib/libssl/src/crypto/cast/c_ecb.c
index f0f2f4df0ed..33182f2b712 100644
--- a/lib/libssl/src/crypto/cast/c_ecb.c
+++ b/lib/libssl/src/crypto/cast/c_ecb.c
@@ -56,22 +56,20 @@
  * [including the GNU Public Licence.]
  */
 
-#include "cast.h"
+#include <openssl/cast.h>
 #include "cast_lcl.h"
+#include <openssl/opensslv.h>
 
-char *CAST_version="CAST part of SSLeay 0.9.0b 29-Jun-1998";
+char *CAST_version="CAST" OPENSSL_VERSION_PTEXT;
 
-void CAST_ecb_encrypt(in, out, ks, encrypt)
-unsigned char *in;
-unsigned char *out;
-CAST_KEY *ks;
-int encrypt;
+void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
+		      CAST_KEY *ks, int enc)
 	{
 	CAST_LONG l,d[2];
 
 	n2l(in,l); d[0]=l;
 	n2l(in,l); d[1]=l;
-	if (encrypt)
+	if (enc)
 		CAST_encrypt(d,ks);
 	else
 		CAST_decrypt(d,ks);
diff --git a/lib/libssl/src/crypto/cast/c_enc.c b/lib/libssl/src/crypto/cast/c_enc.c
index d998dd4953e..0fe2cffeccf 100644
--- a/lib/libssl/src/crypto/cast/c_enc.c
+++ b/lib/libssl/src/crypto/cast/c_enc.c
@@ -56,12 +56,10 @@
  * [including the GNU Public Licence.]
  */
 
-#include "cast.h"
+#include <openssl/cast.h>
 #include "cast_lcl.h"
 
-void CAST_encrypt(data,key)
-CAST_LONG *data;
-CAST_KEY *key;
+void CAST_encrypt(CAST_LONG *data, CAST_KEY *key)
 	{
 	register CAST_LONG l,r,*k,t;
 
@@ -81,18 +79,19 @@ CAST_KEY *key;
 	E_CAST( 9,k,r,l,+,^,-);
 	E_CAST(10,k,l,r,^,-,+);
 	E_CAST(11,k,r,l,-,+,^);
-	E_CAST(12,k,l,r,+,^,-);
-	E_CAST(13,k,r,l,^,-,+);
-	E_CAST(14,k,l,r,-,+,^);
-	E_CAST(15,k,r,l,+,^,-);
+	if(!key->short_key)
+	    {
+	    E_CAST(12,k,l,r,+,^,-);
+	    E_CAST(13,k,r,l,^,-,+);
+	    E_CAST(14,k,l,r,-,+,^);
+	    E_CAST(15,k,r,l,+,^,-);
+	    }
 
 	data[1]=l&0xffffffffL;
 	data[0]=r&0xffffffffL;
 	}
 
-void CAST_decrypt(data,key)
-CAST_LONG *data;
-CAST_KEY *key;
+void CAST_decrypt(CAST_LONG *data, CAST_KEY *key)
 	{
 	register CAST_LONG l,r,*k,t;
 
@@ -100,10 +99,13 @@ CAST_KEY *key;
 	l=data[0];
 	r=data[1];
 
-	E_CAST(15,k,l,r,+,^,-);
-	E_CAST(14,k,r,l,-,+,^);
-	E_CAST(13,k,l,r,^,-,+);
-	E_CAST(12,k,r,l,+,^,-);
+	if(!key->short_key)
+	    {
+	    E_CAST(15,k,l,r,+,^,-);
+	    E_CAST(14,k,r,l,-,+,^);
+	    E_CAST(13,k,l,r,^,-,+);
+	    E_CAST(12,k,r,l,+,^,-);
+	    }
 	E_CAST(11,k,l,r,-,+,^);
 	E_CAST(10,k,r,l,^,-,+);
 	E_CAST( 9,k,l,r,+,^,-);
@@ -121,20 +123,15 @@ CAST_KEY *key;
 	data[0]=r&0xffffffffL;
 	}
 
-void CAST_cbc_encrypt(in, out, length, ks, iv, encrypt)
-unsigned char *in;
-unsigned char *out;
-long length;
-CAST_KEY *ks;
-unsigned char *iv;
-int encrypt;
+void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+	     CAST_KEY *ks, unsigned char *iv, int enc)
 	{
 	register CAST_LONG tin0,tin1;
 	register CAST_LONG tout0,tout1,xor0,xor1;
 	register long l=length;
 	CAST_LONG tin[2];
 
-	if (encrypt)
+	if (enc)
 		{
 		n2l(iv,tout0);
 		n2l(iv,tout1);
diff --git a/lib/libssl/src/crypto/cast/c_ofb64.c b/lib/libssl/src/crypto/cast/c_ofb64.c
index 2aad2d6d969..fd0469a62fa 100644
--- a/lib/libssl/src/crypto/cast/c_ofb64.c
+++ b/lib/libssl/src/crypto/cast/c_ofb64.c
@@ -56,20 +56,16 @@
  * [including the GNU Public Licence.]
  */
 
-#include "cast.h"
+#include <openssl/cast.h>
 #include "cast_lcl.h"
 
 /* The input and output encrypted as though 64bit ofb mode is being
  * used.  The extra state information to record how much of the
  * 64bit block we have used is contained in *num;
  */
-void CAST_ofb64_encrypt(in, out, length, schedule, ivec, num)
-unsigned char *in;
-unsigned char *out;
-long length;
-CAST_KEY *schedule;
-unsigned char *ivec;
-int *num;
+void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+			long length, CAST_KEY *schedule, unsigned char *ivec,
+			int *num)
 	{
 	register CAST_LONG v0,v1,t;
 	register int n= *num;
@@ -80,7 +76,7 @@ int *num;
 	unsigned char *iv;
 	int save=0;
 
-	iv=(unsigned char *)ivec;
+	iv=ivec;
 	n2l(iv,v0);
 	n2l(iv,v1);
 	ti[0]=v0;
@@ -105,7 +101,7 @@ int *num;
 		{
 		v0=ti[0];
 		v1=ti[1];
-		iv=(unsigned char *)ivec;
+		iv=ivec;
 		l2n(v0,iv);
 		l2n(v1,iv);
 		}
diff --git a/lib/libssl/src/crypto/cast/c_skey.c b/lib/libssl/src/crypto/cast/c_skey.c
index 2fc3363dcd0..acf2c3eeb51 100644
--- a/lib/libssl/src/crypto/cast/c_skey.c
+++ b/lib/libssl/src/crypto/cast/c_skey.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-#include "cast.h"
+#include <openssl/cast.h>
 #include "cast_lcl.h"
 #include "cast_s.h"
 
@@ -72,10 +72,7 @@
 #define S6 CAST_S_table6
 #define S7 CAST_S_table7
 
-void CAST_set_key(key,len,data)
-CAST_KEY *key;
-int len;
-unsigned char *data;
+void CAST_set_key(CAST_KEY *key, int len, unsigned char *data)
 	{
 	CAST_LONG x[16];
 	CAST_LONG z[16];
@@ -88,6 +85,10 @@ unsigned char *data;
 	if (len > 16) len=16;
 	for (i=0; i<len; i++)
 		x[i]=data[i];
+	if(len <= 10)
+	    key->short_key=1;
+	else
+	    key->short_key=0;
 
 	K= &k[0];
 	X[0]=((x[ 0]<<24)|(x[ 1]<<16)|(x[ 2]<<8)|x[ 3])&0xffffffffL;
diff --git a/lib/libssl/src/crypto/cast/cast.h b/lib/libssl/src/crypto/cast/cast.h
index 528cb7c8244..6cc5e8aa8cf 100644
--- a/lib/libssl/src/crypto/cast/cast.h
+++ b/lib/libssl/src/crypto/cast/cast.h
@@ -63,6 +63,10 @@
 extern "C" {
 #endif
 
+#ifdef NO_CAST
+#error CAST is disabled.
+#endif
+
 #define CAST_ENCRYPT	1
 #define CAST_DECRYPT	0
 
@@ -74,33 +78,23 @@ extern "C" {
 typedef struct cast_key_st
 	{
 	CAST_LONG data[32];
+	int short_key;	/* Use reduced rounds for short key */
 	} CAST_KEY;
 
-#ifndef NOPROTO
  
 void CAST_set_key(CAST_KEY *key, int len, unsigned char *data);
-void CAST_ecb_encrypt(unsigned char *in,unsigned char *out,CAST_KEY *key,
-	int enc);
+void CAST_ecb_encrypt(const unsigned char *in,unsigned char *out,CAST_KEY *key,
+		      int enc);
 void CAST_encrypt(CAST_LONG *data,CAST_KEY *key);
 void CAST_decrypt(CAST_LONG *data,CAST_KEY *key);
-void CAST_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
-	CAST_KEY *ks, unsigned char *iv, int enc);
-void CAST_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	CAST_KEY *schedule, unsigned char *ivec, int *num, int enc);
-void CAST_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	CAST_KEY *schedule, unsigned char *ivec, int *num);
-
-#else
-
-void CAST_set_key();
-void CAST_ecb_encrypt();
-void CAST_encrypt();
-void CAST_decrypt();
-void CAST_cbc_encrypt();
-void CAST_cfb64_encrypt();
-void CAST_ofb64_encrypt();
-
-#endif
+void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+		      CAST_KEY *ks, unsigned char *iv, int enc);
+void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+			long length, CAST_KEY *schedule, unsigned char *ivec,
+			int *num, int enc);
+void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, 
+			long length, CAST_KEY *schedule, unsigned char *ivec,
+			int *num);
 
 #ifdef  __cplusplus
 }
diff --git a/lib/libssl/src/crypto/cast/cast_lcl.h b/lib/libssl/src/crypto/cast/cast_lcl.h
index 6587952a969..83cf382a914 100644
--- a/lib/libssl/src/crypto/cast/cast_lcl.h
+++ b/lib/libssl/src/crypto/cast/cast_lcl.h
@@ -60,6 +60,9 @@
 #include <stdlib.h>
 #endif
 
+
+#include "openssl/e_os.h" /* OPENSSL_EXTERN */
+
 #undef c2l
 #define c2l(c,l)	(l =((unsigned long)(*((c)++)))    , \
 			 l|=((unsigned long)(*((c)++)))<< 8L, \
@@ -213,12 +216,11 @@
 	}
 #endif
 
-extern CAST_LONG CAST_S_table0[256];
-extern CAST_LONG CAST_S_table1[256];
-extern CAST_LONG CAST_S_table2[256];
-extern CAST_LONG CAST_S_table3[256];
-extern CAST_LONG CAST_S_table4[256];
-extern CAST_LONG CAST_S_table5[256];
-extern CAST_LONG CAST_S_table6[256];
-extern CAST_LONG CAST_S_table7[256];
-
+OPENSSL_EXTERN CAST_LONG CAST_S_table0[256];
+OPENSSL_EXTERN CAST_LONG CAST_S_table1[256];
+OPENSSL_EXTERN CAST_LONG CAST_S_table2[256];
+OPENSSL_EXTERN CAST_LONG CAST_S_table3[256];
+OPENSSL_EXTERN CAST_LONG CAST_S_table4[256];
+OPENSSL_EXTERN CAST_LONG CAST_S_table5[256];
+OPENSSL_EXTERN CAST_LONG CAST_S_table6[256];
+OPENSSL_EXTERN CAST_LONG CAST_S_table7[256];
diff --git a/lib/libssl/src/crypto/cast/cast_s.h b/lib/libssl/src/crypto/cast/cast_s.h
index 8fe01521490..9af28972c51 100644
--- a/lib/libssl/src/crypto/cast/cast_s.h
+++ b/lib/libssl/src/crypto/cast/cast_s.h
@@ -55,7 +55,7 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
-CAST_LONG CAST_S_table0[256]={
+OPENSSL_GLOBAL CAST_LONG CAST_S_table0[256]={
 	0x30fb40d4,0x9fa0ff0b,0x6beccd2f,0x3f258c7a,
 	0x1e213f2f,0x9c004dd3,0x6003e540,0xcf9fc949,
 	0xbfd4af27,0x88bbbdb5,0xe2034090,0x98d09675,
@@ -121,7 +121,7 @@ CAST_LONG CAST_S_table0[256]={
 	0x1a69e783,0x02cc4843,0xa2f7c579,0x429ef47d,
 	0x427b169c,0x5ac9f049,0xdd8f0f00,0x5c8165bf,
 	};
-CAST_LONG CAST_S_table1[256]={
+OPENSSL_GLOBAL CAST_LONG CAST_S_table1[256]={
 	0x1f201094,0xef0ba75b,0x69e3cf7e,0x393f4380,
 	0xfe61cf7a,0xeec5207a,0x55889c94,0x72fc0651,
 	0xada7ef79,0x4e1d7235,0xd55a63ce,0xde0436ba,
@@ -187,7 +187,7 @@ CAST_LONG CAST_S_table1[256]={
 	0x43d79572,0x7e6dd07c,0x06dfdf1e,0x6c6cc4ef,
 	0x7160a539,0x73bfbe70,0x83877605,0x4523ecf1,
 	};
-CAST_LONG CAST_S_table2[256]={
+OPENSSL_GLOBAL CAST_LONG CAST_S_table2[256]={
 	0x8defc240,0x25fa5d9f,0xeb903dbf,0xe810c907,
 	0x47607fff,0x369fe44b,0x8c1fc644,0xaececa90,
 	0xbeb1f9bf,0xeefbcaea,0xe8cf1950,0x51df07ae,
@@ -253,7 +253,7 @@ CAST_LONG CAST_S_table2[256]={
 	0xf7baefd5,0x4142ed9c,0xa4315c11,0x83323ec5,
 	0xdfef4636,0xa133c501,0xe9d3531c,0xee353783,
 	};
-CAST_LONG CAST_S_table3[256]={
+OPENSSL_GLOBAL CAST_LONG CAST_S_table3[256]={
 	0x9db30420,0x1fb6e9de,0xa7be7bef,0xd273a298,
 	0x4a4f7bdb,0x64ad8c57,0x85510443,0xfa020ed1,
 	0x7e287aff,0xe60fb663,0x095f35a1,0x79ebf120,
@@ -319,7 +319,7 @@ CAST_LONG CAST_S_table3[256]={
 	0x7ae5290c,0x3cb9536b,0x851e20fe,0x9833557e,
 	0x13ecf0b0,0xd3ffb372,0x3f85c5c1,0x0aef7ed2,
 	};
-CAST_LONG CAST_S_table4[256]={
+OPENSSL_GLOBAL CAST_LONG CAST_S_table4[256]={
 	0x7ec90c04,0x2c6e74b9,0x9b0e66df,0xa6337911,
 	0xb86a7fff,0x1dd358f5,0x44dd9d44,0x1731167f,
 	0x08fbf1fa,0xe7f511cc,0xd2051b00,0x735aba00,
@@ -385,7 +385,7 @@ CAST_LONG CAST_S_table4[256]={
 	0xe822fe15,0x88570983,0x750e6249,0xda627e55,
 	0x5e76ffa8,0xb1534546,0x6d47de08,0xefe9e7d4,
 	};
-CAST_LONG CAST_S_table5[256]={
+OPENSSL_GLOBAL CAST_LONG CAST_S_table5[256]={
 	0xf6fa8f9d,0x2cac6ce1,0x4ca34867,0xe2337f7c,
 	0x95db08e7,0x016843b4,0xeced5cbc,0x325553ac,
 	0xbf9f0960,0xdfa1e2ed,0x83f0579d,0x63ed86b9,
@@ -451,7 +451,7 @@ CAST_LONG CAST_S_table5[256]={
 	0xa2d762cf,0x49c92f54,0x38b5f331,0x7128a454,
 	0x48392905,0xa65b1db8,0x851c97bd,0xd675cf2f,
 	};
-CAST_LONG CAST_S_table6[256]={
+OPENSSL_GLOBAL CAST_LONG CAST_S_table6[256]={
 	0x85e04019,0x332bf567,0x662dbfff,0xcfc65693,
 	0x2a8d7f6f,0xab9bc912,0xde6008a1,0x2028da1f,
 	0x0227bce7,0x4d642916,0x18fac300,0x50f18b82,
@@ -517,7 +517,7 @@ CAST_LONG CAST_S_table6[256]={
 	0x518f36b2,0x84b1d370,0x0fedce83,0x878ddada,
 	0xf2a279c7,0x94e01be8,0x90716f4b,0x954b8aa3,
 	};
-CAST_LONG CAST_S_table7[256]={
+OPENSSL_GLOBAL CAST_LONG CAST_S_table7[256]={
 	0xe216300d,0xbbddfffc,0xa7ebdabd,0x35648095,
 	0x7789f8b7,0xe6c1121b,0x0e241600,0x052ce8b5,
 	0x11a9cfb0,0xe5952f11,0xece7990a,0x9386d174,
diff --git a/lib/libssl/src/crypto/cast/cast_spd.c b/lib/libssl/src/crypto/cast/cast_spd.c
index ab75e65386b..c0726906c20 100644
--- a/lib/libssl/src/crypto/cast/cast_spd.c
+++ b/lib/libssl/src/crypto/cast/cast_spd.c
@@ -59,19 +59,17 @@
 /* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
 /* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
 
-#ifndef MSDOS
+#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
 #define TIMES
 #endif
 
 #include <stdio.h>
-#ifndef MSDOS
-#include <unistd.h>
-#else
-#include <io.h>
-extern int exit();
-#endif
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+
 #include <signal.h>
-#ifndef VMS
 #ifndef _IRIX
 #include <time.h>
 #endif
@@ -79,34 +77,31 @@ extern int exit();
 #include <sys/types.h>
 #include <sys/times.h>
 #endif
-#else /* VMS */
-#include <types.h>
-struct tms {
-	time_t tms_utime;
-	time_t tms_stime;
-	time_t tms_uchild;	/* I dunno...  */
-	time_t tms_uchildsys;	/* so these names are a guess :-) */
-	}
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#undef TIMES
 #endif
+
 #ifndef TIMES
 #include <sys/timeb.h>
 #endif
 
-#ifdef sun
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
 #include <limits.h>
 #include <sys/param.h>
 #endif
 
-#include "cast.h"
+#include <openssl/cast.h>
 
 /* The following if from times(3) man page.  It may need to be changed */
 #ifndef HZ
 #ifndef CLK_TCK
-#ifndef VMS
-#define HZ	100.0
-#else /* VMS */
 #define HZ	100.0
-#endif
 #else /* CLK_TCK */
 #define HZ ((double)CLK_TCK)
 #endif
@@ -115,12 +110,7 @@ struct tms {
 #define BUFSIZE	((long)1024)
 long run=0;
 
-#ifndef NOPROTO
 double Time_F(int s);
-#else
-double Time_F();
-#endif
-
 #ifdef SIGALRM
 #if defined(__STDC__) || defined(sgi) || defined(_AIX)
 #define SIGRETTYPE void
@@ -128,14 +118,8 @@ double Time_F();
 #define SIGRETTYPE int
 #endif
 
-#ifndef NOPROTO
 SIGRETTYPE sig_done(int sig);
-#else
-SIGRETTYPE sig_done();
-#endif
-
-SIGRETTYPE sig_done(sig)
-int sig;
+SIGRETTYPE sig_done(int sig)
 	{
 	signal(SIGALRM,sig_done);
 	run=0;
@@ -148,8 +132,7 @@ int sig;
 #define START	0
 #define STOP	1
 
-double Time_F(s)
-int s;
+double Time_F(int s)
 	{
 	double ret;
 #ifdef TIMES
@@ -185,9 +168,7 @@ int s;
 #endif
 	}
 
-int main(argc,argv)
-int argc;
-char **argv;
+int main(int argc, char **argv)
 	{
 	long count;
 	static unsigned char buf[BUFSIZE];
diff --git a/lib/libssl/src/crypto/cast/castopts.c b/lib/libssl/src/crypto/cast/castopts.c
index 68cf5a4a60b..642e9725af6 100644
--- a/lib/libssl/src/crypto/cast/castopts.c
+++ b/lib/libssl/src/crypto/cast/castopts.c
@@ -59,19 +59,17 @@
 /* define PART1, PART2, PART3 or PART4 to build only with a few of the options.
  * This is for machines with 64k code segment size restrictions. */
 
-#ifndef MSDOS
+#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
 #define TIMES
 #endif
 
 #include <stdio.h>
-#ifndef MSDOS
-#include <unistd.h>
-#else
-#include <io.h>
-extern void exit();
-#endif
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+
 #include <signal.h>
-#ifndef VMS
 #ifndef _IRIX
 #include <time.h>
 #endif
@@ -79,25 +77,26 @@ extern void exit();
 #include <sys/types.h>
 #include <sys/times.h>
 #endif
-#else /* VMS */
-#include <types.h>
-struct tms {
-	time_t tms_utime;
-	time_t tms_stime;
-	time_t tms_uchild;	/* I dunno...  */
-	time_t tms_uchildsys;	/* so these names are a guess :-) */
-	}
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#undef TIMES
 #endif
+
 #ifndef TIMES
 #include <sys/timeb.h>
 #endif
 
-#ifdef sun
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
 #include <limits.h>
 #include <sys/param.h>
 #endif
 
-#include "cast.h"
+#include <openssl/cast.h>
 
 #define CAST_DEFAULT_OPTIONS
 
@@ -136,11 +135,7 @@ struct tms {
 #ifndef HZ
 # ifndef CLK_TCK
 #  ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
-#   ifndef VMS
-#    define HZ	100.0
-#   else /* VMS */
-#    define HZ	100.0
-#   endif
+#   define HZ	100.0
 #  else /* _BSD_CLK_TCK_ */
 #   define HZ ((double)_BSD_CLK_TCK_)
 #  endif
@@ -152,12 +147,7 @@ struct tms {
 #define BUFSIZE	((long)1024)
 long run=0;
 
-#ifndef NOPROTO
 double Time_F(int s);
-#else
-double Time_F();
-#endif
-
 #ifdef SIGALRM
 #if defined(__STDC__) || defined(sgi)
 #define SIGRETTYPE void
@@ -165,14 +155,8 @@ double Time_F();
 #define SIGRETTYPE int
 #endif
 
-#ifndef NOPROTO
 SIGRETTYPE sig_done(int sig);
-#else
-SIGRETTYPE sig_done();
-#endif
-
-SIGRETTYPE sig_done(sig)
-int sig;
+SIGRETTYPE sig_done(int sig)
 	{
 	signal(SIGALRM,sig_done);
 	run=0;
@@ -185,8 +169,7 @@ int sig;
 #define START	0
 #define STOP	1
 
-double Time_F(s)
-int s;
+double Time_F(int s)
 	{
 	double ret;
 #ifdef TIMES
@@ -247,9 +230,7 @@ int s;
 	fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \
 		tm[index]*8,1.0e6/tm[index]);
 
-int main(argc,argv)
-int argc;
-char **argv;
+int main(int argc, char **argv)
 	{
 	long count;
 	static unsigned char buf[BUFSIZE];
diff --git a/lib/libssl/src/crypto/cast/casts.cpp b/lib/libssl/src/crypto/cast/casts.cpp
index bac7be2c9c1..8d7bd468d22 100644
--- a/lib/libssl/src/crypto/cast/casts.cpp
+++ b/lib/libssl/src/crypto/cast/casts.cpp
@@ -32,7 +32,7 @@ void GetTSC(unsigned long& tsc)
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "cast.h"
+#include <openssl/cast.h>
 
 void main(int argc,char *argv[])
 	{
diff --git a/lib/libssl/src/crypto/cast/casttest.c b/lib/libssl/src/crypto/cast/casttest.c
index 8b009bc2492..3244b119e95 100644
--- a/lib/libssl/src/crypto/cast/casttest.c
+++ b/lib/libssl/src/crypto/cast/casttest.c
@@ -59,9 +59,17 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#include "cast.h"
 
-/* #define FULL_TEST */
+#ifdef NO_CAST
+int main(int argc, char *argv[])
+{
+    printf("No CAST support\n");
+    return(0);
+}
+#else
+#include <openssl/cast.h>
+
+#define FULL_TEST
 
 unsigned char k[16]={
 	0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
@@ -70,7 +78,7 @@ unsigned char k[16]={
 
 unsigned char in[8]={ 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF};
 
-int k_len[3]={16,10};
+int k_len[3]={16,10,5};
 unsigned char c[3][8]={
 	{0x23,0x8B,0x4F,0xE5,0x84,0x7E,0x44,0xB2},
 	{0xEB,0x6A,0x71,0x1A,0x2C,0x02,0x27,0x1B},
@@ -120,104 +128,103 @@ static unsigned char cfb_cipher64[CFB_TEST_SIZE]={
 	}; 
 #endif
 
-int main(argc,argv)
-int argc;
-char *argv[];
-	{
+int main(int argc, char *argv[])
+    {
 #ifdef FULL_TEST
-	long l;
-	CAST_KEY key_b;
+    long l;
+    CAST_KEY key_b;
 #endif
-	int i,z,err=0;
-	CAST_KEY key;
+    int i,z,err=0;
+    CAST_KEY key;
 
-	for (z=0; z<1; z++)
-		{
+    for (z=0; z<3; z++)
+	{
 	CAST_set_key(&key,k_len[z],k);
 
 	CAST_ecb_encrypt(in,out,&key,CAST_ENCRYPT);
 	if (memcmp(out,&(c[z][0]),8) != 0)
-		{
-		printf("ecb cast error encrypting\n");
-		printf("got     :");
-		for (i=0; i<8; i++)
-			printf("%02X ",out[i]);
-		printf("\n");
-		printf("expected:");
-		for (i=0; i<8; i++)
-			printf("%02X ",c[z][i]);
-		err=20;
-		printf("\n");
-		}
+	    {
+	    printf("ecb cast error encrypting for keysize %d\n",k_len[z]*8);
+	    printf("got     :");
+	    for (i=0; i<8; i++)
+		printf("%02X ",out[i]);
+	    printf("\n");
+	    printf("expected:");
+	    for (i=0; i<8; i++)
+		printf("%02X ",c[z][i]);
+	    err=20;
+	    printf("\n");
+	    }
 
 	CAST_ecb_encrypt(out,out,&key,CAST_DECRYPT);
 	if (memcmp(out,in,8) != 0)
-		{
-		printf("ecb cast error decrypting\n");
-		printf("got     :");
-		for (i=0; i<8; i++)
-			printf("%02X ",out[i]);
-		printf("\n");
-		printf("expected:");
-		for (i=0; i<8; i++)
-			printf("%02X ",in[i]);
-		printf("\n");
-		err=3;
-		}
+	    {
+	    printf("ecb cast error decrypting for keysize %d\n",k_len[z]*8);
+	    printf("got     :");
+	    for (i=0; i<8; i++)
+		printf("%02X ",out[i]);
+	    printf("\n");
+	    printf("expected:");
+	    for (i=0; i<8; i++)
+		printf("%02X ",in[i]);
+	    printf("\n");
+	    err=3;
+	    }
 	}
-	if (err == 0) printf("ecb cast5 ok\n");
+    if (err == 0)
+	printf("ecb cast5 ok\n");
 
 #ifdef FULL_TEST
-	{
-	unsigned char out_a[16],out_b[16];
-	static char *hex="0123456789ABCDEF";
-
-	printf("This test will take some time....");
-	fflush(stdout);
-	memcpy(out_a,in_a,sizeof(in_a));
-	memcpy(out_b,in_b,sizeof(in_b));
-	i=1;
-
-	for (l=0; l<1000000L; l++)
-		{
-		CAST_set_key(&key_b,16,out_b);
-		CAST_ecb_encrypt(&(out_a[0]),&(out_a[0]),&key_b,CAST_ENCRYPT);
-		CAST_ecb_encrypt(&(out_a[8]),&(out_a[8]),&key_b,CAST_ENCRYPT);
-		CAST_set_key(&key,16,out_a);
-		CAST_ecb_encrypt(&(out_b[0]),&(out_b[0]),&key,CAST_ENCRYPT);
-		CAST_ecb_encrypt(&(out_b[8]),&(out_b[8]),&key,CAST_ENCRYPT);
-		if ((l & 0xffff) == 0xffff)
-			{
-			printf("%c",hex[i&0x0f]);
-			fflush(stdout);
-			i++;
-			}
-		}
-
-	if (	(memcmp(out_a,c_a,sizeof(c_a)) != 0) ||
+      {
+      unsigned char out_a[16],out_b[16];
+      static char *hex="0123456789ABCDEF";
+      
+      printf("This test will take some time....");
+      fflush(stdout);
+      memcpy(out_a,in_a,sizeof(in_a));
+      memcpy(out_b,in_b,sizeof(in_b));
+      i=1;
+
+      for (l=0; l<1000000L; l++)
+	  {
+	  CAST_set_key(&key_b,16,out_b);
+	  CAST_ecb_encrypt(&(out_a[0]),&(out_a[0]),&key_b,CAST_ENCRYPT);
+	  CAST_ecb_encrypt(&(out_a[8]),&(out_a[8]),&key_b,CAST_ENCRYPT);
+	  CAST_set_key(&key,16,out_a);
+	  CAST_ecb_encrypt(&(out_b[0]),&(out_b[0]),&key,CAST_ENCRYPT);
+	  CAST_ecb_encrypt(&(out_b[8]),&(out_b[8]),&key,CAST_ENCRYPT);
+	  if ((l & 0xffff) == 0xffff)
+	      {
+	      printf("%c",hex[i&0x0f]);
+	      fflush(stdout);
+	      i++;
+	      }
+	  }
+
+      if (	(memcmp(out_a,c_a,sizeof(c_a)) != 0) ||
 		(memcmp(out_b,c_b,sizeof(c_b)) != 0))
-		{
-		printf("\n");
-		printf("Error\n");
-
-		printf("A out =");
-		for (i=0; i<16; i++) printf("%02X ",out_a[i]);
-		printf("\nactual=");
-		for (i=0; i<16; i++) printf("%02X ",c_a[i]);
-		printf("\n");
-
-		printf("B out =");
-		for (i=0; i<16; i++) printf("%02X ",out_b[i]);
-		printf("\nactual=");
-		for (i=0; i<16; i++) printf("%02X ",c_b[i]);
-		printf("\n");
-		}
-	else
-		printf(" ok\n");
-	}
+	  {
+	  printf("\n");
+	  printf("Error\n");
+
+	  printf("A out =");
+	  for (i=0; i<16; i++) printf("%02X ",out_a[i]);
+	  printf("\nactual=");
+	  for (i=0; i<16; i++) printf("%02X ",c_a[i]);
+	  printf("\n");
+
+	  printf("B out =");
+	  for (i=0; i<16; i++) printf("%02X ",out_b[i]);
+	  printf("\nactual=");
+	  for (i=0; i<16; i++) printf("%02X ",c_b[i]);
+	  printf("\n");
+	  }
+      else
+	  printf(" ok\n");
+      }
 #endif
 
-	exit(err);
-	return(err);
-	}
-
+    exit(err);
+    return(err);
+    }
+#endif
diff --git a/lib/libssl/src/crypto/conf/Makefile.ssl b/lib/libssl/src/crypto/conf/Makefile.ssl
index 00e917aa447..64b763f0688 100644
--- a/lib/libssl/src/crypto/conf/Makefile.ssl
+++ b/lib/libssl/src/crypto/conf/Makefile.ssl
@@ -7,24 +7,24 @@ TOP=	../..
 CC=	cc
 INCLUDES= -I.. -I../../include
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
-ERR=conf
-ERRC=conf_err
 GENERAL=Makefile
 TEST=
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= conf.c $(ERRC).c
+LIBSRC= conf.c conf_err.c
 
-LIBOBJ=	conf.o $(ERRC).o
+LIBOBJ=	conf.o conf_err.o
 
 SRC= $(LIBSRC)
 
@@ -40,24 +40,23 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -69,17 +68,25 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
-	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+conf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+conf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+conf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+conf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+conf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+conf.o: ../cryptlib.h conf_lcl.h
+conf_err.o: ../../include/openssl/bio.h ../../include/openssl/conf.h
+conf_err.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
+conf_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslv.h
+conf_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
diff --git a/lib/libssl/src/crypto/conf/cnf_save.c b/lib/libssl/src/crypto/conf/cnf_save.c
index c9018de10ec..e907cc22427 100644
--- a/lib/libssl/src/crypto/conf/cnf_save.c
+++ b/lib/libssl/src/crypto/conf/cnf_save.c
@@ -57,7 +57,7 @@
  */
 
 #include <stdio.h>
-#include "conf.h"
+#include <openssl/conf.h>
 
 void print_conf(CONF_VALUE *cv);
 
@@ -66,7 +66,7 @@ main()
 	LHASH *conf;
 	long l;
 
-	conf=CONF_load(NULL,"../../apps/ssleay.cnf",&l);
+	conf=CONF_load(NULL,"../../apps/openssl.cnf",&l);
 	if (conf == NULL)
 		{
 		fprintf(stderr,"error loading config, line %ld\n",l);
@@ -77,8 +77,7 @@ main()
 	}
 
 
-void print_conf(cv)
-CONF_VALUE *cv;
+void print_conf(CONF_VALUE *cv)
 	{
 	int i;
 	CONF_VALUE *v;
diff --git a/lib/libssl/src/crypto/conf/conf.c b/lib/libssl/src/crypto/conf/conf.c
index 9e84300c5ef..7d8b89168a2 100644
--- a/lib/libssl/src/crypto/conf/conf.c
+++ b/lib/libssl/src/crypto/conf/conf.c
@@ -59,19 +59,18 @@
 #include <stdio.h>
 #include <errno.h>
 #include "cryptlib.h"
-#include "stack.h"
-#include "lhash.h"
-#include "conf.h"
-#include "buffer.h"
-#include "err.h"
+#include <openssl/stack.h>
+#include <openssl/lhash.h>
+#include <openssl/conf.h>
+#include <openssl/buffer.h>
+#include <openssl/err.h>
 
 #include "conf_lcl.h"
 
-#ifndef NOPROTO
 static void value_free_hash(CONF_VALUE *a, LHASH *conf);
 static void value_free_stack(CONF_VALUE *a,LHASH *conf);
 static unsigned long hash(CONF_VALUE *v);
-static int cmp(CONF_VALUE *a,CONF_VALUE *b);
+static int cmp_conf(CONF_VALUE *a,CONF_VALUE *b);
 static char *eat_ws(char *p);
 static char *eat_alpha_numeric(char *p);
 static void clear_comments(char *p);
@@ -79,71 +78,84 @@ static int str_copy(LHASH *conf,char *section,char **to, char *from);
 static char *scan_quote(char *p);
 static CONF_VALUE *new_section(LHASH *conf,char *section);
 static CONF_VALUE *get_section(LHASH *conf,char *section);
+#define scan_esc(p)	((((p)[1] == '\0')?(p++):(p+=2)),p)
+
+const char *CONF_version="CONF" OPENSSL_VERSION_PTEXT;
+
+
+LHASH *CONF_load(LHASH *h, const char *file, long *line)
+	{
+	LHASH *ltmp;
+	FILE *in=NULL;
+
+#ifdef VMS
+	in=fopen(file,"r");
 #else
-static void value_free_hash();
-static void value_free_stack();
-static unsigned long hash();
-static int cmp();
-static char *eat_ws();
-static char *eat_alpha_numeric();
-static void clear_comments();
-static int str_copy();
-static char *scan_quote();
-static CONF_VALUE *new_section();
-static CONF_VALUE *get_section();
+	in=fopen(file,"rb");
 #endif
+	if (in == NULL)
+		{
+		SYSerr(SYS_F_FOPEN,get_last_sys_error());
+		ERR_set_error_data(BUF_strdup(file),
+			ERR_TXT_MALLOCED|ERR_TXT_STRING);
+		CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB);
+		return NULL;
+		}
 
-#define scan_esc(p)	((*(++p) == '\0')?(p):(++p))
+	ltmp = CONF_load_fp(h, in, line);
+	fclose(in);
 
-char *CONF_version="CONF part of SSLeay 0.9.0b 29-Jun-1998";
+	return ltmp;
+}
+
+LHASH *CONF_load_fp(LHASH *h, FILE *in, long *line)
+{
+	BIO *btmp;
+	LHASH *ltmp;
+	if(!(btmp = BIO_new_fp(in, BIO_NOCLOSE))) {
+		CONFerr(CONF_F_CONF_LOAD_FP,ERR_R_BUF_LIB);
+		return NULL;
+	}
+	ltmp = CONF_load_bio(h, btmp, line);
+	BIO_free(btmp);
+	return ltmp;
+}
 
-LHASH *CONF_load(h,file,line)
-LHASH *h;
-char *file;
-long *line;
+LHASH *CONF_load_bio(LHASH *h, BIO *in, long *line)
 	{
 	LHASH *ret=NULL;
-	FILE *in=NULL;
 #define BUFSIZE	512
+	char btmp[16];
 	int bufnum=0,i,ii;
 	BUF_MEM *buff=NULL;
 	char *s,*p,*end;
-	int again,n,eline=0;
+	int again,n;
+	long eline=0;
 	CONF_VALUE *v=NULL,*vv,*tv;
 	CONF_VALUE *sv=NULL;
 	char *section=NULL,*buf;
-	STACK *section_sk=NULL,*ts;
+	STACK_OF(CONF_VALUE) *section_sk=NULL,*ts;
 	char *start,*psection,*pname;
 
 	if ((buff=BUF_MEM_new()) == NULL)
 		{
-		CONFerr(CONF_F_CONF_LOAD,ERR_R_BUF_LIB);
-		goto err;
-		}
-
-	in=fopen(file,"rb");
-	if (in == NULL)
-		{
-		SYSerr(SYS_F_FOPEN,get_last_sys_error());
-		ERR_set_error_data(BUF_strdup(file),
-			ERR_TXT_MALLOCED|ERR_TXT_STRING);
-		CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB);
+		CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB);
 		goto err;
 		}
 
 	section=(char *)Malloc(10);
 	if (section == NULL)
 		{
-		CONFerr(CONF_F_CONF_LOAD,ERR_R_MALLOC_FAILURE);
+		CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
 		goto err;
 		}
 	strcpy(section,"default");
 
 	if (h == NULL)
 		{
-		if ((ret=lh_new(hash,cmp)) == NULL)
+		if ((ret=lh_new(hash,cmp_conf)) == NULL)
 			{
-			CONFerr(CONF_F_CONF_LOAD,ERR_R_MALLOC_FAILURE);
+			CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
 			goto err;
 			}
 		}
@@ -153,10 +165,11 @@ long *line;
 	sv=new_section(ret,section);
 	if (sv == NULL)
 		{
-		CONFerr(CONF_F_CONF_LOAD,CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+		CONFerr(CONF_F_CONF_LOAD_BIO,
+					CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
 		goto err;
 		}
-	section_sk=(STACK *)sv->value;
+	section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
 
 	bufnum=0;
 	for (;;)
@@ -164,12 +177,12 @@ long *line;
 		again=0;
 		if (!BUF_MEM_grow(buff,bufnum+BUFSIZE))
 			{
-			CONFerr(CONF_F_CONF_LOAD,ERR_R_BUF_LIB);
+			CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB);
 			goto err;
 			}
 		p= &(buff->data[bufnum]);
 		*p='\0';
-		fgets(p,BUFSIZE-1,in);
+		BIO_gets(in, p, BUFSIZE-1);
 		p[BUFSIZE-1]='\0';
 		ii=i=strlen(p);
 		if (i == 0) break;
@@ -219,13 +232,23 @@ long *line;
 		if (IS_EOF(*s)) continue; /* blank line */
 		if (*s == '[')
 			{
+			char *ss;
+
 			s++;
 			start=eat_ws(s);
-			end=eat_alpha_numeric(start);
+			ss=start;
+again:
+			end=eat_alpha_numeric(ss);
 			p=eat_ws(end);
 			if (*p != ']')
 				{
-				CONFerr(CONF_F_CONF_LOAD,CONF_R_MISSING_CLOSE_SQUARE_BRACKET);
+				if (*p != '\0')
+					{
+					ss=p;
+					goto again;
+					}
+				CONFerr(CONF_F_CONF_LOAD_BIO,
+					CONF_R_MISSING_CLOSE_SQUARE_BRACKET);
 				goto err;
 				}
 			*end='\0';
@@ -234,10 +257,11 @@ long *line;
 				sv=new_section(ret,section);
 			if (sv == NULL)
 				{
-				CONFerr(CONF_F_CONF_LOAD,CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+				CONFerr(CONF_F_CONF_LOAD_BIO,
+					CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
 				goto err;
 				}
-			section_sk=(STACK *)sv->value;
+			section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
 			continue;
 			}
 		else
@@ -256,7 +280,8 @@ long *line;
 			p=eat_ws(end);
 			if (*p != '=')
 				{
-				CONFerr(CONF_F_CONF_LOAD,CONF_R_MISSING_EQUAL_SIGN);
+				CONFerr(CONF_F_CONF_LOAD_BIO,
+						CONF_R_MISSING_EQUAL_SIGN);
 				goto err;
 				}
 			*end='\0';
@@ -270,9 +295,10 @@ long *line;
 			p++;
 			*p='\0';
 
-			if ((v=(CONF_VALUE *)Malloc(sizeof(CONF_VALUE))) == NULL)
+			if (!(v=(CONF_VALUE *)Malloc(sizeof(CONF_VALUE))))
 				{
-				CONFerr(CONF_F_CONF_LOAD,ERR_R_MALLOC_FAILURE);
+				CONFerr(CONF_F_CONF_LOAD_BIO,
+							ERR_R_MALLOC_FAILURE);
 				goto err;
 				}
 			if (psection == NULL) psection=section;
@@ -280,7 +306,8 @@ long *line;
 			v->value=NULL;
 			if (v->name == NULL)
 				{
-				CONFerr(CONF_F_CONF_LOAD,ERR_R_MALLOC_FAILURE);
+				CONFerr(CONF_F_CONF_LOAD_BIO,
+							ERR_R_MALLOC_FAILURE);
 				goto err;
 				}
 			strcpy(v->name,pname);
@@ -293,10 +320,11 @@ long *line;
 					tv=new_section(ret,psection);
 				if (tv == NULL)
 					{
-					CONFerr(CONF_F_CONF_LOAD,CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+					CONFerr(CONF_F_CONF_LOAD_BIO,
+					   CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
 					goto err;
 					}
-				ts=(STACK *)tv->value;
+				ts=(STACK_OF(CONF_VALUE) *)tv->value;
 				}
 			else
 				{
@@ -304,15 +332,16 @@ long *line;
 				ts=section_sk;
 				}
 			v->section=tv->section;	
-			if (!sk_push(ts,(char *)v))
+			if (!sk_CONF_VALUE_push(ts,v))
 				{
-				CONFerr(CONF_F_CONF_LOAD,ERR_R_MALLOC_FAILURE);
+				CONFerr(CONF_F_CONF_LOAD_BIO,
+							ERR_R_MALLOC_FAILURE);
 				goto err;
 				}
 			vv=(CONF_VALUE *)lh_insert(ret,(char *)v);
 			if (vv != NULL)
 				{
-				sk_delete_ptr(ts,(char *)vv);
+				sk_CONF_VALUE_delete_ptr(ts,vv);
 				Free(vv->name);
 				Free(vv->value);
 				Free(vv);
@@ -322,13 +351,13 @@ long *line;
 		}
 	if (buff != NULL) BUF_MEM_free(buff);
 	if (section != NULL) Free(section);
-	if (in != NULL) fclose(in);
 	return(ret);
 err:
 	if (buff != NULL) BUF_MEM_free(buff);
 	if (section != NULL) Free(section);
 	if (line != NULL) *line=eline;
-	if (in != NULL) fclose(in);
+	sprintf(btmp,"%ld",eline);
+	ERR_add_error_data(2,"line ",btmp);
 	if ((h != ret) && (ret != NULL)) CONF_free(ret);
 	if (v != NULL)
 		{
@@ -338,11 +367,8 @@ err:
 		}
 	return(NULL);
 	}
-		
-char *CONF_get_string(conf,section,name)
-LHASH *conf;
-char *section;
-char *name;
+
+char *CONF_get_string(LHASH *conf, char *section, char *name)
 	{
 	CONF_VALUE *v,vv;
 	char *p;
@@ -374,9 +400,7 @@ char *name;
 		return(Getenv(name));
 	}
 
-static CONF_VALUE *get_section(conf,section)
-LHASH *conf;
-char *section;
+static CONF_VALUE *get_section(LHASH *conf, char *section)
 	{
 	CONF_VALUE *v,vv;
 
@@ -387,23 +411,18 @@ char *section;
 	return(v);
 	}
 
-STACK *CONF_get_section(conf,section)
-LHASH *conf;
-char *section;
+STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf, char *section)
 	{
 	CONF_VALUE *v;
 
 	v=get_section(conf,section);
 	if (v != NULL)
-		return((STACK *)v->value);
+		return((STACK_OF(CONF_VALUE) *)v->value);
 	else
 		return(NULL);
 	}
 
-long CONF_get_number(conf,section,name)
-LHASH *conf;
-char *section;
-char *name;
+long CONF_get_number(LHASH *conf, char *section, char *name)
 	{
 	char *str;
 	long ret=0;
@@ -420,8 +439,7 @@ char *name;
 		}
 	}
 
-void CONF_free(conf)
-LHASH *conf;
+void CONF_free(LHASH *conf)
 	{
 	if (conf == NULL) return;
 
@@ -436,9 +454,7 @@ LHASH *conf;
 	lh_free(conf);
 	}
 
-static void value_free_hash(a,conf)
-CONF_VALUE *a;
-LHASH *conf;
+static void value_free_hash(CONF_VALUE *a, LHASH *conf)
 	{
 	if (a->name != NULL)
 		{
@@ -446,9 +462,7 @@ LHASH *conf;
 		}
 	}
 
-static void value_free_stack(a,conf)
-CONF_VALUE *a;
-LHASH *conf;
+static void value_free_stack(CONF_VALUE *a, LHASH *conf)
 	{
 	CONF_VALUE *vv;
 	STACK *sk;
@@ -469,8 +483,7 @@ LHASH *conf;
 	Free(a);
 	}
 
-static void clear_comments(p)
-char *p;
+static void clear_comments(char *p)
 	{
 	char *to;
 
@@ -499,10 +512,7 @@ char *p;
 		}
 	}
 
-static int str_copy(conf,section,pto,from)
-LHASH *conf;
-char *section;
-char **pto,*from;
+static int str_copy(LHASH *conf, char *section, char **pto, char *from)
 	{
 	int q,r,rr=0,to=0,len=0;
 	char *s,*e,*rp,*p,*rrp,*np,*cp,v;
@@ -616,16 +626,14 @@ err:
 	return(0);
 	}
 
-static char *eat_ws(p)
-char *p;
+static char *eat_ws(char *p)
 	{
 	while (IS_WS(*p) && (!IS_EOF(*p)))
 		p++;
 	return(p);
 	}
 
-static char *eat_alpha_numeric(p)
-char *p;
+static char *eat_alpha_numeric(char *p)
 	{
 	for (;;)
 		{
@@ -640,14 +648,12 @@ char *p;
 		}
 	}
 
-static unsigned long hash(v)
-CONF_VALUE *v;
+static unsigned long hash(CONF_VALUE *v)
 	{
 	return((lh_strhash(v->section)<<2)^lh_strhash(v->name));
 	}
 
-static int cmp(a,b)
-CONF_VALUE *a,*b;
+static int cmp_conf(CONF_VALUE *a, CONF_VALUE *b)
 	{
 	int i;
 
@@ -668,8 +674,7 @@ CONF_VALUE *a,*b;
 		return((a->name == NULL)?-1:1);
 	}
 
-static char *scan_quote(p)
-char *p;
+static char *scan_quote(char *p)
 	{
 	int q= *p;
 
@@ -687,9 +692,7 @@ char *p;
 	return(p);
 	}
 
-static CONF_VALUE *new_section(conf,section)
-LHASH *conf;
-char *section;
+static CONF_VALUE *new_section(LHASH *conf, char *section)
 	{
 	STACK *sk=NULL;
 	int ok=0,i;
@@ -725,3 +728,5 @@ err:
 		}
 	return(v);
 	}
+
+IMPLEMENT_STACK_OF(CONF_VALUE)
diff --git a/lib/libssl/src/crypto/conf/conf.err b/lib/libssl/src/crypto/conf/conf.err
deleted file mode 100644
index 933d3d692aa..00000000000
--- a/lib/libssl/src/crypto/conf/conf.err
+++ /dev/null
@@ -1,12 +0,0 @@
-/* Error codes for the CONF functions. */
-
-/* Function codes. */
-#define CONF_F_CONF_LOAD				 100
-#define CONF_F_STR_COPY					 101
-
-/* Reason codes. */
-#define CONF_R_MISSING_CLOSE_SQUARE_BRACKET		 100
-#define CONF_R_MISSING_EQUAL_SIGN			 101
-#define CONF_R_NO_CLOSE_BRACE				 102
-#define CONF_R_UNABLE_TO_CREATE_NEW_SECTION		 103
-#define CONF_R_VARIABLE_HAS_NO_VALUE			 104
diff --git a/lib/libssl/src/crypto/conf/conf.h b/lib/libssl/src/crypto/conf/conf.h
index 1446226a160..e7c51500970 100644
--- a/lib/libssl/src/crypto/conf/conf.h
+++ b/lib/libssl/src/crypto/conf/conf.h
@@ -63,8 +63,10 @@
 extern "C" {
 #endif
 
-#include "stack.h"
-#include "lhash.h"
+#include <openssl/bio.h>
+#include <openssl/lhash.h>
+#include <openssl/stack.h>
+#include <openssl/safestack.h>
 
 typedef struct
 	{
@@ -73,31 +75,29 @@ typedef struct
 	char *value;
 	} CONF_VALUE;
 
-#ifndef NOPROTO
+DECLARE_STACK_OF(CONF_VALUE)
 
-LHASH *CONF_load(LHASH *conf,char *file,long *eline);
-STACK *CONF_get_section(LHASH *conf,char *section);
+LHASH *CONF_load(LHASH *conf,const char *file,long *eline);
+LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline);
+LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline);
+STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,char *section);
 char *CONF_get_string(LHASH *conf,char *group,char *name);
 long CONF_get_number(LHASH *conf,char *group,char *name);
 void CONF_free(LHASH *conf);
 void ERR_load_CONF_strings(void );
 
-#else
-
-LHASH *CONF_load();
-STACK *CONF_get_section();
-char *CONF_get_string();
-long CONF_get_number();
-void CONF_free();
-void ERR_load_CONF_strings();
-
-#endif
 
 /* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
 /* Error codes for the CONF functions. */
 
 /* Function codes. */
 #define CONF_F_CONF_LOAD				 100
+#define CONF_F_CONF_LOAD_BIO				 102
+#define CONF_F_CONF_LOAD_FP				 103
 #define CONF_F_STR_COPY					 101
 
 /* Reason codes. */
@@ -106,7 +106,7 @@ void ERR_load_CONF_strings();
 #define CONF_R_NO_CLOSE_BRACE				 102
 #define CONF_R_UNABLE_TO_CREATE_NEW_SECTION		 103
 #define CONF_R_VARIABLE_HAS_NO_VALUE			 104
- 
+
 #ifdef  __cplusplus
 }
 #endif
diff --git a/lib/libssl/src/crypto/conf/conf_err.c b/lib/libssl/src/crypto/conf/conf_err.c
index a8db8f266f4..eb4b3cfc708 100644
--- a/lib/libssl/src/crypto/conf/conf_err.c
+++ b/lib/libssl/src/crypto/conf/conf_err.c
@@ -1,71 +1,75 @@
-/* lib/conf/conf_err.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* crypto/conf/conf_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
+ */
+
 #include <stdio.h>
-#include "err.h"
-#include "conf.h"
+#include <openssl/err.h>
+#include <openssl/conf.h>
 
 /* BEGIN ERROR CODES */
 #ifndef NO_ERR
 static ERR_STRING_DATA CONF_str_functs[]=
 	{
 {ERR_PACK(0,CONF_F_CONF_LOAD,0),	"CONF_load"},
+{ERR_PACK(0,CONF_F_CONF_LOAD_BIO,0),	"CONF_load_bio"},
+{ERR_PACK(0,CONF_F_CONF_LOAD_FP,0),	"CONF_load_fp"},
 {ERR_PACK(0,CONF_F_STR_COPY,0),	"STR_COPY"},
-{0,NULL},
+{0,NULL}
 	};
 
 static ERR_STRING_DATA CONF_str_reasons[]=
@@ -75,17 +79,17 @@ static ERR_STRING_DATA CONF_str_reasons[]=
 {CONF_R_NO_CLOSE_BRACE                   ,"no close brace"},
 {CONF_R_UNABLE_TO_CREATE_NEW_SECTION     ,"unable to create new section"},
 {CONF_R_VARIABLE_HAS_NO_VALUE            ,"variable has no value"},
-{0,NULL},
+{0,NULL}
 	};
 
 #endif
 
-void ERR_load_CONF_strings()
+void ERR_load_CONF_strings(void)
 	{
 	static int init=1;
 
-	if (init);
-		{;
+	if (init)
+		{
 		init=0;
 #ifndef NO_ERR
 		ERR_load_strings(ERR_LIB_CONF,CONF_str_functs);
diff --git a/lib/libssl/src/crypto/conf/conf_lcl.h b/lib/libssl/src/crypto/conf/conf_lcl.h
index 4e5644ed795..f9a015df579 100644
--- a/lib/libssl/src/crypto/conf/conf_lcl.h
+++ b/lib/libssl/src/crypto/conf/conf_lcl.h
@@ -71,6 +71,7 @@
 #define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \
 					CONF_PUNCTUATION)
 
+#ifndef CHARSET_EBCDIC
 #define IS_COMMENT(a)		(CONF_COMMENT&(CONF_type[(a)&0x7f]))
 #define IS_EOF(a)		((a) == '\0')
 #define IS_ESC(a)		((a) == '\\')
@@ -81,6 +82,19 @@
 				(CONF_type[(a)&0x7f]&CONF_ALPHA_NUMERIC_PUNCT)
 #define IS_QUOTE(a)		(CONF_type[(a)&0x7f]&CONF_QUOTE)
 
+#else /*CHARSET_EBCDIC*/
+
+#define IS_COMMENT(a)		(CONF_COMMENT&(CONF_type[os_toascii[a]&0x7f]))
+#define IS_EOF(a)		(os_toascii[a] == '\0')
+#define IS_ESC(a)		(os_toascii[a] == '\\')
+#define IS_NUMER(a)		(CONF_type[os_toascii[a]&0x7f]&CONF_NUMBER)
+#define IS_WS(a)		(CONF_type[os_toascii[a]&0x7f]&CONF_WS)
+#define IS_ALPHA_NUMERIC(a)	(CONF_type[os_toascii[a]&0x7f]&CONF_ALPHA_NUMERIC)
+#define IS_ALPHA_NUMERIC_PUNCT(a) \
+				(CONF_type[os_toascii[a]&0x7f]&CONF_ALPHA_NUMERIC_PUNCT)
+#define IS_QUOTE(a)		(CONF_type[os_toascii[a]&0x7f]&CONF_QUOTE)
+#endif /*CHARSET_EBCDIC*/
+
 static unsigned short CONF_type[128]={
 	0x008,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
 	0x000,0x010,0x010,0x000,0x000,0x010,0x000,0x000,
diff --git a/lib/libssl/src/crypto/conf/keysets.pl b/lib/libssl/src/crypto/conf/keysets.pl
index e40fed0ca12..1aed0c80c4b 100644
--- a/lib/libssl/src/crypto/conf/keysets.pl
+++ b/lib/libssl/src/crypto/conf/keysets.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 
 $NUMBER=0x01;
 $UPPER=0x02;
diff --git a/lib/libssl/src/crypto/conf/test.c b/lib/libssl/src/crypto/conf/test.c
index 899ee2a067e..9390a48bafe 100644
--- a/lib/libssl/src/crypto/conf/test.c
+++ b/lib/libssl/src/crypto/conf/test.c
@@ -58,7 +58,8 @@
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "conf.h"
+#include <openssl/conf.h>
+#include <openssl/err.h>
 
 main()
 	{
@@ -66,7 +67,7 @@ main()
 	long eline;
 	char *s,*s2;
 
-	conf=CONF_load(NULL,"ssleay.conf",&eline);
+	conf=CONF_load(NULL,"openssl.conf",&eline);
 	if (conf == NULL)
 		{
 		ERR_load_crypto_strings();
diff --git a/lib/libssl/src/crypto/cpt_err.c b/lib/libssl/src/crypto/cpt_err.c
index ea3c135d39c..c2a2dd4af62 100644
--- a/lib/libssl/src/crypto/cpt_err.c
+++ b/lib/libssl/src/crypto/cpt_err.c
@@ -1,63 +1,65 @@
-/* lib/crypto/crypto_err.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* crypto/cpt_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
  */
+
 #include <stdio.h>
-#include "err.h"
-#include "crypto.h"
+#include <openssl/err.h>
+#include <openssl/crypto.h>
 
 /* BEGIN ERROR CODES */
 #ifndef NO_ERR
@@ -66,20 +68,26 @@ static ERR_STRING_DATA CRYPTO_str_functs[]=
 {ERR_PACK(0,CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX,0),	"CRYPTO_get_ex_new_index"},
 {ERR_PACK(0,CRYPTO_F_CRYPTO_GET_NEW_LOCKID,0),	"CRYPTO_get_new_lockid"},
 {ERR_PACK(0,CRYPTO_F_CRYPTO_SET_EX_DATA,0),	"CRYPTO_set_ex_data"},
-{0,NULL},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA CRYPTO_str_reasons[]=
+	{
+{0,NULL}
 	};
 
 #endif
 
-void ERR_load_CRYPTO_strings()
+void ERR_load_CRYPTO_strings(void)
 	{
 	static int init=1;
 
-	if (init);
-		{;
+	if (init)
+		{
 		init=0;
 #ifndef NO_ERR
 		ERR_load_strings(ERR_LIB_CRYPTO,CRYPTO_str_functs);
+		ERR_load_strings(ERR_LIB_CRYPTO,CRYPTO_str_reasons);
 #endif
 
 		}
diff --git a/lib/libssl/src/crypto/cryptlib.c b/lib/libssl/src/crypto/cryptlib.c
index 9a7e80b7f8b..356c476a993 100644
--- a/lib/libssl/src/crypto/cryptlib.c
+++ b/lib/libssl/src/crypto/cryptlib.c
@@ -59,15 +59,14 @@
 #include <stdio.h>
 #include <string.h>
 #include "cryptlib.h"
-#include "crypto.h"
-#include "date.h"
+#include <openssl/crypto.h>
 
 #if defined(WIN32) || defined(WIN16)
 static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */
 #endif
 
 /* real #defines in crypto.h, keep these upto date */
-static char* lock_names[CRYPTO_NUM_LOCKS] =
+static const char* lock_names[CRYPTO_NUM_LOCKS] =
 	{
 	"<<ERROR>>",
 	"err",
@@ -84,30 +83,28 @@ static char* lock_names[CRYPTO_NUM_LOCKS] =
 	"ssl_ctx",
 	"ssl_cert",
 	"ssl_session",
+	"ssl_sess_cert",
 	"ssl",
 	"rand",
 	"debug_malloc",
 	"BIO",
-	"bio_gethostbyname",
+	"gethostbyname",
+	"getservbyname",
+	"readdir",
 	"RSA_blinding",
+#if CRYPTO_NUM_LOCKS != 24
+# error "Inconsistency between crypto.h and cryptlib.c"
+#endif
 	};
 
 static STACK *app_locks=NULL;
 
-#ifndef NOPROTO
 static void (MS_FAR *locking_callback)(int mode,int type,
-	char *file,int line)=NULL;
+	const char *file,int line)=NULL;
 static int (MS_FAR *add_lock_callback)(int *pointer,int amount,
-	int type,char *file,int line)=NULL;
+	int type,const char *file,int line)=NULL;
 static unsigned long (MS_FAR *id_callback)(void)=NULL;
-#else
-static void (MS_FAR *locking_callback)()=NULL;
-static int (MS_FAR *add_lock_callback)()=NULL;
-static unsigned long (MS_FAR *id_callback)()=NULL;
-#endif
-
-int CRYPTO_get_new_lockid(name)
-char *name;
+int CRYPTO_get_new_lockid(char *name)
 	{
 	char *str;
 	int i;
@@ -120,10 +117,11 @@ char *name;
 	SSLeay_MSVC5_hack=(double)name[0]*(double)name[1];
 #endif
 
-	if (app_locks == NULL)
-		if ((app_locks=sk_new_null()) == NULL)
-			CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE);
-			return(0);
+	if ((app_locks == NULL) && ((app_locks=sk_new_null()) == NULL))
+		{
+		CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE);
+		return(0);
+		}
 	if ((str=BUF_strdup(name)) == NULL)
 		return(0);
 	i=sk_push(app_locks,str);
@@ -134,40 +132,46 @@ char *name;
 	return(i);
 	}
 
-void (*CRYPTO_get_locking_callback(P_V))(P_I_I_P_I)
+int CRYPTO_num_locks(void)
+	{
+	return CRYPTO_NUM_LOCKS;
+	}
+
+void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file,
+		int line)
 	{
 	return(locking_callback);
 	}
 
-int (*CRYPTO_get_add_lock_callback(P_V))(P_IP_I_I_P_I)
+int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type,
+					  const char *file,int line)
 	{
 	return(add_lock_callback);
 	}
 
-void CRYPTO_set_locking_callback(func)
-void (*func)(P_I_I_P_I);
+void CRYPTO_set_locking_callback(void (*func)(int mode,int type,
+					      const char *file,int line))
 	{
 	locking_callback=func;
 	}
 
-void CRYPTO_set_add_lock_callback(func)
-int (*func)(P_IP_I_I_P_I);
+void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type,
+					      const char *file,int line))
 	{
 	add_lock_callback=func;
 	}
 
-unsigned long (*CRYPTO_get_id_callback(P_V))(P_V)
+unsigned long (*CRYPTO_get_id_callback(void))(void)
 	{
 	return(id_callback);
 	}
 
-void CRYPTO_set_id_callback(func)
-unsigned long (*func)(P_V);
+void CRYPTO_set_id_callback(unsigned long (*func)(void))
 	{
 	id_callback=func;
 	}
 
-unsigned long CRYPTO_thread_id()
+unsigned long CRYPTO_thread_id(void)
 	{
 	unsigned long ret=0;
 
@@ -188,11 +192,7 @@ unsigned long CRYPTO_thread_id()
 	return(ret);
 	}
 
-void CRYPTO_lock(mode,type,file,line)
-int mode;
-int type;
-char *file;
-int line;
+void CRYPTO_lock(int mode, int type, const char *file, int line)
 	{
 #ifdef LOCK_DEBUG
 		{
@@ -221,12 +221,8 @@ int line;
 		locking_callback(mode,type,file,line);
 	}
 
-int CRYPTO_add_lock(pointer,amount,type,file,line)
-int *pointer;
-int amount;
-int type;
-char *file;
-int line;
+int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file,
+	     int line)
 	{
 	int ret;
 
@@ -264,8 +260,7 @@ int line;
 	return(ret);
 	}
 
-char *CRYPTO_get_lock_name(type)
-int type;
+const char *CRYPTO_get_lock_name(int type)
 	{
 	if (type < 0)
 		return("ERROR");
@@ -283,10 +278,8 @@ int type;
 /* All we really need to do is remove the 'error' state when a thread
  * detaches */
 
-BOOL WINAPI DLLEntryPoint(hinstDLL,fdwReason,lpvReserved)
-HINSTANCE hinstDLL;
-DWORD fdwReason;
-LPVOID lpvReserved;
+BOOL WINAPI DLLEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason,
+	     LPVOID lpvReserved)
 	{
 	switch(fdwReason)
 		{
diff --git a/lib/libssl/src/crypto/cryptlib.h b/lib/libssl/src/crypto/cryptlib.h
index 32757c9efb5..e3d38524ae9 100644
--- a/lib/libssl/src/crypto/cryptlib.h
+++ b/lib/libssl/src/crypto/cryptlib.h
@@ -66,29 +66,25 @@
 extern "C" {
 #endif
 
-/* #ifdef FLAT_INC */
+#include "openssl/e_os.h"
 
-#include "e_os.h"
-#include "crypto.h"
-#include "buffer.h" 
-#include "bio.h" 
-#include "err.h"
+#include <openssl/crypto.h>
+#include <openssl/buffer.h> 
+#include <openssl/bio.h> 
+#include <openssl/err.h>
+#include <openssl/opensslconf.h>
 
-/*
+#ifndef VMS
+#define X509_CERT_AREA		OPENSSLDIR
+#define X509_CERT_DIR		OPENSSLDIR "/certs"
+#define X509_CERT_FILE		OPENSSLDIR "/cert.pem"
+#define X509_PRIVATE_DIR	OPENSSLDIR "/private"
 #else
-
-#include "../e_os.h"
-#include "crypto.h"
-#include "buffer/buffer.h"
-#include "bio/bio.h"
-#include "err/err.h"
+#define X509_CERT_AREA		"SSLROOT:[000000]"
+#define X509_CERT_DIR		"SSLCERTS:"
+#define X509_CERT_FILE		"SSLCERTS:cert.pem"
+#define X509_PRIVATE_DIR        "SSLPRIVATE:"
 #endif
-*/
-
-#define X509_CERT_AREA		"/etc/ssl"
-#define X509_CERT_DIR		"/etc/ssl/certs"
-#define X509_CERT_FILE		"/etc/ssl/cert.pem"
-#define X509_PRIVATE_DIR	"/etc/ssl/private"
 
 #define X509_CERT_DIR_EVP        "SSL_CERT_DIR"
 #define X509_CERT_FILE_EVP       "SSL_CERT_FILE"
diff --git a/lib/libssl/src/crypto/crypto-lib.com b/lib/libssl/src/crypto/crypto-lib.com
new file mode 100644
index 00000000000..bf916528ebd
--- /dev/null
+++ b/lib/libssl/src/crypto/crypto-lib.com
@@ -0,0 +1,1218 @@
+$!
+$!  CRYPTO-LIB.COM
+$!  Written By:  Robert Byer
+$!               Vice-President
+$!               A-Com Computing, Inc.
+$!               byer@mail.all-net.net
+$!
+$!  Changes by Richard Levitte <richard@levitte.org>
+$!
+$!  This command files compiles and creates the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" 
+$!  library for OpenSSL.  The "xxx" denotes the machine architecture of AXP
+$!  or VAX.
+$!
+$!  It was re-written so it would try to determine what "C" compiler to use 
+$!  or you can specify which "C" compiler to use.
+$!
+$!  Specify RSAREF as P1 to compile with the RSAREF library instead of
+$!  the regular one.  If you specify NORSAREF it will compile with the
+$!  regular RSAREF routines.  (Note: If you are in the United States
+$!  you MUST compile with RSAREF unless you have a license from RSA).
+$!
+$!  Note: The RSAREF libraries are NOT INCLUDED and you have to
+$!        download it from "ftp://ftp.rsa.com/rsaref".  You have to
+$!        get the ".tar-Z" file as the ".zip" file dosen't have the
+$!        directory structure stored.  You have to extract the file
+$!        into the [.RSAREF] directory under the root directory as that
+$!        is where the scripts will look for the files.
+$!
+$!  Specify DEBUG or NODEBUG as P2 to compile with or without debugger
+$!  information.
+$!
+$!  Specify which compiler at P3 to try to compile under.
+$!
+$!	   VAXC	 For VAX C.
+$!	   DECC	 For DEC C.
+$!	   GNUC	 For GNU C.
+$!
+$!  If you don't speficy a compiler, it will try to determine which
+$!  "C" compiler to use.
+$!
+$!  P4, if defined, sets a TCP/IP library to use, through one of the following
+$!  keywords:
+$!
+$!	UCX		for UCX
+$!	SOCKETSHR	for SOCKETSHR+NETLIB
+$!
+$!  P5, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
+$!
+$!  P6, if defined, sets a choice of crypto methods to compile.
+$!  WARNING: this should only be done to recompile some part of an already
+$!  fully compiled library.
+$!
+$!
+$! Define A TCP/IP Library That We Will Need To Link To.
+$! (That Is, If We Need To Link To One.)
+$!
+$ TCPIP_LIB = ""
+$!
+$! Check Which Architecture We Are Using.
+$!
+$ IF (F$GETSYI("CPU").GE.128)
+$ THEN
+$!
+$!  The Architecture Is AXP
+$!
+$   ARCH := AXP
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  The Architecture Is VAX.
+$!
+$   ARCH := VAX
+$!
+$! End The Architecture Check.
+$!
+$ ENDIF
+$!
+$! Define The Different Encryption Types.
+$!
+$ ENCRYPT_TYPES = ",MD2,MD5,SHA,MDC2,HMAC,RIPEMD,"+ -
+		  "DES,RC2,RC4,RC5,IDEA,BF,CAST,"+ -
+		  "BN,RSA,DSA,DH,"+ -
+		  "BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,"+ -
+		  "EVP,EVP_2,ASN1,ASN1_2,PEM,X509,X509V3,"+ -
+		  "CONF,TXT_DB,PKCS7,PKCS12,COMP"
+$!
+$! Check To Make Sure We Have Valid Command Line Parameters.
+$!
+$ GOSUB CHECK_OPTIONS
+$!
+$! Initialise logical names and such
+$!
+$ GOSUB INITIALISE
+$!
+$! Tell The User What Kind of Machine We Run On.
+$!
+$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
+$!
+$! Define The OBJ Directory.
+$!
+$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.CRYPTO]
+$!
+$! Check To See If The Architecture Specific OBJ Directory Exists.
+$!
+$ IF (F$PARSE(OBJ_DIR).EQS."")
+$ THEN
+$!
+$!  It Dosen't Exist, So Create It.
+$!
+$   CREATE/DIR 'OBJ_DIR'
+$!
+$! End The Architecture Specific OBJ Directory Check.
+$!
+$ ENDIF
+$!
+$! Define The EXE Directory.
+$!
+$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]
+$!
+$! Check To See If The Architecture Specific Directory Exists.
+$!
+$ IF (F$PARSE(EXE_DIR).EQS."")
+$ THEN
+$!
+$!  It Dosen't Exist, So Create It.
+$!
+$   CREATE/DIRECTORY 'EXE_DIR'
+$!
+$! End The Architecture Specific Directory Check.
+$!
+$ ENDIF
+$!
+$! Define The Library Name.
+$!
+$ LIB_NAME := 'EXE_DIR'LIBCRYPTO.OLB
+$!
+$! Check To See If We Already Have A "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" Library...
+$!
+$ IF (F$SEARCH(LIB_NAME).EQS."")
+$ THEN
+$!
+$! Guess Not, Create The Library.
+$!
+$   LIBRARY/CREATE/OBJECT 'LIB_NAME'
+$!
+$! End The Library Check.
+$!
+$ ENDIF
+$!
+$! Define The Different Encryption "library" Strings.
+$!
+$ LIB_ = "cryptlib,mem,cversion,ex_data,tmdiff,cpt_err"
+$ LIB_MD2 = "md2_dgst,md2_one"
+$ LIB_MD5 = "md5_dgst,md5_one"
+$ LIB_SHA = "sha_dgst,sha1dgst,sha_one,sha1_one"
+$ LIB_MDC2 = "mdc2dgst,mdc2_one"
+$ LIB_HMAC = "hmac"
+$ LIB_RIPEMD = "rmd_dgst,rmd_one"
+$ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ -
+	"ecb3_enc,cfb64enc,cfb64ede,cfb_enc,ofb64ede,"+ -
+	"enc_read,enc_writ,ofb64enc,"+ -
+	"ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ -
+	"des_enc,fcrypt_b,read2pwd,"+ -
+	"fcrypt,xcbc_enc,read_pwd,rpc_enc,cbc_cksm,supp,ede_cbcm_enc"
+$ LIB_RC2 = "rc2_ecb,rc2_skey,rc2_cbc,rc2cfb64,rc2ofb64"
+$ LIB_RC4 = "rc4_skey,rc4_enc"
+$ LIB_RC5 = "rc5_skey,rc5_ecb,rc5_enc,rc5cfb64,rc5ofb64"
+$ LIB_IDEA = "i_cbc,i_cfb64,i_ofb64,i_ecb,i_skey"
+$ LIB_BF = "bf_skey,bf_ecb,bf_enc,bf_cfb64,bf_ofb64"
+$ LIB_CAST = "c_skey,c_ecb,c_enc,c_cfb64,c_ofb64"
+$ LIB_BN_ASM = "[.asm]vms.mar,vms-helper"
+$ IF F$TRNLNM("OPENSSL_NO_ASM") .NES. "" THEN LIB_BN_ASM = "bn_asm"
+$ LIB_BN = "bn_add,bn_div,bn_exp,bn_lib,bn_mul,"+ -
+	"bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ -
+	"bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+",bn_recp,bn_mont,"+ -
+	"bn_mpi,bn_exp2"
+$ LIB_RSA = "rsa_eay,rsa_gen,rsa_lib,rsa_sign,rsa_saos,rsa_err,"+ -
+	"rsa_pk1,rsa_ssl,rsa_none,rsa_oaep,rsa_chk"
+$ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,dsa_err"
+$ LIB_DH = "dh_gen,dh_key,dh_lib,dh_check,dh_err"
+$ LIB_BUFFER = "buffer,buf_err"
+$ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ -
+	"bss_mem,bss_null,bss_fd,"+ -
+	"bss_file,bss_sock,bss_conn,"+ -
+	"bf_null,bf_buff,b_print,b_dump,"+ -
+	"b_sock,bss_acpt,bf_nbio,bss_rtcp,bss_bio" ! + ",bss_log" for syslog
+$ LIB_STACK = "stack"
+$ LIB_LHASH = "lhash,lh_stats"
+$ LIB_RAND = "md_rand,randfile,rand_lib"
+$ LIB_ERR = "err,err_all,err_prn"
+$ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err"
+$ LIB_EVP = "encode,digest,evp_enc,evp_key,"+ -
+	"e_ecb_d,e_cbc_d,e_cfb_d,e_ofb_d,"+ -
+	"e_ecb_i,e_cbc_i,e_cfb_i,e_ofb_i,"+ -
+	"e_ecb_3d,e_cbc_3d,e_rc4,names,"+ -
+	"e_cfb_3d,e_ofb_3d,e_xcbc_d,"+ -
+	"e_ecb_r2,e_cbc_r2,e_cfb_r2,e_ofb_r2,"+ -
+	"e_ecb_bf,e_cbc_bf,e_cfb_bf,e_ofb_bf"
+$ LIB_EVP_2 = "e_ecb_c,e_cbc_c,e_cfb_c,e_ofb_c,"+ -
+	"e_ecb_r5,e_cbc_r5,e_cfb_r5,e_ofb_r5,"+ -
+	"m_null,m_md2,m_md5,m_sha,m_sha1,m_dss,m_dss1,m_mdc2,"+ -
+	"m_ripemd,"+ -
+	"p_open,p_seal,p_sign,p_verify,p_lib,p_enc,p_dec,"+ -
+	"bio_md,bio_b64,bio_enc,evp_err,e_null,"+ -
+	"c_all,evp_lib,bio_ok,evp_pkey,evp_pbe,p5_crpt,p5_crpt2"
+$ LIB_ASN1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ -
+	"a_print,a_type,a_set,a_dup,a_d2i_fp,a_i2d_fp,a_bmp,"+ -
+	"a_enum,a_vis,a_utf8,a_sign,a_digest,a_verify,"+ -
+	"x_algor,x_val,x_pubkey,x_sig,x_req,x_attrib,"+ -
+	"x_name,x_cinf,x_x509,x_crl,x_info,x_spki,nsseq,"+ -
+	"d2i_r_pr,i2d_r_pr,d2i_r_pu,i2d_r_pu,"+ -
+	"d2i_s_pr,i2d_s_pr,d2i_s_pu,i2d_s_pu,"+ -
+	"d2i_pu,d2i_pr,i2d_pu,i2d_pr"
+$ LIB_ASN1_2 = "t_req,t_x509,t_crl,t_pkey,"+ -
+	"p7_i_s,p7_signi,p7_signd,p7_recip,p7_enc_c,p7_evp,"+ -
+	"p7_dgst,p7_s_e,p7_enc,p7_lib,"+ -
+	"f_int,f_string,i2d_dhp,i2d_dsap,d2i_dhp,d2i_dsap,n_pkey,"+ -
+	"f_enum,a_hdr,x_pkey,a_bool,x_exten,"+ -
+	"asn1_par,asn1_lib,asn1_err,a_meth,a_bytes,"+ -
+	"evp_asn1,asn_pack,p5_pbe,p5_pbev2,p8_pkey"
+$ LIB_PEM = "pem_sign,pem_seal,pem_info,pem_lib,pem_all,pem_err"
+$ LIB_X509 = "x509_def,x509_d2,x509_r2x,x509_cmp,"+ -
+	"x509_obj,x509_req,x509_vfy,"+ -
+	"x509_set,x509rset,x509_err,"+ -
+	"x509name,x509_v3,x509_ext,"+ -
+	"x509type,x509_lu,x_all,x509_txt,"+ -
+	"by_file,by_dir"
+$ LIB_X509V3 = "v3_bcons,v3_bitst,v3_conf,v3_extku,v3_ia5,v3_lib,"+ -
+	"v3_prn,v3_utl,v3err,v3_genn,v3_alt,v3_skey,v3_akey,v3_pku,"+ -
+	"v3_int,v3_enum,v3_sxnet,v3_cpols,v3_crld"
+$ LIB_CONF = "conf,conf_err"
+$ LIB_TXT_DB = "txt_db"
+$ LIB_PKCS7 = "pk7_lib,pkcs7err,pk7_doit"
+$ LIB_PKCS12 = "p12_add,p12_attr,p12_bags,p12_crpt,p12_crt,p12_decr,"+ -
+	"p12_init,p12_key,p12_kiss,p12_lib,p12_mac,p12_mutl,"+ -
+	"p12_sbag,p12_utl,pk12err"
+$ LIB_COMP = "comp_lib,"+ -
+	"c_rle,c_zlib"
+$!
+$! Setup exceptional compilations
+$!
+$ COMPILEWITH_CC3 = ",bss_rtcp,"
+$ COMPILEWITH_CC4 = ",a_utctm,"
+$ COMPILEWITH_CC5 = ",md2_dgst,md5_dgst,mdc2dgst,sha_dgst,sha1dgst," + -
+                    "rmd_dgst,bf_enc,"
+$!
+$! Check To See If We Are Going To Use RSAREF.
+$!
+$ IF (RSAREF.EQS."TRUE" .AND. ENCRYPT_TYPES - "RSA".NES.ENCRYPT_TYPES)
+$ THEN
+$!
+$!  Check To See If The File [-.RSAREF]RSAREF.C Is Actually There.
+$!
+$   IF (F$SEARCH("SYS$DISK:[-.RSAREF]RSAREF.C").EQS."")
+$   THEN
+$!
+$!    Tell The User That The File Dosen't Exist.
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The File [-.RSAREF]RSAREF.C Dosen't Exist."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Exit The Build.
+$!
+$     GOTO EXIT
+$!
+$!  End The [-.RSAREF]RSAREF.C Check.
+$!
+$   ENDIF
+$!
+$!  Tell The User We Are Compiling The [-.RSAREF]RSAREF File.
+$!
+$   WRITE SYS$OUTPUT "Compiling The [-.RSAREF]RSAREF File."
+$!
+$!  Compile [-.RSAREF]RSAREF.C
+$!
+$   CC/OBJECT='OBJ_DIR'RSAREF.OBJ SYS$DISK:[-.RSAREF]RSAREF.C
+$!
+$!  Add It To The Library.
+$!
+$   LIBRARY/REPLACE 'LIB_NAME' 'OBJ_DIR'RSAREF.OBJ
+$!
+$!  Delete The Object File.
+$!
+$   DELETE 'OBJ_DIR'RSAREF.OBJ;*
+$!
+$!  Check To See If The File [-.RSAREF]RSAR_ERR.C Is Actually There.
+$!
+$   IF (F$SEARCH("SYS$DISK:[-.RSAREF]RSAR_ERR.C").EQS."")
+$   THEN
+$!
+$!    Tell The User That The File Dosen't Exist.
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The File [-.RSAREF]RSAR_ERR.C Dosen't Exist."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Exit The Build.
+$!
+$     GOTO EXIT
+$!
+$!  End The [-.RSAREF]RSAR_ERR.C File Check.
+$!
+$   ENDIF
+$!
+$!  Tell The User We Are Compiling The [-.RSAREF]RSAR_ERR File.
+$!
+$   WRITE SYS$OUTPUT "Compiling The [-.RSAREF]RSAR_ERR File."
+$!
+$!  Compile [-.RSAREF]RSAR_ERR.C
+$!
+$   CC/OBJECT='OBJ_DIR'RSAR_ERR.OBJ SYS$DISK:[-.RSAREF]RSAR_ERR.C
+$!
+$!  Add It To The Library.
+$!
+$   LIBRARY/REPLACE 'LIB_NAME' 'OBJ_DIR'RSAR_ERR.OBJ
+$!
+$!  Delete The Object File.
+$!
+$   DELETE 'OBJ_DIR'RSAR_ERR.OBJ;*
+$!
+$! End The RSAREF Check.
+$!
+$ ENDIF
+$!
+$! Figure Out What Other Modules We Are To Build.
+$!
+$ BUILD_SET:
+$!
+$! Define A Module Counter.
+$!
+$ MODULE_COUNTER = 0
+$!
+$! Top Of The Loop.
+$!
+$ MODULE_NEXT:
+$!
+$! Extract The Module Name From The Encryption List.
+$!
+$ MODULE_NAME = F$ELEMENT(MODULE_COUNTER,",",ENCRYPT_TYPES)
+$!
+$! Check To See If We Are At The End Of The Module List.
+$!
+$ IF (MODULE_NAME.EQS.",") 
+$ THEN 
+$!
+$!  We Are At The End Of The Module List, Go To MODULE_DONE.
+$!
+$   GOTO MODULE_DONE
+$!
+$! End The Module List Check.
+$!
+$ ENDIF
+$!
+$! Increment The Moudle Counter.
+$!
+$ MODULE_COUNTER = MODULE_COUNTER + 1
+$!
+$! Tell The User What Module We Are Building.
+$!
+$ IF (MODULE_NAME.NES."") 
+$ THEN
+$   WRITE SYS$OUTPUT "Compiling The ",MODULE_NAME," Files."
+$ ENDIF
+$!
+$!  Define A File Counter And Set It To "0".
+$!
+$ FILE_COUNTER = 0
+$!
+$! Create The Library Module Name.
+$!
+$ LIB_MODULE = "LIB_" + MODULE_NAME
+$ IF (MODULE_NAME.EQS."ASN1_2")
+$ THEN
+$   MODULE_NAME = "ASN1"
+$ ENDIF
+$ IF (MODULE_NAME.EQS."EVP_2")
+$ THEN
+$   MODULE_NAME = "EVP"
+$ ENDIF
+$!
+$! Check if the library module name actually is defined
+$!
+$ IF F$TYPE('LIB_MODULE') .EQS. ""
+$ THEN
+$   WRITE SYS$ERROR ""
+$   WRITE SYS$ERROR "The module ",MODULE_NAME," does not exist.  Continuing..."
+$   WRITE SYS$ERROR ""
+$   GOTO MODULE_NEXT
+$ ENDIF
+$!
+$! Top Of The File Loop.
+$!
+$ NEXT_FILE:
+$!
+$! O.K, Extract The File Name From The File List.
+$!
+$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",'LIB_MODULE')
+$!
+$! Check To See If We Are At The End Of The File List.
+$!
+$ IF (FILE_NAME.EQS.",") 
+$ THEN 
+$!
+$!  We Are At The End Of The File List, Goto FILE_DONE.
+$!
+$   GOTO FILE_DONE
+$!
+$! End The File List Check.
+$!
+$ ENDIF
+$!
+$! Increment The Counter.
+$!
+$ FILE_COUNTER = FILE_COUNTER + 1
+$!
+$! Create The Source File Name.
+$!
+$ TMP_FILE_NAME = F$ELEMENT(1,"]",FILE_NAME)
+$ IF TMP_FILE_NAME .EQS. "]" THEN TMP_FILE_NAME = FILE_NAME
+$ IF F$ELEMENT(0,".",TMP_FILE_NAME) .EQS. TMP_FILE_NAME THEN -
+	FILE_NAME = FILE_NAME + ".c"
+$ IF (MODULE_NAME.NES."")
+$ THEN
+$   SOURCE_FILE = "SYS$DISK:[." + MODULE_NAME+ "]" + FILE_NAME
+$ ELSE
+$   SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME
+$ ENDIF
+$ SOURCE_FILE = SOURCE_FILE - "]["
+$!
+$! Create The Object File Name.
+$!
+$ OBJECT_FILE = OBJ_DIR + F$PARSE(FILE_NAME,,,"NAME","SYNTAX_ONLY") + ".OBJ"
+$ ON WARNING THEN GOTO NEXT_FILE
+$!
+$! Check To See If The File We Want To Compile Is Actually There.
+$!
+$ IF (F$SEARCH(SOURCE_FILE).EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Dosen't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Dosen't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   GOTO EXIT
+$!
+$! End The File Exist Check.
+$!
+$ ENDIF
+$!
+$! Tell The User We Are Compiling The File.
+$!
+$ IF (MODULE_NAME.EQS."")
+$ THEN
+     WRITE SYS$OUTPUT "Compiling The ",FILE_NAME," File."
+$ ENDIF
+$ IF (MODULE_NAME.NES."")
+$ THEN 
+$   WRITE SYS$OUTPUT "	",FILE_NAME,""
+$ ENDIF
+$!
+$! Compile The File.
+$!
+$ ON ERROR THEN GOTO NEXT_FILE
+$ FILE_NAME0 = F$ELEMENT(0,".",FILE_NAME)
+$ IF FILE_NAME - ".mar" .NES. FILE_NAME
+$ THEN
+$   MACRO/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$ ELSE
+$   IF COMPILEWITH_CC3 - FILE_NAME0 .NES. COMPILEWITH_CC3
+$   THEN
+$     CC3/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$   ELSE
+$     IF COMPILEWITH_CC4 - FILE_NAME0 .NES. COMPILEWITH_CC4
+$     THEN
+$       CC4/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$     ELSE
+$       IF COMPILEWITH_CC5 - FILE_NAME0 .NES. COMPILEWITH_CC5
+$       THEN
+$         CC5/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$       ELSE
+$         CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$       ENDIF
+$     ENDIF
+$   ENDIF
+$ ENDIF
+$!
+$! Add It To The Library.
+$!
+$ LIBRARY/REPLACE 'LIB_NAME' 'OBJECT_FILE'
+$!
+$! Time To Clean Up The Object File.
+$!
+$ DELETE 'OBJECT_FILE';*
+$!
+$! Go Back And Do It Again.
+$!
+$ GOTO NEXT_FILE
+$!
+$! All Done With This Library Part.
+$!
+$ FILE_DONE:
+$!
+$! Go Back And Get The Next Module.
+$!
+$ GOTO MODULE_NEXT
+$!
+$! All Done With This Module.
+$!
+$ MODULE_DONE:
+$!
+$! Tell The User That We Are All Done.
+$!
+$ WRITE SYS$OUTPUT "All Done..."
+$ EXIT:
+$ GOSUB CLEANUP
+$ EXIT
+$!
+$! Check For The Link Option FIle.
+$!
+$ CHECK_OPT_FILE:
+$!
+$! Check To See If We Need To Make A VAX C Option File.
+$!
+$ IF (COMPILER.EQS."VAXC")
+$ THEN
+$!
+$!  Check To See If We Already Have A VAX C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    We Need A VAX C Linker Option File.
+$!
+$     CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable VAX C Runtime Library.
+!
+SYS$SHARE:VAXCRTL.EXE/SHARE
+$EOD
+$!
+$!  End The Option File Check.
+$!
+$   ENDIF
+$!
+$! End The VAXC Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A GNU C Option File.
+$!
+$ IF (COMPILER.EQS."GNUC")
+$ THEN
+$!
+$!  Check To See If We Already Have A GNU C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    We Need A GNU C Linker Option File.
+$!
+$     CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable C Runtime Library.
+!
+GNU_CC:[000000]GCCLIB/LIBRARY
+SYS$SHARE:VAXCRTL/SHARE
+$EOD
+$!
+$!  End The Option File Check.
+$!
+$   ENDIF
+$!
+$! End The GNU C Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A DEC C Option File.
+$!
+$ IF (COMPILER.EQS."DECC")
+$ THEN
+$!
+$!  Check To See If We Already Have A DEC C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    Figure Out If We Need An AXP Or A VAX Linker Option File.
+$!
+$     IF ARCH .EQS. "VAX"
+$     THEN
+$!
+$!      We Need A DEC C Linker Option File For VAX.
+$!
+$       CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable DEC C Runtime Library.
+!
+SYS$SHARE:DECC$SHR.EXE/SHARE
+$EOD
+$!
+$!    Else...
+$!
+$     ELSE
+$!
+$!      Create The AXP Linker Option File.
+$!
+$       CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File For AXP To Link Agianst 
+! The Sharable C Runtime Library.
+!
+SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
+SYS$SHARE:CMA$OPEN_RTL/SHARE
+$EOD
+$!
+$!    End The VAX/AXP DEC C Option File Check.
+$!
+$     ENDIF
+$!
+$!  End The Option File Search.
+$!
+$   ENDIF
+$!
+$! End The DEC C Check.
+$!
+$ ENDIF
+$!
+$!  Tell The User What Linker Option File We Are Using.
+$!
+$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"."	
+$!
+$! Time To RETURN.
+$!
+$ RETURN
+$!
+$! Check The User's Options.
+$!
+$ CHECK_OPTIONS:
+$!
+$! Check To See If P1 Is Blank.
+$!
+$ IF (P1.EQS."NORSAREF")
+$ THEN
+$!
+$!   P1 Is NORSAREF, So Compile With The Regular RSA Libraries.
+$!
+$    RSAREF = "FALSE"
+$ ELSE
+$!
+$!  Check To See If We Are To Use The RSAREF Library.
+$!
+$   IF (P1.EQS."RSAREF")
+$   THEN
+$!
+$!    Check To Make Sure We Have The RSAREF Source Code Directory.
+$!
+$     IF (F$SEARCH("SYS$DISK:[-.RSAREF]SOURCE.DIR").EQS."")
+$     THEN
+$!
+$!      We Don't Have The RSAREF Souce Code Directory, So Tell The
+$!      User This.
+$!
+$       WRITE SYS$OUTPUT ""
+$       WRITE SYS$OUTPUT "It appears that you don't have the RSAREF Souce Code."
+$       WRITE SYS$OUTPUT "You need to go to 'ftp://ftp.rsa.com/rsaref'.  You have to"
+$       WRITE SYS$OUTPUT "get the '.tar-Z' file as the '.zip' file dosen't have the"
+$       WRITE SYS$OUTPUT "directory structure stored.  You have to extract the file"
+$       WRITE SYS$OUTPUT "into the [.RSAREF] directory under the root directory"
+$       WRITE SYS$OUTPUT "as that is where the scripts will look for the files."
+$       WRITE SYS$OUTPUT ""
+$!
+$!      Time To Exit.
+$!
+$       EXIT
+$!
+$!    Else, Compile Using The RSAREF Library.
+$!
+$     ELSE
+$       RSAREF = "TRUE"
+$     ENDIF
+$   ELSE 
+$!
+$!    They Entered An Invalid Option..
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ",P1," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "     RSAREF   :  Compile With The RSAREF Library."
+$     WRITE SYS$OUTPUT "     NORSAREF :  Compile With The Regular RSA Library."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$!
+$!  End The Valid Arguement Check.
+$!
+$   ENDIF
+$!
+$! End The P1 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If P2 Is Blank.
+$!
+$ IF (P2.EQS."NODEBUG")
+$ THEN
+$!
+$!   P2 Is NODEBUG, So Compile Without The Debugger Information.
+$!
+$    DEBUGGER = "NODEBUG"
+$    TRACEBACK = "NOTRACEBACK" 
+$    GCC_OPTIMIZE = "OPTIMIZE"
+$    CC_OPTIMIZE = "OPTIMIZE"
+$    MACRO_OPTIMIZE = "OPTIMIZE"
+$    WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
+$    WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
+$ ELSE
+$!
+$!  Check To See If We Are To Compile With Debugger Information.
+$!
+$   IF (P2.EQS."DEBUG")
+$   THEN
+$!
+$!    Compile With Debugger Information.
+$!
+$     DEBUGGER = "DEBUG"
+$     TRACEBACK = "TRACEBACK"
+$     GCC_OPTIMIZE = "NOOPTIMIZE"
+$     CC_OPTIMIZE = "NOOPTIMIZE"
+$     MACRO_OPTIMIZE = "NOOPTIMIZE"
+$     WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
+$     WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
+$   ELSE 
+$!
+$!    They Entered An Invalid Option..
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ",P2," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "     DEBUG   :  Compile With The Debugger Information."
+$     WRITE SYS$OUTPUT "     NODEBUG :  Compile Without The Debugger Information."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$!
+$!  End The Valid Arguement Check.
+$!
+$   ENDIF
+$!
+$! End The P2 Check.
+$!
+$ ENDIF
+$!
+$! Special Threads For OpenVMS v7.1 Or Later
+$!
+$! Written By:  Richard Levitte
+$!              richard@levitte.org
+$!
+$!
+$! Check To See If We Have A Option For P5.
+$!
+$ IF (P5.EQS."")
+$ THEN
+$!
+$!  Get The Version Of VMS We Are Using.
+$!
+$   ISSEVEN :=
+$   TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION")))
+$   TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))
+$!
+$!  Check To See If The VMS Version Is v7.1 Or Later.
+$!
+$   IF (TMP.GE.71)
+$   THEN
+$!
+$!    We Have OpenVMS v7.1 Or Later, So Use The Special Threads.
+$!
+$     ISSEVEN := ,PTHREAD_USE_D4
+$!
+$!  End The VMS Version Check.
+$!
+$   ENDIF
+$!
+$! End The P5 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If P3 Is Blank.
+$!
+$ IF (P3.EQS."")
+$ THEN
+$!
+$!  O.K., The User Didn't Specify A Compiler, Let's Try To
+$!  Find Out Which One To Use.
+$!
+$!  Check To See If We Have GNU C.
+$!
+$   IF (F$TRNLNM("GNU_CC").NES."")
+$   THEN
+$!
+$!    Looks Like GNUC, Set To Use GNUC.
+$!
+$     P3 = "GNUC"
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Check To See If We Have VAXC Or DECC.
+$!
+$     IF (ARCH.EQS."AXP").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
+$     THEN 
+$!
+$!      Looks Like DECC, Set To Use DECC.
+$!
+$       P3 = "DECC"
+$!
+$!    Else...
+$!
+$     ELSE
+$!
+$!      Looks Like VAXC, Set To Use VAXC.
+$!
+$       P3 = "VAXC"
+$!
+$!    End The VAXC Compiler Check.
+$!
+$     ENDIF
+$!
+$!  End The DECC & VAXC Compiler Check.
+$!
+$   ENDIF
+$!
+$!  End The Compiler Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Have A Option For P4.
+$!
+$ IF (P4.EQS."")
+$ THEN
+$!
+$!  Find out what socket library we have available
+$!
+$   IF F$PARSE("SOCKETSHR:") .NES. ""
+$   THEN
+$!
+$!    We have SOCKETSHR, and it is my opinion that it's the best to use.
+$!
+$     P4 = "SOCKETSHR"
+$!
+$!    Tell the user
+$!
+$     WRITE SYS$OUTPUT "Using SOCKETSHR for TCP/IP"
+$!
+$!    Else, let's look for something else
+$!
+$   ELSE
+$!
+$!    Like UCX (the reason to do this before Multinet is that the UCX
+$!    emulation is easier to use...)
+$!
+$     IF F$TRNLNM("UCX$IPC_SHR") .NES. "" -
+	 .OR. F$PARSE("SYS$SHARE:UCX$IPC_SHR.EXE") .NES. "" -
+	 .OR. F$PARSE("SYS$LIBRARY:UCX$IPC.OLB") .NES. ""
+$     THEN
+$!
+$!	Last resort: a UCX or UCX-compatible library
+$!
+$	P4 = "UCX"
+$!
+$!      Tell the user
+$!
+$       WRITE SYS$OUTPUT "Using UCX or an emulation thereof for TCP/IP"
+$!
+$!	That was all...
+$!
+$     ENDIF
+$   ENDIF
+$ ENDIF
+$!
+$! Set Up Initial CC Definitions, Possibly With User Ones
+$!
+$ CCDEFS = "VMS=1,TCPIP_TYPE_''P4'"
+$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
+$ CCEXTRAFLAGS = ""
+$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
+$ CCDISABLEWARNINGS = ""
+$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
+	CCDISABLEWARNINGS = USER_CCDISABLEWARNINGS
+$!
+$!  Check To See If The User Entered A Valid Paramter.
+$!
+$ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC")
+$ THEN
+$!
+$!    Check To See If The User Wanted DECC.
+$!
+$   IF (P3.EQS."DECC")
+$   THEN
+$!
+$!    Looks Like DECC, Set To Use DECC.
+$!
+$     COMPILER = "DECC"
+$!
+$!    Tell The User We Are Using DECC.
+$!
+$     WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
+$!
+$!    Use DECC...
+$!
+$     CC = "CC"
+$     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
+	 THEN CC = "CC/DECC"
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
+           "/NOLIST/PREFIX=ALL/INCLUDE=SYS$DISK:[]" + CCEXTRAFLAGS
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT"
+$!
+$!  End DECC Check.
+$!
+$   ENDIF
+$!
+$!  Check To See If We Are To Use VAXC.
+$!
+$   IF (P3.EQS."VAXC")
+$   THEN
+$!
+$!    Looks Like VAXC, Set To Use VAXC.
+$!
+$     COMPILER = "VAXC"
+$!
+$!    Tell The User We Are Using VAX C.
+$!
+$     WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
+$!
+$!    Compile Using VAXC.
+$!
+$     CC = "CC"
+$     IF ARCH.EQS."AXP"
+$     THEN
+$	WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
+$	EXIT
+$     ENDIF
+$     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST/INCLUDE=SYS$DISK:[]" + -
+	   CCEXTRAFLAGS
+$     CCDEFS = """VAXC""," + CCDEFS
+$!
+$!    Define <sys> As SYS$COMMON:[SYSLIB]
+$!
+$     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT"
+$!
+$!  End VAXC Check
+$!
+$   ENDIF
+$!
+$!  Check To See If We Are To Use GNU C.
+$!
+$   IF (P3.EQS."GNUC")
+$   THEN
+$!
+$!    Looks Like GNUC, Set To Use GNUC.
+$!
+$     COMPILER = "GNUC"
+$!
+$!    Tell The User We Are Using GNUC.
+$!
+$     WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
+$!
+$!    Use GNU C...
+$!
+$     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
+	   "/INCLUDE=SYS$DISK:[]" + CCEXTRAFLAGS
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT"
+$!
+$!  End The GNU C Check.
+$!
+$   ENDIF
+$!
+$!  Set up default defines
+$!
+$   CCDEFS = """FLAT_INC=1""," + CCDEFS
+$!
+$!  Check To See If We Are To Compile With RSAREF Routines.
+$!
+$   IF (RSAREF.EQS."TRUE")
+$   THEN
+$!
+$!    Compile With RSAREF.
+$!
+$     CCDEFS = CCDEFS + ",""RSAref=1"""
+$!
+$!    Tell The User This.
+$!
+$     WRITE SYS$OUTPUT "Compiling With RSAREF Routines."
+$!
+$!    Else, We Don't Care.  Compile Without The RSAREF Library.
+$!
+$   ELSE
+$!
+$!    Tell The User We Are Compile Without The RSAREF Routines.
+$!
+$     WRITE SYS$OUTPUT "Compiling Without The RSAREF Routines.
+$!
+$!  End The RSAREF Check.
+$!
+$   ENDIF
+$!
+$!  Finish up the definition of CC.
+$!
+$   IF COMPILER .EQS. "DECC"
+$   THEN
+$     IF CCDISABLEWARNINGS .EQS. ""
+$     THEN
+$       CC4DISABLEWARNINGS = "DOLLARID"
+$     ELSE
+$       CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
+$       CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
+$     ENDIF
+$     CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
+$   ELSE
+$     CCDISABLEWARNINGS = ""
+$     CC4DISABLEWARNINGS = ""
+$   ENDIF
+$   CC3 = CC + "/DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS
+$   CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
+$   IF ARCH .EQS. "VAX" .AND. COMPILER .EQS. "DECC" .AND. P2 .NES. "DEBUG"
+$   THEN
+$     CC5 = CC + "/OPTIMIZE=NODISJOINT"
+$   ELSE
+$     CC5 = CC + "/NOOPTIMIZE"
+$   ENDIF
+$   CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS
+$!
+$!  Show user the result
+$!
+$   WRITE SYS$OUTPUT "Main C Compiling Command: ",CC
+$!
+$!  Else The User Entered An Invalid Arguement.
+$!
+$ ELSE
+$!
+$!  Tell The User We Don't Know What They Want.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The Option ",P3," Is Invalid.  The Valid Options Are:"
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "    VAXC  :  To Compile With VAX C."
+$   WRITE SYS$OUTPUT "    DECC  :  To Compile With DEC C."
+$   WRITE SYS$OUTPUT "    GNUC  :  To Compile With GNU C."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Time To EXIT.
+$!
+$   EXIT
+$!
+$! End The Valid Arguement Check.
+$!
+$ ENDIF
+$!
+$! Build a MACRO command for the architecture at hand
+$!
+$ IF ARCH .EQS. "VAX" THEN MACRO = "MACRO/''DEBUGGER'"
+$ IF ARCH .EQS. "AXP" THEN MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE'"
+$!
+$!  Show user the result
+$!
+$   WRITE SYS$OUTPUT "Main MACRO Compiling Command: ",MACRO
+$!
+$! Time to check the contents, and to make sure we get the correct library.
+$!
+$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX"
+$ THEN
+$!
+$!  Check to see if SOCKETSHR was chosen
+$!
+$   IF P4.EQS."SOCKETSHR"
+$   THEN
+$!
+$!    Set the library to use SOCKETSHR
+$!
+$     TCPIP_LIB = "[-.VMS]SOCKETSHR_SHR.OPT/OPT"
+$!
+$!    Done with SOCKETSHR
+$!
+$   ENDIF
+$!
+$!  Check to see if MULTINET was chosen
+$!
+$   IF P4.EQS."MULTINET"
+$   THEN
+$!
+$!    Set the library to use UCX emulation.
+$!
+$     P4 = "UCX"
+$!
+$!    Done with MULTINET
+$!
+$   ENDIF
+$!
+$!  Check to see if UCX was chosen
+$!
+$   IF P4.EQS."UCX"
+$   THEN
+$!
+$!    Set the library to use UCX.
+$!
+$     TCPIP_LIB = "[-.VMS]UCX_SHR_DECC.OPT/OPT"
+$     IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
+$     THEN
+$       TCPIP_LIB = "[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT"
+$     ELSE
+$       IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
+	  TCPIP_LIB = "[-.VMS]UCX_SHR_VAXC.OPT/OPT"
+$     ENDIF
+$!
+$!    Done with UCX
+$!
+$   ENDIF
+$!
+$!  Print info
+$!
+$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
+$!
+$!  Else The User Entered An Invalid Arguement.
+$!
+$ ELSE
+$!
+$!  Tell The User We Don't Know What They Want.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The Option ",P4," Is Invalid.  The Valid Options Are:"
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "    SOCKETSHR  :  To link with SOCKETSHR TCP/IP library."
+$   WRITE SYS$OUTPUT "    UCX        :  To link with UCX TCP/IP library."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Time To EXIT.
+$!
+$   EXIT
+$!
+$!  Done with TCP/IP libraries
+$!
+$ ENDIF
+$!
+$! Check if the user wanted to compile just a subset of all the encryption
+$! methods.
+$!
+$ IF P6 .NES. ""
+$ THEN
+$   ENCRYPT_TYPES = P6
+$ ENDIF
+$!
+$!  Time To RETURN...
+$!
+$ RETURN
+$!
+$ INITIALISE:
+$!
+$! Save old value of the logical name OPENSSL
+$!
+$ __SAVE_OPENSSL = F$TRNLNM("OPENSSL","LNM$PROCESS_TABLE")
+$!
+$! Save directory information
+$!
+$ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;"
+$ __TOP = __HERE - "CRYPTO]"
+$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
+$!
+$! Set up the logical name OPENSSL to point at the include directory
+$!
+$ DEFINE OPENSSL/NOLOG '__INCLUDE'
+$!
+$! Done
+$!
+$ RETURN
+$!
+$ CLEANUP:
+$!
+$! Restore the logical name OPENSSL if it had a value
+$!
+$ IF __SAVE_OPENSSL .EQS. ""
+$ THEN
+$   DEASSIGN OPENSSL
+$ ELSE
+$   DEFINE/NOLOG OPENSSL '__SAVE_OPENSSL'
+$ ENDIF
+$!
+$! Done
+$!
+$ RETURN
diff --git a/lib/libssl/src/crypto/crypto.c b/lib/libssl/src/crypto/crypto.c
deleted file mode 100644
index 366e25c939b..00000000000
--- a/lib/libssl/src/crypto/crypto.c
+++ /dev/null
@@ -1,575 +0,0 @@
-/* crypto/crypto.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* If you are happy to use the assmbler version of bn/bn_mulw.c, define
- * BN_ASM */
-#ifndef BN_ASM
-#undef BN_ASM
-#define X86_ASM
-#endif
-
-#ifndef DES_ASM
-#undef DES_ASM
-#endif
-
-#ifndef BF_ASM
-#undef BF_ASM
-#endif
-
-/* The following defines are only to break the compiles into chunks.
- * If you wish to not compile some sections, use the 'NO_XXX' macros
- */
-#ifndef CRYPTO_SUBSET
-/* Define all subset symbols. */
-#define CRYPTO_LIB_SUBSET
-#define CRYPTO_ASN1_SUBSET
-#define CRYPTO_BN_SUBSET
-#define CRYPTO_BUFFER_SUBSET
-#define CRYPTO_BIO_SUBSET
-#define CRYPTO_CONF_SUBSET
-#define CRYPTO_DES_SUBSET
-#define CRYPTO_DH_SUBSET
-#define CRYPTO_DSA_SUBSET
-#define CRYPTO_ERROR_SUBSET
-#define CRYPTO_EVP_SUBSET
-#define CRYPTO_IDEA_SUBSET
-#define CRYPTO_LHASH_SUBSET
-#define CRYPTO_MD_SUBSET
-#define CRYPTO_MDC2_SUBSET
-#define CRYPTO_METH_SUBSET
-#define CRYPTO_OBJECTS_SUBSET
-#define CRYPTO_PEM_SUBSET
-#define CRYPTO_RAND_SUBSET
-#define CRYPTO_RC_SUBSET
-#define CRYPTO_BLOWFISH_SUBSET
-#define CRYPTO_CAST_SUBSET
-#define CRYPTO_RSA_SUBSET
-#define CRYPTO_SHA_SUBSET
-#define CRYPTO_HMAC_SUBSET
-#define CRYPTO_SHA1_SUBSET
-#define CRYPTO_STACK_SUBSET
-#define CRYPTO_TXT_DB_SUBSET
-#define CRYPTO_X509_SUBSET
-#define CRYPTO_PKCS7_SUBSET
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#define USE_SOCKETS
-#include "../e_os.h"
-
-#include "buffer.h"
-#include "bio.h"
-#include "stack.h"
-#include "lhash.h"
-
-#include "err.h"
-
-#include "bn.h"
-#include "evp.h"
-
-#include "rand.h"
-#include "conf.h"
-#include "txt_db.h"
-
-#include "x509.h"
-#include "pkcs7.h"
-#include "pem.h"
-#include "asn1.h"
-#include "objects.h"
-
-#ifdef CRYPTO_LIB_SUBSET
-#include "cryptlib.c"
-#include "mem.c"
-#include "cversion.c"
-#endif
-
-#ifdef CRYPTO_ASN1_SUBSET
-#include "asn1/a_meth.c"
-#include "asn1/a_bitstr.c"
-#include "asn1/a_d2i_fp.c"
-#include "asn1/a_dup.c"
-#include "asn1/a_hdr.c"
-#include "asn1/a_i2d_fp.c"
-#include "asn1/a_int.c"
-#include "asn1/a_bool.c"
-#include "asn1/a_bytes.c"
-#include "asn1/a_object.c"
-#include "asn1/a_octet.c"
-#include "asn1/a_print.c"
-#include "asn1/a_set.c"
-#include "asn1/a_sign.c"
-#include "asn1/a_type.c"
-#include "asn1/a_utctm.c"
-#include "asn1/a_verify.c"
-#include "asn1/a_digest.c"
-#include "asn1/asn1_err.c"
-#include "asn1/asn1_lib.c"
-#include "asn1/asn1_par.c"
-#ifndef NO_DH
-#include "asn1/d2i_dhp.c"
-#include "asn1/i2d_dhp.c"
-#endif
-#ifndef NO_DSA
-#include "asn1/d2i_dsap.c"
-#include "asn1/i2d_dsap.c"
-#include "asn1/d2i_s_pr.c"
-#include "asn1/i2d_s_pr.c"
-#include "asn1/d2i_s_pu.c"
-#include "asn1/i2d_s_pu.c"
-#endif
-#ifndef NO_RSA
-#include "asn1/d2i_r_pr.c"
-#include "asn1/i2d_r_pr.c"
-#include "asn1/d2i_r_pu.c"
-#include "asn1/i2d_r_pu.c"
-#include "asn1/n_pkey.c"
-#endif
-#include "asn1/d2i_pr.c"
-#include "asn1/d2i_pu.c"
-#include "asn1/i2d_pr.c"
-#include "asn1/i2d_pu.c"
-#include "asn1/f_int.c"
-#include "asn1/f_string.c"
-#include "asn1/p7_dgst.c"
-#include "asn1/p7_enc.c"
-#include "asn1/p7_enc_c.c"
-#include "asn1/p7_evp.c"
-#include "asn1/p7_i_s.c"
-#include "asn1/p7_lib.c"
-#include "asn1/p7_recip.c"
-#include "asn1/p7_s_e.c"
-#include "asn1/p7_signd.c"
-#include "asn1/p7_signi.c"
-#include "asn1/t_pkey.c"
-#include "asn1/t_req.c"
-#include "asn1/t_x509.c"
-#include "asn1/x_algor.c"
-#include "asn1/x_attrib.c"
-#include "asn1/x_exten.c"
-#include "asn1/x_cinf.c"
-#include "asn1/x_crl.c"
-#include "asn1/x_info.c"
-#include "asn1/x_name.c"
-#include "asn1/x_pkey.c"
-#include "asn1/x_pubkey.c"
-#include "asn1/x_req.c"
-#include "asn1/x_sig.c"
-#include "asn1/x_spki.c"
-#include "asn1/x_val.c"
-#include "asn1/x_x509.c"
-#endif
-
-#ifdef CRYPTO_BN_SUBSET
-#include "bn/bn_add.c"
-#include "bn/bn_div.c"
-#include "bn/bn_exp.c"
-#include "bn/bn_mont.c"
-#include "bn/bn_recp.c"
-#include "bn/bn_gcd.c"
-#include "bn/bn_lib.c"
-#include "bn/bn_mod.c"
-#include "bn/bn_mul.c"
-#ifndef BN_ASM
-#include "bn/bn_mulw.c"
-#endif
-#include "bn/bn_prime.c"
-#include "bn/bn_rand.c"
-#include "bn/bn_shift.c"
-#include "bn/bn_sqr.c"
-#include "bn/bn_sub.c"
-#include "bn/bn_word.c"
-#include "bn/bn_print.c"
-#include "bn/bn_err.c"
-#include "bn/bn_blind.c"
-#endif
-
-#ifdef CRYPTO_BIO_SUBSET
-#include "bio/bf_buff.c"
-#include "bio/bf_null.c"
-#include "bio/bf_nbio.c"
-#include "bio/bio_cb.c"
-#include "bio/bio_lib.c"
-#include "bio/bss_fd.c"
-#include "bio/bss_file.c"
-#include "bio/bss_mem.c"
-#include "bio/bss_null.c"
-#ifdef VMS
-#include "bio/bss_rtcp.c"
-#endif
-#include "bio/bss_sock.c"
-#include "bio/bss_conn.c"
-#include "bio/bss_acpt.c"
-#include "bio/b_sock.c"
-#include "bio/b_print.c"
-#include "bio/b_dump.c"
-#include "bio/bio_err.c"
-#endif
-
-#ifdef CRYPTO_BUFFER_SUBSET
-#include "buffer/buf_err.c"
-#include "buffer/buffer.c"
-#endif
-
-#ifdef CRYPTO_CONF_SUBSET
-#include "conf/conf.c"
-#include "conf/conf_err.c"
-#endif
-
-#ifdef CRYPTO_DES_SUBSET
-#include "des/read_pwd.c"
-#ifndef NO_DES
-#ifndef DES_ASM
-#include "des/fcrypt_b.c"
-#include "des/des_enc.c"
-#endif
-#include "des/cbc_cksm.c"
-#include "des/xcbc_enc.c"
-#include "des/cbc_enc.c"
-#include "des/cfb64ede.c"
-#include "des/cfb64enc.c"
-#include "des/cfb_enc.c"
-#include "des/ecb3_enc.c"
-#include "des/ecb_enc.c"
-#include "des/enc_read.c"
-#include "des/enc_writ.c"
-#include "des/fcrypt.c"
-#include "des/ofb64ede.c"
-#include "des/ofb64enc.c"
-#include "des/ofb_enc.c"
-#include "des/pcbc_enc.c"
-#include "des/qud_cksm.c"
-#include "des/rand_key.c"
-#include "des/read2pwd.c"
-#include "des/rpc_enc.c"
-#include "des/set_key.c"
-#include "des/str2key.c"
-#include "des/supp.c"
-#endif
-#endif
-
-#ifdef CRYPTO_DH_SUBSET
-#ifndef NO_DH
-#include "dh/dh_check.c"
-#include "dh/dh_err.c"
-#include "dh/dh_gen.c"
-#include "dh/dh_key.c"
-#include "dh/dh_lib.c"
-#endif
-#endif
-
-#ifdef CRYPTO_DSA_SUBSET
-#ifndef NO_DSA
-#include "dsa/dsa_gen.c"
-#include "dsa/dsa_key.c"
-#include "dsa/dsa_lib.c"
-#include "dsa/dsa_sign.c"
-#include "dsa/dsa_vrf.c"
-#include "dsa/dsa_err.c"
-#endif
-#endif
-
-#ifdef CRYPTO_ERROR_SUBSET
-#include "err/err.c"
-#include "err/err_all.c"
-#include "err/err_prn.c"
-#endif
-
-#ifdef CRYPTO_EVP_SUBSET
-#include "evp/bio_md.c"
-#include "evp/bio_b64.c"
-#include "evp/bio_enc.c"
-#include "evp/c_all.c"
-#include "evp/digest.c"
-#ifndef NO_DES
-#include "evp/e_cbc_3d.c"
-#include "evp/e_cfb_3d.c"
-#include "evp/e_ecb_3d.c"
-#include "evp/e_ofb_3d.c"
-#include "evp/e_cbc_d.c"
-#include "evp/e_cfb_d.c"
-#include "evp/e_xcbc_d.c"
-#include "evp/e_ecb_d.c"
-#include "evp/e_ofb_d.c"
-#endif
-#ifndef NO_IDEA
-#include "evp/e_cbc_i.c"
-#include "evp/e_cfb_i.c"
-#include "evp/e_ecb_i.c"
-#include "evp/e_ofb_i.c"
-#endif
-#ifndef NO_RC2
-#include "evp/e_cbc_r2.c"
-#include "evp/e_cfb_r2.c"
-#include "evp/e_ecb_r2.c"
-#include "evp/e_ofb_r2.c"
-#endif
-#ifndef NO_BLOWFISH
-#include "evp/e_cbc_bf.c"
-#include "evp/e_cfb_bf.c"
-#include "evp/e_ecb_bf.c"
-#include "evp/e_ofb_bf.c"
-#endif
-#ifndef NO_CAST
-#include "evp/e_cbc_c.c"
-#include "evp/e_cfb_c.c"
-#include "evp/e_ecb_c.c"
-#include "evp/e_ofb_c.c"
-#endif
-#ifndef NO_RC4
-#include "evp/e_rc4.c"
-#endif
-#include "rc5/rc5_enc.c"
-#include "rc5/rc5cfb64.c"
-#include "rc5/rc5_ecb.c"
-#include "rc5/rc5_skey.c"
-#include "rc5/rc5ofb64.c"
-#include "ripemd/rmd160.c"
-#include "ripemd/rmd_dgst.c"
-#include "ripemd/rmd_one.c"
-#include "evp/evp_lib.c"
-
-#include "evp/names.c"
-#include "evp/e_null.c"
-#include "evp/encode.c"
-#include "evp/evp_enc.c"
-#include "evp/evp_err.c"
-#include "evp/evp_key.c"
-#include "evp/m_null.c"
-#include "evp/p_lib.c"
-#ifndef NO_RSA
-#include "evp/p_open.c"
-#include "evp/p_seal.c"
-#endif
-#include "evp/p_sign.c"
-#include "evp/p_verify.c"
-#endif
-
-#ifdef CRYPTO_IDEA_SUBSET
-#ifndef NO_IDEA
-#include "idea/i_cbc.c"
-#include "idea/i_cfb64.c"
-#include "idea/i_ecb.c"
-#include "idea/i_ofb64.c"
-#include "idea/i_skey.c"
-#endif
-#endif
-
-#ifdef CRYPTO_BLOWFISH_SUBSET
-#ifndef NO_BLOWFISH
-#include "bf/bf_cfb64.c"
-#include "bf/bf_ecb.c"
-#ifndef BF_ASM
-#include "bf/bf_enc.c"
-#endif
-#include "bf/bf_ofb64.c"
-#include "bf/bf_skey.c"
-#endif
-#endif
-
-#ifdef CRYPTO_CAST_SUBSET
-#ifndef NO_CAST
-#include "cast/c_cfb64.c"
-#include "cast/c_ecb.c"
-#ifndef CAST_ASM
-#include "cast/c_enc.c"
-#endif
-#include "cast/c_ofb64.c"
-#include "cast/c_skey.c"
-#endif
-#endif
-
-#ifdef CRYPTO_LHASH_SUBSET
-#include "lhash/lh_stats.c"
-#include "lhash/lhash.c"
-#endif
-
-#ifdef CRYPTO_MD_SUBSET
-#ifndef NO_MD2
-#include "md2/md2_dgst.c"
-#include "md2/md2_one.c"
-#include "evp/m_md2.c"
-#endif
-#ifndef NO_MD5
-#include "md5/md5_dgst.c"
-#include "md5/md5_one.c"
-#include "evp/m_md5.c"
-#endif
-#endif
-
-#ifdef CRYPTO_MDC2_SUBSET
-#ifndef NO_MDC2
-#include "mdc2/mdc2dgst.c"
-#include "mdc2/mdc2_one.c"
-#include "evp/m_mdc2.c"
-#endif
-#endif
-
-#ifdef CRYPTO_OBJECTS_SUBSET
-#include "objects/obj_dat.c"
-#include "objects/obj_err.c"
-#include "objects/obj_lib.c"
-#endif
-
-#ifdef CRYPTO_PEM_SUBSET
-#include "pem/pem_err.c"
-#include "pem/pem_info.c"
-#include "pem/pem_lib.c"
-#include "pem/pem_all.c"
-#ifndef NO_RSA
-#include "pem/pem_seal.c"
-#include "pem/pem_sign.c"
-#endif
-#endif
-
-#ifdef CRYPTO_RAND_SUBSET
-#include "rand/md_rand.c"
-#include "rand/randfile.c"
-#endif
-
-#ifdef CRYPTO_RC_SUBSET
-#ifndef NO_RC2
-#include "rc2/rc2_cbc.c"
-#include "rc2/rc2_ecb.c"
-#include "rc2/rc2_skey.c"
-#include "rc2/rc2cfb64.c"
-#include "rc2/rc2ofb64.c"
-#endif
-#ifndef NO_RC4
-#include "rc4/rc4_skey.c"
-#ifndef RC4_ASM
-#include "rc4/rc4_enc.c"
-#endif
-#endif
-#endif
-
-#ifdef CRYPTO_HMAC_SUBSET
-#include "hmac/hmac.c"
-#endif
-
-#ifdef CRYPTO_RSA_SUBSET
-#ifndef NO_RSA
-#include "rsa/rsa_eay.c"
-#include "rsa/rsa_err.c"
-#include "rsa/rsa_gen.c"
-#include "rsa/rsa_lib.c"
-#include "rsa/rsa_sign.c"
-#include "rsa/rsa_saos.c"
-#endif
-#endif
-
-#ifdef CRYPTO_SHA1_SUBSET
-#ifndef NO_SHA1
-#include "sha/sha1_one.c"
-#include "sha/sha1dgst.c"
-#include "evp/m_dss1.c"
-#include "evp/m_sha1.c"
-#endif
-#endif
-
-#ifdef CRYPTO_SHA_SUBSET
-#ifndef NO_SHA
-#include "evp/m_dss.c"
-#include "sha/sha_dgst.c"
-#include "sha/sha_one.c"
-#include "evp/m_sha.c"
-#endif
-#endif
-
-#ifdef CRYPTO_STACK_SUBSET
-#include "stack/stack.c"
-#endif
-
-#ifdef CRYPTO_TXT_DB_SUBSET
-#include "txt_db/txt_db.c"
-#endif
-
-#ifdef CRYPTO_X509_SUBSET
-#include "x509/x509_cmp.c"
-#include "x509/x509_d2.c"
-#include "x509/x509_def.c"
-#include "x509/x509_err.c"
-#include "x509/x509_ext.c"
-#include "x509/x509_lu.c"
-#include "x509/x509_obj.c"
-#include "x509/x509_r2x.c"
-#include "x509/x509_req.c"
-#include "x509/x509_set.c"
-#include "x509/x509_v3.c"
-#include "x509/x509_vfy.c"
-#include "x509/x509name.c"
-#include "x509/x509pack.c"
-#include "x509/x509rset.c"
-#include "x509/x509type.c"
-#include "x509/x_all.c"
-#include "x509/x509_txt.c"
-#include "x509/by_dir.c"
-#include "x509/by_file.c"
-#include "x509/v3_net.c"
-#include "x509/v3_x509.c"
-#endif
-
-
-#ifdef CRYPTO_PKCS7_SUBSET /* I have an explicit removal of 7 lines */
-#include "pkcs7/pk7_lib.c"
-#include "pkcs7/pkcs7err.c"
-#include "pkcs7/pk7_doit.c"
-#endif /* CRYPTO_PKCS7_SUBSET */
-
diff --git a/lib/libssl/src/crypto/crypto.err b/lib/libssl/src/crypto/crypto.err
deleted file mode 100644
index 4ea3385e73d..00000000000
--- a/lib/libssl/src/crypto/crypto.err
+++ /dev/null
@@ -1,8 +0,0 @@
-/* Error codes for the CRYPTO functions. */
-
-/* Function codes. */
-#define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX		 100
-#define CRYPTO_F_CRYPTO_GET_NEW_LOCKID			 101
-#define CRYPTO_F_CRYPTO_SET_EX_DATA			 102
-
-/* Reason codes. */
diff --git a/lib/libssl/src/crypto/crypto.h b/lib/libssl/src/crypto/crypto.h
index 0a38b5b87ca..8ad8c25e5a4 100644
--- a/lib/libssl/src/crypto/crypto.h
+++ b/lib/libssl/src/crypto/crypto.h
@@ -63,16 +63,26 @@
 extern "C" {
 #endif
 
-#include "stack.h"
+#ifndef NO_FP_API
+#include <stdio.h>
+#endif
 
+#include <openssl/stack.h>
+#include <openssl/opensslv.h>
+
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
+
+/* Backward compatibility to SSLeay */
 /* This is more to be used to check the correct DLL is being used
  * in the MS world. */
-#define SSLEAY_VERSION_NUMBER	0x0902	/* Version 0.5.1c would be 0513 */
-
+#define SSLEAY_VERSION_NUMBER	OPENSSL_VERSION_NUMBER
 #define SSLEAY_VERSION		0
 /* #define SSLEAY_OPTIONS	1 no longer supported */
 #define SSLEAY_CFLAGS		2
 #define SSLEAY_BUILT_ON		3
+#define SSLEAY_PLATFORM		4
 
 /* When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock
  * names in cryptlib.c
@@ -92,19 +102,23 @@ extern "C" {
 #define	CRYPTO_LOCK_SSL_CTX		12
 #define	CRYPTO_LOCK_SSL_CERT		13
 #define	CRYPTO_LOCK_SSL_SESSION		14
-#define	CRYPTO_LOCK_SSL			15
-#define	CRYPTO_LOCK_RAND		16
-#define	CRYPTO_LOCK_MALLOC		17
-#define	CRYPTO_LOCK_BIO			18
-#define	CRYPTO_LOCK_BIO_GETHOSTBYNAME	19
-#define CRYPTO_LOCK_RSA_BLINDING	20
-#define	CRYPTO_NUM_LOCKS		21
+#define	CRYPTO_LOCK_SSL_SESS_CERT	15
+#define	CRYPTO_LOCK_SSL			16
+#define	CRYPTO_LOCK_RAND		17
+#define	CRYPTO_LOCK_MALLOC		18
+#define	CRYPTO_LOCK_BIO			19
+#define	CRYPTO_LOCK_GETHOSTBYNAME	20
+#define	CRYPTO_LOCK_GETSERVBYNAME	21
+#define	CRYPTO_LOCK_READDIR		22
+#define	CRYPTO_LOCK_RSA_BLINDING	23
+#define	CRYPTO_NUM_LOCKS		24
 
 #define CRYPTO_LOCK		1
 #define CRYPTO_UNLOCK		2
 #define CRYPTO_READ		4
 #define CRYPTO_WRITE		8
 
+#ifndef NO_LOCKING
 #ifndef CRYPTO_w_lock
 #define CRYPTO_w_lock(type)	\
 	CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
@@ -116,14 +130,22 @@ extern "C" {
 	CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
 #define CRYPTO_add(addr,amount,type)	\
 	CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
-
+#endif
+#else
+#define CRYPTO_w_lock(a)
+#define	CRYPTO_w_unlock(a)
+#define CRYPTO_r_lock(a)
+#define CRYPTO_r_unlock(a)
+#define CRYPTO_add(a,b,c)	((*(a))+=(b))
 #endif
 
 /* The following can be used to detect memory leaks in the SSLeay library.
  * It used, it turns on malloc checking */
 
-#define CRYPTO_MEM_CHECK_OFF	0x0
-#define CRYPTO_MEM_CHECK_ON	0x1
+#define CRYPTO_MEM_CHECK_OFF	0x0	/* an enume */
+#define CRYPTO_MEM_CHECK_ON	0x1	/* a bit */
+#define CRYPTO_MEM_CHECK_ENABLE	0x2	/* a bit */
+#define CRYPTO_MEM_CHECK_DISABLE 0x3	/* an enume */
 
 /*
 typedef struct crypto_mem_st
@@ -178,37 +200,65 @@ typedef struct crypto_ex_data_func_st
 	(char *(*)())realloc,\
 	(void (*)())free)
 
+#ifdef CRYPTO_MDEBUG_ALL
+# ifndef CRYPTO_MDEBUG_TIME
+#  define CRYPTO_MDEBUG_TIME
+# endif
+# ifndef CRYPTO_MDEBUG_THREAD
+#  define CRYPTO_MDEBUG_THREAD
+# endif
+#endif
+
+#if defined CRYPTO_MDEBUG_TIME || defined CRYPTO_MDEBUG_THREAD
+# ifndef CRYPTO_MDEBUG /* avoid duplicate #define */
+#  define CRYPTO_MDEBUG
+# endif
+#endif
+
 #ifdef CRYPTO_MDEBUG
+#define MemCheck_start() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON)
+#define MemCheck_stop()	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF)
+#define MemCheck_on()	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE)
+#define MemCheck_off()	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
 #define Malloc(num)	CRYPTO_dbg_malloc((int)num,__FILE__,__LINE__)
 #define Realloc(addr,num) \
 	CRYPTO_dbg_realloc((char *)addr,(int)num,__FILE__,__LINE__)
 #define Remalloc(addr,num) \
 	CRYPTO_dbg_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
 #define FreeFunc	CRYPTO_dbg_free
-#define Free(addr)	CRYPTO_dbg_free((char *)(addr))
+#define Free(addr)	CRYPTO_dbg_free(addr)
+#define Malloc_locked(num) CRYPTO_malloc_locked((int)num)
+#define Free_locked(addr) CRYPTO_free_locked(addr)
 #else
+#define MemCheck_start()
+#define MemCheck_stop()
+#define MemCheck_on()
+#define MemCheck_off()
 #define Remalloc	CRYPTO_remalloc
 #if defined(WIN32) || defined(MFUNC)
 #define Malloc		CRYPTO_malloc
-#define Realloc(a,n)	CRYPTO_realloc((char *)(a),(n))
+#define Realloc(a,n)	CRYPTO_realloc(a,(n))
 #define FreeFunc	CRYPTO_free
-#define Free(addr)	CRYPTO_free((char *)(addr))
+#define Free(addr)	CRYPTO_free(addr)
+#define Malloc_locked	CRYPTO_malloc_locked
+#define Free_locked(addr) CRYPTO_free_locked(addr)
 #else
 #define Malloc		malloc
 #define Realloc		realloc
 #define FreeFunc	free
-#define Free(addr)	free((char *)(addr))
+#define Free(addr)	free(addr)
+#define Malloc_locked	malloc
+#define Free_locked(addr) free(addr)
 #endif /* WIN32 || MFUNC */
 #endif /* MDEBUG */
 
 /* Case insensiteve linking causes problems.... */
-#ifdef WIN16
+#if defined(WIN16) || defined(VMS)
 #define ERR_load_CRYPTO_strings	ERR_load_CRYPTOlib_strings
 #endif
 
-#ifndef NOPROTO
 
-char *SSLeay_version(int type);
+const char *SSLeay_version(int type);
 unsigned long SSLeay(void);
 
 int CRYPTO_get_ex_new_index(int idx,STACK **sk,long argl,char *argp,
@@ -221,33 +271,40 @@ void CRYPTO_new_ex_data(STACK *meth, char *obj, CRYPTO_EX_DATA *ad);
 
 int CRYPTO_mem_ctrl(int mode);
 int CRYPTO_get_new_lockid(char *name);
-void CRYPTO_lock(int mode, int type,char *file,int line);
-void CRYPTO_set_locking_callback(void (*func)(int mode,int type,char *file,
-		int line));
-void (*CRYPTO_get_locking_callback(void))(int mode,int type,char *file,
+
+int CRYPTO_num_locks(void); /* return CRYPTO_NUM_LOCKS (shared libs!) */
+void CRYPTO_lock(int mode, int type,const char *file,int line);
+void CRYPTO_set_locking_callback(void (*func)(int mode,int type,
+					      const char *file,int line));
+void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file,
 		int line);
-void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,
-		int type,char *file, int line));
-int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,
-		int type,char *file,int line);
+void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type,
+					      const char *file, int line));
+int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type,
+					  const char *file,int line);
 void CRYPTO_set_id_callback(unsigned long (*func)(void));
 unsigned long (*CRYPTO_get_id_callback(void))(void);
 unsigned long CRYPTO_thread_id(void);
-char *CRYPTO_get_lock_name(int type);
-int CRYPTO_add_lock(int *pointer,int amount,int type, char *file,int line);
+const char *CRYPTO_get_lock_name(int type);
+int CRYPTO_add_lock(int *pointer,int amount,int type, const char *file,
+		    int line);
 
 void CRYPTO_set_mem_functions(char *(*m)(),char *(*r)(), void (*free_func)());
 void CRYPTO_get_mem_functions(char *(**m)(),char *(**r)(), void (**f)());
-
-char *CRYPTO_malloc(int num);
-char *CRYPTO_realloc(char *addr,int num);
-void CRYPTO_free(char *);
-char *CRYPTO_remalloc(char *addr,int num);
-
-char *CRYPTO_dbg_malloc(int num,char *file,int line);
-char *CRYPTO_dbg_realloc(char *addr,int num,char *file,int line);
-void CRYPTO_dbg_free(char *);
-char *CRYPTO_dbg_remalloc(char *addr,int num,char *file,int line);
+void CRYPTO_set_locked_mem_functions(char *(*m)(), void (*free_func)());
+void CRYPTO_get_locked_mem_functions(char *(**m)(), void (**f)());
+
+void *CRYPTO_malloc_locked(int num);
+void CRYPTO_free_locked(void *);
+void *CRYPTO_malloc(int num);
+void CRYPTO_free(void *);
+void *CRYPTO_realloc(void *addr,int num);
+void *CRYPTO_remalloc(void *addr,int num);
+
+void *CRYPTO_dbg_malloc(int num,const char *file,int line);
+void *CRYPTO_dbg_realloc(void *addr,int num,const char *file,int line);
+void CRYPTO_dbg_free(void *);
+void *CRYPTO_dbg_remalloc(void *addr,int num,const char *file,int line);
 #ifndef NO_FP_API
 void CRYPTO_mem_leaks_fp(FILE *);
 #endif
@@ -257,52 +314,11 @@ void CRYPTO_mem_leaks_cb(void (*cb)());
 
 void ERR_load_CRYPTO_strings(void );
 
-#else 
-
-int CRYPTO_get_ex_new_index();
-int CRYPTO_set_ex_data();
-char *CRYPTO_get_ex_data();
-int CRYPTO_dup_ex_data();
-void CRYPTO_free_ex_data();
-void CRYPTO_new_ex_data();
-
-int CRYPTO_mem_ctrl();
-char *SSLeay_version();
-unsigned long SSLeay();
-
-int CRYPTO_get_new_lockid();
-void CRYPTO_lock();
-void CRYPTO_set_locking_callback();
-void (*CRYPTO_get_locking_callback())();
-void CRYPTO_set_add_lock_callback();
-int (*CRYPTO_get_add_lock_callback())();
-void CRYPTO_set_id_callback();
-unsigned long (*CRYPTO_get_id_callback())();
-unsigned long CRYPTO_thread_id();
-char *CRYPTO_get_lock_name();
-int CRYPTO_add_lock();
-
-void CRYPTO_set_mem_functions();
-void CRYPTO_get_mem_functions();
-char *CRYPTO_malloc();
-char *CRYPTO_realloc();
-void CRYPTO_free();
-char *CRYPTO_remalloc();
-char *CRYPTO_dbg_remalloc();
-char *CRYPTO_dbg_malloc();
-char *CRYPTO_dbg_realloc();
-void CRYPTO_dbg_free();
-#ifndef NO_FP_API
-void CRYPTO_mem_leaks_fp();
-#endif
-void CRYPTO_mem_leaks();
-void CRYPTO_mem_leaks_cb();
-
-void ERR_load_CRYPTO_strings();
-
-#endif
-
 /* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
 /* Error codes for the CRYPTO functions. */
 
 /* Function codes. */
@@ -311,7 +327,7 @@ void ERR_load_CRYPTO_strings();
 #define CRYPTO_F_CRYPTO_SET_EX_DATA			 102
 
 /* Reason codes. */
- 
+
 #ifdef  __cplusplus
 }
 #endif
diff --git a/lib/libssl/src/crypto/cversion.c b/lib/libssl/src/crypto/cversion.c
index 4e823be52f9..affdfca98f6 100644
--- a/lib/libssl/src/crypto/cversion.c
+++ b/lib/libssl/src/crypto/cversion.c
@@ -59,40 +59,53 @@
 #include <stdio.h>
 #include <string.h>
 #include "cryptlib.h"
-#include "crypto.h"
-#include "date.h"
+#include <openssl/crypto.h>
 
-char *SSLeay_version(t)
-int t;
+#ifndef NO_WINDOWS_BRAINDEATH
+#include "buildinf.h"
+#endif
+
+const char *SSLeay_version(int t)
 	{
 	if (t == SSLEAY_VERSION)
-		return("SSLeay 0.9.0b 29-Jun-1998");
+		return OPENSSL_VERSION_TEXT;
 	if (t == SSLEAY_BUILT_ON)
 		{
 #ifdef DATE
-		static char buf[sizeof(DATE)+10];
+		static char buf[sizeof(DATE)+11];
 
-		sprintf(buf,"built on %s",DATE);
-        	return(buf);
+		sprintf(buf,"built on: %s",DATE);
+		return(buf);
 #else
-		return("build date not available");
+		return("built on: date not available");
 #endif
 		}
 	if (t == SSLEAY_CFLAGS)
 		{
 #ifdef CFLAGS
-		static char buf[sizeof(CFLAGS)+10];
+		static char buf[sizeof(CFLAGS)+11];
+
+		sprintf(buf,"compiler: %s",CFLAGS);
+		return(buf);
+#else
+		return("compiler: information not available");
+#endif
+		}
+	if (t == SSLEAY_PLATFORM)
+		{
+#ifdef PLATFORM
+		static char buf[sizeof(PLATFORM)+11];
 
-		sprintf(buf,"C flags:%s",CFLAGS);
+		sprintf(buf,"platform: %s", PLATFORM);
 		return(buf);
 #else
-		return("C flags not available");
+		return("platform: information not available");
 #endif
 		}
 	return("not available");
 	}
 
-unsigned long SSLeay()
+unsigned long SSLeay(void)
 	{
 	return(SSLEAY_VERSION_NUMBER);
 	}
diff --git a/lib/libssl/src/crypto/date.h b/lib/libssl/src/crypto/date.h
deleted file mode 100644
index dbb71bd1b7b..00000000000
--- a/lib/libssl/src/crypto/date.h
+++ /dev/null
@@ -1 +0,0 @@
-#define DATE	"Sun Jul 12 21:04:32 MDT 1998"
diff --git a/lib/libssl/src/crypto/des/Makefile.ssl b/lib/libssl/src/crypto/des/Makefile.ssl
index 78b5189ee35..09fdd07305e 100644
--- a/lib/libssl/src/crypto/des/Makefile.ssl
+++ b/lib/libssl/src/crypto/des/Makefile.ssl
@@ -6,11 +6,13 @@ DIR=	des
 TOP=	../..
 CC=	cc
 CPP=	$(CC) -E
-INCLUDES=
+INCLUDES=-I../../include
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 DES_ENC=	des_enc.o fcrypt_b.o
@@ -19,7 +21,7 @@ DES_ENC=	des_enc.o fcrypt_b.o
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
-GENERAL=Makefile des.org des_locl.org
+GENERAL=Makefile
 TEST=destest.c
 APPS=
 
@@ -30,14 +32,15 @@ LIBSRC=	cbc_cksm.c cbc_enc.c  cfb64enc.c cfb_enc.c  \
 	qud_cksm.c rand_key.c read_pwd.c rpc_enc.c  set_key.c  \
 	des_enc.c fcrypt_b.c read2pwd.c \
 	fcrypt.c xcbc_enc.c \
-	str2key.c  cfb64ede.c ofb64ede.c supp.c
+	str2key.c  cfb64ede.c ofb64ede.c supp.c ede_cbcm_enc.c
 
 LIBOBJ= set_key.o  ecb_enc.o  cbc_enc.o \
 	ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o  ofb64ede.o \
 	enc_read.o enc_writ.o ofb64enc.o \
 	ofb_enc.o  str2key.o  pcbc_enc.o qud_cksm.o rand_key.o \
 	${DES_ENC} read2pwd.o \
-	fcrypt.o xcbc_enc.o read_pwd.o rpc_enc.o  cbc_cksm.o supp.o
+	fcrypt.o xcbc_enc.o read_pwd.o rpc_enc.o  cbc_cksm.o supp.o \
+	ede_cbcm_enc.o
 
 SRC= $(LIBSRC)
 
@@ -53,9 +56,12 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 	@touch lib
 
+des: des.o cbc3_enc.o lib
+	$(CC) $(CFLAGS) -o des des.o cbc3_enc.o $(LIB)
+
 # elf
 asm/dx86-elf.o: asm/dx86unix.cpp
 	$(CPP) -DELF asm/dx86unix.cpp | as -o asm/dx86-elf.o
@@ -83,38 +89,34 @@ asm/yx86-out.o: asm/yx86unix.cpp
 
 # bsdi
 asm/dx86bsdi.o: asm/dx86unix.cpp
-	$(CPP) -DBSDI asm/dx86unix.cpp | as -o asm/dx86bsdi.o
+	$(CPP) -DBSDI asm/dx86unix.cpp | sed 's/ :/:/' | as -o asm/dx86bsdi.o
 
 asm/yx86bsdi.o: asm/yx86unix.cpp
-	$(CPP) -DBSDI asm/yx86unix.cpp | as -o asm/yx86bsdi.o
+	$(CPP) -DBSDI asm/yx86unix.cpp | sed 's/ :/:/' | as -o asm/yx86bsdi.o
 
-asm/dx86unix.cpp:
-	(cd asm; perl des-586.pl cpp >dx86unix.cpp)
+asm/dx86unix.cpp: asm/des-586.pl
+	(cd asm; $(PERL) des-586.pl cpp >dx86unix.cpp)
 
-asm/yx86unix.cpp:
-	(cd asm; perl crypt586.pl cpp >yx86unix.cpp)
+asm/yx86unix.cpp: asm/crypt586.pl
+	(cd asm; $(PERL) crypt586.pl cpp >yx86unix.cpp)
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile
-	/bin/rm -f des.doc
-	/bin/rm -fr asm/perlasm
-	$(TOP)/util/point.sh ../../perlasm asm/perlasm
-	$(TOP)/util/point.sh ../../doc/des.doc des.doc
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(TOP)/util/point.sh ../../perlasm asm/perlasm
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install: installs
 
 installs:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -126,15 +128,81 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
+	rm -f asm/dx86unix.cpp asm/yx86unix.cpp *.o asm/*.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+cbc_cksm.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+cbc_cksm.o: ../../include/openssl/opensslconf.h des_locl.h
+cbc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+cbc_enc.o: ../../include/openssl/opensslconf.h des_locl.h ncbc_enc.c
+cfb64ede.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+cfb64ede.o: ../../include/openssl/opensslconf.h des_locl.h
+cfb64enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+cfb64enc.o: ../../include/openssl/opensslconf.h des_locl.h
+cfb_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+cfb_enc.o: ../../include/openssl/opensslconf.h des_locl.h
+des_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+des_enc.o: ../../include/openssl/opensslconf.h des_locl.h des_locl.h ncbc_enc.c
+ecb3_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+ecb3_enc.o: ../../include/openssl/opensslconf.h des_locl.h
+ecb_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+ecb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ecb_enc.o: des_locl.h spr.h
+ede_cbcm_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+ede_cbcm_enc.o: ../../include/openssl/opensslconf.h des_locl.h
+enc_read.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+enc_read.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+enc_read.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+enc_read.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+enc_read.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+enc_read.o: ../cryptlib.h des_locl.h
+enc_writ.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+enc_writ.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+enc_writ.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+enc_writ.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+enc_writ.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+enc_writ.o: ../../include/openssl/stack.h ../cryptlib.h des_locl.h
+fcrypt.o: ../../include/openssl/des.h ../../include/openssl/des.h
+fcrypt.o: ../../include/openssl/e_os2.h ../../include/openssl/e_os2.h
+fcrypt.o: ../../include/openssl/opensslconf.h
+fcrypt.o: ../../include/openssl/opensslconf.h des_locl.h des_locl.h
+fcrypt_b.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+fcrypt_b.o: ../../include/openssl/opensslconf.h des_locl.h
+ofb64ede.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+ofb64ede.o: ../../include/openssl/opensslconf.h des_locl.h
+ofb64enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+ofb64enc.o: ../../include/openssl/opensslconf.h des_locl.h
+ofb_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+ofb_enc.o: ../../include/openssl/opensslconf.h des_locl.h
+pcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+pcbc_enc.o: ../../include/openssl/opensslconf.h des_locl.h
+qud_cksm.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+qud_cksm.o: ../../include/openssl/opensslconf.h des_locl.h
+rand_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+rand_key.o: ../../include/openssl/opensslconf.h des_locl.h
+read2pwd.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+read2pwd.o: ../../include/openssl/opensslconf.h des_locl.h
+read_pwd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+read_pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+read_pwd.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+read_pwd.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+read_pwd.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+read_pwd.o: ../cryptlib.h des_locl.h
+rpc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+rpc_enc.o: ../../include/openssl/opensslconf.h des_locl.h des_ver.h rpc_des.h
+set_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+set_key.o: ../../include/openssl/opensslconf.h des_locl.h podd.h sk.h
+str2key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+str2key.o: ../../include/openssl/opensslconf.h des_locl.h
+supp.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+supp.o: ../../include/openssl/opensslconf.h des_locl.h
+xcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+xcbc_enc.o: ../../include/openssl/opensslconf.h des_locl.h
diff --git a/lib/libssl/src/crypto/des/Makefile.uni b/lib/libssl/src/crypto/des/Makefile.uni
index 8f1759748ad..ec19d75b81f 100644
--- a/lib/libssl/src/crypto/des/Makefile.uni
+++ b/lib/libssl/src/crypto/des/Makefile.uni
@@ -51,6 +51,7 @@ CFLAG= -O3 -fomit-frame-pointer
 CFLAGS=$(OPTS) $(CFLAG)
 CPP=$(CC) -E
 AS=as
+RANLIB=ranlib
 
 # Assember version of des_encrypt*().
 DES_ENC=des_enc.o fcrypt_b.o		# normal C version
@@ -169,9 +170,7 @@ test:	all
 $(DLIB): $(OBJ)
 	/bin/rm -f $(DLIB)
 	ar cr $(DLIB) $(OBJ)
-	-if test -s /bin/ranlib; then /bin/ranlib $(DLIB); \
-	else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(DLIB); \
-	else exit 0; fi; fi
+	$(RANLIB) $(DLIB)
 
 des_opts: des_opts.o $(DLIB)
 	$(CC) $(CFLAGS) -o des_opts des_opts.o $(DLIB)
@@ -231,25 +230,14 @@ install: des
 	if test $(INSTALLTOP); then \
 	    echo SSL style install; \
 	    cp $(DLIB) $(INSTALLTOP)/lib; \
-	    if test -s /bin/ranlib; then \
-	        /bin/ranlib $(INSTALLTOP)/lib/$(DLIB); \
-	    else \
-		if test -s /usr/bin/ranlib; then \
-		/usr/bin/ranlib $(INSTALLTOP)/lib/$(DLIB); \
-	    fi; fi; \
+		$(RANLIB) $(DLIB); \
 	    chmod 644 $(INSTALLTOP)/lib/$(DLIB); \
 	    cp des.h $(INSTALLTOP)/include; \
 	    chmod 644 $(INSTALLTOP)/include/des.h; \
 	else \
 	    echo Standalone install; \
 	    cp $(DLIB) $(LIBDIR)/$(DLIB); \
-	    if test -s /bin/ranlib; then \
-	      /bin/ranlib $(LIBDIR)/$(DLIB); \
-	    else \
-	      if test -s /usr/bin/ranlib; then \
-		/usr/bin/ranlib $(LIBDIR)/$(DLIB); \
-	      fi; \
-	    fi; \
+		$(RANLIB) $(DLIB); \
 	    chmod 644 $(LIBDIR)/$(DLIB); \
 	    cp des $(BINDIR)/des; \
 	    chmod 711 $(BINDIR)/des; \
diff --git a/lib/libssl/src/crypto/des/VERSION b/lib/libssl/src/crypto/des/VERSION
index f62d8bdac0e..c7d01542bc7 100644
--- a/lib/libssl/src/crypto/des/VERSION
+++ b/lib/libssl/src/crypto/des/VERSION
@@ -1,3 +1,4 @@
+	Fixed the weak key values which were wrong :-(
 	Defining SIGACTION causes sigaction() to be used instead of signal().
 	SIGUSR1/SIGUSR2 are no longer mapped in the read tty stuff because it
 	can cause problems.  This should hopefully not affect normal
diff --git a/lib/libssl/src/crypto/des/asm/crypt586.pl b/lib/libssl/src/crypto/des/asm/crypt586.pl
index 297e38dec83..197c413ea6f 100644
--- a/lib/libssl/src/crypto/des/asm/crypt586.pl
+++ b/lib/libssl/src/crypto/des/asm/crypt586.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 #
 # The inner loop instruction sequence and the IP/FP modifications are from
 # Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>
@@ -32,7 +32,7 @@ sub fcrypt_body
 	&xor(	$R,	$R);
 	&mov($ks,&wparam(1));
 
-	&push(25); # add a variable
+	&push(&DWC(25)); # add a variable
 
 	&set_label("start");
 	for ($i=0; $i<16; $i+=2)
diff --git a/lib/libssl/src/crypto/des/asm/des-586.pl b/lib/libssl/src/crypto/des/asm/des-586.pl
index 7f2e09fa7ac..f0540710778 100644
--- a/lib/libssl/src/crypto/des/asm/des-586.pl
+++ b/lib/libssl/src/crypto/des/asm/des-586.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 #
 # The inner loop instruction sequence and the IP/FP modifications are from
 # Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>
@@ -187,6 +187,8 @@ sub R_PERM_OP
 	&mov(	$tt,		$a		);
 	&xor(	$a,		$b		);
 	&and(	$a,		$mask		);
+	# This can never succeed, and besides it is difficult to see what the
+	# idea was - Ben 13 Feb 99
 	if (!$last eq $b)
 		{
 		&xor(	$b,		$a		);
diff --git a/lib/libssl/src/crypto/des/asm/des686.pl b/lib/libssl/src/crypto/des/asm/des686.pl
index cf1a82fb5cd..77dc5b51cdf 100644
--- a/lib/libssl/src/crypto/des/asm/des686.pl
+++ b/lib/libssl/src/crypto/des/asm/des686.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 
 $prog="des686.pl";
 
diff --git a/lib/libssl/src/crypto/des/asm/desboth.pl b/lib/libssl/src/crypto/des/asm/desboth.pl
index 8f939953a63..d5106414dbf 100644
--- a/lib/libssl/src/crypto/des/asm/desboth.pl
+++ b/lib/libssl/src/crypto/des/asm/desboth.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 
 $L="edi";
 $R="esi";
@@ -44,15 +44,15 @@ sub des_encrypt3
 		 &mov("edi",&wparam(2));
 		 &mov("eax",&wparam(3));
 		}
-	&mov(&swtmp(2),	(($enc)?"1":"0"));
+	&mov(&swtmp(2),	(DWC(($enc)?"1":"0")));
 	&mov(&swtmp(1),	"eax");
 	&mov(&swtmp(0),	"ebx");
 	&call("des_encrypt2");
-	&mov(&swtmp(2),	(($enc)?"0":"1"));
+	&mov(&swtmp(2),	(DWC(($enc)?"0":"1")));
 	&mov(&swtmp(1),	"edi");
 	&mov(&swtmp(0),	"ebx");
 	&call("des_encrypt2");
-	&mov(&swtmp(2),	(($enc)?"1":"0"));
+	&mov(&swtmp(2),	(DWC(($enc)?"1":"0")));
 	&mov(&swtmp(1),	"esi");
 	&mov(&swtmp(0),	"ebx");
 	&call("des_encrypt2");
diff --git a/lib/libssl/src/crypto/des/asm/dx86unix.cpp b/lib/libssl/src/crypto/des/asm/dx86unix.cpp
deleted file mode 100644
index 6fca9afa162..00000000000
--- a/lib/libssl/src/crypto/des/asm/dx86unix.cpp
+++ /dev/null
@@ -1,3202 +0,0 @@
-/* Run the C pre-processor over this file with one of the following defined
- * ELF - elf object files,
- * OUT - a.out object files,
- * BSDI - BSDI style a.out object files
- * SOL - Solaris style elf
- */
-
-#define TYPE(a,b)       .type   a,b
-#define SIZE(a,b)       .size   a,b
-
-#if defined(OUT) || defined(BSDI)
-#define des_SPtrans _des_SPtrans
-#define des_encrypt _des_encrypt
-#define des_encrypt2 _des_encrypt2
-#define des_encrypt3 _des_encrypt3
-#define des_decrypt3 _des_decrypt3
-#define des_ncbc_encrypt _des_ncbc_encrypt
-#define des_ede3_cbc_encrypt _des_ede3_cbc_encrypt
-
-#endif
-
-#ifdef OUT
-#define OK	1
-#define ALIGN	4
-#endif
-
-#ifdef BSDI
-#define OK              1
-#define ALIGN           4
-#undef SIZE
-#undef TYPE
-#define SIZE(a,b)
-#define TYPE(a,b)
-#endif
-
-#if defined(ELF) || defined(SOL)
-#define OK              1
-#define ALIGN           16
-#endif
-
-#ifndef OK
-You need to define one of
-ELF - elf systems - linux-elf, NetBSD and DG-UX
-OUT - a.out systems - linux-a.out and FreeBSD
-SOL - solaris systems, which are elf with strange comment lines
-BSDI - a.out with a very primative version of as.
-#endif
-
-/* Let the Assembler begin :-) */
-	/* Don't even think of reading this code */
-	/* It was automatically generated by des-586.pl */
-	/* Which is a perl program used to generate the x86 assember for */
-	/* any of elf, a.out, BSDI,Win32, or Solaris */
-	/* eric <eay@cryptsoft.com> */
-
-	.file	"des-586.s"
-	.version	"01.01"
-gcc2_compiled.:
-.text
-	.align ALIGN
-.globl des_encrypt
-	TYPE(des_encrypt,@function)
-des_encrypt:
-	pushl	%esi
-	pushl	%edi
-
-	/* Load the 2 words */
-	movl	12(%esp),	%esi
-	xorl	%ecx,		%ecx
-	pushl	%ebx
-	pushl	%ebp
-	movl	(%esi),		%eax
-	movl	28(%esp),	%ebx
-	movl	4(%esi),	%edi
-
-	/* IP */
-	roll	$4,		%eax
-	movl	%eax,		%esi
-	xorl	%edi,		%eax
-	andl	$0xf0f0f0f0,	%eax
-	xorl	%eax,		%esi
-	xorl	%eax,		%edi
-
-	roll	$20,		%edi
-	movl	%edi,		%eax
-	xorl	%esi,		%edi
-	andl	$0xfff0000f,	%edi
-	xorl	%edi,		%eax
-	xorl	%edi,		%esi
-
-	roll	$14,		%eax
-	movl	%eax,		%edi
-	xorl	%esi,		%eax
-	andl	$0x33333333,	%eax
-	xorl	%eax,		%edi
-	xorl	%eax,		%esi
-
-	roll	$22,		%esi
-	movl	%esi,		%eax
-	xorl	%edi,		%esi
-	andl	$0x03fc03fc,	%esi
-	xorl	%esi,		%eax
-	xorl	%esi,		%edi
-
-	roll	$9,		%eax
-	movl	%eax,		%esi
-	xorl	%edi,		%eax
-	andl	$0xaaaaaaaa,	%eax
-	xorl	%eax,		%esi
-	xorl	%eax,		%edi
-
-.byte 209
-.byte 199		/* roll $1 %edi */
-	movl	24(%esp),	%ebp
-	cmpl	$0,		%ebx
-	je	.L000start_decrypt
-
-	/* Round 0 */
-	movl	(%ebp),		%eax
-	xorl	%ebx,		%ebx
-	movl	4(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 1 */
-	movl	8(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	12(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 2 */
-	movl	16(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	20(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 3 */
-	movl	24(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	28(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 4 */
-	movl	32(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	36(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 5 */
-	movl	40(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	44(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 6 */
-	movl	48(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	52(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 7 */
-	movl	56(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	60(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 8 */
-	movl	64(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	68(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 9 */
-	movl	72(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	76(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 10 */
-	movl	80(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	84(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 11 */
-	movl	88(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	92(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 12 */
-	movl	96(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	100(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 13 */
-	movl	104(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	108(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 14 */
-	movl	112(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	116(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 15 */
-	movl	120(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	124(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-	jmp	.L001end
-.L000start_decrypt:
-
-	/* Round 15 */
-	movl	120(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	124(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 14 */
-	movl	112(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	116(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 13 */
-	movl	104(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	108(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 12 */
-	movl	96(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	100(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 11 */
-	movl	88(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	92(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 10 */
-	movl	80(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	84(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 9 */
-	movl	72(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	76(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 8 */
-	movl	64(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	68(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 7 */
-	movl	56(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	60(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 6 */
-	movl	48(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	52(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 5 */
-	movl	40(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	44(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 4 */
-	movl	32(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	36(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 3 */
-	movl	24(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	28(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 2 */
-	movl	16(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	20(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 1 */
-	movl	8(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	12(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 0 */
-	movl	(%ebp),		%eax
-	xorl	%ebx,		%ebx
-	movl	4(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-.L001end:
-
-	/* FP */
-	movl	20(%esp),	%edx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	movl	%edi,		%eax
-	xorl	%esi,		%edi
-	andl	$0xaaaaaaaa,	%edi
-	xorl	%edi,		%eax
-	xorl	%edi,		%esi
-
-	roll	$23,		%eax
-	movl	%eax,		%edi
-	xorl	%esi,		%eax
-	andl	$0x03fc03fc,	%eax
-	xorl	%eax,		%edi
-	xorl	%eax,		%esi
-
-	roll	$10,		%edi
-	movl	%edi,		%eax
-	xorl	%esi,		%edi
-	andl	$0x33333333,	%edi
-	xorl	%edi,		%eax
-	xorl	%edi,		%esi
-
-	roll	$18,		%esi
-	movl	%esi,		%edi
-	xorl	%eax,		%esi
-	andl	$0xfff0000f,	%esi
-	xorl	%esi,		%edi
-	xorl	%esi,		%eax
-
-	roll	$12,		%edi
-	movl	%edi,		%esi
-	xorl	%eax,		%edi
-	andl	$0xf0f0f0f0,	%edi
-	xorl	%edi,		%esi
-	xorl	%edi,		%eax
-
-	rorl	$4,		%eax
-	movl	%eax,		(%edx)
-	movl	%esi,		4(%edx)
-	popl	%ebp
-	popl	%ebx
-	popl	%edi
-	popl	%esi
-	ret
-.des_encrypt_end:
-	SIZE(des_encrypt,.des_encrypt_end-des_encrypt)
-.ident	"desasm.pl"
-.text
-	.align ALIGN
-.globl des_encrypt2
-	TYPE(des_encrypt2,@function)
-des_encrypt2:
-	pushl	%esi
-	pushl	%edi
-
-	/* Load the 2 words */
-	movl	12(%esp),	%eax
-	xorl	%ecx,		%ecx
-	pushl	%ebx
-	pushl	%ebp
-	movl	(%eax),		%esi
-	movl	28(%esp),	%ebx
-	roll	$3,		%esi
-	movl	4(%eax),	%edi
-	roll	$3,		%edi
-	movl	24(%esp),	%ebp
-	cmpl	$0,		%ebx
-	je	.L002start_decrypt
-
-	/* Round 0 */
-	movl	(%ebp),		%eax
-	xorl	%ebx,		%ebx
-	movl	4(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 1 */
-	movl	8(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	12(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 2 */
-	movl	16(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	20(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 3 */
-	movl	24(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	28(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 4 */
-	movl	32(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	36(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 5 */
-	movl	40(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	44(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 6 */
-	movl	48(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	52(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 7 */
-	movl	56(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	60(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 8 */
-	movl	64(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	68(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 9 */
-	movl	72(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	76(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 10 */
-	movl	80(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	84(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 11 */
-	movl	88(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	92(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 12 */
-	movl	96(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	100(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 13 */
-	movl	104(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	108(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 14 */
-	movl	112(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	116(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 15 */
-	movl	120(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	124(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-	jmp	.L003end
-.L002start_decrypt:
-
-	/* Round 15 */
-	movl	120(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	124(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 14 */
-	movl	112(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	116(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 13 */
-	movl	104(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	108(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 12 */
-	movl	96(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	100(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 11 */
-	movl	88(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	92(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 10 */
-	movl	80(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	84(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 9 */
-	movl	72(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	76(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 8 */
-	movl	64(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	68(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 7 */
-	movl	56(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	60(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 6 */
-	movl	48(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	52(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 5 */
-	movl	40(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	44(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 4 */
-	movl	32(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	36(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 3 */
-	movl	24(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	28(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 2 */
-	movl	16(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	20(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 1 */
-	movl	8(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	12(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 0 */
-	movl	(%ebp),		%eax
-	xorl	%ebx,		%ebx
-	movl	4(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-.L003end:
-
-	/* Fixup */
-	rorl	$3,		%edi
-	movl	20(%esp),	%eax
-	rorl	$3,		%esi
-	movl	%edi,		(%eax)
-	movl	%esi,		4(%eax)
-	popl	%ebp
-	popl	%ebx
-	popl	%edi
-	popl	%esi
-	ret
-.des_encrypt2_end:
-	SIZE(des_encrypt2,.des_encrypt2_end-des_encrypt2)
-.ident	"desasm.pl"
-.text
-	.align ALIGN
-.globl des_encrypt3
-	TYPE(des_encrypt3,@function)
-des_encrypt3:
-	pushl	%ebx
-	movl	8(%esp),	%ebx
-	pushl	%ebp
-	pushl	%esi
-	pushl	%edi
-
-	/* Load the data words */
-	movl	(%ebx),		%edi
-	movl	4(%ebx),	%esi
-	subl	$12,		%esp
-
-	/* IP */
-	roll	$4,		%edi
-	movl	%edi,		%edx
-	xorl	%esi,		%edi
-	andl	$0xf0f0f0f0,	%edi
-	xorl	%edi,		%edx
-	xorl	%edi,		%esi
-
-	roll	$20,		%esi
-	movl	%esi,		%edi
-	xorl	%edx,		%esi
-	andl	$0xfff0000f,	%esi
-	xorl	%esi,		%edi
-	xorl	%esi,		%edx
-
-	roll	$14,		%edi
-	movl	%edi,		%esi
-	xorl	%edx,		%edi
-	andl	$0x33333333,	%edi
-	xorl	%edi,		%esi
-	xorl	%edi,		%edx
-
-	roll	$22,		%edx
-	movl	%edx,		%edi
-	xorl	%esi,		%edx
-	andl	$0x03fc03fc,	%edx
-	xorl	%edx,		%edi
-	xorl	%edx,		%esi
-
-	roll	$9,		%edi
-	movl	%edi,		%edx
-	xorl	%esi,		%edi
-	andl	$0xaaaaaaaa,	%edi
-	xorl	%edi,		%edx
-	xorl	%edi,		%esi
-
-	rorl	$3,		%edx
-	rorl	$2,		%esi
-	movl	%esi,		4(%ebx)
-	movl	36(%esp),	%eax
-	movl	%edx,		(%ebx)
-	movl	40(%esp),	%edi
-	movl	44(%esp),	%esi
-	movl	$1,		8(%esp)
-	movl	%eax,		4(%esp)
-	movl	%ebx,		(%esp)
-	call	des_encrypt2
-	movl	$0,		8(%esp)
-	movl	%edi,		4(%esp)
-	movl	%ebx,		(%esp)
-	call	des_encrypt2
-	movl	$1,		8(%esp)
-	movl	%esi,		4(%esp)
-	movl	%ebx,		(%esp)
-	call	des_encrypt2
-	addl	$12,		%esp
-	movl	(%ebx),		%edi
-	movl	4(%ebx),	%esi
-
-	/* FP */
-	roll	$2,		%esi
-	roll	$3,		%edi
-	movl	%edi,		%eax
-	xorl	%esi,		%edi
-	andl	$0xaaaaaaaa,	%edi
-	xorl	%edi,		%eax
-	xorl	%edi,		%esi
-
-	roll	$23,		%eax
-	movl	%eax,		%edi
-	xorl	%esi,		%eax
-	andl	$0x03fc03fc,	%eax
-	xorl	%eax,		%edi
-	xorl	%eax,		%esi
-
-	roll	$10,		%edi
-	movl	%edi,		%eax
-	xorl	%esi,		%edi
-	andl	$0x33333333,	%edi
-	xorl	%edi,		%eax
-	xorl	%edi,		%esi
-
-	roll	$18,		%esi
-	movl	%esi,		%edi
-	xorl	%eax,		%esi
-	andl	$0xfff0000f,	%esi
-	xorl	%esi,		%edi
-	xorl	%esi,		%eax
-
-	roll	$12,		%edi
-	movl	%edi,		%esi
-	xorl	%eax,		%edi
-	andl	$0xf0f0f0f0,	%edi
-	xorl	%edi,		%esi
-	xorl	%edi,		%eax
-
-	rorl	$4,		%eax
-	movl	%eax,		(%ebx)
-	movl	%esi,		4(%ebx)
-	popl	%edi
-	popl	%esi
-	popl	%ebp
-	popl	%ebx
-	ret
-.des_encrypt3_end:
-	SIZE(des_encrypt3,.des_encrypt3_end-des_encrypt3)
-.ident	"desasm.pl"
-.text
-	.align ALIGN
-.globl des_decrypt3
-	TYPE(des_decrypt3,@function)
-des_decrypt3:
-	pushl	%ebx
-	movl	8(%esp),	%ebx
-	pushl	%ebp
-	pushl	%esi
-	pushl	%edi
-
-	/* Load the data words */
-	movl	(%ebx),		%edi
-	movl	4(%ebx),	%esi
-	subl	$12,		%esp
-
-	/* IP */
-	roll	$4,		%edi
-	movl	%edi,		%edx
-	xorl	%esi,		%edi
-	andl	$0xf0f0f0f0,	%edi
-	xorl	%edi,		%edx
-	xorl	%edi,		%esi
-
-	roll	$20,		%esi
-	movl	%esi,		%edi
-	xorl	%edx,		%esi
-	andl	$0xfff0000f,	%esi
-	xorl	%esi,		%edi
-	xorl	%esi,		%edx
-
-	roll	$14,		%edi
-	movl	%edi,		%esi
-	xorl	%edx,		%edi
-	andl	$0x33333333,	%edi
-	xorl	%edi,		%esi
-	xorl	%edi,		%edx
-
-	roll	$22,		%edx
-	movl	%edx,		%edi
-	xorl	%esi,		%edx
-	andl	$0x03fc03fc,	%edx
-	xorl	%edx,		%edi
-	xorl	%edx,		%esi
-
-	roll	$9,		%edi
-	movl	%edi,		%edx
-	xorl	%esi,		%edi
-	andl	$0xaaaaaaaa,	%edi
-	xorl	%edi,		%edx
-	xorl	%edi,		%esi
-
-	rorl	$3,		%edx
-	rorl	$2,		%esi
-	movl	%esi,		4(%ebx)
-	movl	36(%esp),	%esi
-	movl	%edx,		(%ebx)
-	movl	40(%esp),	%edi
-	movl	44(%esp),	%eax
-	movl	$0,		8(%esp)
-	movl	%eax,		4(%esp)
-	movl	%ebx,		(%esp)
-	call	des_encrypt2
-	movl	$1,		8(%esp)
-	movl	%edi,		4(%esp)
-	movl	%ebx,		(%esp)
-	call	des_encrypt2
-	movl	$0,		8(%esp)
-	movl	%esi,		4(%esp)
-	movl	%ebx,		(%esp)
-	call	des_encrypt2
-	addl	$12,		%esp
-	movl	(%ebx),		%edi
-	movl	4(%ebx),	%esi
-
-	/* FP */
-	roll	$2,		%esi
-	roll	$3,		%edi
-	movl	%edi,		%eax
-	xorl	%esi,		%edi
-	andl	$0xaaaaaaaa,	%edi
-	xorl	%edi,		%eax
-	xorl	%edi,		%esi
-
-	roll	$23,		%eax
-	movl	%eax,		%edi
-	xorl	%esi,		%eax
-	andl	$0x03fc03fc,	%eax
-	xorl	%eax,		%edi
-	xorl	%eax,		%esi
-
-	roll	$10,		%edi
-	movl	%edi,		%eax
-	xorl	%esi,		%edi
-	andl	$0x33333333,	%edi
-	xorl	%edi,		%eax
-	xorl	%edi,		%esi
-
-	roll	$18,		%esi
-	movl	%esi,		%edi
-	xorl	%eax,		%esi
-	andl	$0xfff0000f,	%esi
-	xorl	%esi,		%edi
-	xorl	%esi,		%eax
-
-	roll	$12,		%edi
-	movl	%edi,		%esi
-	xorl	%eax,		%edi
-	andl	$0xf0f0f0f0,	%edi
-	xorl	%edi,		%esi
-	xorl	%edi,		%eax
-
-	rorl	$4,		%eax
-	movl	%eax,		(%ebx)
-	movl	%esi,		4(%ebx)
-	popl	%edi
-	popl	%esi
-	popl	%ebp
-	popl	%ebx
-	ret
-.des_decrypt3_end:
-	SIZE(des_decrypt3,.des_decrypt3_end-des_decrypt3)
-.ident	"desasm.pl"
-.text
-	.align ALIGN
-.globl des_ncbc_encrypt
-	TYPE(des_ncbc_encrypt,@function)
-des_ncbc_encrypt:
-
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	movl	28(%esp),	%ebp
-	/* getting iv ptr from parameter 4 */
-	movl	36(%esp),	%ebx
-	movl	(%ebx),		%esi
-	movl	4(%ebx),	%edi
-	pushl	%edi
-	pushl	%esi
-	pushl	%edi
-	pushl	%esi
-	movl	%esp,		%ebx
-	movl	36(%esp),	%esi
-	movl	40(%esp),	%edi
-	/* getting encrypt flag from parameter 5 */
-	movl	56(%esp),	%ecx
-	/* get and push parameter 5 */
-	pushl	%ecx
-	/* get and push parameter 3 */
-	movl	52(%esp),	%eax
-	pushl	%eax
-	pushl	%ebx
-	cmpl	$0,		%ecx
-	jz	.L004decrypt
-	andl	$4294967288,	%ebp
-	movl	12(%esp),	%eax
-	movl	16(%esp),	%ebx
-	jz	.L005encrypt_finish
-.L006encrypt_loop:
-	movl	(%esi),		%ecx
-	movl	4(%esi),	%edx
-	xorl	%ecx,		%eax
-	xorl	%edx,		%ebx
-	movl	%eax,		12(%esp)
-	movl	%ebx,		16(%esp)
-	call	des_encrypt
-	movl	12(%esp),	%eax
-	movl	16(%esp),	%ebx
-	movl	%eax,		(%edi)
-	movl	%ebx,		4(%edi)
-	addl	$8,		%esi
-	addl	$8,		%edi
-	subl	$8,		%ebp
-	jnz	.L006encrypt_loop
-.L005encrypt_finish:
-	movl	56(%esp),	%ebp
-	andl	$7,		%ebp
-	jz	.L007finish
-	xorl	%ecx,		%ecx
-	xorl	%edx,		%edx
-	movl	.L008cbc_enc_jmp_table(,%ebp,4),%ebp
-	jmp	*%ebp
-.L009ej7:
-	movb	6(%esi),	%dh
-	sall	$8,		%edx
-.L010ej6:
-	movb	5(%esi),	%dh
-.L011ej5:
-	movb	4(%esi),	%dl
-.L012ej4:
-	movl	(%esi),		%ecx
-	jmp	.L013ejend
-.L014ej3:
-	movb	2(%esi),	%ch
-	sall	$8,		%ecx
-.L015ej2:
-	movb	1(%esi),	%ch
-.L016ej1:
-	movb	(%esi),		%cl
-.L013ejend:
-	xorl	%ecx,		%eax
-	xorl	%edx,		%ebx
-	movl	%eax,		12(%esp)
-	movl	%ebx,		16(%esp)
-	call	des_encrypt
-	movl	12(%esp),	%eax
-	movl	16(%esp),	%ebx
-	movl	%eax,		(%edi)
-	movl	%ebx,		4(%edi)
-	jmp	.L007finish
-.align ALIGN
-.L004decrypt:
-	andl	$4294967288,	%ebp
-	movl	20(%esp),	%eax
-	movl	24(%esp),	%ebx
-	jz	.L017decrypt_finish
-.L018decrypt_loop:
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-	movl	%eax,		12(%esp)
-	movl	%ebx,		16(%esp)
-	call	des_encrypt
-	movl	12(%esp),	%eax
-	movl	16(%esp),	%ebx
-	movl	20(%esp),	%ecx
-	movl	24(%esp),	%edx
-	xorl	%eax,		%ecx
-	xorl	%ebx,		%edx
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-	movl	%ecx,		(%edi)
-	movl	%edx,		4(%edi)
-	movl	%eax,		20(%esp)
-	movl	%ebx,		24(%esp)
-	addl	$8,		%esi
-	addl	$8,		%edi
-	subl	$8,		%ebp
-	jnz	.L018decrypt_loop
-.L017decrypt_finish:
-	movl	56(%esp),	%ebp
-	andl	$7,		%ebp
-	jz	.L007finish
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-	movl	%eax,		12(%esp)
-	movl	%ebx,		16(%esp)
-	call	des_encrypt
-	movl	12(%esp),	%eax
-	movl	16(%esp),	%ebx
-	movl	20(%esp),	%ecx
-	movl	24(%esp),	%edx
-	xorl	%eax,		%ecx
-	xorl	%ebx,		%edx
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-.L019dj7:
-	rorl	$16,		%edx
-	movb	%dl,		6(%edi)
-	shrl	$16,		%edx
-.L020dj6:
-	movb	%dh,		5(%edi)
-.L021dj5:
-	movb	%dl,		4(%edi)
-.L022dj4:
-	movl	%ecx,		(%edi)
-	jmp	.L023djend
-.L024dj3:
-	rorl	$16,		%ecx
-	movb	%cl,		2(%edi)
-	sall	$16,		%ecx
-.L025dj2:
-	movb	%ch,		1(%esi)
-.L026dj1:
-	movb	%cl,		(%esi)
-.L023djend:
-	jmp	.L007finish
-.align ALIGN
-.L007finish:
-	movl	64(%esp),	%ecx
-	addl	$28,		%esp
-	movl	%eax,		(%ecx)
-	movl	%ebx,		4(%ecx)
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.align ALIGN
-.L008cbc_enc_jmp_table:
-	.long 0
-	.long .L016ej1
-	.long .L015ej2
-	.long .L014ej3
-	.long .L012ej4
-	.long .L011ej5
-	.long .L010ej6
-	.long .L009ej7
-.align ALIGN
-.L027cbc_dec_jmp_table:
-	.long 0
-	.long .L026dj1
-	.long .L025dj2
-	.long .L024dj3
-	.long .L022dj4
-	.long .L021dj5
-	.long .L020dj6
-	.long .L019dj7
-.des_ncbc_encrypt_end:
-	SIZE(des_ncbc_encrypt,.des_ncbc_encrypt_end-des_ncbc_encrypt)
-.ident	"desasm.pl"
-.text
-	.align ALIGN
-.globl des_ede3_cbc_encrypt
-	TYPE(des_ede3_cbc_encrypt,@function)
-des_ede3_cbc_encrypt:
-
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	movl	28(%esp),	%ebp
-	/* getting iv ptr from parameter 6 */
-	movl	44(%esp),	%ebx
-	movl	(%ebx),		%esi
-	movl	4(%ebx),	%edi
-	pushl	%edi
-	pushl	%esi
-	pushl	%edi
-	pushl	%esi
-	movl	%esp,		%ebx
-	movl	36(%esp),	%esi
-	movl	40(%esp),	%edi
-	/* getting encrypt flag from parameter 7 */
-	movl	64(%esp),	%ecx
-	/* get and push parameter 5 */
-	movl	56(%esp),	%eax
-	pushl	%eax
-	/* get and push parameter 4 */
-	movl	56(%esp),	%eax
-	pushl	%eax
-	/* get and push parameter 3 */
-	movl	56(%esp),	%eax
-	pushl	%eax
-	pushl	%ebx
-	cmpl	$0,		%ecx
-	jz	.L028decrypt
-	andl	$4294967288,	%ebp
-	movl	16(%esp),	%eax
-	movl	20(%esp),	%ebx
-	jz	.L029encrypt_finish
-.L030encrypt_loop:
-	movl	(%esi),		%ecx
-	movl	4(%esi),	%edx
-	xorl	%ecx,		%eax
-	xorl	%edx,		%ebx
-	movl	%eax,		16(%esp)
-	movl	%ebx,		20(%esp)
-	call	des_encrypt3
-	movl	16(%esp),	%eax
-	movl	20(%esp),	%ebx
-	movl	%eax,		(%edi)
-	movl	%ebx,		4(%edi)
-	addl	$8,		%esi
-	addl	$8,		%edi
-	subl	$8,		%ebp
-	jnz	.L030encrypt_loop
-.L029encrypt_finish:
-	movl	60(%esp),	%ebp
-	andl	$7,		%ebp
-	jz	.L031finish
-	xorl	%ecx,		%ecx
-	xorl	%edx,		%edx
-	movl	.L032cbc_enc_jmp_table(,%ebp,4),%ebp
-	jmp	*%ebp
-.L033ej7:
-	movb	6(%esi),	%dh
-	sall	$8,		%edx
-.L034ej6:
-	movb	5(%esi),	%dh
-.L035ej5:
-	movb	4(%esi),	%dl
-.L036ej4:
-	movl	(%esi),		%ecx
-	jmp	.L037ejend
-.L038ej3:
-	movb	2(%esi),	%ch
-	sall	$8,		%ecx
-.L039ej2:
-	movb	1(%esi),	%ch
-.L040ej1:
-	movb	(%esi),		%cl
-.L037ejend:
-	xorl	%ecx,		%eax
-	xorl	%edx,		%ebx
-	movl	%eax,		16(%esp)
-	movl	%ebx,		20(%esp)
-	call	des_encrypt3
-	movl	16(%esp),	%eax
-	movl	20(%esp),	%ebx
-	movl	%eax,		(%edi)
-	movl	%ebx,		4(%edi)
-	jmp	.L031finish
-.align ALIGN
-.L028decrypt:
-	andl	$4294967288,	%ebp
-	movl	24(%esp),	%eax
-	movl	28(%esp),	%ebx
-	jz	.L041decrypt_finish
-.L042decrypt_loop:
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-	movl	%eax,		16(%esp)
-	movl	%ebx,		20(%esp)
-	call	des_decrypt3
-	movl	16(%esp),	%eax
-	movl	20(%esp),	%ebx
-	movl	24(%esp),	%ecx
-	movl	28(%esp),	%edx
-	xorl	%eax,		%ecx
-	xorl	%ebx,		%edx
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-	movl	%ecx,		(%edi)
-	movl	%edx,		4(%edi)
-	movl	%eax,		24(%esp)
-	movl	%ebx,		28(%esp)
-	addl	$8,		%esi
-	addl	$8,		%edi
-	subl	$8,		%ebp
-	jnz	.L042decrypt_loop
-.L041decrypt_finish:
-	movl	60(%esp),	%ebp
-	andl	$7,		%ebp
-	jz	.L031finish
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-	movl	%eax,		16(%esp)
-	movl	%ebx,		20(%esp)
-	call	des_decrypt3
-	movl	16(%esp),	%eax
-	movl	20(%esp),	%ebx
-	movl	24(%esp),	%ecx
-	movl	28(%esp),	%edx
-	xorl	%eax,		%ecx
-	xorl	%ebx,		%edx
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-.L043dj7:
-	rorl	$16,		%edx
-	movb	%dl,		6(%edi)
-	shrl	$16,		%edx
-.L044dj6:
-	movb	%dh,		5(%edi)
-.L045dj5:
-	movb	%dl,		4(%edi)
-.L046dj4:
-	movl	%ecx,		(%edi)
-	jmp	.L047djend
-.L048dj3:
-	rorl	$16,		%ecx
-	movb	%cl,		2(%edi)
-	sall	$16,		%ecx
-.L049dj2:
-	movb	%ch,		1(%esi)
-.L050dj1:
-	movb	%cl,		(%esi)
-.L047djend:
-	jmp	.L031finish
-.align ALIGN
-.L031finish:
-	movl	76(%esp),	%ecx
-	addl	$32,		%esp
-	movl	%eax,		(%ecx)
-	movl	%ebx,		4(%ecx)
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.align ALIGN
-.L032cbc_enc_jmp_table:
-	.long 0
-	.long .L040ej1
-	.long .L039ej2
-	.long .L038ej3
-	.long .L036ej4
-	.long .L035ej5
-	.long .L034ej6
-	.long .L033ej7
-.align ALIGN
-.L051cbc_dec_jmp_table:
-	.long 0
-	.long .L050dj1
-	.long .L049dj2
-	.long .L048dj3
-	.long .L046dj4
-	.long .L045dj5
-	.long .L044dj6
-	.long .L043dj7
-.des_ede3_cbc_encrypt_end:
-	SIZE(des_ede3_cbc_encrypt,.des_ede3_cbc_encrypt_end-des_ede3_cbc_encrypt)
-.ident	"desasm.pl"
diff --git a/lib/libssl/src/crypto/des/asm/yx86unix.cpp b/lib/libssl/src/crypto/des/asm/yx86unix.cpp
deleted file mode 100644
index 8719e386070..00000000000
--- a/lib/libssl/src/crypto/des/asm/yx86unix.cpp
+++ /dev/null
@@ -1,976 +0,0 @@
-/* Run the C pre-processor over this file with one of the following defined
- * ELF - elf object files,
- * OUT - a.out object files,
- * BSDI - BSDI style a.out object files
- * SOL - Solaris style elf
- */
-
-#define TYPE(a,b)       .type   a,b
-#define SIZE(a,b)       .size   a,b
-
-#if defined(OUT) || defined(BSDI)
-#define des_SPtrans _des_SPtrans
-#define fcrypt_body _fcrypt_body
-
-#endif
-
-#ifdef OUT
-#define OK	1
-#define ALIGN	4
-#endif
-
-#ifdef BSDI
-#define OK              1
-#define ALIGN           4
-#undef SIZE
-#undef TYPE
-#define SIZE(a,b)
-#define TYPE(a,b)
-#endif
-
-#if defined(ELF) || defined(SOL)
-#define OK              1
-#define ALIGN           16
-#endif
-
-#ifndef OK
-You need to define one of
-ELF - elf systems - linux-elf, NetBSD and DG-UX
-OUT - a.out systems - linux-a.out and FreeBSD
-SOL - solaris systems, which are elf with strange comment lines
-BSDI - a.out with a very primative version of as.
-#endif
-
-/* Let the Assembler begin :-) */
-	/* Don't even think of reading this code */
-	/* It was automatically generated by crypt586.pl */
-	/* Which is a perl program used to generate the x86 assember for */
-	/* any of elf, a.out, BSDI,Win32, or Solaris */
-	/* eric <eay@cryptsoft.com> */
-
-	.file	"crypt586.s"
-	.version	"01.01"
-gcc2_compiled.:
-.text
-	.align ALIGN
-.globl fcrypt_body
-	TYPE(fcrypt_body,@function)
-fcrypt_body:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-
-
-	/* Load the 2 words */
-	xorl	%edi,		%edi
-	xorl	%esi,		%esi
-	movl	24(%esp),	%ebp
-	pushl	$25
-.L000start:
-
-	/* Round 0 */
-	movl	32(%esp),	%eax
-	movl	%esi,		%edx
-	shrl	$16,		%edx
-	movl	36(%esp),	%ecx
-	xorl	%esi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	(%ebp),		%ebx
-	xorl	%ebx,		%eax
-	movl	4(%ebp),	%ecx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	28(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 1 */
-	movl	32(%esp),	%eax
-	movl	%edi,		%edx
-	shrl	$16,		%edx
-	movl	36(%esp),	%ecx
-	xorl	%edi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	8(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	12(%ebp),	%ecx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	28(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 2 */
-	movl	32(%esp),	%eax
-	movl	%esi,		%edx
-	shrl	$16,		%edx
-	movl	36(%esp),	%ecx
-	xorl	%esi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	16(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	20(%ebp),	%ecx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	28(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 3 */
-	movl	32(%esp),	%eax
-	movl	%edi,		%edx
-	shrl	$16,		%edx
-	movl	36(%esp),	%ecx
-	xorl	%edi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	24(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	28(%ebp),	%ecx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	28(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 4 */
-	movl	32(%esp),	%eax
-	movl	%esi,		%edx
-	shrl	$16,		%edx
-	movl	36(%esp),	%ecx
-	xorl	%esi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	32(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	36(%ebp),	%ecx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	28(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 5 */
-	movl	32(%esp),	%eax
-	movl	%edi,		%edx
-	shrl	$16,		%edx
-	movl	36(%esp),	%ecx
-	xorl	%edi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	40(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	44(%ebp),	%ecx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	28(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 6 */
-	movl	32(%esp),	%eax
-	movl	%esi,		%edx
-	shrl	$16,		%edx
-	movl	36(%esp),	%ecx
-	xorl	%esi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	48(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	52(%ebp),	%ecx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	28(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 7 */
-	movl	32(%esp),	%eax
-	movl	%edi,		%edx
-	shrl	$16,		%edx
-	movl	36(%esp),	%ecx
-	xorl	%edi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	56(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	60(%ebp),	%ecx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	28(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 8 */
-	movl	32(%esp),	%eax
-	movl	%esi,		%edx
-	shrl	$16,		%edx
-	movl	36(%esp),	%ecx
-	xorl	%esi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	64(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	68(%ebp),	%ecx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	28(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 9 */
-	movl	32(%esp),	%eax
-	movl	%edi,		%edx
-	shrl	$16,		%edx
-	movl	36(%esp),	%ecx
-	xorl	%edi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	72(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	76(%ebp),	%ecx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	28(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 10 */
-	movl	32(%esp),	%eax
-	movl	%esi,		%edx
-	shrl	$16,		%edx
-	movl	36(%esp),	%ecx
-	xorl	%esi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	80(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	84(%ebp),	%ecx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	28(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 11 */
-	movl	32(%esp),	%eax
-	movl	%edi,		%edx
-	shrl	$16,		%edx
-	movl	36(%esp),	%ecx
-	xorl	%edi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	88(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	92(%ebp),	%ecx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	28(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 12 */
-	movl	32(%esp),	%eax
-	movl	%esi,		%edx
-	shrl	$16,		%edx
-	movl	36(%esp),	%ecx
-	xorl	%esi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	96(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	100(%ebp),	%ecx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	28(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 13 */
-	movl	32(%esp),	%eax
-	movl	%edi,		%edx
-	shrl	$16,		%edx
-	movl	36(%esp),	%ecx
-	xorl	%edi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	104(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	108(%ebp),	%ecx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	28(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 14 */
-	movl	32(%esp),	%eax
-	movl	%esi,		%edx
-	shrl	$16,		%edx
-	movl	36(%esp),	%ecx
-	xorl	%esi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	112(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	116(%ebp),	%ecx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	28(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 15 */
-	movl	32(%esp),	%eax
-	movl	%edi,		%edx
-	shrl	$16,		%edx
-	movl	36(%esp),	%ecx
-	xorl	%edi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	120(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	124(%ebp),	%ecx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	28(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-	movl	(%esp),		%ebx
-	movl	%edi,		%eax
-	decl	%ebx
-	movl	%esi,		%edi
-	movl	%eax,		%esi
-	movl	%ebx,		(%esp)
-	jnz	.L000start
-
-	/* FP */
-	movl	24(%esp),	%edx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	movl	%esi,		%eax
-	xorl	%edi,		%esi
-	andl	$0xaaaaaaaa,	%esi
-	xorl	%esi,		%eax
-	xorl	%esi,		%edi
-
-	roll	$23,		%eax
-	movl	%eax,		%esi
-	xorl	%edi,		%eax
-	andl	$0x03fc03fc,	%eax
-	xorl	%eax,		%esi
-	xorl	%eax,		%edi
-
-	roll	$10,		%esi
-	movl	%esi,		%eax
-	xorl	%edi,		%esi
-	andl	$0x33333333,	%esi
-	xorl	%esi,		%eax
-	xorl	%esi,		%edi
-
-	roll	$18,		%edi
-	movl	%edi,		%esi
-	xorl	%eax,		%edi
-	andl	$0xfff0000f,	%edi
-	xorl	%edi,		%esi
-	xorl	%edi,		%eax
-
-	roll	$12,		%esi
-	movl	%esi,		%edi
-	xorl	%eax,		%esi
-	andl	$0xf0f0f0f0,	%esi
-	xorl	%esi,		%edi
-	xorl	%esi,		%eax
-
-	rorl	$4,		%eax
-	movl	%eax,		(%edx)
-	movl	%edi,		4(%edx)
-	popl	%ecx
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.fcrypt_body_end:
-	SIZE(fcrypt_body,.fcrypt_body_end-fcrypt_body)
-.ident	"fcrypt_body"
diff --git a/lib/libssl/src/crypto/des/cbc3_enc.c b/lib/libssl/src/crypto/des/cbc3_enc.c
index 92a78b05d6c..3863a676d41 100644
--- a/lib/libssl/src/crypto/des/cbc3_enc.c
+++ b/lib/libssl/src/crypto/des/cbc3_enc.c
@@ -59,15 +59,9 @@
 #include "des_locl.h"
 
 /* HAS BUGS? DON'T USE - this is only present for use in des.c */
-void des_3cbc_encrypt(input, output, length, ks1, ks2, iv1, iv2, enc)
-des_cblock (*input);
-des_cblock (*output);
-long length;
-des_key_schedule ks1;
-des_key_schedule ks2;
-des_cblock (*iv1);
-des_cblock (*iv2);
-int enc;
+void des_3cbc_encrypt(des_cblock *input, des_cblock *output, long length,
+	     des_key_schedule ks1, des_key_schedule ks2, des_cblock *iv1,
+	     des_cblock *iv2, int enc)
 	{
 	int off=((int)length-1)/8;
 	long l8=((length+7)/8)*8;
diff --git a/lib/libssl/src/crypto/des/cbc_cksm.c b/lib/libssl/src/crypto/des/cbc_cksm.c
index edfdec8a0f8..1e543cb2a19 100644
--- a/lib/libssl/src/crypto/des/cbc_cksm.c
+++ b/lib/libssl/src/crypto/des/cbc_cksm.c
@@ -58,21 +58,15 @@
 
 #include "des_locl.h"
 
-DES_LONG des_cbc_cksum(input, output, length, schedule, ivec)
-des_cblock (*input);
-des_cblock (*output);
-long length;
-des_key_schedule schedule;
-des_cblock (*ivec);
+DES_LONG des_cbc_cksum(const unsigned char *in, des_cblock *output,
+		long length,
+		des_key_schedule schedule, const_des_cblock *ivec)
 	{
 	register DES_LONG tout0,tout1,tin0,tin1;
 	register long l=length;
 	DES_LONG tin[2];
-	unsigned char *in,*out,*iv;
-
-	in=(unsigned char *)input;
-	out=(unsigned char *)output;
-	iv=(unsigned char *)ivec;
+	unsigned char *out = &(*output)[0];
+	const unsigned char *iv = &(*ivec)[0];
 
 	c2l(iv,tout0);
 	c2l(iv,tout1);
diff --git a/lib/libssl/src/crypto/des/cbc_enc.c b/lib/libssl/src/crypto/des/cbc_enc.c
index a84a53633cd..677903ae4e3 100644
--- a/lib/libssl/src/crypto/des/cbc_enc.c
+++ b/lib/libssl/src/crypto/des/cbc_enc.c
@@ -56,80 +56,6 @@
  * [including the GNU Public Licence.]
  */
 
-#include "des_locl.h"
-
-void des_cbc_encrypt(input, output, length, schedule, ivec, enc)
-des_cblock (*input);
-des_cblock (*output);
-long length;
-des_key_schedule schedule;
-des_cblock (*ivec);
-int enc;
-	{
-	register DES_LONG tin0,tin1;
-	register DES_LONG tout0,tout1,xor0,xor1;
-	register unsigned char *in,*out;
-	register long l=length;
-	DES_LONG tin[2];
-	unsigned char *iv;
-
-	in=(unsigned char *)input;
-	out=(unsigned char *)output;
-	iv=(unsigned char *)ivec;
-
-	if (enc)
-		{
-		c2l(iv,tout0);
-		c2l(iv,tout1);
-		for (l-=8; l>=0; l-=8)
-			{
-			c2l(in,tin0);
-			c2l(in,tin1);
-			tin0^=tout0; tin[0]=tin0;
-			tin1^=tout1; tin[1]=tin1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
-			tout0=tin[0]; l2c(tout0,out);
-			tout1=tin[1]; l2c(tout1,out);
-			}
-		if (l != -8)
-			{
-			c2ln(in,tin0,tin1,l+8);
-			tin0^=tout0; tin[0]=tin0;
-			tin1^=tout1; tin[1]=tin1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
-			tout0=tin[0]; l2c(tout0,out);
-			tout1=tin[1]; l2c(tout1,out);
-			}
-		}
-	else
-		{
-		c2l(iv,xor0);
-		c2l(iv,xor1);
-		for (l-=8; l>=0; l-=8)
-			{
-			c2l(in,tin0); tin[0]=tin0;
-			c2l(in,tin1); tin[1]=tin1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
-			tout0=tin[0]^xor0;
-			tout1=tin[1]^xor1;
-			l2c(tout0,out);
-			l2c(tout1,out);
-			xor0=tin0;
-			xor1=tin1;
-			}
-		if (l != -8)
-			{
-			c2l(in,tin0); tin[0]=tin0;
-			c2l(in,tin1); tin[1]=tin1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
-			tout0=tin[0]^xor0;
-			tout1=tin[1]^xor1;
-			l2cn(tout0,tout1,out,l+8);
-		/*	xor0=tin0;
-			xor1=tin1; */
-			}
-		}
-	tin0=tin1=tout0=tout1=xor0=xor1=0;
-	tin[0]=tin[1]=0;
-	}
+#define CBC_ENC_C__DONT_UPDATE_IV
 
+#include "ncbc_enc.c" /* des_cbc_encrypt */
diff --git a/lib/libssl/src/crypto/des/cfb64ede.c b/lib/libssl/src/crypto/des/cfb64ede.c
index 80b8a9eaaaf..5362a551bfe 100644
--- a/lib/libssl/src/crypto/des/cfb64ede.c
+++ b/lib/libssl/src/crypto/des/cfb64ede.c
@@ -63,14 +63,9 @@
  * 64bit block we have used is contained in *num;
  */
 
-void des_ede3_cfb64_encrypt(in, out, length, ks1,ks2,ks3, ivec, num, enc)
-unsigned char *in;
-unsigned char *out;
-long length;
-des_key_schedule ks1,ks2,ks3;
-des_cblock (*ivec);
-int *num;
-int enc;
+void des_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+	     long length, des_key_schedule ks1, des_key_schedule ks2,
+	     des_key_schedule ks3, des_cblock *ivec, int *num, int enc)
 	{
 	register DES_LONG v0,v1;
 	register long l=length;
@@ -78,7 +73,7 @@ int enc;
 	DES_LONG ti[2];
 	unsigned char *iv,c,cc;
 
-	iv=(unsigned char *)ivec;
+	iv=&(*ivec)[0];
 	if (enc)
 		{
 		while (l--)
@@ -90,14 +85,14 @@ int enc;
 
 				ti[0]=v0;
 				ti[1]=v1;
-				des_encrypt3((DES_LONG *)ti,ks1,ks2,ks3);
+				des_encrypt3(ti,ks1,ks2,ks3);
 				v0=ti[0];
 				v1=ti[1];
 
-				iv=(unsigned char *)ivec;
+				iv = &(*ivec)[0];
 				l2c(v0,iv);
 				l2c(v1,iv);
-				iv=(unsigned char *)ivec;
+				iv = &(*ivec)[0];
 				}
 			c= *(in++)^iv[n];
 			*(out++)=c;
@@ -116,14 +111,14 @@ int enc;
 
 				ti[0]=v0;
 				ti[1]=v1;
-				des_encrypt3((DES_LONG *)ti,ks1,ks2,ks3);
+				des_encrypt3(ti,ks1,ks2,ks3);
 				v0=ti[0];
 				v1=ti[1];
 
-				iv=(unsigned char *)ivec;
+				iv = &(*ivec)[0];
 				l2c(v0,iv);
 				l2c(v1,iv);
-				iv=(unsigned char *)ivec;
+				iv = &(*ivec)[0];
 				}
 			cc= *(in++);
 			c=iv[n];
@@ -137,14 +132,9 @@ int enc;
 	}
 
 #ifdef undef /* MACRO */
-void des_ede2_cfb64_encrypt(in, out, length, ks1,ks2, ivec, num, enc)
-unsigned char *in;
-unsigned char *out;
-long length;
-des_key_schedule ks1,ks2;
-des_cblock (*ivec);
-int *num;
-int enc;
+void des_ede2_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
+	     des_key_schedule ks1, des_key_schedule ks2, des_cblock (*ivec),
+	     int *num, int enc)
 	{
 	des_ede3_cfb64_encrypt(in,out,length,ks1,ks2,ks1,ivec,num,enc);
 	}
diff --git a/lib/libssl/src/crypto/des/cfb64enc.c b/lib/libssl/src/crypto/des/cfb64enc.c
index 403da479dfc..389a232cb36 100644
--- a/lib/libssl/src/crypto/des/cfb64enc.c
+++ b/lib/libssl/src/crypto/des/cfb64enc.c
@@ -63,14 +63,9 @@
  * 64bit block we have used is contained in *num;
  */
 
-void des_cfb64_encrypt(in, out, length, schedule, ivec, num, enc)
-unsigned char *in;
-unsigned char *out;
-long length;
-des_key_schedule schedule;
-des_cblock (*ivec);
-int *num;
-int enc;
+void des_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+	     long length, des_key_schedule schedule, des_cblock *ivec,
+	     int *num, int enc)
 	{
 	register DES_LONG v0,v1;
 	register long l=length;
@@ -78,7 +73,7 @@ int enc;
 	DES_LONG ti[2];
 	unsigned char *iv,c,cc;
 
-	iv=(unsigned char *)ivec;
+	iv = &(*ivec)[0];
 	if (enc)
 		{
 		while (l--)
@@ -87,12 +82,11 @@ int enc;
 				{
 				c2l(iv,v0); ti[0]=v0;
 				c2l(iv,v1); ti[1]=v1;
-				des_encrypt((DES_LONG *)ti,
-					schedule,DES_ENCRYPT);
-				iv=(unsigned char *)ivec;
+				des_encrypt(ti,schedule,DES_ENCRYPT);
+				iv = &(*ivec)[0];
 				v0=ti[0]; l2c(v0,iv);
 				v0=ti[1]; l2c(v0,iv);
-				iv=(unsigned char *)ivec;
+				iv = &(*ivec)[0];
 				}
 			c= *(in++)^iv[n];
 			*(out++)=c;
@@ -108,12 +102,11 @@ int enc;
 				{
 				c2l(iv,v0); ti[0]=v0;
 				c2l(iv,v1); ti[1]=v1;
-				des_encrypt((DES_LONG *)ti,
-					schedule,DES_ENCRYPT);
-				iv=(unsigned char *)ivec;
+				des_encrypt(ti,schedule,DES_ENCRYPT);
+				iv = &(*ivec)[0];
 				v0=ti[0]; l2c(v0,iv);
 				v0=ti[1]; l2c(v0,iv);
-				iv=(unsigned char *)ivec;
+				iv = &(*ivec)[0];
 				}
 			cc= *(in++);
 			c=iv[n];
diff --git a/lib/libssl/src/crypto/des/cfb_enc.c b/lib/libssl/src/crypto/des/cfb_enc.c
index 342e7856912..cca34dd7c5e 100644
--- a/lib/libssl/src/crypto/des/cfb_enc.c
+++ b/lib/libssl/src/crypto/des/cfb_enc.c
@@ -64,14 +64,8 @@
  * the second.  The second 12 bits will come from the 3rd and half the 4th
  * byte.
  */
-void des_cfb_encrypt(in, out, numbits, length, schedule, ivec, enc)
-unsigned char *in;
-unsigned char *out;
-int numbits;
-long length;
-des_key_schedule schedule;
-des_cblock (*ivec);
-int enc;
+void des_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
+	     long length, des_key_schedule schedule, des_cblock *ivec, int enc)
 	{
 	register DES_LONG d0,d1,v0,v1,n=(numbits+7)/8;
 	register DES_LONG mask0,mask1;
@@ -96,7 +90,7 @@ int enc;
 		mask1=0x00000000L;
 		}
 
-	iv=(unsigned char *)ivec;
+	iv = &(*ivec)[0];
 	c2l(iv,v0);
 	c2l(iv,v1);
 	if (enc)
@@ -163,7 +157,7 @@ int enc;
 			out+=n;
 			}
 		}
-	iv=(unsigned char *)ivec;
+	iv = &(*ivec)[0];
 	l2c(v0,iv);
 	l2c(v1,iv);
 	v0=v1=d0=d1=ti[0]=ti[1]=0;
diff --git a/lib/libssl/src/crypto/des/des-lib.com b/lib/libssl/src/crypto/des/des-lib.com
new file mode 100644
index 00000000000..2aea7a0deac
--- /dev/null
+++ b/lib/libssl/src/crypto/des/des-lib.com
@@ -0,0 +1,1003 @@
+$!
+$!  DES-LIB.COM
+$!  Written By:  Robert Byer
+$!               Vice-President
+$!               A-Com Computing, Inc.
+$!               byer@mail.all-net.net
+$!
+$!  Changes by Richard Levitte <richard@levitte.org>
+$!
+$!  This command files compiles and creates the 
+$!  "[.xxx.EXE.CRYPTO.DES]LIBDES.OLB" library.  The "xxx" denotes the machine 
+$!  architecture of AXP or VAX.
+$!
+$!  It was re-written to try to determine which "C" compiler to try to use
+$!  or the user can specify a compiler in P3.
+$!
+$!  Specify one of the following to build just that part, specify "ALL" to
+$!  just build everything.
+$!
+$!         ALL       To Just Build "Everything".
+$!         LIBRARY   To Just Build The [.xxx.EXE.CRYPTO.DES]LIBDES.OLB Library.
+$!         DESTEST   To Just Build The [.xxx.EXE.CRYPTO.DES]DESTEST.EXE Program.
+$!         SPEED     To Just Build The [.xxx.EXE.CRYPTO.DES]SPEED.EXE Program.
+$!         RPW       To Just Build The [.xxx.EXE.CRYPTO.DES]RPW.EXE Program.
+$!         DES       To Just Build The [.xxx.EXE.CRYPTO.DES]DES.EXE Program.
+$!         DES_OPTS  To Just Build The [.xxx.EXE.CRYPTO.DES]DES_OPTS.EXE Program.
+$!
+$!  Specify either DEBUG or NODEBUG as P2 to compile with or without
+$!  debugging information.
+$!
+$!  Specify which compiler at P3 to try to compile under.
+$!
+$!	   VAXC	 For VAX C.
+$!	   DECC	 For DEC C.
+$!	   GNUC	 For GNU C.
+$!
+$!  If you don't speficy a compiler, it will try to determine which
+$!  "C" compiler to try to use.
+$!
+$!  P4, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
+$!
+$!
+$! Make sure we know what architecture we run on.
+$!
+$!
+$! Check Which Architecture We Are Using.
+$!
+$ IF (F$GETSYI("CPU").GE.128)
+$ THEN
+$!
+$!  The Architecture Is AXP.
+$!
+$   ARCH := AXP
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  The Architecture Is VAX.
+$!
+$   ARCH := VAX
+$!
+$! End The Architecture Check.
+$!
+$ ENDIF
+$!
+$! Check To Make Sure We Have Valid Command Line Parameters.
+$!
+$ GOSUB CHECK_OPTIONS
+$!
+$! Tell The User What Kind of Machine We Run On.
+$!
+$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
+$!
+$! Define The OBJ Directory Name.
+$!
+$ OBJ_DIR := SYS$DISK:[--.'ARCH'.OBJ.CRYPTO.DES]
+$!
+$! Check To See If The Architecture Specific OBJ Directory Exists.
+$!
+$ IF (F$PARSE(OBJ_DIR).EQS."")
+$ THEN
+$!
+$!  It Dosen't Exist, So Create It.
+$!
+$   CREATE/DIR 'OBJ_DIR'
+$!
+$! End The Architecture Specific OBJ Directory Check.
+$!
+$ ENDIF
+$!
+$! Define The EXE Directory Name.
+$!
+$ EXE_DIR :== SYS$DISK:[--.'ARCH'.EXE.CRYPTO.DES]
+$!
+$! Check To See If The Architecture Specific Directory Exists.
+$!
+$ IF (F$PARSE(EXE_DIR).EQS."")
+$ THEN
+$!
+$!  It Dosen't Exist, So Create It.
+$!
+$   CREATE/DIR 'EXE_DIR'
+$!
+$! End The Architecture Specific Directory Check.
+$!
+$ ENDIF
+$!
+$! Define The Library Name.
+$!
+$ LIB_NAME := 'EXE_DIR'LIBDES.OLB
+$!
+$! Check To See What We Are To Do.
+$!
+$ IF (BUILDALL.EQS."TRUE")
+$ THEN
+$!
+$!  Since Nothing Special Was Specified, Do Everything.
+$!
+$   GOSUB LIBRARY
+$   GOSUB DESTEST
+$   GOSUB SPEED
+$   GOSUB RPW
+$   GOSUB DES
+$   GOSUB DES_OPTS
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!    Build Just What The User Wants Us To Build.
+$!
+$     GOSUB 'BUILDALL'
+$!
+$! End The BUILDALL Check.
+$!
+$ ENDIF
+$!
+$! Time To EXIT.
+$!
+$ EXIT
+$ LIBRARY:
+$!
+$! Tell The User That We Are Compiling.
+$!
+$ WRITE SYS$OUTPUT "Compiling The ",LIB_NAME," Files."
+$!
+$! Check To See If We Already Have A "[.xxx.EXE.CRYPTO.DES]LIBDES.OLB" Library...
+$!
+$ IF (F$SEARCH(LIB_NAME).EQS."")
+$ THEN
+$!
+$! Guess Not, Create The Library.
+$!
+$   LIBRARY/CREATE/OBJECT 'LIB_NAME'
+$!
+$! End The Library Exist Check.
+$!
+$ ENDIF
+$!
+$! Define The DES Library Files.
+$!
+$ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ -
+		"ecb3_enc,cfb64enc,cfb64ede,cfb_enc,ofb64ede,"+ -
+		"enc_read,enc_writ,ofb64enc,"+ -
+		"ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ -
+		"des_enc,fcrypt_b,read2pwd,"+ -
+		"fcrypt,xcbc_enc,read_pwd,rpc_enc,cbc_cksm,supp"
+$!
+$!  Define A File Counter And Set It To "0".
+$!
+$ FILE_COUNTER = 0
+$!
+$! Top Of The File Loop.
+$!
+$ NEXT_FILE:
+$!
+$! O.K, Extract The File Name From The File List.
+$!
+$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",LIB_DES)
+$!
+$! Check To See If We Are At The End Of The File List.
+$!
+$ IF (FILE_NAME.EQS.",") THEN GOTO FILE_DONE
+$!
+$! Increment The Counter.
+$!
+$ FILE_COUNTER = FILE_COUNTER + 1
+$!
+$! Create The Source File Name.
+$!
+$ SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME + ".C"
+$!
+$!  Tell The User We Are Compiling The Source File.
+$!
+$ WRITE SYS$OUTPUT "	",FILE_NAME,".C"
+$!
+$! Create The Object File Name.
+$!
+$ OBJECT_FILE = OBJ_DIR + FILE_NAME + "." + ARCH + "OBJ"
+$ ON WARNING THEN GOTO NEXT_FILE
+$!
+$! Check To See If The File We Want To Compile Actually Exists.
+$!
+$ IF (F$SEARCH(SOURCE_FILE).EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Dosen't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Dosen't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   EXIT
+$!
+$! End The File Exists Check.
+$!
+$ ENDIF
+$!
+$! Compile The File.
+$!
+$ ON ERROR THEN GOTO NEXT_FILE
+$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$!
+$! Add It To The Library.
+$!
+$ LIBRARY/REPLACE/OBJECT 'LIB_NAME' 'OBJECT_FILE'
+$!
+$! Time To Clean Up The Object File.
+$!
+$ DELETE 'OBJECT_FILE';*
+$!
+$! Go Back And Do It Again.
+$!
+$ GOTO NEXT_FILE
+$!
+$! All Done With This Library Part.
+$!
+$ FILE_DONE:
+$!
+$! Tell The User That We Are All Done.
+$!
+$ WRITE SYS$OUTPUT "Library ",LIB_NAME," Built."
+$!
+$! All Done, Time To Return.
+$!
+$ RETURN
+$!
+$!  Compile The DESTEST Program.
+$!
+$ DESTEST:
+$!
+$! Check To See If We Have The Proper Libraries.
+$!
+$ GOSUB LIB_CHECK
+$!
+$! Check To See If We Have A Linker Option File.
+$!
+$ GOSUB CHECK_OPT_FILE
+$!
+$! Check To See If The File We Want To Compile Actually Exists.
+$!
+$ IF (F$SEARCH("SYS$DISK:[]DESTEST.C").EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Dosen't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File DESTEST.C Dosen't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   EXIT
+$!
+$! End The DESTEST.C File Check.
+$!
+$ ENDIF
+$!
+$! Tell The User What We Are Building.
+$!
+$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"DESTEST.EXE"
+$!
+$! Compile The DESTEST Program.
+$!
+$ CC/OBJECT='OBJ_DIR'DESTEST.OBJ SYS$DISK:[]DESTEST.C
+$!
+$! Link The DESTEST Program.
+$!
+$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'DESTEST.EXE -
+      'OBJ_DIR'DESTEST.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
+$!
+$! All Done, Time To Return.
+$!
+$ RETURN
+$!
+$!  Compile The SPEED Program.
+$!
+$ SPEED:
+$!
+$! Check To See If We Have The Proper Libraries.
+$!
+$ GOSUB LIB_CHECK
+$!
+$! Check To See If We Have A Linker Option File.
+$!
+$ GOSUB CHECK_OPT_FILE
+$!
+$! Check To See If The File We Want To Compile Actually Exists.
+$!
+$ IF (F$SEARCH("SYS$DISK:[]SPEED.C").EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Dosen't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File SPEED.C Dosen't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   EXIT
+$!
+$! End The SPEED.C File Check.
+$!
+$ ENDIF
+$!
+$! Tell The User What We Are Building.
+$!
+$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"SPEED.EXE"
+$!
+$! Compile The SPEED Program.
+$!
+$ CC/OBJECT='OBJ_DIR'SPEED.OBJ SYS$DISK:[]SPEED.C
+$!
+$! Link The SPEED Program.
+$!
+$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'SPEED.EXE -
+      'OBJ_DIR'SPEED.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
+$!
+$! All Done, Time To Return.
+$!
+$ RETURN
+$!
+$!  Compile The RPW Program.
+$!
+$ RPW:
+$!
+$! Check To See If We Have The Proper Libraries.
+$!
+$ GOSUB LIB_CHECK
+$!
+$! Check To See If We Have A Linker Option File.
+$!
+$ GOSUB CHECK_OPT_FILE
+$!
+$! Check To See If The File We Want To Compile Actually Exists.
+$!
+$ IF (F$SEARCH("SYS$DISK:[]RPW.C").EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Dosen't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File RPW.C Dosen't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   EXIT
+$!
+$! End The RPW.C File Check.
+$!
+$ ENDIF
+$!
+$! Tell The User What We Are Building.
+$!
+$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"RPW.EXE"
+$!
+$! Compile The RPW Program.
+$!
+$ CC/OBJECT='OBJ_DIR'RPW.OBJ SYS$DISK:[]RPW.C
+$!
+$! Link The RPW Program.
+$!
+$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'RPW.EXE -
+      'OBJ_DIR'RPW.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
+$!
+$! All Done, Time To Return.
+$!
+$ RETURN
+$!
+$!  Compile The DES Program.
+$!
+$ DES:
+$!
+$! Check To See If We Have The Proper Libraries.
+$!
+$ GOSUB LIB_CHECK
+$!
+$! Check To See If We Have A Linker Option File.
+$!
+$ GOSUB CHECK_OPT_FILE
+$!
+$! Check To See If The File We Want To Compile Actually Exists.
+$!
+$ IF (F$SEARCH("SYS$DISK:[]DES.C").EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Dosen't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File DES.C Dosen't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   EXIT
+$!
+$! End The DES.C File Check.
+$!
+$ ENDIF
+$!
+$! Tell The User What We Are Building.
+$!
+$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"DES.EXE"
+$!
+$! Compile The DES Program.
+$!
+$ CC/OBJECT='OBJ_DIR'DES.OBJ SYS$DISK:[]DES.C
+$ CC/OBJECT='OBJ_DIR'DES.OBJ SYS$DISK:[]CBC3_ENC.C
+$!
+$! Link The DES Program.
+$!
+$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'DES.EXE -
+      'OBJ_DIR'DES.OBJ,'OBJ_DIR'CBC3_ENC.OBJ,-
+      'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
+$!
+$! All Done, Time To Return.
+$!
+$ RETURN
+$!
+$!  Compile The DES_OPTS Program.
+$!
+$ DES_OPTS:
+$!
+$! Check To See If We Have The Proper Libraries.
+$!
+$ GOSUB LIB_CHECK
+$!
+$! Check To See If We Have A Linker Option File.
+$!
+$ GOSUB CHECK_OPT_FILE
+$!
+$! Check To See If The File We Want To Compile Actually Exists.
+$!
+$ IF (F$SEARCH("SYS$DISK:[]DES_OPTS.C").EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Dosen't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File DES_OPTS.C Dosen't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   EXIT
+$!
+$! End The DES_OPTS.C File Check.
+$!
+$ ENDIF
+$!
+$! Tell The User What We Are Building.
+$!
+$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"DES_OPTS.EXE"
+$!
+$! Compile The DES_OPTS Program.
+$!
+$ CC/OBJECT='OBJ_DIR'DES_OPTS.OBJ SYS$DISK:[]DES_OPTS.C
+$!
+$! Link The DES_OPTS Program.
+$!
+$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'DES_OPTS.EXE -
+      'OBJ_DIR'DES_OPTS.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
+$!
+$! All Done, Time To Return.
+$!
+$ RETURN
+$ EXIT
+$!
+$! Check For The Link Option FIle.
+$!
+$ CHECK_OPT_FILE:
+$!
+$! Check To See If We Need To Make A VAX C Option File.
+$!
+$ IF (COMPILER.EQS."VAXC")
+$ THEN
+$!
+$!  Check To See If We Already Have A VAX C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    We Need A VAX C Linker Option File.
+$!
+$     CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable VAX C Runtime Library.
+!
+SYS$SHARE:VAXCRTL.EXE/SHARE
+$EOD
+$!
+$!  End The Option File Check.
+$!
+$   ENDIF
+$!
+$! End The VAXC Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A GNU C Option File.
+$!
+$ IF (COMPILER.EQS."GNUC")
+$ THEN
+$!
+$!  Check To See If We Already Have A GNU C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    We Need A GNU C Linker Option File.
+$!
+$     CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable C Runtime Library.
+!
+GNU_CC:[000000]GCCLIB/LIBRARY
+SYS$SHARE:VAXCRTL/SHARE
+$EOD
+$!
+$!  End The Option File Check.
+$!
+$   ENDIF
+$!
+$! End The GNU C Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A DEC C Option File.
+$!
+$ IF (COMPILER.EQS."DECC")
+$ THEN
+$!
+$!  Check To See If We Already Have A DEC C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    Figure Out If We Need An AXP Or A VAX Linker Option File.
+$!
+$     IF (F$GETSYI("CPU").LT.128)
+$     THEN
+$!
+$!      We Need A DEC C Linker Option File For VAX.
+$!
+$       CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable DEC C Runtime Library.
+!
+SYS$SHARE:DECC$SHR.EXE/SHARE
+$EOD
+$!
+$!    Else...
+$!
+$     ELSE
+$!
+$!      Create The AXP Linker Option File.
+$!
+$       CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File For AXP To Link Agianst 
+! The Sharable C Runtime Library.
+!
+SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
+SYS$SHARE:CMA$OPEN_RTL/SHARE
+$EOD
+$!
+$!    End The VAX/AXP DEC C Option File Check.
+$!
+$     ENDIF
+$!
+$!  End The Option File Search.
+$!
+$   ENDIF
+$!
+$! End The DEC C Check.
+$!
+$ ENDIF
+$!
+$!  Tell The User What Linker Option File We Are Using.
+$!
+$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"."	
+$!
+$! Time To RETURN.
+$!
+$ RETURN
+$!
+$! Library Check.
+$!
+$ LIB_CHECK:
+$!
+$!  Look For The Library LIBDES.OLB.
+$!
+$ IF (F$SEARCH(LIB_NAME).EQS."")
+$ THEN
+$!
+$!    Tell The User We Can't Find The [.xxx.CRYPTO.DES]LIBDES.OLB Library.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "Can't Find The Library ",LIB_NAME,"."
+$   WRITE SYS$OUTPUT "We Can't Link Without It."
+$   WRITE SYS$OUTPUT ""
+$!
+$!    Since We Can't Link Without It, Exit.
+$!
+$   EXIT
+$ ENDIF
+$!
+$! Time To Return.
+$!
+$ RETURN
+$!
+$! Check The User's Options.
+$!
+$ CHECK_OPTIONS:
+$!
+$! Check To See If We Are To "Just Build Everything".
+$!
+$ IF (P1.EQS."ALL")
+$ THEN
+$!
+$!   P1 Is "ALL", So Build Everything.
+$!
+$    BUILDALL = "TRUE"
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  Else, Check To See If P1 Has A Valid Arguement.
+$!
+$   IF (P1.EQS."LIBRARY").OR.(P1.EQS."DESTEST").OR.(P1.EQS."SPEED") -
+       .OR.(P1.EQS."RPW").OR.(P1.EQS."DES").OR.(P1.EQS."DES_OPTS")
+$   THEN
+$!
+$!    A Valid Arguement.
+$!
+$     BUILDALL = P1
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Tell The User We Don't Know What They Want.
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ",P1," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "    ALL      :  Just Build Everything.
+$     WRITE SYS$OUTPUT "    LIBRARY  :  To Compile Just The [.xxx.EXE.CRYPTO.DES]LIBDES.OLB Library."
+$     WRITE SYS$OUTPUT "    DESTEST  :  To Compile Just The [.xxx.EXE.CRYPTO.DES]DESTEST.EXE Program."
+$     WRITE SYS$OUTPUT "    SPEED    :  To Compile Just The [.xxx.EXE.CRYPTO.DES]SPEED.EXE Program."
+$     WRITE SYS$OUTPUT "    RPW      :  To Compile Just The [.xxx.EXE.CRYPTO.DES]RPW.EXE Program."
+$     WRITE SYS$OUTPUT "    DES      :  To Compile Just The [.xxx.EXE.CRYPTO.DES]DES.EXE Program."
+$     WRITE SYS$OUTPUT "    DES_OPTS :  To Compile Just The [.xxx.EXE.CRYTPO.DES]DES_OPTS.EXE Program."
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT " Where 'xxx' Stands For: "
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "        AXP  :  Alpha Architecture."
+$     WRITE SYS$OUTPUT "        VAX  :  VAX Architecture."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$!
+$!  End The Valid Arguement Check.
+$!
+$   ENDIF
+$!
+$! End The P1 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Are To Compile Without Debugger Information.
+$!
+$ IF (P2.EQS."NODEBUG")
+$ THEN
+$!
+$!   P2 Is Blank, So Compile Without Debugger Information.
+$!
+$    DEBUGGER  = "NODEBUG"
+$    TRACEBACK = "NOTRACEBACK" 
+$    GCC_OPTIMIZE = "OPTIMIZE"
+$    CC_OPTIMIZE = "OPTIMIZE"
+$    WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
+$    WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  Check To See If We Are To Compile With Debugger Information.
+$!
+$   IF (P2.EQS."DEBUG")
+$   THEN
+$!
+$!    Compile With Debugger Information.
+$!
+$     DEBUGGER  = "DEBUG"
+$     TRACEBACK = "TRACEBACK"
+$     GCC_OPTIMIZE = "NOOPTIMIZE"
+$     CC_OPTIMIZE = "NOOPTIMIZE"
+$     WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
+$     WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Tell The User Entered An Invalid Option..
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ",P2," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "    DEBUG    :  Compile With The Debugger Information."
+$     WRITE SYS$OUTPUT "    NODEBUG  :  Compile Without The Debugger Information."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$!
+$!  End The Valid Arguement Check.
+$!
+$   ENDIF
+$!
+$! End The P2 Check.
+$!
+$ ENDIF
+$!
+$! Special Threads For OpenVMS v7.1 Or Later.
+$!
+$! Written By:  Richard Levitte
+$!              richard@levitte.org
+$!
+$!
+$! Check To See If We Have A Option For P4.
+$!
+$ IF (P4.EQS."")
+$ THEN
+$!
+$!  Get The Version Of VMS We Are Using.
+$!
+$   ISSEVEN := ""
+$   TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION")))
+$   TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))
+$!
+$!  Check To See If The VMS Version Is v7.1 Or Later.
+$!
+$   IF (TMP.GE.71)
+$   THEN
+$!
+$!    We Have OpenVMS v7.1 Or Later, So Use The Special Threads.
+$!
+$     ISSEVEN := ,PTHREAD_USE_D4
+$!
+$!  End The VMS Version Check.
+$!
+$   ENDIF
+$!
+$! End The P4 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If P3 Is Blank.
+$!
+$ IF (P3.EQS."")
+$ THEN
+$!
+$!  O.K., The User Didn't Specify A Compiler, Let's Try To
+$!  Find Out Which One To Use.
+$!
+$!  Check To See If We Have GNU C.
+$!
+$   IF (F$TRNLNM("GNU_CC").NES."")
+$   THEN
+$!
+$!    Looks Like GNUC, Set To Use GNUC.
+$!
+$     P3 = "GNUC"
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Check To See If We Have VAXC Or DECC.
+$!
+$     IF (ARCH.EQS."AXP").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
+$     THEN 
+$!
+$!      Looks Like DECC, Set To Use DECC.
+$!
+$       P3 = "DECC"
+$!
+$!    Else...
+$!
+$     ELSE
+$!
+$!      Looks Like VAXC, Set To Use VAXC.
+$!
+$       P3 = "VAXC"
+$!
+$!    End The VAXC Compiler Check.
+$!
+$     ENDIF
+$!
+$!  End The DECC & VAXC Compiler Check.
+$!
+$   ENDIF
+$!
+$!  End The Compiler Check.
+$!
+$ ENDIF
+$!
+$! Set Up Initial CC Definitions, Possibly With User Ones
+$!
+$ CCDEFS = "VMS=1"
+$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
+$ CCEXTRAFLAGS = ""
+$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
+$ CCDISABLEWARNINGS = ""
+$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
+	CCDISABLEWARNINGS = USER_CCDISABLEWARNINGS
+$!
+$!  Check To See If The User Entered A Valid Paramter.
+$!
+$ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC")
+$ THEN
+$!
+$!    Check To See If The User Wanted DECC.
+$!
+$   IF (P3.EQS."DECC")
+$   THEN
+$!
+$!    Looks Like DECC, Set To Use DECC.
+$!
+$     COMPILER = "DECC"
+$!
+$!    Tell The User We Are Using DECC.
+$!
+$     WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
+$!
+$!    Use DECC...
+$!
+$     CC = "CC"
+$     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
+	 THEN CC = "CC/DECC"
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
+           "/NOLIST/PREFIX=ALL" + CCEXTRAFLAGS
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT"
+$!
+$!  End DECC Check.
+$!
+$   ENDIF
+$!
+$!  Check To See If We Are To Use VAXC.
+$!
+$   IF (P3.EQS."VAXC")
+$   THEN
+$!
+$!    Looks Like VAXC, Set To Use VAXC.
+$!
+$     COMPILER = "VAXC"
+$!
+$!    Tell The User We Are Using VAX C.
+$!
+$     WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
+$!
+$!    Compile Using VAXC.
+$!
+$     CC = "CC"
+$     IF ARCH.EQS."AXP"
+$     THEN
+$	WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
+$	EXIT
+$     ENDIF
+$     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS
+$     CCDEFS = """VAXC""," + CCDEFS
+$!
+$!    Define <sys> As SYS$COMMON:[SYSLIB]
+$!
+$     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT"
+$!
+$!  End VAXC Check
+$!
+$   ENDIF
+$!
+$!  Check To See If We Are To Use GNU C.
+$!
+$   IF (P3.EQS."GNUC")
+$   THEN
+$!
+$!    Looks Like GNUC, Set To Use GNUC.
+$!
+$     COMPILER = "GNUC"
+$!
+$!    Tell The User We Are Using GNUC.
+$!
+$     WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
+$!
+$!    Use GNU C...
+$!
+$     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT"
+$!
+$!  End The GNU C Check.
+$!
+$   ENDIF
+$!
+$!  Set up default defines
+$!
+$   CCDEFS = """FLAT_INC=1""," + CCDEFS
+$!
+$!  Finish up the definition of CC.
+$!
+$   IF COMPILER .EQS. "DECC"
+$   THEN
+$     IF CCDISABLEWARNINGS .EQS. ""
+$     THEN
+$       CC4DISABLEWARNINGS = "DOLLARID"
+$     ELSE
+$       CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
+$       CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
+$     ENDIF
+$     CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
+$   ELSE
+$     CCDISABLEWARNINGS = ""
+$     CC4DISABLEWARNINGS = ""
+$   ENDIF
+$   CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
+$!
+$!  Show user the result
+$!
+$   WRITE SYS$OUTPUT "Main Compiling Command: ",CC
+$!
+$!  Else The User Entered An Invalid Arguement.
+$!
+$ ELSE
+$!
+$!  Tell The User We Don't Know What They Want.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The Option ",P3," Is Invalid.  The Valid Options Are:"
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "    VAXC  :  To Compile With VAX C."
+$   WRITE SYS$OUTPUT "    DECC  :  To Compile With DEC C."
+$   WRITE SYS$OUTPUT "    GNUC  :  To Compile With GNU C."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Time To EXIT.
+$!
+$   EXIT
+$!
+$! End The P3 Check.
+$!
+$ ENDIF
+$!
+$!  Time To RETURN...
+$!
+$ RETURN
diff --git a/lib/libssl/src/crypto/des/des.c b/lib/libssl/src/crypto/des/des.c
index c1e50054749..b2d7f0da783 100644
--- a/lib/libssl/src/crypto/des/des.c
+++ b/lib/libssl/src/crypto/des/des.c
@@ -59,10 +59,18 @@
 #include <stdio.h>
 #include <stdlib.h>
 #ifndef MSDOS
+#ifndef VMS
+#include <openssl/opensslconf.h>
+#include OPENSSL_UNISTD
+#else /* VMS */
+#ifdef __DECC
 #include <unistd.h>
+#else /* not __DECC */
+#include <math.h>
+#endif /* __DECC */
+#endif /* VMS */
 #else
 #include <io.h>
-#define RAND
 #endif
 
 #include <time.h>
@@ -77,21 +85,13 @@
 #endif
 #include <sys/stat.h>
 #endif
-#if defined(NOCONST)
-#define const
-#endif
-#include "des.h"
+#include <openssl/des.h>
+#include <openssl/rand.h>
 
 #if defined(__STDC__) || defined(VMS) || defined(M_XENIX) || defined(MSDOS)
 #include <string.h>
 #endif
 
-#ifdef RAND
-#define random rand
-#define srandom(s) srand(s)
-#endif
-
-#ifndef NOPROTO
 void usage(void);
 void doencryption(void);
 int uufwrite(unsigned char *data, int size, unsigned int num, FILE *fp);
@@ -102,17 +102,6 @@ int uudecode(unsigned char *in,int num,unsigned char *out);
 void des_3cbc_encrypt(des_cblock *input,des_cblock *output,long length,
 	des_key_schedule sk1,des_key_schedule sk2,
 	des_cblock *ivec1,des_cblock *ivec2,int enc);
-#else
-void usage();
-void doencryption();
-int uufwrite();
-void uufwriteEnd();
-int uufread();
-int uuencode();
-int uudecode();
-void des_3cbc_encrypt();
-#endif
-
 #ifdef VMS
 #define EXIT(a) exit(a&0x10000000L)
 #else
@@ -138,9 +127,7 @@ char cksumname[200]="";
 
 int vflag,cflag,eflag,dflag,kflag,bflag,fflag,sflag,uflag,flag3,hflag,error;
 
-int main(argc, argv)
-int argc;
-char **argv;
+int main(int argc, char **argv)
 	{
 	int i;
 	struct stat ins,outs;
@@ -331,7 +318,7 @@ char **argv;
 	EXIT(0);
 	}
 
-void usage()
+void usage(void)
 	{
 	char **u;
 	static const char *Usage[]={
@@ -357,7 +344,7 @@ void usage()
 "-3         : encrypt using tripple DES encryption.  This uses 2 keys",
 "             generated from the input key.  If the input key is less",
 "             than 8 characters long, this is equivelent to normal",
-"             encryption.  Default is tripple cbc, -b makes it tripple ecb.",
+"             encryption.  Default is triple cbc, -b makes it triple ecb.",
 NULL
 };
 	for (u=(char **)Usage; *u; u++)
@@ -369,17 +356,15 @@ NULL
 	EXIT(1);
 	}
 
-void doencryption()
+void doencryption(void)
 	{
 #ifdef _LIBC
-	extern int srandom();
-	extern int random();
 	extern unsigned long time();
 #endif
 
 	register int i;
 	des_key_schedule ks,ks2;
-	unsigned char iv[8],iv2[8];
+	des_cblock iv,iv2;
 	char *p;
 	int num=0,j,k,l,rem,ll,len,last,ex=0;
 	des_cblock kk,k2;
@@ -392,8 +377,8 @@ void doencryption()
 
 	if (buf == NULL)
 		{
-		if (    (( buf=(unsigned char *)Malloc(BUFSIZE+8)) == NULL) ||
-			((obuf=(unsigned char *)Malloc(BUFSIZE+8)) == NULL))
+		if (    (( buf=Malloc(BUFSIZE+8)) == NULL) ||
+			((obuf=Malloc(BUFSIZE+8)) == NULL))
 			{
 			fputs("Not enough memory\n",stderr);
 			Exit=10;
@@ -440,19 +425,19 @@ void doencryption()
 			else
 				k2[i-8]=k;
 			}
-		des_set_key((C_Block *)k2,ks2);
+		des_set_key(&k2,ks2);
 		memset(k2,0,sizeof(k2));
 		}
 	else if (longk || flag3)
 		{
 		if (flag3)
 			{
-			des_string_to_2keys(key,(C_Block *)kk,(C_Block *)k2);
-			des_set_key((C_Block *)k2,ks2);
+			des_string_to_2keys(key,&kk,&k2);
+			des_set_key(&k2,ks2);
 			memset(k2,0,sizeof(k2));
 			}
 		else
-			des_string_to_key(key,(C_Block *)kk);
+			des_string_to_key(key,&kk);
 		}
 	else
 		for (i=0; i<KEYSIZ; i++)
@@ -470,7 +455,7 @@ void doencryption()
 				kk[i]=key[i]|0x80;
 			}
 
-	des_set_key((C_Block *)kk,ks);
+	des_set_key(&kk,ks);
 	memset(key,0,sizeof(key));
 	memset(kk,0,sizeof(kk));
 	/* woops - A bug that does not showup under unix :-( */
@@ -498,9 +483,8 @@ void doencryption()
 			len=l-rem;
 			if (feof(DES_IN))
 				{
-				srandom((unsigned int)time(NULL));
 				for (i=7-rem; i>0; i--)
-					buf[l++]=random()&0xff;
+					RAND_bytes(buf + l++, 1);
 				buf[l++]=rem;
 				ex=1;
 				len+=rem;
@@ -510,8 +494,8 @@ void doencryption()
 
 			if (cflag)
 				{
-				des_cbc_cksum((C_Block *)buf,(C_Block *)cksum,
-					(long)len,ks,(C_Block *)cksum);
+				des_cbc_cksum(buf,&cksum,
+					(long)len,ks,&cksum);
 				if (!eflag)
 					{
 					if (feof(DES_IN)) break;
@@ -539,16 +523,16 @@ void doencryption()
 					(unsigned int)rem);
 				des_3cbc_encrypt(
 					(des_cblock *)buf,(des_cblock *)obuf,
-					(long)l,ks,ks2,(des_cblock *)iv,
-					(des_cblock *)iv2,do_encrypt);
+					(long)l,ks,ks2,&iv,
+					&iv2,do_encrypt);
 				if (rem) memcpy(&(buf[l]),tmpbuf,
 					(unsigned int)rem);
 				}
 			else
 				{
 				des_cbc_encrypt(
-					(des_cblock *)buf,(des_cblock *)obuf,
-					(long)l,ks,(des_cblock *)iv,do_encrypt);
+					buf,obuf,
+					(long)l,ks,&iv,do_encrypt);
 				if (l >= 8) memcpy(iv,&(obuf[l-8]),8);
 				}
 			if (rem) memcpy(buf,&(buf[l]),(unsigned int)rem);
@@ -614,14 +598,14 @@ void doencryption()
 				{
 				des_3cbc_encrypt(
 					(des_cblock *)buf,(des_cblock *)obuf,
-					(long)l,ks,ks2,(des_cblock *)iv,
-					(des_cblock *)iv2,do_encrypt);
+					(long)l,ks,ks2,&iv,
+					&iv2,do_encrypt);
 				}
 			else
 				{
 				des_cbc_encrypt(
-					(des_cblock *)buf,(des_cblock *)obuf,
-				 	(long)l,ks,(des_cblock *)iv,do_encrypt);
+					buf,obuf,
+				 	(long)l,ks,&iv,do_encrypt);
 				if (l >= 8) memcpy(iv,&(buf[l-8]),8);
 				}
 
@@ -646,9 +630,9 @@ void doencryption()
 				l=l-8+last;
 				}
 			i=0;
-			if (cflag) des_cbc_cksum((C_Block *)obuf,
-				(C_Block *)cksum,(long)l/8*8,ks,
-				(C_Block *)cksum);
+			if (cflag) des_cbc_cksum(obuf,
+				(des_cblock *)cksum,(long)l/8*8,ks,
+				(des_cblock *)cksum);
 			while (i != l)
 				{
 				j=fwrite(obuf,1,(unsigned int)l-i,DES_OUT);
@@ -696,15 +680,8 @@ problems:
 	if (Exit) EXIT(Exit);
 	}
 
-int uufwrite(data, size, num, fp)
-unsigned char *data;
-int size;
-unsigned int num;
-FILE *fp;
-      
-     /* We ignore this parameter but it should be > ~50 I believe */
-   
-    
+/*    We ignore this parameter but it should be > ~50 I believe    */
+int uufwrite(unsigned char *data, int size, unsigned int num, FILE *fp)
 	{
 	int i,j,left,rem,ret=num;
 	static int start=1;
@@ -757,8 +734,7 @@ FILE *fp;
 	return(ret);
 	}
 
-void uufwriteEnd(fp)
-FILE *fp;
+void uufwriteEnd(FILE *fp)
 	{
 	int j;
 	static const char *end=" \nend\n";
@@ -774,11 +750,8 @@ FILE *fp;
 	fwrite(end,1,strlen(end),fp);
 	}
 
-int uufread(out, size, num, fp)
-unsigned char *out;
-int size; /* should always be > ~ 60; I actually ignore this parameter :-) */
-unsigned int num;
-FILE *fp;
+/* int size:  should always be > ~ 60; I actually ignore this parameter :-)    */
+int uufread(unsigned char *out, int size, unsigned int num, FILE *fp)
 	{
 	int i,j,tot;
 	static int done=0;
@@ -850,10 +823,7 @@ FILE *fp;
                     *((c)++)=(unsigned char)(((l)    )&0xff))
 
 
-int uuencode(in, num, out)
-unsigned char *in;
-int num;
-unsigned char *out;
+int uuencode(unsigned char *in, int num, unsigned char *out)
 	{
 	int j,i,n,tot=0;
 	DES_LONG l;
@@ -883,10 +853,7 @@ unsigned char *out;
 	return(tot);
 	}
 
-int uudecode(in, num, out)
-unsigned char *in;
-int num;
-unsigned char *out;
+int uudecode(unsigned char *in, int num, unsigned char *out)
 	{
 	int j,i,k;
 	unsigned int n=0,space=0;
diff --git a/lib/libssl/src/crypto/des/des.h b/lib/libssl/src/crypto/des/des.h
new file mode 100644
index 00000000000..67f90aaf172
--- /dev/null
+++ b/lib/libssl/src/crypto/des/des.h
@@ -0,0 +1,249 @@
+/* crypto/des/des.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_DES_H
+#define HEADER_DES_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef NO_DES
+#error DES is disabled.
+#endif
+
+#ifdef _KERBEROS_DES_H
+#error <openssl/des.h> replaces <kerberos/des.h>.
+#endif
+
+#include <stdio.h>
+#include <openssl/opensslconf.h> /* DES_LONG */
+#include <openssl/e_os2.h>	/* OPENSSL_EXTERN */
+
+typedef unsigned char des_cblock[8];
+typedef /* const */ unsigned char const_des_cblock[8];
+/* With "const", gcc 2.8.1 on Solaris thinks that des_cblock *
+ * and const_des_cblock * are incompatible pointer types.
+ * I haven't seen that warning on other systems ... I'll look
+ * what the standard says. */
+
+
+typedef struct des_ks_struct
+	{
+	union	{
+		des_cblock cblock;
+		/* make sure things are correct size on machines with
+		 * 8 byte longs */
+		DES_LONG deslong[2];
+		} ks;
+	int weak_key;
+	} des_key_schedule[16];
+
+#define DES_KEY_SZ 	(sizeof(des_cblock))
+#define DES_SCHEDULE_SZ (sizeof(des_key_schedule))
+
+#define DES_ENCRYPT	1
+#define DES_DECRYPT	0
+
+#define DES_CBC_MODE	0
+#define DES_PCBC_MODE	1
+
+#define des_ecb2_encrypt(i,o,k1,k2,e) \
+	des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
+
+#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
+	des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
+
+#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
+	des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
+
+#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
+	des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
+
+OPENSSL_EXTERN int des_check_key;	/* defaults to false */
+OPENSSL_EXTERN int des_rw_mode;		/* defaults to DES_PCBC_MODE */
+OPENSSL_EXTERN int des_set_weak_key_flag; /* set the weak key flag */
+
+const char *des_options(void);
+void des_ecb3_encrypt(const_des_cblock *input, des_cblock *output,
+		      des_key_schedule ks1,des_key_schedule ks2,
+		      des_key_schedule ks3, int enc);
+DES_LONG des_cbc_cksum(const unsigned char *input,des_cblock *output,
+		       long length,des_key_schedule schedule,
+		       const_des_cblock *ivec);
+/* des_cbc_encrypt does not update the IV!  Use des_ncbc_encrypt instead. */
+void des_cbc_encrypt(const unsigned char *input,unsigned char *output,
+		     long length,des_key_schedule schedule,des_cblock *ivec,
+		     int enc);
+void des_ncbc_encrypt(const unsigned char *input,unsigned char *output,
+		      long length,des_key_schedule schedule,des_cblock *ivec,
+		      int enc);
+void des_xcbc_encrypt(const unsigned char *input,unsigned char *output,
+		      long length,des_key_schedule schedule,des_cblock *ivec,
+		      const_des_cblock *inw,const_des_cblock *outw,int enc);
+void des_cfb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
+		     long length,des_key_schedule schedule,des_cblock *ivec,
+		     int enc);
+void des_ecb_encrypt(const_des_cblock *input,des_cblock *output,
+		     des_key_schedule ks,int enc);
+void des_encrypt(DES_LONG *data,des_key_schedule ks, int enc);
+void des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc);
+void des_encrypt3(DES_LONG *data, des_key_schedule ks1,
+	des_key_schedule ks2, des_key_schedule ks3);
+void des_decrypt3(DES_LONG *data, des_key_schedule ks1,
+	des_key_schedule ks2, des_key_schedule ks3);
+void des_ede3_cbc_encrypt(const unsigned char *input,unsigned char *output, 
+			  long length,
+			  des_key_schedule ks1,des_key_schedule ks2,
+			  des_key_schedule ks3,des_cblock *ivec,int enc);
+void des_ede3_cbcm_encrypt(const unsigned char *in,unsigned char *out,
+			   long length,
+			   des_key_schedule ks1,des_key_schedule ks2,
+			   des_key_schedule ks3,
+			   des_cblock *ivec1,des_cblock *ivec2,
+			   int enc);
+void des_ede3_cfb64_encrypt(const unsigned char *in,unsigned char *out,
+			    long length,des_key_schedule ks1,
+			    des_key_schedule ks2,des_key_schedule ks3,
+			    des_cblock *ivec,int *num,int enc);
+void des_ede3_ofb64_encrypt(const unsigned char *in,unsigned char *out,
+			    long length,des_key_schedule ks1,
+			    des_key_schedule ks2,des_key_schedule ks3,
+			    des_cblock *ivec,int *num);
+
+void des_xwhite_in2out(const_des_cblock *des_key,const_des_cblock *in_white,
+		       des_cblock *out_white);
+
+int des_enc_read(int fd,void *buf,int len,des_key_schedule sched,
+		 des_cblock *iv);
+int des_enc_write(int fd,const void *buf,int len,des_key_schedule sched,
+		  des_cblock *iv);
+char *des_fcrypt(const char *buf,const char *salt, char *ret);
+char *des_crypt(const char *buf,const char *salt);
+#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT)
+char *crypt(const char *buf,const char *salt);
+#endif
+void des_ofb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
+		     long length,des_key_schedule schedule,des_cblock *ivec);
+void des_pcbc_encrypt(const unsigned char *input,unsigned char *output,
+		      long length,des_key_schedule schedule,des_cblock *ivec,
+		      int enc);
+DES_LONG des_quad_cksum(const unsigned char *input,des_cblock output[],
+			long length,int out_count,des_cblock *seed);
+void des_random_seed(des_cblock *key);
+void des_random_key(des_cblock *ret);
+int des_read_password(des_cblock *key,const char *prompt,int verify);
+int des_read_2passwords(des_cblock *key1,des_cblock *key2,
+			const char *prompt,int verify);
+int des_read_pw_string(char *buf,int length,const char *prompt,int verify);
+void des_set_odd_parity(des_cblock *key);
+int des_is_weak_key(const_des_cblock *key);
+int des_set_key(const_des_cblock *key,des_key_schedule schedule);
+int des_key_sched(const_des_cblock *key,des_key_schedule schedule);
+void des_string_to_key(const char *str,des_cblock *key);
+void des_string_to_2keys(const char *str,des_cblock *key1,des_cblock *key2);
+void des_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length,
+		       des_key_schedule schedule,des_cblock *ivec,int *num,
+		       int enc);
+void des_ofb64_encrypt(const unsigned char *in,unsigned char *out,long length,
+		       des_key_schedule schedule,des_cblock *ivec,int *num);
+int des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify);
+
+/* Extra functions from Mark Murray <mark@grondar.za> */
+void des_cblock_print_file(const_des_cblock *cb, FILE *fp);
+
+/* The following definitions provide compatibility with the MIT Kerberos
+ * library. The des_key_schedule structure is not binary compatible. */
+
+#define _KERBEROS_DES_H
+
+#define KRBDES_ENCRYPT DES_ENCRYPT
+#define KRBDES_DECRYPT DES_DECRYPT
+
+#ifdef KERBEROS
+#  define ENCRYPT DES_ENCRYPT
+#  define DECRYPT DES_DECRYPT
+#endif
+
+#ifndef NCOMPAT
+#  define C_Block des_cblock
+#  define Key_schedule des_key_schedule
+#  define KEY_SZ DES_KEY_SZ
+#  define string_to_key des_string_to_key
+#  define read_pw_string des_read_pw_string
+#  define random_key des_random_key
+#  define pcbc_encrypt des_pcbc_encrypt
+#  define set_key des_set_key
+#  define key_sched des_key_sched
+#  define ecb_encrypt des_ecb_encrypt
+#  define cbc_encrypt des_cbc_encrypt
+#  define ncbc_encrypt des_ncbc_encrypt
+#  define xcbc_encrypt des_xcbc_encrypt
+#  define cbc_cksum des_cbc_cksum
+#  define quad_cksum des_quad_cksum
+#endif
+
+typedef des_key_schedule bit_64;
+#define des_fixup_key_parity des_set_odd_parity
+#define des_check_key_parity check_parity
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/lib/libssl/src/crypto/des/des.org b/lib/libssl/src/crypto/des/des.org
deleted file mode 100644
index a4cf5c8770b..00000000000
--- a/lib/libssl/src/crypto/des/des.org
+++ /dev/null
@@ -1,301 +0,0 @@
-/* crypto/des/des.org */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 
- *
- * Always modify des.org since des.h is automatically generated from
- * it during SSLeay configuration.
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
-#ifndef HEADER_DES_H
-#define HEADER_DES_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#include <stdio.h>
-
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned long
-#endif
-
-typedef unsigned char des_cblock[8];
-typedef struct des_ks_struct
-	{
-	union	{
-		des_cblock _;
-		/* make sure things are correct size on machines with
-		 * 8 byte longs */
-		DES_LONG pad[2];
-		} ks;
-#undef _
-#define _	ks._
-	} des_key_schedule[16];
-
-#define DES_KEY_SZ 	(sizeof(des_cblock))
-#define DES_SCHEDULE_SZ (sizeof(des_key_schedule))
-
-#define DES_ENCRYPT	1
-#define DES_DECRYPT	0
-
-#define DES_CBC_MODE	0
-#define DES_PCBC_MODE	1
-
-#define des_ecb2_encrypt(i,o,k1,k2,e) \
-	des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
-
-#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
-	des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
-
-#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
-	des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
-
-#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
-	des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
-
-#define C_Block des_cblock
-#define Key_schedule des_key_schedule
-#ifdef KERBEROS
-#define ENCRYPT DES_ENCRYPT
-#define DECRYPT DES_DECRYPT
-#endif
-#define KEY_SZ DES_KEY_SZ
-#define string_to_key des_string_to_key
-#define read_pw_string des_read_pw_string
-#define random_key des_random_key
-#define pcbc_encrypt des_pcbc_encrypt
-#define set_key des_set_key
-#define key_sched des_key_sched
-#define ecb_encrypt des_ecb_encrypt
-#define cbc_encrypt des_cbc_encrypt
-#define ncbc_encrypt des_ncbc_encrypt
-#define xcbc_encrypt des_xcbc_encrypt
-#define cbc_cksum des_cbc_cksum
-#define quad_cksum des_quad_cksum
-
-/* For compatibility with the MIT lib - eay 20/05/92 */
-typedef des_key_schedule bit_64;
-#define des_fixup_key_parity des_set_odd_parity
-#define des_check_key_parity check_parity
-
-extern int des_check_key;	/* defaults to false */
-extern int des_rw_mode;		/* defaults to DES_PCBC_MODE */
-
-/* The next line is used to disable full ANSI prototypes, if your
- * compiler has problems with the prototypes, make sure this line always
- * evaluates to true :-) */
-#if defined(MSDOS) || defined(__STDC__)
-#undef NOPROTO
-#endif
-#ifndef NOPROTO
-char *des_options(void);
-void des_ecb3_encrypt(des_cblock *input,des_cblock *output,
-	des_key_schedule ks1,des_key_schedule ks2,
-	des_key_schedule ks3, int enc);
-DES_LONG des_cbc_cksum(des_cblock *input,des_cblock *output,
-	long length,des_key_schedule schedule,des_cblock *ivec);
-void des_cbc_encrypt(des_cblock *input,des_cblock *output,long length,
-	des_key_schedule schedule,des_cblock *ivec,int enc);
-void des_ncbc_encrypt(des_cblock *input,des_cblock *output,long length,
-	des_key_schedule schedule,des_cblock *ivec,int enc);
-void des_xcbc_encrypt(des_cblock *input,des_cblock *output,long length,
-	des_key_schedule schedule,des_cblock *ivec,
-	des_cblock *inw,des_cblock *outw,int enc);
-void des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits,
-	long length,des_key_schedule schedule,des_cblock *ivec,int enc);
-void des_ecb_encrypt(des_cblock *input,des_cblock *output,
-	des_key_schedule ks,int enc);
-void des_encrypt(DES_LONG *data,des_key_schedule ks, int enc);
-void des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc);
-void des_encrypt3(DES_LONG *data, des_key_schedule ks1,
-	des_key_schedule ks2, des_key_schedule ks3);
-void des_decrypt3(DES_LONG *data, des_key_schedule ks1,
-	des_key_schedule ks2, des_key_schedule ks3);
-void des_ede3_cbc_encrypt(des_cblock *input, des_cblock *output, 
-	long length, des_key_schedule ks1, des_key_schedule ks2, 
-	des_key_schedule ks3, des_cblock *ivec, int enc);
-void des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
-	long length, des_key_schedule ks1, des_key_schedule ks2,
-	des_key_schedule ks3, des_cblock *ivec, int *num, int enc);
-void des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
-	long length, des_key_schedule ks1, des_key_schedule ks2,
-	des_key_schedule ks3, des_cblock *ivec, int *num);
-
-void des_xwhite_in2out(des_cblock (*des_key), des_cblock (*in_white),
-	des_cblock (*out_white));
-
-int des_enc_read(int fd,char *buf,int len,des_key_schedule sched,
-	des_cblock *iv);
-int des_enc_write(int fd,char *buf,int len,des_key_schedule sched,
-	des_cblock *iv);
-char *des_fcrypt(const char *buf,const char *salt, char *ret);
-#ifdef PERL5
-char *des_crypt(const char *buf,const char *salt);
-#else
-/* some stupid compilers complain because I have declared char instead
- * of const char */
-#ifdef HEADER_DES_LOCL_H
-char *crypt(const char *buf,const char *salt);
-#else
-char *crypt();
-#endif
-#endif
-void des_ofb_encrypt(unsigned char *in,unsigned char *out,
-	int numbits,long length,des_key_schedule schedule,des_cblock *ivec);
-void des_pcbc_encrypt(des_cblock *input,des_cblock *output,long length,
-	des_key_schedule schedule,des_cblock *ivec,int enc);
-DES_LONG des_quad_cksum(des_cblock *input,des_cblock *output,
-	long length,int out_count,des_cblock *seed);
-void des_random_seed(des_cblock key);
-void des_random_key(des_cblock ret);
-int des_read_password(des_cblock *key,char *prompt,int verify);
-int des_read_2passwords(des_cblock *key1,des_cblock *key2,
-	char *prompt,int verify);
-int des_read_pw_string(char *buf,int length,char *prompt,int verify);
-void des_set_odd_parity(des_cblock *key);
-int des_is_weak_key(des_cblock *key);
-int des_set_key(des_cblock *key,des_key_schedule schedule);
-int des_key_sched(des_cblock *key,des_key_schedule schedule);
-void des_string_to_key(char *str,des_cblock *key);
-void des_string_to_2keys(char *str,des_cblock *key1,des_cblock *key2);
-void des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	des_key_schedule schedule, des_cblock *ivec, int *num, int enc);
-void des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	des_key_schedule schedule, des_cblock *ivec, int *num);
-int des_read_pw(char *buf, char *buff, int size, char *prompt, int verify);
-
-/* Extra functions from Mark Murray <mark@grondar.za> */
-void des_cblock_print_file(des_cblock *cb, FILE *fp);
-/* The following functions are not in the normal unix build or the
- * SSLeay build.  When using the SSLeay build, use RAND_seed()
- * and RAND_bytes() instead. */
-int des_new_random_key(des_cblock *key);
-void des_init_random_number_generator(des_cblock *key);
-void des_set_random_generator_seed(des_cblock *key);
-void des_set_sequence_number(des_cblock new_sequence_number);
-void des_generate_random_block(des_cblock *block);
-
-#else
-
-char *des_options();
-void des_ecb3_encrypt();
-DES_LONG des_cbc_cksum();
-void des_cbc_encrypt();
-void des_ncbc_encrypt();
-void des_xcbc_encrypt();
-void des_cfb_encrypt();
-void des_ede3_cfb64_encrypt();
-void des_ede3_ofb64_encrypt();
-void des_ecb_encrypt();
-void des_encrypt();
-void des_encrypt2();
-void des_encrypt3();
-void des_decrypt3();
-void des_ede3_cbc_encrypt();
-int des_enc_read();
-int des_enc_write();
-char *des_fcrypt();
-#ifdef PERL5
-char *des_crypt();
-#else
-char *crypt();
-#endif
-void des_ofb_encrypt();
-void des_pcbc_encrypt();
-DES_LONG des_quad_cksum();
-void des_random_seed();
-void des_random_key();
-int des_read_password();
-int des_read_2passwords();
-int des_read_pw_string();
-void des_set_odd_parity();
-int des_is_weak_key();
-int des_set_key();
-int des_key_sched();
-void des_string_to_key();
-void des_string_to_2keys();
-void des_cfb64_encrypt();
-void des_ofb64_encrypt();
-int des_read_pw();
-void des_xwhite_in2out();
-
-/* Extra functions from Mark Murray <mark@grondar.za> */
-void des_cblock_print_file();
-/* The following functions are not in the normal unix build or the
- * SSLeay build.  When using the SSLeay build, use RAND_seed()
- * and RAND_bytes() instead. */
-#ifdef FreeBSD
-int des_new_random_key();
-void des_init_random_number_generator();
-void des_set_random_generator_seed();
-void des_set_sequence_number();
-void des_generate_random_block();
-#endif
-
-#endif
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/lib/libssl/src/crypto/des/des.pl b/lib/libssl/src/crypto/des/des.pl
index 935eacb504b..8a3f7e3ed63 100644
--- a/lib/libssl/src/crypto/des/des.pl
+++ b/lib/libssl/src/crypto/des/des.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 # des.pl - eric young 22/11/1991 eay@cryptsoft.com
 #
 # Copyright (C) 1993 Eric Young
diff --git a/lib/libssl/src/crypto/des/des3s.cpp b/lib/libssl/src/crypto/des/des3s.cpp
index 9aff6494d98..02d527c057c 100644
--- a/lib/libssl/src/crypto/des/des3s.cpp
+++ b/lib/libssl/src/crypto/des/des3s.cpp
@@ -32,7 +32,7 @@ void GetTSC(unsigned long& tsc)
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "des.h"
+#include <openssl/des.h>
 
 void main(int argc,char *argv[])
 	{
diff --git a/lib/libssl/src/crypto/des/des_enc.c b/lib/libssl/src/crypto/des/des_enc.c
index e4db09299ec..8311e106281 100644
--- a/lib/libssl/src/crypto/des/des_enc.c
+++ b/lib/libssl/src/crypto/des/des_enc.c
@@ -58,14 +58,11 @@
 
 #include "des_locl.h"
 
-void des_encrypt(data, ks, enc)
-DES_LONG *data;
-des_key_schedule ks;
-int enc;
+void des_encrypt(DES_LONG *data, des_key_schedule ks, int enc)
 	{
 	register DES_LONG l,r,t,u;
 #ifdef DES_PTR
-	register unsigned char *des_SP=(unsigned char *)des_SPtrans;
+	register const unsigned char *des_SP=(const unsigned char *)des_SPtrans;
 #endif
 #ifndef DES_UNROLL
 	register int i;
@@ -87,7 +84,7 @@ int enc;
 	r=ROTATE(r,29)&0xffffffffL;
 	l=ROTATE(l,29)&0xffffffffL;
 
-	s=(DES_LONG *)ks;
+	s=ks->ks.deslong;
 	/* I don't know if it is worth the effort of loop unrolling the
 	 * inner loop */
 	if (enc)
@@ -159,14 +156,11 @@ int enc;
 	l=r=t=u=0;
 	}
 
-void des_encrypt2(data, ks, enc)
-DES_LONG *data;
-des_key_schedule ks;
-int enc;
+void des_encrypt2(DES_LONG *data, des_key_schedule ks, int enc)
 	{
 	register DES_LONG l,r,t,u;
 #ifdef DES_PTR
-	register unsigned char *des_SP=(unsigned char *)des_SPtrans;
+	register const unsigned char *des_SP=(const unsigned char *)des_SPtrans;
 #endif
 #ifndef DES_UNROLL
 	register int i;
@@ -186,7 +180,7 @@ int enc;
 	r=ROTATE(r,29)&0xffffffffL;
 	l=ROTATE(l,29)&0xffffffffL;
 
-	s=(DES_LONG *)ks;
+	s=ks->ks.deslong;
 	/* I don't know if it is worth the effort of loop unrolling the
 	 * inner loop */
 	if (enc)
@@ -253,11 +247,8 @@ int enc;
 	l=r=t=u=0;
 	}
 
-void des_encrypt3(data,ks1,ks2,ks3)
-DES_LONG *data;
-des_key_schedule ks1;
-des_key_schedule ks2;
-des_key_schedule ks3;
+void des_encrypt3(DES_LONG *data, des_key_schedule ks1, des_key_schedule ks2,
+	     des_key_schedule ks3)
 	{
 	register DES_LONG l,r;
 
@@ -276,11 +267,8 @@ des_key_schedule ks3;
 	data[1]=r;
 	}
 
-void des_decrypt3(data,ks1,ks2,ks3)
-DES_LONG *data;
-des_key_schedule ks1;
-des_key_schedule ks2;
-des_key_schedule ks3;
+void des_decrypt3(DES_LONG *data, des_key_schedule ks1, des_key_schedule ks2,
+	     des_key_schedule ks3)
 	{
 	register DES_LONG l,r;
 
@@ -301,108 +289,24 @@ des_key_schedule ks3;
 
 #ifndef DES_DEFAULT_OPTIONS
 
-void des_ncbc_encrypt(input, output, length, schedule, ivec, enc)
-des_cblock (*input);
-des_cblock (*output);
-long length;
-des_key_schedule schedule;
-des_cblock (*ivec);
-int enc;
-	{
-	register DES_LONG tin0,tin1;
-	register DES_LONG tout0,tout1,xor0,xor1;
-	register unsigned char *in,*out;
-	register long l=length;
-	DES_LONG tin[2];
-	unsigned char *iv;
-
-	in=(unsigned char *)input;
-	out=(unsigned char *)output;
-	iv=(unsigned char *)ivec;
-
-	if (enc)
-		{
-		c2l(iv,tout0);
-		c2l(iv,tout1);
-		for (l-=8; l>=0; l-=8)
-			{
-			c2l(in,tin0);
-			c2l(in,tin1);
-			tin0^=tout0; tin[0]=tin0;
-			tin1^=tout1; tin[1]=tin1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
-			tout0=tin[0]; l2c(tout0,out);
-			tout1=tin[1]; l2c(tout1,out);
-			}
-		if (l != -8)
-			{
-			c2ln(in,tin0,tin1,l+8);
-			tin0^=tout0; tin[0]=tin0;
-			tin1^=tout1; tin[1]=tin1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
-			tout0=tin[0]; l2c(tout0,out);
-			tout1=tin[1]; l2c(tout1,out);
-			}
-		iv=(unsigned char *)ivec;
-		l2c(tout0,iv);
-		l2c(tout1,iv);
-		}
-	else
-		{
-		c2l(iv,xor0);
-		c2l(iv,xor1);
-		for (l-=8; l>=0; l-=8)
-			{
-			c2l(in,tin0); tin[0]=tin0;
-			c2l(in,tin1); tin[1]=tin1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
-			tout0=tin[0]^xor0;
-			tout1=tin[1]^xor1;
-			l2c(tout0,out);
-			l2c(tout1,out);
-			xor0=tin0;
-			xor1=tin1;
-			}
-		if (l != -8)
-			{
-			c2l(in,tin0); tin[0]=tin0;
-			c2l(in,tin1); tin[1]=tin1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
-			tout0=tin[0]^xor0;
-			tout1=tin[1]^xor1;
-			l2cn(tout0,tout1,out,l+8);
-			xor0=tin0;
-			xor1=tin1;
-			}
-
-		iv=(unsigned char *)ivec;
-		l2c(xor0,iv);
-		l2c(xor1,iv);
-		}
-	tin0=tin1=tout0=tout1=xor0=xor1=0;
-	tin[0]=tin[1]=0;
-	}
+#undef CBC_ENC_C__DONT_UPDATE_IV
+#include "ncbc_enc.c" /* des_ncbc_encrypt */
 
-void des_ede3_cbc_encrypt(input, output, length, ks1, ks2, ks3, ivec, enc)
-des_cblock (*input);
-des_cblock (*output);
-long length;
-des_key_schedule ks1;
-des_key_schedule ks2;
-des_key_schedule ks3;
-des_cblock (*ivec);
-int enc;
+void des_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
+	     long length, des_key_schedule ks1, des_key_schedule ks2,
+	     des_key_schedule ks3, des_cblock *ivec, int enc)
 	{
 	register DES_LONG tin0,tin1;
 	register DES_LONG tout0,tout1,xor0,xor1;
-	register unsigned char *in,*out;
+	register const unsigned char *in;
+	unsigned char *out;
 	register long l=length;
 	DES_LONG tin[2];
 	unsigned char *iv;
 
-	in=(unsigned char *)input;
-	out=(unsigned char *)output;
-	iv=(unsigned char *)ivec;
+	in=input;
+	out=output;
+	iv = &(*ivec)[0];
 
 	if (enc)
 		{
@@ -439,7 +343,7 @@ int enc;
 			l2c(tout0,out);
 			l2c(tout1,out);
 			}
-		iv=(unsigned char *)ivec;
+		iv = &(*ivec)[0];
 		l2c(tout0,iv);
 		l2c(tout1,iv);
 		}
@@ -491,7 +395,7 @@ int enc;
 			xor1=t1;
 			}
 
-		iv=(unsigned char *)ivec;
+		iv = &(*ivec)[0];
 		l2c(xor0,iv);
 		l2c(xor1,iv);
 		}
diff --git a/lib/libssl/src/crypto/des/des_locl.org b/lib/libssl/src/crypto/des/des_locl.h
index e2e503cbed7..d6ea17cb681 100644
--- a/lib/libssl/src/crypto/des/des_locl.org
+++ b/lib/libssl/src/crypto/des/des_locl.h
@@ -1,4 +1,4 @@
-/* crypto/des/des_locl.org */
+/* crypto/des/des_locl.h */
 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,14 +56,6 @@
  * [including the GNU Public Licence.]
  */
 
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- *
- * Always modify des_locl.org since des_locl.h is automatically generated from
- * it during SSLeay configuration.
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
 #ifndef HEADER_DES_LOCL_H
 #define HEADER_DES_LOCL_H
 
@@ -75,123 +67,28 @@
 
 #include <stdio.h>
 #include <stdlib.h>
-#ifndef MSDOS
-#include <unistd.h>
-#endif
-#include "des.h"
-
-#ifndef DES_DEFAULT_OPTIONS
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#undef DES_PTR
-#endif
 
-/* This helps C compiler generate the correct code for multiple functional
- * units.  It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#undef DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#undef DES_RISC2
-#endif
-
-#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#endif
+#include <openssl/opensslconf.h>
 
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#undef DES_UNROLL
+#ifndef MSDOS
+#if !defined(VMS) || defined(__DECC)
+#include OPENSSL_UNISTD
+#include <math.h>
 #endif
-
-/* These default values were supplied by
- * Peter Gutman <pgut001@cs.auckland.ac.nz>
- * They are only used if nothing else has been defined */
-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
- 
-#if defined( sun )		/* Newer Sparc's */
-  #define DES_PTR
-  #define DES_RISC1
-  #define DES_UNROLL
-#elif defined( __ultrix )	/* Older MIPS */
-  #define DES_PTR
-  #define DES_RISC2
-  #define DES_UNROLL
-#elif defined( __osf1__ )	/* Alpha */
-  #define DES_PTR
-  #define DES_RISC2
-#elif defined ( _AIX )		/* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )		/* HP-PA */
-  /* Unknown */
-#elif defined( __aux )		/* 68K */
-  /* Unknown */
-#elif defined( __dgux )		/* 88K (but P6 in latest boxes) */
-  #define DES_UNROLL
-#elif defined( __sgi )		/* Newer MIPS */
-  #define DES_PTR
-  #define DES_RISC2
-  #define DES_UNROLL
-#elif defined( i386 )		/* x86 boxes, should be gcc */
-  #define DES_PTR
-  #define DES_RISC1
-  #define DES_UNROLL
-#endif /* Systems-specific speed defines */
 #endif
-
-#endif /* DES_DEFAULT_OPTIONS */
+#include <openssl/des.h>
 
 #ifdef MSDOS		/* Visual C++ 2.1 (Windows NT/95) */
 #include <stdlib.h>
 #include <errno.h>
 #include <time.h>
 #include <io.h>
-#ifndef RAND
-#define RAND
-#endif
-#undef NOPROTO
 #endif
 
 #if defined(__STDC__) || defined(VMS) || defined(M_XENIX) || defined(MSDOS)
 #include <string.h>
 #endif
 
-#ifndef RAND
-#define RAND
-#endif
-
-#ifdef linux
-#undef RAND
-#endif
-
-#ifdef MSDOS
-#define getpid() 2
-#define RAND
-#undef NOPROTO
-#endif
-
-#if defined(NOCONST)
-#define const
-#endif
-
-#ifdef __STDC__
-#undef NOPROTO
-#endif
-
-#ifdef RAND
-#define srandom(s) srand(s)
-#define random rand
-#endif
-
 #define ITERATIONS 16
 #define HALF_ITERATIONS 8
 
@@ -302,24 +199,24 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 	u2&=0xfc; \
 	t=ROTATE(t,4); \
 	u>>=16L; \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP      +u1); \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x200+u2); \
+	LL^= *(const DES_LONG *)(des_SP      +u1); \
+	LL^= *(const DES_LONG *)(des_SP+0x200+u2); \
 	u3=(int)(u>>8L); \
 	u1=(int)u&0xfc; \
 	u3&=0xfc; \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x400+u1); \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x600+u3); \
+	LL^= *(const DES_LONG *)(des_SP+0x400+u1); \
+	LL^= *(const DES_LONG *)(des_SP+0x600+u3); \
 	u2=(int)t>>8L; \
 	u1=(int)t&0xfc; \
 	u2&=0xfc; \
 	t>>=16L; \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x100+u1); \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x300+u2); \
+	LL^= *(const DES_LONG *)(des_SP+0x100+u1); \
+	LL^= *(const DES_LONG *)(des_SP+0x300+u2); \
 	u3=(int)t>>8L; \
 	u1=(int)t&0xfc; \
 	u3&=0xfc; \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x500+u1); \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x700+u3); }
+	LL^= *(const DES_LONG *)(des_SP+0x500+u1); \
+	LL^= *(const DES_LONG *)(des_SP+0x700+u3); }
 #endif
 #ifdef DES_RISC2
 #define D_ENCRYPT(LL,R,S) { \
@@ -329,39 +226,39 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 	u1=(int)u&0xfc; \
 	u2&=0xfc; \
 	t=ROTATE(t,4); \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP      +u1); \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x200+u2); \
+	LL^= *(const DES_LONG *)(des_SP      +u1); \
+	LL^= *(const DES_LONG *)(des_SP+0x200+u2); \
 	s1=(int)(u>>16L); \
 	s2=(int)(u>>24L); \
 	s1&=0xfc; \
 	s2&=0xfc; \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x400+s1); \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x600+s2); \
+	LL^= *(const DES_LONG *)(des_SP+0x400+s1); \
+	LL^= *(const DES_LONG *)(des_SP+0x600+s2); \
 	u2=(int)t>>8L; \
 	u1=(int)t&0xfc; \
 	u2&=0xfc; \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x100+u1); \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x300+u2); \
+	LL^= *(const DES_LONG *)(des_SP+0x100+u1); \
+	LL^= *(const DES_LONG *)(des_SP+0x300+u2); \
 	s1=(int)(t>>16L); \
 	s2=(int)(t>>24L); \
 	s1&=0xfc; \
 	s2&=0xfc; \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x500+s1); \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x700+s2); }
+	LL^= *(const DES_LONG *)(des_SP+0x500+s1); \
+	LL^= *(const DES_LONG *)(des_SP+0x700+s2); }
 #endif
 #else
 #define D_ENCRYPT(LL,R,S) { \
 	LOAD_DATA_tmp(R,S,u,t,E0,E1); \
 	t=ROTATE(t,4); \
 	LL^= \
-	*(DES_LONG *)((unsigned char *)des_SP      +((u     )&0xfc))^ \
-	*(DES_LONG *)((unsigned char *)des_SP+0x200+((u>> 8L)&0xfc))^ \
-	*(DES_LONG *)((unsigned char *)des_SP+0x400+((u>>16L)&0xfc))^ \
-	*(DES_LONG *)((unsigned char *)des_SP+0x600+((u>>24L)&0xfc))^ \
-	*(DES_LONG *)((unsigned char *)des_SP+0x100+((t     )&0xfc))^ \
-	*(DES_LONG *)((unsigned char *)des_SP+0x300+((t>> 8L)&0xfc))^ \
-	*(DES_LONG *)((unsigned char *)des_SP+0x500+((t>>16L)&0xfc))^ \
-	*(DES_LONG *)((unsigned char *)des_SP+0x700+((t>>24L)&0xfc)); }
+	*(const DES_LONG *)(des_SP      +((u     )&0xfc))^ \
+	*(const DES_LONG *)(des_SP+0x200+((u>> 8L)&0xfc))^ \
+	*(const DES_LONG *)(des_SP+0x400+((u>>16L)&0xfc))^ \
+	*(const DES_LONG *)(des_SP+0x600+((u>>24L)&0xfc))^ \
+	*(const DES_LONG *)(des_SP+0x100+((t     )&0xfc))^ \
+	*(const DES_LONG *)(des_SP+0x300+((t>> 8L)&0xfc))^ \
+	*(const DES_LONG *)(des_SP+0x500+((t>>16L)&0xfc))^ \
+	*(const DES_LONG *)(des_SP+0x700+((t>>24L)&0xfc)); }
 #endif
 
 #else /* original version */
@@ -504,13 +401,8 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 	PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
 	}
 
-extern const DES_LONG des_SPtrans[8][64];
+OPENSSL_EXTERN const DES_LONG des_SPtrans[8][64];
 
-#ifndef NOPROTO
 void fcrypt_body(DES_LONG *out,des_key_schedule ks,
 	DES_LONG Eswap0, DES_LONG Eswap1);
-#else
-void fcrypt_body();
-#endif
-
 #endif
diff --git a/lib/libssl/src/crypto/des/des_opts.c b/lib/libssl/src/crypto/des/des_opts.c
index fdf0fbf461c..746c456f8fa 100644
--- a/lib/libssl/src/crypto/des/des_opts.c
+++ b/lib/libssl/src/crypto/des/des_opts.c
@@ -59,19 +59,19 @@
 /* define PART1, PART2, PART3 or PART4 to build only with a few of the options.
  * This is for machines with 64k code segment size restrictions. */
 
-#ifndef MSDOS
+#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
 #define TIMES
 #endif
 
 #include <stdio.h>
 #ifndef MSDOS
-#include <unistd.h>
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD
 #else
 #include <io.h>
 extern void exit();
 #endif
 #include <signal.h>
-#ifndef VMS
 #ifndef _IRIX
 #include <time.h>
 #endif
@@ -79,25 +79,27 @@ extern void exit();
 #include <sys/types.h>
 #include <sys/times.h>
 #endif
-#else /* VMS */
-#include <types.h>
-struct tms {
-	time_t tms_utime;
-	time_t tms_stime;
-	time_t tms_uchild;	/* I dunno...  */
-	time_t tms_uchildsys;	/* so these names are a guess :-) */
-	}
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#undef TIMES
 #endif
+
 #ifndef TIMES
 #include <sys/timeb.h>
 #endif
 
-#ifdef sun
+
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
 #include <limits.h>
 #include <sys/param.h>
 #endif
 
-#include "des.h"
+#include <openssl/des.h>
 #include "spr.h"
 
 #define DES_DEFAULT_OPTIONS
@@ -317,11 +319,7 @@ struct tms {
 #ifndef HZ
 # ifndef CLK_TCK
 #  ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
-#   ifndef VMS
-#    define HZ	100.0
-#   else /* VMS */
-#    define HZ	100.0
-#   endif
+#   define HZ	100.0
 #  else /* _BSD_CLK_TCK_ */
 #   define HZ ((double)_BSD_CLK_TCK_)
 #  endif
@@ -333,12 +331,7 @@ struct tms {
 #define BUFSIZE	((long)1024)
 long run=0;
 
-#ifndef NOPROTO
 double Time_F(int s);
-#else
-double Time_F();
-#endif
-
 #ifdef SIGALRM
 #if defined(__STDC__) || defined(sgi)
 #define SIGRETTYPE void
@@ -346,14 +339,8 @@ double Time_F();
 #define SIGRETTYPE int
 #endif
 
-#ifndef NOPROTO
 SIGRETTYPE sig_done(int sig);
-#else
-SIGRETTYPE sig_done();
-#endif
-
-SIGRETTYPE sig_done(sig)
-int sig;
+SIGRETTYPE sig_done(int sig)
 	{
 	signal(SIGALRM,sig_done);
 	run=0;
@@ -366,8 +353,7 @@ int sig;
 #define START	0
 #define STOP	1
 
-double Time_F(s)
-int s;
+double Time_F(int s)
 	{
 	double ret;
 #ifdef TIMES
@@ -425,9 +411,7 @@ int s;
 	fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \
 		tm[index]*8,1.0e6/tm[index]);
 
-int main(argc,argv)
-int argc;
-char **argv;
+int main(int argc, char **argv)
 	{
 	long count;
 	static unsigned char buf[BUFSIZE];
@@ -454,13 +438,13 @@ char **argv;
 	fprintf(stderr,"program when this computer is idle.\n");
 #endif
 
-	des_set_key((C_Block *)key,sch);
-	des_set_key((C_Block *)key2,sch2);
-	des_set_key((C_Block *)key3,sch3);
+	des_set_key(&key,sch);
+	des_set_key(&key2,sch2);
+	des_set_key(&key3,sch3);
 
 #ifndef SIGALRM
 	fprintf(stderr,"First we calculate the approximate speed ...\n");
-	des_set_key((C_Block *)key,sch);
+	des_set_key(&key,sch);
 	count=10;
 	do	{
 		long i;
diff --git a/lib/libssl/src/crypto/des/des_ver.h b/lib/libssl/src/crypto/des/des_ver.h
index 7041a9271d2..de3c02f110c 100644
--- a/lib/libssl/src/crypto/des/des_ver.h
+++ b/lib/libssl/src/crypto/des/des_ver.h
@@ -56,5 +56,6 @@
  * [including the GNU Public Licence.]
  */
 
-extern char *DES_version;	/* SSLeay version string */
-extern char *libdes_version;	/* old libdes version string */
+#include <openssl/e_os2.h>
+OPENSSL_EXTERN char *DES_version;	/* SSLeay version string */
+OPENSSL_EXTERN char *libdes_version;	/* old libdes version string */
diff --git a/lib/libssl/src/crypto/des/dess.cpp b/lib/libssl/src/crypto/des/dess.cpp
index 7fb59873142..753e67ad9be 100644
--- a/lib/libssl/src/crypto/des/dess.cpp
+++ b/lib/libssl/src/crypto/des/dess.cpp
@@ -32,7 +32,7 @@ void GetTSC(unsigned long& tsc)
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "des.h"
+#include <openssl/des.h>
 
 void main(int argc,char *argv[])
 	{
diff --git a/lib/libssl/src/crypto/des/destest.c b/lib/libssl/src/crypto/des/destest.c
index 620c13ba6fb..5a04fc92983 100644
--- a/lib/libssl/src/crypto/des/destest.c
+++ b/lib/libssl/src/crypto/des/destest.c
@@ -65,12 +65,27 @@
 #include <stdio.h>
 #include <stdlib.h>
 #ifndef MSDOS
-#include <unistd.h>
+#if !defined(VMS) || defined(__DECC)
+#include <openssl/opensslconf.h>
+#include OPENSSL_UNISTD
+#endif /* VMS */
 #else
 #include <io.h>
 #endif
 #include <string.h>
-#include "des.h"
+
+#ifdef NO_DES
+int main(int argc, char *argv[])
+{
+    printf("No DES support\n");
+    return(0);
+}
+#else
+#include <openssl/des.h>
+
+#if defined(PERL5) || defined(__FreeBSD__)
+#define crypt(c,s) (des_crypt((c),(s)))
+#endif
 
 /* tisk tisk - the test keys don't all have odd parity :-( */
 /* test data */
@@ -225,7 +240,7 @@ static unsigned char cbc_iv  [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
 /* Changed the following text constant to binary so it will work on ebcdic
  * machines :-) */
 /* static char cbc_data[40]="7654321 Now is the time for \0001"; */
-static char cbc_data[40]={
+static unsigned char cbc_data[40]={
 	0x37,0x36,0x35,0x34,0x33,0x32,0x31,0x20,
 	0x4E,0x6F,0x77,0x20,0x69,0x73,0x20,0x74,
 	0x68,0x65,0x20,0x74,0x69,0x6D,0x65,0x20,
@@ -297,24 +312,14 @@ static unsigned char ofb_cipher[24]=
 DES_LONG cbc_cksum_ret=0xB462FEF7L;
 unsigned char cbc_cksum_data[8]={0x1D,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};
 
-#ifndef NOPROTO
 static char *pt(unsigned char *p);
 static int cfb_test(int bits, unsigned char *cfb_cipher);
 static int cfb64_test(unsigned char *cfb_cipher);
 static int ede_cfb64_test(unsigned char *cfb_cipher);
-#else
-static char *pt();
-static int cfb_test();
-static int cfb64_test();
-static int ede_cfb64_test();
-#endif
-
-int main(argc,argv)
-int argc;
-char *argv[];
+int main(int argc, char *argv[])
 	{
 	int i,j,err=0;
-	des_cblock in,out,outin,iv3;
+	des_cblock in,out,outin,iv3,iv2;
 	des_key_schedule ks,ks2,ks3;
 	unsigned char cbc_in[40];
 	unsigned char cbc_out[40];
@@ -324,10 +329,63 @@ char *argv[];
 	int num;
 	char *str;
 
+#ifndef NO_DESCBCM
+	printf("Doing cbcm\n");
+	if ((j=des_key_sched(&cbc_key,ks)) != 0)
+		{
+		printf("Key error %d\n",j);
+		err=1;
+		}
+	if ((j=des_key_sched(&cbc2_key,ks2)) != 0)
+		{
+		printf("Key error %d\n",j);
+		err=1;
+		}
+	if ((j=des_key_sched(&cbc3_key,ks3)) != 0)
+		{
+		printf("Key error %d\n",j);
+		err=1;
+		}
+	memset(cbc_out,0,40);
+	memset(cbc_in,0,40);
+	i=strlen((char *)cbc_data)+1;
+	/* i=((i+7)/8)*8; */
+	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+	memset(iv2,'\0',sizeof iv2);
+
+	des_ede3_cbcm_encrypt(cbc_data,cbc_out,16L,ks,ks2,ks3,&iv3,&iv2,
+			      DES_ENCRYPT);
+	des_ede3_cbcm_encrypt(&cbc_data[16],&cbc_out[16],i-16,ks,ks2,ks3,
+			      &iv3,&iv2,DES_ENCRYPT);
+	/*	if (memcmp(cbc_out,cbc3_ok,
+		(unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)
+		{
+		printf("des_ede3_cbc_encrypt encrypt error\n");
+		err=1;
+		}
+	*/
+	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+	memset(iv2,'\0',sizeof iv2);
+	des_ede3_cbcm_encrypt(cbc_out,cbc_in,i,ks,ks2,ks3,&iv3,&iv2,DES_DECRYPT);
+	if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
+		{
+		int n;
+
+		printf("des_ede3_cbcm_encrypt decrypt error\n");
+		for(n=0 ; n < i ; ++n)
+		    printf(" %02x",cbc_data[n]);
+		printf("\n");
+		for(n=0 ; n < i ; ++n)
+		    printf(" %02x",cbc_in[n]);
+		printf("\n");
+		err=1;
+		}
+#endif
+
 	printf("Doing ecb\n");
 	for (i=0; i<NUM_TESTS; i++)
 		{
-		if ((j=des_key_sched((C_Block *)(key_data[i]),ks)) != 0)
+		if ((j=des_key_sched(&key_data[i],ks)) != 0)
 			{
 			printf("Key error %2d:%d\n",i+1,j);
 			err=1;
@@ -335,8 +393,8 @@ char *argv[];
 		memcpy(in,plain_data[i],8);
 		memset(out,0,8);
 		memset(outin,0,8);
-		des_ecb_encrypt((C_Block *)in,(C_Block *)out,ks,DES_ENCRYPT);
-		des_ecb_encrypt((C_Block *)out,(C_Block *)outin,ks,DES_DECRYPT);
+		des_ecb_encrypt(&in,&out,ks,DES_ENCRYPT);
+		des_ecb_encrypt(&out,&outin,ks,DES_DECRYPT);
 
 		if (memcmp(out,cipher_data[i],8) != 0)
 			{
@@ -357,17 +415,17 @@ char *argv[];
 	printf("Doing ede ecb\n");
 	for (i=0; i<(NUM_TESTS-1); i++)
 		{
-		if ((j=des_key_sched((C_Block *)(key_data[i]),ks)) != 0)
+		if ((j=des_key_sched(&key_data[i],ks)) != 0)
 			{
 			err=1;
 			printf("Key error %2d:%d\n",i+1,j);
 			}
-		if ((j=des_key_sched((C_Block *)(key_data[i+1]),ks2)) != 0)
+		if ((j=des_key_sched(&key_data[i+1],ks2)) != 0)
 			{
 			printf("Key error %2d:%d\n",i+2,j);
 			err=1;
 			}
-		if ((j=des_key_sched((C_Block *)(key_data[i+2]),ks3)) != 0)
+		if ((j=des_key_sched(&key_data[i+2],ks3)) != 0)
 			{
 			printf("Key error %2d:%d\n",i+3,j);
 			err=1;
@@ -375,10 +433,8 @@ char *argv[];
 		memcpy(in,plain_data[i],8);
 		memset(out,0,8);
 		memset(outin,0,8);
-		des_ecb2_encrypt((C_Block *)in,(C_Block *)out,ks,ks2,
-			DES_ENCRYPT);
-		des_ecb2_encrypt((C_Block *)out,(C_Block *)outin,ks,ks2,
-			DES_DECRYPT);
+		des_ecb2_encrypt(&in,&out,ks,ks2,DES_ENCRYPT);
+		des_ecb2_encrypt(&out,&outin,ks,ks2,DES_DECRYPT);
 
 		if (memcmp(out,cipher_ecb2[i],8) != 0)
 			{
@@ -397,7 +453,7 @@ char *argv[];
 #endif
 
 	printf("Doing cbc\n");
-	if ((j=des_key_sched((C_Block *)cbc_key,ks)) != 0)
+	if ((j=des_key_sched(&cbc_key,ks)) != 0)
 		{
 		printf("Key error %d\n",j);
 		err=1;
@@ -405,16 +461,14 @@ char *argv[];
 	memset(cbc_out,0,40);
 	memset(cbc_in,0,40);
 	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
-	des_ncbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out,
-		(long)strlen((char *)cbc_data)+1,ks,
-		(C_Block *)iv3,DES_ENCRYPT);
+	des_ncbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks,
+			 &iv3,DES_ENCRYPT);
 	if (memcmp(cbc_out,cbc_ok,32) != 0)
 		printf("cbc_encrypt encrypt error\n");
 
 	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
-	des_ncbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in,
-		(long)strlen((char *)cbc_data)+1,ks,
-		(C_Block *)iv3,DES_DECRYPT);
+	des_ncbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,
+			 &iv3,DES_DECRYPT);
 	if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)) != 0)
 		{
 		printf("cbc_encrypt decrypt error\n");
@@ -423,7 +477,7 @@ char *argv[];
 
 #ifndef LIBDES_LIT
 	printf("Doing desx cbc\n");
-	if ((j=des_key_sched((C_Block *)cbc_key,ks)) != 0)
+	if ((j=des_key_sched(&cbc_key,ks)) != 0)
 		{
 		printf("Key error %d\n",j);
 		err=1;
@@ -431,19 +485,15 @@ char *argv[];
 	memset(cbc_out,0,40);
 	memset(cbc_in,0,40);
 	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
-	des_xcbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out,
-		(long)strlen((char *)cbc_data)+1,ks,
-		(C_Block *)iv3,
-		(C_Block *)cbc2_key, (C_Block *)cbc3_key, DES_ENCRYPT);
+	des_xcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks,
+			 &iv3,&cbc2_key,&cbc3_key, DES_ENCRYPT);
 	if (memcmp(cbc_out,xcbc_ok,32) != 0)
 		{
 		printf("des_xcbc_encrypt encrypt error\n");
 		}
 	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
-	des_xcbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in,
-		(long)strlen((char *)cbc_data)+1,ks,
-		(C_Block *)iv3,
-		(C_Block *)cbc2_key, (C_Block *)cbc3_key, DES_DECRYPT);
+	des_xcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,
+			 &iv3,&cbc2_key,&cbc3_key, DES_DECRYPT);
 	if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
 		{
 		printf("des_xcbc_encrypt decrypt error\n");
@@ -452,17 +502,17 @@ char *argv[];
 #endif
 
 	printf("Doing ede cbc\n");
-	if ((j=des_key_sched((C_Block *)cbc_key,ks)) != 0)
+	if ((j=des_key_sched(&cbc_key,ks)) != 0)
 		{
 		printf("Key error %d\n",j);
 		err=1;
 		}
-	if ((j=des_key_sched((C_Block *)cbc2_key,ks2)) != 0)
+	if ((j=des_key_sched(&cbc2_key,ks2)) != 0)
 		{
 		printf("Key error %d\n",j);
 		err=1;
 		}
-	if ((j=des_key_sched((C_Block *)cbc3_key,ks3)) != 0)
+	if ((j=des_key_sched(&cbc3_key,ks3)) != 0)
 		{
 		printf("Key error %d\n",j);
 		err=1;
@@ -473,11 +523,9 @@ char *argv[];
 	/* i=((i+7)/8)*8; */
 	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
 
-	des_ede3_cbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out,
-		16L,ks,ks2,ks3,(C_Block *)iv3,DES_ENCRYPT);
-	des_ede3_cbc_encrypt((C_Block *)&(cbc_data[16]),
-		(C_Block *)&(cbc_out[16]),
-		(long)i-16,ks,ks2,ks3,(C_Block *)iv3,DES_ENCRYPT);
+	des_ede3_cbc_encrypt(cbc_data,cbc_out,16L,ks,ks2,ks3,&iv3,DES_ENCRYPT);
+	des_ede3_cbc_encrypt(&(cbc_data[16]),&(cbc_out[16]),i-16,ks,ks2,ks3,
+			     &iv3,DES_ENCRYPT);
 	if (memcmp(cbc_out,cbc3_ok,
 		(unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)
 		{
@@ -486,9 +534,8 @@ char *argv[];
 		}
 
 	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
-	des_ede3_cbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in,
-		(long)i,ks,ks2,ks3,(C_Block *)iv3,DES_DECRYPT);
-	if (memcmp(cbc_in,cbc_data,strlen(cbc_data)+1) != 0)
+	des_ede3_cbc_encrypt(cbc_out,cbc_in,i,ks,ks2,ks3,&iv3,DES_DECRYPT);
+	if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
 		{
 		printf("des_ede3_cbc_encrypt decrypt error\n");
 		err=1;
@@ -496,23 +543,23 @@ char *argv[];
 
 #ifndef LIBDES_LIT
 	printf("Doing pcbc\n");
-	if ((j=des_key_sched((C_Block *)cbc_key,ks)) != 0)
+	if ((j=des_key_sched(&cbc_key,ks)) != 0)
 		{
 		printf("Key error %d\n",j);
 		err=1;
 		}
 	memset(cbc_out,0,40);
 	memset(cbc_in,0,40);
-	des_pcbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out,
-		(long)strlen(cbc_data)+1,ks,(C_Block *)cbc_iv,DES_ENCRYPT);
+	des_pcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks,
+			 &cbc_iv,DES_ENCRYPT);
 	if (memcmp(cbc_out,pcbc_ok,32) != 0)
 		{
 		printf("pcbc_encrypt encrypt error\n");
 		err=1;
 		}
-	des_pcbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in,
-		(long)strlen(cbc_data)+1,ks,(C_Block *)cbc_iv,DES_DECRYPT);
-	if (memcmp(cbc_in,cbc_data,strlen(cbc_data)+1) != 0)
+	des_pcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,&cbc_iv,
+			 DES_DECRYPT);
+	if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
 		{
 		printf("pcbc_encrypt decrypt error\n");
 		err=1;
@@ -536,7 +583,7 @@ char *argv[];
 	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
 	for (i=0; i<sizeof(plain); i++)
 		des_cfb_encrypt(&(plain[i]),&(cfb_buf1[i]),
-			8,(long)1,ks,(C_Block *)cfb_tmp,DES_ENCRYPT);
+			8,1,ks,&cfb_tmp,DES_ENCRYPT);
 	if (memcmp(cfb_cipher8,cfb_buf1,sizeof(plain)) != 0)
 		{
 		printf("cfb_encrypt small encrypt error\n");
@@ -546,7 +593,7 @@ char *argv[];
 	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
 	for (i=0; i<sizeof(plain); i++)
 		des_cfb_encrypt(&(cfb_buf1[i]),&(cfb_buf2[i]),
-			8,(long)1,ks,(C_Block *)cfb_tmp,DES_DECRYPT);
+			8,1,ks,&cfb_tmp,DES_DECRYPT);
 	if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
 		{
 		printf("cfb_encrypt small decrypt error\n");
@@ -559,10 +606,9 @@ char *argv[];
 	printf("done\n");
 
 	printf("Doing ofb\n");
-	des_key_sched((C_Block *)ofb_key,ks);
+	des_key_sched(&ofb_key,ks);
 	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
-	des_ofb_encrypt(plain,ofb_buf1,64,(long)sizeof(plain)/8,ks,
-		(C_Block *)ofb_tmp);
+	des_ofb_encrypt(plain,ofb_buf1,64,sizeof(plain)/8,ks,&ofb_tmp);
 	if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
 		{
 		printf("ofb_encrypt encrypt error\n");
@@ -575,8 +621,7 @@ ofb_buf1[8+4], ofb_cipher[8+5], ofb_cipher[8+6], ofb_cipher[8+7]);
 		err=1;
 		}
 	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
-	des_ofb_encrypt(ofb_buf1,ofb_buf2,64,(long)sizeof(ofb_buf1)/8,ks,
-		(C_Block *)ofb_tmp);
+	des_ofb_encrypt(ofb_buf1,ofb_buf2,64,sizeof(ofb_buf1)/8,ks,&ofb_tmp);
 	if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
 		{
 		printf("ofb_encrypt decrypt error\n");
@@ -590,15 +635,15 @@ plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
 		}
 
 	printf("Doing ofb64\n");
-	des_key_sched((C_Block *)ofb_key,ks);
+	des_key_sched(&ofb_key,ks);
 	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
 	memset(ofb_buf1,0,sizeof(ofb_buf1));
 	memset(ofb_buf2,0,sizeof(ofb_buf1));
 	num=0;
 	for (i=0; i<sizeof(plain); i++)
 		{
-		des_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,
-			(C_Block *)ofb_tmp,&num);
+		des_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,&ofb_tmp,
+				  &num);
 		}
 	if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
 		{
@@ -607,8 +652,7 @@ plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
 		}
 	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
 	num=0;
-	des_ofb64_encrypt(ofb_buf1,ofb_buf2,(long)sizeof(ofb_buf1),ks,
-		(C_Block *)ofb_tmp,&num);
+	des_ofb64_encrypt(ofb_buf1,ofb_buf2,sizeof(ofb_buf1),ks,&ofb_tmp,&num);
 	if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
 		{
 		printf("ofb64_encrypt decrypt error\n");
@@ -616,7 +660,7 @@ plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
 		}
 
 	printf("Doing ede_ofb64\n");
-	des_key_sched((C_Block *)ofb_key,ks);
+	des_key_sched(&ofb_key,ks);
 	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
 	memset(ofb_buf1,0,sizeof(ofb_buf1));
 	memset(ofb_buf2,0,sizeof(ofb_buf1));
@@ -624,7 +668,7 @@ plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
 	for (i=0; i<sizeof(plain); i++)
 		{
 		des_ede3_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,ks,ks,
-			(C_Block *)ofb_tmp,&num);
+				       &ofb_tmp,&num);
 		}
 	if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
 		{
@@ -633,8 +677,8 @@ plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
 		}
 	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
 	num=0;
-	des_ede3_ofb64_encrypt(ofb_buf1,ofb_buf2,(long)sizeof(ofb_buf1),ks,
-		ks,ks,(C_Block *)ofb_tmp,&num);
+	des_ede3_ofb64_encrypt(ofb_buf1,ofb_buf2,sizeof(ofb_buf1),ks,
+			       ks,ks,&ofb_tmp,&num);
 	if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
 		{
 		printf("ede_ofb64_encrypt decrypt error\n");
@@ -642,9 +686,8 @@ plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
 		}
 
 	printf("Doing cbc_cksum\n");
-	des_key_sched((C_Block *)cbc_key,ks);
-	cs=des_cbc_cksum((C_Block *)cbc_data,(C_Block *)cret,
-		(long)strlen(cbc_data),ks,(C_Block *)cbc_iv);
+	des_key_sched(&cbc_key,ks);
+	cs=des_cbc_cksum(cbc_data,&cret,strlen((char *)cbc_data),ks,&cbc_iv);
 	if (cs != cbc_cksum_ret)
 		{
 		printf("bad return value (%08lX), should be %08lX\n",
@@ -658,19 +701,26 @@ plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
 		}
 
 	printf("Doing quad_cksum\n");
-	cs=quad_cksum((C_Block *)cbc_data,(C_Block *)qret,
-		(long)strlen(cbc_data),2,(C_Block *)cbc_iv);
+	/* This is obviously done this way especially to puzzle me. Although
+	   quad_cksum returns up to 4 groups of 8 bytes, this test gets it to
+	   produce 2 groups then treats them as 4 groups of 4 bytes.
+	   Ben 13 Feb 1999 */
+	cs=quad_cksum(cbc_data,(des_cblock *)qret,strlen((char *)cbc_data),2,
+		      &cbc_iv);
+
+	{ /* Big-endian fix */
+	static DES_LONG l=1;
+	static unsigned char *c=(unsigned char *)&l;
+	DES_LONG ll;
+
 	j=sizeof(lqret[0])-4;
 	for (i=0; i<4; i++)
 		{
 		lqret[i]=0;
 		memcpy(&(lqret[i]),&(qret[i][0]),4);
-		if (j > 0) lqret[i]=lqret[i]>>(j*8); /* For Cray */
+		if (!c[0] && (j > 0))
+			lqret[i]=lqret[i]>>(j*8); /* For Cray */
 		}
-	{ /* Big-endian fix */
-	static DES_LONG l=1;
-	static unsigned char *c=(unsigned char *)&l;
-	DES_LONG ll;
 
 	if (!c[0])
 		{
@@ -691,25 +741,25 @@ plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
 	if (lqret[0] != 0x327eba8dL)
 		{
 		printf("quad_cksum error, out[0] %08lx is not %08lx\n",
-			(unsigned long)lqret[0],0x327eba8dL);
+			(unsigned long)lqret[0],0x327eba8dUL);
 		err=1;
 		}
 	if (lqret[1] != 0x201a49ccL)
 		{
 		printf("quad_cksum error, out[1] %08lx is not %08lx\n",
-			(unsigned long)lqret[1],0x201a49ccL);
+			(unsigned long)lqret[1],0x201a49ccUL);
 		err=1;
 		}
 	if (lqret[2] != 0x70d7a63aL)
 		{
 		printf("quad_cksum error, out[2] %08lx is not %08lx\n",
-			(unsigned long)lqret[2],0x70d7a63aL);
+			(unsigned long)lqret[2],0x70d7a63aUL);
 		err=1;
 		}
 	if (lqret[3] != 0x501c2c26L)
 		{
 		printf("quad_cksum error, out[3] %08lx is not %08lx\n",
-			(unsigned long)lqret[3],0x501c2c26L);
+			(unsigned long)lqret[3],0x501c2c26UL);
 		err=1;
 		}
 #endif
@@ -718,17 +768,17 @@ plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
 	for (i=0; i<4; i++)
 		{
 		printf(" %d",i);
-		des_ncbc_encrypt((C_Block *)&(cbc_out[i]),(C_Block *)cbc_in,
-			(long)strlen(cbc_data)+1,ks,(C_Block *)cbc_iv,
-			DES_ENCRYPT);
+		des_ncbc_encrypt(&(cbc_out[i]),cbc_in,
+				 strlen((char *)cbc_data)+1,ks,
+				 &cbc_iv,DES_ENCRYPT);
 		}
 	printf("\noutput word alignment test");
 	for (i=0; i<4; i++)
 		{
 		printf(" %d",i);
-		des_ncbc_encrypt((C_Block *)cbc_out,(C_Block *)&(cbc_in[i]),
-			(long)strlen(cbc_data)+1,ks,(C_Block *)cbc_iv,
-			DES_ENCRYPT);
+		des_ncbc_encrypt(cbc_out,&(cbc_in[i]),
+				 strlen((char *)cbc_data)+1,ks,
+				 &cbc_iv,DES_ENCRYPT);
 		}
 	printf("\n");
 	printf("fast crypt test ");
@@ -749,8 +799,7 @@ plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
 	return(0);
 	}
 
-static char *pt(p)
-unsigned char *p;
+static char *pt(unsigned char *p)
 	{
 	static char bufs[10][20];
 	static int bnum=0;
@@ -771,17 +820,15 @@ unsigned char *p;
 
 #ifndef LIBDES_LIT
 
-static int cfb_test(bits, cfb_cipher)
-int bits;
-unsigned char *cfb_cipher;
+static int cfb_test(int bits, unsigned char *cfb_cipher)
 	{
 	des_key_schedule ks;
 	int i,err=0;
 
-	des_key_sched((C_Block *)cfb_key,ks);
+	des_key_sched(&cfb_key,ks);
 	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
-	des_cfb_encrypt(plain,cfb_buf1,bits,(long)sizeof(plain),ks,
-		(C_Block *)cfb_tmp,DES_ENCRYPT);
+	des_cfb_encrypt(plain,cfb_buf1,bits,sizeof(plain),ks,&cfb_tmp,
+			DES_ENCRYPT);
 	if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
 		{
 		err=1;
@@ -790,8 +837,8 @@ unsigned char *cfb_cipher;
 			printf("%s\n",pt(&(cfb_buf1[i])));
 		}
 	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
-	des_cfb_encrypt(cfb_buf1,cfb_buf2,bits,(long)sizeof(plain),ks,
-		(C_Block *)cfb_tmp,DES_DECRYPT);
+	des_cfb_encrypt(cfb_buf1,cfb_buf2,bits,sizeof(plain),ks,&cfb_tmp,
+			DES_DECRYPT);
 	if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
 		{
 		err=1;
@@ -802,20 +849,17 @@ unsigned char *cfb_cipher;
 	return(err);
 	}
 
-static int cfb64_test(cfb_cipher)
-unsigned char *cfb_cipher;
+static int cfb64_test(unsigned char *cfb_cipher)
 	{
 	des_key_schedule ks;
 	int err=0,i,n;
 
-	des_key_sched((C_Block *)cfb_key,ks);
+	des_key_sched(&cfb_key,ks);
 	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
 	n=0;
-	des_cfb64_encrypt(plain,cfb_buf1,(long)12,ks,
-		(C_Block *)cfb_tmp,&n,DES_ENCRYPT);
-	des_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
-		(long)sizeof(plain)-12,ks,
-		(C_Block *)cfb_tmp,&n,DES_ENCRYPT);
+	des_cfb64_encrypt(plain,cfb_buf1,12,ks,&cfb_tmp,&n,DES_ENCRYPT);
+	des_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),sizeof(plain)-12,ks,
+			  &cfb_tmp,&n,DES_ENCRYPT);
 	if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
 		{
 		err=1;
@@ -825,11 +869,9 @@ unsigned char *cfb_cipher;
 		}
 	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
 	n=0;
-	des_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,ks,
-		(C_Block *)cfb_tmp,&n,DES_DECRYPT);
+	des_cfb64_encrypt(cfb_buf1,cfb_buf2,17,ks,&cfb_tmp,&n,DES_DECRYPT);
 	des_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
-		(long)sizeof(plain)-17,ks,
-		(C_Block *)cfb_tmp,&n,DES_DECRYPT);
+			  sizeof(plain)-17,ks,&cfb_tmp,&n,DES_DECRYPT);
 	if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
 		{
 		err=1;
@@ -840,20 +882,19 @@ unsigned char *cfb_cipher;
 	return(err);
 	}
 
-static int ede_cfb64_test(cfb_cipher)
-unsigned char *cfb_cipher;
+static int ede_cfb64_test(unsigned char *cfb_cipher)
 	{
 	des_key_schedule ks;
 	int err=0,i,n;
 
-	des_key_sched((C_Block *)cfb_key,ks);
+	des_key_sched(&cfb_key,ks);
 	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
 	n=0;
-	des_ede3_cfb64_encrypt(plain,cfb_buf1,(long)12,ks,ks,ks,
-		(C_Block *)cfb_tmp,&n,DES_ENCRYPT);
+	des_ede3_cfb64_encrypt(plain,cfb_buf1,12,ks,ks,ks,&cfb_tmp,&n,
+			       DES_ENCRYPT);
 	des_ede3_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
-		(long)sizeof(plain)-12,ks,ks,ks,
-		(C_Block *)cfb_tmp,&n,DES_ENCRYPT);
+			       sizeof(plain)-12,ks,ks,ks,
+			       &cfb_tmp,&n,DES_ENCRYPT);
 	if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
 		{
 		err=1;
@@ -864,10 +905,10 @@ unsigned char *cfb_cipher;
 	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
 	n=0;
 	des_ede3_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,ks,ks,ks,
-		(C_Block *)cfb_tmp,&n,DES_DECRYPT);
+			       &cfb_tmp,&n,DES_DECRYPT);
 	des_ede3_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
-		(long)sizeof(plain)-17,ks,ks,ks,
-		(C_Block *)cfb_tmp,&n,DES_DECRYPT);
+			       sizeof(plain)-17,ks,ks,ks,
+			       &cfb_tmp,&n,DES_DECRYPT);
 	if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
 		{
 		err=1;
@@ -879,4 +920,4 @@ unsigned char *cfb_cipher;
 	}
 
 #endif
-
+#endif
diff --git a/lib/libssl/src/crypto/des/ecb3_enc.c b/lib/libssl/src/crypto/des/ecb3_enc.c
index 140f6b5285e..fb28b97e1ab 100644
--- a/lib/libssl/src/crypto/des/ecb3_enc.c
+++ b/lib/libssl/src/crypto/des/ecb3_enc.c
@@ -58,20 +58,15 @@
 
 #include "des_locl.h"
 
-void des_ecb3_encrypt(input, output, ks1, ks2, ks3, enc)
-des_cblock (*input);
-des_cblock (*output);
-des_key_schedule ks1;
-des_key_schedule ks2;
-des_key_schedule ks3;
-int enc;
+void des_ecb3_encrypt(const_des_cblock *input, des_cblock *output,
+	     des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3,
+	     int enc)
 	{
 	register DES_LONG l0,l1;
-	register unsigned char *in,*out;
 	DES_LONG ll[2];
+	const unsigned char *in = &(*input)[0];
+	unsigned char *out = &(*output)[0];
 
-	in=(unsigned char *)input;
-	out=(unsigned char *)output;
 	c2l(in,l0);
 	c2l(in,l1);
 	ll[0]=l0;
diff --git a/lib/libssl/src/crypto/des/ecb_enc.c b/lib/libssl/src/crypto/des/ecb_enc.c
index acf23fdd002..b261a8aad94 100644
--- a/lib/libssl/src/crypto/des/ecb_enc.c
+++ b/lib/libssl/src/crypto/des/ecb_enc.c
@@ -58,20 +58,20 @@
 
 #include "des_locl.h"
 #include "spr.h"
+#include <openssl/opensslv.h>
 
-char *libdes_version="libdes v 3.24 - 20-Apr-1996 - eay";
-char *DES_version="DES part of SSLeay 0.9.0b 29-Jun-1998";
+OPENSSL_GLOBAL const char *libdes_version="libdes" OPENSSL_VERSION_PTEXT;
+OPENSSL_GLOBAL const char *DES_version="DES" OPENSSL_VERSION_PTEXT;
 
-char *des_options()
+const char *des_options(void)
 	{
 	static int init=1;
 	static char buf[32];
 
 	if (init)
 		{
-		char *ptr,*unroll,*risc,*size;
+		const char *ptr,*unroll,*risc,*size;
 
-		init=0;
 #ifdef DES_PTR
 		ptr="ptr";
 #else
@@ -97,23 +97,21 @@ char *des_options()
 		else
 			size="long";
 		sprintf(buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,size);
+		init=0;
 		}
 	return(buf);
 	}
 		
 
-void des_ecb_encrypt(input, output, ks, enc)
-des_cblock (*input);
-des_cblock (*output);
-des_key_schedule ks;
-int enc;
+void des_ecb_encrypt(const_des_cblock *input, des_cblock *output,
+	     des_key_schedule ks,
+	     int enc)
 	{
 	register DES_LONG l;
-	register unsigned char *in,*out;
 	DES_LONG ll[2];
+	const unsigned char *in = &(*input)[0];
+	unsigned char *out = &(*output)[0];
 
-	in=(unsigned char *)input;
-	out=(unsigned char *)output;
 	c2l(in,l); ll[0]=l;
 	c2l(in,l); ll[1]=l;
 	des_encrypt(ll,ks,enc);
diff --git a/lib/libssl/src/crypto/des/ede_cbcm_enc.c b/lib/libssl/src/crypto/des/ede_cbcm_enc.c
new file mode 100644
index 00000000000..c53062481dd
--- /dev/null
+++ b/lib/libssl/src/crypto/des/ede_cbcm_enc.c
@@ -0,0 +1,197 @@
+/* ede_cbcm_enc.c */
+/* Written by Ben Laurie <ben@algroup.co.uk> for the OpenSSL
+ * project 13 Feb 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/*
+
+This is an implementation of Triple DES Cipher Block Chaining with Output
+Feedback Masking, by Coppersmith, Johnson and Matyas, (IBM and Certicom).
+
+Note that there is a known attack on this by Biham and Knudsen but it takes
+a lot of work:
+
+http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/1998/CS/CS0928.ps.gz
+
+*/
+
+#ifndef NO_DESCBCM
+#include "des_locl.h"
+
+void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
+	     long length, des_key_schedule ks1, des_key_schedule ks2,
+	     des_key_schedule ks3, des_cblock *ivec1, des_cblock *ivec2,
+	     int enc)
+    {
+    register DES_LONG tin0,tin1;
+    register DES_LONG tout0,tout1,xor0,xor1,m0,m1;
+    register long l=length;
+    DES_LONG tin[2];
+    unsigned char *iv1,*iv2;
+
+    iv1 = &(*ivec1)[0];
+    iv2 = &(*ivec2)[0];
+
+    if (enc)
+	{
+	c2l(iv1,m0);
+	c2l(iv1,m1);
+	c2l(iv2,tout0);
+	c2l(iv2,tout1);
+	for (l-=8; l>=-7; l-=8)
+	    {
+	    tin[0]=m0;
+	    tin[1]=m1;
+	    des_encrypt(tin,ks3,1);
+	    m0=tin[0];
+	    m1=tin[1];
+
+	    if(l < 0)
+		{
+		c2ln(in,tin0,tin1,l+8);
+		}
+	    else
+		{
+		c2l(in,tin0);
+		c2l(in,tin1);
+		}
+	    tin0^=tout0;
+	    tin1^=tout1;
+
+	    tin[0]=tin0;
+	    tin[1]=tin1;
+	    des_encrypt(tin,ks1,1);
+	    tin[0]^=m0;
+	    tin[1]^=m1;
+	    des_encrypt(tin,ks2,0);
+	    tin[0]^=m0;
+	    tin[1]^=m1;
+	    des_encrypt(tin,ks1,1);
+	    tout0=tin[0];
+	    tout1=tin[1];
+
+	    l2c(tout0,out);
+	    l2c(tout1,out);
+	    }
+	iv1=&(*ivec1)[0];
+	l2c(m0,iv1);
+	l2c(m1,iv1);
+
+	iv2=&(*ivec2)[0];
+	l2c(tout0,iv2);
+	l2c(tout1,iv2);
+	}
+    else
+	{
+	register DES_LONG t0,t1;
+
+	c2l(iv1,m0);
+	c2l(iv1,m1);
+	c2l(iv2,xor0);
+	c2l(iv2,xor1);
+	for (l-=8; l>=-7; l-=8)
+	    {
+	    tin[0]=m0;
+	    tin[1]=m1;
+	    des_encrypt(tin,ks3,1);
+	    m0=tin[0];
+	    m1=tin[1];
+
+	    c2l(in,tin0);
+	    c2l(in,tin1);
+
+	    t0=tin0;
+	    t1=tin1;
+
+	    tin[0]=tin0;
+	    tin[1]=tin1;
+	    des_encrypt(tin,ks1,0);
+	    tin[0]^=m0;
+	    tin[1]^=m1;
+	    des_encrypt(tin,ks2,1);
+	    tin[0]^=m0;
+	    tin[1]^=m1;
+	    des_encrypt(tin,ks1,0);
+	    tout0=tin[0];
+	    tout1=tin[1];
+
+	    tout0^=xor0;
+	    tout1^=xor1;
+	    if(l < 0)
+		{
+		l2cn(tout0,tout1,out,l+8);
+		}
+	    else
+		{
+		l2c(tout0,out);
+		l2c(tout1,out);
+		}
+	    xor0=t0;
+	    xor1=t1;
+	    }
+
+	iv1=&(*ivec1)[0];
+	l2c(m0,iv1);
+	l2c(m1,iv1);
+
+	iv2=&(*ivec2)[0];
+	l2c(xor0,iv2);
+	l2c(xor1,iv2);
+	}
+    tin0=tin1=tout0=tout1=xor0=xor1=0;
+    tin[0]=tin[1]=0;
+    }
+#endif
diff --git a/lib/libssl/src/crypto/des/ede_enc.c b/lib/libssl/src/crypto/des/ede_enc.c
deleted file mode 100644
index 9f75dd1037d..00000000000
--- a/lib/libssl/src/crypto/des/ede_enc.c
+++ /dev/null
@@ -1,190 +0,0 @@
-/* crypto/des/ede_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-void des_ede3_cbc_encrypt(input, output, length, ks1, ks2, ks3, ivec, enc)
-des_cblock (*input);
-des_cblock (*output);
-long length;
-des_key_schedule ks1;
-des_key_schedule ks2;
-des_key_schedule ks3;
-des_cblock (*ivec);
-int enc;
-	{
-	register DES_LONG tin0,tin1;
-	register DES_LONG tout0,tout1,xor0,xor1;
-	register unsigned char *in,*out;
-	register long l=length;
-	DES_LONG tin[2];
-	unsigned char *iv;
-
-	in=(unsigned char *)input;
-	out=(unsigned char *)output;
-	iv=(unsigned char *)ivec;
-
-	if (enc)
-		{
-		c2l(iv,tout0);
-		c2l(iv,tout1);
-		for (l-=8; l>=0; l-=8)
-			{
-			c2l(in,tin0);
-			c2l(in,tin1);
-			tin0^=tout0;
-			tin1^=tout1;
-
-			tin[0]=tin0;
-			tin[1]=tin1;
-			des_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);
-			tout0=tin[0];
-			tout1=tin[1];
-
-			l2c(tout0,out);
-			l2c(tout1,out);
-			}
-		if (l != -8)
-			{
-			c2ln(in,tin0,tin1,l+8);
-			tin0^=tout0;
-			tin1^=tout1;
-
-			tin[0]=tin0;
-			tin[1]=tin1;
-			des_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);
-			tout0=tin[0];
-			tout1=tin[1];
-
-			l2c(tout0,out);
-			l2c(tout1,out);
-			}
-		iv=(unsigned char *)ivec;
-		l2c(tout0,iv);
-		l2c(tout1,iv);
-		}
-	else
-		{
-		register DES_LONG t0,t1;
-
-		c2l(iv,xor0);
-		c2l(iv,xor1);
-		for (l-=8; l>=0; l-=8)
-			{
-			c2l(in,tin0);
-			c2l(in,tin1);
-
-			t0=tin0;
-			t1=tin1;
-
-			tin[0]=tin0;
-			tin[1]=tin1;
-			des_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);
-			tout0=tin[0];
-			tout1=tin[1];
-
-			tout0^=xor0;
-			tout1^=xor1;
-			l2c(tout0,out);
-			l2c(tout1,out);
-			xor0=t0;
-			xor1=t1;
-			}
-		if (l != -8)
-			{
-			c2l(in,tin0);
-			c2l(in,tin1);
-			
-			t0=tin0;
-			t1=tin1;
-
-			tin[0]=tin0;
-			tin[1]=tin1;
-			des_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);
-			tout0=tin[0];
-			tout1=tin[1];
-		
-			tout0^=xor0;
-			tout1^=xor1;
-			l2cn(tout0,tout1,out,l+8);
-			xor0=t0;
-			xor1=t1;
-			}
-
-		iv=(unsigned char *)ivec;
-		l2c(xor0,iv);
-		l2c(xor1,iv);
-		}
-	tin0=tin1=tout0=tout1=xor0=xor1=0;
-	tin[0]=tin[1]=0;
-	}
-
-#ifdef undef /* MACRO */
-void des_ede2_cbc_encrypt(input, output, length, ks1, ks2, ivec, enc)
-des_cblock (*input);
-des_cblock (*output);
-long length;
-des_key_schedule ks1;
-des_key_schedule ks2;
-des_cblock (*ivec);
-int enc;
-	{
-	des_ede3_cbc_encrypt(input,output,length,ks1,ks2,ks1,ivec,enc);
-	}
-#endif
-
diff --git a/lib/libssl/src/crypto/des/enc_read.c b/lib/libssl/src/crypto/des/enc_read.c
index e08a904d759..694970ccd2a 100644
--- a/lib/libssl/src/crypto/des/enc_read.c
+++ b/lib/libssl/src/crypto/des/enc_read.c
@@ -58,18 +58,34 @@
 
 #include <stdio.h>
 #include <errno.h>
+#include "cryptlib.h"
 #include "des_locl.h"
 
 /* This has some uglies in it but it works - even over sockets. */
 /*extern int errno;*/
-int des_rw_mode=DES_PCBC_MODE;
-
-int des_enc_read(fd, buf, len, sched, iv)
-int fd;
-char *buf;
-int len;
-des_key_schedule sched;
-des_cblock (*iv);
+OPENSSL_GLOBAL int des_rw_mode=DES_PCBC_MODE;
+
+
+/*
+ * WARNINGS:
+ *
+ *  -  The data format used by des_enc_write() and des_enc_read()
+ *     has a cryptographic weakness: When asked to write more
+ *     than MAXWRITE bytes, des_enc_write will split the data
+ *     into several chunks that are all encrypted
+ *     using the same IV.  So don't use these functions unless you
+ *     are sure you know what you do (in which case you might
+ *     not want to use them anyway).
+ *
+ *  -  This code cannot handle non-blocking sockets.
+ *
+ *  -  This function uses an internal state and thus cannot be
+ *     used on multiple files.
+ */
+
+
+int des_enc_read(int fd, void *buf, int len, des_key_schedule sched,
+		 des_cblock *iv)
 	{
 	/* data to be unencrypted */
 	int net_num=0;
@@ -77,27 +93,27 @@ des_cblock (*iv);
 	/* extra unencrypted data 
 	 * for when a block of 100 comes in but is des_read one byte at
 	 * a time. */
-	static char *unnet=NULL;
+	static unsigned char *unnet=NULL;
 	static int unnet_start=0;
 	static int unnet_left=0;
-	static char *tmpbuf=NULL;
+	static unsigned char *tmpbuf=NULL;
 	int i;
 	long num=0,rnum;
 	unsigned char *p;
 
 	if (tmpbuf == NULL)
 		{
-		tmpbuf=(char *)malloc(BSIZE);
+		tmpbuf=Malloc(BSIZE);
 		if (tmpbuf == NULL) return(-1);
 		}
 	if (net == NULL)
 		{
-		net=(unsigned char *)malloc(BSIZE);
+		net=Malloc(BSIZE);
 		if (net == NULL) return(-1);
 		}
 	if (unnet == NULL)
 		{
-		unnet=(char *)malloc(BSIZE);
+		unnet=Malloc(BSIZE);
 		if (unnet == NULL) return(-1);
 		}
 	/* left over data from last decrypt */
@@ -109,7 +125,7 @@ des_cblock (*iv);
 			 * with the number of bytes we have - should always
 			 * check the return value */
 			memcpy(buf,&(unnet[unnet_start]),
-				(unsigned int)unnet_left);
+			       unnet_left);
 			/* eay 26/08/92 I had the next 2 lines
 			 * reversed :-( */
 			i=unnet_left;
@@ -117,7 +133,7 @@ des_cblock (*iv);
 			}
 		else
 			{
-			memcpy(buf,&(unnet[unnet_start]),(unsigned int)len);
+			memcpy(buf,&(unnet[unnet_start]),len);
 			unnet_start+=len;
 			unnet_left-=len;
 			i=len;
@@ -131,7 +147,7 @@ des_cblock (*iv);
 	/* first - get the length */
 	while (net_num < HDRSIZE) 
 		{
-		i=read(fd,&(net[net_num]),(unsigned int)HDRSIZE-net_num);
+		i=read(fd,&(net[net_num]),HDRSIZE-net_num);
 #ifdef EINTR
 		if ((i == -1) && (errno == EINTR)) continue;
 #endif
@@ -153,7 +169,7 @@ des_cblock (*iv);
 	net_num=0;
 	while (net_num < rnum)
 		{
-		i=read(fd,&(net[net_num]),(unsigned int)rnum-net_num);
+		i=read(fd,&(net[net_num]),rnum-net_num);
 #ifdef EINTR
 		if ((i == -1) && (errno == EINTR)) continue;
 #endif
@@ -165,14 +181,12 @@ des_cblock (*iv);
 	if (len < num)
 		{
 		if (des_rw_mode & DES_PCBC_MODE)
-			des_pcbc_encrypt((des_cblock *)net,(des_cblock *)unnet,
-				num,sched,iv,DES_DECRYPT);
+			des_pcbc_encrypt(net,unnet,num,sched,iv,DES_DECRYPT);
 		else
-			des_cbc_encrypt((des_cblock *)net,(des_cblock *)unnet,
-				num,sched,iv,DES_DECRYPT);
-		memcpy(buf,unnet,(unsigned int)len);
+			des_cbc_encrypt(net,unnet,num,sched,iv,DES_DECRYPT);
+		memcpy(buf,unnet,len);
 		unnet_start=len;
-		unnet_left=(int)num-len;
+		unnet_left=num-len;
 
 		/* The following line is done because we return num
 		 * as the number of bytes read. */
@@ -189,30 +203,26 @@ des_cblock (*iv);
 			{
 
 			if (des_rw_mode & DES_PCBC_MODE)
-				des_pcbc_encrypt((des_cblock *)net,
-					(des_cblock *)tmpbuf,
-					num,sched,iv,DES_DECRYPT);
+				des_pcbc_encrypt(net,tmpbuf,num,sched,iv,
+						 DES_DECRYPT);
 			else
-				des_cbc_encrypt((des_cblock *)net,
-					(des_cblock *)tmpbuf,
-					num,sched,iv,DES_DECRYPT);
+				des_cbc_encrypt(net,tmpbuf,num,sched,iv,
+						DES_DECRYPT);
 
 			/* eay 26/08/92 fix a bug that returned more
 			 * bytes than you asked for (returned len bytes :-( */
-			memcpy(buf,tmpbuf,(unsigned int)num);
+			memcpy(buf,tmpbuf,num);
 			}
 		else
 			{
 			if (des_rw_mode & DES_PCBC_MODE)
-				des_pcbc_encrypt((des_cblock *)net,
-					(des_cblock *)buf,num,sched,iv,
-					DES_DECRYPT);
+				des_pcbc_encrypt(net,buf,num,sched,iv,
+						 DES_DECRYPT);
 			else
-				des_cbc_encrypt((des_cblock *)net,
-					(des_cblock *)buf,num,sched,iv,
-					DES_DECRYPT);
+				des_cbc_encrypt(net,buf,num,sched,iv,
+						DES_DECRYPT);
 			}
 		}
-	return((int)num);
+	return num;
 	}
 
diff --git a/lib/libssl/src/crypto/des/enc_writ.c b/lib/libssl/src/crypto/des/enc_writ.c
index 29a7330fb0f..ba3f0822ef0 100644
--- a/lib/libssl/src/crypto/des/enc_writ.c
+++ b/lib/libssl/src/crypto/des/enc_writ.c
@@ -58,32 +58,44 @@
 
 #include <errno.h>
 #include <time.h>
+#include <stdio.h>
+#include "cryptlib.h"
 #include "des_locl.h"
+#include <openssl/rand.h>
 
-int des_enc_write(fd, buf, len, sched, iv)
-int fd;
-char *buf;
-int len;
-des_key_schedule sched;
-des_cblock (*iv);
+/*
+ * WARNINGS:
+ *
+ *  -  The data format used by des_enc_write() and des_enc_read()
+ *     has a cryptographic weakness: When asked to write more
+ *     than MAXWRITE bytes, des_enc_write will split the data
+ *     into several chunks that are all encrypted
+ *     using the same IV.  So don't use these functions unless you
+ *     are sure you know what you do (in which case you might
+ *     not want to use them anyway).
+ *
+ *  -  This code cannot handle non-blocking sockets.
+ */
+
+int des_enc_write(int fd, const void *_buf, int len,
+		  des_key_schedule sched, des_cblock *iv)
 	{
 #ifdef _LIBC
-	extern int srandom();
 	extern unsigned long time();
-	extern int random();
 	extern int write();
 #endif
-
+	const unsigned char *buf=_buf;
 	long rnum;
 	int i,j,k,outnum;
-	static char *outbuf=NULL;
-	char shortbuf[8];
-	char *p;
+	static unsigned char *outbuf=NULL;
+	unsigned char shortbuf[8];
+	unsigned char *p;
+	const unsigned char *cp;
 	static int start=1;
 
 	if (outbuf == NULL)
 		{
-		outbuf=(char *)malloc(BSIZE+HDRSIZE);
+		outbuf=Malloc(BSIZE+HDRSIZE);
 		if (outbuf == NULL) return(-1);
 		}
 	/* If we are sending less than 8 bytes, the same char will look
@@ -91,7 +103,6 @@ des_cblock (*iv);
 	if (start)
 		{
 		start=0;
-		srandom((unsigned int)time(NULL));
 		}
 
 	/* lets recurse if we want to send the data in small chunks */
@@ -117,35 +128,32 @@ des_cblock (*iv);
 	/* pad short strings */
 	if (len < 8)
 		{
-		p=shortbuf;
-		memcpy(shortbuf,buf,(unsigned int)len);
-		for (i=len; i<8; i++)
-			shortbuf[i]=random();
+		cp=shortbuf;
+		memcpy(shortbuf,buf,len);
+		RAND_bytes(shortbuf+len, 8-len);
 		rnum=8;
 		}
 	else
 		{
-		p=buf;
+		cp=(unsigned char*)buf;
 		rnum=((len+7)/8*8); /* round up to nearest eight */
 		}
 
 	if (des_rw_mode & DES_PCBC_MODE)
-		des_pcbc_encrypt((des_cblock *)p,
-			(des_cblock *)&(outbuf[HDRSIZE]),
-			(long)((len<8)?8:len),sched,iv,DES_ENCRYPT); 
+		des_pcbc_encrypt(cp,&(outbuf[HDRSIZE]),(len<8)?8:len,sched,iv,
+				 DES_ENCRYPT); 
 	else
-		des_cbc_encrypt((des_cblock *)p,
-			(des_cblock *)&(outbuf[HDRSIZE]),
-			(long)((len<8)?8:len),sched,iv,DES_ENCRYPT); 
+		des_cbc_encrypt(cp,&(outbuf[HDRSIZE]),(len<8)?8:len,sched,iv,
+				DES_ENCRYPT); 
 
 	/* output */
-	outnum=(int)rnum+HDRSIZE;
+	outnum=rnum+HDRSIZE;
 
 	for (j=0; j<outnum; j+=i)
 		{
 		/* eay 26/08/92 I was not doing writing from where we
 		 * got upto. */
-		i=write(fd,&(outbuf[j]),(unsigned int)(outnum-j));
+		i=write(fd,&(outbuf[j]),outnum-j);
 		if (i == -1)
 			{
 			if (errno == EINTR)
diff --git a/lib/libssl/src/crypto/des/fcrypt_b.c b/lib/libssl/src/crypto/des/fcrypt_b.c
index 1544634bc19..9cbea97c1fc 100644
--- a/lib/libssl/src/crypto/des/fcrypt_b.c
+++ b/lib/libssl/src/crypto/des/fcrypt_b.c
@@ -77,15 +77,12 @@
 #define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
 	(a)=(a)^(t)^(t>>(16-(n))))\
 
-void fcrypt_body(out, ks, Eswap0, Eswap1)
-DES_LONG *out;
-des_key_schedule ks;
-DES_LONG Eswap0;
-DES_LONG Eswap1;
+void fcrypt_body(DES_LONG *out, des_key_schedule ks, DES_LONG Eswap0,
+	     DES_LONG Eswap1)
 	{
 	register DES_LONG l,r,t,u;
 #ifdef DES_PTR
-	register unsigned char *des_SP=(unsigned char *)des_SPtrans;
+	register const unsigned char *des_SP=(const unsigned char *)des_SPtrans;
 #endif
 	register DES_LONG *s;
 	register int j;
diff --git a/lib/libssl/src/crypto/des/ncbc_enc.c b/lib/libssl/src/crypto/des/ncbc_enc.c
index 1d1a368c223..e0e67a417d5 100644
--- a/lib/libssl/src/crypto/des/ncbc_enc.c
+++ b/lib/libssl/src/crypto/des/ncbc_enc.c
@@ -58,24 +58,21 @@
 
 #include "des_locl.h"
 
-void des_ncbc_encrypt(input, output, length, schedule, ivec, enc)
-des_cblock (*input);
-des_cblock (*output);
-long length;
-des_key_schedule schedule;
-des_cblock (*ivec);
-int enc;
+#ifdef CBC_ENC_C__DONT_UPDATE_IV
+void des_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+	     des_key_schedule schedule, des_cblock *ivec, int enc)
+#else
+void des_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+	     des_key_schedule schedule, des_cblock *ivec, int enc)
+#endif
 	{
 	register DES_LONG tin0,tin1;
 	register DES_LONG tout0,tout1,xor0,xor1;
-	register unsigned char *in,*out;
 	register long l=length;
 	DES_LONG tin[2];
 	unsigned char *iv;
 
-	in=(unsigned char *)input;
-	out=(unsigned char *)output;
-	iv=(unsigned char *)ivec;
+	iv = &(*ivec)[0];
 
 	if (enc)
 		{
@@ -100,9 +97,11 @@ int enc;
 			tout0=tin[0]; l2c(tout0,out);
 			tout1=tin[1]; l2c(tout1,out);
 			}
-		iv=(unsigned char *)ivec;
+#ifndef CBC_ENC_C__DONT_UPDATE_IV
+		iv = &(*ivec)[0];
 		l2c(tout0,iv);
 		l2c(tout1,iv);
+#endif
 		}
 	else
 		{
@@ -120,11 +119,25 @@ int enc;
 			xor0=tin0;
 			xor1=tin1;
 			}
-		iv=(unsigned char *)ivec;
+		if (l != -8)
+			{
+			c2l(in,tin0); tin[0]=tin0;
+			c2l(in,tin1); tin[1]=tin1;
+			des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
+			tout0=tin[0]^xor0;
+			tout1=tin[1]^xor1;
+			l2cn(tout0,tout1,out,l+8);
+#ifndef CBC_ENC_C__DONT_UPDATE_IV
+			xor0=tin0;
+			xor1=tin1;
+#endif
+			}
+#ifndef CBC_ENC_C__DONT_UPDATE_IV 
+		iv = &(*ivec)[0];
 		l2c(xor0,iv);
 		l2c(xor1,iv);
+#endif
 		}
 	tin0=tin1=tout0=tout1=xor0=xor1=0;
 	tin[0]=tin[1]=0;
 	}
-
diff --git a/lib/libssl/src/crypto/des/ofb64ede.c b/lib/libssl/src/crypto/des/ofb64ede.c
index 4b1b0199f12..6eafe908da5 100644
--- a/lib/libssl/src/crypto/des/ofb64ede.c
+++ b/lib/libssl/src/crypto/des/ofb64ede.c
@@ -62,13 +62,10 @@
  * used.  The extra state information to record how much of the
  * 64bit block we have used is contained in *num;
  */
-void des_ede3_ofb64_encrypt(in, out, length, k1,k2,k3, ivec, num)
-register unsigned char *in;
-register unsigned char *out;
-long length;
-des_key_schedule k1,k2,k3;
-des_cblock (*ivec);
-int *num;
+void des_ede3_ofb64_encrypt(register const unsigned char *in,
+	     register unsigned char *out, long length, des_key_schedule k1,
+	     des_key_schedule k2, des_key_schedule k3, des_cblock *ivec,
+	     int *num)
 	{
 	register DES_LONG v0,v1;
 	register int n= *num;
@@ -79,7 +76,7 @@ int *num;
 	unsigned char *iv;
 	int save=0;
 
-	iv=(unsigned char *)ivec;
+	iv = &(*ivec)[0];
 	c2l(iv,v0);
 	c2l(iv,v1);
 	ti[0]=v0;
@@ -93,7 +90,7 @@ int *num;
 			{
 			/* ti[0]=v0; */
 			/* ti[1]=v1; */
-			des_encrypt3((DES_LONG *)ti,k1,k2,k3);
+			des_encrypt3(ti,k1,k2,k3);
 			v0=ti[0];
 			v1=ti[1];
 
@@ -109,7 +106,7 @@ int *num;
 		{
 /*		v0=ti[0];
 		v1=ti[1];*/
-		iv=(unsigned char *)ivec;
+		iv = &(*ivec)[0];
 		l2c(v0,iv);
 		l2c(v1,iv);
 		}
@@ -118,13 +115,9 @@ int *num;
 	}
 
 #ifdef undef /* MACRO */
-void des_ede2_ofb64_encrypt(in, out, length, k1,k2, ivec, num)
-register unsigned char *in;
-register unsigned char *out;
-long length;
-des_key_schedule k1,k2;
-des_cblock (*ivec);
-int *num;
+void des_ede2_ofb64_encrypt(register unsigned char *in,
+	     register unsigned char *out, long length, des_key_schedule k1,
+	     des_key_schedule k2, des_cblock (*ivec), int *num)
 	{
 	des_ede3_ofb64_encrypt(in, out, length, k1,k2,k1, ivec, num);
 	}
diff --git a/lib/libssl/src/crypto/des/ofb64enc.c b/lib/libssl/src/crypto/des/ofb64enc.c
index ea7e6126972..64953959cab 100644
--- a/lib/libssl/src/crypto/des/ofb64enc.c
+++ b/lib/libssl/src/crypto/des/ofb64enc.c
@@ -62,37 +62,33 @@
  * used.  The extra state information to record how much of the
  * 64bit block we have used is contained in *num;
  */
-void des_ofb64_encrypt(in, out, length, schedule, ivec, num)
-register unsigned char *in;
-register unsigned char *out;
-long length;
-des_key_schedule schedule;
-des_cblock (*ivec);
-int *num;
+void des_ofb64_encrypt(register const unsigned char *in,
+	     register unsigned char *out, long length, des_key_schedule schedule,
+	     des_cblock *ivec, int *num)
 	{
 	register DES_LONG v0,v1,t;
 	register int n= *num;
 	register long l=length;
 	des_cblock d;
-	register char *dp;
+	register unsigned char *dp;
 	DES_LONG ti[2];
 	unsigned char *iv;
 	int save=0;
 
-	iv=(unsigned char *)ivec;
+	iv = &(*ivec)[0];
 	c2l(iv,v0);
 	c2l(iv,v1);
 	ti[0]=v0;
 	ti[1]=v1;
-	dp=(char *)d;
+	dp=d;
 	l2c(v0,dp);
 	l2c(v1,dp);
 	while (l--)
 		{
 		if (n == 0)
 			{
-			des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT);
-			dp=(char *)d;
+			des_encrypt(ti,schedule,DES_ENCRYPT);
+			dp=d;
 			t=ti[0]; l2c(t,dp);
 			t=ti[1]; l2c(t,dp);
 			save++;
@@ -104,7 +100,7 @@ int *num;
 		{
 		v0=ti[0];
 		v1=ti[1];
-		iv=(unsigned char *)ivec;
+		iv = &(*ivec)[0];
 		l2c(v0,iv);
 		l2c(v1,iv);
 		}
diff --git a/lib/libssl/src/crypto/des/ofb_enc.c b/lib/libssl/src/crypto/des/ofb_enc.c
index 4db0cdbd600..a8f425a575a 100644
--- a/lib/libssl/src/crypto/des/ofb_enc.c
+++ b/lib/libssl/src/crypto/des/ofb_enc.c
@@ -64,13 +64,8 @@
  * the second.  The second 12 bits will come from the 3rd and half the 4th
  * byte.
  */
-void des_ofb_encrypt(in, out, numbits, length, schedule, ivec)
-unsigned char *in;
-unsigned char *out;
-int numbits;
-long length;
-des_key_schedule schedule;
-des_cblock (*ivec);
+void des_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
+	     long length, des_key_schedule schedule, des_cblock *ivec)
 	{
 	register DES_LONG d0,d1,vv0,vv1,v0,v1,n=(numbits+7)/8;
 	register DES_LONG mask0,mask1;
@@ -97,7 +92,7 @@ des_cblock (*ivec);
 		mask1=0x00000000L;
 		}
 
-	iv=(unsigned char *)ivec;
+	iv = &(*ivec)[0];
 	c2l(iv,v0);
 	c2l(iv,v1);
 	ti[0]=v0;
@@ -131,7 +126,7 @@ des_cblock (*ivec);
 			v1=((v1>>num)|(vv0<<(32-num)))&0xffffffffL;
 			}
 		}
-	iv=(unsigned char *)ivec;
+	iv = &(*ivec)[0];
 	l2c(v0,iv);
 	l2c(v1,iv);
 	v0=v1=d0=d1=ti[0]=ti[1]=vv0=vv1=0;
diff --git a/lib/libssl/src/crypto/des/pcbc_enc.c b/lib/libssl/src/crypto/des/pcbc_enc.c
index 4513207d908..dd69a26d4aa 100644
--- a/lib/libssl/src/crypto/des/pcbc_enc.c
+++ b/lib/libssl/src/crypto/des/pcbc_enc.c
@@ -58,21 +58,17 @@
 
 #include "des_locl.h"
 
-void des_pcbc_encrypt(input, output, length, schedule, ivec, enc)
-des_cblock (*input);
-des_cblock (*output);
-long length;
-des_key_schedule schedule;
-des_cblock (*ivec);
-int enc;
+void des_pcbc_encrypt(const unsigned char *input, unsigned char *output,
+	     long length, des_key_schedule schedule, des_cblock *ivec, int enc)
 	{
 	register DES_LONG sin0,sin1,xor0,xor1,tout0,tout1;
 	DES_LONG tin[2];
-	unsigned char *in,*out,*iv;
+	const unsigned char *in;
+	unsigned char *out,*iv;
 
-	in=(unsigned char *)input;
-	out=(unsigned char *)output;
-	iv=(unsigned char *)ivec;
+	in=input;
+	out=output;
+	iv = &(*ivec)[0];
 
 	if (enc)
 		{
diff --git a/lib/libssl/src/crypto/des/qud_cksm.c b/lib/libssl/src/crypto/des/qud_cksm.c
index 8526abf334a..6ce8c61b426 100644
--- a/lib/libssl/src/crypto/des/qud_cksm.c
+++ b/lib/libssl/src/crypto/des/qud_cksm.c
@@ -73,28 +73,24 @@
 /* Got the value MIT uses via brute force :-) 2/10/90 eay */
 #define NOISE	((DES_LONG)83653421L)
 
-DES_LONG des_quad_cksum(input, output, length, out_count, seed)
-des_cblock (*input);
-des_cblock (*output);
-long length;
-int out_count;
-des_cblock (*seed);
+DES_LONG des_quad_cksum(const unsigned char *input, des_cblock output[],
+	     long length, int out_count, des_cblock *seed)
 	{
 	DES_LONG z0,z1,t0,t1;
 	int i;
 	long l;
-	unsigned char *cp;
+	const unsigned char *cp;
 	unsigned char *lp;
 
 	if (out_count < 1) out_count=1;
-	lp=(unsigned char *)output;
+	lp = &(output[0])[0];
 
 	z0=Q_B0((*seed)[0])|Q_B1((*seed)[1])|Q_B2((*seed)[2])|Q_B3((*seed)[3]);
 	z1=Q_B0((*seed)[4])|Q_B1((*seed)[5])|Q_B2((*seed)[6])|Q_B3((*seed)[7]);
 
 	for (i=0; ((i<4)&&(i<out_count)); i++)
 		{
-		cp=(unsigned char *)input;
+		cp=input;
 		l=length;
 		while (l > 0)
 			{
@@ -133,7 +129,7 @@ des_cblock (*seed);
 				}
 			else
 				{
-				lp=output[out_count-i-1];
+				lp = &(output[out_count-i-1])[0];
 				l2n(z1,lp);
 				l2n(z0,lp);
 				}
diff --git a/lib/libssl/src/crypto/des/rand_key.c b/lib/libssl/src/crypto/des/rand_key.c
index 8c30bd029a2..fc11792cdaa 100644
--- a/lib/libssl/src/crypto/des/rand_key.c
+++ b/lib/libssl/src/crypto/des/rand_key.c
@@ -62,15 +62,13 @@
 static int seed=0;
 static des_cblock init;
 
-void des_random_seed(key)
-des_cblock key;
+void des_random_seed(des_cblock *key)
 	{
-	memcpy(init,key,sizeof(des_cblock));
+	memcpy(&init,key,sizeof(des_cblock));
 	seed=1;
 	}
 
-void des_random_key(ret)
-unsigned char *ret;
+void des_random_key(des_cblock *ret)
 	{
 	des_key_schedule ks;
 	static DES_LONG c=0;
@@ -101,15 +99,13 @@ unsigned char *ret;
 	t=(DES_LONG)((pid)|((c++)<<16));
 	l2c(t,p);
 
-	des_set_odd_parity((des_cblock *)data);
-	des_set_key((des_cblock *)data,ks);
-	des_cbc_cksum((des_cblock *)key,(des_cblock *)key,
-		(long)sizeof(key),ks,(des_cblock *)data);
+	des_set_odd_parity(&data);
+	des_set_key(&data,ks);
+	des_cbc_cksum(key,&key,sizeof(key),ks,&data);
 
-	des_set_odd_parity((des_cblock *)key);
-	des_set_key((des_cblock *)key,ks);
-	des_cbc_cksum((des_cblock *)key,(des_cblock *)data,
-		(long)sizeof(key),ks,(des_cblock *)key);
+	des_set_odd_parity(&key);
+	des_set_key(&key,ks);
+	des_cbc_cksum(key,&data,sizeof(key),ks,&key);
 
 	memcpy(ret,data,sizeof(key));
 	memset(key,0,sizeof(key));
diff --git a/lib/libssl/src/crypto/des/ranlib.sh b/lib/libssl/src/crypto/des/ranlib.sh
deleted file mode 100644
index 543f712c6ba..00000000000
--- a/lib/libssl/src/crypto/des/ranlib.sh
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/bin/sh
-
-cwd=`pwd`
-cd /tmp
-
-if [ -s /bin/ranlib ] ; then 
-	RL=/bin/ranlib
-else if [ -s /usr/bin/ranlib ] ; then
-	RL=/usr/bin/ranlib
-fi
-fi
-
-if [ "x$RL" != "x" ]
-then
-	case "$1" in
-		/*)  
-		$RL "$1"
-		;;
-		*)
-		$RL "$cwd/$1"
-		;;
-	esac
-fi
diff --git a/lib/libssl/src/crypto/des/read2pwd.c b/lib/libssl/src/crypto/des/read2pwd.c
index a0d53793e42..a8ceaf088a9 100644
--- a/lib/libssl/src/crypto/des/read2pwd.c
+++ b/lib/libssl/src/crypto/des/read2pwd.c
@@ -58,10 +58,7 @@
 
 #include "des_locl.h"
 
-int des_read_password(key, prompt, verify)
-des_cblock (*key);
-char *prompt;
-int verify;
+int des_read_password(des_cblock *key, const char *prompt, int verify)
 	{
 	int ok;
 	char buf[BUFSIZ],buff[BUFSIZ];
@@ -73,11 +70,8 @@ int verify;
 	return(ok);
 	}
 
-int des_read_2passwords(key1, key2, prompt, verify)
-des_cblock (*key1);
-des_cblock (*key2);
-char *prompt;
-int verify;
+int des_read_2passwords(des_cblock *key1, des_cblock *key2, const char *prompt,
+	     int verify)
 	{
 	int ok;
 	char buf[BUFSIZ],buff[BUFSIZ];
diff --git a/lib/libssl/src/crypto/des/read_pwd.c b/lib/libssl/src/crypto/des/read_pwd.c
index 99920f2f86d..fed49652c0d 100644
--- a/lib/libssl/src/crypto/des/read_pwd.c
+++ b/lib/libssl/src/crypto/des/read_pwd.c
@@ -56,7 +56,23 @@
  * [including the GNU Public Licence.]
  */
 
+#if !defined(MSDOS) && !defined(VMS) && !defined(WIN32)
+#include <openssl/opensslconf.h>
+#include OPENSSL_UNISTD
+/* If unistd.h defines _POSIX_VERSION, we conclude that we
+ * are on a POSIX system and have sigaction and termios. */
+#if defined(_POSIX_VERSION)
+
+# define SIGACTION
+# if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY)
+# define TERMIOS
+# endif
+
+#endif
+#endif
+
 /* #define SIGACTION */ /* Define this if you have sigaction() */
+
 #ifdef WIN16TTY
 #undef WIN16
 #undef _WINDOWS
@@ -65,11 +81,26 @@
 
 /* 06-Apr-92 Luke Brennan    Support for VMS */
 #include "des_locl.h"
+#include "cryptlib.h"
 #include <signal.h>
+#include <stdio.h>
 #include <string.h>
 #include <setjmp.h>
 #include <errno.h>
 
+#ifdef VMS			/* prototypes for sys$whatever */
+#include <starlet.h>
+#ifdef __DECC
+#pragma message disable DOLLARID
+#endif
+#endif
+
+#ifdef WIN_CONSOLE_BUG
+#include <windows.h>
+#include <wincon.h>
+#endif
+
+
 /* There are 5 types of terminal interface supported,
  * TERMIO, TERMIOS, VMS, MSDOS and SGTTY
  */
@@ -147,7 +178,6 @@ struct IOSB {
 #define NX509_SIG 32
 #endif
 
-#ifndef NOPROTO
 static void read_till_nl(FILE *);
 static void recsig(int);
 static void pushsig(void);
@@ -155,32 +185,15 @@ static void popsig(void);
 #if defined(MSDOS) && !defined(WIN16)
 static int noecho_fgets(char *buf, int size, FILE *tty);
 #endif
-#else
-static void read_till_nl();
-static void recsig();
-static void pushsig();
-static void popsig();
-#if defined(MSDOS) && !defined(WIN16)
-static int noecho_fgets();
-#endif
-#endif
-
 #ifdef SIGACTION
  static struct sigaction savsig[NX509_SIG];
 #else
-# ifndef NOPROTO
   static void (*savsig[NX509_SIG])(int );
-# else
-  static void (*savsig[NX509_SIG])();
-# endif
 #endif
 static jmp_buf save;
 
-int des_read_pw_string(buf, length, prompt, verify)
-char *buf;
-int length;
-char *prompt;
-int verify;
+int des_read_pw_string(char *buf, int length, const char *prompt,
+	     int verify)
 	{
 	char buff[BUFSIZ];
 	int ret;
@@ -192,8 +205,7 @@ int verify;
 
 #ifndef WIN16
 
-static void read_till_nl(in)
-FILE *in;
+static void read_till_nl(FILE *in)
 	{
 #define SIZE 4
 	char buf[SIZE+1];
@@ -205,12 +217,8 @@ FILE *in;
 
 
 /* return 0 if ok, 1 (or -1) otherwise */
-int des_read_pw(buf, buff, size, prompt, verify)
-char *buf;
-char *buff;
-int size;
-char *prompt;
-int verify;
+int des_read_pw(char *buf, char *buff, int size, const char *prompt,
+	     int verify)
 	{
 #ifdef VMS
 	struct IOSB iosb;
@@ -223,14 +231,27 @@ int verify;
 	TTY_STRUCT tty_orig,tty_new;
 #endif
 #endif
-	int number=5;
-	int ok=0;
-	int ps=0;
-	int is_a_tty=1;
-
-	FILE *tty=NULL;
+	int number;
+	int ok;
+	/* statics are simply to avoid warnings about longjmp clobbering
+	   things */
+	static int ps;
+	int is_a_tty;
+	static FILE *tty;
 	char *p;
 
+	if (setjmp(save))
+		{
+		ok=0;
+		goto error;
+		}
+
+	number=5;
+	ok=0;
+	ps=0;
+	is_a_tty=1;
+	tty=NULL;
+
 #ifndef MSDOS
 	if ((tty=fopen("/dev/tty","r")) == NULL)
 		tty=stdin;
@@ -259,19 +280,14 @@ int verify;
 	memcpy(&(tty_new),&(tty_orig),sizeof(tty_orig));
 #endif
 #ifdef VMS
-	status = SYS$ASSIGN(&terminal,&channel,0,0);
+	status = sys$assign(&terminal,&channel,0,0);
 	if (status != SS$_NORMAL)
 		return(-1);
-	status=SYS$QIOW(0,channel,IO$_SENSEMODE,&iosb,0,0,tty_orig,12,0,0,0,0);
+	status=sys$qiow(0,channel,IO$_SENSEMODE,&iosb,0,0,tty_orig,12,0,0,0,0);
 	if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
 		return(-1);
 #endif
 
-	if (setjmp(save))
-		{
-		ok=0;
-		goto error;
-		}
 	pushsig();
 	ps=1;
 
@@ -287,7 +303,7 @@ int verify;
 	tty_new[0] = tty_orig[0];
 	tty_new[1] = tty_orig[1] | TT$M_NOECHO;
 	tty_new[2] = tty_orig[2];
-	status = SYS$QIOW(0,channel,IO$_SETMODE,&iosb,0,0,tty_new,12,0,0,0,0);
+	status = sys$qiow(0,channel,IO$_SETMODE,&iosb,0,0,tty_new,12,0,0,0,0);
 	if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
 		return(-1);
 #endif
@@ -333,31 +349,26 @@ error:
 	perror("fgets(tty)");
 #endif
 	/* What can we do if there is an error? */
-#if defined(TTY_set) && !defined(VMS) 
+#if defined(TTY_set) && !defined(VMS)
 	if (ps >= 2) TTY_set(fileno(tty),&tty_orig);
 #endif
 #ifdef VMS
 	if (ps >= 2)
-		status = SYS$QIOW(0,channel,IO$_SETMODE,&iosb,0,0
+		status = sys$qiow(0,channel,IO$_SETMODE,&iosb,0,0
 			,tty_orig,12,0,0,0,0);
 #endif
 	
 	if (ps >= 1) popsig();
 	if (stdin != tty) fclose(tty);
 #ifdef VMS
-	status = SYS$DASSGN(channel);
+	status = sys$dassgn(channel);
 #endif
 	return(!ok);
 	}
 
 #else /* WIN16 */
 
-int des_read_pw(buf, buff, size, prompt, verify)
-char *buf;
-char *buff;
-int size;
-char *prompt;
-int verify;
+int des_read_pw(char *buf, char *buff, int size, char *prompt, int verify)
 	{ 
 	memset(buf,0,size);
 	memset(buff,0,size);
@@ -366,9 +377,15 @@ int verify;
 
 #endif
 
-static void pushsig()
+static void pushsig(void)
 	{
 	int i;
+#ifdef SIGACTION
+	struct sigaction sa;
+
+	memset(&sa,0,sizeof sa);
+	sa.sa_handler=recsig;
+#endif
 
 	for (i=1; i<NX509_SIG; i++)
 		{
@@ -381,7 +398,7 @@ static void pushsig()
 			continue;
 #endif
 #ifdef SIGACTION
-		sigaction(i,NULL,&savsig[i]);
+		sigaction(i,&sa,&savsig[i]);
 #else
 		savsig[i]=signal(i,recsig);
 #endif
@@ -392,7 +409,7 @@ static void pushsig()
 #endif
 	}
 
-static void popsig()
+static void popsig(void)
 	{
 	int i;
 
@@ -414,8 +431,7 @@ static void popsig()
 		}
 	}
 
-static void recsig(i)
-int i;
+static void recsig(int i)
 	{
 	longjmp(save,1);
 #ifdef LINT
@@ -424,10 +440,7 @@ int i;
 	}
 
 #if defined(MSDOS) && !defined(WIN16)
-static int noecho_fgets(buf,size,tty)
-char *buf;
-int size;
-FILE *tty;
+static int noecho_fgets(char *buf, int size, FILE *tty)
 	{
 	int i;
 	char *p;
@@ -454,6 +467,18 @@ FILE *tty;
 			break;
 			}
 		}
+#ifdef WIN_CONSOLE_BUG
+/* Win95 has several evil console bugs: one of these is that the
+ * last character read using getch() is passed to the next read: this is
+ * usually a CR so this can be trouble. No STDIO fix seems to work but
+ * flushing the console appears to do the trick.
+ */
+		{
+			HANDLE inh;
+			inh = GetStdHandle(STD_INPUT_HANDLE);
+			FlushConsoleInputBuffer(inh);
+		}
+#endif
 	return(strlen(buf));
 	}
 #endif
diff --git a/lib/libssl/src/crypto/des/rpc_enc.c b/lib/libssl/src/crypto/des/rpc_enc.c
index 7c1da1f5384..c96c204147a 100644
--- a/lib/libssl/src/crypto/des/rpc_enc.c
+++ b/lib/libssl/src/crypto/des/rpc_enc.c
@@ -60,32 +60,23 @@
 #include "des_locl.h"
 #include "des_ver.h"
 
-#ifndef NOPROTO
 int _des_crypt(char *buf,int len,struct desparams *desp);
-#else
-int _des_crypt();
-#endif
-
-int _des_crypt(buf, len, desp)
-char *buf;
-int len;
-struct desparams *desp;
+int _des_crypt(char *buf, int len, struct desparams *desp)
 	{
 	des_key_schedule ks;
 	int enc;
 
-	des_set_key((des_cblock *)desp->des_key,ks);
+	des_set_key(&desp->des_key,ks);
 	enc=(desp->des_dir == ENCRYPT)?DES_ENCRYPT:DES_DECRYPT;
 
 	if (desp->des_mode == CBC)
-		des_ecb_encrypt((des_cblock *)desp->UDES.UDES_buf,
-				(des_cblock *)desp->UDES.UDES_buf,ks,enc);
+		des_ecb_encrypt((const_des_cblock *)desp->UDES.UDES_buf,
+				(des_cblock *)desp->UDES.UDES_buf,ks,
+				enc);
 	else
 		{
-		des_ncbc_encrypt((des_cblock *)desp->UDES.UDES_buf,
-				(des_cblock *)desp->UDES.UDES_buf,
-				(long)len,ks,
-				(des_cblock *)desp->des_ivec,enc);
+		des_ncbc_encrypt(desp->UDES.UDES_buf,desp->UDES.UDES_buf,
+				len,ks,&desp->des_ivec,enc);
 #ifdef undef
 		/* len will always be %8 if called from common_crypt
 		 * in secure_rpc.
diff --git a/lib/libssl/src/crypto/des/rpw.c b/lib/libssl/src/crypto/des/rpw.c
index 6447ed9cf05..0b6b1519b07 100644
--- a/lib/libssl/src/crypto/des/rpw.c
+++ b/lib/libssl/src/crypto/des/rpw.c
@@ -57,17 +57,15 @@
  */
 
 #include <stdio.h>
-#include "des.h"
+#include <openssl/des.h>
 
-int main(argc,argv)
-int argc;
-char *argv[];
+int main(int argc, char *argv[])
 	{
 	des_cblock k,k1;
 	int i;
 
 	printf("read passwd\n");
-	if ((i=des_read_password((C_Block *)k,"Enter password:",0)) == 0)
+	if ((i=des_read_password(&k,"Enter password:",0)) == 0)
 		{
 		printf("password = ");
 		for (i=0; i<8; i++)
@@ -77,7 +75,7 @@ char *argv[];
 		printf("error %d\n",i);
 	printf("\n");
 	printf("read 2passwds and verify\n");
-	if ((i=des_read_2passwords((C_Block *)k,(C_Block *)k1,
+	if ((i=des_read_2passwords(&k,&k1,
 		"Enter verified password:",1)) == 0)
 		{
 		printf("password1 = ");
diff --git a/lib/libssl/src/crypto/des/set_key.c b/lib/libssl/src/crypto/des/set_key.c
index c3bcd7ee2b2..52553a4c166 100644
--- a/lib/libssl/src/crypto/des/set_key.c
+++ b/lib/libssl/src/crypto/des/set_key.c
@@ -67,16 +67,10 @@
 #include "podd.h"
 #include "sk.h"
 
-#ifndef NOPROTO
-static int check_parity(des_cblock (*key));
-#else
-static int check_parity();
-#endif
+static int check_parity(const_des_cblock *key);
+OPENSSL_GLOBAL int des_check_key=0;
 
-int des_check_key=0;
-
-void des_set_odd_parity(key)
-des_cblock (*key);
+void des_set_odd_parity(des_cblock *key)
 	{
 	int i;
 
@@ -84,8 +78,7 @@ des_cblock (*key);
 		(*key)[i]=odd_parity[(*key)[i]];
 	}
 
-static int check_parity(key)
-des_cblock (*key);
+static int check_parity(const_des_cblock *key)
 	{
 	int i;
 
@@ -111,8 +104,8 @@ static des_cblock weak_keys[NUM_WEAK_KEY]={
 	/* weak keys */
 	{0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
 	{0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE},
-	{0x1F,0x1F,0x1F,0x1F,0x1F,0x1F,0x1F,0x1F},
-	{0xE0,0xE0,0xE0,0xE0,0xE0,0xE0,0xE0,0xE0},
+	{0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
+	{0xE0,0xE0,0xE0,0xE0,0xF1,0xF1,0xF1,0xF1},
 	/* semi-weak keys */
 	{0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE},
 	{0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01},
@@ -127,8 +120,7 @@ static des_cblock weak_keys[NUM_WEAK_KEY]={
 	{0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
 	{0xFE,0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1}};
 
-int des_is_weak_key(key)
-des_cblock (*key);
+int des_is_weak_key(const_des_cblock *key)
 	{
 	int i;
 
@@ -157,13 +149,11 @@ des_cblock (*key);
  * return -1 if key parity error,
  * return -2 if illegal weak key.
  */
-int des_set_key(key, schedule)
-des_cblock (*key);
-des_key_schedule schedule;
+int des_set_key(const_des_cblock *key, des_key_schedule schedule)
 	{
 	static int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
 	register DES_LONG c,d,t,s,t2;
-	register unsigned char *in;
+	register const unsigned char *in;
 	register DES_LONG *k;
 	register int i;
 
@@ -176,8 +166,8 @@ des_key_schedule schedule;
 			return(-2);
 		}
 
-	k=(DES_LONG *)schedule;
-	in=(unsigned char *)key;
+	k = &schedule->ks.deslong[0];
+	in = &(*key)[0];
 
 	c2l(in,c);
 	c2l(in,d);
@@ -238,9 +228,7 @@ des_key_schedule schedule;
 	return(0);
 	}
 
-int des_key_sched(key, schedule)
-des_cblock (*key);
-des_key_schedule schedule;
+int des_key_sched(const_des_cblock *key, des_key_schedule schedule)
 	{
 	return(des_set_key(key,schedule));
 	}
diff --git a/lib/libssl/src/crypto/des/shifts.pl b/lib/libssl/src/crypto/des/shifts.pl
index d8a240c1ba5..ba686d8ef51 100644
--- a/lib/libssl/src/crypto/des/shifts.pl
+++ b/lib/libssl/src/crypto/des/shifts.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 
 sub lab_shift
 	{
diff --git a/lib/libssl/src/crypto/des/speed.c b/lib/libssl/src/crypto/des/speed.c
index 5bbe8b01d6e..da41abcb03d 100644
--- a/lib/libssl/src/crypto/des/speed.c
+++ b/lib/libssl/src/crypto/des/speed.c
@@ -59,19 +59,17 @@
 /* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
 /* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
 
-#ifndef MSDOS
+#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
 #define TIMES
 #endif
 
 #include <stdio.h>
-#ifndef MSDOS
-#include <unistd.h>
-#else
-#include <io.h>
-extern int exit();
-#endif
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+
 #include <signal.h>
-#ifndef VMS
 #ifndef _IRIX
 #include <time.h>
 #endif
@@ -79,35 +77,32 @@ extern int exit();
 #include <sys/types.h>
 #include <sys/times.h>
 #endif
-#else /* VMS */
-#include <types.h>
-struct tms {
-	time_t tms_utime;
-	time_t tms_stime;
-	time_t tms_uchild;	/* I dunno...  */
-	time_t tms_uchildsys;	/* so these names are a guess :-) */
-	}
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#undef TIMES
 #endif
+
 #ifndef TIMES
 #include <sys/timeb.h>
 #endif
 
-#ifdef sun
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
 #include <limits.h>
 #include <sys/param.h>
 #endif
 
-#include "des.h"
+#include <openssl/des.h>
 
 /* The following if from times(3) man page.  It may need to be changed */
 #ifndef HZ
 # ifndef CLK_TCK
 #  ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
-#   ifndef VMS
-#    define HZ	100.0
-#   else /* VMS */
-#    define HZ	100.0
-#   endif
+#   define HZ	100.0
 #  else /* _BSD_CLK_TCK_ */
 #   define HZ ((double)_BSD_CLK_TCK_)
 #  endif
@@ -119,12 +114,7 @@ struct tms {
 #define BUFSIZE	((long)1024)
 long run=0;
 
-#ifndef NOPROTO
 double Time_F(int s);
-#else
-double Time_F();
-#endif
-
 #ifdef SIGALRM
 #if defined(__STDC__) || defined(sgi) || defined(_AIX)
 #define SIGRETTYPE void
@@ -132,14 +122,8 @@ double Time_F();
 #define SIGRETTYPE int
 #endif
 
-#ifndef NOPROTO
 SIGRETTYPE sig_done(int sig);
-#else
-SIGRETTYPE sig_done();
-#endif
-
-SIGRETTYPE sig_done(sig)
-int sig;
+SIGRETTYPE sig_done(int sig)
 	{
 	signal(SIGALRM,sig_done);
 	run=0;
@@ -152,8 +136,7 @@ int sig;
 #define START	0
 #define STOP	1
 
-double Time_F(s)
-int s;
+double Time_F(int s)
 	{
 	double ret;
 #ifdef TIMES
@@ -189,9 +172,7 @@ int s;
 #endif
 	}
 
-int main(argc,argv)
-int argc;
-char **argv;
+int main(int argc, char **argv)
 	{
 	long count;
 	static unsigned char buf[BUFSIZE];
@@ -209,12 +190,12 @@ char **argv;
 	printf("program when this computer is idle.\n");
 #endif
 
-	des_set_key((C_Block *)key2,sch2);
-	des_set_key((C_Block *)key3,sch3);
+	des_set_key(&key2,sch2);
+	des_set_key(&key3,sch3);
 
 #ifndef SIGALRM
 	printf("First we calculate the approximate speed ...\n");
-	des_set_key((C_Block *)key,sch);
+	des_set_key(&key,sch);
 	count=10;
 	do	{
 		long i;
@@ -244,7 +225,7 @@ char **argv;
 
 	Time_F(START);
 	for (count=0,run=1; COND(ca); count++)
-		des_set_key((C_Block *)key,sch);
+		des_set_key(&key,sch);
 	d=Time_F(STOP);
 	printf("%ld set_key's in %.2f seconds\n",count,d);
 	a=((double)COUNT(ca))/d;
@@ -276,8 +257,8 @@ char **argv;
 #endif
 	Time_F(START);
 	for (count=0,run=1; COND(cc); count++)
-		des_ncbc_encrypt((C_Block *)buf,(C_Block *)buf,BUFSIZE,&(sch[0]),
-			(C_Block *)&(key[0]),DES_ENCRYPT);
+		des_ncbc_encrypt(buf,buf,BUFSIZE,&(sch[0]),
+			&key,DES_ENCRYPT);
 	d=Time_F(STOP);
 	printf("%ld des_cbc_encrypt's of %ld byte blocks in %.2f second\n",
 		count,BUFSIZE,d);
@@ -293,11 +274,11 @@ char **argv;
 #endif
 	Time_F(START);
 	for (count=0,run=1; COND(cd); count++)
-		des_ede3_cbc_encrypt((C_Block *)buf,(C_Block *)buf,BUFSIZE,
+		des_ede3_cbc_encrypt(buf,buf,BUFSIZE,
 			&(sch[0]),
 			&(sch2[0]),
 			&(sch3[0]),
-			(C_Block *)&(key[0]),
+			&key,
 			DES_ENCRYPT);
 	d=Time_F(STOP);
 	printf("%ld des_ede_cbc_encrypt's of %ld byte blocks in %.2f second\n",
diff --git a/lib/libssl/src/crypto/des/spr.h b/lib/libssl/src/crypto/des/spr.h
index 81813f9f7a0..b8fbdcf8d32 100644
--- a/lib/libssl/src/crypto/des/spr.h
+++ b/lib/libssl/src/crypto/des/spr.h
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-const DES_LONG des_SPtrans[8][64]={
+OPENSSL_GLOBAL const DES_LONG des_SPtrans[8][64]={
 {
 /* nibble 0 */
 0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L,
diff --git a/lib/libssl/src/crypto/des/str2key.c b/lib/libssl/src/crypto/des/str2key.c
index 3365c1bcf30..24841452f1f 100644
--- a/lib/libssl/src/crypto/des/str2key.c
+++ b/lib/libssl/src/crypto/des/str2key.c
@@ -58,11 +58,9 @@
 
 #include "des_locl.h"
 
-extern int des_check_key;
+OPENSSL_EXTERN int des_check_key;
 
-void des_string_to_key(str, key)
-char *str;
-des_cblock (*key);
+void des_string_to_key(const char *str, des_cblock *key)
 	{
 	des_key_schedule ks;
 	int i,length;
@@ -89,21 +87,17 @@ des_cblock (*key);
 			}
 		}
 #endif
-	des_set_odd_parity((des_cblock *)key);
+	des_set_odd_parity(key);
 	i=des_check_key;
 	des_check_key=0;
-	des_set_key((des_cblock *)key,ks);
+	des_set_key(key,ks);
 	des_check_key=i;
-	des_cbc_cksum((des_cblock *)str,(des_cblock *)key,(long)length,ks,
-		(des_cblock *)key);
+	des_cbc_cksum((unsigned char*)str,key,length,ks,key);
 	memset(ks,0,sizeof(ks));
-	des_set_odd_parity((des_cblock *)key);
+	des_set_odd_parity(key);
 	}
 
-void des_string_to_2keys(str, key1, key2)
-char *str;
-des_cblock (*key1);
-des_cblock (*key2);
+void des_string_to_2keys(const char *str, des_cblock *key1, des_cblock *key2)
 	{
 	des_key_schedule ks;
 	int i,length;
@@ -154,16 +148,14 @@ des_cblock (*key2);
 		}
 	if (length <= 8) memcpy(key2,key1,8);
 #endif
-	des_set_odd_parity((des_cblock *)key1);
-	des_set_odd_parity((des_cblock *)key2);
+	des_set_odd_parity(key1);
+	des_set_odd_parity(key2);
 	i=des_check_key;
 	des_check_key=0;
-	des_set_key((des_cblock *)key1,ks);
-	des_cbc_cksum((des_cblock *)str,(des_cblock *)key1,(long)length,ks,
-		(des_cblock *)key1);
-	des_set_key((des_cblock *)key2,ks);
-	des_cbc_cksum((des_cblock *)str,(des_cblock *)key2,(long)length,ks,
-		(des_cblock *)key2);
+	des_set_key(key1,ks);
+	des_cbc_cksum((unsigned char*)str,key1,length,ks,key1);
+	des_set_key(key2,ks);
+	des_cbc_cksum((unsigned char*)str,key2,length,ks,key2);
 	des_check_key=i;
 	memset(ks,0,sizeof(ks));
 	des_set_odd_parity(key1);
diff --git a/lib/libssl/src/crypto/des/supp.c b/lib/libssl/src/crypto/des/supp.c
index f8e5833f697..8c570c25869 100644
--- a/lib/libssl/src/crypto/des/supp.c
+++ b/lib/libssl/src/crypto/des/supp.c
@@ -87,18 +87,16 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $Id: supp.c,v 1.1.1.1 1998/10/05 20:12:45 ryker Exp $
+ * $Id: supp.c,v 1.2 1999/09/29 04:36:01 beck Exp $
  */
 
 #include <stdio.h>
 #include "des_locl.h"
 
-void des_cblock_print_file(cb, fp)
-	des_cblock *cb;
-	FILE *fp;
+void des_cblock_print_file(const_des_cblock *cb, FILE *fp)
 {
 	int i;
-	unsigned int *p = (unsigned int *)cb;
+	const unsigned int *p = (const unsigned int *)cb;
 
 	fprintf(fp, " 0x { ");
 	for (i = 0; i < 8; i++) {
diff --git a/lib/libssl/src/crypto/des/testdes.pl b/lib/libssl/src/crypto/des/testdes.pl
index 67fbd47f369..01a165a963d 100644
--- a/lib/libssl/src/crypto/des/testdes.pl
+++ b/lib/libssl/src/crypto/des/testdes.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 
 # des.pl tesing code
 
diff --git a/lib/libssl/src/crypto/des/vms.com b/lib/libssl/src/crypto/des/vms.com
deleted file mode 100644
index 62ca1fbda49..00000000000
--- a/lib/libssl/src/crypto/des/vms.com
+++ /dev/null
@@ -1,90 +0,0 @@
-$! --- VMS.com ---
-$!
-$ GoSub defines
-$ GoSub linker_options
-$ If (P1 .nes. "")
-$ Then 
-$   GoSub 'P1'
-$ Else
-$   GoSub lib
-$   GoSub destest
-$   GoSub rpw
-$   GoSub speed
-$   GoSub des
-$ EndIF
-$!
-$ Exit
-$!
-$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-$!
-$DEFINES:
-$ OPT_FILE := "VAX_LINKER_OPTIONS.OPT"
-$!
-$ CC_OPTS := "/NODebug/OPTimize/NOWarn"
-$!
-$ LINK_OPTS := "/NODebug/NOTraceback/Contiguous"
-$!
-$ OBJS  = "cbc_cksm.obj,cbc_enc.obj,ecb_enc.obj,pcbc_enc.obj," + -
-          "qud_cksm.obj,rand_key.obj,read_pwd.obj,set_key.obj,"      + -
-          "str2key.obj,enc_read.obj,enc_writ.obj,fcrypt.obj,"           + -
-	  "cfb_enc.obj,ecb3_enc.obj,ofb_enc.obj"
-	   
-	   
-$!
-$ LIBDES = "cbc_cksm.c,cbc_enc.c,ecb_enc.c,enc_read.c,"           + -
-           "enc_writ.c,pcbc_enc.c,qud_cksm.c,rand_key.c,"         + -
-           "read_pwd.c,set_key.c,str2key.c,fcrypt.c,"                + -
-	   "cfb_enc.c,ecb3_enc.c,ofb_enc.c"
-$ Return
-$!
-$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-$!
-$LINKER_OPTIONS:
-$ If (f$search(OPT_FILE) .eqs. "")
-$ Then
-$   Create 'OPT_FILE'
-$DECK
-! Default system options file to link against the sharable C runtime library
-!
-Sys$Share:VAXcRTL.exe/Share
-$EOD
-$ EndIF
-$ Return
-$!
-$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-$!
-$LIB:
-$ CC 'CC_OPTS' 'LIBDES'
-$ If (f$search("LIBDES.OLB") .nes. "")
-$ Then Library /Object /Replace libdes 'OBJS'
-$ Else Library /Create /Object  libdes 'OBJS'
-$ EndIF
-$ Return
-$!
-$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-$!
-$DESTEST:
-$ CC 'CC_OPTS' destest
-$ Link 'link_opts' /Exec=destest destest.obj,libdes/LIBRARY,'opt_file'/Option
-$ Return
-$!
-$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-$!
-$RPW:
-$ CC 'CC_OPTS' rpw
-$ Link 'link_opts' /Exec=rpw  rpw.obj,libdes/LIBRARY,'opt_file'/Option
-$ Return
-$!
-$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-$!
-$SPEED:
-$ CC 'CC_OPTS' speed
-$ Link 'link_opts' /Exec=speed speed.obj,libdes/LIBRARY,'opt_file'/Option
-$ Return
-$!
-$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-$!
-$DES:
-$ CC 'CC_OPTS' des
-$ Link 'link_opts' /Exec=des des.obj,libdes/LIBRARY,'opt_file'/Option
-$ Return
diff --git a/lib/libssl/src/crypto/des/xcbc_enc.c b/lib/libssl/src/crypto/des/xcbc_enc.c
index 031589bf50d..51e17e6b8a6 100644
--- a/lib/libssl/src/crypto/des/xcbc_enc.c
+++ b/lib/libssl/src/crypto/des/xcbc_enc.c
@@ -79,18 +79,14 @@ static unsigned char desx_white_in2out[256]={
 0xA7,0x1C,0xC9,0x09,0x69,0x9A,0x83,0xCF,0x29,0x39,0xB9,0xE9,0x4C,0xFF,0x43,0xAB,
 	};
 
-void des_xwhite_in2out(des_key,in_white,out_white)
-des_cblock (*des_key);
-des_cblock (*in_white);
-des_cblock (*out_white);
+void des_xwhite_in2out(const_des_cblock *des_key, const_des_cblock *in_white,
+	     des_cblock *out_white)
 	{
-	unsigned char *key,*in,*out;
 	int out0,out1;
 	int i;
-
-	key=(unsigned char *)des_key;
-	in=(unsigned char *)in_white;
-	out=(unsigned char *)out_white;
+	const unsigned char *key = &(*des_key)[0];
+	const unsigned char *in = &(*in_white)[0];
+	unsigned char *out = &(*out_white)[0];
 
 	out[0]=out[1]=out[2]=out[3]=out[4]=out[5]=out[6]=out[7]=0;
 	out0=out1=0;
@@ -111,34 +107,26 @@ des_cblock (*out_white);
 		}
 	}
 
-void des_xcbc_encrypt(input, output, length, schedule, ivec, inw,outw,enc)
-des_cblock (*input);
-des_cblock (*output);
-long length;
-des_key_schedule schedule;
-des_cblock (*ivec);
-des_cblock (*inw);
-des_cblock (*outw);
-int enc;
+void des_xcbc_encrypt(const unsigned char *in, unsigned char *out,
+	    long length, des_key_schedule schedule, des_cblock *ivec,
+	    const_des_cblock *inw, const_des_cblock *outw, int enc)
 	{
 	register DES_LONG tin0,tin1;
 	register DES_LONG tout0,tout1,xor0,xor1;
 	register DES_LONG inW0,inW1,outW0,outW1;
-	register unsigned char *in,*out;
+	register const unsigned char *in2;
 	register long l=length;
 	DES_LONG tin[2];
 	unsigned char *iv;
 
-	in=(unsigned char *)inw;
-	c2l(in,inW0);
-	c2l(in,inW1);
-	in=(unsigned char *)outw;
-	c2l(in,outW0);
-	c2l(in,outW1);
+	in2 = &(*inw)[0];
+	c2l(in2,inW0);
+	c2l(in2,inW1);
+	in2 = &(*outw)[0];
+	c2l(in2,outW0);
+	c2l(in2,outW1);
 
-	in=(unsigned char *)input;
-	out=(unsigned char *)output;
-	iv=(unsigned char *)ivec;
+	iv = &(*ivec)[0];
 
 	if (enc)
 		{
@@ -150,7 +138,7 @@ int enc;
 			c2l(in,tin1);
 			tin0^=tout0^inW0; tin[0]=tin0;
 			tin1^=tout1^inW1; tin[1]=tin1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+			des_encrypt(tin,schedule,DES_ENCRYPT);
 			tout0=tin[0]^outW0; l2c(tout0,out);
 			tout1=tin[1]^outW1; l2c(tout1,out);
 			}
@@ -159,11 +147,11 @@ int enc;
 			c2ln(in,tin0,tin1,l+8);
 			tin0^=tout0^inW0; tin[0]=tin0;
 			tin1^=tout1^inW1; tin[1]=tin1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+			des_encrypt(tin,schedule,DES_ENCRYPT);
 			tout0=tin[0]^outW0; l2c(tout0,out);
 			tout1=tin[1]^outW1; l2c(tout1,out);
 			}
-		iv=(unsigned char *)ivec;
+		iv = &(*ivec)[0];
 		l2c(tout0,iv);
 		l2c(tout1,iv);
 		}
@@ -175,7 +163,7 @@ int enc;
 			{
 			c2l(in,tin0); tin[0]=tin0^outW0;
 			c2l(in,tin1); tin[1]=tin1^outW1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
+			des_encrypt(tin,schedule,DES_DECRYPT);
 			tout0=tin[0]^xor0^inW0;
 			tout1=tin[1]^xor1^inW1;
 			l2c(tout0,out);
@@ -187,7 +175,7 @@ int enc;
 			{
 			c2l(in,tin0); tin[0]=tin0^outW0;
 			c2l(in,tin1); tin[1]=tin1^outW1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
+			des_encrypt(tin,schedule,DES_DECRYPT);
 			tout0=tin[0]^xor0^inW0;
 			tout1=tin[1]^xor1^inW1;
 			l2cn(tout0,tout1,out,l+8);
@@ -195,7 +183,7 @@ int enc;
 			xor1=tin1;
 			}
 
-		iv=(unsigned char *)ivec;
+		iv = &(*ivec)[0];
 		l2c(xor0,iv);
 		l2c(xor1,iv);
 		}
diff --git a/lib/libssl/src/crypto/dh/Makefile.ssl b/lib/libssl/src/crypto/dh/Makefile.ssl
index dfa7e4525d0..37e388d1b4a 100644
--- a/lib/libssl/src/crypto/dh/Makefile.ssl
+++ b/lib/libssl/src/crypto/dh/Makefile.ssl
@@ -7,23 +7,23 @@ TOP=	../..
 CC=	cc
 INCLUDES= -I.. -I../../include
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
-ERR=dh
-ERRC=dh_err
 GENERAL=Makefile
 TEST= dhtest.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= dh_gen.c dh_key.c dh_lib.c dh_check.c $(ERRC).c
-LIBOBJ= dh_gen.o dh_key.o dh_lib.o dh_check.o $(ERRC).o
+LIBSRC= dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c
+LIBOBJ= dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o
 
 SRC= $(LIBSRC)
 
@@ -39,24 +39,23 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -68,17 +67,42 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
-	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+dh_check.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_check.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_check.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
+dh_check.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dh_check.o: ../../include/openssl/opensslconf.h
+dh_check.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+dh_check.o: ../cryptlib.h
+dh_err.o: ../../include/openssl/bn.h ../../include/openssl/dh.h
+dh_err.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+dh_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_gen.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
+dh_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dh_gen.o: ../../include/openssl/stack.h ../cryptlib.h
+dh_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_key.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
+dh_key.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dh_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dh_key.o: ../../include/openssl/rand.h ../../include/openssl/stack.h
+dh_key.o: ../cryptlib.h
+dh_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_lib.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
+dh_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dh_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dh_lib.o: ../../include/openssl/stack.h ../cryptlib.h
diff --git a/lib/libssl/src/crypto/dh/dh.err b/lib/libssl/src/crypto/dh/dh.err
deleted file mode 100644
index a4fe746985e..00000000000
--- a/lib/libssl/src/crypto/dh/dh.err
+++ /dev/null
@@ -1,12 +0,0 @@
-/* Error codes for the DH functions. */
-
-/* Function codes. */
-#define DH_F_DHPARAMS_PRINT				 100
-#define DH_F_DHPARAMS_PRINT_FP				 101
-#define DH_F_DH_COMPUTE_KEY				 102
-#define DH_F_DH_GENERATE_KEY				 103
-#define DH_F_DH_GENERATE_PARAMETERS			 104
-#define DH_F_DH_NEW					 105
-
-/* Reason codes. */
-#define DH_R_NO_PRIVATE_VALUE				 100
diff --git a/lib/libssl/src/crypto/dh/dh.h b/lib/libssl/src/crypto/dh/dh.h
index 4cc1df2650b..2cc3797a94e 100644
--- a/lib/libssl/src/crypto/dh/dh.h
+++ b/lib/libssl/src/crypto/dh/dh.h
@@ -63,10 +63,14 @@
 extern "C" {
 #endif
 
-#ifndef HEADER_BN_H
-#define BIGNUM 		char
+#ifdef NO_DH
+#error DH is disabled.
 #endif
 
+#include <openssl/bn.h>
+	
+#define DH_FLAG_CACHE_MONT_P	0x01
+
 typedef struct dh_st
 	{
 	/* This first argument is used to pick up errors when
@@ -78,6 +82,9 @@ typedef struct dh_st
 	int length; /* optional */
 	BIGNUM *pub_key;	/* y */
 	BIGNUM *priv_key;	/* x */
+
+	int flags;
+	char *method_mont_p;
 	} DH;
 
 #define DH_GENERATOR_2		2
@@ -98,15 +105,19 @@ typedef struct dh_st
 		(unsigned char *)(x))
 #define d2i_DHparams_bio(bp,x) (DH *)ASN1_d2i_bio((char *(*)())DH_new, \
 		(char *(*)())d2i_DHparams,(bp),(unsigned char **)(x))
+#ifdef  __cplusplus
+#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio((int (*)())i2d_DHparams,(bp), \
+		(unsigned char *)(x))
+#else
 #define i2d_DHparams_bio(bp,x) ASN1_i2d_bio(i2d_DHparams,(bp), \
 		(unsigned char *)(x))
+#endif
 
-#ifndef NOPROTO
 DH *	DH_new(void);
 void	DH_free(DH *dh);
 int	DH_size(DH *dh);
 DH *	DH_generate_parameters(int prime_len,int generator,
-		void (*callback)(int,int,char *),char *cb_arg);
+		void (*callback)(int,int,void *),void *cb_arg);
 int	DH_check(DH *dh,int *codes);
 int	DH_generate_key(DH *dh);
 int	DH_compute_key(unsigned char *key,BIGNUM *pub_key,DH *dh);
@@ -122,26 +133,11 @@ int	DHparams_print(char *bp, DH *x);
 #endif
 void	ERR_load_DH_strings(void );
 
-#else
-
-DH *	DH_new();
-void	DH_free();
-int	DH_size();
-DH *	DH_generate_parameters();
-int	DH_check();
-int	DH_generate_key();
-int	DH_compute_key();
-DH *	d2i_DHparams();
-int	i2d_DHparams();
-#ifndef NO_FP_API
-int	DHparams_print_fp();
-#endif
-int	DHparams_print();
-void	ERR_load_DH_strings();
-
-#endif
-
 /* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
 /* Error codes for the DH functions. */
 
 /* Function codes. */
@@ -154,7 +150,7 @@ void	ERR_load_DH_strings();
 
 /* Reason codes. */
 #define DH_R_NO_PRIVATE_VALUE				 100
- 
+
 #ifdef  __cplusplus
 }
 #endif
diff --git a/lib/libssl/src/crypto/dh/dh_check.c b/lib/libssl/src/crypto/dh/dh_check.c
index 65602e494f1..95ce9cfad01 100644
--- a/lib/libssl/src/crypto/dh/dh_check.c
+++ b/lib/libssl/src/crypto/dh/dh_check.c
@@ -58,8 +58,8 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "dh.h"
+#include <openssl/bn.h>
+#include <openssl/dh.h>
 
 /* Check that p is a strong prime and
  * if g is 2, 3 or 5, check that is is a suitable generator
@@ -70,9 +70,7 @@
  * should hold.
  */
 
-int DH_check(dh,ret)
-DH *dh;
-int *ret;
+int DH_check(DH *dh, int *ret)
 	{
 	int ok=0;
 	BN_CTX *ctx=NULL;
diff --git a/lib/libssl/src/crypto/dh/dh_err.c b/lib/libssl/src/crypto/dh/dh_err.c
index 9d5c06ac248..0348bd24a2e 100644
--- a/lib/libssl/src/crypto/dh/dh_err.c
+++ b/lib/libssl/src/crypto/dh/dh_err.c
@@ -1,63 +1,65 @@
-/* lib/dh/dh_err.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* crypto/dh/dh_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
+ */
+
 #include <stdio.h>
-#include "err.h"
-#include "dh.h"
+#include <openssl/err.h>
+#include <openssl/dh.h>
 
 /* BEGIN ERROR CODES */
 #ifndef NO_ERR
@@ -69,23 +71,23 @@ static ERR_STRING_DATA DH_str_functs[]=
 {ERR_PACK(0,DH_F_DH_GENERATE_KEY,0),	"DH_generate_key"},
 {ERR_PACK(0,DH_F_DH_GENERATE_PARAMETERS,0),	"DH_generate_parameters"},
 {ERR_PACK(0,DH_F_DH_NEW,0),	"DH_new"},
-{0,NULL},
+{0,NULL}
 	};
 
 static ERR_STRING_DATA DH_str_reasons[]=
 	{
 {DH_R_NO_PRIVATE_VALUE                   ,"no private value"},
-{0,NULL},
+{0,NULL}
 	};
 
 #endif
 
-void ERR_load_DH_strings()
+void ERR_load_DH_strings(void)
 	{
 	static int init=1;
 
-	if (init);
-		{;
+	if (init)
+		{
 		init=0;
 #ifndef NO_ERR
 		ERR_load_strings(ERR_LIB_DH,DH_str_functs);
diff --git a/lib/libssl/src/crypto/dh/dh_gen.c b/lib/libssl/src/crypto/dh/dh_gen.c
index 04c7046a7b0..b7bcd2c7a41 100644
--- a/lib/libssl/src/crypto/dh/dh_gen.c
+++ b/lib/libssl/src/crypto/dh/dh_gen.c
@@ -58,8 +58,8 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "dh.h"
+#include <openssl/bn.h>
+#include <openssl/dh.h>
 
 /* We generate DH parameters as follows
  * find a prime q which is prime_len/2 bits long.
@@ -83,11 +83,8 @@
  * this generator function can take a very very long time to run.
  */
 
-DH *DH_generate_parameters(prime_len,generator,callback,cb_arg)
-int prime_len;
-int generator;
-void (*callback)(P_I_I_P);
-char *cb_arg;
+DH *DH_generate_parameters(int prime_len, int generator,
+	     void (*callback)(int,int,void *), void *cb_arg)
 	{
 	BIGNUM *p=NULL,*t1,*t2;
 	DH *ret=NULL;
@@ -95,10 +92,11 @@ char *cb_arg;
 	BN_CTX *ctx=NULL;
 
 	ret=DH_new();
+	if (ret == NULL) goto err;
 	ctx=BN_CTX_new();
 	if (ctx == NULL) goto err;
-	t1=ctx->bn[0];
-	t2=ctx->bn[1];
+	t1= &(ctx->bn[0]);
+	t2= &(ctx->bn[1]);
 	ctx->tos=2;
 	
 	if (generator == DH_GENERATOR_2)
@@ -126,7 +124,7 @@ char *cb_arg;
 	else
 		g=generator;
 	
-	p=BN_generate_prime(prime_len,1,t1,t2,callback,cb_arg);
+	p=BN_generate_prime(NULL,prime_len,1,t1,t2,callback,cb_arg);
 	if (p == NULL) goto err;
 	if (callback != NULL) callback(3,0,cb_arg);
 	ret->p=p;
diff --git a/lib/libssl/src/crypto/dh/dh_key.c b/lib/libssl/src/crypto/dh/dh_key.c
index 7576772bcd5..cede53bfc17 100644
--- a/lib/libssl/src/crypto/dh/dh_key.c
+++ b/lib/libssl/src/crypto/dh/dh_key.c
@@ -58,20 +58,19 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "rand.h"
-#include "dh.h"
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/dh.h>
 
-int DH_generate_key(dh)
-DH *dh;
+int DH_generate_key(DH *dh)
 	{
 	int ok=0;
 	unsigned int i;
-	BN_CTX *ctx=NULL;
+	BN_CTX ctx;
+	BN_MONT_CTX *mont;
 	BIGNUM *pub_key=NULL,*priv_key=NULL;
 
-	ctx=BN_CTX_new();
-	if (ctx == NULL) goto err;
+	BN_CTX_init(&ctx);
 
 	if (dh->priv_key == NULL)
 		{
@@ -96,7 +95,15 @@ DH *dh;
 	else
 		pub_key=dh->pub_key;
 
-	if (!BN_mod_exp(pub_key,dh->g,priv_key,dh->p,ctx)) goto err;
+	if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P))
+		{
+		if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
+			if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
+				dh->p,&ctx)) goto err;
+		}
+	mont=(BN_MONT_CTX *)dh->method_mont_p;
+
+	if (!BN_mod_exp_mont(pub_key,dh->g,priv_key,dh->p,&ctx,mont)) goto err;
 		
 	dh->pub_key=pub_key;
 	dh->priv_key=priv_key;
@@ -107,29 +114,34 @@ err:
 
 	if ((pub_key != NULL)  && (dh->pub_key == NULL))  BN_free(pub_key);
 	if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key);
-	if (ctx != NULL) BN_CTX_free(ctx);
+	BN_CTX_free(&ctx);
 	return(ok);
 	}
 
-int DH_compute_key(key,pub_key,dh)
-unsigned char *key;
-BIGNUM *pub_key;
-DH *dh;
+int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh)
 	{
-	BN_CTX *ctx;
+	BN_CTX ctx;
+	BN_MONT_CTX *mont;
 	BIGNUM *tmp;
 	int ret= -1;
 
-	ctx=BN_CTX_new();
-	if (ctx == NULL) goto err;
-	tmp=ctx->bn[ctx->tos++];
+	BN_CTX_init(&ctx);
+	tmp= &(ctx.bn[ctx.tos++]);
 	
 	if (dh->priv_key == NULL)
 		{
 		DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
 		goto err;
 		}
-	if (!BN_mod_exp(tmp,pub_key,dh->priv_key,dh->p,ctx))
+	if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P))
+		{
+		if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
+			if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
+				dh->p,&ctx)) goto err;
+		}
+
+	mont=(BN_MONT_CTX *)dh->method_mont_p;
+	if (!BN_mod_exp_mont(tmp,pub_key,dh->priv_key,dh->p,&ctx,mont))
 		{
 		DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);
 		goto err;
@@ -137,6 +149,6 @@ DH *dh;
 
 	ret=BN_bn2bin(tmp,key);
 err:
-	if (ctx != NULL) BN_CTX_free(ctx);
+	BN_CTX_free(&ctx);
 	return(ret);
 	}
diff --git a/lib/libssl/src/crypto/dh/dh_lib.c b/lib/libssl/src/crypto/dh/dh_lib.c
index a300b383965..61e0720e8a7 100644
--- a/lib/libssl/src/crypto/dh/dh_lib.c
+++ b/lib/libssl/src/crypto/dh/dh_lib.c
@@ -58,12 +58,12 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "dh.h"
+#include <openssl/bn.h>
+#include <openssl/dh.h>
 
-char *DH_version="Diffie-Hellman part of SSLeay 0.9.0b 29-Jun-1998";
+const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
 
-DH *DH_new()
+DH *DH_new(void)
 	{
 	DH *ret;
 
@@ -80,21 +80,24 @@ DH *DH_new()
 	ret->length=0;
 	ret->pub_key=NULL;
 	ret->priv_key=NULL;
+	ret->flags=DH_FLAG_CACHE_MONT_P;
+	ret->method_mont_p=NULL;
 	return(ret);
 	}
 
-void DH_free(r)
-DH *r;
+void DH_free(DH *r)
 	{
+	if(r == NULL) return;
 	if (r->p != NULL) BN_clear_free(r->p);
 	if (r->g != NULL) BN_clear_free(r->g);
 	if (r->pub_key != NULL) BN_clear_free(r->pub_key);
 	if (r->priv_key != NULL) BN_clear_free(r->priv_key);
+	if (r->method_mont_p != NULL)
+		BN_MONT_CTX_free((BN_MONT_CTX *)r->method_mont_p);
 	Free(r);
 	}
 
-int DH_size(dh)
-DH *dh;
+int DH_size(DH *dh)
 	{
 	return(BN_num_bytes(dh->p));
 	}
diff --git a/lib/libssl/src/crypto/dh/dhtest.c b/lib/libssl/src/crypto/dh/dhtest.c
index 488f10fd41f..770331971f2 100644
--- a/lib/libssl/src/crypto/dh/dhtest.c
+++ b/lib/libssl/src/crypto/dh/dhtest.c
@@ -62,10 +62,18 @@
 #ifdef WINDOWS
 #include "../bio/bss_file.c" 
 #endif
-#include "crypto.h"
-#include "bio.h"
-#include "bn.h"
-#include "dh.h"
+#include <openssl/crypto.h>
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+
+#ifdef NO_DH
+int main(int argc, char *argv[])
+{
+    printf("No DH support\n");
+    return(0);
+}
+#else
+#include <openssl/dh.h>
 
 #ifdef WIN16
 #define MS_CALLBACK	_far _loadds
@@ -73,12 +81,7 @@
 #define MS_CALLBACK
 #endif
 
-#ifndef NOPROTO
-static void MS_CALLBACK cb(int p, int n, char *arg);
-#else
-static void MS_CALLBACK cb();
-#endif
-
+static void MS_CALLBACK cb(int p, int n, void *arg);
 #ifdef NO_STDIO
 #define APPS_WIN16
 #include "bss_file.c"
@@ -86,9 +89,7 @@ static void MS_CALLBACK cb();
 
 BIO *out=NULL;
 
-int main(argc,argv)
-int argc;
-char *argv[];
+int main(int argc, char *argv[])
 	{
 	DH *a,*b;
 	char buf[12];
@@ -103,7 +104,7 @@ char *argv[];
 	if (out == NULL) exit(1);
 	BIO_set_fp(out,stdout,BIO_NOCLOSE);
 
-	a=DH_generate_parameters(64,DH_GENERATOR_5,cb,(char *)out);
+	a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out);
 	if (a == NULL) goto err;
 
 	BIO_puts(out,"\np    =");
@@ -170,10 +171,7 @@ err:
 	return(ret);
 	}
 
-static void MS_CALLBACK cb(p, n,arg)
-int p;
-int n;
-char *arg;
+static void MS_CALLBACK cb(int p, int n, void *arg)
 	{
 	char c='*';
 
@@ -182,7 +180,9 @@ char *arg;
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
 	BIO_write((BIO *)arg,&c,1);
+	(void)BIO_flush((BIO *)arg);
 #ifdef LINT
 	p=n;
 #endif
 	}
+#endif
diff --git a/lib/libssl/src/crypto/dh/p1024.c b/lib/libssl/src/crypto/dh/p1024.c
index 0c50c24cfba..368ceca4eb0 100644
--- a/lib/libssl/src/crypto/dh/p1024.c
+++ b/lib/libssl/src/crypto/dh/p1024.c
@@ -57,10 +57,10 @@
  */
 
 #include <stdio.h>
-#include "bn.h"
-#include "asn1.h"
-#include "dh.h"
-#include "pem.h"
+#include <openssl/bn.h>
+#include <openssl/asn1.h>
+#include <openssl/dh.h>
+#include <openssl/pem.h>
 
 unsigned char data[]={0x97,0xF6,0x42,0x61,0xCA,0xB5,0x05,0xDD,
 	0x28,0x28,0xE1,0x3F,0x1D,0x68,0xB6,0xD3,
diff --git a/lib/libssl/src/crypto/dh/p192.c b/lib/libssl/src/crypto/dh/p192.c
index 881908169ab..7bdf40410eb 100644
--- a/lib/libssl/src/crypto/dh/p192.c
+++ b/lib/libssl/src/crypto/dh/p192.c
@@ -57,10 +57,10 @@
  */
 
 #include <stdio.h>
-#include "bn.h"
-#include "asn1.h"
-#include "dh.h"
-#include "pem.h"
+#include <openssl/bn.h>
+#include <openssl/asn1.h>
+#include <openssl/dh.h>
+#include <openssl/pem.h>
 
 unsigned char data[]={
 0xD4,0xA0,0xBA,0x02,0x50,0xB6,0xFD,0x2E,
diff --git a/lib/libssl/src/crypto/dh/p512.c b/lib/libssl/src/crypto/dh/p512.c
index cc84e8e50e0..a9b6aa83f03 100644
--- a/lib/libssl/src/crypto/dh/p512.c
+++ b/lib/libssl/src/crypto/dh/p512.c
@@ -57,10 +57,10 @@
  */
 
 #include <stdio.h>
-#include "bn.h"
-#include "asn1.h"
-#include "dh.h"
-#include "pem.h"
+#include <openssl/bn.h>
+#include <openssl/asn1.h>
+#include <openssl/dh.h>
+#include <openssl/pem.h>
 
 unsigned char data[]={
 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,
diff --git a/lib/libssl/src/crypto/dsa/Makefile.ssl b/lib/libssl/src/crypto/dsa/Makefile.ssl
index 2cc4ddb39e9..6d80ce77be8 100644
--- a/lib/libssl/src/crypto/dsa/Makefile.ssl
+++ b/lib/libssl/src/crypto/dsa/Makefile.ssl
@@ -7,23 +7,23 @@ TOP=	../..
 CC=	cc
 INCLUDES= -I.. -I../../include
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
-ERR=dsa
-ERRC=dsa_err
 GENERAL=Makefile
 TEST=dsatest.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_vrf.c dsa_sign.c $(ERRC).c
-LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_vrf.o dsa_sign.o $(ERRC).o
+LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c dsa_err.c
+LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o dsa_err.o
 
 SRC= $(LIBSRC)
 
@@ -39,24 +39,23 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -68,17 +67,67 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
-	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+dsa_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+dsa_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_asn1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_asn1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+dsa_asn1.o: ../../include/openssl/stack.h ../cryptlib.h
+dsa_err.o: ../../include/openssl/bn.h ../../include/openssl/dh.h
+dsa_err.o: ../../include/openssl/dsa.h ../../include/openssl/err.h
+dsa_err.o: ../../include/openssl/opensslconf.h
+dsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_gen.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_gen.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+dsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+dsa_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_gen.o: ../cryptlib.h
+dsa_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_key.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dsa_key.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+dsa_key.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+dsa_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_key.o: ../cryptlib.h
+dsa_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+dsa_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dsa_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_lib.o: ../cryptlib.h
+dsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+dsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_sign.o: ../../include/openssl/opensslconf.h
+dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_sign.o: ../cryptlib.h
+dsa_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+dsa_vrf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_vrf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_vrf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+dsa_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_vrf.o: ../cryptlib.h
diff --git a/lib/libssl/src/crypto/dsa/dsa.err b/lib/libssl/src/crypto/dsa/dsa.err
deleted file mode 100644
index 1131e9fa746..00000000000
--- a/lib/libssl/src/crypto/dsa/dsa.err
+++ /dev/null
@@ -1,15 +0,0 @@
-/* Error codes for the DSA functions. */
-
-/* Function codes. */
-#define DSA_F_DSAPARAMS_PRINT				 100
-#define DSA_F_DSAPARAMS_PRINT_FP			 101
-#define DSA_F_DSA_IS_PRIME				 102
-#define DSA_F_DSA_NEW					 103
-#define DSA_F_DSA_PRINT					 104
-#define DSA_F_DSA_PRINT_FP				 105
-#define DSA_F_DSA_SIGN					 106
-#define DSA_F_DSA_SIGN_SETUP				 107
-#define DSA_F_DSA_VERIFY				 108
-
-/* Reason codes. */
-#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 100
diff --git a/lib/libssl/src/crypto/dsa/dsa.h b/lib/libssl/src/crypto/dsa/dsa.h
index 1ca87c1cbea..20b3f8d90a0 100644
--- a/lib/libssl/src/crypto/dsa/dsa.h
+++ b/lib/libssl/src/crypto/dsa/dsa.h
@@ -69,7 +69,16 @@
 extern "C" {
 #endif
 
-#include "bn.h"
+#ifdef NO_DSA
+#error DSA is disabled.
+#endif
+
+#include <openssl/bn.h>
+#ifndef NO_DH
+# include <openssl/dh.h>
+#endif
+
+#define DSA_FLAG_CACHE_MONT_P	0x01
 
 typedef struct dsa_st
 	{
@@ -88,9 +97,19 @@ typedef struct dsa_st
 	BIGNUM *kinv;	/* Signing pre-calc */
 	BIGNUM *r;	/* Signing pre-calc */
 
+	int flags;
+	/* Normally used to cache montgomery values */
+	char *method_mont_p;
+
 	int references;
 	} DSA;
 
+typedef struct DSA_SIG_st
+	{
+	BIGNUM *r;
+	BIGNUM *s;
+	} DSA_SIG;
+
 #define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \
 		(char *(*)())d2i_DSAparams,(char *)(x))
 #define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
@@ -102,15 +121,23 @@ typedef struct dsa_st
 #define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio(i2d_DSAparams,(bp), \
 		(unsigned char *)(x))
 
-#ifndef NOPROTO
+
+DSA_SIG * DSA_SIG_new(void);
+void	DSA_SIG_free(DSA_SIG *a);
+int	i2d_DSA_SIG(DSA_SIG *a, unsigned char **pp);
+DSA_SIG * d2i_DSA_SIG(DSA_SIG **v, unsigned char **pp, long length);
+
+DSA_SIG * DSA_do_sign(const unsigned char *dgst,int dlen,DSA *dsa);
+int	DSA_do_verify(const unsigned char *dgst,int dgst_len,
+		      DSA_SIG *sig,DSA *dsa);
 
 DSA *	DSA_new(void);
 int	DSA_size(DSA *);
 	/* next 4 return -1 on error */
 int	DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp);
-int	DSA_sign(int type,unsigned char *dgst,int dlen,
+int	DSA_sign(int type,const unsigned char *dgst,int dlen,
 		unsigned char *sig, unsigned int *siglen, DSA *dsa);
-int	DSA_verify(int type,unsigned char *dgst,int dgst_len,
+int	DSA_verify(int type,const unsigned char *dgst,int dgst_len,
 		unsigned char *sigbuf, int siglen, DSA *dsa);
 void	DSA_free (DSA *r);
 
@@ -138,55 +165,38 @@ int	DSA_print_fp(FILE *bp, DSA *x, int off);
 
 int DSA_is_prime(BIGNUM *q,void (*callback)(),char *cb_arg);
 
-#else
-
-DSA *	DSA_new();
-int	DSA_size();
-int	DSA_sign_setup();
-int	DSA_sign();
-int	DSA_verify();
-void	DSA_free ();
-
-void	ERR_load_DSA_strings();
-
-DSA *	d2i_DSAPublicKey();
-DSA *	d2i_DSAPrivateKey();
-DSA * 	d2i_DSAparams();
-DSA *	DSA_generate_parameters();
-int	DSA_generate_key();
-int	i2d_DSAPublicKey();
-int 	i2d_DSAPrivateKey();
-int	i2d_DSAparams();
-
-int	DSA_is_prime();
-
-int	DSAparams_print();
-int	DSA_print();
-
-#ifndef NO_FP_API
-int	DSAparams_print_fp();
-int	DSA_print_fp();
-#endif
-
+#ifndef NO_DH
+/* Convert DSA structure (key or just parameters) into DH structure
+ * (be careful to avoid small subgroup attacks when using this!) */
+DH *DSA_dup_DH(DSA *r);
 #endif
 
 /* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
 /* Error codes for the DSA functions. */
 
 /* Function codes. */
+#define DSA_F_D2I_DSA_SIG				 110
 #define DSA_F_DSAPARAMS_PRINT				 100
 #define DSA_F_DSAPARAMS_PRINT_FP			 101
+#define DSA_F_DSA_DO_SIGN				 112
+#define DSA_F_DSA_DO_VERIFY				 113
 #define DSA_F_DSA_IS_PRIME				 102
 #define DSA_F_DSA_NEW					 103
 #define DSA_F_DSA_PRINT					 104
 #define DSA_F_DSA_PRINT_FP				 105
 #define DSA_F_DSA_SIGN					 106
 #define DSA_F_DSA_SIGN_SETUP				 107
+#define DSA_F_DSA_SIG_NEW				 109
 #define DSA_F_DSA_VERIFY				 108
+#define DSA_F_I2D_DSA_SIG				 111
 
 /* Reason codes. */
 #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 100
- 
+
 #ifdef  __cplusplus
 }
 #endif
diff --git a/lib/libssl/src/crypto/dsa/dsa_asn1.c b/lib/libssl/src/crypto/dsa/dsa_asn1.c
new file mode 100644
index 00000000000..7523b21654d
--- /dev/null
+++ b/lib/libssl/src/crypto/dsa/dsa_asn1.c
@@ -0,0 +1,96 @@
+/* crypto/dsa/dsa_asn1.c */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/dsa.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>
+
+DSA_SIG *DSA_SIG_new(void)
+{
+	DSA_SIG *ret;
+
+	ret = Malloc(sizeof(DSA_SIG));
+	if (ret == NULL)
+		{
+		DSAerr(DSA_F_DSA_SIG_NEW,ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+	ret->r = NULL;
+	ret->s = NULL;
+	return(ret);
+}
+
+void DSA_SIG_free(DSA_SIG *r)
+{
+	if (r == NULL) return;
+	if (r->r) BN_clear_free(r->r);
+	if (r->s) BN_clear_free(r->s);
+	Free(r);
+}
+
+int i2d_DSA_SIG(DSA_SIG *v, unsigned char **pp)
+{
+	int t=0,len;
+	ASN1_INTEGER rbs,sbs;
+	unsigned char *p;
+
+	rbs.data=Malloc(BN_num_bits(v->r)/8+1);
+	if (rbs.data == NULL)
+		{
+		DSAerr(DSA_F_I2D_DSA_SIG, ERR_R_MALLOC_FAILURE);
+		return(0);
+		}
+	rbs.type=V_ASN1_INTEGER;
+	rbs.length=BN_bn2bin(v->r,rbs.data);
+	sbs.data=Malloc(BN_num_bits(v->s)/8+1);
+	if (sbs.data == NULL)
+		{
+		Free(rbs.data);
+		DSAerr(DSA_F_I2D_DSA_SIG, ERR_R_MALLOC_FAILURE);
+		return(0);
+		}
+	sbs.type=V_ASN1_INTEGER;
+	sbs.length=BN_bn2bin(v->s,sbs.data);
+
+	len=i2d_ASN1_INTEGER(&rbs,NULL);
+	len+=i2d_ASN1_INTEGER(&sbs,NULL);
+
+	if (pp)
+		{
+		p=*pp;
+		ASN1_put_object(&p,1,len,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+		i2d_ASN1_INTEGER(&rbs,&p);
+		i2d_ASN1_INTEGER(&sbs,&p);
+		}
+	t=ASN1_object_size(1,len,V_ASN1_SEQUENCE);
+	Free(rbs.data);
+	Free(sbs.data);
+	return(t);
+}
+
+DSA_SIG *d2i_DSA_SIG(DSA_SIG **a, unsigned char **pp, long length)
+{
+	int i=ERR_R_NESTED_ASN1_ERROR;
+	ASN1_INTEGER *bs=NULL;
+	M_ASN1_D2I_vars(a,DSA_SIG *,DSA_SIG_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->r=BN_bin2bn(bs->data,bs->length,ret->r)) == NULL)
+		goto err_bn;
+	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+	if ((ret->s=BN_bin2bn(bs->data,bs->length,ret->s)) == NULL)
+		goto err_bn;
+	ASN1_BIT_STRING_free(bs);
+	M_ASN1_D2I_Finish_2(a);
+
+err_bn:
+	i=ERR_R_BN_LIB;
+err:
+	DSAerr(DSA_F_D2I_DSA_SIG,i);
+	if ((ret != NULL) && ((a == NULL) || (*a != ret))) DSA_SIG_free(ret);
+	if (bs != NULL) ASN1_BIT_STRING_free(bs);
+	return(NULL);
+}
diff --git a/lib/libssl/src/crypto/dsa/dsa_err.c b/lib/libssl/src/crypto/dsa/dsa_err.c
index 318e9f31aad..33a8270afde 100644
--- a/lib/libssl/src/crypto/dsa/dsa_err.c
+++ b/lib/libssl/src/crypto/dsa/dsa_err.c
@@ -1,94 +1,101 @@
-/* lib/dsa/dsa_err.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* crypto/dsa/dsa_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
+ */
+
 #include <stdio.h>
-#include "err.h"
-#include "dsa.h"
+#include <openssl/err.h>
+#include <openssl/dsa.h>
 
 /* BEGIN ERROR CODES */
 #ifndef NO_ERR
 static ERR_STRING_DATA DSA_str_functs[]=
 	{
+{ERR_PACK(0,DSA_F_D2I_DSA_SIG,0),	"d2i_DSA_SIG"},
 {ERR_PACK(0,DSA_F_DSAPARAMS_PRINT,0),	"DSAparams_print"},
 {ERR_PACK(0,DSA_F_DSAPARAMS_PRINT_FP,0),	"DSAparams_print_fp"},
+{ERR_PACK(0,DSA_F_DSA_DO_SIGN,0),	"DSA_do_sign"},
+{ERR_PACK(0,DSA_F_DSA_DO_VERIFY,0),	"DSA_do_verify"},
 {ERR_PACK(0,DSA_F_DSA_IS_PRIME,0),	"DSA_is_prime"},
 {ERR_PACK(0,DSA_F_DSA_NEW,0),	"DSA_new"},
 {ERR_PACK(0,DSA_F_DSA_PRINT,0),	"DSA_print"},
 {ERR_PACK(0,DSA_F_DSA_PRINT_FP,0),	"DSA_print_fp"},
 {ERR_PACK(0,DSA_F_DSA_SIGN,0),	"DSA_sign"},
 {ERR_PACK(0,DSA_F_DSA_SIGN_SETUP,0),	"DSA_sign_setup"},
+{ERR_PACK(0,DSA_F_DSA_SIG_NEW,0),	"DSA_SIG_new"},
 {ERR_PACK(0,DSA_F_DSA_VERIFY,0),	"DSA_verify"},
-{0,NULL},
+{ERR_PACK(0,DSA_F_I2D_DSA_SIG,0),	"i2d_DSA_SIG"},
+{0,NULL}
 	};
 
 static ERR_STRING_DATA DSA_str_reasons[]=
 	{
 {DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE       ,"data too large for key size"},
-{0,NULL},
+{0,NULL}
 	};
 
 #endif
 
-void ERR_load_DSA_strings()
+void ERR_load_DSA_strings(void)
 	{
 	static int init=1;
 
-	if (init);
-		{;
+	if (init)
+		{
 		init=0;
 #ifndef NO_ERR
 		ERR_load_strings(ERR_LIB_DSA,DSA_str_functs);
diff --git a/lib/libssl/src/crypto/dsa/dsa_gen.c b/lib/libssl/src/crypto/dsa/dsa_gen.c
index d7d30bf90a0..b5e5ec06e5e 100644
--- a/lib/libssl/src/crypto/dsa/dsa_gen.c
+++ b/lib/libssl/src/crypto/dsa/dsa_gen.c
@@ -64,23 +64,18 @@
 #define HASH    SHA1
 #endif 
 
+#ifndef NO_SHA
 #include <stdio.h>
 #include <time.h>
 #include "cryptlib.h"
-#include "sha.h"
-#include "bn.h"
-#include "dsa.h"
-#include "rand.h"
-
-DSA *DSA_generate_parameters(bits,seed_in,seed_len,counter_ret,h_ret,callback,
-	cb_arg)
-int bits;
-unsigned char *seed_in;
-int seed_len;
-int *counter_ret;
-unsigned long *h_ret;
-void (*callback)();
-char *cb_arg;
+#include <openssl/sha.h>
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
+
+DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len,
+	     int *counter_ret, unsigned long *h_ret, void (*callback)(),
+	     char *cb_arg)
 	{
 	int ok=0;
 	unsigned char seed[SHA_DIGEST_LENGTH];
@@ -88,6 +83,7 @@ char *cb_arg;
 	unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH];
 	BIGNUM *r0,*W,*X,*c,*test;
 	BIGNUM *g=NULL,*q=NULL,*p=NULL;
+	BN_MONT_CTX *mont=NULL;
 	int k,n=0,i,b,m=0;
 	int counter=0;
 	BN_CTX *ctx=NULL,*ctx2=NULL;
@@ -100,20 +96,20 @@ char *cb_arg;
 	if ((seed_in != NULL) && (seed_len == 20))
 		memcpy(seed,seed_in,seed_len);
 
-	ctx=BN_CTX_new();
-	if (ctx == NULL) goto err;
-	ctx2=BN_CTX_new();
-	if (ctx2 == NULL) goto err;
-	ret=DSA_new();
-	if (ret == NULL) goto err;
-	r0=ctx2->bn[0];
-	g=ctx2->bn[1];
-	W=ctx2->bn[2];
-	q=ctx2->bn[3];
-	X=ctx2->bn[4];
-	c=ctx2->bn[5];
-	p=ctx2->bn[6];
-	test=ctx2->bn[7];
+	if ((ctx=BN_CTX_new()) == NULL) goto err;
+	if ((ctx2=BN_CTX_new()) == NULL) goto err;
+	if ((ret=DSA_new()) == NULL) goto err;
+
+	if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
+
+	r0= &(ctx2->bn[0]);
+	g= &(ctx2->bn[1]);
+	W= &(ctx2->bn[2]);
+	q= &(ctx2->bn[3]);
+	X= &(ctx2->bn[4]);
+	c= &(ctx2->bn[5]);
+	p= &(ctx2->bn[6]);
+	test= &(ctx2->bn[7]);
 
 	BN_lshift(test,BN_value_one(),bits-1);
 
@@ -216,14 +212,16 @@ end:
 
 	/* We now need to gernerate g */
 	/* Set r0=(p-1)/q */
-        BN_sub(test,p,BN_value_one());
-        BN_div(r0,NULL,test,q,ctx);
+	BN_sub(test,p,BN_value_one());
+	BN_div(r0,NULL,test,q,ctx);
 
 	BN_set_word(test,h);
+	BN_MONT_CTX_set(mont,p,ctx);
+
 	for (;;)
 		{
 		/* g=test^r0%p */
-		BN_mod_exp(g,test,r0,p,ctx);
+		BN_mod_exp_mont(g,test,r0,p,ctx,mont);
 		if (!BN_is_one(g)) break;
 		BN_add(test,test,BN_value_one());
 		h++;
@@ -246,32 +244,32 @@ err:
 		if (counter_ret != NULL) *counter_ret=counter;
 		if (h_ret != NULL) *h_ret=h;
 		}
-	BN_CTX_free(ctx);
-	BN_CTX_free(ctx2);
+	if (ctx != NULL) BN_CTX_free(ctx);
+	if (ctx != NULL) BN_CTX_free(ctx2);
+	if (mont != NULL) BN_MONT_CTX_free(mont);
 	return(ok?ret:NULL);
 	}
 
-int DSA_is_prime(w, callback,cb_arg)
-BIGNUM *w;
-void (*callback)();
-char *cb_arg;
+int DSA_is_prime(BIGNUM *w, void (*callback)(), char *cb_arg)
 	{
 	int ok= -1,j,i,n;
 	BN_CTX *ctx=NULL,*ctx2=NULL;
-	BIGNUM *w_1,*b,*m,*z;
+	BIGNUM *w_1,*b,*m,*z,*tmp,*mont_1;
 	int a;
+	BN_MONT_CTX *mont=NULL;
 
 	if (!BN_is_bit_set(w,0)) return(0);
 
-	ctx=BN_CTX_new();
-	if (ctx == NULL) goto err;
-	ctx2=BN_CTX_new();
-	if (ctx2 == NULL) goto err;
+	if ((ctx=BN_CTX_new()) == NULL) goto err;
+	if ((ctx2=BN_CTX_new()) == NULL) goto err;
+	if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
 
-	m=  ctx2->bn[2];
-	b=  ctx2->bn[3];
-	z=  ctx2->bn[4];
-	w_1=ctx2->bn[5];
+	m=   &(ctx2->bn[2]);
+	b=   &(ctx2->bn[3]);
+	z=   &(ctx2->bn[4]);
+	w_1= &(ctx2->bn[5]);
+	tmp= &(ctx2->bn[6]);
+	mont_1= &(ctx2->bn[7]);
 
 	/* step 1 */
 	n=50;
@@ -282,24 +280,30 @@ char *cb_arg;
 		;
 	if (!BN_rshift(m,w_1,a)) goto err;
 
+	BN_MONT_CTX_set(mont,w,ctx);
+	BN_to_montgomery(mont_1,BN_value_one(),mont,ctx);
+	BN_to_montgomery(w_1,w_1,mont,ctx);
 	for (i=1; i < n; i++)
 		{
 		/* step 3 */
 		BN_rand(b,BN_num_bits(w)-2/*-1*/,0,0);
-		BN_set_word(b,0x10001L);
+		/* BN_set_word(b,0x10001L); */
 
 		/* step 4 */
 		j=0;
-		if (!BN_mod_exp(z,b,m,w,ctx)) goto err;
+		if (!BN_mod_exp_mont(z,b,m,w,ctx,mont)) goto err;
+
+		if (!BN_to_montgomery(z,z,mont,ctx)) goto err;
 
 		/* step 5 */
 		for (;;)
 			{
-			if (((j == 0) && BN_is_one(z)) || (BN_cmp(z,w_1) == 0))
+			if (((j == 0) && (BN_cmp(z,mont_1) == 0)) ||
+				(BN_cmp(z,w_1) == 0))
 				break;
 
 			/* step 6 */
-			if ((j > 0) && BN_is_one(z))
+			if ((j > 0) && (BN_cmp(z,mont_1) == 0))
 				{
 				ok=0;
 				goto err;
@@ -312,7 +316,7 @@ char *cb_arg;
 				goto err;
 				}
 
-			if (!BN_mod_mul(z,z,z,w,ctx)) goto err;
+			if (!BN_mod_mul_montgomery(z,z,z,mont,ctx)) goto err;
 			if (callback != NULL) callback(1,j,cb_arg);
 			}
 		}
@@ -322,7 +326,8 @@ err:
 	if (ok == -1) DSAerr(DSA_F_DSA_IS_PRIME,ERR_R_BN_LIB);
 	BN_CTX_free(ctx);
 	BN_CTX_free(ctx2);
+	BN_MONT_CTX_free(mont);
 	
 	return(ok);
 	}
-
+#endif
diff --git a/lib/libssl/src/crypto/dsa/dsa_key.c b/lib/libssl/src/crypto/dsa/dsa_key.c
index d51ed9395f1..ab7f38fc7c6 100644
--- a/lib/libssl/src/crypto/dsa/dsa_key.c
+++ b/lib/libssl/src/crypto/dsa/dsa_key.c
@@ -56,16 +56,16 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_SHA
 #include <stdio.h>
 #include <time.h>
 #include "cryptlib.h"
-#include "sha.h"
-#include "bn.h"
-#include "dsa.h"
-#include "rand.h"
+#include <openssl/sha.h>
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
 
-int DSA_generate_key(dsa)
-DSA *dsa;
+int DSA_generate_key(DSA *dsa)
 	{
 	int ok=0;
 	unsigned int i;
@@ -109,4 +109,4 @@ err:
 	if (ctx != NULL) BN_CTX_free(ctx);
 	return(ok);
 	}
-
+#endif
diff --git a/lib/libssl/src/crypto/dsa/dsa_lib.c b/lib/libssl/src/crypto/dsa/dsa_lib.c
index b647257f9fb..ce8e204f7e6 100644
--- a/lib/libssl/src/crypto/dsa/dsa_lib.c
+++ b/lib/libssl/src/crypto/dsa/dsa_lib.c
@@ -56,17 +56,17 @@
  * [including the GNU Public Licence.]
  */
 
-/* Origional version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
+/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "dsa.h"
-#include "asn1.h"
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/asn1.h>
 
-char *DSA_version="\0DSA part of SSLeay 0.9.0b 29-Jun-1998";
+const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
 
-DSA *DSA_new()
+DSA *DSA_new(void)
 	{
 	DSA *ret;
 
@@ -82,19 +82,20 @@ DSA *DSA_new()
 	ret->p=NULL;
 	ret->q=NULL;
 	ret->g=NULL;
+	ret->flags=DSA_FLAG_CACHE_MONT_P;
 
 	ret->pub_key=NULL;
 	ret->priv_key=NULL;
 
 	ret->kinv=NULL;
 	ret->r=NULL;
+	ret->method_mont_p=NULL;
 
 	ret->references=1;
 	return(ret);
 	}
 
-void DSA_free(r)
-DSA *r;
+void DSA_free(DSA *r)
 	{
 	int i;
 
@@ -120,11 +121,12 @@ DSA *r;
 	if (r->priv_key != NULL) BN_clear_free(r->priv_key);
 	if (r->kinv != NULL) BN_clear_free(r->kinv);
 	if (r->r != NULL) BN_clear_free(r->r);
+	if (r->method_mont_p != NULL)
+		BN_MONT_CTX_free((BN_MONT_CTX *)r->method_mont_p);
 	Free(r);
 	}
 
-int DSA_size(r)
-DSA *r;
+int DSA_size(DSA *r)
 	{
 	int ret,i;
 	ASN1_INTEGER bs;
@@ -143,3 +145,40 @@ DSA *r;
 	return(ret);
 	}
 
+#ifndef NO_DH
+DH *DSA_dup_DH(DSA *r)
+	{
+	/* DSA has p, q, g, optional pub_key, optional priv_key.
+	 * DH has p, optional length, g, optional pub_key, optional priv_key.
+	 */ 
+
+	DH *ret = NULL;
+
+	if (r == NULL)
+		goto err;
+	ret = DH_new();
+	if (ret == NULL)
+		goto err;
+	if (r->p != NULL) 
+		if ((ret->p = BN_dup(r->p)) == NULL)
+			goto err;
+	if (r->q != NULL)
+		ret->length = BN_num_bits(r->q);
+	if (r->g != NULL)
+		if ((ret->g = BN_dup(r->g)) == NULL)
+			goto err;
+	if (r->pub_key != NULL)
+		if ((ret->pub_key = BN_dup(r->pub_key)) == NULL)
+			goto err;
+	if (r->priv_key != NULL)
+		if ((ret->priv_key = BN_dup(r->priv_key)) == NULL)
+			goto err;
+
+	return ret;
+
+ err:
+	if (ret != NULL)
+		DH_free(ret);
+	return NULL;
+	}
+#endif
diff --git a/lib/libssl/src/crypto/dsa/dsa_sign.c b/lib/libssl/src/crypto/dsa/dsa_sign.c
index 6ca1c318f24..774c1619643 100644
--- a/lib/libssl/src/crypto/dsa/dsa_sign.c
+++ b/lib/libssl/src/crypto/dsa/dsa_sign.c
@@ -56,35 +56,28 @@
  * [including the GNU Public Licence.]
  */
 
-/* Origional version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
+/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "dsa.h"
-#include "rand.h"
-#include "asn1.h"
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
+#include <openssl/asn1.h>
 
-/* data has already been hashed (probably with SHA or SHA-1). */
-/*	DSAerr(DSA_F_DSA_SIGN,DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); */
-
-int DSA_sign(type,dgst,dlen,sig,siglen,dsa)
-int type;
-unsigned char *dgst;
-int dlen;
-unsigned char *sig;	/* out */
-unsigned int *siglen;	/* out */
-DSA *dsa;
+DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 	{
-	BIGNUM *kinv=NULL,*r=NULL;
-	BIGNUM *m=NULL;
-	BIGNUM *xr=NULL,*s=NULL;
+	BIGNUM *kinv=NULL,*r=NULL,*s=NULL;
+	BIGNUM m;
+	BIGNUM xr;
 	BN_CTX *ctx=NULL;
-	unsigned char *p;
-	int i,len=0,ret=0,reason=ERR_R_BN_LIB;
-        ASN1_INTEGER rbs,sbs;
-	MS_STATIC unsigned char rbuf[50]; /* assuming r is 20 bytes +extra */
-	MS_STATIC unsigned char sbuf[50]; /* assuming s is 20 bytes +extra */
+	int i,reason=ERR_R_BN_LIB;
+	DSA_SIG *ret=NULL;
+
+	BN_init(&m);
+	BN_init(&xr);
+	s=BN_new();
+	if (s == NULL) goto err;
 
 	i=BN_num_bytes(dsa->q); /* should be 20 */
 	if ((dlen > i) || (dlen > 50))
@@ -108,59 +101,58 @@ DSA *dsa;
 		dsa->r=NULL;
 		}
 
-	m=BN_new();
-	xr=BN_new();
-	s=BN_new();
-	if (m == NULL || xr == NULL || s == NULL) goto err;
-
-	if (BN_bin2bn(dgst,dlen,m) == NULL) goto err;
+	if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err;
 
 	/* Compute  s = inv(k) (m + xr) mod q */
-	if (!BN_mul(xr, dsa->priv_key, r)) goto err;	/* s = xr */
-	if (!BN_add(s, xr, m)) goto err;		/* s = m + xr */
+	if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
+	if (!BN_add(s, &xr, &m)) goto err;		/* s = m + xr */
+	if (BN_cmp(s,dsa->q) > 0)
+		BN_sub(s,s,dsa->q);
 	if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
 
-	/*
-	 * Now create a ASN.1 sequence of the integers R and S.
-	 */
-	rbs.data=rbuf;
-	sbs.data=sbuf;
-	rbs.type = V_ASN1_INTEGER;
-	sbs.type = V_ASN1_INTEGER;
-	rbs.length=BN_bn2bin(r,rbs.data);
-	sbs.length=BN_bn2bin(s,sbs.data);
-
-	len =i2d_ASN1_INTEGER(&rbs,NULL);
-	len+=i2d_ASN1_INTEGER(&sbs,NULL);
-
-	p=sig;
-	ASN1_put_object(&p,1,len,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-	i2d_ASN1_INTEGER(&rbs,&p);
-	i2d_ASN1_INTEGER(&sbs,&p);
-	*siglen=(p-sig);
-	ret=1;
+	ret=DSA_SIG_new();
+	if (ret == NULL) goto err;
+	ret->r = r;
+	ret->s = s;
+	
 err:
-	if (!ret) DSAerr(DSA_F_DSA_SIGN,reason);
-		
-#if 1 /* do the right thing :-) */
-	if (kinv != NULL) BN_clear_free(kinv);
-	if (r != NULL) BN_clear_free(r);
-#endif
+	if (!ret)
+		{
+		DSAerr(DSA_F_DSA_DO_SIGN,reason);
+		BN_free(r);
+		BN_free(s);
+		}
 	if (ctx != NULL) BN_CTX_free(ctx);
-	if (m != NULL) BN_clear_free(m);
-	if (xr != NULL) BN_clear_free(xr);
-	if (s != NULL) BN_clear_free(s);
+	BN_clear_free(&m);
+	BN_clear_free(&xr);
+	if (kinv != NULL) /* dsa->kinv is NULL now if we used it */
+	    BN_clear_free(kinv);
 	return(ret);
 	}
 
-int DSA_sign_setup(dsa,ctx_in,kinvp,rp)
-DSA *dsa;
-BN_CTX *ctx_in;
-BIGNUM **kinvp;
-BIGNUM **rp;
+/* data has already been hashed (probably with SHA or SHA-1). */
+
+/* unsigned char *sig:  out    */
+/* unsigned int *siglen:  out    */
+int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
+	     unsigned int *siglen, DSA *dsa)
+	{
+	DSA_SIG *s;
+	s=DSA_do_sign(dgst,dlen,dsa);
+	if (s == NULL)
+		{
+		*siglen=0;
+		return(0);
+		}
+	*siglen=i2d_DSA_SIG(s,&sig);
+	DSA_SIG_free(s);
+	return(1);
+	}
+
+int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 	{
 	BN_CTX *ctx;
-	BIGNUM *k=NULL,*kinv=NULL,*r=NULL;
+	BIGNUM k,*kinv=NULL,*r=NULL;
 	int ret=0;
 
 	if (ctx_in == NULL)
@@ -170,29 +162,33 @@ BIGNUM **rp;
 	else
 		ctx=ctx_in;
 
-	r=BN_new();
-	k=BN_new();
-	if ((r == NULL) || (k == NULL))
-		goto err;
+	BN_init(&k);
+	if ((r=BN_new()) == NULL) goto err;
 	kinv=NULL;
 
-	if (r == NULL) goto err;
-
 	/* Get random k */
 	for (;;)
 		{
-		if (!BN_rand(k, BN_num_bits(dsa->q), 1, 0)) goto err;
-		if (BN_cmp(k,dsa->q) >= 0)
-			BN_sub(k,k,dsa->q);
-		if (!BN_is_zero(k)) break;
+		if (!BN_rand(&k, BN_num_bits(dsa->q), 1, 0)) goto err;
+		if (BN_cmp(&k,dsa->q) >= 0)
+			BN_sub(&k,&k,dsa->q);
+		if (!BN_is_zero(&k)) break;
+		}
+
+	if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
+		{
+		if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
+			if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
+				dsa->p,ctx)) goto err;
 		}
 
 	/* Compute r = (g^k mod p) mod q */
-	if (!BN_mod_exp(r,dsa->g,k,dsa->p,ctx)) goto err;
+	if (!BN_mod_exp_mont(r,dsa->g,&k,dsa->p,ctx,
+		(BN_MONT_CTX *)dsa->method_mont_p)) goto err;
 	if (!BN_mod(r,r,dsa->q,ctx)) goto err;
 
 	/* Compute  part of 's = inv(k) (m + xr) mod q' */
-	if ((kinv=BN_mod_inverse(k,dsa->q,ctx)) == NULL) goto err;
+	if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err;
 
 	if (*kinvp != NULL) BN_clear_free(*kinvp);
 	*kinvp=kinv;
@@ -208,8 +204,8 @@ err:
 		if (r != NULL) BN_clear_free(r);
 		}
 	if (ctx_in == NULL) BN_CTX_free(ctx);
-	if (k != NULL) BN_clear_free(k);
 	if (kinv != NULL) BN_clear_free(kinv);
+	BN_clear_free(&k);
 	return(ret);
 	}
 
diff --git a/lib/libssl/src/crypto/dsa/dsa_vrf.c b/lib/libssl/src/crypto/dsa/dsa_vrf.c
index 0f860984edc..ff552208aa2 100644
--- a/lib/libssl/src/crypto/dsa/dsa_vrf.c
+++ b/lib/libssl/src/crypto/dsa/dsa_vrf.c
@@ -56,97 +56,105 @@
  * [including the GNU Public Licence.]
  */
 
-/* Origional version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
+/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "dsa.h"
-#include "rand.h"
-#include "asn1.h"
-#include "asn1_mac.h"
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>
 
-/* data has already been hashed (probably with SHA or SHA-1). */
-/* returns
- *	 1: correct signature
- *	 0: incorrect signature
- *	-1: error
- */
-int DSA_verify(type,dgst,dgst_len,sigbuf,siglen, dsa)
-int type;
-unsigned char *dgst;
-int dgst_len;
-unsigned char *sigbuf;
-int siglen;
-DSA *dsa;
+int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
+		  DSA *dsa)
 	{
-	/* The next 3 are used by the M_ASN1 macros */
-	long length=siglen;
-	ASN1_CTX c;
-	unsigned char **pp= &sigbuf;
 	BN_CTX *ctx;
-	BIGNUM *r=NULL;
-	BIGNUM *t1=NULL,*t2=NULL;
-	BIGNUM *u1=NULL,*u2=NULL;
-	ASN1_INTEGER *bs=NULL;
+	BIGNUM u1,u2,t1;
+	BN_MONT_CTX *mont=NULL;
 	int ret = -1;
 
-	ctx=BN_CTX_new();
-	if (ctx == NULL) goto err;
-
-	t1=BN_new();
-	t2=BN_new();
-	if (t1 == NULL || t2 == NULL) goto err;
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
-        if ((r=BN_bin2bn(bs->data,bs->length,NULL)) == NULL) goto err_bn;
-        M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
-        if ((u1=BN_bin2bn(bs->data,bs->length,NULL)) == NULL) goto err_bn;
-	if (!asn1_Finish(&c)) goto err;
+	if ((ctx=BN_CTX_new()) == NULL) goto err;
+	BN_init(&u1);
+	BN_init(&u2);
+	BN_init(&t1);
 
 	/* Calculate W = inv(S) mod Q
 	 * save W in u2 */
-	if ((u2=BN_mod_inverse(u1,dsa->q,ctx)) == NULL) goto err_bn;
+	if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
 
 	/* save M in u1 */
-	if (BN_bin2bn(dgst,dgst_len,u1) == NULL) goto err_bn;
+	if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
 
 	/* u1 = M * w mod q */
-	if (!BN_mod_mul(u1,u1,u2,dsa->q,ctx)) goto err_bn;
+	if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err;
 
 	/* u2 = r * w mod q */
-	if (!BN_mod_mul(u2,r,u2,dsa->q,ctx)) goto err_bn;
+	if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err;
+
+	if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
+		{
+		if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
+			if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
+				dsa->p,ctx)) goto err;
+		}
+	mont=(BN_MONT_CTX *)dsa->method_mont_p;
+
+#if 0
+	{
+	BIGNUM t2;
 
+	BN_init(&t2);
 	/* v = ( g^u1 * y^u2 mod p ) mod q */
 	/* let t1 = g ^ u1 mod p */
-	if (!BN_mod_exp(t1,dsa->g,u1,dsa->p,ctx)) goto err_bn;
+	if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err;
 	/* let t2 = y ^ u2 mod p */
-	if (!BN_mod_exp(t2,dsa->pub_key,u2,dsa->p,ctx)) goto err_bn;
+	if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err;
 	/* let u1 = t1 * t2 mod p */
-	if (!BN_mod_mul(u1,t1,t2,dsa->p,ctx)) goto err_bn;
+	if (!BN_mod_mul(&u1,&t1,&t2,dsa->p,ctx)) goto err_bn;
+	BN_free(&t2);
+	}
 	/* let u1 = u1 mod q */
-	if (!BN_mod(u1,u1,dsa->q,ctx)) goto err_bn;
+	if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err;
+#else
+	{
+	if (!BN_mod_exp2_mont(&t1,dsa->g,&u1,dsa->pub_key,&u2,dsa->p,ctx,mont))
+		goto err;
+	/* BN_copy(&u1,&t1); */
+	/* let u1 = u1 mod q */
+	if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err;
+	}
+#endif
 	/* V is now in u1.  If the signature is correct, it will be
 	 * equal to R. */
-	ret=(BN_ucmp(u1, r) == 0);
-	if (0)
-		{
-err: /* ASN1 error */
-		DSAerr(DSA_F_DSA_VERIFY,c.error);
-		}
-	if (0)
-		{
-err_bn: /* BN error */
-		DSAerr(DSA_F_DSA_VERIFY,ERR_R_BN_LIB);
-		}
+	ret=(BN_ucmp(&u1, sig->r) == 0);
+
+	err:
+	if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);
 	if (ctx != NULL) BN_CTX_free(ctx);
-	if (r != NULL) BN_free(r);
-	if (t1 != NULL) BN_free(t1);
-	if (t2 != NULL) BN_free(t2);
-	if (u1 != NULL) BN_free(u1);
-	if (u2 != NULL) BN_free(u2);
-	if (bs != NULL) ASN1_BIT_STRING_free(bs);
+	BN_free(&u1);
+	BN_free(&u2);
+	BN_free(&t1);
+	return(ret);
+	}
+
+/* data has already been hashed (probably with SHA or SHA-1). */
+/* returns
+ *      1: correct signature
+ *      0: incorrect signature
+ *     -1: error
+ */
+int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
+	     unsigned char *sigbuf, int siglen, DSA *dsa)
+	{
+	DSA_SIG *s;
+	int ret=-1;
+
+	s = DSA_SIG_new();
+	if (s == NULL) return(ret);
+	if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
+	ret=DSA_do_verify(dgst,dgst_len,s,dsa);
+err:
+	DSA_SIG_free(s);
 	return(ret);
 	}
diff --git a/lib/libssl/src/crypto/dsa/dsagen.c b/lib/libssl/src/crypto/dsa/dsagen.c
index 20335de2506..a0b09766408 100644
--- a/lib/libssl/src/crypto/dsa/dsagen.c
+++ b/lib/libssl/src/crypto/dsa/dsagen.c
@@ -57,7 +57,7 @@
  */
 
 #include <stdio.h>
-#include "dsa.h"
+#include <openssl/dsa.h>
 
 #define TEST
 #define GENUINE_DSA
@@ -77,8 +77,7 @@ unsigned char seed[20]={
 	0xe0,0x42,0x7d,LAST_VALUE};
 #endif
 
-int cb(p,n)
-int p,n;
+int cb(int p, int n)
 	{
 	char c='*';
 
diff --git a/lib/libssl/src/crypto/dsa/dsatest.c b/lib/libssl/src/crypto/dsa/dsatest.c
index 39bb712c4a4..fc25c9a1b79 100644
--- a/lib/libssl/src/crypto/dsa/dsatest.c
+++ b/lib/libssl/src/crypto/dsa/dsatest.c
@@ -61,27 +61,30 @@
 #include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
-#include "crypto.h"
-#include "rand.h"
-#include "bio.h"
-#include "err.h"
-#include "dsa.h"
+#include <openssl/crypto.h>
+#include <openssl/rand.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
 #ifdef WINDOWS
 #include "../bio/bss_file.c"
 #endif
 
+#ifdef NO_DSA
+int main(int argc, char *argv[])
+{
+    printf("No DSA support\n");
+    return(0);
+}
+#else
+#include <openssl/dsa.h>
+
 #ifdef WIN16
 #define MS_CALLBACK     _far _loadds
 #else
 #define MS_CALLBACK
 #endif
 
-#ifndef NOPROTO
 static void MS_CALLBACK dsa_cb(int p, int n, char *arg);
-#else
-static void MS_CALLBACK dsa_cb();
-#endif
-
 static unsigned char seed[20]={
 	0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40,
 	0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3,
@@ -115,20 +118,24 @@ static unsigned char out_g[]={
 	0xc5,0x72,0xaf,0x53,0xe6,0xd7,0x88,0x02,
 	};
 
+static const unsigned char str1[]="12345678901234567890";
+
 static BIO *bio_err=NULL;
 
-int main(argc, argv)
-int argc;
-char **argv;
+int main(int argc, char **argv)
 	{
 	DSA *dsa=NULL;
 	int counter,ret=0,i,j;
 	unsigned char buf[256];
 	unsigned long h;
+	unsigned char sig[256];
+	unsigned int siglen;
 
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 
+	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
 	BIO_printf(bio_err,"test generation of DSA parameters\n");
 	BIO_printf(bio_err,"expect '.*' followed by 5 lines of '.'s and '+'s\n");
 	dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,
@@ -178,21 +185,21 @@ char **argv;
 		BIO_printf(bio_err,"g value is wrong\n");
 		goto end;
 		}
-
-	ret=1;
+	DSA_generate_key(dsa);
+	DSA_sign(0, str1, 20, sig, &siglen, dsa);
+	if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
+		ret=1;
 end:
 	if (!ret)
 		ERR_print_errors(bio_err);
-	if (bio_err != NULL) BIO_free(bio_err);
 	if (dsa != NULL) DSA_free(dsa);
+	CRYPTO_mem_leaks(bio_err);
+	if (bio_err != NULL) BIO_free(bio_err);
 	exit(!ret);
 	return(0);
 	}
 
-static void MS_CALLBACK dsa_cb(p, n, arg)
-int p;
-int n;
-char *arg;
+static void MS_CALLBACK dsa_cb(int p, int n, char *arg)
 	{
 	char c='*';
 	static int ok=0,num=0;
@@ -202,7 +209,7 @@ char *arg;
 	if (p == 2) { c='*'; ok++; }
 	if (p == 3) c='\n';
 	BIO_write((BIO *)arg,&c,1);
-	BIO_flush((BIO *)arg);
+	(void)BIO_flush((BIO *)arg);
 
 	if (!ok && (p == 0) && (num > 1))
 		{
@@ -210,5 +217,4 @@ char *arg;
 		exit(1);
 		}
 	}
-
-
+#endif
diff --git a/lib/libssl/src/crypto/ebcdic.h b/lib/libssl/src/crypto/ebcdic.h
new file mode 100644
index 00000000000..d3b4e98b120
--- /dev/null
+++ b/lib/libssl/src/crypto/ebcdic.h
@@ -0,0 +1,17 @@
+#ifndef HEADER_EBCDIC_H
+#define HEADER_EBCDIC_H
+
+#include <sys/types.h>
+
+/* Avoid name clashes with other applications */
+#define os_toascii   _eay2000_os_toascii
+#define os_toebcdic  _eay2000_os_toebcdic
+#define ebcdic2ascii _eay2000_ebcdic2ascii
+#define ascii2ebcdic _eay2000_ascii2ebcdic
+
+extern const unsigned char os_toascii[256];
+extern const unsigned char os_toebcdic[256];
+void ebcdic2ascii(unsigned char *dest, const unsigned char *srce, size_t count);
+void ascii2ebcdic(unsigned char *dest, const unsigned char *srce, size_t count);
+
+#endif
diff --git a/lib/libssl/src/crypto/err/Makefile.ssl b/lib/libssl/src/crypto/err/Makefile.ssl
index 57c87eb0413..e0f5128f438 100644
--- a/lib/libssl/src/crypto/err/Makefile.ssl
+++ b/lib/libssl/src/crypto/err/Makefile.ssl
@@ -7,9 +7,11 @@ TOP=	../..
 CC=	cc
 INCLUDES= -I.. -I../../include
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -37,24 +39,23 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -66,15 +67,44 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+err.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+err.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+err.o: ../cryptlib.h
+err_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+err_all.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+err_all.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+err_all.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+err_all.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+err_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+err_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+err_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+err_all.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+err_all.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+err_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+err_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
+err_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+err_all.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+err_all.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+err_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+err_all.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+err_all.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+err_prn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+err_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+err_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+err_prn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+err_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+err_prn.o: ../cryptlib.h
diff --git a/lib/libssl/src/crypto/err/err.c b/lib/libssl/src/crypto/err/err.c
index 5aef6a12598..8810d838c64 100644
--- a/lib/libssl/src/crypto/err/err.c
+++ b/lib/libssl/src/crypto/err/err.c
@@ -57,34 +57,25 @@
  */
 
 #include <stdio.h>
-#include "lhash.h"
-#include "crypto.h"
+#include <stdarg.h>
+#include <openssl/lhash.h>
+#include <openssl/crypto.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "err.h"
-#include "crypto.h"
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+#include <openssl/crypto.h>
 
 
 static LHASH *error_hash=NULL;
 static LHASH *thread_hash=NULL;
 
-#ifndef NOPROTO
 static unsigned long err_hash(ERR_STRING_DATA *a);
 static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b);
 static unsigned long pid_hash(ERR_STATE *pid);
 static int pid_cmp(ERR_STATE *a,ERR_STATE *pid);
-static unsigned long get_error_values(int inc,char **file,int *line,
-	char **data,int *flags);
+static unsigned long get_error_values(int inc,const char **file,int *line,
+				      const char **data,int *flags);
 static void ERR_STATE_free(ERR_STATE *s);
-#else
-static unsigned long err_hash();
-static int err_cmp();
-static unsigned long pid_hash();
-static int pid_cmp();
-static void ERR_STATE_free();
-ERR_STATE *s;
-#endif
-
 #ifndef NO_ERR
 static ERR_STRING_DATA ERR_str_libraries[]=
 	{
@@ -107,6 +98,8 @@ static ERR_STRING_DATA ERR_str_libraries[]=
 {ERR_PACK(ERR_LIB_PROXY,0,0)		,"Proxy routines"},
 {ERR_PACK(ERR_LIB_BIO,0,0)		,"BIO routines"},
 {ERR_PACK(ERR_LIB_PKCS7,0,0)		,"PKCS7 routines"},
+{ERR_PACK(ERR_LIB_X509V3,0,0)		,"X509 V3 routines"},
+{ERR_PACK(ERR_LIB_PKCS12,0,0)		,"PKCS12 routines"},
 {0,NULL},
 	};
 
@@ -123,6 +116,7 @@ static ERR_STRING_DATA ERR_str_functs[]=
 #ifdef WINDOWS
 	{ERR_PACK(0,SYS_F_WSASTARTUP,0),	"WSAstartup"},
 #endif
+	{ERR_PACK(0,SYS_F_OPENDIR,0),		"opendir"},
 	{0,NULL},
 	};
 
@@ -146,8 +140,17 @@ static ERR_STRING_DATA ERR_str_reasons[]=
 {ERR_R_PROXY_LIB			,"PROXY lib"},
 {ERR_R_BIO_LIB				,"BIO lib"},
 {ERR_R_PKCS7_LIB			,"PKCS7 lib"},
+{ERR_R_PKCS12_LIB			,"PKCS12 lib"},
 {ERR_R_MALLOC_FAILURE			,"Malloc failure"},
-{ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED	,"called a fuction you should not call"},
+{ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED	,"called a function you should not call"},
+{ERR_R_PASSED_NULL_PARAMETER		,"passed a null parameter"},
+{ERR_R_NESTED_ASN1_ERROR		,"nested asn1 error"},
+{ERR_R_BAD_ASN1_OBJECT_HEADER		,"bad asn1 object header"},
+{ERR_R_BAD_GET_ASN1_OBJECT_CALL		,"bad get asn1 object call"},
+{ERR_R_EXPECTING_AN_ASN1_SEQUENCE	,"expecting an asn1 sequence"},
+{ERR_R_ASN1_LENGTH_MISMATCH		,"asn1 length mismatch"},
+{ERR_R_MISSING_ASN1_EOS			,"missing asn1 eos"},
+
 {0,NULL},
 	};
 #endif
@@ -161,11 +164,13 @@ static ERR_STRING_DATA ERR_str_reasons[]=
 		} \
 	(p)->err_data_flags[i]=0;
 
-static void ERR_STATE_free(s)
-ERR_STATE *s;
+static void ERR_STATE_free(ERR_STATE *s)
 	{
 	int i;
 
+	if(s == NULL)
+	    return;
+
 	for (i=0; i<ERR_NUM_ERRORS; i++)
 		{
 		err_clear_data(s,i);
@@ -173,7 +178,7 @@ ERR_STATE *s;
 	Free(s);
 	}
 
-void ERR_load_ERR_strings()
+void ERR_load_ERR_strings(void)
 	{
 	static int init=1;
 
@@ -196,9 +201,7 @@ void ERR_load_ERR_strings()
 		}
 	}
 
-void ERR_load_strings(lib,str)
-int lib;
-ERR_STRING_DATA *str;
+void ERR_load_strings(int lib, ERR_STRING_DATA *str)
 	{
 	if (error_hash == NULL)
 		{
@@ -224,7 +227,7 @@ ERR_STRING_DATA *str;
 	CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH);
 	}
 
-void ERR_free_strings()
+void ERR_free_strings(void)
 	{
 	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
 
@@ -239,13 +242,30 @@ void ERR_free_strings()
 
 /********************************************************/
 
-void ERR_put_error(lib,func,reason,file,line)
-int lib,func,reason;
-char *file;
-int line;
+void ERR_put_error(int lib, int func, int reason, const char *file,
+	     int line)
 	{
 	ERR_STATE *es;
 
+#ifdef _OSD_POSIX
+	/* In the BS2000-OSD POSIX subsystem, the compiler generates
+	 * path names in the form "*POSIX(/etc/passwd)".
+	 * This dirty hack strips them to something sensible.
+	 * @@@ We shouldn't modify a const string, though.
+	 */
+	if (strncmp(file,"*POSIX(", sizeof("*POSIX(")-1) == 0) {
+		char *end;
+
+		/* Skip the "*POSIX(" prefix */
+		file += sizeof("*POSIX(")-1;
+		end = &file[strlen(file)-1];
+		if (*end == ')')
+			*end = '\0';
+		/* Optional: use the basename of the path only. */
+		if ((end = strrchr(file, '/')) != NULL)
+			file = &end[1];
+	}
+#endif
 	es=ERR_get_state();
 
 	es->top=(es->top+1)%ERR_NUM_ERRORS;
@@ -257,7 +277,7 @@ int line;
 	err_clear_data(es,es->top);
 	}
 
-void ERR_clear_error()
+void ERR_clear_error(void)
 	{
 	ERR_STATE *es;
 
@@ -277,42 +297,32 @@ void ERR_clear_error()
 	}
 
 
-unsigned long ERR_get_error()
+unsigned long ERR_get_error(void)
 	{ return(get_error_values(1,NULL,NULL,NULL,NULL)); }
 
-unsigned long ERR_get_error_line(file,line)
-char **file;
-int *line;
+unsigned long ERR_get_error_line(const char **file,
+	     int *line)
 	{ return(get_error_values(1,file,line,NULL,NULL)); }
 
-unsigned long ERR_get_error_line_data(file,line,data,flags)
-char **file;
-int *line;
-char **data;
-int *flags;
-	{ return(get_error_values(1,file,line,data,flags)); }
+unsigned long ERR_get_error_line_data(const char **file, int *line,
+	     const char **data, int *flags)
+	{ return(get_error_values(1,file,line,
+	     data,flags)); }
 
-unsigned long ERR_peek_error()
+unsigned long ERR_peek_error(void)
 	{ return(get_error_values(0,NULL,NULL,NULL,NULL)); }
 
-unsigned long ERR_peek_error_line(file,line)
-char **file;
-int *line;
+unsigned long ERR_peek_error_line(const char **file,
+	     int *line)
 	{ return(get_error_values(0,file,line,NULL,NULL)); }
 
-unsigned long ERR_peek_error_line_data(file,line,data,flags)
-char **file;
-int *line;
-char **data;
-int *flags;
-	{ return(get_error_values(0,file,line,data,flags)); }
-
-static unsigned long get_error_values(inc,file,line,data,flags)
-int inc;
-char **file;
-int *line;
-char **data;
-int *flags;
+unsigned long ERR_peek_error_line_data(const char **file, int *line,
+	     const char **data, int *flags)
+	{ return(get_error_values(0,file,line,
+	     data,flags)); }
+
+static unsigned long get_error_values(int inc, const char **file, int *line,
+	     const char **data, int *flags)
 	{	
 	int i=0;
 	ERR_STATE *es;
@@ -361,12 +371,10 @@ int *flags;
 	}
 
 /* BAD for multi-threaded, uses a local buffer if ret == NULL */
-char *ERR_error_string(e,ret)
-unsigned long e;
-char *ret;
+char *ERR_error_string(unsigned long e, char *ret)
 	{
 	static char buf[256];
-	char *ls,*fs,*rs;
+	const char *ls,*fs,*rs;
 	unsigned long l,f,r;
 	int i;
 
@@ -397,18 +405,17 @@ char *ret;
 	return(ret);
 	}
 
-LHASH *ERR_get_string_table()
+LHASH *ERR_get_string_table(void)
 	{
 	return(error_hash);
 	}
 
-LHASH *ERR_get_err_state_table()
+LHASH *ERR_get_err_state_table(void)
 	{
 	return(thread_hash);
 	}
 
-char *ERR_lib_error_string(e)
-unsigned long e;
+const char *ERR_lib_error_string(unsigned long e)
 	{
 	ERR_STRING_DATA d,*p=NULL;
 	unsigned long l;
@@ -428,8 +435,7 @@ unsigned long e;
 	return((p == NULL)?NULL:p->string);
 	}
 
-char *ERR_func_error_string(e)
-unsigned long e;
+const char *ERR_func_error_string(unsigned long e)
 	{
 	ERR_STRING_DATA d,*p=NULL;
 	unsigned long l,f;
@@ -450,8 +456,7 @@ unsigned long e;
 	return((p == NULL)?NULL:p->string);
 	}
 
-char *ERR_reason_error_string(e)
-unsigned long e;
+const char *ERR_reason_error_string(unsigned long e)
 	{
 	ERR_STRING_DATA d,*p=NULL;
 	unsigned long l,r;
@@ -478,8 +483,7 @@ unsigned long e;
 	return((p == NULL)?NULL:p->string);
 	}
 
-static unsigned long err_hash(a)
-ERR_STRING_DATA *a;
+static unsigned long err_hash(ERR_STRING_DATA *a)
 	{
 	unsigned long ret,l;
 
@@ -488,26 +492,22 @@ ERR_STRING_DATA *a;
 	return(ret^ret%19*13);
 	}
 
-static int err_cmp(a,b)
-ERR_STRING_DATA *a,*b;
+static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b)
 	{
 	return((int)(a->error-b->error));
 	}
 
-static unsigned long pid_hash(a)
-ERR_STATE *a;
+static unsigned long pid_hash(ERR_STATE *a)
 	{
 	return(a->pid*13);
 	}
 
-static int pid_cmp(a,b)
-ERR_STATE *a,*b;
+static int pid_cmp(ERR_STATE *a, ERR_STATE *b)
 	{
 	return((int)((long)a->pid - (long)b->pid));
 	}
 
-void ERR_remove_state(pid)
-unsigned long pid;
+void ERR_remove_state(unsigned long pid)
 	{
 	ERR_STATE *p,tmp;
 
@@ -523,7 +523,7 @@ unsigned long pid;
 	if (p != NULL) ERR_STATE_free(p);
 	}
 
-ERR_STATE *ERR_get_state()
+ERR_STATE *ERR_get_state(void)
 	{
 	static ERR_STATE fallback;
 	ERR_STATE *ret=NULL,tmp,*tmpp;
@@ -539,7 +539,9 @@ ERR_STATE *ERR_get_state()
 		CRYPTO_w_lock(CRYPTO_LOCK_ERR);
 		if (thread_hash == NULL)
 			{
+			MemCheck_off();
 			thread_hash=lh_new(pid_hash,pid_cmp);
+			MemCheck_on();
 			CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
 			if (thread_hash == NULL) return(&fallback);
 			}
@@ -577,16 +579,14 @@ ERR_STATE *ERR_get_state()
 	return(ret);
 	}
 
-int ERR_get_next_error_library()
+int ERR_get_next_error_library(void)
 	{
 	static int value=ERR_LIB_USER;
 
 	return(value++);
 	}
 
-void ERR_set_error_data(data,flags)
-char *data;
-int flags;
+void ERR_set_error_data(char *data, int flags)
 	{
 	ERR_STATE *es;
 	int i;
@@ -601,10 +601,9 @@ int flags;
 	es->err_data_flags[es->top]=flags;
 	}
 
-void ERR_add_error_data( VAR_PLIST(int , num))
-VAR_ALIST
-        {
-        VAR_BDEFN(args, int, num);
+void ERR_add_error_data(int num, ...)
+	{
+	va_list args;
 	int i,n,s;
 	char *str,*p,*a;
 
@@ -613,12 +612,14 @@ VAR_ALIST
 	if (str == NULL) return;
 	str[0]='\0';
 
-	VAR_INIT(args,int,num);
+	va_start(args, num);
 	n=0;
 	for (i=0; i<num; i++)
 		{
-		VAR_ARG(args,char *,a);
-		if (a != NULL) {
+		a=va_arg(args, char*);
+		/* ignore NULLs, thanks to Bob Beck <beck@obtuse.com> */
+		if (a != NULL)
+			{
 			n+=strlen(a);
 			if (n > s)
 				{
@@ -637,6 +638,6 @@ VAR_ALIST
 		}
 	ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING);
 
-	VAR_END( args );
+	va_end(args);
 	}
 
diff --git a/lib/libssl/src/crypto/err/err.h b/lib/libssl/src/crypto/err/err.h
index 75f931be112..9411fb3568e 100644
--- a/lib/libssl/src/crypto/err/err.h
+++ b/lib/libssl/src/crypto/err/err.h
@@ -63,6 +63,10 @@
 extern "C" {
 #endif
 
+#ifndef NO_FP_API
+#include <stdio.h>
+#endif
+
 /* The following is a bit of a trick to help the object files only contain
  * the 'name of the file' string once.  Since 'err.h' is protected by the
  * HEADER_ERR_H stuff, this should be included only once per file. */
@@ -87,7 +91,7 @@ typedef struct err_state_st
 	unsigned long err_buffer[ERR_NUM_ERRORS];
 	char *err_data[ERR_NUM_ERRORS];
 	int err_data_flags[ERR_NUM_ERRORS];
-	char *err_file[ERR_NUM_ERRORS];
+	const char *err_file[ERR_NUM_ERRORS];
 	int err_line[ERR_NUM_ERRORS];
 	int top,bottom;
 	} ERR_STATE;
@@ -116,6 +120,8 @@ typedef struct err_state_st
 #define ERR_LIB_PROXY		31
 #define ERR_LIB_BIO		32
 #define ERR_LIB_PKCS7		33
+#define ERR_LIB_X509V3		34
+#define ERR_LIB_PKCS12		35
 
 #define ERR_LIB_USER		128
 
@@ -141,6 +147,8 @@ typedef struct err_state_st
 #define RSAREFerr(f,r) ERR_PUT_error(ERR_LIB_RSAREF,(f),(r),ERR_file_name,__LINE__)
 #define PROXYerr(f,r) ERR_PUT_error(ERR_LIB_PROXY,(f),(r),ERR_file_name,__LINE__)
 #define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),ERR_file_name,__LINE__)
+#define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),ERR_file_name,__LINE__)
+#define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),ERR_file_name,__LINE__)
 
 /* Borland C seems too stupid to be able to shift and do longs in
  * the pre-processor :-( */
@@ -162,6 +170,7 @@ typedef struct err_state_st
 #define SYS_F_LISTEN		7
 #define SYS_F_ACCEPT		8
 #define SYS_F_WSASTARTUP	9 /* Winsock stuff */
+#define SYS_F_OPENDIR		10
 
 #define ERR_R_FATAL		32	
 /* reasons */
@@ -187,41 +196,47 @@ typedef struct err_state_st
 #define ERR_R_PROXY_LIB	ERR_LIB_PROXY
 #define ERR_R_BIO_LIB	ERR_LIB_BIO
 #define ERR_R_PKCS7_LIB	ERR_LIB_PKCS7
+#define ERR_R_PKCS12_LIB ERR_LIB_PKCS12
 
 /* fatal error */
 #define	ERR_R_MALLOC_FAILURE			(1|ERR_R_FATAL)
 #define	ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED	(2|ERR_R_FATAL)
 #define	ERR_R_PASSED_NULL_PARAMETER		(3|ERR_R_FATAL)
+#define ERR_R_NESTED_ASN1_ERROR			(4)
+#define ERR_R_BAD_ASN1_OBJECT_HEADER		(5)
+#define ERR_R_BAD_GET_ASN1_OBJECT_CALL		(6)
+#define ERR_R_EXPECTING_AN_ASN1_SEQUENCE	(7)
+#define ERR_R_ASN1_LENGTH_MISMATCH		(8)
+#define ERR_R_MISSING_ASN1_EOS			(9)
 
 typedef struct ERR_string_data_st
 	{
 	unsigned long error;
-	char *string;
+	const char *string;
 	} ERR_STRING_DATA;
 
-#ifndef NOPROTO
-void ERR_put_error(int lib, int func,int reason,char *file,int line);
+void ERR_put_error(int lib, int func,int reason,const char *file,int line);
 void ERR_set_error_data(char *data,int flags);
 
 unsigned long ERR_get_error(void );
-unsigned long ERR_get_error_line(char **file,int *line);
-unsigned long ERR_get_error_line_data(char **file,int *line,
-		char **data, int *flags);
+unsigned long ERR_get_error_line(const char **file,int *line);
+unsigned long ERR_get_error_line_data(const char **file,int *line,
+				      const char **data, int *flags);
 unsigned long ERR_peek_error(void );
-unsigned long ERR_peek_error_line(char **file,int *line);
-unsigned long ERR_peek_error_line_data(char **file,int *line,
-		char **data,int *flags);
+unsigned long ERR_peek_error_line(const char **file,int *line);
+unsigned long ERR_peek_error_line_data(const char **file,int *line,
+				       const char **data,int *flags);
 void ERR_clear_error(void );
 char *ERR_error_string(unsigned long e,char *buf);
-char *ERR_lib_error_string(unsigned long e);
-char *ERR_func_error_string(unsigned long e);
-char *ERR_reason_error_string(unsigned long e);
+const char *ERR_lib_error_string(unsigned long e);
+const char *ERR_func_error_string(unsigned long e);
+const char *ERR_reason_error_string(unsigned long e);
 #ifndef NO_FP_API
 void ERR_print_errors_fp(FILE *fp);
 #endif
 #ifdef HEADER_BIO_H
 void ERR_print_errors(BIO *bp);
-void ERR_add_error_data( VAR_PLIST( int, num ) );
+void ERR_add_error_data(int num, ...);
 #endif
 void ERR_load_strings(int lib,ERR_STRING_DATA str[]);
 void ERR_load_ERR_strings(void );
@@ -241,45 +256,6 @@ char *ERR_get_err_state_table(void );
 
 int ERR_get_next_error_library(void );
 
-#else
-
-void ERR_put_error();
-void ERR_set_error_data();
-
-unsigned long ERR_get_error();
-unsigned long ERR_get_error_line();
-unsigned long ERR_peek_error();
-unsigned long ERR_peek_error_line();
-void ERR_clear_error();
-char *ERR_error_string();
-char *ERR_lib_error_string();
-char *ERR_func_error_string();
-char *ERR_reason_error_string();
-#ifndef NO_FP_API
-void ERR_print_errors_fp();
-#endif
-void ERR_print_errors();
-void ERR_add_error_data();
-void ERR_load_strings();
-void ERR_load_ERR_strings();
-void ERR_load_crypto_strings();
-void ERR_free_strings();
-
-void ERR_remove_state();
-ERR_STATE *ERR_get_state();
-
-#ifdef HEADER_LHASH_H
-LHASH *ERR_get_string_table();
-LHASH *ERR_get_err_state_table();
-#else
-char *ERR_get_string_table();
-char *ERR_get_err_state_table();
-#endif
-
-int ERR_get_next_error_library();
-
-#endif
-
 #ifdef	__cplusplus
 }
 #endif
diff --git a/lib/libssl/src/crypto/err/err_all.c b/lib/libssl/src/crypto/err/err_all.c
index f874268e1aa..ad820227d24 100644
--- a/lib/libssl/src/crypto/err/err_all.c
+++ b/lib/libssl/src/crypto/err/err_all.c
@@ -57,30 +57,32 @@
  */
 
 #include <stdio.h>
-#include "asn1.h"
-#include "bn.h"
-#include "buffer.h"
-#include "bio.h"
+#include <openssl/asn1.h>
+#include <openssl/bn.h>
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
 #ifndef NO_RSA
-#include "rsa.h"
+#include <openssl/rsa.h>
 #endif
 #ifdef RSAref
-#include "rsaref.h"
+#include <openssl/rsaref.h>
 #endif
 #ifndef NO_DH
-#include "dh.h"
+#include <openssl/dh.h>
 #endif
 #ifndef NO_DSA
-#include "dsa.h"
+#include <openssl/dsa.h>
 #endif
-#include "evp.h"
-#include "objects.h"
-#include "pem.h"
-#include "x509.h"
-#include "conf.h"
-#include "err.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/pem2.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/conf.h>
+#include <openssl/pkcs12.h>
+#include <openssl/err.h>
 
-void ERR_load_crypto_strings()
+void ERR_load_crypto_strings(void)
 	{
 	static int done=0;
 
@@ -110,7 +112,9 @@ void ERR_load_crypto_strings()
 	ERR_load_OBJ_strings();
 	ERR_load_PEM_strings();
 	ERR_load_X509_strings();
+	ERR_load_X509V3_strings();
 	ERR_load_CRYPTO_strings();
 	ERR_load_PKCS7_strings();
+	ERR_load_PKCS12_strings();
 #endif
 	}
diff --git a/lib/libssl/src/crypto/err/err_code.pl b/lib/libssl/src/crypto/err/err_code.pl
deleted file mode 100644
index ebc8eef913b..00000000000
--- a/lib/libssl/src/crypto/err/err_code.pl
+++ /dev/null
@@ -1,105 +0,0 @@
-#!/usr/bin/perl
-
-while (@ARGV)
-	{
-	$in=shift(@ARGV);
-	if ($in =~ /^-conf$/)
-		{
-		$in=shift(@ARGV);
-		open(IN,"<$in") || die "unable to open '$in'\n";
-		while (<IN>)
-			{
-			s/#.*$//;
-			s/\s+$//;
-			next if (/^$/);
-			if (/^L\s+(\S+)\s+(\S+)$/)
-				{ $errfile{$1}=$2; }
-			elsif (/^F\s+(\S+)$/)
-				{ $function{$1}=1; }
-			elsif (/^R\s+(\S+)\s+(\S+)$/)
-				{ $r_value{$1}=$2; }
-			else { die "bad input line: $in:$.\n"; }
-			}
-		close(IN);
-		next;
-		}
-
-	open(IN,"<$in") || die "unable to open '$in'\n";
-	$last="";
-	while (<IN>)
-		{
-		if (/err\(([A-Z0-9]+_F_[0-9A-Z_]+)\s*,\s*([0-9A-Z]+_R_[0-9A-Z_]+)\s*\)/)
-			{
-			if ($1 != $last)
-				{
-				if ($function{$1} == 0)
-					{
-					printf STDERR "$. $1 is bad\n";
-					}
-				}
-			$function{$1}++;
-			$last=$1;
-			$reason{$2}++;
-			}
-		}
-	close(IN);
-	}
-
-foreach (keys %function,keys %reason)
-	{
-	/^([A-Z0-9]+)_/;
-	$prefix{$1}++;
-	}
-
-@F=sort keys %function;
-@R=sort keys %reason;
-foreach $j (sort keys %prefix)
-	{
-	next if $errfile{$j} eq "NONE";
-	printf STDERR "doing %-6s - ",$j;
-	if (defined($errfile{$j}))
-		{
-		open(OUT,">$errfile{$j}") ||
-			die "unable to open '$errfile{$j}':$!\n";
-		$close_file=1;
-		}
-	else
-		{
-		*OUT=*STDOUT;
-		$close=0;
-		}
-	@f=grep(/^${j}_/,@F);
-	@r=grep(/^${j}_/,@R);
-	$num=100;
-	print OUT "/* Error codes for the $j functions. */\n\n";
-	print OUT "/* Function codes. */\n";
-	$f_count=0;
-	foreach $i (@f)
-		{
-		$z=6-int(length($i)/8);
-		printf OUT "#define $i%s $num\n","\t" x $z;
-		$num++;
-		$f_count++;
-		}
-	$num=100;
-	print OUT "\n/* Reason codes. */\n";
-	$r_count=0;
-	foreach $i (@r)
-		{
-		$z=6-int(length($i)/8);
-		if (defined($r_value{$i}))
-			{
-			printf OUT "#define $i%s $r_value{$i}\n","\t" x $z;
-			}
-		else
-			{
-			printf OUT "#define $i%s $num\n","\t" x $z;
-			$num++;
-			}
-		$r_count++;
-		}
-	close(OUT) if $close_file;
-
-	printf STDERR "%3d functions, %3d reasons\n",$f_count,$r_count;
-	}
-
diff --git a/lib/libssl/src/crypto/err/err_genc.pl b/lib/libssl/src/crypto/err/err_genc.pl
deleted file mode 100644
index a8e36c2f0c9..00000000000
--- a/lib/libssl/src/crypto/err/err_genc.pl
+++ /dev/null
@@ -1,198 +0,0 @@
-#!/usr/bin/perl
-
-if ($ARGV[0] eq "-s") { $static=1; shift @ARGV; }
-
-($#ARGV == 1) || die "usage: $0 [-s] <header file> <output C file>\n";
-open(IN,"<$ARGV[0]") || die "unable to open $ARGV[0]:$!\n";
-open(STDOUT,">$ARGV[1]") || die "unable to open $ARGV[1]:$!\n";
-
-$Func=0;
-$Reas=0;
-$fuction{'FOPEN'}='fopen';
-while (<IN>)
-	{
-	if (/(\S+)\s*\(\);/)
-		{
-		$t=$1;
-		$t =~ s/\*//;
-		($upper=$t) =~ tr/a-z/A-Z/;
-		$fuction{$upper}=$t;
-		}
-	next unless (/^#define\s+(\S+)\s/);
-
-	$o=$1;
-	if ($o =~ /^([^_]+)_F_(.*)/)
-		{
-		$type=$1;
-		$Func++;
-		$n=$2;
-		$n=$fuction{$n} if (defined($fuction{$n}));
-		$out{$1."_str_functs"}.=
-			sprintf("{ERR_PACK(0,%s,0),\t\"$n\"},\n",$o);
-		}
-	elsif ($o =~ /^([^_]+)_R_(.*)/)
-		{
-		$type=$1;
-		$Reas++;
-		$r=$2;
-		$r =~ tr/A-Z_/a-z /;
-		$pkg{$type."_str_reasons"}=$type;
-		$out{$type."_str_reasons"}.=sprintf("{%-40s,\"$r\"},\n",$o);
-		}
-	elsif ($ARGV[0] =~ /rsaref/ && $o =~ /^RE_(.*)/)
-		{
-		$type="RSAREF";
-		$Reas++;
-		$r=$1;
-		$r =~ tr/A-Z_/a-z /;
-		$pkg{$type."_str_reasons"}=$type;
-		$out{$type."_str_reasons"}.=sprintf("{%-40s,\"$r\"},\n",$o);
-		}
-	}
-close(IN);
-
-&header($type,$ARGV[0]);
-
-foreach (sort keys %out)
-	{
-	print "static ERR_STRING_DATA ${_}[]=\n\t{\n";
-	print $out{$_};
-	print "{0,NULL},\n";
-	print "\t};\n\n";
-	}
-print "#endif\n";
-
-if ($static)
-	{ $lib="ERR_LIB_$type"; }
-else
-	{ $lib="${type}_lib_error_code"; }
-
-$str="";
-$str.="#ifndef NO_ERR\n";
-$str.="\t\tERR_load_strings($lib,${type}_str_functs);\n" if $Func;
-$str.="\t\tERR_load_strings($lib,${type}_str_reasons);\n" if $Reas;
-$str.="#endif\n";
-
-if (!$static)
-	{
-print <<"EOF";
-
-static int ${type}_lib_error_code=0;
-
-void ERR_load_${type}_strings()
-	{
-	static int init=1;
-
-	if (${type}_lib_error_code == 0)
-		${type}_lib_error_code=ERR_get_next_error_library();
-
-	if (init);
-		{;
-		init=0;
-$str
-		}
-	}
-
-void ERR_${type}_error(function,reason,file,line)
-int function;
-int reason;
-char *file;
-int line;
-	{
-	if (${type}_lib_error_code == 0)
-		${type}_lib_error_code=ERR_get_next_error_library();
-	ERR_PUT_error(${type}_lib_error_code,function,reason,file,line);
-	}
-EOF
-	}
-else # $static
-	{
-	print <<"EOF";
-
-void ERR_load_${type}_strings()
-	{
-	static int init=1;
-
-	if (init);
-		{;
-		init=0;
-$str
-		}
-	}
-EOF
-	}
-
-sub header
-	{
-	($type,$header)=@_;
-
-	($lc=$type) =~ tr/A-Z/a-z/;
-	$header =~ s/^.*\///;
-
-	print "/* lib/$lc/${lc}\_err.c */\n";
-	print <<'EOF';
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-EOF
-
-	print "#include <stdio.h>\n";
-	print "#include \"err.h\"\n";
-	print "#include \"$header\"\n";
-	print "\n/* BEGIN ERROR CODES */\n";
-	print "#ifndef NO_ERR\n";
-	}
-
diff --git a/lib/libssl/src/crypto/err/err_prn.c b/lib/libssl/src/crypto/err/err_prn.c
index ecd0e7c4fa8..0999ff214bf 100644
--- a/lib/libssl/src/crypto/err/err_prn.c
+++ b/lib/libssl/src/crypto/err/err_prn.c
@@ -57,20 +57,19 @@
  */
 
 #include <stdio.h>
-#include "lhash.h"
-#include "crypto.h"
+#include <openssl/lhash.h>
+#include <openssl/crypto.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "err.h"
-#include "crypto.h"
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+#include <openssl/crypto.h>
 
 #ifndef NO_FP_API
-void ERR_print_errors_fp(fp)
-FILE *fp;
+void ERR_print_errors_fp(FILE *fp)
 	{
 	unsigned long l;
 	char buf[200];
-	char *file,*data;
+	const char *file,*data;
 	int line,flags;
 	unsigned long es;
 
@@ -83,13 +82,12 @@ FILE *fp;
 	}
 #endif
 
-void ERR_print_errors(bp)
-BIO *bp;
+void ERR_print_errors(BIO *bp)
 	{
 	unsigned long l;
 	char buf[256];
 	char buf2[256];
-	char *file,*data;
+	const char *file,*data;
 	int line,flags;
 	unsigned long es;
 
diff --git a/lib/libssl/src/crypto/err/error.err b/lib/libssl/src/crypto/err/error.err
deleted file mode 100644
index f09557d8d94..00000000000
--- a/lib/libssl/src/crypto/err/error.err
+++ /dev/null
@@ -1,13 +0,0 @@
-/* Error codes for the ERR functions. */
-
-/* Function codes. */
-
-/* Reason codes. */
-#define ERR_R_BN_LIB					100
-#define ERR_R_DER_LIB					101
-#define ERR_R_MALLOC_FAILURE				102
-#define ERR_R_PEM_LIB					103
-#define ERR_R_RSA_LIB					104
-#define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED		105
-#define ERR_R_SYS_LIB					106
-#define ERR_R_X509_LIB					107
diff --git a/lib/libssl/src/crypto/err/openssl.ec b/lib/libssl/src/crypto/err/openssl.ec
new file mode 100644
index 00000000000..c2a8acff0c1
--- /dev/null
+++ b/lib/libssl/src/crypto/err/openssl.ec
@@ -0,0 +1,71 @@
+L ERR		NONE				NONE
+L CRYPTO	crypto/crypto.h			crypto/cpt_err.c
+L BN		crypto/bn/bn.h			crypto/bn/bn_err.c
+L RSA		crypto/rsa/rsa.h		crypto/rsa/rsa_err.c
+L DSA		crypto/dsa/dsa.h		crypto/dsa/dsa_err.c
+L DH		crypto/dh/dh.h			crypto/dh/dh_err.c
+L EVP		crypto/evp/evp.h		crypto/evp/evp_err.c
+L BUF		crypto/buffer/buffer.h		crypto/buffer/buf_err.c
+L BIO		crypto/bio/bio.h		crypto/bio/bio_err.c
+L OBJ		crypto/objects/objects.h	crypto/objects/obj_err.c
+L PEM		crypto/pem/pem.h		crypto/pem/pem_err.c
+L X509		crypto/x509/x509.h		crypto/x509/x509_err.c
+L NONE		crypto/x509/x509_vfy.h		NONE
+L X509V3	crypto/x509v3/x509v3.h		crypto/x509v3/v3err.c
+#L METH		crypto/meth/meth.h		crypto/meth/meth_err.c
+L ASN1		crypto/asn1/asn1.h		crypto/asn1/asn1_err.c
+L CONF		crypto/conf/conf.h		crypto/conf/conf_err.c
+#L PROXY		crypto/proxy/proxy.h		crypto/proxy/proxy_err.c
+L PKCS7		crypto/pkcs7/pkcs7.h		crypto/pkcs7/pkcs7err.c
+L PKCS12	crypto/pkcs12/pkcs12.h		crypto/pkcs12/pk12err.c
+L RSAREF	rsaref/rsaref.h			rsaref/rsar_err.c
+L SSL		ssl/ssl.h			ssl/ssl_err.c
+L COMP		crypto/comp/comp.h		crypto/comp/comp_err.c
+
+
+F RSAREF_F_RSA_BN2BIN
+F RSAREF_F_RSA_PRIVATE_DECRYPT
+F RSAREF_F_RSA_PRIVATE_ENCRYPT
+F RSAREF_F_RSA_PUBLIC_DECRYPT
+F RSAREF_F_RSA_PUBLIC_ENCRYPT
+#F SSL_F_CLIENT_CERTIFICATE
+
+R SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE		1010
+R SSL_R_SSLV3_ALERT_BAD_RECORD_MAC		1020
+R SSL_R_TLSV1_ALERT_DECRYPTION_FAILED		1021
+R SSL_R_TLSV1_ALERT_RECORD_OVERFLOW		1022
+R SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE	1030
+R SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE		1040
+R SSL_R_SSLV3_ALERT_NO_CERTIFICATE		1041
+R SSL_R_SSLV3_ALERT_BAD_CERTIFICATE		1042
+R SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE	1043
+R SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED		1044
+R SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED		1045
+R SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN		1046
+R SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER		1047
+R SSL_R_TLSV1_ALERT_UNKNOWN_CA			1048
+R SSL_R_TLSV1_ALERT_ACCESS_DENIED		1049
+R SSL_R_TLSV1_ALERT_DECODE_ERROR		1050
+R SSL_R_TLSV1_ALERT_DECRYPT_ERROR		1051
+R SSL_R_TLSV1_ALERT_EXPORT_RESTRICION		1060
+R SSL_R_TLSV1_ALERT_PROTOCOL_VERSION		1070
+R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY	1071
+R SSL_R_TLSV1_ALERT_INTERNAL_ERROR		1080
+R SSL_R_TLSV1_ALERT_USER_CANCLED		1090
+R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION		1100
+
+R RSAREF_R_CONTENT_ENCODING			0x0400
+R RSAREF_R_DATA					0x0401
+R RSAREF_R_DIGEST_ALGORITHM			0x0402
+R RSAREF_R_ENCODING				0x0403
+R RSAREF_R_KEY					0x0404
+R RSAREF_R_KEY_ENCODING				0x0405
+R RSAREF_R_LEN					0x0406
+R RSAREF_R_MODULUS_LEN				0x0407
+R RSAREF_R_NEED_RANDOM				0x0408
+R RSAREF_R_PRIVATE_KEY				0x0409
+R RSAREF_R_PUBLIC_KEY				0x040a
+R RSAREF_R_SIGNATURE				0x040b
+R RSAREF_R_SIGNATURE_ENCODING			0x040c
+R RSAREF_R_ENCRYPTION_ALGORITHM			0x040d
+
diff --git a/lib/libssl/src/crypto/err/ssleay.ec b/lib/libssl/src/crypto/err/ssleay.ec
deleted file mode 100644
index 10b5dbb59df..00000000000
--- a/lib/libssl/src/crypto/err/ssleay.ec
+++ /dev/null
@@ -1,57 +0,0 @@
-L ERR		NONE
-L CRYPTO	crypto.err
-L BN		bn/bn.err
-L RSA		rsa/rsa.err
-L DSA		dsa/dsa.err
-L DH		dh/dh.err
-L EVP		evp/evp.err
-L BUF		buffer/buffer.err
-L BIO		bio/bio.err
-L OBJ		objects/objects.err
-L PEM		pem/pem.err
-L X509		x509/x509.err
-L METH		meth/meth.err
-L ASN1		asn1/asn1.err
-L CONF		conf/conf.err
-L PROXY		proxy/proxy.err
-L PKCS7		pkcs7/pkcs7.err
-L RSAREF	../rsaref/rsaref.err
-L SSL		../ssl/ssl.err
-L SSL2		../ssl/ssl2.err
-L SSL3		../ssl/ssl3.err
-L SSL23		../ssl/ssl23.err
-
-F RSAREF_F_RSA_BN2BIN
-F RSAREF_F_RSA_PRIVATE_DECRYPT
-F RSAREF_F_RSA_PRIVATE_ENCRYPT
-F RSAREF_F_RSA_PUBLIC_DECRYPT
-F RSAREF_F_RSA_PUBLIC_ENCRYPT
-#F SSL_F_CLIENT_CERTIFICATE
-
-R SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE		1010
-R SSL_R_SSLV3_ALERT_BAD_RECORD_MAC		1020
-R SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE	1030
-R SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE		1040
-R SSL_R_SSLV3_ALERT_NO_CERTIFICATE		1041
-R SSL_R_SSLV3_ALERT_BAD_CERTIFICATE		1042
-R SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE	1043
-R SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED		1044
-R SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED		1045
-R SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN		1046
-R SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER		1047
-
-R RSAREF_R_CONTENT_ENCODING			0x0400
-R RSAREF_R_DATA					0x0401
-R RSAREF_R_DIGEST_ALGORITHM			0x0402
-R RSAREF_R_ENCODING				0x0403
-R RSAREF_R_KEY					0x0404
-R RSAREF_R_KEY_ENCODING				0x0405
-R RSAREF_R_LEN					0x0406
-R RSAREF_R_MODULUS_LEN				0x0407
-R RSAREF_R_NEED_RANDOM				0x0408
-R RSAREF_R_PRIVATE_KEY				0x0409
-R RSAREF_R_PUBLIC_KEY				0x040a
-R RSAREF_R_SIGNATURE				0x040b
-R RSAREF_R_SIGNATURE_ENCODING			0x040c
-R RSAREF_R_ENCRYPTION_ALGORITHM			0x040d
-
diff --git a/lib/libssl/src/crypto/evp/Makefile.ssl b/lib/libssl/src/crypto/evp/Makefile.ssl
index 8bf25164584..dda2586ed1d 100644
--- a/lib/libssl/src/crypto/evp/Makefile.ssl
+++ b/lib/libssl/src/crypto/evp/Makefile.ssl
@@ -7,16 +7,16 @@ TOP=	../..
 CC=	cc
 INCLUDES= -I.. -I../../include
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
-ERR=evp
-ERRC=evp_err
 GENERAL=Makefile
 TEST=
 APPS=
@@ -34,8 +34,8 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c \
 	m_null.c m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c m_dss1.c m_mdc2.c \
 	m_ripemd.c \
 	p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
-	bio_md.c bio_b64.c bio_enc.c $(ERRC).c e_null.c \
-	c_all.c evp_lib.c
+	bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
+	c_all.c evp_lib.c bio_ok.c evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c
 
 LIBOBJ=	encode.o digest.o evp_enc.o evp_key.o \
 	e_ecb_d.o e_cbc_d.o e_cfb_d.o e_ofb_d.o \
@@ -49,8 +49,8 @@ LIBOBJ=	encode.o digest.o evp_enc.o evp_key.o \
 	m_null.o m_md2.o m_md5.o m_sha.o m_sha1.o m_dss.o m_dss1.o m_mdc2.o \
 	m_ripemd.o \
 	p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \
-	bio_md.o bio_b64.o bio_enc.o $(ERRC).o e_null.o \
-	c_all.o evp_lib.o
+	bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
+	c_all.o evp_lib.o bio_ok.o evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o
 
 SRC= $(LIBSRC)
 
@@ -66,24 +66,23 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -95,17 +94,1006 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
-	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+bio_b64.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+bio_b64.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+bio_b64.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+bio_b64.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+bio_b64.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+bio_b64.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bio_b64.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+bio_b64.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+bio_b64.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+bio_b64.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+bio_b64.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+bio_b64.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+bio_b64.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+bio_b64.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+bio_b64.o: ../../include/openssl/stack.h ../cryptlib.h
+bio_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+bio_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+bio_enc.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+bio_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+bio_enc.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+bio_enc.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bio_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+bio_enc.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+bio_enc.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+bio_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+bio_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+bio_enc.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+bio_enc.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+bio_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+bio_enc.o: ../../include/openssl/stack.h ../cryptlib.h
+bio_md.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+bio_md.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+bio_md.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+bio_md.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+bio_md.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+bio_md.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bio_md.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+bio_md.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+bio_md.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+bio_md.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+bio_md.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+bio_md.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+bio_md.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+bio_md.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+bio_md.o: ../../include/openssl/stack.h ../cryptlib.h
+bio_ok.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+bio_ok.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+bio_ok.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+bio_ok.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+bio_ok.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+bio_ok.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bio_ok.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+bio_ok.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+bio_ok.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+bio_ok.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+bio_ok.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+bio_ok.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+bio_ok.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+bio_ok.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+bio_ok.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+bio_ok.o: ../cryptlib.h
+c_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+c_all.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+c_all.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+c_all.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+c_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+c_all.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+c_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+c_all.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+c_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+c_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+c_all.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+c_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+c_all.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+c_all.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+c_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+c_all.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+c_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+digest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+digest.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+digest.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+digest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+digest.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+digest.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+digest.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+digest.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+digest.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+digest.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+digest.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+digest.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+digest.o: ../../include/openssl/stack.h ../cryptlib.h
+e_cbc_3d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_cbc_3d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_cbc_3d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_cbc_3d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_cbc_3d.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_cbc_3d.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_cbc_3d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_cbc_3d.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_cbc_3d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_cbc_3d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_cbc_3d.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_cbc_3d.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_cbc_3d.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_cbc_3d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_cbc_3d.o: ../../include/openssl/stack.h ../cryptlib.h
+e_cbc_bf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_cbc_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_cbc_bf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_cbc_bf.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_cbc_bf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_cbc_bf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_cbc_bf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_cbc_bf.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_cbc_bf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_cbc_bf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_cbc_bf.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_cbc_bf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_cbc_bf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_cbc_bf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_cbc_bf.o: ../../include/openssl/stack.h ../cryptlib.h
+e_cbc_c.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_cbc_c.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_cbc_c.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_cbc_c.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_cbc_c.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_cbc_c.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_cbc_c.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_cbc_c.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_cbc_c.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_cbc_c.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_cbc_c.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_cbc_c.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_cbc_c.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_cbc_c.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_cbc_c.o: ../../include/openssl/stack.h ../cryptlib.h
+e_cbc_d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_cbc_d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_cbc_d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_cbc_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_cbc_d.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_cbc_d.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_cbc_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_cbc_d.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_cbc_d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_cbc_d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_cbc_d.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_cbc_d.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_cbc_d.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_cbc_d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_cbc_d.o: ../../include/openssl/stack.h ../cryptlib.h
+e_cbc_i.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_cbc_i.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_cbc_i.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_cbc_i.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_cbc_i.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_cbc_i.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_cbc_i.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_cbc_i.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_cbc_i.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_cbc_i.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_cbc_i.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_cbc_i.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_cbc_i.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_cbc_i.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_cbc_i.o: ../../include/openssl/stack.h ../cryptlib.h
+e_cbc_r2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_cbc_r2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_cbc_r2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_cbc_r2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_cbc_r2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_cbc_r2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_cbc_r2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_cbc_r2.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_cbc_r2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_cbc_r2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_cbc_r2.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_cbc_r2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_cbc_r2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_cbc_r2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_cbc_r2.o: ../../include/openssl/stack.h ../cryptlib.h
+e_cbc_r5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_cbc_r5.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_cbc_r5.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_cbc_r5.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_cbc_r5.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_cbc_r5.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_cbc_r5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_cbc_r5.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_cbc_r5.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_cbc_r5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_cbc_r5.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_cbc_r5.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_cbc_r5.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_cbc_r5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_cbc_r5.o: ../../include/openssl/stack.h ../cryptlib.h
+e_cfb_3d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_cfb_3d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_cfb_3d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_cfb_3d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_cfb_3d.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_cfb_3d.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_cfb_3d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_cfb_3d.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_cfb_3d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_cfb_3d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_cfb_3d.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_cfb_3d.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_cfb_3d.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_cfb_3d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_cfb_3d.o: ../../include/openssl/stack.h ../cryptlib.h
+e_cfb_bf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_cfb_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_cfb_bf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_cfb_bf.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_cfb_bf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_cfb_bf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_cfb_bf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_cfb_bf.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_cfb_bf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_cfb_bf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_cfb_bf.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_cfb_bf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_cfb_bf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_cfb_bf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_cfb_bf.o: ../../include/openssl/stack.h ../cryptlib.h
+e_cfb_c.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_cfb_c.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_cfb_c.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_cfb_c.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_cfb_c.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_cfb_c.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_cfb_c.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_cfb_c.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_cfb_c.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_cfb_c.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_cfb_c.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_cfb_c.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_cfb_c.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_cfb_c.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_cfb_c.o: ../../include/openssl/stack.h ../cryptlib.h
+e_cfb_d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_cfb_d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_cfb_d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_cfb_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_cfb_d.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_cfb_d.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_cfb_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_cfb_d.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_cfb_d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_cfb_d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_cfb_d.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_cfb_d.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_cfb_d.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_cfb_d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_cfb_d.o: ../../include/openssl/stack.h ../cryptlib.h
+e_cfb_i.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_cfb_i.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_cfb_i.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_cfb_i.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_cfb_i.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_cfb_i.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_cfb_i.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_cfb_i.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_cfb_i.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_cfb_i.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_cfb_i.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_cfb_i.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_cfb_i.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_cfb_i.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_cfb_i.o: ../../include/openssl/stack.h ../cryptlib.h
+e_cfb_r2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_cfb_r2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_cfb_r2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_cfb_r2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_cfb_r2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_cfb_r2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_cfb_r2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_cfb_r2.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_cfb_r2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_cfb_r2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_cfb_r2.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_cfb_r2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_cfb_r2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_cfb_r2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_cfb_r2.o: ../../include/openssl/stack.h ../cryptlib.h
+e_cfb_r5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_cfb_r5.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_cfb_r5.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_cfb_r5.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_cfb_r5.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_cfb_r5.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_cfb_r5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_cfb_r5.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_cfb_r5.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_cfb_r5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_cfb_r5.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_cfb_r5.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_cfb_r5.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_cfb_r5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_cfb_r5.o: ../../include/openssl/stack.h ../cryptlib.h
+e_ecb_3d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_ecb_3d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_ecb_3d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_ecb_3d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_ecb_3d.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_ecb_3d.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_ecb_3d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_ecb_3d.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_ecb_3d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_ecb_3d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_ecb_3d.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_ecb_3d.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_ecb_3d.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_ecb_3d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_ecb_3d.o: ../../include/openssl/stack.h ../cryptlib.h
+e_ecb_bf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_ecb_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_ecb_bf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_ecb_bf.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_ecb_bf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_ecb_bf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_ecb_bf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_ecb_bf.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_ecb_bf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_ecb_bf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_ecb_bf.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_ecb_bf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_ecb_bf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_ecb_bf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_ecb_bf.o: ../../include/openssl/stack.h ../cryptlib.h
+e_ecb_c.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_ecb_c.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_ecb_c.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_ecb_c.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_ecb_c.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_ecb_c.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_ecb_c.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_ecb_c.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_ecb_c.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_ecb_c.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_ecb_c.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_ecb_c.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_ecb_c.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_ecb_c.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_ecb_c.o: ../../include/openssl/stack.h ../cryptlib.h
+e_ecb_d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_ecb_d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_ecb_d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_ecb_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_ecb_d.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_ecb_d.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_ecb_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_ecb_d.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_ecb_d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_ecb_d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_ecb_d.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_ecb_d.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_ecb_d.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_ecb_d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_ecb_d.o: ../../include/openssl/stack.h ../cryptlib.h
+e_ecb_i.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_ecb_i.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_ecb_i.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_ecb_i.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_ecb_i.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_ecb_i.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_ecb_i.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_ecb_i.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_ecb_i.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_ecb_i.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_ecb_i.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_ecb_i.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_ecb_i.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_ecb_i.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_ecb_i.o: ../../include/openssl/stack.h ../cryptlib.h
+e_ecb_r2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_ecb_r2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_ecb_r2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_ecb_r2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_ecb_r2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_ecb_r2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_ecb_r2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_ecb_r2.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_ecb_r2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_ecb_r2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_ecb_r2.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_ecb_r2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_ecb_r2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_ecb_r2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_ecb_r2.o: ../../include/openssl/stack.h ../cryptlib.h
+e_ecb_r5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_ecb_r5.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_ecb_r5.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_ecb_r5.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_ecb_r5.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_ecb_r5.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_ecb_r5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_ecb_r5.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_ecb_r5.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_ecb_r5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_ecb_r5.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_ecb_r5.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_ecb_r5.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_ecb_r5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_ecb_r5.o: ../../include/openssl/stack.h ../cryptlib.h
+e_null.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_null.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_null.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_null.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_null.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_null.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_null.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_null.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_null.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_null.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_null.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_null.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_null.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_null.o: ../../include/openssl/stack.h ../cryptlib.h
+e_ofb_3d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_ofb_3d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_ofb_3d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_ofb_3d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_ofb_3d.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_ofb_3d.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_ofb_3d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_ofb_3d.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_ofb_3d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_ofb_3d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_ofb_3d.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_ofb_3d.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_ofb_3d.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_ofb_3d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_ofb_3d.o: ../../include/openssl/stack.h ../cryptlib.h
+e_ofb_bf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_ofb_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_ofb_bf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_ofb_bf.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_ofb_bf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_ofb_bf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_ofb_bf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_ofb_bf.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_ofb_bf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_ofb_bf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_ofb_bf.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_ofb_bf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_ofb_bf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_ofb_bf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_ofb_bf.o: ../../include/openssl/stack.h ../cryptlib.h
+e_ofb_c.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_ofb_c.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_ofb_c.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_ofb_c.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_ofb_c.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_ofb_c.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_ofb_c.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_ofb_c.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_ofb_c.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_ofb_c.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_ofb_c.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_ofb_c.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_ofb_c.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_ofb_c.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_ofb_c.o: ../../include/openssl/stack.h ../cryptlib.h
+e_ofb_d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_ofb_d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_ofb_d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_ofb_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_ofb_d.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_ofb_d.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_ofb_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_ofb_d.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_ofb_d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_ofb_d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_ofb_d.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_ofb_d.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_ofb_d.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_ofb_d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_ofb_d.o: ../../include/openssl/stack.h ../cryptlib.h
+e_ofb_i.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_ofb_i.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_ofb_i.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_ofb_i.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_ofb_i.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_ofb_i.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_ofb_i.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_ofb_i.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_ofb_i.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_ofb_i.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_ofb_i.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_ofb_i.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_ofb_i.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_ofb_i.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_ofb_i.o: ../../include/openssl/stack.h ../cryptlib.h
+e_ofb_r2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_ofb_r2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_ofb_r2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_ofb_r2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_ofb_r2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_ofb_r2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_ofb_r2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_ofb_r2.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_ofb_r2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_ofb_r2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_ofb_r2.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_ofb_r2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_ofb_r2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_ofb_r2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_ofb_r2.o: ../../include/openssl/stack.h ../cryptlib.h
+e_ofb_r5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_ofb_r5.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_ofb_r5.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_ofb_r5.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_ofb_r5.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_ofb_r5.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_ofb_r5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_ofb_r5.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_ofb_r5.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_ofb_r5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_ofb_r5.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_ofb_r5.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_ofb_r5.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_ofb_r5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_ofb_r5.o: ../../include/openssl/stack.h ../cryptlib.h
+e_rc4.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_rc4.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_rc4.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_rc4.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_rc4.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_rc4.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_rc4.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_rc4.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_rc4.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_rc4.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_rc4.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_rc4.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_rc4.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_rc4.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_rc4.o: ../../include/openssl/stack.h ../cryptlib.h
+e_xcbc_d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_xcbc_d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_xcbc_d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_xcbc_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_xcbc_d.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_xcbc_d.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+e_xcbc_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_xcbc_d.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+e_xcbc_d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_xcbc_d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_xcbc_d.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+e_xcbc_d.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_xcbc_d.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_xcbc_d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_xcbc_d.o: ../../include/openssl/stack.h ../cryptlib.h
+encode.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+encode.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+encode.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+encode.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+encode.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+encode.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+encode.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+encode.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+encode.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+encode.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+encode.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+encode.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+encode.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+encode.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+encode.o: ../../include/openssl/stack.h ../cryptlib.h
+evp_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+evp_enc.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+evp_enc.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+evp_enc.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+evp_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_enc.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+evp_enc.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+evp_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+evp_enc.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+evp_enc.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+evp_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_enc.o: ../../include/openssl/stack.h ../cryptlib.h
+evp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+evp_err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+evp_err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+evp_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+evp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_err.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+evp_err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+evp_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+evp_err.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+evp_err.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+evp_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_err.o: ../../include/openssl/stack.h
+evp_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_key.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+evp_key.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+evp_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+evp_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+evp_key.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+evp_key.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_key.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+evp_key.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+evp_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_key.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+evp_key.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+evp_key.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+evp_key.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+evp_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+evp_key.o: ../cryptlib.h
+evp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+evp_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+evp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+evp_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+evp_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+evp_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_lib.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+evp_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+evp_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+evp_lib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+evp_lib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+evp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_lib.o: ../../include/openssl/stack.h ../cryptlib.h
+evp_pbe.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_pbe.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+evp_pbe.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+evp_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+evp_pbe.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+evp_pbe.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+evp_pbe.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_pbe.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+evp_pbe.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+evp_pbe.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_pbe.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+evp_pbe.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+evp_pbe.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+evp_pbe.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+evp_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+evp_pbe.o: ../cryptlib.h
+evp_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_pkey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+evp_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+evp_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+evp_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+evp_pkey.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+evp_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_pkey.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+evp_pkey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+evp_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+evp_pkey.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+evp_pkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+evp_pkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+evp_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_pkey.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+evp_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+m_dss.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_dss.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+m_dss.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+m_dss.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+m_dss.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_dss.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+m_dss.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_dss.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+m_dss.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+m_dss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_dss.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+m_dss.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+m_dss.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+m_dss.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_dss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_dss.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_dss.o: ../cryptlib.h
+m_dss1.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_dss1.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+m_dss1.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+m_dss1.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+m_dss1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_dss1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+m_dss1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_dss1.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+m_dss1.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+m_dss1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_dss1.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+m_dss1.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+m_dss1.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+m_dss1.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_dss1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_dss1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_dss1.o: ../cryptlib.h
+m_md2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_md2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+m_md2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+m_md2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+m_md2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_md2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+m_md2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_md2.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+m_md2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+m_md2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_md2.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+m_md2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+m_md2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+m_md2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_md2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_md2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_md2.o: ../cryptlib.h
+m_md5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_md5.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+m_md5.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+m_md5.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+m_md5.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_md5.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+m_md5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_md5.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+m_md5.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+m_md5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_md5.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+m_md5.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+m_md5.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+m_md5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_md5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_md5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_md5.o: ../cryptlib.h
+m_mdc2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_mdc2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+m_mdc2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+m_mdc2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+m_mdc2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_mdc2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+m_mdc2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_mdc2.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+m_mdc2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+m_mdc2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_mdc2.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+m_mdc2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+m_mdc2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+m_mdc2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_mdc2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_mdc2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_mdc2.o: ../cryptlib.h
+m_null.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_null.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+m_null.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+m_null.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+m_null.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_null.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+m_null.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_null.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+m_null.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+m_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_null.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+m_null.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+m_null.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+m_null.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_null.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_null.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_null.o: ../cryptlib.h
+m_ripemd.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_ripemd.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+m_ripemd.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+m_ripemd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+m_ripemd.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_ripemd.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+m_ripemd.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_ripemd.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+m_ripemd.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+m_ripemd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_ripemd.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+m_ripemd.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+m_ripemd.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+m_ripemd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_ripemd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_ripemd.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_ripemd.o: ../cryptlib.h
+m_sha.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_sha.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+m_sha.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+m_sha.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+m_sha.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_sha.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+m_sha.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_sha.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+m_sha.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+m_sha.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_sha.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+m_sha.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+m_sha.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+m_sha.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_sha.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_sha.o: ../cryptlib.h
+m_sha1.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_sha1.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+m_sha1.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+m_sha1.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+m_sha1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_sha1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+m_sha1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_sha1.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+m_sha1.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+m_sha1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_sha1.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+m_sha1.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+m_sha1.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+m_sha1.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_sha1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_sha1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_sha1.o: ../cryptlib.h
+names.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+names.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+names.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+names.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+names.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+names.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+names.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+names.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+names.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+names.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+names.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+names.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+names.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+names.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+names.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+names.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+names.o: ../cryptlib.h
+p5_crpt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p5_crpt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p5_crpt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p5_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p5_crpt.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p5_crpt.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p5_crpt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p5_crpt.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+p5_crpt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p5_crpt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p5_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+p5_crpt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p5_crpt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p5_crpt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p5_crpt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p5_crpt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p5_crpt.o: ../cryptlib.h
+p5_crpt2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p5_crpt2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p5_crpt2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p5_crpt2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p5_crpt2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p5_crpt2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p5_crpt2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p5_crpt2.o: ../../include/openssl/hmac.h ../../include/openssl/idea.h
+p5_crpt2.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+p5_crpt2.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+p5_crpt2.o: ../../include/openssl/opensslconf.h
+p5_crpt2.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+p5_crpt2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p5_crpt2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p5_crpt2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p5_crpt2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p5_crpt2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p5_crpt2.o: ../cryptlib.h
+p_dec.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p_dec.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p_dec.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p_dec.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p_dec.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p_dec.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p_dec.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_dec.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+p_dec.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p_dec.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+p_dec.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+p_dec.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p_dec.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p_dec.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_dec.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p_dec.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p_enc.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p_enc.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p_enc.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_enc.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+p_enc.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+p_enc.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+p_enc.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p_enc.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_enc.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+p_lib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p_lib.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p_lib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+p_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+p_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p_lib.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+p_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+p_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p_lib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p_lib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_lib.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p_open.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p_open.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p_open.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p_open.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p_open.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p_open.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p_open.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_open.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+p_open.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p_open.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_open.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+p_open.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p_open.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p_open.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p_open.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_open.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_open.o: ../cryptlib.h
+p_seal.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p_seal.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p_seal.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p_seal.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p_seal.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p_seal.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p_seal.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_seal.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+p_seal.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p_seal.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+p_seal.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+p_seal.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p_seal.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p_seal.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_seal.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+p_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+p_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_sign.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+p_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+p_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p_sign.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_sign.o: ../cryptlib.h
+p_verify.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p_verify.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p_verify.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p_verify.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p_verify.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p_verify.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+p_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_verify.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+p_verify.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p_verify.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+p_verify.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p_verify.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p_verify.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_verify.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_verify.o: ../cryptlib.h
diff --git a/lib/libssl/src/crypto/evp/bio_b64.c b/lib/libssl/src/crypto/evp/bio_b64.c
index 73172b9a071..84729119df2 100644
--- a/lib/libssl/src/crypto/evp/bio_b64.c
+++ b/lib/libssl/src/crypto/evp/bio_b64.c
@@ -59,10 +59,9 @@
 #include <stdio.h>
 #include <errno.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "evp.h"
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
 
-#ifndef NOPROTO
 static int b64_write(BIO *h,char *buf,int num);
 static int b64_read(BIO *h,char *buf,int size);
 /*static int b64_puts(BIO *h,char *str); */
@@ -70,16 +69,6 @@ static int b64_read(BIO *h,char *buf,int size);
 static long b64_ctrl(BIO *h,int cmd,long arg1,char *arg2);
 static int b64_new(BIO *h);
 static int b64_free(BIO *data);
-#else
-static int b64_write();
-static int b64_read();
-/*static int b64_puts(); */
-/*static int b64_gets(); */
-static long b64_ctrl();
-static int b64_new();
-static int b64_free();
-#endif
-
 #define B64_BLOCK_SIZE	1024
 #define B64_BLOCK_SIZE2	768
 #define B64_NONE	0
@@ -113,13 +102,12 @@ static BIO_METHOD methods_b64=
 	b64_free,
 	};
 
-BIO_METHOD *BIO_f_base64()
+BIO_METHOD *BIO_f_base64(void)
 	{
 	return(&methods_b64);
 	}
 
-static int b64_new(bi)
-BIO *bi;
+static int b64_new(BIO *bi)
 	{
 	BIO_B64_CTX *ctx;
 
@@ -140,8 +128,7 @@ BIO *bi;
 	return(1);
 	}
 
-static int b64_free(a)
-BIO *a;
+static int b64_free(BIO *a)
 	{
 	if (a == NULL) return(0);
 	Free(a->ptr);
@@ -151,10 +138,7 @@ BIO *a;
 	return(1);
 	}
 	
-static int b64_read(b,out,outl)
-BIO *b;
-char *out;
-int outl;
+static int b64_read(BIO *b, char *out, int outl)
 	{
 	int ret=0,i,ii,j,k,x,n,num,ret_code=0;
 	BIO_B64_CTX *ctx;
@@ -354,10 +338,7 @@ int outl;
 	return((ret == 0)?ret_code:ret);
 	}
 
-static int b64_write(b,in,inl)
-BIO *b;
-char *in;
-int inl;
+static int b64_write(BIO *b, char *in, int inl)
 	{
 	int ret=inl,n,i;
 	BIO_B64_CTX *ctx;
@@ -451,11 +432,7 @@ int inl;
 	return(ret);
 	}
 
-static long b64_ctrl(b,cmd,num,ptr)
-BIO *b;
-int cmd;
-long num;
-char *ptr;
+static long b64_ctrl(BIO *b, int cmd, long num, char *ptr)
 	{
 	BIO_B64_CTX *ctx;
 	long ret=1;
diff --git a/lib/libssl/src/crypto/evp/bio_enc.c b/lib/libssl/src/crypto/evp/bio_enc.c
index 6c30ddfc54b..0a7b1ecf07c 100644
--- a/lib/libssl/src/crypto/evp/bio_enc.c
+++ b/lib/libssl/src/crypto/evp/bio_enc.c
@@ -59,10 +59,9 @@
 #include <stdio.h>
 #include <errno.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "evp.h"
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
 
-#ifndef NOPROTO
 static int enc_write(BIO *h,char *buf,int num);
 static int enc_read(BIO *h,char *buf,int size);
 /*static int enc_puts(BIO *h,char *str); */
@@ -70,16 +69,6 @@ static int enc_read(BIO *h,char *buf,int size);
 static long enc_ctrl(BIO *h,int cmd,long arg1,char *arg2);
 static int enc_new(BIO *h);
 static int enc_free(BIO *data);
-#else
-static int enc_write();
-static int enc_read();
-/*static int enc_puts(); */
-/*static int enc_gets(); */
-static long enc_ctrl();
-static int enc_new();
-static int enc_free();
-#endif
-
 #define ENC_BLOCK_SIZE	(1024*4)
 
 typedef struct enc_struct
@@ -105,13 +94,12 @@ static BIO_METHOD methods_enc=
 	enc_free,
 	};
 
-BIO_METHOD *BIO_f_cipher()
+BIO_METHOD *BIO_f_cipher(void)
 	{
 	return(&methods_enc);
 	}
 
-static int enc_new(bi)
-BIO *bi;
+static int enc_new(BIO *bi)
 	{
 	BIO_ENC_CTX *ctx;
 
@@ -131,8 +119,7 @@ BIO *bi;
 	return(1);
 	}
 
-static int enc_free(a)
-BIO *a;
+static int enc_free(BIO *a)
 	{
 	BIO_ENC_CTX *b;
 
@@ -147,10 +134,7 @@ BIO *a;
 	return(1);
 	}
 	
-static int enc_read(b,out,outl)
-BIO *b;
-char *out;
-int outl;
+static int enc_read(BIO *b, char *out, int outl)
 	{
 	int ret=0,i;
 	BIO_ENC_CTX *ctx;
@@ -230,10 +214,7 @@ int outl;
 	return((ret == 0)?ctx->cont:ret);
 	}
 
-static int enc_write(b,in,inl)
-BIO *b;
-char *in;
-int inl;
+static int enc_write(BIO *b, char *in, int inl)
 	{
 	int ret=0,n,i;
 	BIO_ENC_CTX *ctx;
@@ -288,16 +269,13 @@ int inl;
 	return(ret);
 	}
 
-static long enc_ctrl(b,cmd,num,ptr)
-BIO *b;
-int cmd;
-long num;
-char *ptr;
+static long enc_ctrl(BIO *b, int cmd, long num, char *ptr)
 	{
 	BIO *dbio;
 	BIO_ENC_CTX *ctx,*dctx;
 	long ret=1;
 	int i;
+	EVP_CIPHER_CTX **c_ctx;
 
 	ctx=(BIO_ENC_CTX *)b->ptr;
 
@@ -364,7 +342,11 @@ again:
 		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
 		BIO_copy_next_retry(b);
 		break;
-
+	case BIO_C_GET_CIPHER_CTX:
+		c_ctx=(EVP_CIPHER_CTX **)ptr;
+		(*c_ctx)= &(ctx->cipher);
+		b->init=1;
+		break;
 	case BIO_CTRL_DUP:
 		dbio=(BIO *)ptr;
 		dctx=(BIO_ENC_CTX *)dbio->ptr;
@@ -398,19 +380,15 @@ EVP_CIPHER_ctx *c;
 	}
 */
 
-void BIO_set_cipher(b,c,k,i,e)
-BIO *b;
-EVP_CIPHER *c;
-unsigned char *k;
-unsigned char *i;
-int e;
+void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, unsigned char *k,
+	     unsigned char *i, int e)
 	{
 	BIO_ENC_CTX *ctx;
 
 	if (b == NULL) return;
 
 	if ((b->callback != NULL) &&
-		(b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0))
+		(b->callback(b,BIO_CB_CTRL,(const char *)c,BIO_CTRL_SET,e,0L) <= 0))
 		return;
 
 	b->init=1;
@@ -418,6 +396,6 @@ int e;
 	EVP_CipherInit(&(ctx->cipher),c,k,i,e);
 	
 	if (b->callback != NULL)
-		b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);
+		b->callback(b,BIO_CB_CTRL,(const char *)c,BIO_CTRL_SET,e,1L);
 	}
 
diff --git a/lib/libssl/src/crypto/evp/bio_md.c b/lib/libssl/src/crypto/evp/bio_md.c
index fa5fdc055b4..317167f9c46 100644
--- a/lib/libssl/src/crypto/evp/bio_md.c
+++ b/lib/libssl/src/crypto/evp/bio_md.c
@@ -59,13 +59,12 @@
 #include <stdio.h>
 #include <errno.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "evp.h"
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
 
 /* BIO_put and BIO_get both add to the digest,
  * BIO_gets returns the digest */
 
-#ifndef NOPROTO
 static int md_write(BIO *h,char *buf,int num);
 static int md_read(BIO *h,char *buf,int size);
 /*static int md_puts(BIO *h,char *str); */
@@ -73,16 +72,6 @@ static int md_gets(BIO *h,char *str,int size);
 static long md_ctrl(BIO *h,int cmd,long arg1,char *arg2);
 static int md_new(BIO *h);
 static int md_free(BIO *data);
-#else
-static int md_write();
-static int md_read();
-/*static int md_puts(); */
-static int md_gets();
-static long md_ctrl();
-static int md_new();
-static int md_free();
-#endif
-
 static BIO_METHOD methods_md=
 	{
 	BIO_TYPE_MD,"message digest",
@@ -95,13 +84,12 @@ static BIO_METHOD methods_md=
 	md_free,
 	};
 
-BIO_METHOD *BIO_f_md()
+BIO_METHOD *BIO_f_md(void)
 	{
 	return(&methods_md);
 	}
 
-static int md_new(bi)
-BIO *bi;
+static int md_new(BIO *bi)
 	{
 	EVP_MD_CTX *ctx;
 
@@ -114,8 +102,7 @@ BIO *bi;
 	return(1);
 	}
 
-static int md_free(a)
-BIO *a;
+static int md_free(BIO *a)
 	{
 	if (a == NULL) return(0);
 	Free(a->ptr);
@@ -125,10 +112,7 @@ BIO *a;
 	return(1);
 	}
 	
-static int md_read(b,out,outl)
-BIO *b;
-char *out;
-int outl;
+static int md_read(BIO *b, char *out, int outl)
 	{
 	int ret=0;
 	EVP_MD_CTX *ctx;
@@ -152,10 +136,7 @@ int outl;
 	return(ret);
 	}
 
-static int md_write(b,in,inl)
-BIO *b;
-char *in;
-int inl;
+static int md_write(BIO *b, char *in, int inl)
 	{
 	int ret=0;
 	EVP_MD_CTX *ctx;
@@ -178,14 +159,10 @@ int inl;
 	return(ret);
 	}
 
-static long md_ctrl(b,cmd,num,ptr)
-BIO *b;
-int cmd;
-long num;
-char *ptr;
+static long md_ctrl(BIO *b, int cmd, long num, char *ptr)
 	{
 	EVP_MD_CTX *ctx,*dctx,**pctx;
-	EVP_MD **ppmd;
+	const EVP_MD **ppmd;
 	EVP_MD *md;
 	long ret=1;
 	BIO *dbio;
@@ -204,7 +181,7 @@ char *ptr;
 	case BIO_C_GET_MD:
 		if (b->init)
 			{
-			ppmd=(EVP_MD **)ptr;
+			ppmd=(const EVP_MD **)ptr;
 			*ppmd=ctx->digest;
 			}
 		else
@@ -243,10 +220,7 @@ char *ptr;
 	return(ret);
 	}
 
-static int md_gets(bp,buf,size)
-BIO *bp;
-char *buf;
-int size;
+static int md_gets(BIO *bp, char *buf, int size)
 	{
 	EVP_MD_CTX *ctx;
 	unsigned int ret;
diff --git a/lib/libssl/src/crypto/evp/bio_ok.c b/lib/libssl/src/crypto/evp/bio_ok.c
new file mode 100644
index 00000000000..101275d6487
--- /dev/null
+++ b/lib/libssl/src/crypto/evp/bio_ok.c
@@ -0,0 +1,552 @@
+/* crypto/evp/bio_ok.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+	From: Arne Ansper <arne@cyber.ee>
+
+	Why BIO_f_reliable?
+
+	I wrote function which took BIO* as argument, read data from it
+	and processed it. Then I wanted to store the input file in 
+	encrypted form. OK I pushed BIO_f_cipher to the BIO stack
+	and everything was OK. BUT if user types wrong password 
+	BIO_f_cipher outputs only garbage and my function crashes. Yes
+	I can and I should fix my function, but BIO_f_cipher is 
+	easy way to add encryption support to many exisiting applications
+	and it's hard to debug and fix them all. 
+
+	So I wanted another BIO which would catch the incorrect passwords and
+	file damages which cause garbage on BIO_f_cipher's output. 
+
+	The easy way is to push the BIO_f_md and save the checksum at 
+	the end of the file. However there are several problems with this
+	approach:
+
+	1) you must somehow separate checksum from actual data. 
+	2) you need lot's of memory when reading the file, because you 
+	must read to the end of the file and verify the checksum before
+	leting the application to read the data. 
+	
+	BIO_f_reliable tries to solve both problems, so that you can 
+	read and write arbitraly long streams using only fixed amount
+	of memory.
+
+	BIO_f_reliable splits data stream into blocks. Each block is prefixed
+	with it's length and suffixed with it's digest. So you need only 
+	several Kbytes of memory to buffer single block before verifying 
+	it's digest. 
+
+	BIO_f_reliable goes futher and adds several important capabilities:
+
+	1) the digest of the block is computed over the whole stream 
+	-- so nobody can rearrange the blocks or remove or replace them.
+
+	2) to detect invalid passwords right at the start BIO_f_reliable 
+	adds special prefix to the stream. In order to avoid known plain-text
+	attacks this prefix is generated as follows:
+
+		*) digest is initialized with random seed instead of 
+		standardized one.
+		*) same seed is written to ouput
+		*) well-known text is then hashed and the output 
+		of the digest is also written to output.
+
+	reader can now read the seed from stream, hash the same string
+	and then compare the digest output.
+
+	Bad things: BIO_f_reliable knows what's going on in EVP_Digest. I 
+	initialy wrote and tested this code on x86 machine and wrote the
+	digests out in machine-dependent order :( There are people using
+	this code and I cannot change this easily without making existing
+	data files unreadable.
+
+*/
+
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+
+static int ok_write(BIO *h,char *buf,int num);
+static int ok_read(BIO *h,char *buf,int size);
+static long ok_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int ok_new(BIO *h);
+static int ok_free(BIO *data);
+static void sig_out(BIO* b);
+static void sig_in(BIO* b);
+static void block_out(BIO* b);
+static void block_in(BIO* b);
+#define OK_BLOCK_SIZE	(1024*4)
+#define OK_BLOCK_BLOCK	4
+#define IOBS		(OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE)
+#define WELLKNOWN "The quick brown fox jumped over the lazy dog's back."
+
+#ifndef L_ENDIAN
+#define swapem(x) \
+	((unsigned long int)((((unsigned long int)(x) & 0x000000ffU) << 24) | \
+			     (((unsigned long int)(x) & 0x0000ff00U) <<  8) | \
+			     (((unsigned long int)(x) & 0x00ff0000U) >>  8) | \
+			     (((unsigned long int)(x) & 0xff000000U) >> 24)))
+#else
+#define swapem(x) (x)
+#endif
+
+typedef struct ok_struct
+	{
+	int buf_len;
+	int buf_off;
+	int buf_len_save;
+	int buf_off_save;
+	int cont;		/* <= 0 when finished */
+	int finished;
+	EVP_MD_CTX md;
+	int blockout;		/* output block is ready */ 
+	int sigio;		/* must process signature */
+	char buf[IOBS];
+	} BIO_OK_CTX;
+
+static BIO_METHOD methods_ok=
+	{
+	BIO_TYPE_CIPHER,"reliable",
+	ok_write,
+	ok_read,
+	NULL, /* ok_puts, */
+	NULL, /* ok_gets, */
+	ok_ctrl,
+	ok_new,
+	ok_free,
+	};
+
+BIO_METHOD *BIO_f_reliable(void)
+	{
+	return(&methods_ok);
+	}
+
+static int ok_new(BIO *bi)
+	{
+	BIO_OK_CTX *ctx;
+
+	ctx=(BIO_OK_CTX *)Malloc(sizeof(BIO_OK_CTX));
+	if (ctx == NULL) return(0);
+
+	ctx->buf_len=0;
+	ctx->buf_off=0;
+	ctx->buf_len_save=0;
+	ctx->buf_off_save=0;
+	ctx->cont=1;
+	ctx->finished=0;
+	ctx->blockout= 0;
+	ctx->sigio=1;
+
+	bi->init=0;
+	bi->ptr=(char *)ctx;
+	bi->flags=0;
+	return(1);
+	}
+
+static int ok_free(BIO *a)
+	{
+	if (a == NULL) return(0);
+	memset(a->ptr,0,sizeof(BIO_OK_CTX));
+	Free(a->ptr);
+	a->ptr=NULL;
+	a->init=0;
+	a->flags=0;
+	return(1);
+	}
+	
+static int ok_read(BIO *b, char *out, int outl)
+	{
+	int ret=0,i,n;
+	BIO_OK_CTX *ctx;
+
+	if (out == NULL) return(0);
+	ctx=(BIO_OK_CTX *)b->ptr;
+
+	if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) return(0);
+
+	while(outl > 0)
+		{
+
+		/* copy clean bytes to output buffer */
+		if (ctx->blockout)
+			{
+			i=ctx->buf_len-ctx->buf_off;
+			if (i > outl) i=outl;
+			memcpy(out,&(ctx->buf[ctx->buf_off]),i);
+			ret+=i;
+			out+=i;
+			outl-=i;
+			ctx->buf_off+=i;
+
+			/* all clean bytes are out */
+			if (ctx->buf_len == ctx->buf_off)
+				{
+				ctx->buf_off=0;
+
+				/* copy start of the next block into proper place */
+				if(ctx->buf_len_save- ctx->buf_off_save > 0)
+					{
+					ctx->buf_len= ctx->buf_len_save- ctx->buf_off_save;
+					memmove(ctx->buf, &(ctx->buf[ctx->buf_off_save]),
+							ctx->buf_len);
+					}
+				else
+					{
+					ctx->buf_len=0;
+					}
+				ctx->blockout= 0;
+				}
+			}
+	
+		/* output buffer full -- cancel */
+		if (outl == 0) break;
+
+		/* no clean bytes in buffer -- fill it */
+		n=IOBS- ctx->buf_len;
+		i=BIO_read(b->next_bio,&(ctx->buf[ctx->buf_len]),n);
+
+		if (i <= 0) break;	/* nothing new */
+
+		ctx->buf_len+= i;
+
+		/* no signature yet -- check if we got one */
+		if (ctx->sigio == 1) sig_in(b);
+
+		/* signature ok -- check if we got block */
+		if (ctx->sigio == 0) block_in(b);
+
+		/* invalid block -- cancel */
+		if (ctx->cont <= 0) break;
+
+		}
+
+	BIO_clear_retry_flags(b);
+	BIO_copy_next_retry(b);
+	return(ret);
+	}
+
+static int ok_write(BIO *b, char *in, int inl)
+	{
+	int ret=0,n,i;
+	BIO_OK_CTX *ctx;
+
+	ctx=(BIO_OK_CTX *)b->ptr;
+	ret=inl;
+
+	if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) return(0);
+
+	if(ctx->sigio) sig_out(b);
+
+	do{
+		BIO_clear_retry_flags(b);
+		n=ctx->buf_len-ctx->buf_off;
+		while (ctx->blockout && n > 0)
+			{
+			i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
+			if (i <= 0)
+				{
+				BIO_copy_next_retry(b);
+				if(!BIO_should_retry(b))
+					ctx->cont= 0;
+				return(i);
+				}
+			ctx->buf_off+=i;
+			n-=i;
+			}
+
+		/* at this point all pending data has been written */
+		ctx->blockout= 0;
+		if (ctx->buf_len == ctx->buf_off)
+			{
+			ctx->buf_len=OK_BLOCK_BLOCK;
+			ctx->buf_off=0;
+			}
+	
+		if ((in == NULL) || (inl <= 0)) return(0);
+
+		n= (inl+ ctx->buf_len > OK_BLOCK_SIZE+ OK_BLOCK_BLOCK) ? 
+				OK_BLOCK_SIZE+ OK_BLOCK_BLOCK- ctx->buf_len : inl;
+
+		memcpy((unsigned char *)(&(ctx->buf[ctx->buf_len])),(unsigned char *)in,n);
+		ctx->buf_len+= n;
+		inl-=n;
+		in+=n;
+
+		if(ctx->buf_len >= OK_BLOCK_SIZE+ OK_BLOCK_BLOCK)
+			{
+			block_out(b);
+			}
+	}while(inl > 0);
+
+	BIO_clear_retry_flags(b);
+	BIO_copy_next_retry(b);
+	return(ret);
+	}
+
+static long ok_ctrl(BIO *b, int cmd, long num, char *ptr)
+	{
+	BIO_OK_CTX *ctx;
+	EVP_MD *md;
+	const EVP_MD **ppmd;
+	long ret=1;
+	int i;
+
+	ctx=(BIO_OK_CTX *)b->ptr;
+
+	switch (cmd)
+		{
+	case BIO_CTRL_RESET:
+		ctx->buf_len=0;
+		ctx->buf_off=0;
+		ctx->buf_len_save=0;
+		ctx->buf_off_save=0;
+		ctx->cont=1;
+		ctx->finished=0;
+		ctx->blockout= 0;
+		ctx->sigio=1;
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_CTRL_EOF:	/* More to read */
+		if (ctx->cont <= 0)
+			ret=1;
+		else
+			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_CTRL_PENDING: /* More to read in buffer */
+	case BIO_CTRL_WPENDING: /* More to read in buffer */
+		ret=ctx->blockout ? ctx->buf_len-ctx->buf_off : 0;
+		if (ret <= 0)
+			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_CTRL_FLUSH:
+		/* do a final write */
+		if(ctx->blockout == 0)
+			block_out(b);
+
+		while (ctx->blockout)
+			{
+			i=ok_write(b,NULL,0);
+			if (i < 0)
+				{
+				ret=i;
+				break;
+				}
+			}
+
+		ctx->finished=1;
+		ctx->buf_off=ctx->buf_len=0;
+		ctx->cont=(int)ret;
+		
+		/* Finally flush the underlying BIO */
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_C_DO_STATE_MACHINE:
+		BIO_clear_retry_flags(b);
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		BIO_copy_next_retry(b);
+		break;
+	case BIO_CTRL_INFO:
+		ret=(long)ctx->cont;
+		break;
+	case BIO_C_SET_MD:
+		md=(EVP_MD *)ptr;
+		EVP_DigestInit(&(ctx->md),md);
+		b->init=1;
+		break;
+	case BIO_C_GET_MD:
+		if (b->init)
+			{
+			ppmd=(const EVP_MD **)ptr;
+			*ppmd=ctx->md.digest;
+			}
+		else
+			ret=0;
+		break;
+	default:
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+		}
+	return(ret);
+	}
+
+static void longswap(void *_ptr, int len)
+{
+#ifndef L_ENDIAN
+	int i;
+	char *ptr=_ptr;
+
+	for(i= 0;i < len;i+= 4){
+		*((unsigned long *)&(ptr[i]))= swapem(*((unsigned long *)&(ptr[i])));
+	}
+#endif
+}
+
+static void sig_out(BIO* b)
+	{
+	BIO_OK_CTX *ctx;
+	EVP_MD_CTX *md;
+
+	ctx=(BIO_OK_CTX *)b->ptr;
+	md= &(ctx->md);
+
+	if(ctx->buf_len+ 2* md->digest->md_size > OK_BLOCK_SIZE) return;
+
+	EVP_DigestInit(md, md->digest);
+	RAND_bytes(&(md->md.base[0]), md->digest->md_size);
+	memcpy(&(ctx->buf[ctx->buf_len]), &(md->md.base[0]), md->digest->md_size);
+	longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size);
+	ctx->buf_len+= md->digest->md_size;
+
+	EVP_DigestUpdate(md, (unsigned char*)WELLKNOWN, strlen(WELLKNOWN));
+	md->digest->final(&(ctx->buf[ctx->buf_len]), &(md->md.base[0]));
+	ctx->buf_len+= md->digest->md_size;
+	ctx->blockout= 1;
+	ctx->sigio= 0;
+	}
+
+static void sig_in(BIO* b)
+	{
+	BIO_OK_CTX *ctx;
+	EVP_MD_CTX *md;
+	unsigned char tmp[EVP_MAX_MD_SIZE];
+	int ret= 0;
+
+	ctx=(BIO_OK_CTX *)b->ptr;
+	md= &(ctx->md);
+
+	if(ctx->buf_len- ctx->buf_off < 2* md->digest->md_size) return;
+
+	EVP_DigestInit(md, md->digest);
+	memcpy(&(md->md.base[0]), &(ctx->buf[ctx->buf_off]), md->digest->md_size);
+	longswap(&(md->md.base[0]), md->digest->md_size);
+	ctx->buf_off+= md->digest->md_size;
+
+	EVP_DigestUpdate(md, (unsigned char*)WELLKNOWN, strlen(WELLKNOWN));
+	md->digest->final(tmp, &(md->md.base[0]));
+	ret= memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0;
+	ctx->buf_off+= md->digest->md_size;
+	if(ret == 1)
+		{
+		ctx->sigio= 0;
+		if(ctx->buf_len != ctx->buf_off)
+			{
+			memmove(ctx->buf, &(ctx->buf[ctx->buf_off]), ctx->buf_len- ctx->buf_off);
+			}
+		ctx->buf_len-= ctx->buf_off;
+		ctx->buf_off= 0;
+		}
+	else
+		{
+		ctx->cont= 0;
+		}
+	}
+
+static void block_out(BIO* b)
+	{
+	BIO_OK_CTX *ctx;
+	EVP_MD_CTX *md;
+	unsigned long tl;
+
+	ctx=(BIO_OK_CTX *)b->ptr;
+	md= &(ctx->md);
+
+	tl= ctx->buf_len- OK_BLOCK_BLOCK;
+	tl= swapem(tl);
+	memcpy(ctx->buf, &tl, OK_BLOCK_BLOCK);
+	tl= swapem(tl);
+	EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl);
+	md->digest->final(&(ctx->buf[ctx->buf_len]), &(md->md.base[0]));
+	ctx->buf_len+= md->digest->md_size;
+	ctx->blockout= 1;
+	}
+
+static void block_in(BIO* b)
+	{
+	BIO_OK_CTX *ctx;
+	EVP_MD_CTX *md;
+	long tl= 0;
+	unsigned char tmp[EVP_MAX_MD_SIZE];
+
+	ctx=(BIO_OK_CTX *)b->ptr;
+	md= &(ctx->md);
+
+	memcpy(&tl, ctx->buf, OK_BLOCK_BLOCK);
+	tl= swapem(tl);
+	if (ctx->buf_len < tl+ OK_BLOCK_BLOCK+ md->digest->md_size) return;
+ 
+	EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl);
+	md->digest->final(tmp, &(md->md.base[0]));
+	if(memcmp(&(ctx->buf[tl+ OK_BLOCK_BLOCK]), tmp, md->digest->md_size) == 0)
+		{
+		/* there might be parts from next block lurking around ! */
+		ctx->buf_off_save= tl+ OK_BLOCK_BLOCK+ md->digest->md_size;
+		ctx->buf_len_save= ctx->buf_len;
+		ctx->buf_off= OK_BLOCK_BLOCK;
+		ctx->buf_len= tl+ OK_BLOCK_BLOCK;
+		ctx->blockout= 1;
+		}
+	else
+		{
+		ctx->cont= 0;
+		}
+	}
+
diff --git a/lib/libssl/src/crypto/evp/c_all.c b/lib/libssl/src/crypto/evp/c_all.c
index e77d1c896b4..a4d3b43fb9d 100644
--- a/lib/libssl/src/crypto/evp/c_all.c
+++ b/lib/libssl/src/crypto/evp/c_all.c
@@ -58,16 +58,17 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/pkcs12.h>
+#include <openssl/objects.h>
 
-void SSLeay_add_all_algorithms()
+void SSLeay_add_all_algorithms(void)
 	{
 	SSLeay_add_all_ciphers();
 	SSLeay_add_all_digests();
 	}
 
-void SSLeay_add_all_ciphers()
+void SSLeay_add_all_ciphers(void)
 	{
 #ifndef NO_DES
 	EVP_add_cipher(EVP_des_cfb());
@@ -79,16 +80,16 @@ void SSLeay_add_all_ciphers()
 	EVP_add_cipher(EVP_des_ede3_ofb());
 
 	EVP_add_cipher(EVP_desx_cbc());
-	EVP_add_alias(SN_desx_cbc,"DESX");
-	EVP_add_alias(SN_desx_cbc,"desx");
+	EVP_add_cipher_alias(SN_desx_cbc,"DESX");
+	EVP_add_cipher_alias(SN_desx_cbc,"desx");
 
 	EVP_add_cipher(EVP_des_cbc());
-	EVP_add_alias(SN_des_cbc,"DES");
-	EVP_add_alias(SN_des_cbc,"des");
+	EVP_add_cipher_alias(SN_des_cbc,"DES");
+	EVP_add_cipher_alias(SN_des_cbc,"des");
 	EVP_add_cipher(EVP_des_ede_cbc());
 	EVP_add_cipher(EVP_des_ede3_cbc());
-	EVP_add_alias(SN_des_ede3_cbc,"DES3");
-	EVP_add_alias(SN_des_ede3_cbc,"des3");
+	EVP_add_cipher_alias(SN_des_ede3_cbc,"DES3");
+	EVP_add_cipher_alias(SN_des_ede3_cbc,"des3");
 
 	EVP_add_cipher(EVP_des_ecb());
 	EVP_add_cipher(EVP_des_ede());
@@ -105,8 +106,8 @@ void SSLeay_add_all_ciphers()
 	EVP_add_cipher(EVP_idea_cfb());
 	EVP_add_cipher(EVP_idea_ofb());
 	EVP_add_cipher(EVP_idea_cbc());
-	EVP_add_alias(SN_idea_cbc,"IDEA");
-	EVP_add_alias(SN_idea_cbc,"idea");
+	EVP_add_cipher_alias(SN_idea_cbc,"IDEA");
+	EVP_add_cipher_alias(SN_idea_cbc,"idea");
 #endif
 
 #ifndef NO_RC2
@@ -115,18 +116,19 @@ void SSLeay_add_all_ciphers()
 	EVP_add_cipher(EVP_rc2_ofb());
 	EVP_add_cipher(EVP_rc2_cbc());
 	EVP_add_cipher(EVP_rc2_40_cbc());
-	EVP_add_alias(SN_rc2_cbc,"RC2");
-	EVP_add_alias(SN_rc2_cbc,"rc2");
+	EVP_add_cipher(EVP_rc2_64_cbc());
+	EVP_add_cipher_alias(SN_rc2_cbc,"RC2");
+	EVP_add_cipher_alias(SN_rc2_cbc,"rc2");
 #endif
 
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 	EVP_add_cipher(EVP_bf_ecb());
 	EVP_add_cipher(EVP_bf_cfb());
 	EVP_add_cipher(EVP_bf_ofb());
 	EVP_add_cipher(EVP_bf_cbc());
-	EVP_add_alias(SN_bf_cbc,"BF");
-	EVP_add_alias(SN_bf_cbc,"bf");
-	EVP_add_alias(SN_bf_cbc,"blowfish");
+	EVP_add_cipher_alias(SN_bf_cbc,"BF");
+	EVP_add_cipher_alias(SN_bf_cbc,"bf");
+	EVP_add_cipher_alias(SN_bf_cbc,"blowfish");
 #endif
 
 #ifndef NO_CAST
@@ -134,10 +136,10 @@ void SSLeay_add_all_ciphers()
 	EVP_add_cipher(EVP_cast5_cfb());
 	EVP_add_cipher(EVP_cast5_ofb());
 	EVP_add_cipher(EVP_cast5_cbc());
-	EVP_add_alias(SN_cast5_cbc,"CAST");
-	EVP_add_alias(SN_cast5_cbc,"cast");
-	EVP_add_alias(SN_cast5_cbc,"CAST-cbc");
-	EVP_add_alias(SN_cast5_cbc,"cast-cbc");
+	EVP_add_cipher_alias(SN_cast5_cbc,"CAST");
+	EVP_add_cipher_alias(SN_cast5_cbc,"cast");
+	EVP_add_cipher_alias(SN_cast5_cbc,"CAST-cbc");
+	EVP_add_cipher_alias(SN_cast5_cbc,"cast-cbc");
 #endif
 
 #ifndef NO_RC5
@@ -145,23 +147,21 @@ void SSLeay_add_all_ciphers()
 	EVP_add_cipher(EVP_rc5_32_12_16_cfb());
 	EVP_add_cipher(EVP_rc5_32_12_16_ofb());
 	EVP_add_cipher(EVP_rc5_32_12_16_cbc());
-	EVP_add_alias(SN_rc5_cbc,"rc5");
-	EVP_add_alias(SN_rc5_cbc,"RC5");
-	EVP_add_alias(SN_rc5_cbc,"rc5-cbc");
-	EVP_add_alias(SN_rc5_cbc,"RC5-cbc");
+	EVP_add_cipher_alias(SN_rc5_cbc,"rc5");
+	EVP_add_cipher_alias(SN_rc5_cbc,"RC5");
 #endif
 	}
 
 
-void SSLeay_add_all_digests()
+void SSLeay_add_all_digests(void)
 	{
 #ifndef NO_MD2
 	EVP_add_digest(EVP_md2());
 #endif
 #ifndef NO_MD5
 	EVP_add_digest(EVP_md5());
-	EVP_add_alias(SN_md5,"ssl2-md5");
-	EVP_add_alias(SN_md5,"ssl3-md5");
+	EVP_add_digest_alias(SN_md5,"ssl2-md5");
+	EVP_add_digest_alias(SN_md5,"ssl3-md5");
 #endif
 #ifndef NO_SHA
 	EVP_add_digest(EVP_sha());
@@ -169,22 +169,25 @@ void SSLeay_add_all_digests()
 	EVP_add_digest(EVP_dss());
 #endif
 #endif
-#ifndef NO_SHA1
+#ifndef NO_SHA
 	EVP_add_digest(EVP_sha1());
-	EVP_add_alias(SN_sha1,"ssl3-sha1");
+	EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
+	EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
 #ifndef NO_DSA
 	EVP_add_digest(EVP_dss1());
-	EVP_add_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
-	EVP_add_alias(SN_dsaWithSHA1,"DSS1");
-	EVP_add_alias(SN_dsaWithSHA1,"dss1");
+	EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
+	EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
+	EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
 #endif
 #endif
 #if !defined(NO_MDC2) && !defined(NO_DES)
 	EVP_add_digest(EVP_mdc2());
 #endif
-#ifndef NO_RIPEMD160
+#ifndef NO_RIPEMD
 	EVP_add_digest(EVP_ripemd160());
-	EVP_add_alias(SN_ripemd160,"ripemd");
-	EVP_add_alias(SN_ripemd160,"rmd160");
+	EVP_add_digest_alias(SN_ripemd160,"ripemd");
+	EVP_add_digest_alias(SN_ripemd160,"rmd160");
 #endif
+	PKCS12_PBE_add();
+	PKCS5_PBE_add();
 	}
diff --git a/lib/libssl/src/crypto/evp/digest.c b/lib/libssl/src/crypto/evp/digest.c
index d65f0036f7b..c560733568c 100644
--- a/lib/libssl/src/crypto/evp/digest.c
+++ b/lib/libssl/src/crypto/evp/digest.c
@@ -58,32 +58,35 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "objects.h"
-#include "evp.h"
+#include <openssl/objects.h>
+#include <openssl/evp.h>
 
-void EVP_DigestInit(ctx,type)
-EVP_MD_CTX *ctx;
-EVP_MD *type;
+void EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
 	{
 	ctx->digest=type;
 	type->init(&(ctx->md));
 	}
 
-void EVP_DigestUpdate(ctx,data,count)
-EVP_MD_CTX *ctx;
-unsigned char *data;
-unsigned int count;
+void EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data,
+	     unsigned int count)
 	{
 	ctx->digest->update(&(ctx->md.base[0]),data,(unsigned long)count);
 	}
 
-void EVP_DigestFinal(ctx,md,size)
-EVP_MD_CTX *ctx;
-unsigned char *md;
-unsigned int *size;
+void EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
 	{
 	ctx->digest->final(md,&(ctx->md.base[0]));
 	if (size != NULL)
 		*size=ctx->digest->md_size;
 	memset(&(ctx->md),0,sizeof(ctx->md));
 	}
+
+int EVP_MD_CTX_copy(EVP_MD_CTX *out, EVP_MD_CTX *in)
+{
+    if ((in == NULL) || (in->digest == NULL)) {
+        EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED);
+	return 0;
+    }
+    memcpy((char *)out,(char *)in,in->digest->ctx_size);
+    return 1;
+}    
diff --git a/lib/libssl/src/crypto/evp/e_cbc_3d.c b/lib/libssl/src/crypto/evp/e_cbc_3d.c
index 5761bf186a1..02ccc6dc907 100644
--- a/lib/libssl/src/crypto/evp/e_cbc_3d.c
+++ b/lib/libssl/src/crypto/evp/e_cbc_3d.c
@@ -56,24 +56,18 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_DES
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
 
-#ifndef NOPROTO
 static void des_cbc_ede_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
 	unsigned char *iv,int enc);
 static void des_cbc_ede3_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
 	unsigned char *iv,int enc);
 static void des_cbc_ede_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	unsigned char *in, unsigned int inl);
-#else
-static void des_cbc_ede_init_key();
-static void des_cbc_ede3_init_key();
-static void des_cbc_ede_cipher();
-#endif
-
 static EVP_CIPHER d_cbc_ede_cipher2=
 	{
 	NID_des_ede_cbc,
@@ -83,8 +77,8 @@ static EVP_CIPHER d_cbc_ede_cipher2=
 	NULL,
 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
-	EVP_CIPHER_get_asn1_iv,
 	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
 	};
 
 static EVP_CIPHER d_cbc_ede_cipher3=
@@ -100,64 +94,58 @@ static EVP_CIPHER d_cbc_ede_cipher3=
 	EVP_CIPHER_get_asn1_iv,
 	};
 
-EVP_CIPHER *EVP_des_ede_cbc()
+EVP_CIPHER *EVP_des_ede_cbc(void)
 	{
 	return(&d_cbc_ede_cipher2);
 	}
 
-EVP_CIPHER *EVP_des_ede3_cbc()
+EVP_CIPHER *EVP_des_ede3_cbc(void)
 	{
 	return(&d_cbc_ede_cipher3);
 	}
 	
-static void des_cbc_ede_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+static void des_cbc_ede_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
 	{
+	des_cblock *deskey = (des_cblock *)key;
+
 	if (iv != NULL)
 		memcpy(&(ctx->oiv[0]),iv,8);
 	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
 
-	if (key != NULL)
+	if (deskey != NULL)
 		{
-		des_set_key((des_cblock *)key,ctx->c.des_ede.ks1);
-		des_set_key((des_cblock *)&(key[8]),ctx->c.des_ede.ks2);
+		des_set_key(&deskey[0],ctx->c.des_ede.ks1);
+		des_set_key(&deskey[1],ctx->c.des_ede.ks2);
 		memcpy( (char *)ctx->c.des_ede.ks3,
 			(char *)ctx->c.des_ede.ks1,
 			sizeof(ctx->c.des_ede.ks1));
 		}
 	}
 
-static void des_cbc_ede3_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+static void des_cbc_ede3_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
 	{
+	des_cblock *deskey = (des_cblock *)key;
+
 	if (iv != NULL)
 		memcpy(&(ctx->oiv[0]),iv,8);
 	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
 
-	if (key != NULL)
+	if (deskey != NULL)
 		{
-		des_set_key((des_cblock *)key,ctx->c.des_ede.ks1);
-		des_set_key((des_cblock *)&(key[8]),ctx->c.des_ede.ks2);
-		des_set_key((des_cblock *)&(key[16]),ctx->c.des_ede.ks3);
+		des_set_key(&deskey[0],ctx->c.des_ede.ks1);
+		des_set_key(&deskey[1],ctx->c.des_ede.ks2);
+		des_set_key(&deskey[2],ctx->c.des_ede.ks3);
 		}
 	}
 
-static void des_cbc_ede_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
+static void des_cbc_ede_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
 	{
-	des_ede3_cbc_encrypt(
-		(des_cblock *)in,(des_cblock *)out,
-		(long)inl, ctx->c.des_ede.ks1,
+	des_ede3_cbc_encrypt(in,out,inl, ctx->c.des_ede.ks1,
 		ctx->c.des_ede.ks2,ctx->c.des_ede.ks3,
-		(des_cblock *)&(ctx->iv[0]),
+		(des_cblock *) &(ctx->iv[0]),
 		ctx->encrypt);
 	}
+#endif
diff --git a/lib/libssl/src/crypto/evp/e_cbc_bf.c b/lib/libssl/src/crypto/evp/e_cbc_bf.c
index be605f4a137..9bcba3c516b 100644
--- a/lib/libssl/src/crypto/evp/e_cbc_bf.c
+++ b/lib/libssl/src/crypto/evp/e_cbc_bf.c
@@ -56,23 +56,16 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_BLOWFISH
-
+#ifndef NO_BF
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
 
-#ifndef NOPROTO
 static void bf_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
 	unsigned char *iv,int enc);
 static void bf_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	unsigned char *in, unsigned int inl);
-#else
-static void bf_cbc_init_key();
-static void bf_cbc_cipher();
-#endif
-
 static EVP_CIPHER bfish_cbc_cipher=
 	{
 	NID_bf_cbc,
@@ -82,20 +75,17 @@ static EVP_CIPHER bfish_cbc_cipher=
 	NULL,
 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.bf_ks)),
-	EVP_CIPHER_get_asn1_iv,
 	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
 	};
 
-EVP_CIPHER *EVP_bf_cbc()
+EVP_CIPHER *EVP_bf_cbc(void)
 	{
 	return(&bfish_cbc_cipher);
 	}
 	
-static void bf_cbc_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+static void bf_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
 	{
 	if (iv != NULL)
 		memcpy(&(ctx->oiv[0]),iv,8);
@@ -104,11 +94,8 @@ int enc;
 		BF_set_key(&(ctx->c.bf_ks),EVP_BLOWFISH_KEY_SIZE,key);
 	}
 
-static void bf_cbc_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
+static void bf_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
 	{
 	BF_cbc_encrypt(
 		in,out,(long)inl,
diff --git a/lib/libssl/src/crypto/evp/e_cbc_c.c b/lib/libssl/src/crypto/evp/e_cbc_c.c
index b50c7874b38..6845b0b44c9 100644
--- a/lib/libssl/src/crypto/evp/e_cbc_c.c
+++ b/lib/libssl/src/crypto/evp/e_cbc_c.c
@@ -60,19 +60,13 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
 
-#ifndef NOPROTO
 static void cast_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
 	unsigned char *iv,int enc);
 static void cast_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	unsigned char *in, unsigned int inl);
-#else
-static void cast_cbc_init_key();
-static void cast_cbc_cipher();
-#endif
-
 static EVP_CIPHER cast5_cbc_cipher=
 	{
 	NID_cast5_cbc,
@@ -82,20 +76,17 @@ static EVP_CIPHER cast5_cbc_cipher=
 	NULL,
 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.cast_ks)),
-	EVP_CIPHER_get_asn1_iv,
 	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
 	};
 
-EVP_CIPHER *EVP_cast5_cbc()
+EVP_CIPHER *EVP_cast5_cbc(void)
 	{
 	return(&cast5_cbc_cipher);
 	}
 	
-static void cast_cbc_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+static void cast_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
 	{
 	if (iv != NULL)
 		memcpy(&(ctx->oiv[0]),iv,8);
@@ -104,11 +95,8 @@ int enc;
 		CAST_set_key(&(ctx->c.cast_ks),EVP_CAST5_KEY_SIZE,key);
 	}
 
-static void cast_cbc_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
+static void cast_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
 	{
 	CAST_cbc_encrypt(
 		in,out,(long)inl,
diff --git a/lib/libssl/src/crypto/evp/e_cbc_d.c b/lib/libssl/src/crypto/evp/e_cbc_d.c
index c67706e3a09..9203f3f52d9 100644
--- a/lib/libssl/src/crypto/evp/e_cbc_d.c
+++ b/lib/libssl/src/crypto/evp/e_cbc_d.c
@@ -56,21 +56,16 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_DES
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
 
-#ifndef NOPROTO
 static void des_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
 	unsigned char *iv,int enc);
 static void des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	unsigned char *in, unsigned int inl);
-#else
-static void des_cbc_init_key();
-static void des_cbc_cipher();
-#endif
-
 static EVP_CIPHER d_cbc_cipher=
 	{
 	NID_des_cbc,
@@ -80,37 +75,32 @@ static EVP_CIPHER d_cbc_cipher=
 	NULL,
 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ks)),
-	EVP_CIPHER_get_asn1_iv,
 	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
 	};
 
-EVP_CIPHER *EVP_des_cbc()
+EVP_CIPHER *EVP_des_cbc(void)
 	{
 	return(&d_cbc_cipher);
 	}
 	
-static void des_cbc_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+static void des_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
 	{
+	des_cblock *deskey = (des_cblock *)key;
+
 	if (iv != NULL)
 		memcpy(&(ctx->oiv[0]),iv,8);
 	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-	if (key != NULL)
-		des_set_key((des_cblock *)key,ctx->c.des_ks);
+	if (deskey != NULL)
+		des_set_key(deskey,ctx->c.des_ks);
 	}
 
-static void des_cbc_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
+static void des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
 	{
-	des_ncbc_encrypt(
-		(des_cblock *)in,(des_cblock *)out,
-		(long)inl, ctx->c.des_ks,
+	des_ncbc_encrypt(in,out,inl,ctx->c.des_ks,
 		(des_cblock *)&(ctx->iv[0]),
 		ctx->encrypt);
 	}
+#endif
diff --git a/lib/libssl/src/crypto/evp/e_cbc_i.c b/lib/libssl/src/crypto/evp/e_cbc_i.c
index 312ffcb7217..34b44aa21f1 100644
--- a/lib/libssl/src/crypto/evp/e_cbc_i.c
+++ b/lib/libssl/src/crypto/evp/e_cbc_i.c
@@ -60,19 +60,13 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
 
-#ifndef NOPROTO
 static void idea_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
 	unsigned char *iv,int enc);
 static void idea_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	unsigned char *in, unsigned int inl);
-#else
-static void idea_cbc_init_key();
-static void idea_cbc_cipher();
-#endif
-
 static EVP_CIPHER i_cbc_cipher=
 	{
 	NID_idea_cbc,
@@ -82,20 +76,17 @@ static EVP_CIPHER i_cbc_cipher=
 	NULL,
 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.idea_ks)),
-	EVP_CIPHER_get_asn1_iv,
 	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
 	};
 
-EVP_CIPHER *EVP_idea_cbc()
+EVP_CIPHER *EVP_idea_cbc(void)
 	{
 	return(&i_cbc_cipher);
 	}
 	
-static void idea_cbc_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+static void idea_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
 	{
 	if (iv != NULL)
 		memcpy(&(ctx->oiv[0]),iv,8);
@@ -116,11 +107,8 @@ int enc;
 		}
 	}
 
-static void idea_cbc_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
+static void idea_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
 	{
 	idea_cbc_encrypt(
 		in,out,(long)inl,
diff --git a/lib/libssl/src/crypto/evp/e_cbc_r2.c b/lib/libssl/src/crypto/evp/e_cbc_r2.c
index 4f8002f16d1..9dfada4ea64 100644
--- a/lib/libssl/src/crypto/evp/e_cbc_r2.c
+++ b/lib/libssl/src/crypto/evp/e_cbc_r2.c
@@ -60,18 +60,21 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
 
-#ifndef NOPROTO
 static void rc2_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
 	unsigned char *iv,int enc);
 static void rc2_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	unsigned char *in, unsigned int inl);
-#else
-static void rc2_cbc_init_key();
-static void rc2_cbc_cipher();
-#endif
+static int rc2_meth_to_magic(const EVP_CIPHER *e);
+static EVP_CIPHER *rc2_magic_to_meth(int i);
+static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+
+#define RC2_40_MAGIC	0xa0
+#define RC2_64_MAGIC	0x78
+#define RC2_128_MAGIC	0x3a
 
 static EVP_CIPHER r2_cbc_cipher=
 	{
@@ -82,8 +85,21 @@ static EVP_CIPHER r2_cbc_cipher=
 	NULL,
 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2_ks)),
-	EVP_CIPHER_get_asn1_iv,
-	EVP_CIPHER_set_asn1_iv,
+	rc2_set_asn1_type_and_iv,
+	rc2_get_asn1_type_and_iv,
+	};
+
+static EVP_CIPHER r2_64_cbc_cipher=
+	{
+	NID_rc2_64_cbc,
+	8,8 /* 64 bit */,8,
+	rc2_cbc_init_key,
+	rc2_cbc_cipher,
+	NULL,
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2_ks)),
+	rc2_set_asn1_type_and_iv,
+	rc2_get_asn1_type_and_iv,
 	};
 
 static EVP_CIPHER r2_40_cbc_cipher=
@@ -95,23 +111,27 @@ static EVP_CIPHER r2_40_cbc_cipher=
 	NULL,
 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2_ks)),
+	rc2_set_asn1_type_and_iv,
+	rc2_get_asn1_type_and_iv,
 	};
 
-EVP_CIPHER *EVP_rc2_cbc()
+EVP_CIPHER *EVP_rc2_cbc(void)
 	{
 	return(&r2_cbc_cipher);
 	}
 
-EVP_CIPHER *EVP_rc2_40_cbc()
+EVP_CIPHER *EVP_rc2_64_cbc(void)
+	{
+	return(&r2_64_cbc_cipher);
+	}
+
+EVP_CIPHER *EVP_rc2_40_cbc(void)
 	{
 	return(&r2_40_cbc_cipher);
 	}
 	
-static void rc2_cbc_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+static void rc2_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
 	{
 	if (iv != NULL)
 		memcpy(&(ctx->oiv[0]),iv,8);
@@ -121,11 +141,8 @@ int enc;
 			key,EVP_CIPHER_CTX_key_length(ctx)*8);
 	}
 
-static void rc2_cbc_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
+static void rc2_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
 	{
 	RC2_cbc_encrypt(
 		in,out,(long)inl,
@@ -133,4 +150,67 @@ unsigned int inl;
 		ctx->encrypt);
 	}
 
+static int rc2_meth_to_magic(const EVP_CIPHER *e)
+	{
+	int i;
+
+	i=EVP_CIPHER_key_length(e);
+	if 	(i == 16) return(RC2_128_MAGIC);
+	else if (i == 8)  return(RC2_64_MAGIC);
+	else if (i == 5)  return(RC2_40_MAGIC);
+	else return(0);
+	}
+
+static EVP_CIPHER *rc2_magic_to_meth(int i)
+	{
+	if      (i == RC2_128_MAGIC) return(EVP_rc2_cbc());
+	else if (i == RC2_64_MAGIC)  return(EVP_rc2_64_cbc());
+	else if (i == RC2_40_MAGIC)  return(EVP_rc2_40_cbc());
+	else
+		{
+		EVPerr(EVP_F_RC2_MAGIC_TO_METH,EVP_R_UNSUPPORTED_KEY_SIZE);
+		return(NULL);
+		}
+	}
+
+static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+	{
+	long num=0;
+	int i=0,l;
+	EVP_CIPHER *e;
+
+	if (type != NULL)
+		{
+		l=EVP_CIPHER_CTX_iv_length(c);
+		i=ASN1_TYPE_get_int_octetstring(type,&num,c->oiv,l);
+		if (i != l)
+			return(-1);
+		else if (i > 0)
+			memcpy(c->iv,c->oiv,l);
+		e=rc2_magic_to_meth((int)num);
+		if (e == NULL)
+			return(-1);
+		if (e != EVP_CIPHER_CTX_cipher(c))
+			{
+			EVP_CIPHER_CTX_cipher(c)=e;
+			rc2_cbc_init_key(c,NULL,NULL,1);
+			}
+		}
+	return(i);
+	}
+
+static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+	{
+	long num;
+	int i=0,j;
+
+	if (type != NULL)
+		{
+		num=rc2_meth_to_magic(EVP_CIPHER_CTX_cipher(c));
+		j=EVP_CIPHER_CTX_iv_length(c);
+		i=ASN1_TYPE_set_int_octetstring(type,num,c->oiv,j);
+		}
+	return(i);
+	}
+
 #endif
diff --git a/lib/libssl/src/crypto/evp/e_cbc_r5.c b/lib/libssl/src/crypto/evp/e_cbc_r5.c
index f7d46ca91f9..cea3fe333ad 100644
--- a/lib/libssl/src/crypto/evp/e_cbc_r5.c
+++ b/lib/libssl/src/crypto/evp/e_cbc_r5.c
@@ -60,19 +60,13 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
 
-#ifndef NOPROTO
 static void r_32_12_16_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
 	unsigned char *iv,int enc);
 static void r_32_12_16_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	unsigned char *in, unsigned int inl);
-#else
-static void r_32_12_16_cbc_init_key();
-static void r_32_12_16_cbc_cipher();
-#endif
-
 static EVP_CIPHER rc5_32_12_16_cbc_cipher=
 	{
 	NID_rc5_cbc,
@@ -86,16 +80,13 @@ static EVP_CIPHER rc5_32_12_16_cbc_cipher=
 	NULL,
 	};
 
-EVP_CIPHER *EVP_rc5_32_12_16_cbc()
+EVP_CIPHER *EVP_rc5_32_12_16_cbc(void)
 	{
 	return(&rc5_32_12_16_cbc_cipher);
 	}
 	
-static void r_32_12_16_cbc_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+static void r_32_12_16_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
 	{
 	if (iv != NULL)
 		memcpy(&(ctx->oiv[0]),iv,8);
@@ -105,11 +96,8 @@ int enc;
 			key,RC5_12_ROUNDS);
 	}
 
-static void r_32_12_16_cbc_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
+static void r_32_12_16_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
 	{
 	RC5_32_cbc_encrypt(
 		in,out,(long)inl,
diff --git a/lib/libssl/src/crypto/evp/e_cfb_3d.c b/lib/libssl/src/crypto/evp/e_cfb_3d.c
index e7e3419411d..bd32b072e2b 100644
--- a/lib/libssl/src/crypto/evp/e_cfb_3d.c
+++ b/lib/libssl/src/crypto/evp/e_cfb_3d.c
@@ -56,24 +56,18 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_DES
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
 
-#ifndef NOPROTO
 static void des_ede_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
 	unsigned char *iv,int enc);
 static void des_ede3_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
 	unsigned char *iv,int enc);
 static void des_ede_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	unsigned char *in, unsigned int inl);
-#else
-static void des_ede_cfb_init_key();
-static void des_ede3_cfb_init_key();
-static void des_ede_cfb_cipher();
-#endif
-
 static EVP_CIPHER d_ede_cfb_cipher2=
 	{
 	NID_des_ede_cfb64,
@@ -100,67 +94,62 @@ static EVP_CIPHER d_ede3_cfb_cipher3=
 	EVP_CIPHER_get_asn1_iv,
 	};
 
-EVP_CIPHER *EVP_des_ede_cfb()
+EVP_CIPHER *EVP_des_ede_cfb(void)
 	{
 	return(&d_ede_cfb_cipher2);
 	}
 
-EVP_CIPHER *EVP_des_ede3_cfb()
+EVP_CIPHER *EVP_des_ede3_cfb(void)
 	{
 	return(&d_ede3_cfb_cipher3);
 	}
 	
-static void des_ede_cfb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+static void des_ede_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
 	{
+	des_cblock *deskey = (des_cblock *)key;
+
 	ctx->num=0;
 
 	if (iv != NULL)
 		memcpy(&(ctx->oiv[0]),iv,8);
 	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-	if (key != NULL)
+	if (deskey != NULL)
 		{
-		des_set_key((des_cblock *)key,ctx->c.des_ede.ks1);
-		des_set_key((des_cblock *)&(key[8]),ctx->c.des_ede.ks2);
+		des_set_key(&deskey[0],ctx->c.des_ede.ks1);
+		des_set_key(&deskey[1],ctx->c.des_ede.ks2);
 		memcpy( (char *)ctx->c.des_ede.ks3,
 			(char *)ctx->c.des_ede.ks1,
 			sizeof(ctx->c.des_ede.ks1));
 		}
 	}
 
-static void des_ede3_cfb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+static void des_ede3_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
 	{
+	des_cblock *deskey = (des_cblock *)key;
+
 	ctx->num=0;
 
 	if (iv != NULL)
 		memcpy(&(ctx->oiv[0]),iv,8);
 	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-	if (key != NULL)
+	if (deskey != NULL)
 		{
-		des_set_key((des_cblock *)key,ctx->c.des_ede.ks1);
-		des_set_key((des_cblock *)&(key[8]),ctx->c.des_ede.ks2);
-		des_set_key((des_cblock *)&(key[16]),ctx->c.des_ede.ks3);
+		des_set_key(&deskey[0],ctx->c.des_ede.ks1);
+		des_set_key(&deskey[1],ctx->c.des_ede.ks2);
+		des_set_key(&deskey[2],ctx->c.des_ede.ks3);
 		}
 	}
 
-static void des_ede_cfb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
+static void des_ede_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
 	{
-	des_ede3_cfb64_encrypt(
-		in,out,(long)inl,
-		ctx->c.des_ede.ks1,
-		ctx->c.des_ede.ks2,
-		ctx->c.des_ede.ks3,
-		(des_cblock *)&(ctx->iv[0]),
-		&ctx->num,ctx->encrypt);
+	des_ede3_cfb64_encrypt(in,out,(long)inl,
+			       ctx->c.des_ede.ks1,
+			       ctx->c.des_ede.ks2,
+			       ctx->c.des_ede.ks3,
+			       (des_cblock*)&(ctx->iv[0]),
+			       &ctx->num,ctx->encrypt);
 	}
+#endif
diff --git a/lib/libssl/src/crypto/evp/e_cfb_bf.c b/lib/libssl/src/crypto/evp/e_cfb_bf.c
index 8aba2564b80..63e1e624ea2 100644
--- a/lib/libssl/src/crypto/evp/e_cfb_bf.c
+++ b/lib/libssl/src/crypto/evp/e_cfb_bf.c
@@ -56,23 +56,16 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_BLOWFISH
-
+#ifndef NO_BF
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
 
-#ifndef NOPROTO
 static void bf_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
 	unsigned char *iv,int enc);
 static void bf_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	unsigned char *in, unsigned int inl);
-#else
-static void bf_cfb_init_key();
-static void bf_cfb_cipher();
-#endif
-
 static EVP_CIPHER bfish_cfb_cipher=
 	{
 	NID_bf_cfb64,
@@ -86,16 +79,13 @@ static EVP_CIPHER bfish_cfb_cipher=
 	EVP_CIPHER_get_asn1_iv,
 	};
 
-EVP_CIPHER *EVP_bf_cfb()
+EVP_CIPHER *EVP_bf_cfb(void)
 	{
 	return(&bfish_cfb_cipher);
 	}
 	
-static void bf_cfb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+static void bf_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
 	{
 	ctx->num=0;
 
@@ -106,11 +96,8 @@ int enc;
 		BF_set_key(&(ctx->c.bf_ks),EVP_BLOWFISH_KEY_SIZE,key);
 	}
 
-static void bf_cfb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
+static void bf_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
 	{
 	BF_cfb64_encrypt(
 		in,out,
diff --git a/lib/libssl/src/crypto/evp/e_cfb_c.c b/lib/libssl/src/crypto/evp/e_cfb_c.c
index 936df55fd8e..f04bac034b3 100644
--- a/lib/libssl/src/crypto/evp/e_cfb_c.c
+++ b/lib/libssl/src/crypto/evp/e_cfb_c.c
@@ -60,19 +60,13 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
 
-#ifndef NOPROTO
 static void cast_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
 	unsigned char *iv,int enc);
 static void cast_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	unsigned char *in, unsigned int inl);
-#else
-static void cast_cfb_init_key();
-static void cast_cfb_cipher();
-#endif
-
 static EVP_CIPHER cast5_cfb_cipher=
 	{
 	NID_cast5_cfb64,
@@ -86,16 +80,13 @@ static EVP_CIPHER cast5_cfb_cipher=
 	EVP_CIPHER_get_asn1_iv,
 	};
 
-EVP_CIPHER *EVP_cast5_cfb()
+EVP_CIPHER *EVP_cast5_cfb(void)
 	{
 	return(&cast5_cfb_cipher);
 	}
 	
-static void cast_cfb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+static void cast_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
 	{
 	ctx->num=0;
 
@@ -106,11 +97,8 @@ int enc;
 		CAST_set_key(&(ctx->c.cast_ks),EVP_CAST5_KEY_SIZE,key);
 	}
 
-static void cast_cfb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
+static void cast_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
 	{
 	CAST_cfb64_encrypt(
 		in,out,
diff --git a/lib/libssl/src/crypto/evp/e_cfb_d.c b/lib/libssl/src/crypto/evp/e_cfb_d.c
index 9ae4558f51a..6bdf20b6460 100644
--- a/lib/libssl/src/crypto/evp/e_cfb_d.c
+++ b/lib/libssl/src/crypto/evp/e_cfb_d.c
@@ -58,19 +58,14 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
 
-#ifndef NOPROTO
+#ifndef NO_DES
 static void des_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
 	unsigned char *iv,int enc);
 static void des_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	unsigned char *in, unsigned int inl);
-#else
-static void des_cfb_init_key();
-static void des_cfb_cipher();
-#endif
-
 static EVP_CIPHER d_cfb_cipher=
 	{
 	NID_des_cfb64,
@@ -84,31 +79,27 @@ static EVP_CIPHER d_cfb_cipher=
 	EVP_CIPHER_get_asn1_iv,
 	};
 
-EVP_CIPHER *EVP_des_cfb()
+EVP_CIPHER *EVP_des_cfb(void)
 	{
 	return(&d_cfb_cipher);
 	}
 	
-static void des_cfb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+static void des_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
 	{
+	des_cblock *deskey = (des_cblock *)key;
+
 	ctx->num=0;
 
 	if (iv != NULL)
 		memcpy(&(ctx->oiv[0]),iv,8);
 	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-	if (key != NULL)
-		des_set_key((des_cblock *)key,ctx->c.des_ks);
+	if (deskey != NULL)
+		des_set_key(deskey,ctx->c.des_ks);
 	}
 
-static void des_cfb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
+static void des_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
 	{
 	des_cfb64_encrypt(
 		in,out,
@@ -116,3 +107,4 @@ unsigned int inl;
 		(des_cblock *)&(ctx->iv[0]),
 		&ctx->num,ctx->encrypt);
 	}
+#endif
diff --git a/lib/libssl/src/crypto/evp/e_cfb_i.c b/lib/libssl/src/crypto/evp/e_cfb_i.c
index 9225efaa866..31c76c6dac0 100644
--- a/lib/libssl/src/crypto/evp/e_cfb_i.c
+++ b/lib/libssl/src/crypto/evp/e_cfb_i.c
@@ -60,19 +60,13 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
 
-#ifndef NOPROTO
 static void idea_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
 	unsigned char *iv,int enc);
 static void idea_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	unsigned char *in, unsigned int inl);
-#else
-static void idea_cfb_init_key();
-static void idea_cfb_cipher();
-#endif
-
 static EVP_CIPHER i_cfb_cipher=
 	{
 	NID_idea_cfb64,
@@ -86,16 +80,13 @@ static EVP_CIPHER i_cfb_cipher=
 	EVP_CIPHER_get_asn1_iv,
 	};
 
-EVP_CIPHER *EVP_idea_cfb()
+EVP_CIPHER *EVP_idea_cfb(void)
 	{
 	return(&i_cfb_cipher);
 	}
 
-static void idea_cfb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+static void idea_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
 	{
 	ctx->num=0;
 
@@ -106,11 +97,8 @@ int enc;
 		idea_set_encrypt_key(key,&(ctx->c.idea_ks));
 	}
 
-static void idea_cfb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
+static void idea_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
 	{
 	idea_cfb64_encrypt(
 		in,out,(long)inl,
diff --git a/lib/libssl/src/crypto/evp/e_cfb_r2.c b/lib/libssl/src/crypto/evp/e_cfb_r2.c
index af5a39d1f4a..32dd77eb7cc 100644
--- a/lib/libssl/src/crypto/evp/e_cfb_r2.c
+++ b/lib/libssl/src/crypto/evp/e_cfb_r2.c
@@ -60,19 +60,13 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
 
-#ifndef NOPROTO
 static void rc2_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
 	unsigned char *iv,int enc);
 static void rc2_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	unsigned char *in, unsigned int inl);
-#else
-static void rc2_cfb_init_key();
-static void rc2_cfb_cipher();
-#endif
-
 static EVP_CIPHER r2_cfb_cipher=
 	{
 	NID_rc2_cfb64,
@@ -86,16 +80,13 @@ static EVP_CIPHER r2_cfb_cipher=
 	EVP_CIPHER_get_asn1_iv,
 	};
 
-EVP_CIPHER *EVP_rc2_cfb()
+EVP_CIPHER *EVP_rc2_cfb(void)
 	{
 	return(&r2_cfb_cipher);
 	}
 	
-static void rc2_cfb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+static void rc2_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
 	{
 	ctx->num=0;
 
@@ -103,15 +94,12 @@ int enc;
 		memcpy(&(ctx->oiv[0]),iv,8);
 	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
 	if (key != NULL)
-		RC2_set_key(&(ctx->c.rc2_ks),EVP_RC2_KEY_SIZE,key,
-			EVP_RC2_KEY_SIZE*8);
+		RC2_set_key(&(ctx->c.rc2_ks),EVP_CIPHER_CTX_key_length(ctx),
+			key,EVP_CIPHER_CTX_key_length(ctx)*8);
 	}
 
-static void rc2_cfb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
+static void rc2_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
 	{
 	RC2_cfb64_encrypt(
 		in,out,
diff --git a/lib/libssl/src/crypto/evp/e_cfb_r5.c b/lib/libssl/src/crypto/evp/e_cfb_r5.c
index a2fddaedc0d..8e797289467 100644
--- a/lib/libssl/src/crypto/evp/e_cfb_r5.c
+++ b/lib/libssl/src/crypto/evp/e_cfb_r5.c
@@ -60,19 +60,13 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
 
-#ifndef NOPROTO
 static void rc5_32_12_16_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
 	unsigned char *iv,int enc);
 static void rc5_32_12_16_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	unsigned char *in, unsigned int inl);
-#else
-static void rc5_32_12_16_cfb_init_key();
-static void rc5_32_12_16_cfb_cipher();
-#endif
-
 static EVP_CIPHER rc5_cfb_cipher=
 	{
 	NID_rc5_cfb64,
@@ -86,16 +80,13 @@ static EVP_CIPHER rc5_cfb_cipher=
 	EVP_CIPHER_get_asn1_iv,
 	};
 
-EVP_CIPHER *EVP_rc5_32_12_16_cfb()
+EVP_CIPHER *EVP_rc5_32_12_16_cfb(void)
 	{
 	return(&rc5_cfb_cipher);
 	}
 	
-static void rc5_32_12_16_cfb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+static void rc5_32_12_16_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
 	{
 	ctx->num=0;
 
@@ -107,11 +98,8 @@ int enc;
 			RC5_12_ROUNDS);
 	}
 
-static void rc5_32_12_16_cfb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
+static void rc5_32_12_16_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
 	{
 	RC5_32_cfb64_encrypt(
 		in,out,
diff --git a/lib/libssl/src/crypto/evp/e_dsa.c b/lib/libssl/src/crypto/evp/e_dsa.c
index 6715c3e95e8..b96f2738b3e 100644
--- a/lib/libssl/src/crypto/evp/e_dsa.c
+++ b/lib/libssl/src/crypto/evp/e_dsa.c
@@ -58,9 +58,9 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
 static EVP_PKEY_METHOD dss_method=
 	{
diff --git a/lib/libssl/src/crypto/evp/e_ecb_3d.c b/lib/libssl/src/crypto/evp/e_ecb_3d.c
index 908fc0760a7..354a8b79a79 100644
--- a/lib/libssl/src/crypto/evp/e_ecb_3d.c
+++ b/lib/libssl/src/crypto/evp/e_ecb_3d.c
@@ -56,24 +56,18 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_DES
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
 
-#ifndef NOPROTO
 static void des_ede_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
 	unsigned char *iv,int enc);
 static void des_ede3_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
 	unsigned char *iv,int enc);
 static void des_ede_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	unsigned char *in, unsigned int inl);
-#else
-static void des_ede_init_key();
-static void des_ede3_init_key();
-static void des_ede_cipher();
-#endif
-
 static EVP_CIPHER d_ede_cipher2=
 	{
 	NID_des_ede,
@@ -99,63 +93,66 @@ static EVP_CIPHER d_ede3_cipher3=
 	NULL,
 	};
 
-EVP_CIPHER *EVP_des_ede()
+EVP_CIPHER *EVP_des_ede(void)
 	{
 	return(&d_ede_cipher2);
 	}
 
-EVP_CIPHER *EVP_des_ede3()
+EVP_CIPHER *EVP_des_ede3(void)
 	{
 	return(&d_ede3_cipher3);
 	}
 
-static void des_ede_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+static void des_ede_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
 	{
-	if (key != NULL)
+	des_cblock *deskey = (des_cblock *)key;
+
+	if (deskey != NULL)
 		{
-		des_set_key((des_cblock *)key,ctx->c.des_ede.ks1);
-		des_set_key((des_cblock *)&(key[8]),ctx->c.des_ede.ks2);
+		des_set_key(&deskey[0],ctx->c.des_ede.ks1);
+		des_set_key(&deskey[1],ctx->c.des_ede.ks2);
 		memcpy( (char *)ctx->c.des_ede.ks3,
 			(char *)ctx->c.des_ede.ks1,
 			sizeof(ctx->c.des_ede.ks1));
 		}
 	}
 
-static void des_ede3_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+static void des_ede3_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
 	{
-	if (key != NULL)
+	des_cblock *deskey = (des_cblock *)key;
+
+	if (deskey != NULL)
 		{
-		des_set_key((des_cblock *)key,ctx->c.des_ede.ks1);
-		des_set_key((des_cblock *)&(key[8]),ctx->c.des_ede.ks2);
-		des_set_key((des_cblock *)&(key[16]),ctx->c.des_ede.ks3);
+		des_set_key(&deskey[0],ctx->c.des_ede.ks1);
+		des_set_key(&deskey[1],ctx->c.des_ede.ks2);
+		des_set_key(&deskey[2],ctx->c.des_ede.ks3);
 		}
 	}
 
-static void des_ede_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
+static void des_ede_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
 	{
 	unsigned int i;
+	des_cblock *output   /* = (des_cblock *)out */;
+	des_cblock *input    /* = (des_cblock *)in */;
 
 	if (inl < 8) return;
 	inl-=8;
 	for (i=0; i<=inl; i+=8)
 		{
-		des_ecb3_encrypt(
-			(des_cblock *)&(in[i]),(des_cblock *)&(out[i]),
+		output = (des_cblock *)(out + i);
+		input = (des_cblock *)(in + i);
+
+		des_ecb3_encrypt(input,output,
 			ctx->c.des_ede.ks1,
 			ctx->c.des_ede.ks2,
 			ctx->c.des_ede.ks3,
 			ctx->encrypt);
+
+		/* output++; */
+		/* input++; */
 		}
 	}
+#endif
diff --git a/lib/libssl/src/crypto/evp/e_ecb_bf.c b/lib/libssl/src/crypto/evp/e_ecb_bf.c
index 142a9d31234..334736d253b 100644
--- a/lib/libssl/src/crypto/evp/e_ecb_bf.c
+++ b/lib/libssl/src/crypto/evp/e_ecb_bf.c
@@ -56,23 +56,16 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_BLOWFISH
-
+#ifndef NO_BF
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
 
-#ifndef NOPROTO
 static void bf_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
 	unsigned char *iv,int enc);
 static void bf_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	unsigned char *in, unsigned int inl);
-#else
-static void bf_ecb_init_key();
-static void bf_ecb_cipher();
-#endif
-
 static EVP_CIPHER bfish_ecb_cipher=
 	{
 	NID_bf_ecb,
@@ -86,26 +79,20 @@ static EVP_CIPHER bfish_ecb_cipher=
 	NULL,
 	};
 
-EVP_CIPHER *EVP_bf_ecb()
+EVP_CIPHER *EVP_bf_ecb(void)
 	{
 	return(&bfish_ecb_cipher);
 	}
 	
-static void bf_ecb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+static void bf_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
 	{
 	if (key != NULL)
 		BF_set_key(&(ctx->c.bf_ks),EVP_BLOWFISH_KEY_SIZE,key);
 	}
 
-static void bf_ecb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
+static void bf_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
 	{
 	unsigned int i;
 
diff --git a/lib/libssl/src/crypto/evp/e_ecb_c.c b/lib/libssl/src/crypto/evp/e_ecb_c.c
index 34e0c18296a..ad14e203cbc 100644
--- a/lib/libssl/src/crypto/evp/e_ecb_c.c
+++ b/lib/libssl/src/crypto/evp/e_ecb_c.c
@@ -60,19 +60,13 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
 
-#ifndef NOPROTO
 static void cast_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
 	unsigned char *iv,int enc);
 static void cast_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	unsigned char *in, unsigned int inl);
-#else
-static void cast_ecb_init_key();
-static void cast_ecb_cipher();
-#endif
-
 static EVP_CIPHER cast5_ecb_cipher=
 	{
 	NID_cast5_ecb,
@@ -86,26 +80,20 @@ static EVP_CIPHER cast5_ecb_cipher=
 	NULL,
 	};
 
-EVP_CIPHER *EVP_cast5_ecb()
+EVP_CIPHER *EVP_cast5_ecb(void)
 	{
 	return(&cast5_ecb_cipher);
 	}
 	
-static void cast_ecb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+static void cast_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
 	{
 	if (key != NULL)
 		CAST_set_key(&(ctx->c.cast_ks),EVP_CAST5_KEY_SIZE,key);
 	}
 
-static void cast_ecb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
+static void cast_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
 	{
 	unsigned int i;
 
diff --git a/lib/libssl/src/crypto/evp/e_ecb_d.c b/lib/libssl/src/crypto/evp/e_ecb_d.c
index 7a409d64595..5fb4e64b1ca 100644
--- a/lib/libssl/src/crypto/evp/e_ecb_d.c
+++ b/lib/libssl/src/crypto/evp/e_ecb_d.c
@@ -56,21 +56,16 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_DES
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
 
-#ifndef NOPROTO
 static void des_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
 	unsigned char *iv,int enc);
 static void des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	unsigned char *in, unsigned int inl);
-#else
-static void des_ecb_init_key();
-static void des_ecb_cipher();
-#endif
-
 static EVP_CIPHER d_ecb_cipher=
 	{
 	NID_des_ecb,
@@ -84,35 +79,40 @@ static EVP_CIPHER d_ecb_cipher=
 	NULL,
 	};
 
-EVP_CIPHER *EVP_des_ecb()
+EVP_CIPHER *EVP_des_ecb(void)
 	{
 	return(&d_ecb_cipher);
 	}
 	
-static void des_ecb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+static void des_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
 	{
-	if (key != NULL)
-		des_set_key((des_cblock *)key,ctx->c.des_ks);
+	des_cblock *deskey = (des_cblock *)key;
+
+	if (deskey != NULL)
+		des_set_key(deskey,ctx->c.des_ks);
 	}
 
-static void des_ecb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
+static void des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
 	{
 	unsigned int i;
+	des_cblock *output  /* = (des_cblock *)out */;
+	des_cblock *input   /* = (des_cblock *)in */; 
 
 	if (inl < 8) return;
 	inl-=8;
 	for (i=0; i<=inl; i+=8)
 		{
-		des_ecb_encrypt(
-			(des_cblock *)&(in[i]),(des_cblock *)&(out[i]),
-			ctx->c.des_ks,ctx->encrypt);
+		/* Either this ... */
+		output = (des_cblock *)(out + i);
+		input = (des_cblock *)(in + i);
+
+		des_ecb_encrypt(input,output,ctx->c.des_ks,ctx->encrypt);
+
+		/* ... or this. */
+		/* output++; */
+		/* input++; */
 		}
 	}
+#endif
diff --git a/lib/libssl/src/crypto/evp/e_ecb_i.c b/lib/libssl/src/crypto/evp/e_ecb_i.c
index e24022a12c1..50a3da1bbaa 100644
--- a/lib/libssl/src/crypto/evp/e_ecb_i.c
+++ b/lib/libssl/src/crypto/evp/e_ecb_i.c
@@ -60,19 +60,13 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
 
-#ifndef NOPROTO
 static void idea_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
 	unsigned char *iv,int enc);
 static void idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	unsigned char *in, unsigned int inl);
-#else
-static void idea_ecb_init_key();
-static void idea_ecb_cipher();
-#endif
-
 static EVP_CIPHER i_ecb_cipher=
 	{
 	NID_idea_ecb,
@@ -86,16 +80,13 @@ static EVP_CIPHER i_ecb_cipher=
 	NULL,
 	};
 
-EVP_CIPHER *EVP_idea_ecb()
+EVP_CIPHER *EVP_idea_ecb(void)
 	{
 	return(&i_ecb_cipher);
 	}
 	
-static void idea_ecb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+static void idea_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
 	{
 	if (key != NULL)
 		{
@@ -113,11 +104,8 @@ int enc;
 		}
 	}
 
-static void idea_ecb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
+static void idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
 	{
 	unsigned int i;
 
diff --git a/lib/libssl/src/crypto/evp/e_ecb_r2.c b/lib/libssl/src/crypto/evp/e_ecb_r2.c
index e35b06dc6d7..3c2330130d3 100644
--- a/lib/libssl/src/crypto/evp/e_ecb_r2.c
+++ b/lib/libssl/src/crypto/evp/e_ecb_r2.c
@@ -60,19 +60,13 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
 
-#ifndef NOPROTO
 static void rc2_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
 	unsigned char *iv,int enc);
 static void rc2_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	unsigned char *in, unsigned int inl);
-#else
-static void rc2_ecb_init_key();
-static void rc2_ecb_cipher();
-#endif
-
 static EVP_CIPHER r2_ecb_cipher=
 	{
 	NID_rc2_ecb,
@@ -86,27 +80,21 @@ static EVP_CIPHER r2_ecb_cipher=
 	NULL,
 	};
 
-EVP_CIPHER *EVP_rc2_ecb()
+EVP_CIPHER *EVP_rc2_ecb(void)
 	{
 	return(&r2_ecb_cipher);
 	}
 	
-static void rc2_ecb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+static void rc2_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
 	{
 	if (key != NULL)
-		RC2_set_key(&(ctx->c.rc2_ks),EVP_RC2_KEY_SIZE,key,
-			EVP_RC2_KEY_SIZE*8);
+		RC2_set_key(&(ctx->c.rc2_ks),EVP_CIPHER_CTX_key_length(ctx),
+			key,EVP_CIPHER_CTX_key_length(ctx)*8);
 	}
 
-static void rc2_ecb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
+static void rc2_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
 	{
 	unsigned int i;
 
diff --git a/lib/libssl/src/crypto/evp/e_ecb_r5.c b/lib/libssl/src/crypto/evp/e_ecb_r5.c
index 08f4a826512..ef43ce34bf9 100644
--- a/lib/libssl/src/crypto/evp/e_ecb_r5.c
+++ b/lib/libssl/src/crypto/evp/e_ecb_r5.c
@@ -60,19 +60,13 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
 
-#ifndef NOPROTO
 static void rc5_32_12_16_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
 	unsigned char *iv,int enc);
 static void rc5_32_12_16_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	unsigned char *in, unsigned int inl);
-#else
-static void rc5_32_12_16_ecb_init_key();
-static void rc5_32_12_16_ecb_cipher();
-#endif
-
 static EVP_CIPHER rc5_ecb_cipher=
 	{
 	NID_rc5_ecb,
@@ -86,27 +80,21 @@ static EVP_CIPHER rc5_ecb_cipher=
 	NULL,
 	};
 
-EVP_CIPHER *EVP_rc5_32_12_16_ecb()
+EVP_CIPHER *EVP_rc5_32_12_16_ecb(void)
 	{
 	return(&rc5_ecb_cipher);
 	}
 	
-static void rc5_32_12_16_ecb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+static void rc5_32_12_16_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
 	{
 	if (key != NULL)
 		RC5_32_set_key(&(ctx->c.rc5_ks),EVP_RC5_32_12_16_KEY_SIZE,key,
 			RC5_12_ROUNDS);
 	}
 
-static void rc5_32_12_16_ecb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
+static void rc5_32_12_16_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
 	{
 	unsigned int i;
 
diff --git a/lib/libssl/src/crypto/evp/e_null.c b/lib/libssl/src/crypto/evp/e_null.c
index e4e7ca76066..0a62c10aa93 100644
--- a/lib/libssl/src/crypto/evp/e_null.c
+++ b/lib/libssl/src/crypto/evp/e_null.c
@@ -58,19 +58,13 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
 
-#ifndef NOPROTO
 static void null_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
 	unsigned char *iv,int enc);
 static void null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	unsigned char *in, unsigned int inl);
-#else
-static void null_init_key();
-static void null_cipher();
-#endif
-
 static EVP_CIPHER n_cipher=
 	{
 	NID_undef,
@@ -83,25 +77,19 @@ static EVP_CIPHER n_cipher=
 	NULL,
 	};
 
-EVP_CIPHER *EVP_enc_null()
+EVP_CIPHER *EVP_enc_null(void)
 	{
 	return(&n_cipher);
 	}
 
-static void null_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+static void null_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
 	{
 	memset(&(ctx->c),0,sizeof(ctx->c));
 	}
 
-static void null_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
+static void null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
 	{
 	if (in != out)
 		memcpy((char *)out,(char *)in,(int)inl);
diff --git a/lib/libssl/src/crypto/evp/e_ofb_3d.c b/lib/libssl/src/crypto/evp/e_ofb_3d.c
index c3add18e936..5233567c0cc 100644
--- a/lib/libssl/src/crypto/evp/e_ofb_3d.c
+++ b/lib/libssl/src/crypto/evp/e_ofb_3d.c
@@ -56,24 +56,18 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_DES
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
 
-#ifndef NOPROTO
 static void des_ede_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
 	unsigned char *iv,int enc);
 static void des_ede3_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
 	unsigned char *iv,int enc);
 static void des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	unsigned char *in, unsigned int inl);
-#else
-static void des_ede_ofb_init_key();
-static void des_ede3_ofb_init_key();
-static void des_ede_ofb_cipher();
-#endif
-
 static EVP_CIPHER d_ede_ofb_cipher2=
 	{
 	NID_des_ede_ofb64,
@@ -100,66 +94,59 @@ static EVP_CIPHER d_ede3_ofb_cipher3=
         EVP_CIPHER_get_asn1_iv,
 	};
 
-EVP_CIPHER *EVP_des_ede_ofb()
+EVP_CIPHER *EVP_des_ede_ofb(void)
 	{
 	return(&d_ede_ofb_cipher2);
 	}
 
-EVP_CIPHER *EVP_des_ede3_ofb()
+EVP_CIPHER *EVP_des_ede3_ofb(void)
 	{
 	return(&d_ede3_ofb_cipher3);
 	}
 	
-static void des_ede_ofb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+static void des_ede_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
 	{
+	des_cblock *deskey = (des_cblock *)key;
+
 	ctx->num=0;
 
 	if (iv != NULL)
 		memcpy(&(ctx->oiv[0]),iv,8);
 	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-	if (key != NULL)
+	if (deskey != NULL)
 		{
-		des_set_key((des_cblock *)key,ctx->c.des_ede.ks1);
-		des_set_key((des_cblock *)&(key[8]),ctx->c.des_ede.ks2);
+		des_set_key(&deskey[0],ctx->c.des_ede.ks1);
+		des_set_key(&deskey[1],ctx->c.des_ede.ks2);
 		memcpy( (char *)ctx->c.des_ede.ks3,
 			(char *)ctx->c.des_ede.ks1,
 			sizeof(ctx->c.des_ede.ks1));
 		}
 	}
 
-static void des_ede3_ofb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+static void des_ede3_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
 	{
+	des_cblock *deskey = (des_cblock *)key;
+
 	ctx->num=0;
 
 	if (iv != NULL)
 		memcpy(&(ctx->oiv[0]),iv,8);
 	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-	if (key != NULL)
+	if (deskey != NULL)
 		{
-		des_set_key((des_cblock *)key,ctx->c.des_ede.ks1);
-		des_set_key((des_cblock *)&(key[8]),ctx->c.des_ede.ks2);
-		des_set_key((des_cblock *)&(key[16]),ctx->c.des_ede.ks3);
+		des_set_key(&deskey[0],ctx->c.des_ede.ks1);
+		des_set_key(&deskey[1],ctx->c.des_ede.ks2);
+		des_set_key(&deskey[2],ctx->c.des_ede.ks3);
 		}
 	}
 
-static void des_ede_ofb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
+static void des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
 	{
-	des_ede3_ofb64_encrypt(
-		in,out,
-		(long)inl,
-		ctx->c.des_ede.ks1, ctx->c.des_ede.ks2, ctx->c.des_ede.ks3,
-		(des_cblock *)&(ctx->iv[0]),
-		&ctx->num);
+	des_ede3_ofb64_encrypt(in,out,inl,ctx->c.des_ede.ks1,
+			       ctx->c.des_ede.ks2, ctx->c.des_ede.ks3,
+			       (des_cblock *)&(ctx->iv[0]),&ctx->num);
 	}
+#endif
diff --git a/lib/libssl/src/crypto/evp/e_ofb_bf.c b/lib/libssl/src/crypto/evp/e_ofb_bf.c
index 492f9b90824..c82154b5490 100644
--- a/lib/libssl/src/crypto/evp/e_ofb_bf.c
+++ b/lib/libssl/src/crypto/evp/e_ofb_bf.c
@@ -56,23 +56,16 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_BLOWFISH
-
+#ifndef NO_BF
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
 
-#ifndef NOPROTO
 static void bf_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
 	unsigned char *iv,int enc);
 static void bf_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	unsigned char *in, unsigned int inl);
-#else
-static void bf_ofb_init_key();
-static void bf_ofb_cipher();
-#endif
-
 static EVP_CIPHER bfish_ofb_cipher=
 	{
 	NID_bf_ofb64,
@@ -86,16 +79,13 @@ static EVP_CIPHER bfish_ofb_cipher=
 	EVP_CIPHER_get_asn1_iv,
 	};
 
-EVP_CIPHER *EVP_bf_ofb()
+EVP_CIPHER *EVP_bf_ofb(void)
 	{
 	return(&bfish_ofb_cipher);
 	}
 	
-static void bf_ofb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+static void bf_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
 	{
 	ctx->num=0;
 
@@ -106,11 +96,8 @@ int enc;
 		BF_set_key(&(ctx->c.bf_ks),EVP_BLOWFISH_KEY_SIZE,key);
 	}
 
-static void bf_ofb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
+static void bf_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
 	{
 	BF_ofb64_encrypt(
 		in,out,
diff --git a/lib/libssl/src/crypto/evp/e_ofb_c.c b/lib/libssl/src/crypto/evp/e_ofb_c.c
index f1eef4469c3..971043de4c4 100644
--- a/lib/libssl/src/crypto/evp/e_ofb_c.c
+++ b/lib/libssl/src/crypto/evp/e_ofb_c.c
@@ -60,19 +60,13 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
 
-#ifndef NOPROTO
 static void cast_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
 	unsigned char *iv,int enc);
 static void cast_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	unsigned char *in, unsigned int inl);
-#else
-static void cast_ofb_init_key();
-static void cast_ofb_cipher();
-#endif
-
 static EVP_CIPHER cast5_ofb_cipher=
 	{
 	NID_cast5_ofb64,
@@ -86,16 +80,13 @@ static EVP_CIPHER cast5_ofb_cipher=
 	EVP_CIPHER_get_asn1_iv,
 	};
 
-EVP_CIPHER *EVP_cast5_ofb()
+EVP_CIPHER *EVP_cast5_ofb(void)
 	{
 	return(&cast5_ofb_cipher);
 	}
 	
-static void cast_ofb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+static void cast_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
 	{
 	ctx->num=0;
 
@@ -106,11 +97,8 @@ int enc;
 		CAST_set_key(&(ctx->c.cast_ks),EVP_CAST5_KEY_SIZE,key);
 	}
 
-static void cast_ofb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
+static void cast_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
 	{
 	CAST_ofb64_encrypt(
 		in,out,
diff --git a/lib/libssl/src/crypto/evp/e_ofb_d.c b/lib/libssl/src/crypto/evp/e_ofb_d.c
index 09d4b4139d4..398b3a002ea 100644
--- a/lib/libssl/src/crypto/evp/e_ofb_d.c
+++ b/lib/libssl/src/crypto/evp/e_ofb_d.c
@@ -56,21 +56,16 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_DES
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
 
-#ifndef NOPROTO
 static void des_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
 	unsigned char *iv,int enc);
 static void des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	unsigned char *in, unsigned int inl);
-#else
-static void des_ofb_init_key();
-static void des_ofb_cipher();
-#endif
-
 static EVP_CIPHER d_ofb_cipher=
 	{
 	NID_des_ofb64,
@@ -84,35 +79,29 @@ static EVP_CIPHER d_ofb_cipher=
 	EVP_CIPHER_get_asn1_iv,
 	};
 
-EVP_CIPHER *EVP_des_ofb()
+EVP_CIPHER *EVP_des_ofb(void)
 	{
 	return(&d_ofb_cipher);
 	}
 	
-static void des_ofb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+static void des_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
 	{
+	des_cblock *deskey = (des_cblock *)key;
+
 	ctx->num=0;
 
 	if (iv != NULL)
 		memcpy(&(ctx->oiv[0]),iv,8);
 	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-	if (key != NULL)
-		des_set_key((des_cblock *)key,ctx->c.des_ks);
+	if (deskey != NULL)
+		des_set_key(deskey,ctx->c.des_ks);
 	}
 
-static void des_ofb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
+static void des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
 	{
-	des_ofb64_encrypt(
-		in,out,
-		(long)inl, ctx->c.des_ks,
-		(des_cblock *)&(ctx->iv[0]),
-		&ctx->num);
+	des_ofb64_encrypt(in,out,inl,ctx->c.des_ks,
+		(des_cblock *)&(ctx->iv[0]),&ctx->num);
 	}
+#endif
diff --git a/lib/libssl/src/crypto/evp/e_ofb_i.c b/lib/libssl/src/crypto/evp/e_ofb_i.c
index 96c8afd9c87..389206ef361 100644
--- a/lib/libssl/src/crypto/evp/e_ofb_i.c
+++ b/lib/libssl/src/crypto/evp/e_ofb_i.c
@@ -60,19 +60,13 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
 
-#ifndef NOPROTO
 static void idea_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
 	unsigned char *iv,int enc);
 static void idea_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	unsigned char *in, unsigned int inl);
-#else
-static void idea_ofb_init_key();
-static void idea_ofb_cipher();
-#endif
-
 static EVP_CIPHER i_ofb_cipher=
 	{
 	NID_idea_ofb64,
@@ -86,16 +80,13 @@ static EVP_CIPHER i_ofb_cipher=
 	EVP_CIPHER_get_asn1_iv,
 	};
 
-EVP_CIPHER *EVP_idea_ofb()
+EVP_CIPHER *EVP_idea_ofb(void)
 	{
 	return(&i_ofb_cipher);
 	}
 	
-static void idea_ofb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+static void idea_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
 	{
 	ctx->num=0;
 
@@ -106,11 +97,8 @@ int enc;
 		idea_set_encrypt_key(key,&(ctx->c.idea_ks));
 	}
 
-static void idea_ofb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
+static void idea_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
 	{
 	idea_ofb64_encrypt(
 		in,out,(long)inl,
diff --git a/lib/libssl/src/crypto/evp/e_ofb_r2.c b/lib/libssl/src/crypto/evp/e_ofb_r2.c
index 0f6d7299883..60ae3d4507a 100644
--- a/lib/libssl/src/crypto/evp/e_ofb_r2.c
+++ b/lib/libssl/src/crypto/evp/e_ofb_r2.c
@@ -60,19 +60,13 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
 
-#ifndef NOPROTO
 static void rc2_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
 	unsigned char *iv,int enc);
 static void rc2_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	unsigned char *in, unsigned int inl);
-#else
-static void rc2_ofb_init_key();
-static void rc2_ofb_cipher();
-#endif
-
 static EVP_CIPHER r2_ofb_cipher=
 	{
 	NID_rc2_ofb64,
@@ -86,16 +80,13 @@ static EVP_CIPHER r2_ofb_cipher=
 	EVP_CIPHER_get_asn1_iv,
 	};
 
-EVP_CIPHER *EVP_rc2_ofb()
+EVP_CIPHER *EVP_rc2_ofb(void)
 	{
 	return(&r2_ofb_cipher);
 	}
 	
-static void rc2_ofb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+static void rc2_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
 	{
 	ctx->num=0;
 
@@ -103,15 +94,12 @@ int enc;
 		memcpy(&(ctx->oiv[0]),iv,8);
 	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
 	if (key != NULL)
-		RC2_set_key(&(ctx->c.rc2_ks),EVP_RC2_KEY_SIZE,key,
-			EVP_RC2_KEY_SIZE*8);
+		RC2_set_key(&(ctx->c.rc2_ks),EVP_CIPHER_CTX_key_length(ctx),
+			key,EVP_CIPHER_CTX_key_length(ctx)*8);
 	}
 
-static void rc2_ofb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
+static void rc2_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
 	{
 	RC2_ofb64_encrypt(
 		in,out,
diff --git a/lib/libssl/src/crypto/evp/e_ofb_r5.c b/lib/libssl/src/crypto/evp/e_ofb_r5.c
index db28d6c3174..30136824eb7 100644
--- a/lib/libssl/src/crypto/evp/e_ofb_r5.c
+++ b/lib/libssl/src/crypto/evp/e_ofb_r5.c
@@ -60,19 +60,13 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
 
-#ifndef NOPROTO
 static void rc5_32_12_16_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
 	unsigned char *iv,int enc);
 static void rc5_32_12_16_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	unsigned char *in, unsigned int inl);
-#else
-static void rc5_32_12_16_ofb_init_key();
-static void rc5_32_12_16_ofb_cipher();
-#endif
-
 static EVP_CIPHER rc5_ofb_cipher=
 	{
 	NID_rc5_ofb64,
@@ -86,16 +80,13 @@ static EVP_CIPHER rc5_ofb_cipher=
 	EVP_CIPHER_get_asn1_iv,
 	};
 
-EVP_CIPHER *EVP_rc5_32_12_16_ofb()
+EVP_CIPHER *EVP_rc5_32_12_16_ofb(void)
 	{
 	return(&rc5_ofb_cipher);
 	}
 	
-static void rc5_32_12_16_ofb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+static void rc5_32_12_16_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
 	{
 	ctx->num=0;
 
@@ -107,11 +98,8 @@ int enc;
 			RC5_12_ROUNDS);
 	}
 
-static void rc5_32_12_16_ofb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
+static void rc5_32_12_16_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
 	{
 	RC5_32_ofb64_encrypt(
 		in,out,
diff --git a/lib/libssl/src/crypto/evp/e_rc4.c b/lib/libssl/src/crypto/evp/e_rc4.c
index 7e9790a94ca..c7e58a75ccb 100644
--- a/lib/libssl/src/crypto/evp/e_rc4.c
+++ b/lib/libssl/src/crypto/evp/e_rc4.c
@@ -60,19 +60,13 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
 
-#ifndef NOPROTO
 static void rc4_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
 	unsigned char *iv,int enc);
 static void rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	unsigned char *in, unsigned int inl);
-#else
-static void rc4_init_key();
-static void rc4_cipher();
-#endif
-
 static EVP_CIPHER r4_cipher=
 	{
 	NID_rc4,
@@ -94,21 +88,18 @@ static EVP_CIPHER r4_40_cipher=
 	rc4_cipher,
 	};
 
-EVP_CIPHER *EVP_rc4()
+EVP_CIPHER *EVP_rc4(void)
 	{
 	return(&r4_cipher);
 	}
 
-EVP_CIPHER *EVP_rc4_40()
+EVP_CIPHER *EVP_rc4_40(void)
 	{
 	return(&r4_40_cipher);
 	}
 
-static void rc4_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+static void rc4_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
 	{
 	if (key != NULL)
 		memcpy(&(ctx->c.rc4.key[0]),key,EVP_CIPHER_CTX_key_length(ctx));
@@ -116,11 +107,8 @@ int enc;
 		ctx->c.rc4.key);
 	}
 
-static void rc4_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
+static void rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
 	{
 	RC4(&(ctx->c.rc4.ks),inl,in,out);
 	}
diff --git a/lib/libssl/src/crypto/evp/e_xcbc_d.c b/lib/libssl/src/crypto/evp/e_xcbc_d.c
index 0d7fda0c47f..3a6628a75c9 100644
--- a/lib/libssl/src/crypto/evp/e_xcbc_d.c
+++ b/lib/libssl/src/crypto/evp/e_xcbc_d.c
@@ -56,21 +56,16 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_DES
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
 
-#ifndef NOPROTO
 static void desx_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
 	unsigned char *iv,int enc);
 static void desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	unsigned char *in, unsigned int inl);
-#else
-static void desx_cbc_init_key();
-static void desx_cbc_cipher();
-#endif
-
 static EVP_CIPHER d_xcbc_cipher=
 	{
 	NID_desx_cbc,
@@ -84,39 +79,34 @@ static EVP_CIPHER d_xcbc_cipher=
 	EVP_CIPHER_get_asn1_iv,
 	};
 
-EVP_CIPHER *EVP_desx_cbc()
+EVP_CIPHER *EVP_desx_cbc(void)
 	{
 	return(&d_xcbc_cipher);
 	}
 	
-static void desx_cbc_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+static void desx_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+	     unsigned char *iv, int enc)
 	{
+	des_cblock *deskey = (des_cblock *)key;
+
 	if (iv != NULL)
 		memcpy(&(ctx->oiv[0]),iv,8);
 	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-	if (key != NULL)
+	if (deskey != NULL)
 		{
-		des_set_key((des_cblock *)key,ctx->c.desx_cbc.ks);
+		des_set_key(deskey,ctx->c.desx_cbc.ks);
 		memcpy(&(ctx->c.desx_cbc.inw[0]),&(key[8]),8);
 		memcpy(&(ctx->c.desx_cbc.outw[0]),&(key[16]),8);
 		}
 	}
 
-static void desx_cbc_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
+static void desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     unsigned char *in, unsigned int inl)
 	{
-	des_xcbc_encrypt(
-		(des_cblock *)in,(des_cblock *)out,
-		(long)inl, ctx->c.desx_cbc.ks,
+	des_xcbc_encrypt(in,out,inl,ctx->c.desx_cbc.ks,
 		(des_cblock *)&(ctx->iv[0]),
-		(des_cblock *)&(ctx->c.desx_cbc.inw[0]),
-		(des_cblock *)&(ctx->c.desx_cbc.outw[0]),
+		&ctx->c.desx_cbc.inw,
+		&ctx->c.desx_cbc.outw,
 		ctx->encrypt);
 	}
+#endif
diff --git a/lib/libssl/src/crypto/evp/encode.c b/lib/libssl/src/crypto/evp/encode.c
index 14d47c1eed5..0152624a769 100644
--- a/lib/libssl/src/crypto/evp/encode.c
+++ b/lib/libssl/src/crypto/evp/encode.c
@@ -58,10 +58,21 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
+#include <openssl/evp.h>
 
+#ifndef CHARSET_EBCDIC
 #define conv_bin2ascii(a)	(data_bin2ascii[(a)&0x3f])
 #define conv_ascii2bin(a)	(data_ascii2bin[(a)&0x7f])
+#else
+/* We assume that PEM encoded files are EBCDIC files
+ * (i.e., printable text files). Convert them here while decoding.
+ * When encoding, output is EBCDIC (text) format again.
+ * (No need for conversion in the conv_bin2ascii macro, as the
+ * underlying textstring data_bin2ascii[] is already EBCDIC)
+ */
+#define conv_bin2ascii(a)	(data_bin2ascii[(a)&0x3f])
+#define conv_ascii2bin(a)	(data_ascii2bin[os_toascii[a]&0x7f])
+#endif
 
 /* 64 char lines
  * pad input with 0
@@ -110,20 +121,15 @@ static unsigned char data_ascii2bin[128]={
 	0x31,0x32,0x33,0xFF,0xFF,0xFF,0xFF,0xFF,
 	};
 
-void EVP_EncodeInit(ctx)
-EVP_ENCODE_CTX *ctx;
+void EVP_EncodeInit(EVP_ENCODE_CTX *ctx)
 	{
 	ctx->length=48;
 	ctx->num=0;
 	ctx->line_num=0;
 	}
 
-void EVP_EncodeUpdate(ctx,out,outl,in,inl)
-EVP_ENCODE_CTX *ctx;
-unsigned char *out;
-int *outl;
-unsigned char *in;
-int inl;
+void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+	     unsigned char *in, int inl)
 	{
 	int i,j;
 	unsigned int total=0;
@@ -165,10 +171,7 @@ int inl;
 	*outl=total;
 	}
 
-void EVP_EncodeFinal(ctx,out,outl)
-EVP_ENCODE_CTX *ctx;
-unsigned char *out;
-int *outl;
+void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
 	{
 	unsigned int ret=0;
 
@@ -182,9 +185,7 @@ int *outl;
 	*outl=ret;
 	}
 
-int EVP_EncodeBlock(t,f,dlen)
-unsigned char *t,*f;
-int dlen;
+int EVP_EncodeBlock(unsigned char *t, unsigned char *f, int dlen)
 	{
 	int i,ret=0;
 	unsigned long l;
@@ -218,8 +219,7 @@ int dlen;
 	return(ret);
 	}
 
-void EVP_DecodeInit(ctx)
-EVP_ENCODE_CTX *ctx;
+void EVP_DecodeInit(EVP_ENCODE_CTX *ctx)
 	{
 	ctx->length=30;
 	ctx->num=0;
@@ -231,12 +231,8 @@ EVP_ENCODE_CTX *ctx;
  *  0 for last line
  *  1 for full line
  */
-int EVP_DecodeUpdate(ctx,out,outl,in,inl)
-EVP_ENCODE_CTX *ctx;
-unsigned char *out;
-int *outl;
-unsigned char *in;
-int inl;
+int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+	     unsigned char *in, int inl)
 	{
 	int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,tmp2,exp_nl;
 	unsigned char *d;
@@ -341,9 +337,7 @@ end:
 	return(rv);
 	}
 
-int EVP_DecodeBlock(t,f,n)
-unsigned char *t,*f;
-int n;
+int EVP_DecodeBlock(unsigned char *t, unsigned char *f, int n)
 	{
 	int i,ret=0,a,b,c,d;
 	unsigned long l;
@@ -383,10 +377,7 @@ int n;
 	return(ret);
 	}
 
-int EVP_DecodeFinal(ctx,out,outl)
-EVP_ENCODE_CTX *ctx;
-unsigned char *out;
-int *outl;
+int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
 	{
 	int i;
 
@@ -404,9 +395,7 @@ int *outl;
 	}
 
 #ifdef undef
-int EVP_DecodeValid(buf,len)
-unsigned char *buf;
-int len;
+int EVP_DecodeValid(unsigned char *buf, int len)
 	{
 	int i,num=0,bad=0;
 
diff --git a/lib/libssl/src/crypto/evp/evp.err b/lib/libssl/src/crypto/evp/evp.err
deleted file mode 100644
index cfc17437bc8..00000000000
--- a/lib/libssl/src/crypto/evp/evp.err
+++ /dev/null
@@ -1,24 +0,0 @@
-/* Error codes for the EVP functions. */
-
-/* Function codes. */
-#define EVP_F_D2I_PKEY					 100
-#define EVP_F_EVP_DECRYPTFINAL				 101
-#define EVP_F_EVP_OPENINIT				 102
-#define EVP_F_EVP_PKEY_COPY_PARAMETERS			 103
-#define EVP_F_EVP_PKEY_DECRYPT				 104
-#define EVP_F_EVP_PKEY_ENCRYPT				 105
-#define EVP_F_EVP_PKEY_NEW				 106
-#define EVP_F_EVP_SIGNFINAL				 107
-#define EVP_F_EVP_VERIFYFINAL				 108
-
-/* Reason codes. */
-#define EVP_R_BAD_DECRYPT				 100
-#define EVP_R_DIFFERENT_KEY_TYPES			 101
-#define EVP_R_IV_TOO_LARGE				 102
-#define EVP_R_MISSING_PARMATERS				 103
-#define EVP_R_NO_SIGN_FUNCTION_CONFIGURED		 104
-#define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED		 105
-#define EVP_R_PUBLIC_KEY_NOT_RSA			 106
-#define EVP_R_UNSUPPORTED_CIPHER			 107
-#define EVP_R_WRONG_FINAL_BLOCK_LENGTH			 108
-#define EVP_R_WRONG_PUBLIC_KEY_TYPE			 109
diff --git a/lib/libssl/src/crypto/evp/evp.h b/lib/libssl/src/crypto/evp/evp.h
index b39fad93a4e..570fe27d39b 100644
--- a/lib/libssl/src/crypto/evp/evp.h
+++ b/lib/libssl/src/crypto/evp/evp.h
@@ -64,40 +64,40 @@ extern "C" {
 #endif
 
 #ifndef NO_MD2
-#include "md2.h"
+#include <openssl/md2.h>
 #endif
 #ifndef NO_MD5
-#include "md5.h"
+#include <openssl/md5.h>
 #endif
-#if !defined(NO_SHA) || !defined(NO_SHA1)
-#include "sha.h"
+#ifndef NO_SHA
+#include <openssl/sha.h>
 #endif
 #ifndef NO_RIPEMD
-#include "ripemd.h"
+#include <openssl/ripemd.h>
 #endif
 #ifndef NO_DES
-#include "des.h"
+#include <openssl/des.h>
 #endif
 #ifndef NO_RC4
-#include "rc4.h"
+#include <openssl/rc4.h>
 #endif
 #ifndef NO_RC2
-#include "rc2.h"
+#include <openssl/rc2.h>
 #endif
 #ifndef NO_RC5
-#include "rc5.h"
+#include <openssl/rc5.h>
 #endif
-#ifndef NO_BLOWFISH
-#include "blowfish.h"
+#ifndef NO_BF
+#include <openssl/blowfish.h>
 #endif
 #ifndef NO_CAST
-#include "cast.h"
+#include <openssl/cast.h>
 #endif
 #ifndef NO_IDEA
-#include "idea.h"
+#include <openssl/idea.h>
 #endif
 #ifndef NO_MDC2
-#include "mdc2.h"
+#include <openssl/mdc2.h>
 #endif
 
 #define EVP_RC2_KEY_SIZE		16
@@ -109,25 +109,23 @@ extern "C" {
 #define EVP_MAX_KEY_LENGTH		24
 #define EVP_MAX_IV_LENGTH		8
 
+#define PKCS5_SALT_LEN			8
+/* Default PKCS#5 iteration count */
+#define PKCS5_DEFAULT_ITER		2048
+
 #ifndef NO_RSA
-#include "rsa.h"
-#else
-#define RSA	long
+#include <openssl/rsa.h>
 #endif
 
 #ifndef NO_DSA
-#include "dsa.h"
-#else
-#define DSA	long
+#include <openssl/dsa.h>
 #endif
 
 #ifndef NO_DH
-#include "dh.h"
-#else
-#define DH	long
+#include <openssl/dh.h>
 #endif
 
-#include "objects.h"
+#include <openssl/objects.h>
 
 #define EVP_PK_RSA	0x0001
 #define EVP_PK_DSA	0x0002
@@ -159,16 +157,18 @@ typedef struct evp_pkey_st
 	int references;
 	union	{
 		char *ptr;
+#ifndef NO_RSA
 		struct rsa_st *rsa;	/* RSA */
+#endif
+#ifndef NO_DSA
 		struct dsa_st *dsa;	/* DSA */
+#endif
+#ifndef NO_DH
 		struct dh_st *dh;	/* DH */
+#endif
 		} pkey;
 	int save_parameters;
-#ifdef HEADER_STACK_H
-	STACK /* X509_ATTRIBUTE */ *attributes; /* [ 0 ] */
-#else
-	char /* X509_ATTRIBUTE */ *attributes; /* [ 0 ] */
-#endif
+	STACK /*X509_ATTRIBUTE*/ *attributes; /* [ 0 ] */
 	} EVP_PKEY;
 
 #define EVP_PKEY_MO_SIGN	0x0001
@@ -183,7 +183,7 @@ typedef struct evp_pkey_st
  * This is required because for various smart-card perform the digest and
  * signing/verification on-board.  To handle this case, the specific
  * EVP_MD and EVP_PKEY_METHODs need to be closely associated.
- * When a PKEY is created, it will have a EVP_PKEY_METHOD ossociated with it.
+ * When a PKEY is created, it will have a EVP_PKEY_METHOD associated with it.
  * This can either be software or a token to provide the required low level
  * routines.
  */
@@ -194,28 +194,28 @@ typedef struct evp_pkey_md_st
 	EVP_PKEY_METHOD *pkey;
 	} EVP_PKEY_MD;
 
-#define EVP_rsa_md2()
+#define EVP_rsa_md2() \
 		EVP_PKEY_MD_add(NID_md2WithRSAEncryption,\
 			EVP_rsa_pkcs1(),EVP_md2())
-#define EVP_rsa_md5()
+#define EVP_rsa_md5() \
 		EVP_PKEY_MD_add(NID_md5WithRSAEncryption,\
 			EVP_rsa_pkcs1(),EVP_md5())
-#define EVP_rsa_sha0()
+#define EVP_rsa_sha0() \
 		EVP_PKEY_MD_add(NID_shaWithRSAEncryption,\
 			EVP_rsa_pkcs1(),EVP_sha())
-#define EVP_rsa_sha1()
+#define EVP_rsa_sha1() \
 		EVP_PKEY_MD_add(NID_sha1WithRSAEncryption,\
 			EVP_rsa_pkcs1(),EVP_sha1())
-#define EVP_rsa_ripemd160()
+#define EVP_rsa_ripemd160() \
 		EVP_PKEY_MD_add(NID_ripemd160WithRSA,\
 			EVP_rsa_pkcs1(),EVP_ripemd160())
-#define EVP_rsa_mdc2()
+#define EVP_rsa_mdc2() \
 		EVP_PKEY_MD_add(NID_mdc2WithRSA,\
 			EVP_rsa_octet_string(),EVP_mdc2())
-#define EVP_dsa_sha()
+#define EVP_dsa_sha() \
 		EVP_PKEY_MD_add(NID_dsaWithSHA,\
 			EVP_dsa(),EVP_mdc2())
-#define EVP_dsa_sha1()
+#define EVP_dsa_sha1() \
 		EVP_PKEY_MD_add(NID_dsaWithSHA1,\
 			EVP_dsa(),EVP_sha1())
 
@@ -261,6 +261,8 @@ typedef struct env_md_st
 	int ctx_size; /* how big does the ctx need to be */
 	} EVP_MD;
 
+
+
 #define EVP_PKEY_NULL_method	NULL,NULL,{0,0,0,0}
 
 #ifndef NO_DSA
@@ -287,7 +289,7 @@ typedef struct env_md_st
 
 typedef struct env_md_ctx_st
 	{
-	EVP_MD *digest;
+	const EVP_MD *digest;
 	union	{
 		unsigned char base[4];
 #ifndef NO_MD2
@@ -296,10 +298,10 @@ typedef struct env_md_ctx_st
 #ifndef NO_MD5
 		MD5_CTX md5;
 #endif
-#ifndef NO_MD5
+#ifndef NO_RIPEMD
 		RIPEMD160_CTX ripemd160;
 #endif
-#if !defined(NO_SHA) || !defined(NO_SHA1)
+#ifndef NO_SHA
 		SHA_CTX sha;
 #endif
 #ifndef NO_MDC2
@@ -326,13 +328,13 @@ typedef struct evp_cipher_st
 
 typedef struct evp_cipher_info_st
 	{
-	EVP_CIPHER *cipher;
+	const EVP_CIPHER *cipher;
 	unsigned char iv[EVP_MAX_IV_LENGTH];
 	} EVP_CIPHER_INFO;
 
 typedef struct evp_cipher_ctx_st
 	{
-	EVP_CIPHER *cipher;
+	const EVP_CIPHER *cipher;
 	int encrypt;		/* encrypt or decrypt */
 	int buf_len;		/* number we have left */
 
@@ -355,8 +357,8 @@ typedef struct evp_cipher_ctx_st
 		struct
 			{
 			des_key_schedule ks;/* key schedule */
-			C_Block inw;
-			C_Block outw;
+			des_cblock inw;
+			des_cblock outw;
 			} desx_cbc;
 		struct
 			{
@@ -374,7 +376,7 @@ typedef struct evp_cipher_ctx_st
 #ifndef NO_RC5
 		RC5_32_KEY rc5_ks;/* key schedule */
 #endif
-#ifndef NO_BLOWFISH
+#ifndef NO_BF
 		BF_KEY bf_ks;/* key schedule */
 #endif
 #ifndef NO_CAST
@@ -396,6 +398,11 @@ typedef struct evp_Encode_Ctx_st
 	int expect_nl;
 	} EVP_ENCODE_CTX;
 
+/* Password based encryption function */
+typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+		ASN1_TYPE *param, EVP_CIPHER *cipher,
+                EVP_MD *md, int en_de);
+
 #define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
 					(char *)(rsa))
 #define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\
@@ -430,6 +437,7 @@ typedef struct evp_Encode_Ctx_st
 #define EVP_CIPHER_CTX_iv_length(e)	((e)->cipher->iv_len)
 #define EVP_CIPHER_CTX_get_app_data(e)	((e)->app_data)
 #define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d))
+#define EVP_CIPHER_CTX_type(c)         EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
 
 #define EVP_ENCODE_LENGTH(l)	(((l+2)/3*4)+(l/48+1)*2+80)
 #define EVP_DECODE_LENGTH(l)	((l+3)/4*3+80)
@@ -441,43 +449,56 @@ typedef struct evp_Encode_Ctx_st
 #define EVP_OpenUpdate(a,b,c,d,e)	EVP_DecryptUpdate(a,b,c,d,e)
 #define EVP_SealUpdate(a,b,c,d,e)	EVP_EncryptUpdate(a,b,c,d,e)	
 
-#define BIO_set_md(b,md)		BIO_ctrl(b,BIO_C_SET_MD,0,(char *)md)
+#ifdef CONST_STRICT
+void BIO_set_md(BIO *,const EVP_MD *md);
+#else
+# define BIO_set_md(b,md)		BIO_ctrl(b,BIO_C_SET_MD,0,(char *)md)
+#endif
 #define BIO_get_md(b,mdp)		BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp)
 #define BIO_get_md_ctx(b,mdcp)     BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp)
 #define BIO_get_cipher_status(b)	BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
+#define BIO_get_cipher_ctx(b,c_pp)	BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp)
 
 #define	EVP_Cipher(c,o,i,l)	(c)->cipher->do_cipher((c),(o),(i),(l))
 
-#ifndef NOPROTO
+#define EVP_add_cipher_alias(n,alias) \
+	OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n))
+#define EVP_add_digest_alias(n,alias) \
+	OBJ_NAME_add((alias),OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,(n))
+#define EVP_delete_cipher_alias(alias) \
+	OBJ_NAME_remove(alias,OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS);
+#define EVP_delete_digest_alias(alias) \
+	OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS);
 
-void	EVP_DigestInit(EVP_MD_CTX *ctx, EVP_MD *type);
-void	EVP_DigestUpdate(EVP_MD_CTX *ctx,unsigned char *d,unsigned int cnt);
+
+int     EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in);  
+void	EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+void	EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d,
+			 unsigned int cnt);
 void	EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
 
-int	EVP_read_pw_string(char *buf,int length,char *prompt,int verify);
+int	EVP_read_pw_string(char *buf,int length,const char *prompt,int verify);
 void	EVP_set_pw_prompt(char *prompt);
 char *	EVP_get_pw_prompt(void);
 
-int	EVP_BytesToKey(EVP_CIPHER *type,EVP_MD *md,unsigned char *salt,
+int	EVP_BytesToKey(const EVP_CIPHER *type,EVP_MD *md,unsigned char *salt,
 		unsigned char *data, int datal, int count,
 		unsigned char *key,unsigned char *iv);
 
-EVP_CIPHER *EVP_get_cipherbyname(char *name);
-
-void	EVP_EncryptInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,
+void	EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
 		unsigned char *key, unsigned char *iv);
 void	EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
 		int *outl, unsigned char *in, int inl);
 void	EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
 
-void	EVP_DecryptInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,
+void	EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
 		unsigned char *key, unsigned char *iv);
 void	EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
 		int *outl, unsigned char *in, int inl);
 int	EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
 
-void	EVP_CipherInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type, unsigned char *key,
-		unsigned char *iv,int enc);
+void	EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
+		       unsigned char *key,unsigned char *iv,int enc);
 void	EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
 		int *outl, unsigned char *in, int inl);
 int	EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
@@ -519,7 +540,8 @@ void EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
 BIO_METHOD *BIO_f_md(void);
 BIO_METHOD *BIO_f_base64(void);
 BIO_METHOD *BIO_f_cipher(void);
-void BIO_set_cipher(BIO *b,EVP_CIPHER *c,unsigned char *k,
+BIO_METHOD *BIO_f_reliable(void);
+void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,unsigned char *k,
 	unsigned char *i, int enc);
 #endif
 
@@ -556,6 +578,7 @@ EVP_CIPHER *EVP_idea_cbc(void);
 EVP_CIPHER *EVP_rc2_ecb(void);
 EVP_CIPHER *EVP_rc2_cbc(void);
 EVP_CIPHER *EVP_rc2_40_cbc(void);
+EVP_CIPHER *EVP_rc2_64_cbc(void);
 EVP_CIPHER *EVP_rc2_cfb(void);
 EVP_CIPHER *EVP_rc2_ofb(void);
 EVP_CIPHER *EVP_bf_ecb(void);
@@ -577,11 +600,9 @@ void SSLeay_add_all_digests(void);
 
 int EVP_add_cipher(EVP_CIPHER *cipher);
 int EVP_add_digest(EVP_MD *digest);
-int EVP_add_alias(char *name,char *alias);
-int EVP_delete_alias(char *name);
 
-EVP_CIPHER *EVP_get_cipherbyname(char *name);
-EVP_MD *EVP_get_digestbyname(char *name);
+const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
+const EVP_MD *EVP_get_digestbyname(const char *name);
 void EVP_cleanup(void);
 
 int		EVP_PKEY_decrypt(unsigned char *dec_key,unsigned char *enc_key,
@@ -607,6 +628,8 @@ int EVP_PKEY_missing_parameters(EVP_PKEY *pkey);
 int EVP_PKEY_save_parameters(EVP_PKEY *pkey,int mode);
 int EVP_PKEY_cmp_parameters(EVP_PKEY *a,EVP_PKEY *b);
 
+int EVP_CIPHER_type(const EVP_CIPHER *ctx);
+
 /* calls methods */
 int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
 int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
@@ -615,177 +638,81 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
 int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type);
 int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type);
 
-#else
-
-void	EVP_DigestInit();
-void	EVP_DigestUpdate();
-void	EVP_DigestFinal();
-
-int	EVP_read_pw_string();
-void	EVP_set_pw_prompt();
-char *	EVP_get_pw_prompt();
-
-int	EVP_BytesToKey();
-
-EVP_CIPHER *EVP_get_cipherbyname();
-
-void	EVP_EncryptInit();
-void	EVP_EncryptUpdate();
-void	EVP_EncryptFinal();
-
-void	EVP_DecryptInit();
-void	EVP_DecryptUpdate();
-int	EVP_DecryptFinal();
-
-void	EVP_CipherInit();
-void	EVP_CipherUpdate();
-int	EVP_CipherFinal();
-
-int	EVP_SignFinal();
-
-int	EVP_VerifyFinal();
-
-int	EVP_OpenInit();
-int	EVP_OpenFinal();
-
-int	EVP_SealInit();
-void	EVP_SealFinal();
-
-void	EVP_EncodeInit();
-void	EVP_EncodeUpdate();
-void	EVP_EncodeFinal();
-int	EVP_EncodeBlock();
-
-void	EVP_DecodeInit();
-int	EVP_DecodeUpdate();
-int	EVP_DecodeFinal();
-int	EVP_DecodeBlock();
-
-void	ERR_load_EVP_strings();
-
-void EVP_CIPHER_CTX_init();
-void EVP_CIPHER_CTX_cleanup();
-
-#ifdef HEADER_BIO_H
-BIO_METHOD *BIO_f_md();
-BIO_METHOD *BIO_f_base64();
-BIO_METHOD *BIO_f_cipher();
-void BIO_set_cipher();
-#endif
-
-EVP_MD *EVP_md_null();
-EVP_MD *EVP_md2();
-EVP_MD *EVP_md5();
-EVP_MD *EVP_sha();
-EVP_MD *EVP_sha1();
-EVP_MD *EVP_dss();
-EVP_MD *EVP_dss1();
-EVP_MD *EVP_mdc2();
-
-EVP_CIPHER *EVP_enc_null();
-EVP_CIPHER *EVP_des_ecb();
-EVP_CIPHER *EVP_des_ede();
-EVP_CIPHER *EVP_des_ede3();
-EVP_CIPHER *EVP_des_cfb();
-EVP_CIPHER *EVP_des_ede_cfb();
-EVP_CIPHER *EVP_des_ede3_cfb();
-EVP_CIPHER *EVP_des_ofb();
-EVP_CIPHER *EVP_des_ede_ofb();
-EVP_CIPHER *EVP_des_ede3_ofb();
-EVP_CIPHER *EVP_des_cbc();
-EVP_CIPHER *EVP_des_ede_cbc();
-EVP_CIPHER *EVP_des_ede3_cbc();
-EVP_CIPHER *EVP_desx_cbc();
-EVP_CIPHER *EVP_rc4();
-EVP_CIPHER *EVP_rc4_40();
-EVP_CIPHER *EVP_idea_ecb();
-EVP_CIPHER *EVP_idea_cfb();
-EVP_CIPHER *EVP_idea_ofb();
-EVP_CIPHER *EVP_idea_cbc();
-EVP_CIPHER *EVP_rc2_ecb();
-EVP_CIPHER *EVP_rc2_cbc();
-EVP_CIPHER *EVP_rc2_40_cbc();
-EVP_CIPHER *EVP_rc2_cfb();
-EVP_CIPHER *EVP_rc2_ofb();
-EVP_CIPHER *EVP_bf_ecb();
-EVP_CIPHER *EVP_bf_cbc();
-EVP_CIPHER *EVP_bf_cfb();
-EVP_CIPHER *EVP_bf_ofb();
-EVP_CIPHER *EVP_cast5_ecb();
-EVP_CIPHER *EVP_cast5_cbc();
-EVP_CIPHER *EVP_cast5_cfb();
-EVP_CIPHER *EVP_cast5_ofb();
-EVP_CIPHER *EVP_rc5_32_12_16_cbc();
-EVP_CIPHER *EVP_rc5_32_12_16_ecb();
-EVP_CIPHER *EVP_rc5_32_12_16_cfb();
-EVP_CIPHER *EVP_rc5_32_12_16_ofb();
-
-void SSLeay_add_all_algorithms();
-void SSLeay_add_all_ciphers();
-void SSLeay_add_all_digests();
-
-int EVP_add_cipher();
-int EVP_add_digest();
-int EVP_add_alias();
-int EVP_delete_alias();
-
-EVP_CIPHER *EVP_get_cipherbyname();
-EVP_MD *EVP_get_digestbyname();
-void EVP_cleanup();
-
-int		EVP_PKEY_decrypt();
-int		EVP_PKEY_encrypt();
-int		EVP_PKEY_type();
-int		EVP_PKEY_bits();
-int		EVP_PKEY_size();
-int 		EVP_PKEY_assign();
-EVP_PKEY *	EVP_PKEY_new();
-void		EVP_PKEY_free();
-EVP_PKEY *	d2i_PublicKey();
-int		i2d_PublicKey();
-
-EVP_PKEY *	d2i_PrivateKey();
-int		i2d_PrivateKey();
-
-int EVP_PKEY_copy_parameters();
-int EVP_PKEY_missing_parameters();
-int EVP_PKEY_save_parameters();
-int EVP_PKEY_cmp_parameters();
-
-int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
-int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
-
-int EVP_CIPHER_set_asn1_iv();
-int EVP_CIPHER_get_asn1_iv();
-
-#endif
+/* PKCS5 password based encryption */
+int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+			 ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md,
+			 int en_de);
+int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
+			   unsigned char *salt, int saltlen, int iter,
+			   int keylen, unsigned char *out);
+int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+			 ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md,
+			 int en_de);
+
+void PKCS5_PBE_add(void);
+
+int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
+	     ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de);
+int EVP_PBE_alg_add(int nid, EVP_CIPHER *cipher, EVP_MD *md,
+		    EVP_PBE_KEYGEN *keygen);
+void EVP_PBE_cleanup(void);
 
 /* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
 /* Error codes for the EVP functions. */
 
 /* Function codes. */
 #define EVP_F_D2I_PKEY					 100
 #define EVP_F_EVP_DECRYPTFINAL				 101
+#define EVP_F_EVP_MD_CTX_COPY				 110
 #define EVP_F_EVP_OPENINIT				 102
+#define EVP_F_EVP_PBE_ALG_ADD				 115
+#define EVP_F_EVP_PBE_CIPHERINIT			 116
+#define EVP_F_EVP_PKCS82PKEY				 111
+#define EVP_F_EVP_PKCS8_SET_BROKEN			 112
+#define EVP_F_EVP_PKEY2PKCS8				 113
 #define EVP_F_EVP_PKEY_COPY_PARAMETERS			 103
 #define EVP_F_EVP_PKEY_DECRYPT				 104
 #define EVP_F_EVP_PKEY_ENCRYPT				 105
 #define EVP_F_EVP_PKEY_NEW				 106
 #define EVP_F_EVP_SIGNFINAL				 107
 #define EVP_F_EVP_VERIFYFINAL				 108
+#define EVP_F_PKCS5_PBE_KEYIVGEN			 117
+#define EVP_F_PKCS5_V2_PBE_KEYIVGEN			 118
+#define EVP_F_RC2_MAGIC_TO_METH				 109
 
 /* Reason codes. */
 #define EVP_R_BAD_DECRYPT				 100
+#define EVP_R_BN_DECODE_ERROR				 112
+#define EVP_R_BN_PUBKEY_ERROR				 113
+#define EVP_R_CIPHER_PARAMETER_ERROR			 122
+#define EVP_R_DECODE_ERROR				 114
 #define EVP_R_DIFFERENT_KEY_TYPES			 101
+#define EVP_R_ENCODE_ERROR				 115
+#define EVP_R_EVP_PBE_CIPHERINIT_ERROR			 119
+#define EVP_R_INPUT_NOT_INITIALIZED			 111
 #define EVP_R_IV_TOO_LARGE				 102
+#define EVP_R_KEYGEN_FAILURE				 120
 #define EVP_R_MISSING_PARMATERS				 103
+#define EVP_R_NO_DSA_PARAMETERS				 116
 #define EVP_R_NO_SIGN_FUNCTION_CONFIGURED		 104
 #define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED		 105
+#define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE			 117
 #define EVP_R_PUBLIC_KEY_NOT_RSA			 106
+#define EVP_R_UNKNOWN_PBE_ALGORITHM			 121
 #define EVP_R_UNSUPPORTED_CIPHER			 107
-#define EVP_R_WRONG_FINAL_BLOCK_LENGTH			 108
-#define EVP_R_WRONG_PUBLIC_KEY_TYPE			 109
- 
+#define EVP_R_UNSUPPORTED_KEYLENGTH			 123
+#define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION	 124
+#define EVP_R_UNSUPPORTED_KEY_SIZE			 108
+#define EVP_R_UNSUPPORTED_PRF				 125
+#define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM		 118
+#define EVP_R_UNSUPPORTED_SALT_TYPE			 126
+#define EVP_R_WRONG_FINAL_BLOCK_LENGTH			 109
+#define EVP_R_WRONG_PUBLIC_KEY_TYPE			 110
+
 #ifdef  __cplusplus
 }
 #endif
diff --git a/lib/libssl/src/crypto/evp/evp_enc.c b/lib/libssl/src/crypto/evp/evp_enc.c
index 93cc3a9464e..5299a65b6af 100644
--- a/lib/libssl/src/crypto/evp/evp_enc.c
+++ b/lib/libssl/src/crypto/evp/evp_enc.c
@@ -58,23 +58,18 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
+#include <openssl/evp.h>
 
-char *EVP_version="EVP part of SSLeay 0.9.0b 29-Jun-1998";
+const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT;
 
-void EVP_CIPHER_CTX_init(ctx)
-EVP_CIPHER_CTX *ctx;
+void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
 	{
 	memset(ctx,0,sizeof(EVP_CIPHER_CTX));
 	/* ctx->cipher=NULL; */
 	}
 
-void EVP_CipherInit(ctx,data,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-EVP_CIPHER *data;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+void EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *data,
+	     unsigned char *key, unsigned char *iv, int enc)
 	{
 	if (enc)
 		EVP_EncryptInit(ctx,data,key,iv);
@@ -82,22 +77,15 @@ int enc;
 		EVP_DecryptInit(ctx,data,key,iv);
 	}
 
-void EVP_CipherUpdate(ctx,out,outl,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-int *outl;
-unsigned char *in;
-int inl;
+void EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+	     unsigned char *in, int inl)
 	{
 	if (ctx->encrypt)
 		EVP_EncryptUpdate(ctx,out,outl,in,inl);
 	else	EVP_DecryptUpdate(ctx,out,outl,in,inl);
 	}
 
-int EVP_CipherFinal(ctx,out,outl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-int *outl;
+int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 	{
 	if (ctx->encrypt)
 		{
@@ -107,11 +95,8 @@ int *outl;
 	else	return(EVP_DecryptFinal(ctx,out,outl));
 	}
 
-void EVP_EncryptInit(ctx,cipher,key,iv)
-EVP_CIPHER_CTX *ctx;
-EVP_CIPHER *cipher;
-unsigned char *key;
-unsigned char *iv;
+void EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+	     unsigned char *key, unsigned char *iv)
 	{
 	if (cipher != NULL)
 		ctx->cipher=cipher;
@@ -120,11 +105,8 @@ unsigned char *iv;
 	ctx->buf_len=0;
 	}
 
-void EVP_DecryptInit(ctx,cipher,key,iv)
-EVP_CIPHER_CTX *ctx;
-EVP_CIPHER *cipher;
-unsigned char *key;
-unsigned char *iv;
+void EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+	     unsigned char *key, unsigned char *iv)
 	{
 	if (cipher != NULL)
 		ctx->cipher=cipher;
@@ -134,12 +116,8 @@ unsigned char *iv;
 	}
 
 
-void EVP_EncryptUpdate(ctx,out,outl,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-int *outl;
-unsigned char *in;
-int inl;
+void EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+	     unsigned char *in, int inl)
 	{
 	int i,j,bl;
 
@@ -179,10 +157,7 @@ int inl;
 	ctx->buf_len=i;
 	}
 
-void EVP_EncryptFinal(ctx,out,outl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-int *outl;
+void EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 	{
 	int i,n,b,bl;
 
@@ -200,12 +175,8 @@ int *outl;
 	*outl=b;
 	}
 
-void EVP_DecryptUpdate(ctx,out,outl,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-int *outl;
-unsigned char *in;
-int inl;
+void EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+	     unsigned char *in, int inl)
 	{
 	int b,bl,n;
 	int keep_last=0;
@@ -249,10 +220,7 @@ int inl;
 		}
 	}
 
-int EVP_DecryptFinal(ctx,out,outl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-int *outl;
+int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 	{
 	int i,b;
 	int n;
@@ -293,8 +261,7 @@ int *outl;
 	return(1);
 	}
 
-void EVP_CIPHER_CTX_cleanup(c)
-EVP_CIPHER_CTX *c;
+void EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
 	{
 	if ((c->cipher != NULL) && (c->cipher->cleanup != NULL))
 		c->cipher->cleanup(c);
diff --git a/lib/libssl/src/crypto/evp/evp_err.c b/lib/libssl/src/crypto/evp/evp_err.c
index 2b0a0ab93f4..c61cc922e83 100644
--- a/lib/libssl/src/crypto/evp/evp_err.c
+++ b/lib/libssl/src/crypto/evp/evp_err.c
@@ -1,63 +1,65 @@
-/* lib/evp/evp_err.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* crypto/evp/evp_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
+ */
+
 #include <stdio.h>
-#include "err.h"
-#include "evp.h"
+#include <openssl/err.h>
+#include <openssl/evp.h>
 
 /* BEGIN ERROR CODES */
 #ifndef NO_ERR
@@ -65,39 +67,65 @@ static ERR_STRING_DATA EVP_str_functs[]=
 	{
 {ERR_PACK(0,EVP_F_D2I_PKEY,0),	"D2I_PKEY"},
 {ERR_PACK(0,EVP_F_EVP_DECRYPTFINAL,0),	"EVP_DecryptFinal"},
+{ERR_PACK(0,EVP_F_EVP_MD_CTX_COPY,0),	"EVP_MD_CTX_copy"},
 {ERR_PACK(0,EVP_F_EVP_OPENINIT,0),	"EVP_OpenInit"},
+{ERR_PACK(0,EVP_F_EVP_PBE_ALG_ADD,0),	"EVP_PBE_alg_add"},
+{ERR_PACK(0,EVP_F_EVP_PBE_CIPHERINIT,0),	"EVP_PBE_CipherInit"},
+{ERR_PACK(0,EVP_F_EVP_PKCS82PKEY,0),	"EVP_PKCS82PKEY"},
+{ERR_PACK(0,EVP_F_EVP_PKCS8_SET_BROKEN,0),	"EVP_PKCS8_SET_BROKEN"},
+{ERR_PACK(0,EVP_F_EVP_PKEY2PKCS8,0),	"EVP_PKEY2PKCS8"},
 {ERR_PACK(0,EVP_F_EVP_PKEY_COPY_PARAMETERS,0),	"EVP_PKEY_copy_parameters"},
 {ERR_PACK(0,EVP_F_EVP_PKEY_DECRYPT,0),	"EVP_PKEY_decrypt"},
 {ERR_PACK(0,EVP_F_EVP_PKEY_ENCRYPT,0),	"EVP_PKEY_encrypt"},
 {ERR_PACK(0,EVP_F_EVP_PKEY_NEW,0),	"EVP_PKEY_new"},
 {ERR_PACK(0,EVP_F_EVP_SIGNFINAL,0),	"EVP_SignFinal"},
 {ERR_PACK(0,EVP_F_EVP_VERIFYFINAL,0),	"EVP_VerifyFinal"},
-{0,NULL},
+{ERR_PACK(0,EVP_F_PKCS5_PBE_KEYIVGEN,0),	"PKCS5_PBE_keyivgen"},
+{ERR_PACK(0,EVP_F_PKCS5_V2_PBE_KEYIVGEN,0),	"PKCS5_v2_PBE_keyivgen"},
+{ERR_PACK(0,EVP_F_RC2_MAGIC_TO_METH,0),	"RC2_MAGIC_TO_METH"},
+{0,NULL}
 	};
 
 static ERR_STRING_DATA EVP_str_reasons[]=
 	{
 {EVP_R_BAD_DECRYPT                       ,"bad decrypt"},
+{EVP_R_BN_DECODE_ERROR                   ,"bn decode error"},
+{EVP_R_BN_PUBKEY_ERROR                   ,"bn pubkey error"},
+{EVP_R_CIPHER_PARAMETER_ERROR            ,"cipher parameter error"},
+{EVP_R_DECODE_ERROR                      ,"decode error"},
 {EVP_R_DIFFERENT_KEY_TYPES               ,"different key types"},
+{EVP_R_ENCODE_ERROR                      ,"encode error"},
+{EVP_R_EVP_PBE_CIPHERINIT_ERROR          ,"evp pbe cipherinit error"},
+{EVP_R_INPUT_NOT_INITIALIZED             ,"input not initialized"},
 {EVP_R_IV_TOO_LARGE                      ,"iv too large"},
+{EVP_R_KEYGEN_FAILURE                    ,"keygen failure"},
 {EVP_R_MISSING_PARMATERS                 ,"missing parmaters"},
+{EVP_R_NO_DSA_PARAMETERS                 ,"no dsa parameters"},
 {EVP_R_NO_SIGN_FUNCTION_CONFIGURED       ,"no sign function configured"},
 {EVP_R_NO_VERIFY_FUNCTION_CONFIGURED     ,"no verify function configured"},
+{EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE         ,"pkcs8 unknown broken type"},
 {EVP_R_PUBLIC_KEY_NOT_RSA                ,"public key not rsa"},
+{EVP_R_UNKNOWN_PBE_ALGORITHM             ,"unknown pbe algorithm"},
 {EVP_R_UNSUPPORTED_CIPHER                ,"unsupported cipher"},
+{EVP_R_UNSUPPORTED_KEYLENGTH             ,"unsupported keylength"},
+{EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION,"unsupported key derivation function"},
+{EVP_R_UNSUPPORTED_KEY_SIZE              ,"unsupported key size"},
+{EVP_R_UNSUPPORTED_PRF                   ,"unsupported prf"},
+{EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM ,"unsupported private key algorithm"},
+{EVP_R_UNSUPPORTED_SALT_TYPE             ,"unsupported salt type"},
 {EVP_R_WRONG_FINAL_BLOCK_LENGTH          ,"wrong final block length"},
 {EVP_R_WRONG_PUBLIC_KEY_TYPE             ,"wrong public key type"},
-{0,NULL},
+{0,NULL}
 	};
 
 #endif
 
-void ERR_load_EVP_strings()
+void ERR_load_EVP_strings(void)
 	{
 	static int init=1;
 
-	if (init);
-		{;
+	if (init)
+		{
 		init=0;
 #ifndef NO_ERR
 		ERR_load_strings(ERR_LIB_EVP,EVP_str_functs);
diff --git a/lib/libssl/src/crypto/evp/evp_key.c b/lib/libssl/src/crypto/evp/evp_key.c
index dafa686f647..21eda418bc9 100644
--- a/lib/libssl/src/crypto/evp/evp_key.c
+++ b/lib/libssl/src/crypto/evp/evp_key.c
@@ -58,15 +58,14 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "x509.h"
-#include "objects.h"
-#include "evp.h"
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
 
 /* should be init to zeros. */
 static char prompt_string[80];
 
-void EVP_set_pw_prompt(prompt)
-char *prompt;
+void EVP_set_pw_prompt(char *prompt)
 	{
 	if (prompt == NULL)
 		prompt_string[0]='\0';
@@ -74,7 +73,7 @@ char *prompt;
 		strncpy(prompt_string,prompt,79);
 	}
 
-char *EVP_get_pw_prompt()
+char *EVP_get_pw_prompt(void)
 	{
 	if (prompt_string[0] == '\0')
 		return(NULL);
@@ -83,29 +82,19 @@ char *EVP_get_pw_prompt()
 	}
 
 #ifdef NO_DES
-int des_read_pw_string(char *buf,int len,char *prompt,int verify);
+int des_read_pw_string(char *buf,int len,const char *prompt,int verify);
 #endif
 
-int EVP_read_pw_string(buf,len,prompt,verify)
-char *buf;
-int len;
-char *prompt;
-int verify;
+int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
 	{
 	if ((prompt == NULL) && (prompt_string[0] != '\0'))
 		prompt=prompt_string;
 	return(des_read_pw_string(buf,len,prompt,verify));
 	}
 
-int EVP_BytesToKey(type,md,salt,data,datal,count,key,iv)
-EVP_CIPHER *type;
-EVP_MD *md;
-unsigned char *salt;
-unsigned char *data;
-int datal;
-int count;
-unsigned char *key;
-unsigned char *iv;
+int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md, unsigned char *salt,
+	     unsigned char *data, int datal, int count, unsigned char *key,
+	     unsigned char *iv)
 	{
 	EVP_MD_CTX c;
 	unsigned char md_buf[EVP_MAX_MD_SIZE];
diff --git a/lib/libssl/src/crypto/evp/evp_lib.c b/lib/libssl/src/crypto/evp/evp_lib.c
index 69784eb5554..3f9bf55828a 100644
--- a/lib/libssl/src/crypto/evp/evp_lib.c
+++ b/lib/libssl/src/crypto/evp/evp_lib.c
@@ -58,12 +58,10 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
 
-int EVP_CIPHER_param_to_asn1(c,type)
-EVP_CIPHER_CTX *c;
-ASN1_TYPE *type;
+int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
 	{
 	int ret;
 
@@ -74,9 +72,7 @@ ASN1_TYPE *type;
 	return(ret);
 	}
 
-int EVP_CIPHER_asn1_to_param(c,type)
-EVP_CIPHER_CTX *c;
-ASN1_TYPE *type;
+int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
 	{
 	int ret;
 
@@ -87,9 +83,7 @@ ASN1_TYPE *type;
 	return(ret);
 	}
 
-int EVP_CIPHER_get_asn1_iv(c,type)
-EVP_CIPHER_CTX *c;
-ASN1_TYPE *type;
+int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
 	{
 	int i=0,l;
 
@@ -97,14 +91,15 @@ ASN1_TYPE *type;
 		{
 		l=EVP_CIPHER_CTX_iv_length(c);
 		i=ASN1_TYPE_get_octetstring(type,c->oiv,l);
-		memcpy(c->iv,c->oiv,l);
+		if (i != l)
+			return(-1);
+		else if (i > 0)
+			memcpy(c->iv,c->oiv,l);
 		}
 	return(i);
 	}
 
-int EVP_CIPHER_set_asn1_iv(c,type)
-EVP_CIPHER_CTX *c;
-ASN1_TYPE *type;
+int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
 	{
 	int i=0,j;
 
@@ -115,3 +110,29 @@ ASN1_TYPE *type;
 		}
 	return(i);
 	}
+
+/* Convert the various cipher NIDs and dummies to a proper OID NID */
+int EVP_CIPHER_type(const EVP_CIPHER *ctx)
+{
+	int nid;
+	nid = EVP_CIPHER_nid(ctx);
+
+	switch(nid) {
+
+		case NID_rc2_cbc:
+		case NID_rc2_64_cbc:
+		case NID_rc2_40_cbc:
+
+		return NID_rc2_cbc;
+
+		case NID_rc4:
+		case NID_rc4_40:
+
+		return NID_rc4;
+
+		default:
+
+		return nid;
+	}
+}
+
diff --git a/lib/libssl/src/crypto/evp/evp_pbe.c b/lib/libssl/src/crypto/evp/evp_pbe.c
new file mode 100644
index 00000000000..353c3ad667f
--- /dev/null
+++ b/lib/libssl/src/crypto/evp/evp_pbe.c
@@ -0,0 +1,134 @@
+/* evp_pbe.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include "cryptlib.h"
+
+/* Password based encryption (PBE) functions */
+
+static STACK *pbe_algs;
+
+/* Setup a cipher context from a PBE algorithm */
+
+typedef struct {
+int pbe_nid;
+EVP_CIPHER *cipher;
+EVP_MD *md;
+EVP_PBE_KEYGEN *keygen;
+} EVP_PBE_CTL;
+
+int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
+	     ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de)
+{
+
+	EVP_PBE_CTL *pbetmp, pbelu;
+	int i;
+	pbelu.pbe_nid = OBJ_obj2nid(pbe_obj);
+	if (pbelu.pbe_nid != NID_undef) i = sk_find(pbe_algs, (char *)&pbelu);
+	else i = -1;
+
+	if (i == -1) {
+		char obj_tmp[80];
+		EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM);
+		if (!pbe_obj) strcpy (obj_tmp, "NULL");
+		else i2t_ASN1_OBJECT(obj_tmp, 80, pbe_obj);
+		ERR_add_error_data(2, "TYPE=", obj_tmp);
+		return 0;
+	}
+	if (passlen == -1) passlen = strlen(pass);
+	pbetmp = (EVP_PBE_CTL *)sk_value (pbe_algs, i);
+	i = (*pbetmp->keygen)(ctx, pass, passlen, param, pbetmp->cipher,
+						 pbetmp->md, en_de);
+	if (!i) {
+		EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_KEYGEN_FAILURE);
+		return 0;
+	}
+	return 1;	
+}
+
+static int pbe_cmp (EVP_PBE_CTL **pbe1, EVP_PBE_CTL **pbe2)
+{
+	return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid);
+}
+
+/* Add a PBE algorithm */
+
+int EVP_PBE_alg_add (int nid, EVP_CIPHER *cipher, EVP_MD *md,
+	     EVP_PBE_KEYGEN *keygen)
+{
+	EVP_PBE_CTL *pbe_tmp;
+	if (!pbe_algs) pbe_algs = sk_new (pbe_cmp);
+	if (!(pbe_tmp = (EVP_PBE_CTL*) Malloc (sizeof(EVP_PBE_CTL)))) {
+		EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	pbe_tmp->pbe_nid = nid;
+	pbe_tmp->cipher = cipher;
+	pbe_tmp->md = md;
+	pbe_tmp->keygen = keygen;
+	sk_push (pbe_algs, (char *)pbe_tmp);
+	return 1;
+}
+
+void EVP_PBE_cleanup(void)
+{
+	sk_pop_free(pbe_algs, FreeFunc);
+	pbe_algs = NULL;
+}
diff --git a/lib/libssl/src/crypto/evp/evp_pkey.c b/lib/libssl/src/crypto/evp/evp_pkey.c
new file mode 100644
index 00000000000..421e452db11
--- /dev/null
+++ b/lib/libssl/src/crypto/evp/evp_pkey.c
@@ -0,0 +1,298 @@
+/* evp_pkey.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/rand.h>
+
+/* Extract a private key from a PKCS8 structure */
+
+EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
+{
+	EVP_PKEY *pkey;
+#ifndef NO_RSA
+	RSA *rsa;
+#endif
+#ifndef NO_DSA
+	DSA *dsa;
+	ASN1_INTEGER *dsapriv;
+	STACK *ndsa;
+	BN_CTX *ctx;
+	int plen;
+#endif
+	X509_ALGOR *a;
+	unsigned char *p;
+	int pkeylen;
+	char obj_tmp[80];
+
+	switch (p8->broken) {
+		case PKCS8_OK:
+		p = p8->pkey->value.octet_string->data;
+		pkeylen = p8->pkey->value.octet_string->length;
+		break;
+
+		case PKCS8_NO_OCTET:
+		p = p8->pkey->value.sequence->data;
+		pkeylen = p8->pkey->value.sequence->length;
+		break;
+
+		default:
+		EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
+		return NULL;
+		break;
+	}
+	if (!(pkey = EVP_PKEY_new())) {
+		EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	a = p8->pkeyalg;
+	switch (OBJ_obj2nid(a->algorithm))
+	{
+#ifndef NO_RSA
+		case NID_rsaEncryption:
+		if (!(rsa = d2i_RSAPrivateKey (NULL, &p, pkeylen))) {
+			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+			return NULL;
+		}
+		EVP_PKEY_assign_RSA (pkey, rsa);
+		break;
+#endif
+#ifndef NO_DSA
+		case NID_dsa:
+		/* PKCS#8 DSA is weird: you just get a private key integer
+	         * and parameters in the AlgorithmIdentifier the pubkey must
+		 * be recalculated.
+		 */
+	
+		/* Check for broken Netscape Database DSA PKCS#8, UGH! */
+		if(*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) {
+		    if(!(ndsa = ASN1_seq_unpack(p, pkeylen, 
+					(char *(*)())d2i_ASN1_INTEGER,
+							 ASN1_STRING_free))) {
+			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+			return NULL;
+		    }
+		    if(sk_num(ndsa) != 2 ) {
+			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+			sk_pop_free(ndsa, ASN1_STRING_free);
+			return NULL;
+		    }
+		    dsapriv = (ASN1_INTEGER *) sk_pop(ndsa);
+		    sk_pop_free(ndsa, ASN1_STRING_free);
+		} else if (!(dsapriv=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) {
+			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+			return NULL;
+		}
+		/* Retrieve parameters */
+		if (a->parameter->type != V_ASN1_SEQUENCE) {
+			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_NO_DSA_PARAMETERS);
+			return NULL;
+		}
+		p = a->parameter->value.sequence->data;
+		plen = a->parameter->value.sequence->length;
+		if (!(dsa = d2i_DSAparams (NULL, &p, plen))) {
+			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+			return NULL;
+		}
+		/* We have parameters now set private key */
+		if (!(dsa->priv_key = ASN1_INTEGER_to_BN(dsapriv, NULL))) {
+			EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR);
+			DSA_free (dsa);
+			return NULL;
+		}
+		/* Calculate public key (ouch!) */
+		if (!(dsa->pub_key = BN_new())) {
+			EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
+			DSA_free (dsa);
+			return NULL;
+		}
+		if (!(ctx = BN_CTX_new())) {
+			EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
+			DSA_free (dsa);
+			return NULL;
+		}
+			
+		if (!BN_mod_exp(dsa->pub_key, dsa->g,
+						 dsa->priv_key, dsa->p, ctx)) {
+			
+			EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR);
+			BN_CTX_free (ctx);
+			DSA_free (dsa);
+			return NULL;
+		}
+
+		EVP_PKEY_assign_DSA (pkey, dsa);
+		BN_CTX_free (ctx);
+		break;
+#endif
+		default:
+		EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
+		if (!a->algorithm) strcpy (obj_tmp, "NULL");
+		else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm);
+		ERR_add_error_data(2, "TYPE=", obj_tmp);
+		EVP_PKEY_free (pkey);
+		return NULL;
+	}
+	return pkey;
+}
+
+/* Turn a private key into a PKCS8 structure */
+
+PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey)
+{
+	PKCS8_PRIV_KEY_INFO *p8;
+#ifndef NO_DSA
+	ASN1_INTEGER *dpkey;
+	unsigned char *p, *q;
+	int len;
+#endif
+	if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) {	
+		EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	ASN1_INTEGER_set (p8->version, 0);
+	if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) {
+		EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+		PKCS8_PRIV_KEY_INFO_free (p8);
+		return NULL;
+	}
+	switch (EVP_PKEY_type(pkey->type)) {
+#ifndef NO_RSA
+		case EVP_PKEY_RSA:
+
+		p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption);
+		p8->pkeyalg->parameter->type = V_ASN1_NULL;
+		if (!ASN1_pack_string ((char *)pkey, i2d_PrivateKey,
+					 &p8->pkey->value.octet_string)) {
+			EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+			PKCS8_PRIV_KEY_INFO_free (p8);
+			return NULL;
+		}
+		break;
+#endif
+#ifndef NO_DSA
+		case EVP_PKEY_DSA:
+		p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
+
+		/* get paramaters and place in AlgorithmIdentifier */
+		len = i2d_DSAparams (pkey->pkey.dsa, NULL);
+		if (!(p = Malloc(len))) {
+			EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+			PKCS8_PRIV_KEY_INFO_free (p8);
+			return NULL;
+		}
+		q = p;
+		i2d_DSAparams (pkey->pkey.dsa, &q);
+		p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
+		p8->pkeyalg->parameter->value.sequence = ASN1_STRING_new();
+		ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, len);
+		Free(p);
+		/* Get private key into an integer and pack */
+		if (!(dpkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
+			EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
+			PKCS8_PRIV_KEY_INFO_free (p8);
+			return NULL;
+		}
+		
+		if (!ASN1_pack_string((char *)dpkey, i2d_ASN1_INTEGER,
+					 &p8->pkey->value.octet_string)) {
+			EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+			ASN1_INTEGER_free (dpkey);
+			PKCS8_PRIV_KEY_INFO_free (p8);
+			return NULL;
+		}
+		ASN1_INTEGER_free (dpkey);
+		break;
+#endif
+		default:
+		EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
+		PKCS8_PRIV_KEY_INFO_free (p8);
+		return NULL;
+	}
+	p8->pkey->type = V_ASN1_OCTET_STRING;
+	RAND_seed (p8->pkey->value.octet_string->data,
+					 p8->pkey->value.octet_string->length);
+	return p8;
+}
+
+PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)
+{
+	switch (broken) {
+
+		case PKCS8_OK:
+		p8->broken = PKCS8_OK;
+		return p8;
+		break;
+
+		case PKCS8_NO_OCTET:
+		p8->broken = PKCS8_NO_OCTET;
+		p8->pkey->type = V_ASN1_SEQUENCE;
+		return p8;
+		break;
+
+		default:
+		EVPerr(EVP_F_EVP_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
+		return NULL;
+		break;
+		
+	}
+}
+
+
diff --git a/lib/libssl/src/crypto/evp/m_dss.c b/lib/libssl/src/crypto/evp/m_dss.c
index 3549b1699c0..8ea826868ea 100644
--- a/lib/libssl/src/crypto/evp/m_dss.c
+++ b/lib/libssl/src/crypto/evp/m_dss.c
@@ -58,10 +58,11 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
+#ifndef NO_SHA
 static EVP_MD dsa_md=
 	{
 	NID_dsaWithSHA,
@@ -75,8 +76,8 @@ static EVP_MD dsa_md=
 	sizeof(EVP_MD *)+sizeof(SHA_CTX),
 	};
 
-EVP_MD *EVP_dss()
+EVP_MD *EVP_dss(void)
 	{
 	return(&dsa_md);
 	}
-
+#endif
diff --git a/lib/libssl/src/crypto/evp/m_dss1.c b/lib/libssl/src/crypto/evp/m_dss1.c
index ff256b7b20d..9d8d1ce23e3 100644
--- a/lib/libssl/src/crypto/evp/m_dss1.c
+++ b/lib/libssl/src/crypto/evp/m_dss1.c
@@ -56,11 +56,12 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_SHA
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
 static EVP_MD dss1_md=
 	{
@@ -75,7 +76,8 @@ static EVP_MD dss1_md=
 	sizeof(EVP_MD *)+sizeof(SHA_CTX),
 	};
 
-EVP_MD *EVP_dss1()
+EVP_MD *EVP_dss1(void)
 	{
 	return(&dss1_md);
 	}
+#endif
diff --git a/lib/libssl/src/crypto/evp/m_md2.c b/lib/libssl/src/crypto/evp/m_md2.c
index 2209416142d..3281e91809f 100644
--- a/lib/libssl/src/crypto/evp/m_md2.c
+++ b/lib/libssl/src/crypto/evp/m_md2.c
@@ -56,11 +56,12 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_MD2
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
 static EVP_MD md2_md=
 	{
@@ -75,8 +76,8 @@ static EVP_MD md2_md=
 	sizeof(EVP_MD *)+sizeof(MD2_CTX),
 	};
 
-EVP_MD *EVP_md2()
+EVP_MD *EVP_md2(void)
 	{
 	return(&md2_md);
 	}
-
+#endif
diff --git a/lib/libssl/src/crypto/evp/m_md5.c b/lib/libssl/src/crypto/evp/m_md5.c
index d65db9aa1dd..9fc95301274 100644
--- a/lib/libssl/src/crypto/evp/m_md5.c
+++ b/lib/libssl/src/crypto/evp/m_md5.c
@@ -56,11 +56,12 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_MD5
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
 static EVP_MD md5_md=
 	{
@@ -75,7 +76,8 @@ static EVP_MD md5_md=
 	sizeof(EVP_MD *)+sizeof(MD5_CTX),
 	};
 
-EVP_MD *EVP_md5()
+EVP_MD *EVP_md5(void)
 	{
 	return(&md5_md);
 	}
+#endif
diff --git a/lib/libssl/src/crypto/evp/m_mdc2.c b/lib/libssl/src/crypto/evp/m_mdc2.c
index 64a853eb7f2..2c7f1ae515a 100644
--- a/lib/libssl/src/crypto/evp/m_mdc2.c
+++ b/lib/libssl/src/crypto/evp/m_mdc2.c
@@ -56,11 +56,12 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_MDC2
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
 static EVP_MD mdc2_md=
 	{
@@ -75,7 +76,8 @@ static EVP_MD mdc2_md=
 	sizeof(EVP_MD *)+sizeof(MDC2_CTX),
 	};
 
-EVP_MD *EVP_mdc2()
+EVP_MD *EVP_mdc2(void)
 	{
 	return(&mdc2_md);
 	}
+#endif
diff --git a/lib/libssl/src/crypto/evp/m_null.c b/lib/libssl/src/crypto/evp/m_null.c
index 6d80560df2e..e2dadf3dabc 100644
--- a/lib/libssl/src/crypto/evp/m_null.c
+++ b/lib/libssl/src/crypto/evp/m_null.c
@@ -58,11 +58,11 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
-static void function()
+static void function(void)
 	{
 	}
 
@@ -80,7 +80,7 @@ static EVP_MD null_md=
 	sizeof(EVP_MD *),
 	};
 
-EVP_MD *EVP_md_null()
+EVP_MD *EVP_md_null(void)
 	{
 	return(&null_md);
 	}
diff --git a/lib/libssl/src/crypto/evp/m_ripemd.c b/lib/libssl/src/crypto/evp/m_ripemd.c
index 04c5d8897b9..3d781a4e8df 100644
--- a/lib/libssl/src/crypto/evp/m_ripemd.c
+++ b/lib/libssl/src/crypto/evp/m_ripemd.c
@@ -56,11 +56,13 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_RIPEMD
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/ripemd.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
 static EVP_MD ripemd160_md=
 	{
@@ -75,7 +77,8 @@ static EVP_MD ripemd160_md=
 	sizeof(EVP_MD *)+sizeof(RIPEMD160_CTX),
 	};
 
-EVP_MD *EVP_ripemd160()
+EVP_MD *EVP_ripemd160(void)
 	{
 	return(&ripemd160_md);
 	}
+#endif
diff --git a/lib/libssl/src/crypto/evp/m_sha.c b/lib/libssl/src/crypto/evp/m_sha.c
index af4e434a225..6d35b71b850 100644
--- a/lib/libssl/src/crypto/evp/m_sha.c
+++ b/lib/libssl/src/crypto/evp/m_sha.c
@@ -56,11 +56,12 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_SHA
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
 static EVP_MD sha_md=
 	{
@@ -75,8 +76,8 @@ static EVP_MD sha_md=
 	sizeof(EVP_MD *)+sizeof(SHA_CTX),
 	};
 
-EVP_MD *EVP_sha()
+EVP_MD *EVP_sha(void)
 	{
 	return(&sha_md);
 	}
-
+#endif
diff --git a/lib/libssl/src/crypto/evp/m_sha1.c b/lib/libssl/src/crypto/evp/m_sha1.c
index 87135a9cf21..57a1ab0ccec 100644
--- a/lib/libssl/src/crypto/evp/m_sha1.c
+++ b/lib/libssl/src/crypto/evp/m_sha1.c
@@ -56,11 +56,12 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_SHA
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
 static EVP_MD sha1_md=
 	{
@@ -75,7 +76,8 @@ static EVP_MD sha1_md=
 	sizeof(EVP_MD *)+sizeof(SHA_CTX),
 	};
 
-EVP_MD *EVP_sha1()
+EVP_MD *EVP_sha1(void)
 	{
 	return(&sha1_md);
 	}
+#endif
diff --git a/lib/libssl/src/crypto/evp/names.c b/lib/libssl/src/crypto/evp/names.c
index e0774da20d1..3e8f4603285 100644
--- a/lib/libssl/src/crypto/evp/names.c
+++ b/lib/libssl/src/crypto/evp/names.c
@@ -58,228 +58,61 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
-typedef struct aliases_st {
-	char *alias;
-	/* This must be the last field becaue I will allocate things
-	 * so they go off the end of it */
-	char name[4];
-	} ALIASES;
-
-static STACK /* ALIASES */ *aliases=NULL;
-static STACK /* EVP_CIPHERS */ *ciphers=NULL;
-static STACK /* EVP_MD */ *digests=NULL;
-
-static int cipher_nid_cmp(a,b)
-EVP_CIPHER **a,**b;
-	{ return((*a)->nid - (*b)->nid); }
-
-static int digest_type_cmp(a,b)
-EVP_MD **a,**b;
-	{ return((*a)->pkey_type - (*b)->pkey_type); }
-
-int EVP_add_cipher(c)
-EVP_CIPHER *c;
-	{
-	int i;
-
-	if (ciphers == NULL)
-		{
-		ciphers=sk_new(cipher_nid_cmp);
-		if (ciphers == NULL) return(0);
-		}
-	if ((i=sk_find(ciphers,(char *)c)) >= 0)
-		{
-		if (sk_value(ciphers,i) == (char *)c)
-			return(1);
-		sk_delete(ciphers,i);
-		}
-	return(sk_push(ciphers,(char *)c));
-	}
-
-int EVP_add_digest(md)
-EVP_MD *md;
+int EVP_add_cipher(EVP_CIPHER *c)
 	{
-	int i;
-	char *n;
+	int r;
 
-	if (digests == NULL)
-		{
-		digests=sk_new(digest_type_cmp);
-		if (digests == NULL) return(0);
-		}
-	if ((i=sk_find(digests,(char *)md)) >= 0)
-		{
-		if (sk_value(digests,i) == (char *)md)
-			return(1);
-		sk_delete(digests,i);
-		}
-	if (md->type != md->pkey_type)
-		{
-		n=OBJ_nid2sn(md->pkey_type);
-		EVP_add_alias(n,OBJ_nid2sn(md->type));
-		EVP_add_alias(n,OBJ_nid2ln(md->type));
-		}
-	sk_push(digests,(char *)md);
-	return(1);
-	}
-
-static int alias_cmp(a,b)
-ALIASES **a,**b;
-	{
-	return(strcmp((*a)->alias,(*b)->alias));
+	r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(char *)c);
+	if (r == 0) return(0);
+	r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(char *)c);
+	return(r);
 	}
 
-int EVP_add_alias(name,aname)
-char *name;
-char *aname;
+int EVP_add_digest(EVP_MD *md)
 	{
-	int l1,l2,i;
-	ALIASES *a;
-	char *p;
+	int r;
+	const char *name;
 
-	if ((name == NULL) || (aname == NULL)) return(0);
-	l1=strlen(name)+1;
-	l2=strlen(aname)+1;
-	i=sizeof(ALIASES)+l1+l2;
-	if ((a=(ALIASES *)Malloc(i)) == NULL)
-		return(0);
-	strcpy(a->name,name);
-	p= &(a->name[l1]);
-	strcpy(p,aname);
-	a->alias=p;
+	name=OBJ_nid2sn(md->type);
+	r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(char *)md);
+	if (r == 0) return(0);
+	r=OBJ_NAME_add(OBJ_nid2ln(md->type),OBJ_NAME_TYPE_MD_METH,(char *)md);
+	if (r == 0) return(0);
 
-	if (aliases == NULL)
-		{
-		aliases=sk_new(alias_cmp);
-		if (aliases == NULL) goto err;
-		}
-
-	if ((i=sk_find(aliases,(char *)a)) >= 0)
+	if (md->type != md->pkey_type)
 		{
-		Free(sk_delete(aliases,i));
+		r=OBJ_NAME_add(OBJ_nid2sn(md->pkey_type),
+			OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name);
+		if (r == 0) return(0);
+		r=OBJ_NAME_add(OBJ_nid2ln(md->pkey_type),
+			OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name);
 		}
-	if (!sk_push(aliases,(char *)a)) goto err;
-	return(1);
-err:
-	return(0);
+	return(r);
 	}
 
-int EVP_delete_alias(name)
-char *name;
+const EVP_CIPHER *EVP_get_cipherbyname(const char *name)
 	{
-	ALIASES a;
-	int i;
+	const EVP_CIPHER *cp;
 
-	if (aliases != NULL)
-		{
-		a.alias=name;
-		if ((i=sk_find(aliases,(char *)&a)) >= 0)
-			{
-			Free(sk_delete(aliases,i));
-			return(1);
-			}
-		}
-	return(0);
+	cp=(const EVP_CIPHER *)OBJ_NAME_get(name,OBJ_NAME_TYPE_CIPHER_METH);
+	return(cp);
 	}
 
-EVP_CIPHER *EVP_get_cipherbyname(name)
-char *name;
+const EVP_MD *EVP_get_digestbyname(const char *name)
 	{
-	int nid,num=6,i;
-	EVP_CIPHER c,*cp;
-	ALIASES a,*ap;
-
-	if (ciphers == NULL) return(NULL);
-	for (;;)
-		{
-		if (num-- <= 0) return(NULL);
-		if (aliases != NULL)
-			{
-			a.alias=name;
-			i=sk_find(aliases,(char *)&a);
-			if (i >= 0)
-				{
-				ap=(ALIASES *)sk_value(aliases,i);
-				name=ap->name;
-				continue;
-				}
-			}
+	const EVP_MD *cp;
 
-		nid=OBJ_txt2nid(name);
-		if (nid == NID_undef) return(NULL);
-		c.nid=nid;
-		i=sk_find(ciphers,(char *)&c);
-		if (i >= 0)
-			{
-			cp=(EVP_CIPHER *)sk_value(ciphers,i);
-			return(cp);
-			}
-		else
-			return(NULL);
-		}
+	cp=(const EVP_MD *)OBJ_NAME_get(name,OBJ_NAME_TYPE_MD_METH);
+	return(cp);
 	}
 
-EVP_MD *EVP_get_digestbyname(name)
-char *name;
+void EVP_cleanup(void)
 	{
-	int nid,num=6,i;
-	EVP_MD c,*cp;
-	ALIASES a,*ap;
-
-	if (digests == NULL) return(NULL);
-
-	for (;;)
-		{
-		if (num-- <= 0) return(NULL);
-
-		if (aliases != NULL)
-			{
-			a.alias=name;
-			i=sk_find(aliases,(char *)&a);
-			if (i >= 0)
-				{
-				ap=(ALIASES *)sk_value(aliases,i);
-				name=ap->name;
-				continue;
-				}
-			}
-
-		nid=OBJ_txt2nid(name);
-		if (nid == NID_undef) return(NULL);
-		c.pkey_type=nid;
-		i=sk_find(digests,(char *)&c);
-		if (i >= 0)
-			{
-			cp=(EVP_MD *)sk_value(digests,i);
-			return(cp);
-			}
-		else
-			return(NULL);
-		}
-	}
-
-void EVP_cleanup()
-	{
-	int i;
-
-	if (aliases != NULL)
-		{
-		for (i=0; i<sk_num(aliases); i++)
-			Free(sk_value(aliases,i));
-		sk_free(aliases);
-		aliases=NULL;
-		}
-	if (ciphers != NULL)
-		{
-		sk_free(ciphers);
-		ciphers=NULL;
-		}
-	if (digests != NULL)
-		{
-		sk_free(digests);
-		digests=NULL;
-		}
+	OBJ_NAME_cleanup(OBJ_NAME_TYPE_CIPHER_METH);
+	OBJ_NAME_cleanup(OBJ_NAME_TYPE_MD_METH);
+	EVP_PBE_cleanup();
 	}
diff --git a/lib/libssl/src/crypto/evp/p5_crpt.c b/lib/libssl/src/crypto/evp/p5_crpt.c
new file mode 100644
index 00000000000..e3dae52d4de
--- /dev/null
+++ b/lib/libssl/src/crypto/evp/p5_crpt.c
@@ -0,0 +1,146 @@
+/* p5_crpt.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/x509.h>
+#include <openssl/evp.h>
+#include "cryptlib.h"
+
+/* PKCS#5 v1.5 compatible PBE functions: see PKCS#5 v2.0 for more info.
+ */
+
+void PKCS5_PBE_add(void)
+{
+#ifndef NO_DES
+#  ifndef NO_MD5
+EVP_PBE_alg_add(NID_pbeWithMD5AndDES_CBC, EVP_des_cbc(), EVP_md5(),
+							 PKCS5_PBE_keyivgen);
+#  endif
+#  ifndef NO_MD2
+EVP_PBE_alg_add(NID_pbeWithMD2AndDES_CBC, EVP_des_cbc(), EVP_md2(),
+							 PKCS5_PBE_keyivgen);
+#  endif
+#  ifndef NO_SHA
+EVP_PBE_alg_add(NID_pbeWithSHA1AndDES_CBC, EVP_des_cbc(), EVP_sha1(),
+							 PKCS5_PBE_keyivgen);
+#  endif
+#endif
+#ifndef NO_RC2
+#  ifndef NO_MD5
+EVP_PBE_alg_add(NID_pbeWithMD5AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md5(),
+							 PKCS5_PBE_keyivgen);
+#  endif
+#  ifndef NO_MD2
+EVP_PBE_alg_add(NID_pbeWithMD2AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md2(),
+							 PKCS5_PBE_keyivgen);
+#  endif
+#  ifndef NO_SHA
+EVP_PBE_alg_add(NID_pbeWithSHA1AndRC2_CBC, EVP_rc2_64_cbc(), EVP_sha1(),
+							 PKCS5_PBE_keyivgen);
+#  endif
+#endif
+#ifndef NO_HMAC
+EVP_PBE_alg_add(NID_pbes2, NULL, NULL, PKCS5_v2_PBE_keyivgen);
+#endif
+}
+
+int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
+			 ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md,
+			 int en_de)
+{
+	EVP_MD_CTX ctx;
+	unsigned char md_tmp[EVP_MAX_MD_SIZE];
+	unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
+	int i;
+	PBEPARAM *pbe;
+	int saltlen, iter;
+	unsigned char *salt, *pbuf;
+
+	/* Extract useful info from parameter */
+	pbuf = param->value.sequence->data;
+	if (!param || (param->type != V_ASN1_SEQUENCE) ||
+	   !(pbe = d2i_PBEPARAM (NULL, &pbuf, param->value.sequence->length))) {
+		EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
+		return 0;
+	}
+
+	if (!pbe->iter) iter = 1;
+	else iter = ASN1_INTEGER_get (pbe->iter);
+	salt = pbe->salt->data;
+	saltlen = pbe->salt->length;
+
+	EVP_DigestInit (&ctx, md);
+	EVP_DigestUpdate (&ctx, pass, passlen);
+	EVP_DigestUpdate (&ctx, salt, saltlen);
+	PBEPARAM_free(pbe);
+	EVP_DigestFinal (&ctx, md_tmp, NULL);
+	for (i = 1; i < iter; i++) {
+		EVP_DigestInit(&ctx, md);
+		EVP_DigestUpdate(&ctx, md_tmp, EVP_MD_size(md));
+		EVP_DigestFinal (&ctx, md_tmp, NULL);
+	}
+	memcpy (key, md_tmp, EVP_CIPHER_key_length(cipher));
+	memcpy (iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
+						 EVP_CIPHER_iv_length(cipher));
+	EVP_CipherInit(cctx, cipher, key, iv, en_de);
+	memset(md_tmp, 0, EVP_MAX_MD_SIZE);
+	memset(key, 0, EVP_MAX_KEY_LENGTH);
+	memset(iv, 0, EVP_MAX_IV_LENGTH);
+	return 1;
+}
diff --git a/lib/libssl/src/crypto/evp/p5_crpt2.c b/lib/libssl/src/crypto/evp/p5_crpt2.c
new file mode 100644
index 00000000000..27a2c518bed
--- /dev/null
+++ b/lib/libssl/src/crypto/evp/p5_crpt2.c
@@ -0,0 +1,247 @@
+/* p5_crpt2.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#if !defined(NO_HMAC) && !defined(NO_SHA)
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/x509.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include "cryptlib.h"
+
+/* set this to print out info about the keygen algorithm */
+/* #define DEBUG_PKCS5V2 */
+
+#ifdef DEBUG_PKCS5V2
+	static void h__dump (const unsigned char *p, int len);
+#endif
+
+/* This is an implementation of PKCS#5 v2.0 password based encryption key
+ * derivation function PBKDF2 using the only currently defined function HMAC
+ * with SHA1. Verified against test vectors posted by Peter Gutmann
+ * <pgut001@cs.auckland.ac.nz> to the PKCS-TNG <pkcs-tng@rsa.com> mailing list.
+ */
+
+int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
+			   unsigned char *salt, int saltlen, int iter,
+			   int keylen, unsigned char *out)
+{
+	unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4];
+	int cplen, j, k, tkeylen;
+	unsigned long i = 1;
+	HMAC_CTX hctx;
+	p = out;
+	tkeylen = keylen;
+	if(passlen == -1) passlen = strlen(pass);
+	while(tkeylen) {
+		if(tkeylen > SHA_DIGEST_LENGTH) cplen = SHA_DIGEST_LENGTH;
+		else cplen = tkeylen;
+		/* We are unlikely to ever use more than 256 blocks (5120 bits!)
+		 * but just in case...
+		 */
+		itmp[0] = (unsigned char)((i >> 24) & 0xff);
+		itmp[1] = (unsigned char)((i >> 16) & 0xff);
+		itmp[2] = (unsigned char)((i >> 8) & 0xff);
+		itmp[3] = (unsigned char)(i & 0xff);
+		HMAC_Init(&hctx, pass, passlen, EVP_sha1());
+		HMAC_Update(&hctx, salt, saltlen);
+		HMAC_Update(&hctx, itmp, 4);
+		HMAC_Final(&hctx, digtmp, NULL);
+		memcpy(p, digtmp, cplen);
+		for(j = 1; j < iter; j++) {
+			HMAC(EVP_sha1(), pass, passlen,
+				 digtmp, SHA_DIGEST_LENGTH, digtmp, NULL);
+			for(k = 0; k < cplen; k++) p[k] ^= digtmp[k];
+		}
+		tkeylen-= cplen;
+		i++;
+		p+= cplen;
+	}
+	HMAC_cleanup(&hctx);
+#ifdef DEBUG_PKCS5V2
+	fprintf(stderr, "Password:\n");
+	h__dump (pass, passlen);
+	fprintf(stderr, "Salt:\n");
+	h__dump (salt, saltlen);
+	fprintf(stderr, "Iteration count %d\n", iter);
+	fprintf(stderr, "Key:\n");
+	h__dump (out, keylen);
+#endif
+	return 1;
+}
+
+#ifdef DO_TEST
+main()
+{
+	unsigned char out[4];
+	unsigned char salt[] = {0x12, 0x34, 0x56, 0x78};
+	PKCS5_PBKDF2_HMAC_SHA1("password", -1, salt, 4, 5, 4, out);
+	fprintf(stderr, "Out %02X %02X %02X %02X\n",
+					 out[0], out[1], out[2], out[3]);
+}
+
+#endif
+
+/* Now the key derivation function itself. This is a bit evil because
+ * it has to check the ASN1 parameters are valid: and there are quite a
+ * few of them...
+ */
+
+int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+                         ASN1_TYPE *param, EVP_CIPHER *c, EVP_MD *md,
+                         int en_de)
+{
+	unsigned char *pbuf, *salt, key[EVP_MAX_KEY_LENGTH];
+	int saltlen, keylen, iter, plen;
+	PBE2PARAM *pbe2 = NULL;
+	const EVP_CIPHER *cipher;
+	PBKDF2PARAM *kdf = NULL;
+
+	pbuf = param->value.sequence->data;
+	plen = param->value.sequence->length;
+	if(!param || (param->type != V_ASN1_SEQUENCE) ||
+				   !(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) {
+		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
+		return 0;
+	}
+
+	/* See if we recognise the key derivation function */
+
+	if(OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) {
+		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
+				EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION);
+		goto err;
+	}
+
+	/* lets see if we recognise the encryption algorithm.
+	 */
+
+	cipher = EVP_get_cipherbyname(
+			OBJ_nid2sn(OBJ_obj2nid(pbe2->encryption->algorithm)));
+
+	if(!cipher) {
+		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
+						EVP_R_UNSUPPORTED_CIPHER);
+		goto err;
+	}
+
+	/* Fixup cipher based on AlgorithmIdentifier */
+	EVP_CipherInit(ctx, cipher, NULL, NULL, en_de);
+	if(EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) {
+		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
+					EVP_R_CIPHER_PARAMETER_ERROR);
+		goto err;
+	}
+	keylen = EVP_CIPHER_CTX_key_length(ctx);
+
+	/* Now decode key derivation function */
+
+	pbuf = pbe2->keyfunc->parameter->value.sequence->data;
+	plen = pbe2->keyfunc->parameter->value.sequence->length;
+	if(!pbe2->keyfunc->parameter ||
+		 (pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE) ||
+				!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {
+		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
+		goto err;
+	}
+
+	PBE2PARAM_free(pbe2);
+	pbe2 = NULL;
+
+	/* Now check the parameters of the kdf */
+
+	if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != keylen)){
+		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
+						EVP_R_UNSUPPORTED_KEYLENGTH);
+		goto err;
+	}
+
+	if(kdf->prf && (OBJ_obj2nid(kdf->prf->algorithm) != NID_hmacWithSHA1)) {
+		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
+		goto err;
+	}
+
+	if(kdf->salt->type != V_ASN1_OCTET_STRING) {
+		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
+						EVP_R_UNSUPPORTED_SALT_TYPE);
+		goto err;
+	}
+
+	/* it seems that its all OK */
+	salt = kdf->salt->value.octet_string->data;
+	saltlen = kdf->salt->value.octet_string->length;
+	iter = ASN1_INTEGER_get(kdf->iter);
+	PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
+	EVP_CipherInit(ctx, NULL, key, NULL, en_de);
+	memset(key, 0, keylen);
+	PBKDF2PARAM_free(kdf);
+	return 1;
+
+	err:
+	PBE2PARAM_free(pbe2);
+	PBKDF2PARAM_free(kdf);
+	return 0;
+}
+
+#ifdef DEBUG_PKCS5V2
+static void h__dump (const unsigned char *p, int len)
+{
+        for (; len --; p++) fprintf(stderr, "%02X ", *p);
+        fprintf(stderr, "\n");
+}
+#endif
+#endif
diff --git a/lib/libssl/src/crypto/evp/p_dec.c b/lib/libssl/src/crypto/evp/p_dec.c
index e845ce70c70..57b5daa4538 100644
--- a/lib/libssl/src/crypto/evp/p_dec.c
+++ b/lib/libssl/src/crypto/evp/p_dec.c
@@ -58,27 +58,30 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "rand.h"
-#include "rsa.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/rand.h>
+#ifndef NO_RSA
+#include <openssl/rsa.h>
+#endif
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
-int EVP_PKEY_decrypt(key,ek,ekl,priv)
-unsigned char *key;
-unsigned char *ek;
-int ekl;
-EVP_PKEY *priv;
+int EVP_PKEY_decrypt(unsigned char *key, unsigned char *ek, int ekl,
+	     EVP_PKEY *priv)
 	{
 	int ret= -1;
 	
+#ifndef NO_RSA
 	if (priv->type != EVP_PKEY_RSA)
 		{
+#endif
 		EVPerr(EVP_F_EVP_PKEY_DECRYPT,EVP_R_PUBLIC_KEY_NOT_RSA);
+#ifndef NO_RSA
 		goto err;
                 }
 
 	ret=RSA_private_decrypt(ekl,ek,key,priv->pkey.rsa,RSA_PKCS1_PADDING);
 err:
+#endif
 	return(ret);
 	}
diff --git a/lib/libssl/src/crypto/evp/p_enc.c b/lib/libssl/src/crypto/evp/p_enc.c
index a26bfad02aa..4cf6acaf5db 100644
--- a/lib/libssl/src/crypto/evp/p_enc.c
+++ b/lib/libssl/src/crypto/evp/p_enc.c
@@ -58,26 +58,29 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "rand.h"
-#include "rsa.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/rand.h>
+#ifndef NO_RSA
+#include <openssl/rsa.h>
+#endif
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
-int EVP_PKEY_encrypt(ek,key,key_len,pubk)
-unsigned char *ek;
-unsigned char *key;
-int key_len;
-EVP_PKEY *pubk;
+int EVP_PKEY_encrypt(unsigned char *ek, unsigned char *key, int key_len,
+	     EVP_PKEY *pubk)
 	{
 	int ret=0;
 	
+#ifndef NO_RSA
 	if (pubk->type != EVP_PKEY_RSA)
 		{
+#endif
 		EVPerr(EVP_F_EVP_PKEY_ENCRYPT,EVP_R_PUBLIC_KEY_NOT_RSA);
+#ifndef NO_RSA
 		goto err;
 		}
 	ret=RSA_public_encrypt(key_len,key,ek,pubk->pkey.rsa,RSA_PKCS1_PADDING);
 err:
+#endif
 	return(ret);
 	}
diff --git a/lib/libssl/src/crypto/evp/p_lib.c b/lib/libssl/src/crypto/evp/p_lib.c
index 395351b3733..3422b77de6e 100644
--- a/lib/libssl/src/crypto/evp/p_lib.c
+++ b/lib/libssl/src/crypto/evp/p_lib.c
@@ -58,22 +58,13 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "objects.h"
-#include "evp.h"
-#include "asn1_mac.h"
-#include "x509.h"
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
 
-/* EVPerr(EVP_F_D2I_PKEY,EVP_R_UNSUPPORTED_CIPHER); */
-/* EVPerr(EVP_F_D2I_PKEY,EVP_R_IV_TOO_LARGE); */
-
-#ifndef NOPROTO
 static void EVP_PKEY_free_it(EVP_PKEY *x);
-#else
-static void EVP_PKEY_free_it();
-#endif
-
-int EVP_PKEY_bits(pkey)
-EVP_PKEY *pkey;
+int EVP_PKEY_bits(EVP_PKEY *pkey)
 	{
 #ifndef NO_RSA
 	if (pkey->type == EVP_PKEY_RSA)
@@ -87,9 +78,10 @@ EVP_PKEY *pkey;
 	return(0);
 	}
 
-int EVP_PKEY_size(pkey)
-EVP_PKEY *pkey;
+int EVP_PKEY_size(EVP_PKEY *pkey)
 	{
+	if (pkey == NULL)
+		return(0);
 #ifndef NO_RSA
 	if (pkey->type == EVP_PKEY_RSA)
 		return(RSA_size(pkey->pkey.rsa));
@@ -102,9 +94,7 @@ EVP_PKEY *pkey;
 	return(0);
 	}
 
-int EVP_PKEY_save_parameters(pkey,mode)
-EVP_PKEY *pkey;
-int mode;
+int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode)
 	{
 #ifndef NO_DSA
 	if (pkey->type == EVP_PKEY_DSA)
@@ -119,8 +109,7 @@ int mode;
 	return(0);
 	}
 
-int EVP_PKEY_copy_parameters(to,from)
-EVP_PKEY *to,*from;
+int EVP_PKEY_copy_parameters(EVP_PKEY *to, EVP_PKEY *from)
 	{
 	if (to->type != from->type)
 		{
@@ -156,8 +145,7 @@ err:
 	return(0);
 	}
 
-int EVP_PKEY_missing_parameters(pkey)
-EVP_PKEY *pkey;
+int EVP_PKEY_missing_parameters(EVP_PKEY *pkey)
 	{
 #ifndef NO_DSA
 	if (pkey->type == EVP_PKEY_DSA)
@@ -172,8 +160,7 @@ EVP_PKEY *pkey;
 	return(0);
 	}
 
-int EVP_PKEY_cmp_parameters(a,b)
-EVP_PKEY *a,*b;
+int EVP_PKEY_cmp_parameters(EVP_PKEY *a, EVP_PKEY *b)
 	{
 #ifndef NO_DSA
 	if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA))
@@ -189,7 +176,7 @@ EVP_PKEY *a,*b;
 	return(-1);
 	}
 
-EVP_PKEY *EVP_PKEY_new()
+EVP_PKEY *EVP_PKEY_new(void)
 	{
 	EVP_PKEY *ret;
 
@@ -207,10 +194,7 @@ EVP_PKEY *EVP_PKEY_new()
 	return(ret);
 	}
 
-int EVP_PKEY_assign(pkey,type,key)
-EVP_PKEY *pkey;
-int type;
-char *key;
+int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key)
 	{
 	if (pkey == NULL) return(0);
 	if (pkey->pkey.ptr != NULL)
@@ -221,8 +205,7 @@ char *key;
 	return(1);
 	}
 
-int EVP_PKEY_type(type)
-int type;
+int EVP_PKEY_type(int type)
 	{
 	switch (type)
 		{
@@ -242,8 +225,7 @@ int type;
 		}
 	}
 
-void EVP_PKEY_free(x)
-EVP_PKEY *x;
+void EVP_PKEY_free(EVP_PKEY *x)
 	{
 	int i;
 
@@ -265,8 +247,7 @@ EVP_PKEY *x;
 	Free((char *)x);
 	}
 
-static void EVP_PKEY_free_it(x)
-EVP_PKEY *x;
+static void EVP_PKEY_free_it(EVP_PKEY *x)
 	{
 	switch (x->type)
 		{
diff --git a/lib/libssl/src/crypto/evp/p_open.c b/lib/libssl/src/crypto/evp/p_open.c
index 28a8e022524..ddb9fd6942d 100644
--- a/lib/libssl/src/crypto/evp/p_open.c
+++ b/lib/libssl/src/crypto/evp/p_open.c
@@ -56,19 +56,15 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_RSA
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
-int EVP_OpenInit(ctx,type,ek,ekl,iv,priv)
-EVP_CIPHER_CTX *ctx;
-EVP_CIPHER *type;
-unsigned char *ek;
-int ekl;
-unsigned char *iv;
-EVP_PKEY *priv;
+int EVP_OpenInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char *ek,
+	     int ekl, unsigned char *iv, EVP_PKEY *priv)
 	{
 	unsigned char *key=NULL;
 	int i,size=0,ret=0;
@@ -106,10 +102,7 @@ err:
 	return(ret);
 	}
 
-int EVP_OpenFinal(ctx,out,outl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-int *outl;
+int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 	{
 	int i;
 
@@ -117,3 +110,4 @@ int *outl;
 	EVP_DecryptInit(ctx,NULL,NULL,NULL);
 	return(i);
 	}
+#endif
diff --git a/lib/libssl/src/crypto/evp/p_seal.c b/lib/libssl/src/crypto/evp/p_seal.c
index 09a408de35b..09b46f4b0e1 100644
--- a/lib/libssl/src/crypto/evp/p_seal.c
+++ b/lib/libssl/src/crypto/evp/p_seal.c
@@ -58,20 +58,16 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "rand.h"
-#include "rsa.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/rand.h>
+#ifndef NO_RSA
+#include <openssl/rsa.h>
+#endif
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
-int EVP_SealInit(ctx,type,ek,ekl,iv,pubk,npubk)
-EVP_CIPHER_CTX *ctx;
-EVP_CIPHER *type;
-unsigned char **ek;
-int *ekl;
-unsigned char *iv;
-EVP_PKEY **pubk;
-int npubk;
+int EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek,
+	     int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk)
 	{
 	unsigned char key[EVP_MAX_KEY_LENGTH];
 	int i;
@@ -105,10 +101,7 @@ int inl;
 	}
 */
 
-void EVP_SealFinal(ctx,out,outl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-int *outl;
+void EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 	{
 	EVP_EncryptFinal(ctx,out,outl);
 	EVP_EncryptInit(ctx,NULL,NULL,NULL);
diff --git a/lib/libssl/src/crypto/evp/p_sign.c b/lib/libssl/src/crypto/evp/p_sign.c
index 073270ce315..1fa32ac17e2 100644
--- a/lib/libssl/src/crypto/evp/p_sign.c
+++ b/lib/libssl/src/crypto/evp/p_sign.c
@@ -58,32 +58,25 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
 #ifdef undef
-void EVP_SignInit(ctx,type)
-EVP_MD_CTX *ctx;
-EVP_MD *type;
+void EVP_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
 	{
 	EVP_DigestInit(ctx,type);
 	}
 
-void EVP_SignUpdate(ctx,data,count)
-EVP_MD_CTX *ctx;
-unsigned char *data;
-unsigned int count;
+void EVP_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data,
+	     unsigned int count)
 	{
 	EVP_DigestUpdate(ctx,data,count);
 	}
 #endif
 
-int EVP_SignFinal(ctx,sigret,siglen,pkey)
-EVP_MD_CTX *ctx;
-unsigned char *sigret;
-unsigned int *siglen;
-EVP_PKEY *pkey;
+int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
+	     EVP_PKEY *pkey)
 	{
 	unsigned char m[EVP_MAX_MD_SIZE];
 	unsigned int m_len;
@@ -91,7 +84,7 @@ EVP_PKEY *pkey;
 	MS_STATIC EVP_MD_CTX tmp_ctx;
 
 	*siglen=0;
-	memcpy(&tmp_ctx,ctx,sizeof(EVP_MD_CTX));
+	EVP_MD_CTX_copy(&tmp_ctx,ctx);   
 	EVP_DigestFinal(&tmp_ctx,&(m[0]),&m_len);
 	for (i=0; i<4; i++)
 		{
diff --git a/lib/libssl/src/crypto/evp/p_verify.c b/lib/libssl/src/crypto/evp/p_verify.c
index 8d727d8f02d..dcb54f3abb8 100644
--- a/lib/libssl/src/crypto/evp/p_verify.c
+++ b/lib/libssl/src/crypto/evp/p_verify.c
@@ -58,15 +58,12 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
-int EVP_VerifyFinal(ctx,sigbuf,siglen,pkey)
-EVP_MD_CTX *ctx;
-unsigned char *sigbuf;
-unsigned int siglen;
-EVP_PKEY *pkey;
+int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf,
+	     unsigned int siglen, EVP_PKEY *pkey)
 	{
 	unsigned char m[EVP_MAX_MD_SIZE];
 	unsigned int m_len;
@@ -88,7 +85,7 @@ EVP_PKEY *pkey;
 		EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE);
 		return(-1);
 		}
-	memcpy(&tmp_ctx,ctx,sizeof(EVP_MD_CTX));
+	EVP_MD_CTX_copy(&tmp_ctx,ctx);     
 	EVP_DigestFinal(&tmp_ctx,&(m[0]),&m_len);
         if (ctx->digest->verify == NULL)
                 {
diff --git a/lib/libssl/src/crypto/ex_data.c b/lib/libssl/src/crypto/ex_data.c
index c858b518ffa..176574766b8 100644
--- a/lib/libssl/src/crypto/ex_data.c
+++ b/lib/libssl/src/crypto/ex_data.c
@@ -58,34 +58,30 @@
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "buffer.h"
-#include "bio.h"
-#include "lhash.h"
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
+#include <openssl/lhash.h>
 #include "cryptlib.h"
 
-int CRYPTO_get_ex_new_index(idx,skp,argl,argp,new_func,dup_func,free_func)
-int idx;
-STACK **skp;
-long argl;
-char *argp;
-int (*new_func)();
-int (*dup_func)();
-void (*free_func)();
+int CRYPTO_get_ex_new_index(int idx, STACK **skp, long argl, char *argp,
+	     int (*new_func)(), int (*dup_func)(), void (*free_func)())
 	{
+	int ret= -1;
 	CRYPTO_EX_DATA_FUNCS *a;
 
+	MemCheck_off();
 	if (*skp == NULL)
 		*skp=sk_new_null();
 	if (*skp == NULL)
 		{
 		CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX,ERR_R_MALLOC_FAILURE);
-		return(-1);
+		goto err;
 		}
 	a=(CRYPTO_EX_DATA_FUNCS *)Malloc(sizeof(CRYPTO_EX_DATA_FUNCS));
 	if (a == NULL)
 		{
 		CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX,ERR_R_MALLOC_FAILURE);
-		return(-1);
+		goto err;
 		}
 	a->argl=argl;
 	a->argp=argp;
@@ -98,17 +94,17 @@ void (*free_func)();
 			{
 			CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX,ERR_R_MALLOC_FAILURE);
 			Free(a);
-			return(-1);
+			goto err;
 			}
 		}
-	sk_value(*skp,idx)=(char *)a;
+	sk_set(*skp,idx, (char *)a);
+	ret=idx;
+err:
+	MemCheck_on();
 	return(idx);
 	}
 
-int CRYPTO_set_ex_data(ad,idx,val)
-CRYPTO_EX_DATA *ad;
-int idx;
-char *val;
+int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, char *val)
 	{
 	int i;
 
@@ -131,13 +127,11 @@ char *val;
 			}
 		i++;
 		}
-	sk_value(ad->sk,idx)=val;
+	sk_set(ad->sk,idx,val);
 	return(1);
 	}
 
-char *CRYPTO_get_ex_data(ad,idx)
-CRYPTO_EX_DATA *ad;
-int idx;
+char *CRYPTO_get_ex_data(CRYPTO_EX_DATA *ad, int idx)
 	{
 	if (ad->sk == NULL)
 		return(0);
@@ -147,13 +141,12 @@ int idx;
 		return(sk_value(ad->sk,idx));
 	}
 
-/* The callback is called with the 'object', which is the origional data object
+/* The callback is called with the 'object', which is the original data object
  * being duplicated, a pointer to the
  * 'new' object to be inserted, the index, and the argi/argp
  */
-int CRYPTO_dup_ex_data(meth,to,from)
-STACK *meth;
-CRYPTO_EX_DATA *to,*from;
+int CRYPTO_dup_ex_data(STACK *meth, CRYPTO_EX_DATA *to,
+	     CRYPTO_EX_DATA *from)
 	{
 	int i,j,m,r;
 	CRYPTO_EX_DATA_FUNCS *mm;
@@ -179,10 +172,7 @@ CRYPTO_EX_DATA *to,*from;
 	}
 
 /* Call each free callback */
-void CRYPTO_free_ex_data(meth,obj,ad)
-STACK *meth;
-char *obj;
-CRYPTO_EX_DATA *ad;
+void CRYPTO_free_ex_data(STACK *meth, char *obj, CRYPTO_EX_DATA *ad)
 	{
 	CRYPTO_EX_DATA_FUNCS *m;
 	char *ptr;
@@ -208,10 +198,7 @@ CRYPTO_EX_DATA *ad;
 		}
 	}
 
-void CRYPTO_new_ex_data(meth,obj,ad)
-STACK *meth;
-char *obj;
-CRYPTO_EX_DATA *ad;
+void CRYPTO_new_ex_data(STACK *meth, char *obj, CRYPTO_EX_DATA *ad)
 	{
 	CRYPTO_EX_DATA_FUNCS *m;
 	char *ptr;
diff --git a/lib/libssl/src/crypto/hmac/Makefile.ssl b/lib/libssl/src/crypto/hmac/Makefile.ssl
index 7a042b72616..4f5512877e5 100644
--- a/lib/libssl/src/crypto/hmac/Makefile.ssl
+++ b/lib/libssl/src/crypto/hmac/Makefile.ssl
@@ -7,9 +7,11 @@ TOP=	../..
 CC=	cc
 INCLUDES=
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -37,24 +39,23 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -66,15 +67,28 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+hmac.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hmac.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+hmac.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+hmac.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+hmac.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+hmac.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h
+hmac.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+hmac.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hmac.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+hmac.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+hmac.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+hmac.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+hmac.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+hmac.o: ../../include/openssl/stack.h
diff --git a/lib/libssl/src/crypto/hmac/hmac.c b/lib/libssl/src/crypto/hmac/hmac.c
index fb091299633..5c349bbb56e 100644
--- a/lib/libssl/src/crypto/hmac/hmac.c
+++ b/lib/libssl/src/crypto/hmac/hmac.c
@@ -58,13 +58,10 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include "hmac.h"
+#include <openssl/hmac.h>
 
-void HMAC_Init(ctx,key,len,md)
-HMAC_CTX *ctx;
-unsigned char *key;
-int len;
-EVP_MD *md;
+void HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
+	       const EVP_MD *md)
 	{
 	int i,j,reset=0;
 	unsigned char pad[HMAC_MAX_MD_CBLOCK];
@@ -112,18 +109,12 @@ EVP_MD *md;
 	memcpy(&ctx->md_ctx,&ctx->i_ctx,sizeof(ctx->i_ctx));
 	}
 
-void HMAC_Update(ctx,data,len)
-HMAC_CTX *ctx;
-unsigned char *data;
-int len;
+void HMAC_Update(HMAC_CTX *ctx, unsigned char *data, int len)
 	{
 	EVP_DigestUpdate(&(ctx->md_ctx),data,len);
 	}
 
-void HMAC_Final(ctx,md,len)
-HMAC_CTX *ctx;
-unsigned char *md;
-unsigned int *len;
+void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
 	{
 	int j;
 	unsigned int i;
@@ -137,20 +128,14 @@ unsigned int *len;
 	EVP_DigestFinal(&(ctx->md_ctx),md,len);
 	}
 
-void HMAC_cleanup(ctx)
-HMAC_CTX *ctx;
+void HMAC_cleanup(HMAC_CTX *ctx)
 	{
 	memset(ctx,0,sizeof(HMAC_CTX));
 	}
 
-unsigned char *HMAC(evp_md,key,key_len,d,n,md,md_len)
-EVP_MD *evp_md;
-unsigned char *key;
-int key_len;
-unsigned char *d;
-int n;
-unsigned char *md;
-unsigned int *md_len;
+unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
+		    unsigned char *d, int n, unsigned char *md,
+		    unsigned int *md_len)
 	{
 	HMAC_CTX c;
 	static unsigned char m[EVP_MAX_MD_SIZE];
diff --git a/lib/libssl/src/crypto/hmac/hmac.h b/lib/libssl/src/crypto/hmac/hmac.h
index e6b43f52c48..f928975fcdc 100644
--- a/lib/libssl/src/crypto/hmac/hmac.h
+++ b/lib/libssl/src/crypto/hmac/hmac.h
@@ -62,13 +62,17 @@
 extern "C" {
 #endif
 
-#include "evp.h"
+#ifdef NO_HMAC
+#error HMAC is disabled.
+#endif
+
+#include <openssl/evp.h>
 
 #define HMAC_MAX_MD_CBLOCK	64
 
 typedef struct hmac_ctx_st
 	{
-	EVP_MD *md;
+	const EVP_MD *md;
 	EVP_MD_CTX md_ctx;
 	EVP_MD_CTX i_ctx;
 	EVP_MD_CTX o_ctx;
@@ -78,26 +82,16 @@ typedef struct hmac_ctx_st
 
 #define HMAC_size(e)	(EVP_MD_size((e)->md))
 
-#ifndef NOPROTO
 
-void HMAC_Init(HMAC_CTX *ctx, unsigned char *key, int len,
-	EVP_MD *md);
+void HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
+	       const EVP_MD *md);
 void HMAC_Update(HMAC_CTX *ctx,unsigned char *key, int len);
 void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
 void HMAC_cleanup(HMAC_CTX *ctx);
-unsigned char *HMAC(EVP_MD *evp_md, unsigned char *key, int key_len,
-	unsigned char *d, int n, unsigned char *md, unsigned int *md_len);
-
+unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
+		    unsigned char *d, int n, unsigned char *md,
+		    unsigned int *md_len);
 
-#else
-
-void HMAC_Init();
-void HMAC_Update();
-void HMAC_Final();
-void HMAC_cleanup();
-unsigned char *HMAC();
-
-#endif
 
 #ifdef  __cplusplus
 }
diff --git a/lib/libssl/src/crypto/hmac/hmactest.c b/lib/libssl/src/crypto/hmac/hmactest.c
index 5938e375dcb..9a67dff36a2 100644
--- a/lib/libssl/src/crypto/hmac/hmactest.c
+++ b/lib/libssl/src/crypto/hmac/hmactest.c
@@ -59,7 +59,19 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#include "hmac.h"
+
+#ifdef NO_HMAC
+int main(int argc, char *argv[])
+{
+    printf("No HMAC support\n");
+    return(0);
+}
+#else
+#include <openssl/hmac.h>
+
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
 
 struct test_st
 	{
@@ -102,19 +114,19 @@ struct test_st
 	};
 
 
-#ifndef NOPROTO
 static char *pt(unsigned char *md);
-#else
-static char *pt();
-#endif
-
-int main(argc,argv)
-int argc;
-char *argv[];
+int main(int argc, char *argv[])
 	{
 	int i,err=0;
 	char *p;
 
+#ifdef CHARSET_EBCDIC
+	ebcdic2ascii(test[0].data, test[0].data, test[0].data_len);
+	ebcdic2ascii(test[1].data, test[1].data, test[1].data_len);
+	ebcdic2ascii(test[2].key,  test[2].key,  test[2].key_len);
+	ebcdic2ascii(test[2].data, test[2].data, test[2].data_len);
+#endif
+
 	for (i=0; i<4; i++)
 		{
 		p=pt(HMAC(EVP_md5(),
@@ -135,8 +147,7 @@ char *argv[];
 	return(0);
 	}
 
-static char *pt(md)
-unsigned char *md;
+static char *pt(unsigned char *md)
 	{
 	int i;
 	static char buf[80];
@@ -145,3 +156,4 @@ unsigned char *md;
 		sprintf(&(buf[i*2]),"%02x",md[i]);
 	return(buf);
 	}
+#endif
diff --git a/lib/libssl/src/crypto/idea/Makefile.ssl b/lib/libssl/src/crypto/idea/Makefile.ssl
index 41b42ce03b1..3bd3e53ef4f 100644
--- a/lib/libssl/src/crypto/idea/Makefile.ssl
+++ b/lib/libssl/src/crypto/idea/Makefile.ssl
@@ -7,9 +7,11 @@ TOP=	../..
 CC=	cc
 INCLUDES=
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -37,24 +39,23 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -66,15 +67,24 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+i_cbc.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_cbc.o: idea_lcl.h
+i_cfb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_cfb64.o: idea_lcl.h
+i_ecb.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_ecb.o: ../../include/openssl/opensslv.h idea_lcl.h
+i_ofb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_ofb64.o: idea_lcl.h
+i_skey.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_skey.o: idea_lcl.h
diff --git a/lib/libssl/src/crypto/rc4/rc4_locl.org b/lib/libssl/src/crypto/idea/idea.h
index 1ef4455fb77..ae32f5692e5 100644
--- a/lib/libssl/src/crypto/rc4/rc4_locl.org
+++ b/lib/libssl/src/crypto/idea/idea.h
@@ -1,4 +1,4 @@
-/* crypto/rc4/rc4_locl.org */
+/* crypto/idea/idea.h */
 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,15 +56,44 @@
  * [including the GNU Public Licence.]
  */
 
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- *
- * Always modify bf_locl.org since bf_locl.h is automatically generated from
- * it during SSLeay configuration.
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
+#ifndef HEADER_IDEA_H
+#define HEADER_IDEA_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef NO_IDEA
+#error IDEA is disabled.
+#endif
+
+#define IDEA_ENCRYPT	1
+#define IDEA_DECRYPT	0
+
+#include <openssl/opensslconf.h> /* IDEA_INT */
+#define IDEA_BLOCK	8
+#define IDEA_KEY_LENGTH	16
+
+typedef struct idea_key_st
+	{
+	IDEA_INT data[9][6];
+	} IDEA_KEY_SCHEDULE;
 
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#undef RC4_INDEX
+const char *idea_options(void);
+void idea_ecb_encrypt(unsigned char *in, unsigned char *out,
+	IDEA_KEY_SCHEDULE *ks);
+void idea_set_encrypt_key(unsigned char *key, IDEA_KEY_SCHEDULE *ks);
+void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
+void idea_cbc_encrypt(unsigned char *in, unsigned char *out,
+	long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,int enc);
+void idea_cfb64_encrypt(unsigned char *in, unsigned char *out,
+	long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
+	int *num,int enc);
+void idea_ofb64_encrypt(unsigned char *in, unsigned char *out,
+	long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, int *num);
+void idea_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks);
+#ifdef  __cplusplus
+}
+#endif
 
+#endif
diff --git a/lib/libssl/src/crypto/install.com b/lib/libssl/src/crypto/install.com
new file mode 100644
index 00000000000..b75d1b44b24
--- /dev/null
+++ b/lib/libssl/src/crypto/install.com
@@ -0,0 +1,128 @@
+$! INSTALL.COM -- Installs the files in a given directory tree
+$!
+$! Author: Richard Levitte <richard@levitte.org>
+$! Time of creation: 22-MAY-1998 10:13
+$!
+$! P1	root of the directory tree
+$!
+$	IF P1 .EQS. ""
+$	THEN
+$	    WRITE SYS$OUTPUT "First argument missing."
+$	    WRITE SYS$OUTPUT "Should be the directory where you want things installed."
+$	    EXIT
+$	ENDIF
+$
+$	ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
+$	ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
+$	ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
+		   - "[000000." - "][" - "[" - "]"
+$	ROOT = ROOT_DEV + "[" + ROOT_DIR
+$
+$	DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
+$	DEFINE/NOLOG WRK_SSLVLIB WRK_SSLROOT:[VAX_LIB]
+$	DEFINE/NOLOG WRK_SSLALIB WRK_SSLROOT:[ALPHA_LIB]
+$	DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE]
+$
+$	IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLROOT:[000000]
+$	IF F$PARSE("WRK_SSLVLIB:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLVLIB:
+$	IF F$PARSE("WRK_SSLALIB:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLALIB:
+$	IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLINCLUDE:
+$
+$	SDIRS := ,MD2,MD5,SHA,MDC2,HMAC,RIPEMD,-
+		 DES,RC2,RC4,RC5,IDEA,BF,CAST,-
+		 BN,RSA,DSA,DH,-
+		 BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,-
+		 EVP,ASN1,PEM,X509,X509V3,-
+		 CONF,TXT_DB,PKCS7,PKCS12,COMP
+$	EXHEADER_ := crypto.h,tmdiff.h,opensslv.h,opensslconf.h,ebcdic.h
+$	EXHEADER_MD2 := md2.h
+$	EXHEADER_MD5 := md5.h
+$	EXHEADER_SHA := sha.h
+$	EXHEADER_MDC2 := mdc2.h
+$	EXHEADER_HMAC := hmac.h
+$	EXHEADER_RIPEMD := ripemd.h
+$	EXHEADER_DES := des.h
+$	EXHEADER_RC2 := rc2.h
+$	EXHEADER_RC4 := rc4.h
+$	EXHEADER_RC5 := rc5.h
+$	EXHEADER_IDEA := idea.h
+$	EXHEADER_BF := blowfish.h
+$	EXHEADER_CAST := cast.h
+$	EXHEADER_BN := bn.h
+$	EXHEADER_RSA := rsa.h
+$	EXHEADER_DSA := dsa.h
+$	EXHEADER_DH := dh.h
+$	EXHEADER_BUFFER := buffer.h
+$	EXHEADER_BIO := bio.h
+$	EXHEADER_STACK := stack.h,safestack.h
+$	EXHEADER_LHASH := lhash.h
+$	EXHEADER_RAND := rand.h
+$	EXHEADER_ERR := err.h
+$	EXHEADER_OBJECTS := objects.h
+$	EXHEADER_EVP := evp.h
+$	EXHEADER_ASN1 := asn1.h,asn1_mac.h
+$	EXHEADER_PEM := pem.h,pem2.h
+$	EXHEADER_X509 := x509.h,x509_vfy.h
+$	EXHEADER_X509V3 := x509v3.h
+$	EXHEADER_CONF := conf.h
+$	EXHEADER_TXT_DB := txt_db.h
+$	EXHEADER_PKCS7 := pkcs7.h
+$	EXHEADER_PKCS12 := pkcs12.h
+$	EXHEADER_COMP := comp.h
+$	LIBS := LIBCRYPTO
+$
+$	VEXE_DIR := [-.VAX.EXE.CRYPTO]
+$	AEXE_DIR := [-.AXP.EXE.CRYPTO]
+$
+$	I = 0
+$ LOOP_SDIRS: 
+$	D = F$EDIT(F$ELEMENT(I, ",", SDIRS),"TRIM")
+$	I = I + 1
+$	IF D .EQS. "," THEN GOTO LOOP_SDIRS_END
+$	tmp = EXHEADER_'D'
+$	IF D .EQS. ""
+$	THEN
+$	  COPY 'tmp' WRK_SSLINCLUDE: /LOG
+$	ELSE
+$	  COPY [.'D']'tmp' WRK_SSLINCLUDE: /LOG
+$	ENDIF
+$	GOTO LOOP_SDIRS
+$ LOOP_SDIRS_END:
+$
+$	I = 0
+$ LOOP_LIB: 
+$	E = F$EDIT(F$ELEMENT(I, ",", LIBS),"TRIM")
+$	I = I + 1
+$	IF E .EQS. "," THEN GOTO LOOP_LIB_END
+$	SET NOON
+$	IF F$SEARCH(VEXE_DIR+E+".OLB") .NES. ""
+$	THEN
+$	  COPY 'VEXE_DIR''E'.OLB WRK_SSLVLIB:'E'.OLB/log
+$	  SET FILE/PROT=W:RE WRK_SSLVLIB:'E'.OLB
+$	ENDIF
+$	! Preparing for the time when we have shareable images
+$	IF F$SEARCH(VEXE_DIR+E+".EXE") .NES. ""
+$	THEN
+$	  COPY 'VEXE_DIR''E'.EXE WRK_SSLVLIB:'E'.EXE/log
+$	  SET FILE/PROT=W:RE WRK_SSLVLIB:'E'.EXE
+$	ENDIF
+$	IF F$SEARCH(AEXE_DIR+E+".OLB") .NES. ""
+$	THEN
+$	  COPY 'AEXE_DIR''E'.OLB WRK_SSLALIB:'E'.OLB/log
+$	  SET FILE/PROT=W:RE WRK_SSLALIB:'E'.OLB
+$	ENDIF
+$	! Preparing for the time when we have shareable images
+$	IF F$SEARCH(AEXE_DIR+E+".EXE") .NES. ""
+$	THEN
+$	  COPY 'AEXE_DIR''E'.EXE WRK_SSLALIB:'E'.EXE/log
+$	  SET FILE/PROT=W:RE WRK_SSLALIB:'E'.EXE
+$	ENDIF
+$	SET ON
+$	GOTO LOOP_LIB
+$ LOOP_LIB_END:
+$
+$	EXIT
diff --git a/lib/libssl/src/crypto/lhash/Makefile.ssl b/lib/libssl/src/crypto/lhash/Makefile.ssl
index cb08547b4fc..cc9ff46b048 100644
--- a/lib/libssl/src/crypto/lhash/Makefile.ssl
+++ b/lib/libssl/src/crypto/lhash/Makefile.ssl
@@ -7,9 +7,11 @@ TOP=	../..
 CC=	cc
 INCLUDES=
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -37,24 +39,23 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -66,15 +67,22 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+lh_stats.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+lh_stats.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+lh_stats.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+lh_stats.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+lh_stats.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+lh_stats.o: ../cryptlib.h
+lhash.o: ../../include/openssl/crypto.h ../../include/openssl/lhash.h
+lhash.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
diff --git a/lib/libssl/src/crypto/lhash/lh_stats.c b/lib/libssl/src/crypto/lhash/lh_stats.c
index 23fe82f7778..80b931c12b7 100644
--- a/lib/libssl/src/crypto/lhash/lh_stats.c
+++ b/lib/libssl/src/crypto/lhash/lh_stats.c
@@ -63,13 +63,11 @@
  * and things should work as expected */
 #include "cryptlib.h"
 
-#include "lhash.h"
+#include <openssl/lhash.h>
 
 #ifndef HEADER_BIO_H
 
-void lh_stats(lh, out)
-LHASH *lh;
-FILE *out;
+void lh_stats(LHASH *lh, FILE *out)
 	{
 	fprintf(out,"num_items             = %lu\n",lh->num_items);
 	fprintf(out,"num_nodes             = %u\n",lh->num_nodes);
@@ -95,9 +93,7 @@ FILE *out;
 #endif
 	}
 
-void lh_node_stats(lh, out)
-LHASH *lh;
-FILE *out;
+void lh_node_stats(LHASH *lh, FILE *out)
 	{
 	LHASH_NODE *n;
 	unsigned int i,num;
@@ -110,9 +106,7 @@ FILE *out;
 		}
 	}
 
-void lh_node_usage_stats(lh, out)
-LHASH *lh;
-FILE *out;
+void lh_node_usage_stats(LHASH *lh, FILE *out)
 	{
 	LHASH_NODE *n;
 	unsigned long num;
@@ -142,9 +136,7 @@ FILE *out;
 #else
 
 #ifndef NO_FP_API
-void lh_stats(lh,fp)
-LHASH *lh;
-FILE *fp;
+void lh_stats(LHASH *lh, FILE *fp)
 	{
 	BIO *bp;
 
@@ -156,9 +148,7 @@ FILE *fp;
 end:;
 	}
 
-void lh_node_stats(lh,fp)
-LHASH *lh;
-FILE *fp;
+void lh_node_stats(LHASH *lh, FILE *fp)
 	{
 	BIO *bp;
 
@@ -170,9 +160,7 @@ FILE *fp;
 end:;
 	}
 
-void lh_node_usage_stats(lh,fp)
-LHASH *lh;
-FILE *fp;
+void lh_node_usage_stats(LHASH *lh, FILE *fp)
 	{
 	BIO *bp;
 
@@ -186,9 +174,7 @@ end:;
 
 #endif
 
-void lh_stats_bio(lh, out)
-LHASH *lh;
-BIO *out;
+void lh_stats_bio(LHASH *lh, BIO *out)
 	{
 	char buf[128];
 
@@ -236,9 +222,7 @@ BIO *out;
 #endif
 	}
 
-void lh_node_stats_bio(lh, out)
-LHASH *lh;
-BIO *out;
+void lh_node_stats_bio(LHASH *lh, BIO *out)
 	{
 	LHASH_NODE *n;
 	unsigned int i,num;
@@ -253,9 +237,7 @@ BIO *out;
 		}
 	}
 
-void lh_node_usage_stats_bio(lh, out)
-LHASH *lh;
-BIO *out;
+void lh_node_usage_stats_bio(LHASH *lh, BIO *out)
 	{
 	LHASH_NODE *n;
 	unsigned long num;
diff --git a/lib/libssl/src/crypto/lhash/lh_test.c b/lib/libssl/src/crypto/lhash/lh_test.c
index 294b42bc829..08138b52c31 100644
--- a/lib/libssl/src/crypto/lhash/lh_test.c
+++ b/lib/libssl/src/crypto/lhash/lh_test.c
@@ -59,7 +59,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include "lhash.h"
+#include <openssl/lhash.h>
 
 main()
 	{
diff --git a/lib/libssl/src/crypto/lhash/lhash.c b/lib/libssl/src/crypto/lhash/lhash.c
index 6dfb5c9ccc8..801322beb64 100644
--- a/lib/libssl/src/crypto/lhash/lhash.c
+++ b/lib/libssl/src/crypto/lhash/lhash.c
@@ -56,11 +56,14 @@
  * [including the GNU Public Licence.]
  */
 
-char *lh_version="lhash part of SSLeay 0.9.0b 29-Jun-1998";
-
 /* Code for dynamic hash table routines
  * Author - Eric Young v 2.0
  *
+ * 2.2 eay - added #include "crypto.h" so the memory leak checking code is
+ *	     present. eay 18-Jun-98
+ *
+ * 2.1 eay - Added an 'error in last operation' flag. eay 6-May-98
+ *
  * 2.0 eay - Fixed a bug that occured when using lh_delete
  *	     from inside lh_doall().  As entries were deleted,
  *	     the 'table' was 'contract()ed', making some entries
@@ -94,14 +97,16 @@ char *lh_version="lhash part of SSLeay 0.9.0b 29-Jun-1998";
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#include "lhash.h"
+#include <openssl/crypto.h>
+#include <openssl/lhash.h>
+
+const char *lh_version="lhash" OPENSSL_VERSION_PTEXT;
 
 #undef MIN_NODES 
 #define MIN_NODES	16
 #define UP_LOAD		(2*LH_LOAD_MULT) /* load times 256  (default 2) */
 #define DOWN_LOAD	(LH_LOAD_MULT)   /* load times 256  (default 1) */
 
-#ifndef NOPROTO
 
 #define P_CP	char *
 #define P_CPP	char *,char *
@@ -109,26 +114,14 @@ static void expand(LHASH *lh);
 static void contract(LHASH *lh);
 static LHASH_NODE **getrn(LHASH *lh, char *data, unsigned long *rhash);
 
-#else
-
-#define	P_CP
-#define P_CPP
-static void expand();
-static void contract();
-static LHASH_NODE **getrn();
-
-#endif
-
-LHASH *lh_new(h, c)
-unsigned long (*h)();
-int (*c)();
+LHASH *lh_new(unsigned long (*h)(), int (*c)())
 	{
 	LHASH *ret;
 	int i;
 
-	if ((ret=(LHASH *)malloc(sizeof(LHASH))) == NULL)
+	if ((ret=(LHASH *)Malloc(sizeof(LHASH))) == NULL)
 		goto err0;
-	if ((ret->b=(LHASH_NODE **)malloc(sizeof(LHASH_NODE *)*MIN_NODES)) == NULL)
+	if ((ret->b=(LHASH_NODE **)Malloc(sizeof(LHASH_NODE *)*MIN_NODES)) == NULL)
 		goto err1;
 	for (i=0; i<MIN_NODES; i++)
 		ret->b[i]=NULL;
@@ -156,41 +149,43 @@ int (*c)();
 	ret->num_retrieve_miss=0;
 	ret->num_hash_comps=0;
 
+	ret->error=0;
 	return(ret);
 err1:
-	free((char *)ret);
+	Free((char *)ret);
 err0:
 	return(NULL);
 	}
 
-void lh_free(lh)
-LHASH *lh;
+void lh_free(LHASH *lh)
 	{
 	unsigned int i;
 	LHASH_NODE *n,*nn;
 
+	if(lh == NULL)
+	    return;
+
 	for (i=0; i<lh->num_nodes; i++)
 		{
 		n=lh->b[i];
 		while (n != NULL)
 			{
 			nn=n->next;
-			free(n);
+			Free(n);
 			n=nn;
 			}
 		}
-	free((char *)lh->b);
-	free((char *)lh);
+	Free((char *)lh->b);
+	Free((char *)lh);
 	}
 
-char *lh_insert(lh, data)
-LHASH *lh;
-char *data;
+char *lh_insert(LHASH *lh, char *data)
 	{
 	unsigned long hash;
 	LHASH_NODE *nn,**rn;
 	char *ret;
 
+	lh->error=0;
 	if (lh->up_load <= (lh->num_items*LH_LOAD_MULT/lh->num_nodes))
 		expand(lh);
 
@@ -198,8 +193,11 @@ char *data;
 
 	if (*rn == NULL)
 		{
-		if ((nn=(LHASH_NODE *)malloc(sizeof(LHASH_NODE))) == NULL)
+		if ((nn=(LHASH_NODE *)Malloc(sizeof(LHASH_NODE))) == NULL)
+			{
+			lh->error++;
 			return(NULL);
+			}
 		nn->data=data;
 		nn->next=NULL;
 #ifndef NO_HASH_COMP
@@ -219,14 +217,13 @@ char *data;
 	return(ret);
 	}
 
-char *lh_delete(lh, data)
-LHASH *lh;
-char *data;
+char *lh_delete(LHASH *lh, char *data)
 	{
 	unsigned long hash;
 	LHASH_NODE *nn,**rn;
 	char *ret;
 
+	lh->error=0;
 	rn=getrn(lh,data,&hash);
 
 	if (*rn == NULL)
@@ -239,7 +236,7 @@ char *data;
 		nn= *rn;
 		*rn=nn->next;
 		ret=nn->data;
-		free((char *)nn);
+		Free((char *)nn);
 		lh->num_delete++;
 		}
 
@@ -251,14 +248,13 @@ char *data;
 	return(ret);
 	}
 
-char *lh_retrieve(lh, data)
-LHASH *lh;
-char *data;
+char *lh_retrieve(LHASH *lh, char *data)
 	{
 	unsigned long hash;
 	LHASH_NODE **rn;
 	char *ret;
 
+	lh->error=0;
 	rn=getrn(lh,data,&hash);
 
 	if (*rn == NULL)
@@ -274,17 +270,12 @@ char *data;
 	return(ret);
 	}
 
-void lh_doall(lh, func)
-LHASH *lh;
-void (*func)();
+void lh_doall(LHASH *lh, void (*func)())
 	{
 	lh_doall_arg(lh,func,NULL);
 	}
 
-void lh_doall_arg(lh, func, arg)
-LHASH *lh;
-void (*func)();
-char *arg;
+void lh_doall_arg(LHASH *lh, void (*func)(), char *arg)
 	{
 	int i;
 	LHASH_NODE *a,*n;
@@ -305,8 +296,7 @@ char *arg;
 		}
 	}
 
-static void expand(lh)
-LHASH *lh;
+static void expand(LHASH *lh)
 	{
 	LHASH_NODE **n,**n1,**n2,*np;
 	unsigned int p,i,j;
@@ -342,11 +332,12 @@ LHASH *lh;
 	if ((lh->p) >= lh->pmax)
 		{
 		j=(int)lh->num_alloc_nodes*2;
-		n=(LHASH_NODE **)realloc((char *)lh->b,
+		n=(LHASH_NODE **)Realloc((char *)lh->b,
 			(unsigned int)sizeof(LHASH_NODE *)*j);
 		if (n == NULL)
 			{
 /*			fputs("realloc error in lhash",stderr); */
+			lh->error++;
 			lh->p=0;
 			return;
 			}
@@ -361,8 +352,7 @@ LHASH *lh;
 		}
 	}
 
-static void contract(lh)
-LHASH *lh;
+static void contract(LHASH *lh)
 	{
 	LHASH_NODE **n,*n1,*np;
 
@@ -370,11 +360,12 @@ LHASH *lh;
 	lh->b[lh->p+lh->pmax-1]=NULL; /* 24/07-92 - eay - weird but :-( */
 	if (lh->p == 0)
 		{
-		n=(LHASH_NODE **)realloc((char *)lh->b,
+		n=(LHASH_NODE **)Realloc((char *)lh->b,
 			(unsigned int)(sizeof(LHASH_NODE *)*lh->pmax));
 		if (n == NULL)
 			{
 /*			fputs("realloc error in lhash",stderr); */
+			lh->error++;
 			return;
 			}
 		lh->num_contract_reallocs++;
@@ -400,10 +391,7 @@ LHASH *lh;
 		}
 	}
 
-static LHASH_NODE **getrn(lh, data, rhash)
-LHASH *lh;
-char *data;
-unsigned long *rhash;
+static LHASH_NODE **getrn(LHASH *lh, char *data, unsigned long *rhash)
 	{
 	LHASH_NODE **ret,*n1;
 	unsigned long hash,nn;
@@ -457,8 +445,7 @@ char *str;
  * no collisions on /usr/dict/words and it distributes on %2^n quite
  * well, not as good as MD5, but still good.
  */
-unsigned long lh_strhash(c)
-char *c;
+unsigned long lh_strhash(const char *c)
 	{
 	unsigned long ret=0;
 	long n;
diff --git a/lib/libssl/src/crypto/lhash/lhash.h b/lib/libssl/src/crypto/lhash/lhash.h
index 70cbc6dfe70..6e5a1fe7085 100644
--- a/lib/libssl/src/crypto/lhash/lhash.h
+++ b/lib/libssl/src/crypto/lhash/lhash.h
@@ -67,6 +67,10 @@
 extern "C" {
 #endif
 
+#ifndef NO_FP_API
+#include <stdio.h>
+#endif
+
 typedef struct lhash_node_st
 	{
 	char *data;
@@ -102,11 +106,16 @@ typedef struct lhash_st
 	unsigned long num_retrieve;
 	unsigned long num_retrieve_miss;
 	unsigned long num_hash_comps;
+
+	int error;
 	} LHASH;
 
 #define LH_LOAD_MULT	256
 
-#ifndef NOPROTO
+/* Indicates a malloc() error in the last call, this is only bad
+ * in lh_insert(). */
+#define lh_error(lh)	((lh)->error)
+
 LHASH *lh_new(unsigned long (*h)(), int (*c)());
 void lh_free(LHASH *lh);
 char *lh_insert(LHASH *lh, char *data);
@@ -114,7 +123,7 @@ char *lh_delete(LHASH *lh, char *data);
 char *lh_retrieve(LHASH *lh, char *data);
 void lh_doall(LHASH *lh, void (*func)(/* char *b */));
 void lh_doall_arg(LHASH *lh, void (*func)(/*char *a,char *b*/),char *arg);
-unsigned long lh_strhash(char *c);
+unsigned long lh_strhash(const char *c);
 
 #ifndef NO_FP_API
 void lh_stats(LHASH *lh, FILE *out);
@@ -127,26 +136,6 @@ void lh_stats_bio(LHASH *lh, BIO *out);
 void lh_node_stats_bio(LHASH *lh, BIO *out);
 void lh_node_usage_stats_bio(LHASH *lh, BIO *out);
 #endif
-#else
-LHASH *lh_new();
-void lh_free();
-char *lh_insert();
-char *lh_delete();
-char *lh_retrieve();
-void lh_doall();
-void lh_doall_arg();
-unsigned long lh_strhash();
-
-#ifndef NO_FP_API
-void lh_stats();
-void lh_node_stats();
-void lh_node_usage_stats();
-#endif
-void lh_stats_bio();
-void lh_node_stats_bio();
-void lh_node_usage_stats_bio();
-#endif
-
 #ifdef  __cplusplus
 }
 #endif
diff --git a/lib/libssl/src/crypto/lhash/num.pl b/lib/libssl/src/crypto/lhash/num.pl
index 4d937c1f903..30fedf9cd5a 100644
--- a/lib/libssl/src/crypto/lhash/num.pl
+++ b/lib/libssl/src/crypto/lhash/num.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 
 #node     10 ->   4
 
diff --git a/lib/libssl/src/crypto/libvms.com b/lib/libssl/src/crypto/libvms.com
deleted file mode 100644
index 44f90c65b05..00000000000
--- a/lib/libssl/src/crypto/libvms.com
+++ /dev/null
@@ -1,31 +0,0 @@
-$!
-$! Compile crypto.c as several subset modules and insert in crypto-xxx.olb.
-$! If P1 is specifed, it specifies alternate list of subsets to compile.
-$!
-$ libname = "CRYPTO-AXP.OLB"
-$ subset_list = "LIB,ASN1,BN,BUFFER,CONF,DES,DH,DSA,ERROR,EVP,IDEA,LHASH,MD," + -
-	"METH,OBJECTS,PEM,RAND,RC,RSA,SHA,STACK,TXT_DB,X509"
-$ if p1 .nes. "" then subset_list = p1
-$!
-$ if f$getsyi("CPU") .lt. 128 then libname = "CRYPTO-VAX.OLB"
-$ if f$search(libname) .eqs. "" then library/create/object/log 'libname'
-$!
-$ cc = "cc/include=[-.include]/prefix=all" + P2
-$!
-$ i = 0
-$ next_subset:
-$    subset = f$element(i,",",subset_list)
-$    if subset .eqs. "," then goto done
-$    i = i + 1
-$    create crypto_'subset'.subset
-#include "crypto.c"
-$    ofile = "sys$disk:[]crypto_" + subset + ".obj"
-$    on warning then goto next_subset
-$    write sys$output "Compiling ", ofile
-$    cc /object='ofile' crypto_'subset'.subset -
-	/define=(CRYPTO_SUBSET,CRYPTO_'subset'_SUBSET)
-$    library/replace/log 'libname'/module=CRYPTO_'subset' 'ofile'
-$    goto next_subset
-$!
-$ done:
-$ exit
diff --git a/lib/libssl/src/crypto/md2/Makefile.ssl b/lib/libssl/src/crypto/md2/Makefile.ssl
index d8e7200c830..67ce450788c 100644
--- a/lib/libssl/src/crypto/md2/Makefile.ssl
+++ b/lib/libssl/src/crypto/md2/Makefile.ssl
@@ -7,9 +7,11 @@ TOP=	../..
 CC=	cc
 INCLUDES=
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -20,7 +22,7 @@ TEST=md2test.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=md2_dgst.c md5_one.c
+LIBSRC=md2_dgst.c md2_one.c
 LIBOBJ=md2_dgst.o md2_one.o
 
 SRC= $(LIBSRC)
@@ -37,24 +39,23 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -66,15 +67,22 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+md2_dgst.o: ../../include/openssl/md2.h ../../include/openssl/opensslconf.h
+md2_dgst.o: ../../include/openssl/opensslv.h
+md2_one.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+md2_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+md2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+md2_one.o: ../../include/openssl/md2.h ../../include/openssl/opensslconf.h
+md2_one.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+md2_one.o: ../cryptlib.h
diff --git a/lib/libssl/src/crypto/md2/md2.c b/lib/libssl/src/crypto/md2/md2.c
index 7f3ab64a431..f4d6f62264b 100644
--- a/lib/libssl/src/crypto/md2/md2.c
+++ b/lib/libssl/src/crypto/md2/md2.c
@@ -58,25 +58,15 @@
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "md2.h"
+#include <openssl/md2.h>
 
 #define BUFSIZE	1024*16
 
-#ifndef NOPROTO
 void do_fp(FILE *f);
 void pt(unsigned char *md);
 int read(int, void *, unsigned int);
 void exit(int);
-#else
-void do_fp();
-void pt();
-int read();
-void exit();
-#endif
-
-int main(argc, argv)
-int argc;
-char *argv[];
+int main(int argc, char *argv[])
 	{
 	int i,err=0;
 	FILE *IN;
@@ -105,8 +95,7 @@ char *argv[];
 	return(err);
 	}
 
-void do_fp(f)
-FILE *f;
+void do_fp(FILE *f)
 	{
 	MD2_CTX c;
 	unsigned char md[MD2_DIGEST_LENGTH];
@@ -125,8 +114,7 @@ FILE *f;
 	pt(md);
 	}
 
-void pt(md)
-unsigned char *md;
+void pt(unsigned char *md)
 	{
 	int i;
 
diff --git a/lib/libssl/src/crypto/md2/md2.org b/lib/libssl/src/crypto/md2/md2.h
index 9f399337903..0d3592506c4 100644
--- a/lib/libssl/src/crypto/md2/md2.org
+++ b/lib/libssl/src/crypto/md2/md2.h
@@ -1,4 +1,4 @@
-/* crypto/md/md2.org */
+/* crypto/md/md2.h */
 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,15 +56,6 @@
  * [including the GNU Public Licence.]
  */
 
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- *
- * Always modify md2.org since md2.h is automatically generated from 
- * it during SSLeay configuration.
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
-
 #ifndef HEADER_MD2_H
 #define HEADER_MD2_H
 
@@ -72,10 +63,13 @@
 extern "C" {
 #endif
 
+#ifdef NO_MD2
+#error MD2 is disabled.
+#endif
+
 #define MD2_DIGEST_LENGTH	16
 #define MD2_BLOCK       	16
-
-#define MD2_INT unsigned int
+#include <openssl/opensslconf.h> /* MD2_INT */
 
 typedef struct MD2state_st
 	{
@@ -85,20 +79,11 @@ typedef struct MD2state_st
 	MD2_INT state[MD2_BLOCK];
 	} MD2_CTX;
 
-#ifndef NOPROTO
-char *MD2_options(void);
+const char *MD2_options(void);
 void MD2_Init(MD2_CTX *c);
 void MD2_Update(MD2_CTX *c, register unsigned char *data, unsigned long len);
 void MD2_Final(unsigned char *md, MD2_CTX *c);
 unsigned char *MD2(unsigned char *d, unsigned long n,unsigned char *md);
-#else
-char *MD2_options();
-void MD2_Init();
-void MD2_Update();
-void MD2_Final();
-unsigned char *MD2();
-#endif
-
 #ifdef  __cplusplus
 }
 #endif
diff --git a/lib/libssl/src/crypto/md2/md2_dgst.c b/lib/libssl/src/crypto/md2/md2_dgst.c
index 5cbd36f3fe4..c7d8d6aef57 100644
--- a/lib/libssl/src/crypto/md2/md2_dgst.c
+++ b/lib/libssl/src/crypto/md2/md2_dgst.c
@@ -59,21 +59,17 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include "md2.h"
+#include <openssl/md2.h>
+#include <openssl/opensslv.h>
 
-char *MD2_version="MD2 part of SSLeay 0.9.0b 29-Jun-1998";
+const char *MD2_version="MD2" OPENSSL_VERSION_PTEXT;
 
 /* Implemented from RFC1319 The MD2 Message-Digest Algorithm
  */
 
 #define UCHAR	unsigned char
 
-#ifndef NOPROTO
 static void md2_block(MD2_CTX *c, unsigned char *d);
-#else
-static void md2_block();
-#endif
-
 /* The magic S table - I have converted it to hex since it is
  * basicaly just a random byte string. */
 static MD2_INT S[256]={
@@ -111,7 +107,7 @@ static MD2_INT S[256]={
 	0xDB, 0x99, 0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14,
 	};
 
-char *MD2_options()
+const char *MD2_options(void)
 	{
 	if (sizeof(MD2_INT) == 1)
 		return("md2(char)");
@@ -119,8 +115,7 @@ char *MD2_options()
 		return("md2(int)");
 	}
 
-void MD2_Init(c)
-MD2_CTX *c;
+void MD2_Init(MD2_CTX *c)
 	{
 	c->num=0;
 	memset(c->state,0,MD2_BLOCK*sizeof(MD2_INT));
@@ -128,10 +123,7 @@ MD2_CTX *c;
 	memset(c->data,0,MD2_BLOCK);
 	}
 
-void MD2_Update(c, data, len)
-MD2_CTX *c;
-register unsigned char *data;
-unsigned long len;
+void MD2_Update(MD2_CTX *c, register unsigned char *data, unsigned long len)
 	{
 	register UCHAR *p;
 
@@ -169,9 +161,7 @@ unsigned long len;
 	c->num=(int)len;
 	}
 
-static void md2_block(c, d)
-MD2_CTX *c;
-unsigned char *d;
+static void md2_block(MD2_CTX *c, unsigned char *d)
 	{
 	register MD2_INT t,*sp1,*sp2;
 	register int i,j;
@@ -207,9 +197,7 @@ unsigned char *d;
 	memset(state,0,48*sizeof(MD2_INT));
 	}
 
-void MD2_Final(md, c)
-unsigned char *md;
-MD2_CTX *c;
+void MD2_Final(unsigned char *md, MD2_CTX *c)
 	{
 	int i,v;
 	register UCHAR *cp;
diff --git a/lib/libssl/src/crypto/md2/md2_one.c b/lib/libssl/src/crypto/md2/md2_one.c
index 513bf62fdb3..7157299d953 100644
--- a/lib/libssl/src/crypto/md2/md2_one.c
+++ b/lib/libssl/src/crypto/md2/md2_one.c
@@ -58,22 +58,35 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "md2.h"
+#include <openssl/md2.h>
 
 /* This is a separate file so that #defines in cryptlib.h can
  * map my MD functions to different names */
 
-unsigned char *MD2(d, n, md)
-unsigned char *d;
-unsigned long n;
-unsigned char *md;
+unsigned char *MD2(unsigned char *d, unsigned long n, unsigned char *md)
 	{
 	MD2_CTX c;
 	static unsigned char m[MD2_DIGEST_LENGTH];
 
 	if (md == NULL) md=m;
 	MD2_Init(&c);
+#ifndef CHARSET_EBCDIC
 	MD2_Update(&c,d,n);
+#else
+	{
+		char temp[1024];
+		unsigned long chunk;
+
+		while (n > 0)
+		{
+			chunk = (n > sizeof(temp)) ? sizeof(temp) : n;
+			ebcdic2ascii(temp, d, chunk);
+			MD2_Update(&c,temp,chunk);
+			n -= chunk;
+			d += chunk;
+		}
+	}
+#endif
 	MD2_Final(md,&c);
 	memset(&c,0,sizeof(c));	/* Security consideration */
 	return(md);
diff --git a/lib/libssl/src/crypto/md2/md2test.c b/lib/libssl/src/crypto/md2/md2test.c
index 55924d44cd5..461d124957f 100644
--- a/lib/libssl/src/crypto/md2/md2test.c
+++ b/lib/libssl/src/crypto/md2/md2test.c
@@ -59,7 +59,19 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include "md2.h"
+
+#ifdef NO_MD2
+int main(int argc, char *argv[])
+{
+    printf("No MD2 support\n");
+    return(0);
+}
+#else
+#include <openssl/md2.h>
+
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
 
 char *test[]={
 	"",
@@ -82,15 +94,8 @@ char *ret[]={
 	"d5976f79d83d3a0dc9806c3c66f3efd8",
 	};
 
-#ifndef NOPROTO
 static char *pt(unsigned char *md);
-#else
-static char *pt();
-#endif
-
-int main(argc,argv)
-int argc;
-char *argv[];
+int main(int argc, char *argv[])
 	{
 	int i,err=0;
 	char **P,**R;
@@ -118,8 +123,7 @@ char *argv[];
 	return(0);
 	}
 
-static char *pt(md)
-unsigned char *md;
+static char *pt(unsigned char *md)
 	{
 	int i;
 	static char buf[80];
@@ -128,3 +132,4 @@ unsigned char *md;
 		sprintf(&(buf[i*2]),"%02x",md[i]);
 	return(buf);
 	}
+#endif
diff --git a/lib/libssl/src/crypto/md32_common.h b/lib/libssl/src/crypto/md32_common.h
new file mode 100644
index 00000000000..2b91f9eef2a
--- /dev/null
+++ b/lib/libssl/src/crypto/md32_common.h
@@ -0,0 +1,594 @@
+/* crypto/md32_common.h */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/*
+ * This is a generic 32 bit "collector" for message digest algorithms.
+ * Whenever needed it collects input character stream into chunks of
+ * 32 bit values and invokes a block function that performs actual hash
+ * calculations.
+ *
+ * Porting guide.
+ *
+ * Obligatory macros:
+ *
+ * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN
+ *	this macro defines byte order of input stream.
+ * HASH_CBLOCK
+ *	size of a unit chunk HASH_BLOCK operates on.
+ * HASH_LONG
+ *	has to be at lest 32 bit wide, if it's wider, then
+ *	HASH_LONG_LOG2 *has to* be defined along
+ * HASH_CTX
+ *	context structure that at least contains following
+ *	members:
+ *		typedef struct {
+ *			...
+ *			HASH_LONG	Nl,Nh;
+ *			HASH_LONG	data[HASH_LBLOCK];
+ *			int		num;
+ *			...
+ *			} HASH_CTX;
+ * HASH_UPDATE
+ *	name of "Update" function, implemented here.
+ * HASH_TRANSFORM
+ *	name of "Transform" function, implemented here.
+ * HASH_FINAL
+ *	name of "Final" function, implemented here.
+ * HASH_BLOCK_HOST_ORDER
+ *	name of "block" function treating *aligned* input message
+ *	in host byte order, implemented externally.
+ * HASH_BLOCK_DATA_ORDER
+ *	name of "block" function treating *unaligned* input message
+ *	in original (data) byte order, implemented externally (it
+ *	actually is optional if data and host are of the same
+ *	"endianess").
+ *
+ * Optional macros:
+ *
+ * B_ENDIAN or L_ENDIAN
+ *	defines host byte-order.
+ * HASH_LONG_LOG2
+ *	defaults to 2 if not states otherwise.
+ * HASH_LBLOCK
+ *	assumed to be HASH_CBLOCK/4 if not stated otherwise.
+ * HASH_BLOCK_DATA_ORDER_ALIGNED
+ *	alternative "block" function capable of treating
+ *	aligned input message in original (data) order,
+ *	implemented externally.
+ *
+ * MD5 example:
+ *
+ *	#define DATA_ORDER_IS_LITTLE_ENDIAN
+ *
+ *	#define HASH_LONG		MD5_LONG
+ *	#define HASH_LONG_LOG2		MD5_LONG_LOG2
+ *	#define HASH_CTX		MD5_CTX
+ *	#define HASH_CBLOCK		MD5_CBLOCK
+ *	#define HASH_LBLOCK		MD5_LBLOCK
+ *	#define HASH_UPDATE		MD5_Update
+ *	#define HASH_TRANSFORM		MD5_Transform
+ *	#define HASH_FINAL		MD5_Final
+ *	#define HASH_BLOCK_HOST_ORDER	md5_block_host_order
+ *	#define HASH_BLOCK_DATA_ORDER	md5_block_data_order
+ *
+ *					<appro@fy.chalmers.se>
+ */
+
+#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+#error "DATA_ORDER must be defined!"
+#endif
+
+#ifndef HASH_CBLOCK
+#error "HASH_CBLOCK must be defined!"
+#endif
+#ifndef HASH_LONG
+#error "HASH_LONG must be defined!"
+#endif
+#ifndef HASH_CTX
+#error "HASH_CTX must be defined!"
+#endif
+
+#ifndef HASH_UPDATE
+#error "HASH_UPDATE must be defined!"
+#endif
+#ifndef HASH_TRANSFORM
+#error "HASH_TRANSFORM must be defined!"
+#endif
+#ifndef HASH_FINAL
+#error "HASH_FINAL must be defined!"
+#endif
+
+#ifndef HASH_BLOCK_HOST_ORDER
+#error "HASH_BLOCK_HOST_ORDER must be defined!"
+#endif
+
+#if 0
+/*
+ * Moved below as it's required only if HASH_BLOCK_DATA_ORDER_ALIGNED
+ * isn't defined.
+ */
+#ifndef HASH_BLOCK_DATA_ORDER
+#error "HASH_BLOCK_DATA_ORDER must be defined!"
+#endif
+#endif
+
+#ifndef HASH_LBLOCK
+#define HASH_LBLOCK	(HASH_CBLOCK/4)
+#endif
+
+#ifndef HASH_LONG_LOG2
+#define HASH_LONG_LOG2	2
+#endif
+
+/*
+ * Engage compiler specific rotate intrinsic function if available.
+ */
+#undef ROTATE
+#ifndef PEDANTIC
+# if defined(_MSC_VER)
+#  define ROTATE(a,n)     _lrotl(a,n)
+# elif defined(__GNUC__) && __GNUC__>=2 && !defined(NO_ASM)
+  /*
+   * Some GNU C inline assembler templates. Note that these are
+   * rotates by *constant* number of bits! But that's exactly
+   * what we need here...
+   *
+   * 					<appro@fy.chalmers.se>
+   */
+#  if defined(__i386)
+#   define ROTATE(a,n)	({ register unsigned int ret;	\
+				asm volatile (		\
+				"roll %1,%0"		\
+				: "=r"(ret)		\
+				: "I"(n), "0"(a)	\
+				: "cc");		\
+			   ret;				\
+			})
+#  elif defined(__powerpc)
+#   define ROTATE(a,n)	({ register unsigned int ret;	\
+				asm volatile (		\
+				"rlwinm %0,%1,%2,0,31"	\
+				: "=r"(ret)		\
+				: "r"(a), "I"(n));	\
+			   ret;				\
+			})
+#  endif
+# endif
+
+/*
+ * Engage compiler specific "fetch in reverse byte order"
+ * intrinsic function if available.
+ */
+# if defined(__GNUC__) && __GNUC__>=2 && !defined(NO_ASM)
+  /* some GNU C inline assembler templates by <appro@fy.chalmers.se> */
+#  if defined(__i386) && !defined(I386_ONLY)
+#   define BE_FETCH32(a)	({ register unsigned int l=(a);\
+				asm volatile (		\
+				"bswapl %0"		\
+				: "=r"(l) : "0"(l));	\
+			  l;				\
+			})
+#  elif defined(__powerpc)
+#   define LE_FETCH32(a)	({ register unsigned int l;	\
+				asm volatile (		\
+				"lwbrx %0,0,%1"		\
+				: "=r"(l)		\
+				: "r"(a));		\
+			   l;				\
+			})
+
+#  elif defined(__sparc) && defined(ULTRASPARC)
+#  define LE_FETCH32(a)	({ register unsigned int l;		\
+				asm volatile (			\
+				"lda [%1]#ASI_PRIMARY_LITTLE,%0"\
+				: "=r"(l)			\
+				: "r"(a));			\
+			   l;					\
+			})
+#  endif
+# endif
+#endif /* PEDANTIC */
+
+#if HASH_LONG_LOG2==2	/* Engage only if sizeof(HASH_LONG)== 4 */
+/* A nice byte order reversal from Wei Dai <weidai@eskimo.com> */
+#ifdef ROTATE
+/* 5 instructions with rotate instruction, else 9 */
+#define REVERSE_FETCH32(a,l)	(					\
+		l=*(const HASH_LONG *)(a),				\
+		((ROTATE(l,8)&0x00FF00FF)|(ROTATE((l&0x00FF00FF),24)))	\
+				)
+#else
+/* 6 instructions with rotate instruction, else 8 */
+#define REVERSE_FETCH32(a,l)	(				\
+		l=*(const HASH_LONG *)(a),			\
+		l=(((l>>8)&0x00FF00FF)|((l&0x00FF00FF)<<8)),	\
+		ROTATE(l,16)					\
+				)
+/*
+ * Originally the middle line started with l=(((l&0xFF00FF00)>>8)|...
+ * It's rewritten as above for two reasons:
+ *	- RISCs aren't good at long constants and have to explicitely
+ *	  compose 'em with several (well, usually 2) instructions in a
+ *	  register before performing the actual operation and (as you
+ *	  already realized:-) having same constant should inspire the
+ *	  compiler to permanently allocate the only register for it;
+ *	- most modern CPUs have two ALUs, but usually only one has
+ *	  circuitry for shifts:-( this minor tweak inspires compiler
+ *	  to schedule shift instructions in a better way...
+ *
+ *				<appro@fy.chalmers.se>
+ */
+#endif
+#endif
+
+#ifndef ROTATE
+#define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
+#endif
+
+/*
+ * Make some obvious choices. E.g., HASH_BLOCK_DATA_ORDER_ALIGNED
+ * and HASH_BLOCK_HOST_ORDER ought to be the same if input data
+ * and host are of the same "endianess". It's possible to mask
+ * this with blank #define HASH_BLOCK_DATA_ORDER though...
+ *
+ *				<appro@fy.chalmers.se>
+ */
+#if defined(B_ENDIAN)
+#  if defined(DATA_ORDER_IS_BIG_ENDIAN)
+#    if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2
+#      define HASH_BLOCK_DATA_ORDER_ALIGNED	HASH_BLOCK_HOST_ORDER
+#    endif
+#  elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+#    ifndef HOST_FETCH32
+#      ifdef LE_FETCH32
+#        define HOST_FETCH32(p,l)	LE_FETCH32(p)
+#      elif defined(REVERSE_FETCH32)
+#        define HOST_FETCH32(p,l)	REVERSE_FETCH32(p,l)
+#      endif
+#    endif
+#  endif
+#elif defined(L_ENDIAN)
+#  if defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+#    if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2
+#      define HASH_BLOCK_DATA_ORDER_ALIGNED	HASH_BLOCK_HOST_ORDER
+#    endif
+#  elif defined(DATA_ORDER_IS_BIG_ENDIAN)
+#    ifndef HOST_FETCH32
+#      ifdef BE_FETCH32
+#        define HOST_FETCH32(p,l)	BE_FETCH32(p)
+#      elif defined(REVERSE_FETCH32)
+#        define HOST_FETCH32(p,l)	REVERSE_FETCH32(p,l)
+#      endif
+#    endif
+#  endif
+#endif
+
+#if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED)
+#ifndef HASH_BLOCK_DATA_ORDER
+#error "HASH_BLOCK_DATA_ORDER must be defined!"
+#endif
+#endif
+
+#if defined(DATA_ORDER_IS_BIG_ENDIAN)
+
+#define HOST_c2l(c,l)	(l =(((unsigned long)(*((c)++)))<<24),		\
+			 l|=(((unsigned long)(*((c)++)))<<16),		\
+			 l|=(((unsigned long)(*((c)++)))<< 8),		\
+			 l|=(((unsigned long)(*((c)++)))    ),		\
+			 l)
+#define HOST_p_c2l(c,l,n)	{					\
+			switch (n) {					\
+			case 0: l =((unsigned long)(*((c)++)))<<24;	\
+			case 1: l|=((unsigned long)(*((c)++)))<<16;	\
+			case 2: l|=((unsigned long)(*((c)++)))<< 8;	\
+			case 3: l|=((unsigned long)(*((c)++)));		\
+				} }
+#define HOST_p_c2l_p(c,l,sc,len) {					\
+			switch (sc) {					\
+			case 0: l =((unsigned long)(*((c)++)))<<24;	\
+				if (--len == 0) break;			\
+			case 1: l|=((unsigned long)(*((c)++)))<<16;	\
+				if (--len == 0) break;			\
+			case 2: l|=((unsigned long)(*((c)++)))<< 8;	\
+				} }
+/* NOTE the pointer is not incremented at the end of this */
+#define HOST_c2l_p(c,l,n)	{					\
+			l=0; (c)+=n;					\
+			switch (n) {					\
+			case 3: l =((unsigned long)(*(--(c))))<< 8;	\
+			case 2: l|=((unsigned long)(*(--(c))))<<16;	\
+			case 1: l|=((unsigned long)(*(--(c))))<<24;	\
+				} }
+#define HOST_l2c(l,c)	(*((c)++)=(unsigned char)(((l)>>24)&0xff),	\
+			 *((c)++)=(unsigned char)(((l)>>16)&0xff),	\
+			 *((c)++)=(unsigned char)(((l)>> 8)&0xff),	\
+			 *((c)++)=(unsigned char)(((l)    )&0xff),	\
+			 l)
+
+#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+
+#define HOST_c2l(c,l)	(l =(((unsigned long)(*((c)++)))    ),		\
+			 l|=(((unsigned long)(*((c)++)))<< 8),		\
+			 l|=(((unsigned long)(*((c)++)))<<16),		\
+			 l|=(((unsigned long)(*((c)++)))<<24),		\
+			 l)
+#define HOST_p_c2l(c,l,n)	{					\
+			switch (n) {					\
+			case 0: l =((unsigned long)(*((c)++)));		\
+			case 1: l|=((unsigned long)(*((c)++)))<< 8;	\
+			case 2: l|=((unsigned long)(*((c)++)))<<16;	\
+			case 3: l|=((unsigned long)(*((c)++)))<<24;	\
+				} }
+#define HOST_p_c2l_p(c,l,sc,len) {					\
+			switch (sc) {					\
+			case 0: l =((unsigned long)(*((c)++)));		\
+				if (--len == 0) break;			\
+			case 1: l|=((unsigned long)(*((c)++)))<< 8;	\
+				if (--len == 0) break;			\
+			case 2: l|=((unsigned long)(*((c)++)))<<16;	\
+				} }
+/* NOTE the pointer is not incremented at the end of this */
+#define HOST_c2l_p(c,l,n)	{					\
+			l=0; (c)+=n;					\
+			switch (n) {					\
+			case 3: l =((unsigned long)(*(--(c))))<<16;	\
+			case 2: l|=((unsigned long)(*(--(c))))<< 8;	\
+			case 1: l|=((unsigned long)(*(--(c))));		\
+				} }
+#define HOST_l2c(l,c)	(*((c)++)=(unsigned char)(((l)    )&0xff),	\
+			 *((c)++)=(unsigned char)(((l)>> 8)&0xff),	\
+			 *((c)++)=(unsigned char)(((l)>>16)&0xff),	\
+			 *((c)++)=(unsigned char)(((l)>>24)&0xff),	\
+			 l)
+
+#endif
+
+/*
+ * Time for some action:-)
+ */
+
+void HASH_UPDATE (HASH_CTX *c, const unsigned char *data, unsigned long len)
+	{
+	register HASH_LONG * p;
+	register unsigned long l;
+	int sw,sc,ew,ec;
+
+	if (len==0) return;
+
+	l=(c->Nl+(len<<3))&0xffffffffL;
+	/* 95-05-24 eay Fixed a bug with the overflow handling, thanks to
+	 * Wei Dai <weidai@eskimo.com> for pointing it out. */
+	if (l < c->Nl) /* overflow */
+		c->Nh++;
+	c->Nh+=(len>>29);
+	c->Nl=l;
+
+	if (c->num != 0)
+		{
+		p=c->data;
+		sw=c->num>>2;
+		sc=c->num&0x03;
+
+		if ((c->num+len) >= HASH_CBLOCK)
+			{
+			l=p[sw]; HOST_p_c2l(data,l,sc); p[sw++]=l;
+			for (; sw<HASH_LBLOCK; sw++)
+				{
+				HOST_c2l(data,l); p[sw]=l;
+				}
+			HASH_BLOCK_HOST_ORDER (c,p,1);
+			len-=(HASH_CBLOCK-c->num);
+			c->num=0;
+			/* drop through and do the rest */
+			}
+		else
+			{
+			c->num+=len;
+			if ((sc+len) < 4) /* ugly, add char's to a word */
+				{
+				l=p[sw]; HOST_p_c2l_p(data,l,sc,len); p[sw]=l;
+				}
+			else
+				{
+				ew=(c->num>>2);
+				ec=(c->num&0x03);
+				l=p[sw]; HOST_p_c2l(data,l,sc); p[sw++]=l;
+				for (; sw < ew; sw++)
+					{
+					HOST_c2l(data,l); p[sw]=l;
+					}
+				if (ec)
+					{
+					HOST_c2l_p(data,l,ec); p[sw]=l;
+					}
+				}
+			return;
+			}
+		}
+
+	sw=len/HASH_CBLOCK;
+	if (sw > 0)
+		{
+#if defined(HASH_BLOCK_DATA_ORDER_ALIGNED)
+		/*
+		 * Note that HASH_BLOCK_DATA_ORDER_ALIGNED gets defined
+		 * only if sizeof(HASH_LONG)==4.
+		 */
+		if ((((unsigned long)data)%4) == 0)
+			{
+			/* data is properly aligned so that we can cast it: */
+			HASH_BLOCK_DATA_ORDER_ALIGNED (c,(HASH_LONG *)data,sw);
+			sw*=HASH_CBLOCK;
+			data+=sw;
+			len-=sw;
+			}
+		else
+#if !defined(HASH_BLOCK_DATA_ORDER)
+			while (sw--)
+				{
+				memcpy (p=c->data,data,HASH_CBLOCK);
+				HASH_BLOCK_DATA_ORDER_ALIGNED(c,p,1);
+				data+=HASH_CBLOCK;
+				len-=HASH_CBLOCK;
+				}
+#endif
+#endif
+#if defined(HASH_BLOCK_DATA_ORDER)
+			{
+			HASH_BLOCK_DATA_ORDER(c,data,sw);
+			sw*=HASH_CBLOCK;
+			data+=sw;
+			len-=sw;
+			}
+#endif
+		}
+
+	if (len!=0)
+		{
+		p = c->data;
+		c->num = len;
+		ew=len>>2;	/* words to copy */
+		ec=len&0x03;
+		for (; ew; ew--,p++)
+			{
+			HOST_c2l(data,l); *p=l;
+			}
+		HOST_c2l_p(data,l,ec);
+		*p=l;
+		}
+	}
+
+
+void HASH_TRANSFORM (HASH_CTX *c, const unsigned char *data)
+	{
+#if defined(HASH_BLOCK_DATA_ORDER_ALIGNED)
+	if ((((unsigned long)data)%4) == 0)
+		/* data is properly aligned so that we can cast it: */
+		HASH_BLOCK_DATA_ORDER_ALIGNED (c,(HASH_LONG *)data,1);
+	else
+#if !defined(HASH_BLOCK_DATA_ORDER)
+		{
+		memcpy (c->data,data,HASH_CBLOCK);
+		HASH_BLOCK_DATA_ORDER_ALIGNED (c,c->data,1);
+		}
+#endif
+#endif
+#if defined(HASH_BLOCK_DATA_ORDER)
+	HASH_BLOCK_DATA_ORDER (c,data,1);
+#endif
+	}
+
+
+void HASH_FINAL (unsigned char *md, HASH_CTX *c)
+	{
+	register HASH_LONG *p;
+	register unsigned long l;
+	register int i,j;
+	static const unsigned char end[4]={0x80,0x00,0x00,0x00};
+	const unsigned char *cp=end;
+
+	/* c->num should definitly have room for at least one more byte. */
+	p=c->data;
+	i=c->num>>2;
+	j=c->num&0x03;
+
+#if 0
+	/* purify often complains about the following line as an
+	 * Uninitialized Memory Read.  While this can be true, the
+	 * following p_c2l macro will reset l when that case is true.
+	 * This is because j&0x03 contains the number of 'valid' bytes
+	 * already in p[i].  If and only if j&0x03 == 0, the UMR will
+	 * occur but this is also the only time p_c2l will do
+	 * l= *(cp++) instead of l|= *(cp++)
+	 * Many thanks to Alex Tang <altitude@cic.net> for pickup this
+	 * 'potential bug' */
+#ifdef PURIFY
+	if (j==0) p[i]=0; /* Yeah, but that's not the way to fix it:-) */
+#endif
+	l=p[i];
+#else
+	l = (j==0) ? 0 : p[i];
+#endif
+	HOST_p_c2l(cp,l,j); p[i++]=l; /* i is the next 'undefined word' */
+
+	if (i>(HASH_LBLOCK-2)) /* save room for Nl and Nh */
+		{
+		if (i<HASH_LBLOCK) p[i]=0;
+		HASH_BLOCK_HOST_ORDER (c,p,1);
+		i=0;
+		}
+	for (; i<(HASH_LBLOCK-2); i++)
+		p[i]=0;
+
+#if   defined(DATA_ORDER_IS_BIG_ENDIAN)
+	p[HASH_LBLOCK-2]=c->Nh;
+	p[HASH_LBLOCK-1]=c->Nl;
+#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+	p[HASH_LBLOCK-2]=c->Nl;
+	p[HASH_LBLOCK-1]=c->Nh;
+#endif
+	HASH_BLOCK_HOST_ORDER (c,p,1);
+
+	l=c->A; HOST_l2c(l,md);
+	l=c->B; HOST_l2c(l,md);
+	l=c->C; HOST_l2c(l,md);
+	l=c->D; HOST_l2c(l,md);
+
+	c->num=0;
+	/* clear stuff, HASH_BLOCK may be leaving some stuff on the stack
+	 * but I'm not worried :-)
+	memset((void *)c,0,sizeof(HASH_CTX));
+	 */
+	}
diff --git a/lib/libssl/src/crypto/md5/Makefile.ssl b/lib/libssl/src/crypto/md5/Makefile.ssl
index 47e1ce05caf..29ae1b74586 100644
--- a/lib/libssl/src/crypto/md5/Makefile.ssl
+++ b/lib/libssl/src/crypto/md5/Makefile.ssl
@@ -8,15 +8,18 @@ CC=     cc
 CPP=    $(CC) -E
 INCLUDES=
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=           make -f Makefile.ssl
-MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=       Makefile.ssl
 AR=             ar r
 
 MD5_ASM_OBJ=
 
 CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS=$(CFLAGS)
 
 GENERAL=Makefile
 TEST=md5test.c
@@ -40,7 +43,7 @@ all:    lib
 
 lib:    $(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 	@touch lib
 
 # elf
@@ -59,26 +62,43 @@ asm/mx86-out.o: asm/mx86unix.cpp
 
 # bsdi
 asm/mx86bsdi.o: asm/mx86unix.cpp
-	$(CPP) -DBSDI asm/mx86unix.cpp | as -o asm/mx86bsdi.o
+	$(CPP) -DBSDI asm/mx86unix.cpp | sed 's/ :/:/' | as -o asm/mx86bsdi.o
 
-asm/mx86unix.cpp:
-	(cd asm; perl md5-586.pl cpp >mx86unix.cpp)
+asm/mx86unix.cpp: asm/md5-586.pl
+	(cd asm; $(PERL) md5-586.pl cpp >mx86unix.cpp)
+
+asm/md5-sparcv8plus.o: asm/md5-sparcv9.S
+	$(CC) $(ASFLAGS) -DMD5_BLOCK_DATA_ORDER -c \
+		-o asm/md5-sparcv8plus.o asm/md5-sparcv9.S
+
+# Old GNU assembler doesn't understand V9 instructions, so we
+# hire /usr/ccs/bin/as to do the job. Note that option is called
+# *-gcc27, but even gcc 2>=8 users may experience similar problem
+# if they didn't bother to upgrade GNU assembler. Such users should
+# not choose this option, but be adviced to *remove* GNU assembler
+# or upgrade it.
+sm/md5-sparcv8plus-gcc27.o: asm/md5-sparcv9.S
+	$(CC) $(ASFLAGS) -DMD5_BLOCK_DATA_ORDER -E asm/md5-sparcv9.S | \
+		/usr/ccs/bin/as -xarch=v8plus - -o asm/md5-sparcv8plus-gcc27.o
+
+asm/md5-sparcv9.o: asm/md5-sparcv9.S
+	$(CC) $(ASFLAGS) -DMD5_BLOCK_DATA_ORDER -c \
+		-o asm/md5-sparcv9.o asm/md5-sparcv9.S
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -90,15 +110,17 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
+	rm -f asm/mx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+md5_dgst.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h
+md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_locl.h
+md5_one.o: ../../include/openssl/md5.h
diff --git a/lib/libssl/src/crypto/md5/Makefile.uni b/lib/libssl/src/crypto/md5/Makefile.uni
index 54685712dbe..d21c72f3ea0 100644
--- a/lib/libssl/src/crypto/md5/Makefile.uni
+++ b/lib/libssl/src/crypto/md5/Makefile.uni
@@ -19,6 +19,7 @@ MAKE=           make
 MAKEDEPEND=     makedepend
 MAKEFILE=       Makefile.uni
 AR=             ar r
+RANLIB=         ranlib
 
 MD5_ASM_OBJ=
 
@@ -43,7 +44,7 @@ all:    $(LIB) $(TEST) $(APPS)
 
 $(LIB):    $(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 
 # elf
 asm/mx86-elf.o: asm/mx86unix.cpp
diff --git a/lib/libssl/src/crypto/md5/asm/m5-win32.asm b/lib/libssl/src/crypto/md5/asm/m5-win32.asm
index c2081da746e..51f5f17ca32 100644
--- a/lib/libssl/src/crypto/md5/asm/m5-win32.asm
+++ b/lib/libssl/src/crypto/md5/asm/m5-win32.asm
@@ -8,15 +8,16 @@
         .386
 .model FLAT
 _TEXT	SEGMENT
-PUBLIC	_md5_block_x86
+PUBLIC	_md5_block_asm_host_order
 
-_md5_block_x86 PROC NEAR
+_md5_block_asm_host_order PROC NEAR
 	push	esi
 	push	edi
 	mov	edi,		DWORD PTR 12[esp]
 	mov	esi,		DWORD PTR 16[esp]
 	mov	ecx,		DWORD PTR 20[esp]
 	push	ebp
+	shl	ecx,		6
 	push	ebx
 	add	ecx,		esi
 	sub	ecx,		64
@@ -34,161 +35,161 @@ L000start:
 	xor	edi,		edx
 	and	edi,		ebx
 	lea	eax,		DWORD PTR 3614090360[ebp*1+eax]
-	mov	ebp,		DWORD PTR 4[esi]
 	xor	edi,		edx
 	add	eax,		edi
 	mov	edi,		ebx
 	rol	eax,		7
+	mov	ebp,		DWORD PTR 4[esi]
 	add	eax,		ebx
 	; R0 1
 	xor	edi,		ecx
 	and	edi,		eax
 	lea	edx,		DWORD PTR 3905402710[ebp*1+edx]
-	mov	ebp,		DWORD PTR 8[esi]
 	xor	edi,		ecx
 	add	edx,		edi
 	mov	edi,		eax
 	rol	edx,		12
+	mov	ebp,		DWORD PTR 8[esi]
 	add	edx,		eax
 	; R0 2
 	xor	edi,		ebx
 	and	edi,		edx
 	lea	ecx,		DWORD PTR 606105819[ebp*1+ecx]
-	mov	ebp,		DWORD PTR 12[esi]
 	xor	edi,		ebx
 	add	ecx,		edi
 	mov	edi,		edx
 	rol	ecx,		17
+	mov	ebp,		DWORD PTR 12[esi]
 	add	ecx,		edx
 	; R0 3
 	xor	edi,		eax
 	and	edi,		ecx
 	lea	ebx,		DWORD PTR 3250441966[ebp*1+ebx]
-	mov	ebp,		DWORD PTR 16[esi]
 	xor	edi,		eax
 	add	ebx,		edi
 	mov	edi,		ecx
 	rol	ebx,		22
+	mov	ebp,		DWORD PTR 16[esi]
 	add	ebx,		ecx
 	; R0 4
 	xor	edi,		edx
 	and	edi,		ebx
 	lea	eax,		DWORD PTR 4118548399[ebp*1+eax]
-	mov	ebp,		DWORD PTR 20[esi]
 	xor	edi,		edx
 	add	eax,		edi
 	mov	edi,		ebx
 	rol	eax,		7
+	mov	ebp,		DWORD PTR 20[esi]
 	add	eax,		ebx
 	; R0 5
 	xor	edi,		ecx
 	and	edi,		eax
 	lea	edx,		DWORD PTR 1200080426[ebp*1+edx]
-	mov	ebp,		DWORD PTR 24[esi]
 	xor	edi,		ecx
 	add	edx,		edi
 	mov	edi,		eax
 	rol	edx,		12
+	mov	ebp,		DWORD PTR 24[esi]
 	add	edx,		eax
 	; R0 6
 	xor	edi,		ebx
 	and	edi,		edx
 	lea	ecx,		DWORD PTR 2821735955[ebp*1+ecx]
-	mov	ebp,		DWORD PTR 28[esi]
 	xor	edi,		ebx
 	add	ecx,		edi
 	mov	edi,		edx
 	rol	ecx,		17
+	mov	ebp,		DWORD PTR 28[esi]
 	add	ecx,		edx
 	; R0 7
 	xor	edi,		eax
 	and	edi,		ecx
 	lea	ebx,		DWORD PTR 4249261313[ebp*1+ebx]
-	mov	ebp,		DWORD PTR 32[esi]
 	xor	edi,		eax
 	add	ebx,		edi
 	mov	edi,		ecx
 	rol	ebx,		22
+	mov	ebp,		DWORD PTR 32[esi]
 	add	ebx,		ecx
 	; R0 8
 	xor	edi,		edx
 	and	edi,		ebx
 	lea	eax,		DWORD PTR 1770035416[ebp*1+eax]
-	mov	ebp,		DWORD PTR 36[esi]
 	xor	edi,		edx
 	add	eax,		edi
 	mov	edi,		ebx
 	rol	eax,		7
+	mov	ebp,		DWORD PTR 36[esi]
 	add	eax,		ebx
 	; R0 9
 	xor	edi,		ecx
 	and	edi,		eax
 	lea	edx,		DWORD PTR 2336552879[ebp*1+edx]
-	mov	ebp,		DWORD PTR 40[esi]
 	xor	edi,		ecx
 	add	edx,		edi
 	mov	edi,		eax
 	rol	edx,		12
+	mov	ebp,		DWORD PTR 40[esi]
 	add	edx,		eax
 	; R0 10
 	xor	edi,		ebx
 	and	edi,		edx
 	lea	ecx,		DWORD PTR 4294925233[ebp*1+ecx]
-	mov	ebp,		DWORD PTR 44[esi]
 	xor	edi,		ebx
 	add	ecx,		edi
 	mov	edi,		edx
 	rol	ecx,		17
+	mov	ebp,		DWORD PTR 44[esi]
 	add	ecx,		edx
 	; R0 11
 	xor	edi,		eax
 	and	edi,		ecx
 	lea	ebx,		DWORD PTR 2304563134[ebp*1+ebx]
-	mov	ebp,		DWORD PTR 48[esi]
 	xor	edi,		eax
 	add	ebx,		edi
 	mov	edi,		ecx
 	rol	ebx,		22
+	mov	ebp,		DWORD PTR 48[esi]
 	add	ebx,		ecx
 	; R0 12
 	xor	edi,		edx
 	and	edi,		ebx
 	lea	eax,		DWORD PTR 1804603682[ebp*1+eax]
-	mov	ebp,		DWORD PTR 52[esi]
 	xor	edi,		edx
 	add	eax,		edi
 	mov	edi,		ebx
 	rol	eax,		7
+	mov	ebp,		DWORD PTR 52[esi]
 	add	eax,		ebx
 	; R0 13
 	xor	edi,		ecx
 	and	edi,		eax
 	lea	edx,		DWORD PTR 4254626195[ebp*1+edx]
-	mov	ebp,		DWORD PTR 56[esi]
 	xor	edi,		ecx
 	add	edx,		edi
 	mov	edi,		eax
 	rol	edx,		12
+	mov	ebp,		DWORD PTR 56[esi]
 	add	edx,		eax
 	; R0 14
 	xor	edi,		ebx
 	and	edi,		edx
 	lea	ecx,		DWORD PTR 2792965006[ebp*1+ecx]
-	mov	ebp,		DWORD PTR 60[esi]
 	xor	edi,		ebx
 	add	ecx,		edi
 	mov	edi,		edx
 	rol	ecx,		17
+	mov	ebp,		DWORD PTR 60[esi]
 	add	ecx,		edx
 	; R0 15
 	xor	edi,		eax
 	and	edi,		ecx
 	lea	ebx,		DWORD PTR 1236535329[ebp*1+ebx]
-	mov	ebp,		DWORD PTR 4[esi]
 	xor	edi,		eax
 	add	ebx,		edi
 	mov	edi,		ecx
 	rol	ebx,		22
+	mov	ebp,		DWORD PTR 4[esi]
 	add	ebx,		ecx
 	; 
 	; R1 section
@@ -359,8 +360,8 @@ L000start:
 	xor	edi,		ebx
 	lea	eax,		DWORD PTR 4294588738[ebp*1+eax]
 	add	eax,		edi
-	mov	ebp,		DWORD PTR 32[esi]
 	rol	eax,		4
+	mov	ebp,		DWORD PTR 32[esi]
 	mov	edi,		ebx
 	; R2 33
 	lea	edx,		DWORD PTR 2272392833[ebp*1+edx]
@@ -377,8 +378,8 @@ L000start:
 	xor	edi,		edx
 	lea	ecx,		DWORD PTR 1839030562[ebp*1+ecx]
 	add	ecx,		edi
-	mov	ebp,		DWORD PTR 56[esi]
 	rol	ecx,		16
+	mov	ebp,		DWORD PTR 56[esi]
 	mov	edi,		edx
 	; R2 35
 	lea	ebx,		DWORD PTR 4259657740[ebp*1+ebx]
@@ -395,8 +396,8 @@ L000start:
 	xor	edi,		ebx
 	lea	eax,		DWORD PTR 2763975236[ebp*1+eax]
 	add	eax,		edi
-	mov	ebp,		DWORD PTR 16[esi]
 	rol	eax,		4
+	mov	ebp,		DWORD PTR 16[esi]
 	mov	edi,		ebx
 	; R2 37
 	lea	edx,		DWORD PTR 1272893353[ebp*1+edx]
@@ -413,8 +414,8 @@ L000start:
 	xor	edi,		edx
 	lea	ecx,		DWORD PTR 4139469664[ebp*1+ecx]
 	add	ecx,		edi
-	mov	ebp,		DWORD PTR 40[esi]
 	rol	ecx,		16
+	mov	ebp,		DWORD PTR 40[esi]
 	mov	edi,		edx
 	; R2 39
 	lea	ebx,		DWORD PTR 3200236656[ebp*1+ebx]
@@ -431,8 +432,8 @@ L000start:
 	xor	edi,		ebx
 	lea	eax,		DWORD PTR 681279174[ebp*1+eax]
 	add	eax,		edi
-	mov	ebp,		DWORD PTR [esi]
 	rol	eax,		4
+	mov	ebp,		DWORD PTR [esi]
 	mov	edi,		ebx
 	; R2 41
 	lea	edx,		DWORD PTR 3936430074[ebp*1+edx]
@@ -449,8 +450,8 @@ L000start:
 	xor	edi,		edx
 	lea	ecx,		DWORD PTR 3572445317[ebp*1+ecx]
 	add	ecx,		edi
-	mov	ebp,		DWORD PTR 24[esi]
 	rol	ecx,		16
+	mov	ebp,		DWORD PTR 24[esi]
 	mov	edi,		edx
 	; R2 43
 	lea	ebx,		DWORD PTR 76029189[ebp*1+ebx]
@@ -467,8 +468,8 @@ L000start:
 	xor	edi,		ebx
 	lea	eax,		DWORD PTR 3654602809[ebp*1+eax]
 	add	eax,		edi
-	mov	ebp,		DWORD PTR 48[esi]
 	rol	eax,		4
+	mov	ebp,		DWORD PTR 48[esi]
 	mov	edi,		ebx
 	; R2 45
 	lea	edx,		DWORD PTR 3873151461[ebp*1+edx]
@@ -485,8 +486,8 @@ L000start:
 	xor	edi,		edx
 	lea	ecx,		DWORD PTR 530742520[ebp*1+ecx]
 	add	ecx,		edi
-	mov	ebp,		DWORD PTR 8[esi]
 	rol	ecx,		16
+	mov	ebp,		DWORD PTR 8[esi]
 	mov	edi,		edx
 	; R2 47
 	lea	ebx,		DWORD PTR 3299628645[ebp*1+ebx]
@@ -681,6 +682,6 @@ L000start:
 	pop	edi
 	pop	esi
 	ret
-_md5_block_x86 ENDP
+_md5_block_asm_host_order ENDP
 _TEXT	ENDS
 END
diff --git a/lib/libssl/src/crypto/md5/asm/md5-586.pl b/lib/libssl/src/crypto/md5/asm/md5-586.pl
index 2c7fb7dd98d..5fc6a205ce0 100644
--- a/lib/libssl/src/crypto/md5/asm/md5-586.pl
+++ b/lib/libssl/src/crypto/md5/asm/md5-586.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 
 # Normal is the
 # md5_block_x86(MD5_CTX *c, ULONG *X);
@@ -29,7 +29,7 @@ $X="esi";
  0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9,	# R3
  );
 
-&md5_block("md5_block_x86");
+&md5_block("md5_block_asm_host_order");
 &asm_finish();
 
 sub Np
@@ -44,7 +44,7 @@ sub R0
 	local($pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_;
 
 	&mov($tmp1,$C)  if $pos < 0;
-	 &mov($tmp2,&DWP($xo[$ki]*4,$K,"",0)) if $pos < 0; # very first one 
+	&mov($tmp2,&DWP($xo[$ki]*4,$K,"",0)) if $pos < 0; # very first one 
 
 	# body proper
 
@@ -54,7 +54,6 @@ sub R0
 	&and($tmp1,$b); # F function - part 3
 	&lea($a,&DWP($t,$a,$tmp2,1));
 
-	&mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if ($pos != 2);
 	&xor($tmp1,$d); # F function - part 4
 
 	&add($a,$tmp1);
@@ -62,8 +61,10 @@ sub R0
 	&mov($tmp1,&Np($c)) if $pos == 1;	# next tmp1 for R1
 
 	&rotl($a,$s);
-	&add($a,$b);
 
+	&mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if ($pos != 2);
+
+	&add($a,$b);
 	}
 
 sub R1
@@ -100,16 +101,16 @@ if (($n & 1) == 0)
 	# make sure to do 'D' first, not 'B', else we clash with
 	# the last add from the previous round.
 
-	 &xor($tmp1,$d); # H function - part 2
+	&xor($tmp1,$d); # H function - part 2
 
 	&xor($tmp1,$b); # H function - part 3
-	 &lea($a,&DWP($t,$a,$tmp2,1));
+	&lea($a,&DWP($t,$a,$tmp2,1));
 
 	&add($a,$tmp1);
-	 &mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0));
 
 	&rotl($a,$s);
 
+	&mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0));
 	&mov($tmp1,&Np($c));
 	}
 else
@@ -118,17 +119,17 @@ else
 	# make sure to do 'D' first, not 'B', else we clash with
 	# the last add from the previous round.
 
-	 &lea($a,&DWP($t,$a,$tmp2,1));
+	&lea($a,&DWP($t,$a,$tmp2,1));
 
 	&add($b,$c);			# MOVED FORWARD
-	 &xor($tmp1,$d); # H function - part 2
+	&xor($tmp1,$d); # H function - part 2
 
 	&xor($tmp1,$b); # H function - part 3
-	 &mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if ($pos != 2);
+	&mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if ($pos != 2);
 
 	&add($a,$tmp1);
-	 &mov($tmp1,&Np($c)) if $pos < 1;	# H function - part 1
-	 &mov($tmp1,-1) if $pos == 1;		# I function - part 1
+	&mov($tmp1,&Np($c)) if $pos < 1;	# H function - part 1
+	&mov($tmp1,-1) if $pos == 1;		# I function - part 1
 
 	&rotl($a,$s);
 
@@ -146,21 +147,21 @@ sub R3
 	&xor($tmp1,$d) if $pos < 0; 	# I function - part 2
 
 	&or($tmp1,$b);				# I function - part 3
-	 &lea($a,&DWP($t,$a,$tmp2,1));
+	&lea($a,&DWP($t,$a,$tmp2,1));
 
 	&xor($tmp1,$c); 			# I function - part 4
-	 &mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0))	if $pos != 2; # load X/k value
-	 &mov($tmp2,&wparam(0)) if $pos == 2;
+	&mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0))	if $pos != 2; # load X/k value
+	&mov($tmp2,&wparam(0)) if $pos == 2;
 
 	&add($a,$tmp1);
-	 &mov($tmp1,-1) if $pos < 1;	# H function - part 1
-	 &add($K,64) if $pos >=1 && !$normal;
+	&mov($tmp1,-1) if $pos < 1;	# H function - part 1
+	&add($K,64) if $pos >=1 && !$normal;
 
 	&rotl($a,$s);
 
 	&xor($tmp1,&Np($d)) if $pos <= 0; 	# I function - part = first time
 	&mov($tmp1,&DWP( 0,$tmp2,"",0)) if $pos > 0;
-	 &add($a,$b);
+	&add($a,$b);
 	}
 
 
@@ -182,6 +183,7 @@ sub md5_block
 	 &mov($X,	&wparam(1)); # esi
 	&mov($C,	&wparam(2));
 	 &push("ebp");
+	&shl($C,	6);
 	&push("ebx");
 	 &add($C,	$X); # offset we end at
 	&sub($C,	64);
diff --git a/lib/libssl/src/crypto/md5/asm/md5-sparcv9.S b/lib/libssl/src/crypto/md5/asm/md5-sparcv9.S
new file mode 100644
index 00000000000..ca4257f1341
--- /dev/null
+++ b/lib/libssl/src/crypto/md5/asm/md5-sparcv9.S
@@ -0,0 +1,1029 @@
+.ident	"md5-sparcv9.S, Version 1.0"
+.ident	"SPARC V9 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
+.file	"md5-sparcv9.S"
+
+/*
+ * ====================================================================
+ * Copyright (c) 1999 Andy Polyakov <appro@fy.chalmers.se>.
+ *
+ * Rights for redistribution and usage in source and binary forms are
+ * granted as long as above copyright notices are retained. Warranty
+ * of any kind is (of course:-) disclaimed.
+ * ====================================================================
+ */
+
+/*
+ * This is my modest contribution to OpenSSL project (see
+ * http://www.openssl.org/ for more information about it) and is an
+ * assembler implementation of MD5 block hash function. I've hand-coded
+ * this for the sole reason to reach UltraSPARC-specific "load in
+ * little-endian byte order" instruction. This gives up to 15%
+ * performance improvement for cases when input message is aligned at
+ * 32 bits boundary. The module was tested under both 32 *and* 64 bit
+ * kernels. For updates see http://fy.chalmers.se/~appro/hpe/.
+ *
+ * To compile with SC4.x/SC5.x:
+ *
+ *	cc -xarch=v[9|8plus] -DULTRASPARC -DMD5_BLOCK_DATA_ORDER \
+ *		-c md5-sparcv9.S
+ *
+ * and with gcc:
+ *
+ *	gcc -mcpu=ultrasparc -DULTRASPARC -DMD5_BLOCK_DATA_ORDER \
+ *		-c md5-sparcv9.S
+ *
+ * or if above fails (it does if you have gas):
+ *
+ *	gcc -E -DULTRASPARC -DMD5_BLOCK_DATA_ORDER md5_block.sparc.S | \
+ *		as -xarch=v8plus /dev/fd/0 -o md5-sparcv9.o
+ */
+
+#define	A	%o0
+#define B	%o1
+#define	C	%o2
+#define	D	%o3
+#define	T1	%o4
+#define	T2	%o5
+
+#define	R0	%l0
+#define	R1	%l1
+#define	R2	%l2
+#define	R3	%l3
+#define	R4	%l4
+#define	R5	%l5
+#define	R6	%l6
+#define	R7	%l7
+#define	R8	%i3
+#define	R9	%i4
+#define	R10	%i5
+#define	R11	%g1
+#define R12	%g2
+#define	R13	%g3
+#define RX	%g4
+
+#define Aptr	%i0+0
+#define Bptr	%i0+4
+#define Cptr	%i0+8
+#define Dptr	%i0+12
+
+#define Aval	R5	/* those not used at the end of the last round */
+#define Bval	R6
+#define Cval	R7
+#define Dval	R8
+
+#if defined(MD5_BLOCK_DATA_ORDER)
+# if defined(ULTRASPARC)
+#  define	LOAD			lda
+#  define	X(i)			[%i1+i*4]%asi
+#  define	md5_block		md5_block_asm_data_order_aligned
+#  define	ASI_PRIMARY_LITTLE	0x88
+# else
+#  error "MD5_BLOCK_DATA_ORDER is supported only on UltraSPARC!"
+# endif
+#else
+# define	LOAD			ld
+# define	X(i)			[%i1+i*4]
+# define	md5_block		md5_block_asm_host_order
+#endif
+
+.section        ".text",#alloc,#execinstr
+
+#if defined(__SUNPRO_C) && defined(__sparcv9)
+  /* They've said -xarch=v9 at command line */
+  .register	%g2,#scratch
+  .register	%g3,#scratch
+# define	FRAME	-192
+#elif defined(__GNUC__) && defined(__arch64__)
+  /* They've said -m64 at command line */
+  .register     %g2,#scratch
+  .register     %g3,#scratch
+# define        FRAME   -192
+#else
+# define	FRAME	-96
+#endif
+
+.align  32
+
+.global md5_block
+md5_block:
+	save	%sp,FRAME,%sp
+
+	ld	[Dptr],D
+	ld	[Cptr],C
+	ld	[Bptr],B
+	ld	[Aptr],A
+#ifdef ASI_PRIMARY_LITTLE
+	rd	%asi,%o7	! How dare I? Well, I just do:-)
+	wr	%g0,ASI_PRIMARY_LITTLE,%asi
+#endif
+	LOAD	X(0),R0
+
+.Lmd5_block_loop:
+
+!!!!!!!!Round 0
+
+	xor	C,D,T1
+	sethi	%hi(0xd76aa478),T2
+	and	T1,B,T1
+	or	T2,%lo(0xd76aa478),T2	!=
+	xor	T1,D,T1
+	add	T1,R0,T1
+	LOAD	X(1),R1
+	add	T1,T2,T1		!=
+	add	A,T1,A
+	sll	A,7,T2
+	srl	A,32-7,A
+	or	A,T2,A			!=
+	 xor	 B,C,T1
+	add	A,B,A
+
+	sethi	%hi(0xe8c7b756),T2
+	and	T1,A,T1			!=
+	or	T2,%lo(0xe8c7b756),T2
+	xor	T1,C,T1
+	LOAD	X(2),R2
+	add	T1,R1,T1		!=
+	add	T1,T2,T1
+	add	D,T1,D
+	sll	D,12,T2
+	srl	D,32-12,D		!=
+	or	D,T2,D
+	 xor	 A,B,T1
+	add	D,A,D
+
+	sethi	%hi(0x242070db),T2	!=
+	and	T1,D,T1
+	or	T2,%lo(0x242070db),T2
+	xor	T1,B,T1
+	add	T1,R2,T1		!=
+	LOAD	X(3),R3
+	add	T1,T2,T1
+	add	C,T1,C
+	sll	C,17,T2			!=
+	srl	C,32-17,C
+	or	C,T2,C
+	 xor	 D,A,T1
+	add	C,D,C			!=
+
+	sethi	%hi(0xc1bdceee),T2
+	and	T1,C,T1
+	or	T2,%lo(0xc1bdceee),T2
+	xor	T1,A,T1			!=
+	add	T1,R3,T1
+	LOAD	X(4),R4
+	add	T1,T2,T1
+	add	B,T1,B			!=
+	sll	B,22,T2
+	srl	B,32-22,B
+	or	B,T2,B
+	 xor	 C,D,T1			!=
+	add	B,C,B
+
+	sethi	%hi(0xf57c0faf),T2
+	and	T1,B,T1
+	or	T2,%lo(0xf57c0faf),T2	!=
+	xor	T1,D,T1
+	add	T1,R4,T1
+	LOAD	X(5),R5
+	add	T1,T2,T1		!=
+	add	A,T1,A
+	sll	A,7,T2
+	srl	A,32-7,A
+	or	A,T2,A			!=
+	 xor	 B,C,T1
+	add	A,B,A
+
+	sethi	%hi(0x4787c62a),T2
+	and	T1,A,T1			!=
+	or	T2,%lo(0x4787c62a),T2
+	xor	T1,C,T1
+	LOAD	X(6),R6
+	add	T1,R5,T1		!=
+	add	T1,T2,T1
+	add	D,T1,D
+	sll	D,12,T2
+	srl	D,32-12,D		!=
+	or	D,T2,D
+	 xor	 A,B,T1
+	add	D,A,D
+
+	sethi	%hi(0xa8304613),T2	!=
+	and	T1,D,T1
+	or	T2,%lo(0xa8304613),T2
+	xor	T1,B,T1
+	add	T1,R6,T1		!=
+	LOAD	X(7),R7
+	add	T1,T2,T1
+	add	C,T1,C
+	sll	C,17,T2			!=
+	srl	C,32-17,C
+	or	C,T2,C
+	 xor	 D,A,T1
+	add	C,D,C			!=
+
+	sethi	%hi(0xfd469501),T2
+	and	T1,C,T1
+	or	T2,%lo(0xfd469501),T2
+	xor	T1,A,T1			!=
+	add	T1,R7,T1
+	LOAD	X(8),R8
+	add	T1,T2,T1
+	add	B,T1,B			!=
+	sll	B,22,T2
+	srl	B,32-22,B
+	or	B,T2,B
+	 xor	 C,D,T1			!=
+	add	B,C,B
+
+	sethi	%hi(0x698098d8),T2
+	and	T1,B,T1
+	or	T2,%lo(0x698098d8),T2	!=
+	xor	T1,D,T1
+	add	T1,R8,T1
+	LOAD	X(9),R9
+	add	T1,T2,T1		!=
+	add	A,T1,A
+	sll	A,7,T2
+	srl	A,32-7,A
+	or	A,T2,A			!=
+	 xor	 B,C,T1
+	add	A,B,A
+
+	sethi	%hi(0x8b44f7af),T2
+	and	T1,A,T1			!=
+	or	T2,%lo(0x8b44f7af),T2
+	xor	T1,C,T1
+	LOAD	X(10),R10
+	add	T1,R9,T1		!=
+	add	T1,T2,T1
+	add	D,T1,D
+	sll	D,12,T2
+	srl	D,32-12,D		!=
+	or	D,T2,D
+	 xor	 A,B,T1
+	add	D,A,D
+
+	sethi	%hi(0xffff5bb1),T2	!=
+	and	T1,D,T1
+	or	T2,%lo(0xffff5bb1),T2
+	xor	T1,B,T1
+	add	T1,R10,T1		!=
+	LOAD	X(11),R11
+	add	T1,T2,T1
+	add	C,T1,C
+	sll	C,17,T2			!=
+	srl	C,32-17,C
+	or	C,T2,C
+	 xor	 D,A,T1
+	add	C,D,C			!=
+
+	sethi	%hi(0x895cd7be),T2
+	and	T1,C,T1
+	or	T2,%lo(0x895cd7be),T2
+	xor	T1,A,T1			!=
+	add	T1,R11,T1
+	LOAD	X(12),R12
+	add	T1,T2,T1
+	add	B,T1,B			!=
+	sll	B,22,T2
+	srl	B,32-22,B
+	or	B,T2,B
+	 xor	 C,D,T1			!=
+	add	B,C,B
+
+	sethi	%hi(0x6b901122),T2
+	and	T1,B,T1
+	or	T2,%lo(0x6b901122),T2	!=
+	xor	T1,D,T1
+	add	T1,R12,T1
+	LOAD	X(13),R13
+	add	T1,T2,T1		!=
+	add	A,T1,A
+	sll	A,7,T2
+	srl	A,32-7,A
+	or	A,T2,A			!=
+	 xor	 B,C,T1
+	add	A,B,A
+
+	sethi	%hi(0xfd987193),T2
+	and	T1,A,T1			!=
+	or	T2,%lo(0xfd987193),T2
+	xor	T1,C,T1
+	LOAD	X(14),RX
+	add	T1,R13,T1		!=
+	add	T1,T2,T1
+	add	D,T1,D
+	sll	D,12,T2
+	srl	D,32-12,D		!=
+	or	D,T2,D
+	 xor	 A,B,T1
+	add	D,A,D
+
+	sethi	%hi(0xa679438e),T2	!=
+	and	T1,D,T1
+	or	T2,%lo(0xa679438e),T2
+	xor	T1,B,T1
+	add	T1,RX,T1		!=
+	LOAD	X(15),RX
+	add	T1,T2,T1
+	add	C,T1,C
+	sll	C,17,T2			!=
+	srl	C,32-17,C
+	or	C,T2,C
+	 xor	 D,A,T1
+	add	C,D,C			!=
+
+	sethi	%hi(0x49b40821),T2
+	and	T1,C,T1
+	or	T2,%lo(0x49b40821),T2
+	xor	T1,A,T1			!=
+	add	T1,RX,T1
+	!pre-LOADed	X(1),R1
+	add	T1,T2,T1
+	add	B,T1,B
+	sll	B,22,T2			!=
+	srl	B,32-22,B
+	or	B,T2,B
+	add	B,C,B
+
+!!!!!!!!Round 1
+
+	xor	B,C,T1			!=
+	sethi	%hi(0xf61e2562),T2
+	and	T1,D,T1
+	or	T2,%lo(0xf61e2562),T2
+	xor	T1,C,T1			!=
+	add	T1,R1,T1
+	!pre-LOADed	X(6),R6
+	add	T1,T2,T1
+	add	A,T1,A
+	sll	A,5,T2			!=
+	srl	A,32-5,A
+	or	A,T2,A
+	add	A,B,A
+
+	xor	A,B,T1			!=
+	sethi	%hi(0xc040b340),T2
+	and	T1,C,T1
+	or	T2,%lo(0xc040b340),T2
+	xor	T1,B,T1			!=
+	add	T1,R6,T1
+	!pre-LOADed	X(11),R11
+	add	T1,T2,T1
+	add	D,T1,D
+	sll	D,9,T2			!=
+	srl	D,32-9,D
+	or	D,T2,D
+	add	D,A,D
+
+	xor	D,A,T1			!=
+	sethi	%hi(0x265e5a51),T2
+	and	T1,B,T1
+	or	T2,%lo(0x265e5a51),T2
+	xor	T1,A,T1			!=
+	add	T1,R11,T1
+	!pre-LOADed	X(0),R0
+	add	T1,T2,T1
+	add	C,T1,C
+	sll	C,14,T2			!=
+	srl	C,32-14,C
+	or	C,T2,C
+	add	C,D,C
+
+	xor	C,D,T1			!=
+	sethi	%hi(0xe9b6c7aa),T2
+	and	T1,A,T1
+	or	T2,%lo(0xe9b6c7aa),T2
+	xor	T1,D,T1			!=
+	add	T1,R0,T1
+	!pre-LOADed	X(5),R5
+	add	T1,T2,T1
+	add	B,T1,B
+	sll	B,20,T2			!=
+	srl	B,32-20,B
+	or	B,T2,B
+	add	B,C,B
+
+	xor	B,C,T1			!=
+	sethi	%hi(0xd62f105d),T2
+	and	T1,D,T1
+	or	T2,%lo(0xd62f105d),T2
+	xor	T1,C,T1			!=
+	add	T1,R5,T1
+	!pre-LOADed	X(10),R10
+	add	T1,T2,T1
+	add	A,T1,A
+	sll	A,5,T2			!=
+	srl	A,32-5,A
+	or	A,T2,A
+	add	A,B,A
+
+	xor	A,B,T1			!=
+	sethi	%hi(0x02441453),T2
+	and	T1,C,T1
+	or	T2,%lo(0x02441453),T2
+	xor	T1,B,T1			!=
+	add	T1,R10,T1
+	LOAD	X(15),RX
+	add	T1,T2,T1
+	add	D,T1,D			!=
+	sll	D,9,T2
+	srl	D,32-9,D
+	or	D,T2,D
+	add	D,A,D			!=
+
+	xor	D,A,T1
+	sethi	%hi(0xd8a1e681),T2
+	and	T1,B,T1
+	or	T2,%lo(0xd8a1e681),T2	!=
+	xor	T1,A,T1
+	add	T1,RX,T1
+	!pre-LOADed	X(4),R4
+	add	T1,T2,T1
+	add	C,T1,C			!=
+	sll	C,14,T2
+	srl	C,32-14,C
+	or	C,T2,C
+	add	C,D,C			!=
+
+	xor	C,D,T1
+	sethi	%hi(0xe7d3fbc8),T2
+	and	T1,A,T1
+	or	T2,%lo(0xe7d3fbc8),T2	!=
+	xor	T1,D,T1
+	add	T1,R4,T1
+	!pre-LOADed	X(9),R9
+	add	T1,T2,T1
+	add	B,T1,B			!=
+	sll	B,20,T2
+	srl	B,32-20,B
+	or	B,T2,B
+	add	B,C,B			!=
+
+	xor	B,C,T1
+	sethi	%hi(0x21e1cde6),T2
+	and	T1,D,T1
+	or	T2,%lo(0x21e1cde6),T2	!=
+	xor	T1,C,T1
+	add	T1,R9,T1
+	LOAD	X(14),RX
+	add	T1,T2,T1		!=
+	add	A,T1,A
+	sll	A,5,T2
+	srl	A,32-5,A
+	or	A,T2,A			!=
+	add	A,B,A
+
+	xor	A,B,T1
+	sethi	%hi(0xc33707d6),T2
+	and	T1,C,T1			!=
+	or	T2,%lo(0xc33707d6),T2
+	xor	T1,B,T1
+	add	T1,RX,T1
+	!pre-LOADed	X(3),R3
+	add	T1,T2,T1		!=
+	add	D,T1,D
+	sll	D,9,T2
+	srl	D,32-9,D
+	or	D,T2,D			!=
+	add	D,A,D
+
+	xor	D,A,T1
+	sethi	%hi(0xf4d50d87),T2
+	and	T1,B,T1			!=
+	or	T2,%lo(0xf4d50d87),T2
+	xor	T1,A,T1
+	add	T1,R3,T1
+	!pre-LOADed	X(8),R8
+	add	T1,T2,T1		!=
+	add	C,T1,C
+	sll	C,14,T2
+	srl	C,32-14,C
+	or	C,T2,C			!=
+	add	C,D,C
+
+	xor	C,D,T1
+	sethi	%hi(0x455a14ed),T2
+	and	T1,A,T1			!=
+	or	T2,%lo(0x455a14ed),T2
+	xor	T1,D,T1
+	add	T1,R8,T1
+	!pre-LOADed	X(13),R13
+	add	T1,T2,T1		!=
+	add	B,T1,B
+	sll	B,20,T2
+	srl	B,32-20,B
+	or	B,T2,B			!=
+	add	B,C,B
+
+	xor	B,C,T1
+	sethi	%hi(0xa9e3e905),T2
+	and	T1,D,T1			!=
+	or	T2,%lo(0xa9e3e905),T2
+	xor	T1,C,T1
+	add	T1,R13,T1
+	!pre-LOADed	X(2),R2
+	add	T1,T2,T1		!=
+	add	A,T1,A
+	sll	A,5,T2
+	srl	A,32-5,A
+	or	A,T2,A			!=
+	add	A,B,A
+
+	xor	A,B,T1
+	sethi	%hi(0xfcefa3f8),T2
+	and	T1,C,T1			!=
+	or	T2,%lo(0xfcefa3f8),T2
+	xor	T1,B,T1
+	add	T1,R2,T1
+	!pre-LOADed	X(7),R7
+	add	T1,T2,T1		!=
+	add	D,T1,D
+	sll	D,9,T2
+	srl	D,32-9,D
+	or	D,T2,D			!=
+	add	D,A,D
+
+	xor	D,A,T1
+	sethi	%hi(0x676f02d9),T2
+	and	T1,B,T1			!=
+	or	T2,%lo(0x676f02d9),T2
+	xor	T1,A,T1
+	add	T1,R7,T1
+	!pre-LOADed	X(12),R12
+	add	T1,T2,T1		!=
+	add	C,T1,C
+	sll	C,14,T2
+	srl	C,32-14,C
+	or	C,T2,C			!=
+	add	C,D,C
+
+	xor	C,D,T1
+	sethi	%hi(0x8d2a4c8a),T2
+	and	T1,A,T1			!=
+	or	T2,%lo(0x8d2a4c8a),T2
+	xor	T1,D,T1
+	add	T1,R12,T1
+	!pre-LOADed	X(5),R5
+	add	T1,T2,T1		!=
+	add	B,T1,B
+	sll	B,20,T2
+	srl	B,32-20,B
+	or	B,T2,B			!=
+	add	B,C,B
+
+!!!!!!!!Round 2
+
+	xor	B,C,T1
+	sethi	%hi(0xfffa3942),T2
+	xor	T1,D,T1			!=
+	or	T2,%lo(0xfffa3942),T2
+	add	T1,R5,T1
+	!pre-LOADed	X(8),R8
+	add	T1,T2,T1
+	add	A,T1,A			!=
+	sll	A,4,T2
+	srl	A,32-4,A
+	or	A,T2,A
+	add	A,B,A			!=
+
+	xor	A,B,T1
+	sethi	%hi(0x8771f681),T2
+	xor	T1,C,T1
+	or	T2,%lo(0x8771f681),T2	!=
+	add	T1,R8,T1
+	!pre-LOADed	X(11),R11
+	add	T1,T2,T1
+	add	D,T1,D
+	sll	D,11,T2			!=
+	srl	D,32-11,D
+	or	D,T2,D
+	add	D,A,D
+
+	xor	D,A,T1			!=
+	sethi	%hi(0x6d9d6122),T2
+	xor	T1,B,T1
+	or	T2,%lo(0x6d9d6122),T2
+	add	T1,R11,T1		!=
+	LOAD	X(14),RX
+	add	T1,T2,T1
+	add	C,T1,C
+	sll	C,16,T2			!=
+	srl	C,32-16,C
+	or	C,T2,C
+	add	C,D,C
+
+	xor	C,D,T1			!=
+	sethi	%hi(0xfde5380c),T2
+	xor	T1,A,T1
+	or	T2,%lo(0xfde5380c),T2
+	add	T1,RX,T1		!=
+	!pre-LOADed	X(1),R1
+	add	T1,T2,T1
+	add	B,T1,B
+	sll	B,23,T2
+	srl	B,32-23,B		!=
+	or	B,T2,B
+	add	B,C,B
+
+	xor	B,C,T1
+	sethi	%hi(0xa4beea44),T2	!=
+	xor	T1,D,T1
+	or	T2,%lo(0xa4beea44),T2
+	add	T1,R1,T1
+	!pre-LOADed	X(4),R4
+	add	T1,T2,T1		!=
+	add	A,T1,A
+	sll	A,4,T2
+	srl	A,32-4,A
+	or	A,T2,A			!=
+	add	A,B,A
+
+	xor	A,B,T1
+	sethi	%hi(0x4bdecfa9),T2
+	xor	T1,C,T1			!=
+	or	T2,%lo(0x4bdecfa9),T2
+	add	T1,R4,T1
+	!pre-LOADed	X(7),R7
+	add	T1,T2,T1
+	add	D,T1,D			!=
+	sll	D,11,T2
+	srl	D,32-11,D
+	or	D,T2,D
+	add	D,A,D			!=
+
+	xor	D,A,T1
+	sethi	%hi(0xf6bb4b60),T2
+	xor	T1,B,T1
+	or	T2,%lo(0xf6bb4b60),T2	!=
+	add	T1,R7,T1
+	!pre-LOADed	X(10),R10
+	add	T1,T2,T1
+	add	C,T1,C
+	sll	C,16,T2			!=
+	srl	C,32-16,C
+	or	C,T2,C
+	add	C,D,C
+
+	xor	C,D,T1			!=
+	sethi	%hi(0xbebfbc70),T2
+	xor	T1,A,T1
+	or	T2,%lo(0xbebfbc70),T2
+	add	T1,R10,T1		!=
+	!pre-LOADed	X(13),R13
+	add	T1,T2,T1
+	add	B,T1,B
+	sll	B,23,T2
+	srl	B,32-23,B		!=
+	or	B,T2,B
+	add	B,C,B
+
+	xor	B,C,T1
+	sethi	%hi(0x289b7ec6),T2	!=
+	xor	T1,D,T1
+	or	T2,%lo(0x289b7ec6),T2
+	add	T1,R13,T1
+	!pre-LOADed	X(0),R0
+	add	T1,T2,T1		!=
+	add	A,T1,A
+	sll	A,4,T2
+	srl	A,32-4,A
+	or	A,T2,A			!=
+	add	A,B,A
+
+	xor	A,B,T1
+	sethi	%hi(0xeaa127fa),T2
+	xor	T1,C,T1			!=
+	or	T2,%lo(0xeaa127fa),T2
+	add	T1,R0,T1
+	!pre-LOADed	X(3),R3
+	add	T1,T2,T1
+	add	D,T1,D			!=
+	sll	D,11,T2
+	srl	D,32-11,D
+	or	D,T2,D
+	add	D,A,D			!=
+
+	xor	D,A,T1
+	sethi	%hi(0xd4ef3085),T2
+	xor	T1,B,T1
+	or	T2,%lo(0xd4ef3085),T2	!=
+	add	T1,R3,T1
+	!pre-LOADed	X(6),R6
+	add	T1,T2,T1
+	add	C,T1,C
+	sll	C,16,T2			!=
+	srl	C,32-16,C
+	or	C,T2,C
+	add	C,D,C
+
+	xor	C,D,T1			!=
+	sethi	%hi(0x04881d05),T2
+	xor	T1,A,T1
+	or	T2,%lo(0x04881d05),T2
+	add	T1,R6,T1		!=
+	!pre-LOADed	X(9),R9
+	add	T1,T2,T1
+	add	B,T1,B
+	sll	B,23,T2
+	srl	B,32-23,B		!=
+	or	B,T2,B
+	add	B,C,B
+
+	xor	B,C,T1
+	sethi	%hi(0xd9d4d039),T2	!=
+	xor	T1,D,T1
+	or	T2,%lo(0xd9d4d039),T2
+	add	T1,R9,T1
+	!pre-LOADed	X(12),R12
+	add	T1,T2,T1		!=
+	add	A,T1,A
+	sll	A,4,T2
+	srl	A,32-4,A
+	or	A,T2,A			!=
+	add	A,B,A
+
+	xor	A,B,T1
+	sethi	%hi(0xe6db99e5),T2
+	xor	T1,C,T1			!=
+	or	T2,%lo(0xe6db99e5),T2
+	add	T1,R12,T1
+	LOAD	X(15),RX
+	add	T1,T2,T1		!=
+	add	D,T1,D
+	sll	D,11,T2
+	srl	D,32-11,D
+	or	D,T2,D			!=
+	add	D,A,D
+
+	xor	D,A,T1
+	sethi	%hi(0x1fa27cf8),T2
+	xor	T1,B,T1			!=
+	or	T2,%lo(0x1fa27cf8),T2
+	add	T1,RX,T1
+	!pre-LOADed	X(2),R2
+	add	T1,T2,T1
+	add	C,T1,C			!=
+	sll	C,16,T2
+	srl	C,32-16,C
+	or	C,T2,C
+	add	C,D,C			!=
+
+	xor	C,D,T1
+	sethi	%hi(0xc4ac5665),T2
+	xor	T1,A,T1
+	or	T2,%lo(0xc4ac5665),T2	!=
+	add	T1,R2,T1
+	!pre-LOADed	X(0),R0
+	add	T1,T2,T1
+	add	B,T1,B
+	sll	B,23,T2			!=
+	srl	B,32-23,B
+	or	B,T2,B
+	add	B,C,B
+
+!!!!!!!!Round 3
+
+	orn	B,D,T1			!=
+	sethi	%hi(0xf4292244),T2
+	xor	T1,C,T1
+	or	T2,%lo(0xf4292244),T2
+	add	T1,R0,T1		!=
+	!pre-LOADed	X(7),R7
+	add	T1,T2,T1
+	add	A,T1,A
+	sll	A,6,T2
+	srl	A,32-6,A		!=
+	or	A,T2,A
+	add	A,B,A
+
+	orn	A,C,T1
+	sethi	%hi(0x432aff97),T2	!=
+	xor	T1,B,T1
+	or	T2,%lo(0x432aff97),T2
+	LOAD	X(14),RX
+	add	T1,R7,T1		!=
+	add	T1,T2,T1
+	add	D,T1,D
+	sll	D,10,T2
+	srl	D,32-10,D		!=
+	or	D,T2,D
+	add	D,A,D
+
+	orn	D,B,T1
+	sethi	%hi(0xab9423a7),T2	!=
+	xor	T1,A,T1
+	or	T2,%lo(0xab9423a7),T2
+	add	T1,RX,T1
+	!pre-LOADed	X(5),R5
+	add	T1,T2,T1		!=
+	add	C,T1,C
+	sll	C,15,T2
+	srl	C,32-15,C
+	or	C,T2,C			!=
+	add	C,D,C
+
+	orn	C,A,T1
+	sethi	%hi(0xfc93a039),T2
+	xor	T1,D,T1			!=
+	or	T2,%lo(0xfc93a039),T2
+	add	T1,R5,T1
+	!pre-LOADed	X(12),R12
+	add	T1,T2,T1
+	add	B,T1,B			!=
+	sll	B,21,T2
+	srl	B,32-21,B
+	or	B,T2,B
+	add	B,C,B			!=
+
+	orn	B,D,T1
+	sethi	%hi(0x655b59c3),T2
+	xor	T1,C,T1
+	or	T2,%lo(0x655b59c3),T2	!=
+	add	T1,R12,T1
+	!pre-LOADed	X(3),R3
+	add	T1,T2,T1
+	add	A,T1,A
+	sll	A,6,T2			!=
+	srl	A,32-6,A
+	or	A,T2,A
+	add	A,B,A
+
+	orn	A,C,T1			!=
+	sethi	%hi(0x8f0ccc92),T2
+	xor	T1,B,T1
+	or	T2,%lo(0x8f0ccc92),T2
+	add	T1,R3,T1		!=
+	!pre-LOADed	X(10),R10
+	add	T1,T2,T1
+	add	D,T1,D
+	sll	D,10,T2
+	srl	D,32-10,D		!=
+	or	D,T2,D
+	add	D,A,D
+
+	orn	D,B,T1
+	sethi	%hi(0xffeff47d),T2	!=
+	xor	T1,A,T1
+	or	T2,%lo(0xffeff47d),T2
+	add	T1,R10,T1
+	!pre-LOADed	X(1),R1
+	add	T1,T2,T1		!=
+	add	C,T1,C
+	sll	C,15,T2
+	srl	C,32-15,C
+	or	C,T2,C			!=
+	add	C,D,C
+
+	orn	C,A,T1
+	sethi	%hi(0x85845dd1),T2
+	xor	T1,D,T1			!=
+	or	T2,%lo(0x85845dd1),T2
+	add	T1,R1,T1
+	!pre-LOADed	X(8),R8
+	add	T1,T2,T1
+	add	B,T1,B			!=
+	sll	B,21,T2
+	srl	B,32-21,B
+	or	B,T2,B
+	add	B,C,B			!=
+
+	orn	B,D,T1
+	sethi	%hi(0x6fa87e4f),T2
+	xor	T1,C,T1
+	or	T2,%lo(0x6fa87e4f),T2	!=
+	add	T1,R8,T1
+	LOAD	X(15),RX
+	add	T1,T2,T1
+	add	A,T1,A			!=
+	sll	A,6,T2
+	srl	A,32-6,A
+	or	A,T2,A
+	add	A,B,A			!=
+
+	orn	A,C,T1
+	sethi	%hi(0xfe2ce6e0),T2
+	xor	T1,B,T1
+	or	T2,%lo(0xfe2ce6e0),T2	!=
+	add	T1,RX,T1
+	!pre-LOADed	X(6),R6
+	add	T1,T2,T1
+	add	D,T1,D
+	sll	D,10,T2			!=
+	srl	D,32-10,D
+	or	D,T2,D
+	add	D,A,D
+
+	orn	D,B,T1			!=
+	sethi	%hi(0xa3014314),T2
+	xor	T1,A,T1
+	or	T2,%lo(0xa3014314),T2
+	add	T1,R6,T1		!=
+	!pre-LOADed	X(13),R13
+	add	T1,T2,T1
+	add	C,T1,C
+	sll	C,15,T2
+	srl	C,32-15,C		!=
+	or	C,T2,C
+	add	C,D,C
+
+	orn	C,A,T1
+	sethi	%hi(0x4e0811a1),T2	!=
+	xor	T1,D,T1
+	or	T2,%lo(0x4e0811a1),T2
+	!pre-LOADed	X(4),R4
+	 ld	 [Aptr],Aval
+	add	T1,R13,T1		!=
+	add	T1,T2,T1
+	add	B,T1,B
+	sll	B,21,T2
+	srl	B,32-21,B		!=
+	or	B,T2,B
+	add	B,C,B
+
+	orn	B,D,T1
+	sethi	%hi(0xf7537e82),T2	!=
+	xor	T1,C,T1
+	or	T2,%lo(0xf7537e82),T2
+	!pre-LOADed	X(11),R11
+	 ld	 [Dptr],Dval
+	add	T1,R4,T1		!=
+	add	T1,T2,T1
+	add	A,T1,A
+	sll	A,6,T2
+	srl	A,32-6,A		!=
+	or	A,T2,A
+	add	A,B,A
+
+	orn	A,C,T1
+	sethi	%hi(0xbd3af235),T2	!=
+	xor	T1,B,T1
+	or	T2,%lo(0xbd3af235),T2
+	!pre-LOADed	X(2),R2
+	 ld	 [Cptr],Cval
+	add	T1,R11,T1		!=
+	add	T1,T2,T1
+	add	D,T1,D
+	sll	D,10,T2
+	srl	D,32-10,D		!=
+	or	D,T2,D
+	add	D,A,D
+
+	orn	D,B,T1
+	sethi	%hi(0x2ad7d2bb),T2	!=
+	xor	T1,A,T1
+	or	T2,%lo(0x2ad7d2bb),T2
+	!pre-LOADed	X(9),R9
+	 ld	 [Bptr],Bval
+	add	T1,R2,T1		!=
+	 add	 Aval,A,Aval
+	add	T1,T2,T1
+	 st	 Aval,[Aptr]
+	add	C,T1,C			!=
+	sll	C,15,T2
+	 add	 Dval,D,Dval
+	srl	C,32-15,C
+	or	C,T2,C			!=
+	 st	 Dval,[Dptr]
+	add	C,D,C
+
+	orn	C,A,T1
+	sethi	%hi(0xeb86d391),T2	!=
+	xor	T1,D,T1
+	or	T2,%lo(0xeb86d391),T2
+	add	T1,R9,T1
+	!pre-LOADed	X(0),R0
+	 mov	 Aval,A			!=
+	add	T1,T2,T1
+	 mov	 Dval,D
+	add	B,T1,B
+	sll	B,21,T2			!=
+	 add	 Cval,C,Cval
+	srl	B,32-21,B
+	 st	 Cval,[Cptr]
+	or	B,T2,B			!=
+	add	B,C,B
+
+	deccc	%i2
+	mov	Cval,C
+	add	B,Bval,B		!=
+	inc	64,%i1
+	nop
+	st	B,[Bptr]
+	nop				!=
+
+#ifdef	ULTRASPARC
+	bg,a,pt	%icc,.Lmd5_block_loop
+#else
+	bg,a	.Lmd5_block_loop
+#endif
+	LOAD	X(0),R0
+
+#ifdef ASI_PRIMARY_LITTLE
+	wr	%g0,%o7,%asi
+#endif
+	ret
+	restore	%g0,0,%o0
+
+.type	md5_block,#function
+.size	md5_block,(.-md5_block)
diff --git a/lib/libssl/src/crypto/md5/asm/mx86unix.cpp b/lib/libssl/src/crypto/md5/asm/mx86unix.cpp
deleted file mode 100644
index 5d399122b61..00000000000
--- a/lib/libssl/src/crypto/md5/asm/mx86unix.cpp
+++ /dev/null
@@ -1,730 +0,0 @@
-/* Run the C pre-processor over this file with one of the following defined
- * ELF - elf object files,
- * OUT - a.out object files,
- * BSDI - BSDI style a.out object files
- * SOL - Solaris style elf
- */
-
-#define TYPE(a,b)       .type   a,b
-#define SIZE(a,b)       .size   a,b
-
-#if defined(OUT) || defined(BSDI)
-#define md5_block_x86 _md5_block_x86
-
-#endif
-
-#ifdef OUT
-#define OK	1
-#define ALIGN	4
-#endif
-
-#ifdef BSDI
-#define OK              1
-#define ALIGN           4
-#undef SIZE
-#undef TYPE
-#define SIZE(a,b)
-#define TYPE(a,b)
-#endif
-
-#if defined(ELF) || defined(SOL)
-#define OK              1
-#define ALIGN           16
-#endif
-
-#ifndef OK
-You need to define one of
-ELF - elf systems - linux-elf, NetBSD and DG-UX
-OUT - a.out systems - linux-a.out and FreeBSD
-SOL - solaris systems, which are elf with strange comment lines
-BSDI - a.out with a very primative version of as.
-#endif
-
-/* Let the Assembler begin :-) */
-	/* Don't even think of reading this code */
-	/* It was automatically generated by md5-586.pl */
-	/* Which is a perl program used to generate the x86 assember for */
-	/* any of elf, a.out, BSDI,Win32, or Solaris */
-	/* eric <eay@cryptsoft.com> */
-
-	.file	"md5-586.s"
-	.version	"01.01"
-gcc2_compiled.:
-.text
-	.align ALIGN
-.globl md5_block_x86
-	TYPE(md5_block_x86,@function)
-md5_block_x86:
-	pushl	%esi
-	pushl	%edi
-	movl	12(%esp),	%edi
-	movl	16(%esp),	%esi
-	movl	20(%esp),	%ecx
-	pushl	%ebp
-	pushl	%ebx
-	addl	%esi,		%ecx
-	subl	$64,		%ecx
-	movl	(%edi),		%eax
-	pushl	%ecx
-	movl	4(%edi),	%ebx
-	movl	8(%edi),	%ecx
-	movl	12(%edi),	%edx
-.L000start:
-
-	/* R0 section */
-	movl	%ecx,		%edi
-	movl	(%esi),		%ebp
-	/* R0 0 */
-	xorl	%edx,		%edi
-	andl	%ebx,		%edi
-	leal	3614090360(%eax,%ebp,1),%eax
-	movl	4(%esi),	%ebp
-	xorl	%edx,		%edi
-	addl	%edi,		%eax
-	movl	%ebx,		%edi
-	roll	$7,		%eax
-	addl	%ebx,		%eax
-	/* R0 1 */
-	xorl	%ecx,		%edi
-	andl	%eax,		%edi
-	leal	3905402710(%edx,%ebp,1),%edx
-	movl	8(%esi),	%ebp
-	xorl	%ecx,		%edi
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	roll	$12,		%edx
-	addl	%eax,		%edx
-	/* R0 2 */
-	xorl	%ebx,		%edi
-	andl	%edx,		%edi
-	leal	606105819(%ecx,%ebp,1),%ecx
-	movl	12(%esi),	%ebp
-	xorl	%ebx,		%edi
-	addl	%edi,		%ecx
-	movl	%edx,		%edi
-	roll	$17,		%ecx
-	addl	%edx,		%ecx
-	/* R0 3 */
-	xorl	%eax,		%edi
-	andl	%ecx,		%edi
-	leal	3250441966(%ebx,%ebp,1),%ebx
-	movl	16(%esi),	%ebp
-	xorl	%eax,		%edi
-	addl	%edi,		%ebx
-	movl	%ecx,		%edi
-	roll	$22,		%ebx
-	addl	%ecx,		%ebx
-	/* R0 4 */
-	xorl	%edx,		%edi
-	andl	%ebx,		%edi
-	leal	4118548399(%eax,%ebp,1),%eax
-	movl	20(%esi),	%ebp
-	xorl	%edx,		%edi
-	addl	%edi,		%eax
-	movl	%ebx,		%edi
-	roll	$7,		%eax
-	addl	%ebx,		%eax
-	/* R0 5 */
-	xorl	%ecx,		%edi
-	andl	%eax,		%edi
-	leal	1200080426(%edx,%ebp,1),%edx
-	movl	24(%esi),	%ebp
-	xorl	%ecx,		%edi
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	roll	$12,		%edx
-	addl	%eax,		%edx
-	/* R0 6 */
-	xorl	%ebx,		%edi
-	andl	%edx,		%edi
-	leal	2821735955(%ecx,%ebp,1),%ecx
-	movl	28(%esi),	%ebp
-	xorl	%ebx,		%edi
-	addl	%edi,		%ecx
-	movl	%edx,		%edi
-	roll	$17,		%ecx
-	addl	%edx,		%ecx
-	/* R0 7 */
-	xorl	%eax,		%edi
-	andl	%ecx,		%edi
-	leal	4249261313(%ebx,%ebp,1),%ebx
-	movl	32(%esi),	%ebp
-	xorl	%eax,		%edi
-	addl	%edi,		%ebx
-	movl	%ecx,		%edi
-	roll	$22,		%ebx
-	addl	%ecx,		%ebx
-	/* R0 8 */
-	xorl	%edx,		%edi
-	andl	%ebx,		%edi
-	leal	1770035416(%eax,%ebp,1),%eax
-	movl	36(%esi),	%ebp
-	xorl	%edx,		%edi
-	addl	%edi,		%eax
-	movl	%ebx,		%edi
-	roll	$7,		%eax
-	addl	%ebx,		%eax
-	/* R0 9 */
-	xorl	%ecx,		%edi
-	andl	%eax,		%edi
-	leal	2336552879(%edx,%ebp,1),%edx
-	movl	40(%esi),	%ebp
-	xorl	%ecx,		%edi
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	roll	$12,		%edx
-	addl	%eax,		%edx
-	/* R0 10 */
-	xorl	%ebx,		%edi
-	andl	%edx,		%edi
-	leal	4294925233(%ecx,%ebp,1),%ecx
-	movl	44(%esi),	%ebp
-	xorl	%ebx,		%edi
-	addl	%edi,		%ecx
-	movl	%edx,		%edi
-	roll	$17,		%ecx
-	addl	%edx,		%ecx
-	/* R0 11 */
-	xorl	%eax,		%edi
-	andl	%ecx,		%edi
-	leal	2304563134(%ebx,%ebp,1),%ebx
-	movl	48(%esi),	%ebp
-	xorl	%eax,		%edi
-	addl	%edi,		%ebx
-	movl	%ecx,		%edi
-	roll	$22,		%ebx
-	addl	%ecx,		%ebx
-	/* R0 12 */
-	xorl	%edx,		%edi
-	andl	%ebx,		%edi
-	leal	1804603682(%eax,%ebp,1),%eax
-	movl	52(%esi),	%ebp
-	xorl	%edx,		%edi
-	addl	%edi,		%eax
-	movl	%ebx,		%edi
-	roll	$7,		%eax
-	addl	%ebx,		%eax
-	/* R0 13 */
-	xorl	%ecx,		%edi
-	andl	%eax,		%edi
-	leal	4254626195(%edx,%ebp,1),%edx
-	movl	56(%esi),	%ebp
-	xorl	%ecx,		%edi
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	roll	$12,		%edx
-	addl	%eax,		%edx
-	/* R0 14 */
-	xorl	%ebx,		%edi
-	andl	%edx,		%edi
-	leal	2792965006(%ecx,%ebp,1),%ecx
-	movl	60(%esi),	%ebp
-	xorl	%ebx,		%edi
-	addl	%edi,		%ecx
-	movl	%edx,		%edi
-	roll	$17,		%ecx
-	addl	%edx,		%ecx
-	/* R0 15 */
-	xorl	%eax,		%edi
-	andl	%ecx,		%edi
-	leal	1236535329(%ebx,%ebp,1),%ebx
-	movl	4(%esi),	%ebp
-	xorl	%eax,		%edi
-	addl	%edi,		%ebx
-	movl	%ecx,		%edi
-	roll	$22,		%ebx
-	addl	%ecx,		%ebx
-
-	/* R1 section */
-	/* R1 16 */
-	leal	4129170786(%eax,%ebp,1),%eax
-	xorl	%ebx,		%edi
-	andl	%edx,		%edi
-	movl	24(%esi),	%ebp
-	xorl	%ecx,		%edi
-	addl	%edi,		%eax
-	movl	%ebx,		%edi
-	roll	$5,		%eax
-	addl	%ebx,		%eax
-	/* R1 17 */
-	leal	3225465664(%edx,%ebp,1),%edx
-	xorl	%eax,		%edi
-	andl	%ecx,		%edi
-	movl	44(%esi),	%ebp
-	xorl	%ebx,		%edi
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	roll	$9,		%edx
-	addl	%eax,		%edx
-	/* R1 18 */
-	leal	643717713(%ecx,%ebp,1),%ecx
-	xorl	%edx,		%edi
-	andl	%ebx,		%edi
-	movl	(%esi),		%ebp
-	xorl	%eax,		%edi
-	addl	%edi,		%ecx
-	movl	%edx,		%edi
-	roll	$14,		%ecx
-	addl	%edx,		%ecx
-	/* R1 19 */
-	leal	3921069994(%ebx,%ebp,1),%ebx
-	xorl	%ecx,		%edi
-	andl	%eax,		%edi
-	movl	20(%esi),	%ebp
-	xorl	%edx,		%edi
-	addl	%edi,		%ebx
-	movl	%ecx,		%edi
-	roll	$20,		%ebx
-	addl	%ecx,		%ebx
-	/* R1 20 */
-	leal	3593408605(%eax,%ebp,1),%eax
-	xorl	%ebx,		%edi
-	andl	%edx,		%edi
-	movl	40(%esi),	%ebp
-	xorl	%ecx,		%edi
-	addl	%edi,		%eax
-	movl	%ebx,		%edi
-	roll	$5,		%eax
-	addl	%ebx,		%eax
-	/* R1 21 */
-	leal	38016083(%edx,%ebp,1),%edx
-	xorl	%eax,		%edi
-	andl	%ecx,		%edi
-	movl	60(%esi),	%ebp
-	xorl	%ebx,		%edi
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	roll	$9,		%edx
-	addl	%eax,		%edx
-	/* R1 22 */
-	leal	3634488961(%ecx,%ebp,1),%ecx
-	xorl	%edx,		%edi
-	andl	%ebx,		%edi
-	movl	16(%esi),	%ebp
-	xorl	%eax,		%edi
-	addl	%edi,		%ecx
-	movl	%edx,		%edi
-	roll	$14,		%ecx
-	addl	%edx,		%ecx
-	/* R1 23 */
-	leal	3889429448(%ebx,%ebp,1),%ebx
-	xorl	%ecx,		%edi
-	andl	%eax,		%edi
-	movl	36(%esi),	%ebp
-	xorl	%edx,		%edi
-	addl	%edi,		%ebx
-	movl	%ecx,		%edi
-	roll	$20,		%ebx
-	addl	%ecx,		%ebx
-	/* R1 24 */
-	leal	568446438(%eax,%ebp,1),%eax
-	xorl	%ebx,		%edi
-	andl	%edx,		%edi
-	movl	56(%esi),	%ebp
-	xorl	%ecx,		%edi
-	addl	%edi,		%eax
-	movl	%ebx,		%edi
-	roll	$5,		%eax
-	addl	%ebx,		%eax
-	/* R1 25 */
-	leal	3275163606(%edx,%ebp,1),%edx
-	xorl	%eax,		%edi
-	andl	%ecx,		%edi
-	movl	12(%esi),	%ebp
-	xorl	%ebx,		%edi
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	roll	$9,		%edx
-	addl	%eax,		%edx
-	/* R1 26 */
-	leal	4107603335(%ecx,%ebp,1),%ecx
-	xorl	%edx,		%edi
-	andl	%ebx,		%edi
-	movl	32(%esi),	%ebp
-	xorl	%eax,		%edi
-	addl	%edi,		%ecx
-	movl	%edx,		%edi
-	roll	$14,		%ecx
-	addl	%edx,		%ecx
-	/* R1 27 */
-	leal	1163531501(%ebx,%ebp,1),%ebx
-	xorl	%ecx,		%edi
-	andl	%eax,		%edi
-	movl	52(%esi),	%ebp
-	xorl	%edx,		%edi
-	addl	%edi,		%ebx
-	movl	%ecx,		%edi
-	roll	$20,		%ebx
-	addl	%ecx,		%ebx
-	/* R1 28 */
-	leal	2850285829(%eax,%ebp,1),%eax
-	xorl	%ebx,		%edi
-	andl	%edx,		%edi
-	movl	8(%esi),	%ebp
-	xorl	%ecx,		%edi
-	addl	%edi,		%eax
-	movl	%ebx,		%edi
-	roll	$5,		%eax
-	addl	%ebx,		%eax
-	/* R1 29 */
-	leal	4243563512(%edx,%ebp,1),%edx
-	xorl	%eax,		%edi
-	andl	%ecx,		%edi
-	movl	28(%esi),	%ebp
-	xorl	%ebx,		%edi
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	roll	$9,		%edx
-	addl	%eax,		%edx
-	/* R1 30 */
-	leal	1735328473(%ecx,%ebp,1),%ecx
-	xorl	%edx,		%edi
-	andl	%ebx,		%edi
-	movl	48(%esi),	%ebp
-	xorl	%eax,		%edi
-	addl	%edi,		%ecx
-	movl	%edx,		%edi
-	roll	$14,		%ecx
-	addl	%edx,		%ecx
-	/* R1 31 */
-	leal	2368359562(%ebx,%ebp,1),%ebx
-	xorl	%ecx,		%edi
-	andl	%eax,		%edi
-	movl	20(%esi),	%ebp
-	xorl	%edx,		%edi
-	addl	%edi,		%ebx
-	movl	%ecx,		%edi
-	roll	$20,		%ebx
-	addl	%ecx,		%ebx
-
-	/* R2 section */
-	/* R2 32 */
-	xorl	%edx,		%edi
-	xorl	%ebx,		%edi
-	leal	4294588738(%eax,%ebp,1),%eax
-	addl	%edi,		%eax
-	movl	32(%esi),	%ebp
-	roll	$4,		%eax
-	movl	%ebx,		%edi
-	/* R2 33 */
-	leal	2272392833(%edx,%ebp,1),%edx
-	addl	%ebx,		%eax
-	xorl	%ecx,		%edi
-	xorl	%eax,		%edi
-	movl	44(%esi),	%ebp
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	roll	$11,		%edx
-	addl	%eax,		%edx
-	/* R2 34 */
-	xorl	%ebx,		%edi
-	xorl	%edx,		%edi
-	leal	1839030562(%ecx,%ebp,1),%ecx
-	addl	%edi,		%ecx
-	movl	56(%esi),	%ebp
-	roll	$16,		%ecx
-	movl	%edx,		%edi
-	/* R2 35 */
-	leal	4259657740(%ebx,%ebp,1),%ebx
-	addl	%edx,		%ecx
-	xorl	%eax,		%edi
-	xorl	%ecx,		%edi
-	movl	4(%esi),	%ebp
-	addl	%edi,		%ebx
-	movl	%ecx,		%edi
-	roll	$23,		%ebx
-	addl	%ecx,		%ebx
-	/* R2 36 */
-	xorl	%edx,		%edi
-	xorl	%ebx,		%edi
-	leal	2763975236(%eax,%ebp,1),%eax
-	addl	%edi,		%eax
-	movl	16(%esi),	%ebp
-	roll	$4,		%eax
-	movl	%ebx,		%edi
-	/* R2 37 */
-	leal	1272893353(%edx,%ebp,1),%edx
-	addl	%ebx,		%eax
-	xorl	%ecx,		%edi
-	xorl	%eax,		%edi
-	movl	28(%esi),	%ebp
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	roll	$11,		%edx
-	addl	%eax,		%edx
-	/* R2 38 */
-	xorl	%ebx,		%edi
-	xorl	%edx,		%edi
-	leal	4139469664(%ecx,%ebp,1),%ecx
-	addl	%edi,		%ecx
-	movl	40(%esi),	%ebp
-	roll	$16,		%ecx
-	movl	%edx,		%edi
-	/* R2 39 */
-	leal	3200236656(%ebx,%ebp,1),%ebx
-	addl	%edx,		%ecx
-	xorl	%eax,		%edi
-	xorl	%ecx,		%edi
-	movl	52(%esi),	%ebp
-	addl	%edi,		%ebx
-	movl	%ecx,		%edi
-	roll	$23,		%ebx
-	addl	%ecx,		%ebx
-	/* R2 40 */
-	xorl	%edx,		%edi
-	xorl	%ebx,		%edi
-	leal	681279174(%eax,%ebp,1),%eax
-	addl	%edi,		%eax
-	movl	(%esi),		%ebp
-	roll	$4,		%eax
-	movl	%ebx,		%edi
-	/* R2 41 */
-	leal	3936430074(%edx,%ebp,1),%edx
-	addl	%ebx,		%eax
-	xorl	%ecx,		%edi
-	xorl	%eax,		%edi
-	movl	12(%esi),	%ebp
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	roll	$11,		%edx
-	addl	%eax,		%edx
-	/* R2 42 */
-	xorl	%ebx,		%edi
-	xorl	%edx,		%edi
-	leal	3572445317(%ecx,%ebp,1),%ecx
-	addl	%edi,		%ecx
-	movl	24(%esi),	%ebp
-	roll	$16,		%ecx
-	movl	%edx,		%edi
-	/* R2 43 */
-	leal	76029189(%ebx,%ebp,1),%ebx
-	addl	%edx,		%ecx
-	xorl	%eax,		%edi
-	xorl	%ecx,		%edi
-	movl	36(%esi),	%ebp
-	addl	%edi,		%ebx
-	movl	%ecx,		%edi
-	roll	$23,		%ebx
-	addl	%ecx,		%ebx
-	/* R2 44 */
-	xorl	%edx,		%edi
-	xorl	%ebx,		%edi
-	leal	3654602809(%eax,%ebp,1),%eax
-	addl	%edi,		%eax
-	movl	48(%esi),	%ebp
-	roll	$4,		%eax
-	movl	%ebx,		%edi
-	/* R2 45 */
-	leal	3873151461(%edx,%ebp,1),%edx
-	addl	%ebx,		%eax
-	xorl	%ecx,		%edi
-	xorl	%eax,		%edi
-	movl	60(%esi),	%ebp
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	roll	$11,		%edx
-	addl	%eax,		%edx
-	/* R2 46 */
-	xorl	%ebx,		%edi
-	xorl	%edx,		%edi
-	leal	530742520(%ecx,%ebp,1),%ecx
-	addl	%edi,		%ecx
-	movl	8(%esi),	%ebp
-	roll	$16,		%ecx
-	movl	%edx,		%edi
-	/* R2 47 */
-	leal	3299628645(%ebx,%ebp,1),%ebx
-	addl	%edx,		%ecx
-	xorl	%eax,		%edi
-	xorl	%ecx,		%edi
-	movl	(%esi),		%ebp
-	addl	%edi,		%ebx
-	movl	$-1,		%edi
-	roll	$23,		%ebx
-	addl	%ecx,		%ebx
-
-	/* R3 section */
-	/* R3 48 */
-	xorl	%edx,		%edi
-	orl	%ebx,		%edi
-	leal	4096336452(%eax,%ebp,1),%eax
-	xorl	%ecx,		%edi
-	movl	28(%esi),	%ebp
-	addl	%edi,		%eax
-	movl	$-1,		%edi
-	roll	$6,		%eax
-	xorl	%ecx,		%edi
-	addl	%ebx,		%eax
-	/* R3 49 */
-	orl	%eax,		%edi
-	leal	1126891415(%edx,%ebp,1),%edx
-	xorl	%ebx,		%edi
-	movl	56(%esi),	%ebp
-	addl	%edi,		%edx
-	movl	$-1,		%edi
-	roll	$10,		%edx
-	xorl	%ebx,		%edi
-	addl	%eax,		%edx
-	/* R3 50 */
-	orl	%edx,		%edi
-	leal	2878612391(%ecx,%ebp,1),%ecx
-	xorl	%eax,		%edi
-	movl	20(%esi),	%ebp
-	addl	%edi,		%ecx
-	movl	$-1,		%edi
-	roll	$15,		%ecx
-	xorl	%eax,		%edi
-	addl	%edx,		%ecx
-	/* R3 51 */
-	orl	%ecx,		%edi
-	leal	4237533241(%ebx,%ebp,1),%ebx
-	xorl	%edx,		%edi
-	movl	48(%esi),	%ebp
-	addl	%edi,		%ebx
-	movl	$-1,		%edi
-	roll	$21,		%ebx
-	xorl	%edx,		%edi
-	addl	%ecx,		%ebx
-	/* R3 52 */
-	orl	%ebx,		%edi
-	leal	1700485571(%eax,%ebp,1),%eax
-	xorl	%ecx,		%edi
-	movl	12(%esi),	%ebp
-	addl	%edi,		%eax
-	movl	$-1,		%edi
-	roll	$6,		%eax
-	xorl	%ecx,		%edi
-	addl	%ebx,		%eax
-	/* R3 53 */
-	orl	%eax,		%edi
-	leal	2399980690(%edx,%ebp,1),%edx
-	xorl	%ebx,		%edi
-	movl	40(%esi),	%ebp
-	addl	%edi,		%edx
-	movl	$-1,		%edi
-	roll	$10,		%edx
-	xorl	%ebx,		%edi
-	addl	%eax,		%edx
-	/* R3 54 */
-	orl	%edx,		%edi
-	leal	4293915773(%ecx,%ebp,1),%ecx
-	xorl	%eax,		%edi
-	movl	4(%esi),	%ebp
-	addl	%edi,		%ecx
-	movl	$-1,		%edi
-	roll	$15,		%ecx
-	xorl	%eax,		%edi
-	addl	%edx,		%ecx
-	/* R3 55 */
-	orl	%ecx,		%edi
-	leal	2240044497(%ebx,%ebp,1),%ebx
-	xorl	%edx,		%edi
-	movl	32(%esi),	%ebp
-	addl	%edi,		%ebx
-	movl	$-1,		%edi
-	roll	$21,		%ebx
-	xorl	%edx,		%edi
-	addl	%ecx,		%ebx
-	/* R3 56 */
-	orl	%ebx,		%edi
-	leal	1873313359(%eax,%ebp,1),%eax
-	xorl	%ecx,		%edi
-	movl	60(%esi),	%ebp
-	addl	%edi,		%eax
-	movl	$-1,		%edi
-	roll	$6,		%eax
-	xorl	%ecx,		%edi
-	addl	%ebx,		%eax
-	/* R3 57 */
-	orl	%eax,		%edi
-	leal	4264355552(%edx,%ebp,1),%edx
-	xorl	%ebx,		%edi
-	movl	24(%esi),	%ebp
-	addl	%edi,		%edx
-	movl	$-1,		%edi
-	roll	$10,		%edx
-	xorl	%ebx,		%edi
-	addl	%eax,		%edx
-	/* R3 58 */
-	orl	%edx,		%edi
-	leal	2734768916(%ecx,%ebp,1),%ecx
-	xorl	%eax,		%edi
-	movl	52(%esi),	%ebp
-	addl	%edi,		%ecx
-	movl	$-1,		%edi
-	roll	$15,		%ecx
-	xorl	%eax,		%edi
-	addl	%edx,		%ecx
-	/* R3 59 */
-	orl	%ecx,		%edi
-	leal	1309151649(%ebx,%ebp,1),%ebx
-	xorl	%edx,		%edi
-	movl	16(%esi),	%ebp
-	addl	%edi,		%ebx
-	movl	$-1,		%edi
-	roll	$21,		%ebx
-	xorl	%edx,		%edi
-	addl	%ecx,		%ebx
-	/* R3 60 */
-	orl	%ebx,		%edi
-	leal	4149444226(%eax,%ebp,1),%eax
-	xorl	%ecx,		%edi
-	movl	44(%esi),	%ebp
-	addl	%edi,		%eax
-	movl	$-1,		%edi
-	roll	$6,		%eax
-	xorl	%ecx,		%edi
-	addl	%ebx,		%eax
-	/* R3 61 */
-	orl	%eax,		%edi
-	leal	3174756917(%edx,%ebp,1),%edx
-	xorl	%ebx,		%edi
-	movl	8(%esi),	%ebp
-	addl	%edi,		%edx
-	movl	$-1,		%edi
-	roll	$10,		%edx
-	xorl	%ebx,		%edi
-	addl	%eax,		%edx
-	/* R3 62 */
-	orl	%edx,		%edi
-	leal	718787259(%ecx,%ebp,1),%ecx
-	xorl	%eax,		%edi
-	movl	36(%esi),	%ebp
-	addl	%edi,		%ecx
-	movl	$-1,		%edi
-	roll	$15,		%ecx
-	xorl	%eax,		%edi
-	addl	%edx,		%ecx
-	/* R3 63 */
-	orl	%ecx,		%edi
-	leal	3951481745(%ebx,%ebp,1),%ebx
-	xorl	%edx,		%edi
-	movl	24(%esp),	%ebp
-	addl	%edi,		%ebx
-	addl	$64,		%esi
-	roll	$21,		%ebx
-	movl	(%ebp),		%edi
-	addl	%ecx,		%ebx
-	addl	%edi,		%eax
-	movl	4(%ebp),	%edi
-	addl	%edi,		%ebx
-	movl	8(%ebp),	%edi
-	addl	%edi,		%ecx
-	movl	12(%ebp),	%edi
-	addl	%edi,		%edx
-	movl	%eax,		(%ebp)
-	movl	%ebx,		4(%ebp)
-	movl	(%esp),		%edi
-	movl	%ecx,		8(%ebp)
-	movl	%edx,		12(%ebp)
-	cmpl	%esi,		%edi
-	jge	.L000start
-	popl	%eax
-	popl	%ebx
-	popl	%ebp
-	popl	%edi
-	popl	%esi
-	ret
-.md5_block_x86_end:
-	SIZE(md5_block_x86,.md5_block_x86_end-md5_block_x86)
-.ident	"desasm.pl"
diff --git a/lib/libssl/src/crypto/md5/md5.c b/lib/libssl/src/crypto/md5/md5.c
index 9d6f5a6003d..7ed0024ae19 100644
--- a/lib/libssl/src/crypto/md5/md5.c
+++ b/lib/libssl/src/crypto/md5/md5.c
@@ -58,23 +58,17 @@
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "md5.h"
+#include <openssl/md5.h>
 
 #define BUFSIZE	1024*16
 
-#ifndef NOPROTO
 void do_fp(FILE *f);
 void pt(unsigned char *md);
+#ifndef _OSD_POSIX
 int read(int, void *, unsigned int);
-#else
-void do_fp();
-void pt();
-int read();
 #endif
 
-int main(argc, argv)
-int argc;
-char **argv;
+int main(int argc, char **argv)
 	{
 	int i,err=0;
 	FILE *IN;
@@ -102,8 +96,7 @@ char **argv;
 	exit(err);
 	}
 
-void do_fp(f)
-FILE *f;
+void do_fp(FILE *f)
 	{
 	MD5_CTX c;
 	unsigned char md[MD5_DIGEST_LENGTH];
@@ -123,8 +116,7 @@ FILE *f;
 	pt(md);
 	}
 
-void pt(md)
-unsigned char *md;
+void pt(unsigned char *md)
 	{
 	int i;
 
diff --git a/lib/libssl/src/crypto/md5/md5.h b/lib/libssl/src/crypto/md5/md5.h
index 357c6c625de..bdab6d45e86 100644
--- a/lib/libssl/src/crypto/md5/md5.h
+++ b/lib/libssl/src/crypto/md5/md5.h
@@ -63,35 +63,50 @@
 extern "C" {
 #endif
 
+#ifdef NO_MD5
+#error MD5 is disabled.
+#endif
+
+/*
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! MD5_LONG has to be at least 32 bits wide. If it's wider, then !
+ * ! MD5_LONG_LOG2 has to be defined along.			   !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+
+#if defined(WIN16) || defined(__LP32__)
+#define MD5_LONG unsigned long
+#elif defined(_CRAY) || defined(__ILP64__)
+#define MD5_LONG unsigned long
+#define MD5_LONG_LOG2 3
+/*
+ * _CRAY note. I could declare short, but I have no idea what impact
+ * does it have on performance on none-T3E machines. I could declare
+ * int, but at least on C90 sizeof(int) can be chosen at compile time.
+ * So I've chosen long...
+ *					<appro@fy.chalmers.se>
+ */
+#else
+#define MD5_LONG unsigned int
+#endif
+
 #define MD5_CBLOCK	64
-#define MD5_LBLOCK	16
-#define MD5_BLOCK	16
-#define MD5_LAST_BLOCK  56
-#define MD5_LENGTH_BLOCK 8
+#define MD5_LBLOCK	(MD5_CBLOCK/4)
 #define MD5_DIGEST_LENGTH 16
 
 typedef struct MD5state_st
 	{
-	unsigned long A,B,C,D;
-	unsigned long Nl,Nh;
-	unsigned long data[MD5_LBLOCK];
+	MD5_LONG A,B,C,D;
+	MD5_LONG Nl,Nh;
+	MD5_LONG data[MD5_LBLOCK];
 	int num;
 	} MD5_CTX;
 
-#ifndef NOPROTO
 void MD5_Init(MD5_CTX *c);
-void MD5_Update(MD5_CTX *c, unsigned char *data, unsigned long len);
+void MD5_Update(MD5_CTX *c, const unsigned char *data, unsigned long len);
 void MD5_Final(unsigned char *md, MD5_CTX *c);
 unsigned char *MD5(unsigned char *d, unsigned long n, unsigned char *md);
-void MD5_Transform(MD5_CTX *c, unsigned char *b);
-#else
-void MD5_Init();
-void MD5_Update();
-void MD5_Final();
-unsigned char *MD5();
-void MD5_Transform();
-#endif
-
+void MD5_Transform(MD5_CTX *c, const unsigned char *b);
 #ifdef  __cplusplus
 }
 #endif
diff --git a/lib/libssl/src/crypto/md5/md5_dgst.c b/lib/libssl/src/crypto/md5/md5_dgst.c
index 43b3498d92c..ba0115ae793 100644
--- a/lib/libssl/src/crypto/md5/md5_dgst.c
+++ b/lib/libssl/src/crypto/md5/md5_dgst.c
@@ -58,8 +58,9 @@
 
 #include <stdio.h>
 #include "md5_locl.h"
+#include <openssl/opensslv.h>
 
-char *MD5_version="MD5 part of SSLeay 0.9.0b 29-Jun-1998";
+char *MD5_version="MD5" OPENSSL_VERSION_PTEXT;
 
 /* Implemented from RFC1321 The MD5 Message-Digest Algorithm
  */
@@ -69,24 +70,7 @@ char *MD5_version="MD5 part of SSLeay 0.9.0b 29-Jun-1998";
 #define INIT_DATA_C (unsigned long)0x98badcfeL
 #define INIT_DATA_D (unsigned long)0x10325476L
 
-#ifndef NOPROTO
-#  ifdef MD5_ASM
-     void md5_block_x86(MD5_CTX *c, unsigned long *p,int num);
-#    define md5_block md5_block_x86
-#  else
-     static void md5_block(MD5_CTX *c, unsigned long *p,int num);
-#  endif
-#else
-#  ifdef MD5_ASM
-     void md5_block_x86();
-#    define md5_block md5_block_x86
-#  else
-     static void md5_block();
-#  endif
-#endif
-
-void MD5_Init(c)
-MD5_CTX *c;
+void MD5_Init(MD5_CTX *c)
 	{
 	c->A=INIT_DATA_A;
 	c->B=INIT_DATA_B;
@@ -97,190 +81,32 @@ MD5_CTX *c;
 	c->num=0;
 	}
 
-void MD5_Update(c, data, len)
-MD5_CTX *c;
-register unsigned char *data;
-unsigned long len;
-	{
-	register ULONG *p;
-	int sw,sc;
-	ULONG l;
-
-	if (len == 0) return;
-
-	l=(c->Nl+(len<<3))&0xffffffffL;
-	/* 95-05-24 eay Fixed a bug with the overflow handling, thanks to
-	 * Wei Dai <weidai@eskimo.com> for pointing it out. */
-	if (l < c->Nl) /* overflow */
-		c->Nh++;
-	c->Nh+=(len>>29);
-	c->Nl=l;
-
-	if (c->num != 0)
-		{
-		p=c->data;
-		sw=c->num>>2;
-		sc=c->num&0x03;
-
-		if ((c->num+len) >= MD5_CBLOCK)
-			{
-			l= p[sw];
-			p_c2l(data,l,sc);
-			p[sw++]=l;
-			for (; sw<MD5_LBLOCK; sw++)
-				{
-				c2l(data,l);
-				p[sw]=l;
-				}
-			len-=(MD5_CBLOCK-c->num);
-
-			md5_block(c,p,64);
-			c->num=0;
-			/* drop through and do the rest */
-			}
-		else
-			{
-			int ew,ec;
-
-			c->num+=(int)len;
-			if ((sc+len) < 4) /* ugly, add char's to a word */
-				{
-				l= p[sw];
-				p_c2l_p(data,l,sc,len);
-				p[sw]=l;
-				}
-			else
-				{
-				ew=(c->num>>2);
-				ec=(c->num&0x03);
-				l= p[sw];
-				p_c2l(data,l,sc);
-				p[sw++]=l;
-				for (; sw < ew; sw++)
-					{ c2l(data,l); p[sw]=l; }
-				if (ec)
-					{
-					c2l_p(data,l,ec);
-					p[sw]=l;
-					}
-				}
-			return;
-			}
-		}
-	/* we now can process the input data in blocks of MD5_CBLOCK
-	 * chars and save the leftovers to c->data. */
-#ifdef L_ENDIAN
-	if ((((unsigned long)data)%sizeof(ULONG)) == 0)
-		{
-		sw=(int)len/MD5_CBLOCK;
-		if (sw > 0)
-			{
-			sw*=MD5_CBLOCK;
-			md5_block(c,(ULONG *)data,sw);
-			data+=sw;
-			len-=sw;
-			}
-		}
-#endif
-	p=c->data;
-	while (len >= MD5_CBLOCK)
-		{
-#if defined(L_ENDIAN) || defined(B_ENDIAN)
-		if (p != (unsigned long *)data)
-			memcpy(p,data,MD5_CBLOCK);
-		data+=MD5_CBLOCK;
-#ifdef B_ENDIAN
-		for (sw=(MD5_LBLOCK/4); sw; sw--)
-			{
-			Endian_Reverse32(p[0]);
-			Endian_Reverse32(p[1]);
-			Endian_Reverse32(p[2]);
-			Endian_Reverse32(p[3]);
-			p+=4;
-			}
-#endif
-#else
-		for (sw=(MD5_LBLOCK/4); sw; sw--)
-			{
-			c2l(data,l); *(p++)=l;
-			c2l(data,l); *(p++)=l;
-			c2l(data,l); *(p++)=l;
-			c2l(data,l); *(p++)=l; 
-			} 
-#endif
-		p=c->data;
-		md5_block(c,p,64);
-		len-=MD5_CBLOCK;
-		}
-	sc=(int)len;
-	c->num=sc;
-	if (sc)
-		{
-		sw=sc>>2;	/* words to copy */
-#ifdef L_ENDIAN
-		p[sw]=0;
-		memcpy(p,data,sc);
-#else
-		sc&=0x03;
-		for ( ; sw; sw--)
-			{ c2l(data,l); *(p++)=l; }
-		c2l_p(data,l,sc);
-		*p=l;
-#endif
-		}
-	}
-
-void MD5_Transform(c,b)
-MD5_CTX *c;
-unsigned char *b;
+#ifndef md5_block_host_order
+void md5_block_host_order (MD5_CTX *c, const void *data, int num)
 	{
-	ULONG p[16];
-#if !defined(L_ENDIAN)
-	ULONG *q;
-	int i;
-#endif
-
-#if defined(B_ENDIAN) || defined(L_ENDIAN)
-	memcpy(p,b,64);
-#ifdef B_ENDIAN
-	q=p;
-	for (i=(MD5_LBLOCK/4); i; i--)
-		{
-		Endian_Reverse32(q[0]);
-		Endian_Reverse32(q[1]);
-		Endian_Reverse32(q[2]);
-		Endian_Reverse32(q[3]);
-		q+=4;
-		}
-#endif
-#else
-	q=p;
-	for (i=(MD5_LBLOCK/4); i; i--)
-		{
-		ULONG l;
-		c2l(b,l); *(q++)=l;
-		c2l(b,l); *(q++)=l;
-		c2l(b,l); *(q++)=l;
-		c2l(b,l); *(q++)=l; 
-		} 
-#endif
-	md5_block(c,p,64);
-	}
-
-#ifndef MD5_ASM
-
-static void md5_block(c, X, num)
-MD5_CTX *c;
-register ULONG *X;
-int num;
-	{
-	register ULONG A,B,C,D;
+	const MD5_LONG *X=data;
+	register unsigned long A,B,C,D;
+	/*
+	 * In case you wonder why A-D are declared as long and not
+	 * as MD5_LONG. Doing so results in slight performance
+	 * boost on LP64 architectures. The catch is we don't
+	 * really care if 32 MSBs of a 64-bit register get polluted
+	 * with eventual overflows as we *save* only 32 LSBs in
+	 * *either* case. Now declaring 'em long excuses the compiler
+	 * from keeping 32 MSBs zeroed resulting in 13% performance
+	 * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
+	 * Well, to be honest it should say that this *prevents* 
+	 * performance degradation.
+	 *
+	 *				<appro@fy.chalmers.se>
+	 */
 
 	A=c->A;
 	B=c->B;
 	C=c->C;
 	D=c->D;
-	for (;;)
+
+	for (;num--;X+=HASH_LBLOCK)
 		{
 	/* Round 0 */
 	R0(A,B,C,D,X[ 0], 7,0xd76aa478L);
@@ -351,80 +177,131 @@ int num;
 	R3(C,D,A,B,X[ 2],15,0x2ad7d2bbL);
 	R3(B,C,D,A,X[ 9],21,0xeb86d391L);
 
-	A+=c->A&0xffffffffL;
-	B+=c->B&0xffffffffL;
-	c->A=A;
-	c->B=B;
-	C+=c->C&0xffffffffL;
-	D+=c->D&0xffffffffL;
-	c->C=C;
-	c->D=D;
-	X+=16;
-	num-=64;
-	if (num <= 0) break;
+	A = c->A += A;
+	B = c->B += B;
+	C = c->C += C;
+	D = c->D += D;
 		}
 	}
 #endif
 
-void MD5_Final(md, c)
-unsigned char *md;
-MD5_CTX *c;
+#ifndef md5_block_data_order
+void md5_block_data_order (MD5_CTX *c, const void *data_, int num)
 	{
-	register int i,j;
-	register ULONG l;
-	register ULONG *p;
-	static unsigned char end[4]={0x80,0x00,0x00,0x00};
-	unsigned char *cp=end;
+	const unsigned char *data=data_;
+	register unsigned long A,B,C,D,l;
+	/*
+	 * In case you wonder why A-D are declared as long and not
+	 * as MD5_LONG. Doing so results in slight performance
+	 * boost on LP64 architectures. The catch is we don't
+	 * really care if 32 MSBs of a 64-bit register get polluted
+	 * with eventual overflows as we *save* only 32 LSBs in
+	 * *either* case. Now declaring 'em long excuses the compiler
+	 * from keeping 32 MSBs zeroed resulting in 13% performance
+	 * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
+	 * Well, to be honest it should say that this *prevents* 
+	 * performance degradation.
+	 *
+	 *				<appro@fy.chalmers.se>
+	 */
+	MD5_LONG X[MD5_LBLOCK];
+	/*
+	 * In case you wonder why don't I use c->data for this.
+	 * RISCs usually have a handful of registers and if X is
+	 * declared as automatic array good optimizing compiler
+	 * shall accomodate at least part of it in register bank
+	 * instead of memory.
+	 *
+	 *				<appro@fy.chalmers.se>
+	 */
 
-	/* c->num should definitly have room for at least one more byte. */
-	p=c->data;
-	j=c->num;
-	i=j>>2;
+	A=c->A;
+	B=c->B;
+	C=c->C;
+	D=c->D;
 
-	/* purify often complains about the following line as an
-	 * Uninitialized Memory Read.  While this can be true, the
-	 * following p_c2l macro will reset l when that case is true.
-	 * This is because j&0x03 contains the number of 'valid' bytes
-	 * already in p[i].  If and only if j&0x03 == 0, the UMR will
-	 * occur but this is also the only time p_c2l will do
-	 * l= *(cp++) instead of l|= *(cp++)
-	 * Many thanks to Alex Tang <altitude@cic.net> for pickup this
-	 * 'potential bug' */
-#ifdef PURIFY
-	if ((j&0x03) == 0) p[i]=0;
-#endif
-	l=p[i];
-	p_c2l(cp,l,j&0x03);
-	p[i]=l;
-	i++;
-	/* i is the next 'undefined word' */
-	if (c->num >= MD5_LAST_BLOCK)
+	for (;num--;)
 		{
-		for (; i<MD5_LBLOCK; i++)
-			p[i]=0;
-		md5_block(c,p,64);
-		i=0;
-		}
-	for (; i<(MD5_LBLOCK-2); i++)
-		p[i]=0;
-	p[MD5_LBLOCK-2]=c->Nl;
-	p[MD5_LBLOCK-1]=c->Nh;
-	md5_block(c,p,64);
-	cp=md;
-	l=c->A; l2c(l,cp);
-	l=c->B; l2c(l,cp);
-	l=c->C; l2c(l,cp);
-	l=c->D; l2c(l,cp);
+	HOST_c2l(data,l); X[ 0]=l;		HOST_c2l(data,l); X[ 1]=l;
+	/* Round 0 */
+	R0(A,B,C,D,X[ 0], 7,0xd76aa478L);	HOST_c2l(data,l); X[ 2]=l;
+	R0(D,A,B,C,X[ 1],12,0xe8c7b756L);	HOST_c2l(data,l); X[ 3]=l;
+	R0(C,D,A,B,X[ 2],17,0x242070dbL);	HOST_c2l(data,l); X[ 4]=l;
+	R0(B,C,D,A,X[ 3],22,0xc1bdceeeL);	HOST_c2l(data,l); X[ 5]=l;
+	R0(A,B,C,D,X[ 4], 7,0xf57c0fafL);	HOST_c2l(data,l); X[ 6]=l;
+	R0(D,A,B,C,X[ 5],12,0x4787c62aL);	HOST_c2l(data,l); X[ 7]=l;
+	R0(C,D,A,B,X[ 6],17,0xa8304613L);	HOST_c2l(data,l); X[ 8]=l;
+	R0(B,C,D,A,X[ 7],22,0xfd469501L);	HOST_c2l(data,l); X[ 9]=l;
+	R0(A,B,C,D,X[ 8], 7,0x698098d8L);	HOST_c2l(data,l); X[10]=l;
+	R0(D,A,B,C,X[ 9],12,0x8b44f7afL);	HOST_c2l(data,l); X[11]=l;
+	R0(C,D,A,B,X[10],17,0xffff5bb1L);	HOST_c2l(data,l); X[12]=l;
+	R0(B,C,D,A,X[11],22,0x895cd7beL);	HOST_c2l(data,l); X[13]=l;
+	R0(A,B,C,D,X[12], 7,0x6b901122L);	HOST_c2l(data,l); X[14]=l;
+	R0(D,A,B,C,X[13],12,0xfd987193L);	HOST_c2l(data,l); X[15]=l;
+	R0(C,D,A,B,X[14],17,0xa679438eL);
+	R0(B,C,D,A,X[15],22,0x49b40821L);
+	/* Round 1 */
+	R1(A,B,C,D,X[ 1], 5,0xf61e2562L);
+	R1(D,A,B,C,X[ 6], 9,0xc040b340L);
+	R1(C,D,A,B,X[11],14,0x265e5a51L);
+	R1(B,C,D,A,X[ 0],20,0xe9b6c7aaL);
+	R1(A,B,C,D,X[ 5], 5,0xd62f105dL);
+	R1(D,A,B,C,X[10], 9,0x02441453L);
+	R1(C,D,A,B,X[15],14,0xd8a1e681L);
+	R1(B,C,D,A,X[ 4],20,0xe7d3fbc8L);
+	R1(A,B,C,D,X[ 9], 5,0x21e1cde6L);
+	R1(D,A,B,C,X[14], 9,0xc33707d6L);
+	R1(C,D,A,B,X[ 3],14,0xf4d50d87L);
+	R1(B,C,D,A,X[ 8],20,0x455a14edL);
+	R1(A,B,C,D,X[13], 5,0xa9e3e905L);
+	R1(D,A,B,C,X[ 2], 9,0xfcefa3f8L);
+	R1(C,D,A,B,X[ 7],14,0x676f02d9L);
+	R1(B,C,D,A,X[12],20,0x8d2a4c8aL);
+	/* Round 2 */
+	R2(A,B,C,D,X[ 5], 4,0xfffa3942L);
+	R2(D,A,B,C,X[ 8],11,0x8771f681L);
+	R2(C,D,A,B,X[11],16,0x6d9d6122L);
+	R2(B,C,D,A,X[14],23,0xfde5380cL);
+	R2(A,B,C,D,X[ 1], 4,0xa4beea44L);
+	R2(D,A,B,C,X[ 4],11,0x4bdecfa9L);
+	R2(C,D,A,B,X[ 7],16,0xf6bb4b60L);
+	R2(B,C,D,A,X[10],23,0xbebfbc70L);
+	R2(A,B,C,D,X[13], 4,0x289b7ec6L);
+	R2(D,A,B,C,X[ 0],11,0xeaa127faL);
+	R2(C,D,A,B,X[ 3],16,0xd4ef3085L);
+	R2(B,C,D,A,X[ 6],23,0x04881d05L);
+	R2(A,B,C,D,X[ 9], 4,0xd9d4d039L);
+	R2(D,A,B,C,X[12],11,0xe6db99e5L);
+	R2(C,D,A,B,X[15],16,0x1fa27cf8L);
+	R2(B,C,D,A,X[ 2],23,0xc4ac5665L);
+	/* Round 3 */
+	R3(A,B,C,D,X[ 0], 6,0xf4292244L);
+	R3(D,A,B,C,X[ 7],10,0x432aff97L);
+	R3(C,D,A,B,X[14],15,0xab9423a7L);
+	R3(B,C,D,A,X[ 5],21,0xfc93a039L);
+	R3(A,B,C,D,X[12], 6,0x655b59c3L);
+	R3(D,A,B,C,X[ 3],10,0x8f0ccc92L);
+	R3(C,D,A,B,X[10],15,0xffeff47dL);
+	R3(B,C,D,A,X[ 1],21,0x85845dd1L);
+	R3(A,B,C,D,X[ 8], 6,0x6fa87e4fL);
+	R3(D,A,B,C,X[15],10,0xfe2ce6e0L);
+	R3(C,D,A,B,X[ 6],15,0xa3014314L);
+	R3(B,C,D,A,X[13],21,0x4e0811a1L);
+	R3(A,B,C,D,X[ 4], 6,0xf7537e82L);
+	R3(D,A,B,C,X[11],10,0xbd3af235L);
+	R3(C,D,A,B,X[ 2],15,0x2ad7d2bbL);
+	R3(B,C,D,A,X[ 9],21,0xeb86d391L);
 
-	/* clear stuff, md5_block may be leaving some stuff on the stack
-	 * but I'm not worried :-) */
-	c->num=0;
-/*	memset((char *)&c,0,sizeof(c));*/
+	A = c->A += A;
+	B = c->B += B;
+	C = c->C += C;
+	D = c->D += D;
+		}
 	}
+#endif
 
 #ifdef undef
-int printit(l)
-unsigned long *l;
+int printit(unsigned long *l)
 	{
 	int i,ii;
 
diff --git a/lib/libssl/src/crypto/md5/md5_locl.h b/lib/libssl/src/crypto/md5/md5_locl.h
index dbbe1b71ca5..9d04696dbde 100644
--- a/lib/libssl/src/crypto/md5/md5_locl.h
+++ b/lib/libssl/src/crypto/md5/md5_locl.h
@@ -56,102 +56,84 @@
  * [including the GNU Public Licence.]
  */
 
-/* On sparc, this actually slows things down :-( */
-#if defined(sun)
-#undef B_ENDIAN
-#endif
-
 #include <stdlib.h>
 #include <string.h>
-#include "md5.h"
-
-#define ULONG	unsigned long
-#define UCHAR	unsigned char
-#define UINT	unsigned int
+#include <openssl/opensslconf.h>
+#include <openssl/md5.h>
 
-#if defined(NOCONST)
-#define const
+#ifndef MD5_LONG_LOG2
+#define MD5_LONG_LOG2 2 /* default to 32 bits */
 #endif
 
-#undef c2l
-#define c2l(c,l)	(l = ((unsigned long)(*((c)++)))     , \
-			 l|=(((unsigned long)(*((c)++)))<< 8), \
-			 l|=(((unsigned long)(*((c)++)))<<16), \
-			 l|=(((unsigned long)(*((c)++)))<<24))
-
-#undef p_c2l
-#define p_c2l(c,l,n)	{ \
-			switch (n) { \
-			case 0: l =((unsigned long)(*((c)++))); \
-			case 1: l|=((unsigned long)(*((c)++)))<< 8; \
-			case 2: l|=((unsigned long)(*((c)++)))<<16; \
-			case 3: l|=((unsigned long)(*((c)++)))<<24; \
-				} \
-			}
-
-/* NOTE the pointer is not incremented at the end of this */
-#undef c2l_p
-#define c2l_p(c,l,n)	{ \
-			l=0; \
-			(c)+=n; \
-			switch (n) { \
-			case 3: l =((unsigned long)(*(--(c))))<<16; \
-			case 2: l|=((unsigned long)(*(--(c))))<< 8; \
-			case 1: l|=((unsigned long)(*(--(c))))    ; \
-				} \
-			}
+#ifdef MD5_ASM
+# if defined(__i386) || defined(_M_IX86)
+#  define md5_block_host_order md5_block_asm_host_order
+# elif defined(__sparc) && defined(ULTRASPARC)
+   void md5_block_asm_data_order_aligned (MD5_CTX *c, const MD5_LONG *p,int num);
+#  define HASH_BLOCK_DATA_ORDER_ALIGNED md5_block_asm_data_order_aligned
+# endif
+#endif
 
-#undef p_c2l_p
-#define p_c2l_p(c,l,sc,len) { \
-			switch (sc) \
-				{ \
-			case 0: l =((unsigned long)(*((c)++))); \
-				if (--len == 0) break; \
-			case 1: l|=((unsigned long)(*((c)++)))<< 8; \
-				if (--len == 0) break; \
-			case 2: l|=((unsigned long)(*((c)++)))<<16; \
-				} \
-			}
+void md5_block_host_order (MD5_CTX *c, const void *p,int num);
+void md5_block_data_order (MD5_CTX *c, const void *p,int num);
 
-#undef l2c
-#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)    )&0xff), \
-			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>24)&0xff))
+#if defined(__i386) || defined(_M_IX86)
+/*
+ * *_block_host_order is expected to handle aligned data while
+ * *_block_data_order - unaligned. As algorithm and host (x86)
+ * are in this case of the same "endianess" these two are
+ * otherwise indistinguishable. But normally you don't want to
+ * call the same function because unaligned access in places
+ * where alignment is expected is usually a "Bad Thing". Indeed,
+ * on RISCs you get punished with BUS ERROR signal or *severe*
+ * performance degradation. Intel CPUs are in turn perfectly
+ * capable of loading unaligned data without such drastic side
+ * effect. Yes, they say it's slower than aligned load, but no
+ * exception is generated and therefore performance degradation
+ * is *incomparable* with RISCs. What we should weight here is
+ * costs of unaligned access against costs of aligning data.
+ * According to my measurements allowing unaligned access results
+ * in ~9% performance improvement on Pentium II operating at
+ * 266MHz. I won't be surprised if the difference will be higher
+ * on faster systems:-)
+ *
+ *				<appro@fy.chalmers.se>
+ */
+#define md5_block_data_order md5_block_host_order
+#endif
 
-/* NOTE - c is not incremented as per l2c */
-#undef l2cn
-#define l2cn(l1,l2,c,n)	{ \
-			c+=n; \
-			switch (n) { \
-			case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
-			case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
-			case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
-			case 5: *(--(c))=(unsigned char)(((l2)    )&0xff); \
-			case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
-			case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
-			case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
-			case 1: *(--(c))=(unsigned char)(((l1)    )&0xff); \
-				} \
-			}
+#define DATA_ORDER_IS_LITTLE_ENDIAN
+
+#define HASH_LONG		MD5_LONG
+#define HASH_LONG_LOG2		MD5_LONG_LOG2
+#define HASH_CTX		MD5_CTX
+#define HASH_CBLOCK		MD5_CBLOCK
+#define HASH_LBLOCK		MD5_LBLOCK
+#define HASH_UPDATE		MD5_Update
+#define HASH_TRANSFORM		MD5_Transform
+#define HASH_FINAL		MD5_Final
+#define HASH_BLOCK_HOST_ORDER	md5_block_host_order
+#if !defined(L_ENDIAN) || defined(md5_block_data_order)
+#define	HASH_BLOCK_DATA_ORDER	md5_block_data_order
+/*
+ * Little-endians (Intel and Alpha) feel better without this.
+ * It looks like memcpy does better job than generic
+ * md5_block_data_order on copying-n-aligning input data.
+ * But franlky speaking I didn't expect such result on Alpha.
+ * On the other hand I've got this with egcs-1.0.2 and if
+ * program is compiled with another (better?) compiler it
+ * might turn out other way around.
+ *
+ *				<appro@fy.chalmers.se>
+ */
+#endif
 
-/* A nice byte order reversal from Wei Dai <weidai@eskimo.com> */
-#if defined(WIN32)
-/* 5 instructions with rotate instruction, else 9 */
-#define Endian_Reverse32(a) \
-	{ \
-	unsigned long l=(a); \
-	(a)=((ROTATE(l,8)&0x00FF00FF)|(ROTATE(l,24)&0xFF00FF00)); \
-	}
+#ifndef FLAT_INC
+#include "../md32_common.h"
 #else
-/* 6 instructions with rotate instruction, else 8 */
-#define Endian_Reverse32(a) \
-	{ \
-	unsigned long l=(a); \
-	l=(((l&0xFF00FF00)>>8L)|((l&0x00FF00FF)<<8L)); \
-	(a)=ROTATE(l,16L); \
-	}
+#include "md32_common.h"
 #endif
+
 /*
 #define	F(x,y,z)	(((x) & (y))  |  ((~(x)) & (z)))
 #define	G(x,y,z)	(((x) & (z))  |  ((y) & (~(z))))
@@ -166,14 +148,6 @@
 #define	H(b,c,d)	((b) ^ (c) ^ (d))
 #define	I(b,c,d)	(((~(d)) | (b)) ^ (c))
 
-#undef ROTATE
-#if defined(WIN32)
-#define ROTATE(a,n)     _lrotl(a,n)
-#else
-#define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
-#endif
-
-
 #define R0(a,b,c,d,k,s,t) { \
 	a+=((k)+(t)+F((b),(c),(d))); \
 	a=ROTATE(a,s); \
diff --git a/lib/libssl/src/crypto/md5/md5_one.c b/lib/libssl/src/crypto/md5/md5_one.c
index ab6bb435f90..4b10e7f9402 100644
--- a/lib/libssl/src/crypto/md5/md5_one.c
+++ b/lib/libssl/src/crypto/md5/md5_one.c
@@ -57,19 +57,37 @@
  */
 
 #include <stdio.h>
-#include "md5_locl.h"
+#include <string.h>
+#include <openssl/md5.h>
 
-unsigned char *MD5(d, n, md)
-unsigned char *d;
-unsigned long n;
-unsigned char *md;
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
+
+unsigned char *MD5(unsigned char *d, unsigned long n, unsigned char *md)
 	{
 	MD5_CTX c;
 	static unsigned char m[MD5_DIGEST_LENGTH];
 
 	if (md == NULL) md=m;
 	MD5_Init(&c);
+#ifndef CHARSET_EBCDIC
 	MD5_Update(&c,d,n);
+#else
+	{
+		char temp[1024];
+		unsigned long chunk;
+
+		while (n > 0)
+		{
+			chunk = (n > sizeof(temp)) ? sizeof(temp) : n;
+			ebcdic2ascii(temp, d, chunk);
+			MD5_Update(&c,temp,chunk);
+			n -= chunk;
+			d += chunk;
+		}
+	}
+#endif
 	MD5_Final(md,&c);
 	memset(&c,0,sizeof(c)); /* security consideration */
 	return(md);
diff --git a/lib/libssl/src/crypto/md5/md5s.cpp b/lib/libssl/src/crypto/md5/md5s.cpp
index ef8e175df01..dd343fd4e6e 100644
--- a/lib/libssl/src/crypto/md5/md5s.cpp
+++ b/lib/libssl/src/crypto/md5/md5s.cpp
@@ -32,7 +32,7 @@ void GetTSC(unsigned long& tsc)
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "md5.h"
+#include <openssl/md5.h>
 
 extern "C" {
 void md5_block_x86(MD5_CTX *ctx, unsigned char *buffer,int num);
diff --git a/lib/libssl/src/crypto/md5/md5test.c b/lib/libssl/src/crypto/md5/md5test.c
index 74b84bc67f8..a192a62bb30 100644
--- a/lib/libssl/src/crypto/md5/md5test.c
+++ b/lib/libssl/src/crypto/md5/md5test.c
@@ -59,7 +59,15 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#include "md5.h"
+
+#ifdef NO_MD5
+int main(int argc, char *argv[])
+{
+    printf("No MD5 support\n");
+    return(0);
+}
+#else
+#include <openssl/md5.h>
 
 char *test[]={
 	"",
@@ -82,15 +90,8 @@ char *ret[]={
 	"57edf4a22be3c955ac49da2e2107b67a",
 	};
 
-#ifndef NOPROTO
 static char *pt(unsigned char *md);
-#else
-static char *pt();
-#endif
-
-int main(argc,argv)
-int argc;
-char *argv[];
+int main(int argc, char *argv[])
 	{
 	int i,err=0;
 	unsigned char **P,**R;
@@ -118,8 +119,7 @@ char *argv[];
 	return(0);
 	}
 
-static char *pt(md)
-unsigned char *md;
+static char *pt(unsigned char *md)
 	{
 	int i;
 	static char buf[80];
@@ -128,3 +128,4 @@ unsigned char *md;
 		sprintf(&(buf[i*2]),"%02x",md[i]);
 	return(buf);
 	}
+#endif
diff --git a/lib/libssl/src/crypto/mdc2/Makefile.ssl b/lib/libssl/src/crypto/mdc2/Makefile.ssl
index 495a2789a0e..3a5ad990a67 100644
--- a/lib/libssl/src/crypto/mdc2/Makefile.ssl
+++ b/lib/libssl/src/crypto/mdc2/Makefile.ssl
@@ -7,9 +7,11 @@ TOP=	../..
 CC=	cc
 INCLUDES=
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -37,24 +39,23 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -66,15 +67,23 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+mdc2_one.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+mdc2_one.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+mdc2_one.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+mdc2_one.o: ../../include/openssl/err.h ../../include/openssl/mdc2.h
+mdc2_one.o: ../../include/openssl/opensslconf.h
+mdc2_one.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+mdc2_one.o: ../cryptlib.h
+mdc2dgst.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+mdc2dgst.o: ../../include/openssl/mdc2.h ../../include/openssl/opensslconf.h
diff --git a/lib/libssl/src/crypto/mdc2/mdc2.h b/lib/libssl/src/crypto/mdc2/mdc2.h
index 0b104be1849..ec8e159fc92 100644
--- a/lib/libssl/src/crypto/mdc2/mdc2.h
+++ b/lib/libssl/src/crypto/mdc2/mdc2.h
@@ -63,7 +63,11 @@
 extern "C" {
 #endif
 
-#include "des.h"
+#include <openssl/des.h>
+
+#ifdef NO_MDC2
+#error MDC2 is disabled.
+#endif
 
 #define MDC2_BLOCK              8
 #define MDC2_DIGEST_LENGTH      16
@@ -76,22 +80,12 @@ typedef struct mdc2_ctx_st
 	int pad_type; /* either 1 or 2, default 1 */
 	} MDC2_CTX;
 
-#ifndef NOPROTO
 
 void MDC2_Init(MDC2_CTX *c);
 void MDC2_Update(MDC2_CTX *c, unsigned char *data, unsigned long len);
 void MDC2_Final(unsigned char *md, MDC2_CTX *c);
 unsigned char *MDC2(unsigned char *d, unsigned long n, unsigned char *md);
 
-#else
-
-void MDC2_Init();
-void MDC2_Update();
-void MDC2_Final();
-unsigned char *MDC2();
-
-#endif
-
 #ifdef  __cplusplus
 }
 #endif
diff --git a/lib/libssl/src/crypto/mem.c b/lib/libssl/src/crypto/mem.c
index 72e501ad0f2..61fc1e184ed 100644
--- a/lib/libssl/src/crypto/mem.c
+++ b/lib/libssl/src/crypto/mem.c
@@ -58,12 +58,30 @@
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "buffer.h"
-#include "bio.h"
-#include "lhash.h"
+#include <openssl/crypto.h>
+#ifdef CRYPTO_MDEBUG_TIME
+# include <time.h>	
+#endif
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
+#include <openssl/lhash.h>
 #include "cryptlib.h"
 
+/* #ifdef CRYPTO_MDEBUG */
+/* static int mh_mode=CRYPTO_MEM_CHECK_ON; */
+/* #else */
 static int mh_mode=CRYPTO_MEM_CHECK_OFF;
+/* #endif */
+/* State CRYPTO_MEM_CHECK_ON exists only temporarily when the library
+ * thinks that certain allocations should not be checked (e.g. the data
+ * structures used for memory checking).  It is not suitable as an initial
+ * state: the library will unexpectedly enable memory checking when it
+ * executes one of those sections that want to disable checking
+ * temporarily.
+ *
+ * State CRYPTO_MEM_CHECK_ENABLE without ..._ON makes no sense whatsoever.
+ */
+
 static unsigned long order=0;
 
 static LHASH *mh=NULL;
@@ -72,25 +90,41 @@ typedef struct mem_st
 	{
 	char *addr;
 	int num;
-	char *file;
+	const char *file;
 	int line;
+#ifdef CRYPTO_MDEBUG_THREAD
+	unsigned long thread;
+#endif
 	unsigned long order;
+#ifdef CRYPTO_MDEBUG_TIME
+	time_t time;
+#endif
 	} MEM;
 
-int CRYPTO_mem_ctrl(mode)
-int mode;
+int CRYPTO_mem_ctrl(int mode)
 	{
 	int ret=mh_mode;
 
 	CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
 	switch (mode)
 		{
-	case CRYPTO_MEM_CHECK_ON:
-		mh_mode|=CRYPTO_MEM_CHECK_ON;
+	/* for applications: */
+	case CRYPTO_MEM_CHECK_ON: /* aka MemCheck_start() */
+		mh_mode = CRYPTO_MEM_CHECK_ON|CRYPTO_MEM_CHECK_ENABLE;
+		break;
+	case CRYPTO_MEM_CHECK_OFF: /* aka MemCheck_stop() */
+		mh_mode = 0;
 		break;
-	case CRYPTO_MEM_CHECK_OFF:
-		mh_mode&= ~CRYPTO_MEM_CHECK_ON;
+
+	/* switch off temporarily (for library-internal use): */
+	case CRYPTO_MEM_CHECK_DISABLE: /* aka MemCheck_off() */
+		mh_mode&= ~CRYPTO_MEM_CHECK_ENABLE;
 		break;
+	case CRYPTO_MEM_CHECK_ENABLE: /* aka MemCheck_on() */
+		if (mh_mode&CRYPTO_MEM_CHECK_ON)
+			mh_mode|=CRYPTO_MEM_CHECK_ENABLE;
+		break;
+
 	default:
 		break;
 		}
@@ -98,14 +132,12 @@ int mode;
 	return(ret);
 	}
 
-static int mem_cmp(a,b)
-MEM *a,*b;
+static int mem_cmp(MEM *a, MEM *b)
 	{
 	return(a->addr - b->addr);
 	}
 
-static unsigned long mem_hash(a)
-MEM *a;
+static unsigned long mem_hash(MEM *a)
 	{
 	unsigned long ret;
 
@@ -115,54 +147,69 @@ MEM *a;
 	return(ret);
 	}
 
+static char *(*malloc_locked_func)()=(char *(*)())malloc;
+static void (*free_locked_func)()=(void (*)())free;
 static char *(*malloc_func)()=	(char *(*)())malloc;
 static char *(*realloc_func)()=	(char *(*)())realloc;
 static void (*free_func)()=	(void (*)())free;
 
-void CRYPTO_set_mem_functions(m,r,f)
-char *(*m)();
-char *(*r)();
-void (*f)();
+void CRYPTO_set_mem_functions(char *(*m)(), char *(*r)(), void (*f)())
 	{
 	if ((m == NULL) || (r == NULL) || (f == NULL)) return;
 	malloc_func=m;
 	realloc_func=r;
 	free_func=f;
+	malloc_locked_func=m;
+	free_locked_func=f;
 	}
 
-void CRYPTO_get_mem_functions(m,r,f)
-char *(**m)();
-char *(**r)();
-void (**f)();
+void CRYPTO_set_locked_mem_functions(char *(*m)(), void (*f)())
+	{
+	if ((m == NULL) || (f == NULL)) return;
+	malloc_locked_func=m;
+	free_locked_func=f;
+	}
+
+void CRYPTO_get_mem_functions(char *(**m)(), char *(**r)(), void (**f)())
 	{
 	if (m != NULL) *m=malloc_func;
 	if (r != NULL) *r=realloc_func;
 	if (f != NULL) *f=free_func;
 	}
 
-char *CRYPTO_malloc(num)
-int num;
+void CRYPTO_get_locked_mem_functions(char *(**m)(), void (**f)())
+	{
+	if (m != NULL) *m=malloc_locked_func;
+	if (f != NULL) *f=free_locked_func;
+	}
+
+void *CRYPTO_malloc_locked(int num)
+	{
+	return(malloc_locked_func(num));
+	}
+
+void CRYPTO_free_locked(void *str)
+	{
+	free_locked_func(str);
+	}
+
+void *CRYPTO_malloc(int num)
 	{
 	return(malloc_func(num));
 	}
 
-char *CRYPTO_realloc(str,num)
-char *str;
-int num;
+void *CRYPTO_realloc(void *str, int num)
 	{
 	return(realloc_func(str,num));
 	}
 
-void CRYPTO_free(str)
-char *str;
+void CRYPTO_free(void *str)
 	{
 	free_func(str);
 	}
 
-char *CRYPTO_dbg_malloc(num,file,line)
-int num;
-char *file;
-int line;
+static unsigned long break_order_num=0;
+void *CRYPTO_dbg_malloc(int num, const char *file, int line)
 	{
 	char *ret;
 	MEM *m,*mm;
@@ -170,11 +217,13 @@ int line;
 	if ((ret=malloc_func(num)) == NULL)
 		return(NULL);
 
-	if (mh_mode & CRYPTO_MEM_CHECK_ON)
+	if (mh_mode & CRYPTO_MEM_CHECK_ENABLE)
 		{
-		if ((m=(MEM *)malloc(sizeof(MEM))) == NULL)
+		MemCheck_off();
+		if ((m=(MEM *)Malloc(sizeof(MEM))) == NULL)
 			{
-			free(ret);
+			Free(ret);
+			MemCheck_on();
 			return(NULL);
 			}
 		CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
@@ -182,9 +231,10 @@ int line;
 			{
 			if ((mh=lh_new(mem_hash,mem_cmp)) == NULL)
 				{
-				free(ret);
-				free(m);
-				return(NULL);
+				Free(ret);
+				Free(m);
+				ret=NULL;
+				goto err;
 				}
 			}
 
@@ -192,39 +242,49 @@ int line;
 		m->file=file;
 		m->line=line;
 		m->num=num;
+#ifdef CRYPTO_MDEBUG_THREAD
+		m->thread=CRYPTO_thread_id();
+#endif
+		if (order == break_order_num)
+			{
+			/* BREAK HERE */
+			m->order=order;
+			}
 		m->order=order++;
+#ifdef CRYPTO_MDEBUG_TIME
+		m->time=time(NULL);
+#endif
 		if ((mm=(MEM *)lh_insert(mh,(char *)m)) != NULL)
 			{
 			/* Not good, but don't sweat it */
-			free(mm);
+			Free(mm);
 			}
+err:
 		CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+		MemCheck_on();
 		}
 	return(ret);
 	}
 
-void CRYPTO_dbg_free(addr)
-char *addr;
+void CRYPTO_dbg_free(void *addr)
 	{
 	MEM m,*mp;
 
-	if ((mh_mode & CRYPTO_MEM_CHECK_ON) && (mh != NULL))
+	if ((mh_mode & CRYPTO_MEM_CHECK_ENABLE) && (mh != NULL))
 		{
+		MemCheck_off();
 		CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
 		m.addr=addr;
 		mp=(MEM *)lh_delete(mh,(char *)&m);
 		if (mp != NULL)
-			free(mp);
+			Free(mp);
 		CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+		MemCheck_on();
 		}
 	free_func(addr);
 	}
 
-char *CRYPTO_dbg_realloc(addr,num,file,line)
-char *addr;
-int num;
-char *file;
-int line;
+void *CRYPTO_dbg_realloc(void *addr, int num, const char *file, int line)
 	{
 	char *ret;
 	MEM m,*mp;
@@ -232,8 +292,9 @@ int line;
 	ret=realloc_func(addr,num);
 	if (ret == addr) return(ret);
 
-	if (mh_mode & CRYPTO_MEM_CHECK_ON)
+	if (mh_mode & CRYPTO_MEM_CHECK_ENABLE)
 		{
+		MemCheck_off();
 		if (ret == NULL) return(NULL);
 		m.addr=addr;
 		CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
@@ -244,24 +305,19 @@ int line;
 			lh_insert(mh,(char *)mp);
 			}
 		CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+		MemCheck_on();
 		}
 	return(ret);
 	}
 
-char *CRYPTO_remalloc(a,n)
-char *a;
-int n;
+void *CRYPTO_remalloc(void *a, int n)
 	{
 	if (a != NULL) Free(a);
 	a=(char *)Malloc(n);
 	return(a);
 	}
 
-char *CRYPTO_dbg_remalloc(a,n,file,line)
-char *a;
-int n;
-char *file;
-int line;
+void *CRYPTO_dbg_remalloc(void *a, int n, const char *file, int line)
 	{
 	if (a != NULL) CRYPTO_dbg_free(a);
 	a=(char *)CRYPTO_dbg_malloc(n,file,line);
@@ -276,21 +332,44 @@ typedef struct mem_leak_st
 	long bytes;
 	} MEM_LEAK;
 
-static void print_leak(m,l)
-MEM *m;
-MEM_LEAK *l;
+static void print_leak(MEM *m, MEM_LEAK *l)
 	{
 	char buf[128];
+#ifdef CRYPTO_MDEBUG_TIME
+	struct tm *lcl;
+#endif
+
+	if(m->addr == (char *)l->bio)
+	    return;
+
+#ifdef CRYPTO_MDEBUG_TIME
+	lcl = localtime(&m->time);
+#endif
+
+	sprintf(buf,
+#ifdef CRYPTO_MDEBUG_TIME
+		"[%02d:%02d:%02d] "
+#endif
+		"%5lu file=%s, line=%d, "
+#ifdef CRYPTO_MDEBUG_THREAD
+		"thread=%lu, "
+#endif
+		"number=%d, address=%08lX\n",
+#ifdef CRYPTO_MDEBUG_TIME
+		lcl->tm_hour,lcl->tm_min,lcl->tm_sec,
+#endif
+		m->order,m->file,m->line,
+#ifdef CRYPTO_MDEBUG_THREAD
+		m->thread,
+#endif
+		m->num,(unsigned long)m->addr);
 
-	sprintf(buf,"%5ld file=%s, line=%d, number=%d, address=%08lX\n",
-		m->order,m->file,m->line,m->num,(long)m->addr);
 	BIO_puts(l->bio,buf);
 	l->chunks++;
 	l->bytes+=m->num;
 	}
 
-void CRYPTO_mem_leaks(b)
-BIO *b;
+void CRYPTO_mem_leaks(BIO *b)
 	{
 	MEM_LEAK ml;
 	char buf[80];
@@ -308,25 +387,23 @@ BIO *b;
 			ml.bytes,ml.chunks);
 		BIO_puts(b,buf);
 		}
-	/*
+
+#if 0
 	lh_stats_bio(mh,b);
-        lh_node_stats_bio(mh,b);
-        lh_node_usage_stats_bio(mh,b);
-	*/
+	lh_node_stats_bio(mh,b);
+	lh_node_usage_stats_bio(mh,b);
+#endif
 	}
 
 static void (*mem_cb)()=NULL;
 
-static void cb_leak(m,cb)
-MEM *m;
-char *cb;
+static void cb_leak(MEM *m, char *cb)
 	{
 	void (*mem_callback)()=(void (*)())cb;
 	mem_callback(m->order,m->file,m->line,m->num,m->addr);
 	}
 
-void CRYPTO_mem_leaks_cb(cb)
-void (*cb)();
+void CRYPTO_mem_leaks_cb(void (*cb)())
 	{
 	if (mh == NULL) return;
 	CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
@@ -337,8 +414,7 @@ void (*cb)();
 	}
 
 #ifndef NO_FP_API
-void CRYPTO_mem_leaks_fp(fp)
-FILE *fp;
+void CRYPTO_mem_leaks_fp(FILE *fp)
 	{
 	BIO *b;
 
diff --git a/lib/libssl/src/crypto/objects/Makefile.ssl b/lib/libssl/src/crypto/objects/Makefile.ssl
index 320523cea13..a3a15c13c1f 100644
--- a/lib/libssl/src/crypto/objects/Makefile.ssl
+++ b/lib/libssl/src/crypto/objects/Makefile.ssl
@@ -7,23 +7,23 @@ TOP=	../..
 CC=	cc
 INCLUDES= -I.. -I../../include
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
-ERR=objects
-ERRC=obj_err
 GENERAL=Makefile README
 TEST=
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=	obj_dat.c obj_lib.c $(ERRC).c
-LIBOBJ= obj_dat.o obj_lib.o $(ERRC).o
+LIBSRC=	o_names.c obj_dat.c obj_lib.c obj_err.c
+LIBOBJ= o_names.o obj_dat.o obj_lib.o obj_err.o
 
 SRC= $(LIBSRC)
 
@@ -38,28 +38,27 @@ top:
 all:	obj_dat.h lib
 
 obj_dat.h: objects.h obj_dat.pl
-	perl ./obj_dat.pl < objects.h > obj_dat.h
+	$(PERL) ./obj_dat.pl < objects.h > obj_dat.h
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -71,17 +70,40 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
-	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+o_names.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+o_names.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+o_names.o: ../../include/openssl/lhash.h ../../include/openssl/objects.h
+o_names.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+o_names.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+obj_dat.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+obj_dat.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+obj_dat.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+obj_dat.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+obj_dat.o: ../../include/openssl/lhash.h ../../include/openssl/objects.h
+obj_dat.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+obj_dat.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+obj_dat.o: ../cryptlib.h obj_dat.h
+obj_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+obj_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+obj_err.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+obj_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+obj_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+obj_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+obj_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+obj_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+obj_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+obj_lib.o: ../../include/openssl/lhash.h ../../include/openssl/objects.h
+obj_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+obj_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+obj_lib.o: ../cryptlib.h
diff --git a/lib/libssl/src/crypto/objects/o_names.c b/lib/libssl/src/crypto/objects/o_names.c
new file mode 100644
index 00000000000..4da5e45b9c5
--- /dev/null
+++ b/lib/libssl/src/crypto/objects/o_names.c
@@ -0,0 +1,243 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/lhash.h>
+#include <openssl/objects.h>
+
+/* I use the ex_data stuff to manage the identifiers for the obj_name_types
+ * that applications may define.  I only really use the free function field.
+ */
+static LHASH *names_lh=NULL;
+static int names_type_num=OBJ_NAME_TYPE_NUM;
+static STACK *names_cmp=NULL;
+static STACK *names_hash=NULL;
+static STACK *names_free=NULL;
+
+static unsigned long obj_name_hash(OBJ_NAME *a);
+static int obj_name_cmp(OBJ_NAME *a,OBJ_NAME *b);
+
+int OBJ_NAME_init(void)
+	{
+	if (names_lh != NULL) return(1);
+	MemCheck_off();
+	names_lh=lh_new(obj_name_hash,obj_name_cmp);
+	MemCheck_on();
+	return(names_lh != NULL);
+	}
+
+int OBJ_NAME_new_index(unsigned long (*hash_func)(), int (*cmp_func)(),
+	     void (*free_func)())
+	{
+	int ret;
+	int i;
+
+	if (names_free == NULL)
+		{
+		MemCheck_off();
+		names_hash=sk_new_null();
+		names_cmp=sk_new_null();
+		names_free=sk_new_null();
+		MemCheck_on();
+		}
+	if ((names_free == NULL) || (names_hash == NULL) || (names_cmp == NULL))
+		{
+		/* ERROR */
+		return(0);
+		}
+	ret=names_type_num;
+	names_type_num++;
+	for (i=sk_num(names_free); i<names_type_num; i++)
+		{
+		MemCheck_off();
+		sk_push(names_hash,(char *)strcmp);
+		sk_push(names_cmp,(char *)lh_strhash);
+		sk_push(names_free,NULL);
+		MemCheck_on();
+		}
+	if (hash_func != NULL)
+		sk_set(names_hash,ret,(char *)hash_func);
+	if (cmp_func != NULL)
+		sk_set(names_cmp,ret,(char *)cmp_func);
+	if (free_func != NULL)
+		sk_set(names_free,ret,(char *)free_func);
+	return(ret);
+	}
+
+static int obj_name_cmp(OBJ_NAME *a, OBJ_NAME *b)
+	{
+	int ret;
+	int (*cmp)();
+
+	ret=a->type-b->type;
+	if (ret == 0)
+		{
+		if ((names_cmp != NULL) && (sk_num(names_cmp) > a->type))
+			{
+			cmp=(int (*)())sk_value(names_cmp,a->type);
+			ret=cmp(a->name,b->name);
+			}
+		else
+			ret=strcmp(a->name,b->name);
+		}
+	return(ret);
+	}
+
+static unsigned long obj_name_hash(OBJ_NAME *a)
+	{
+	unsigned long ret;
+	unsigned long (*hash)();
+
+	if ((names_hash != NULL) && (sk_num(names_hash) > a->type))
+		{
+		hash=(unsigned long (*)())sk_value(names_hash,a->type);
+		ret=hash(a->name);
+		}
+	else
+		{
+		ret=lh_strhash(a->name);
+		}
+	ret^=a->type;
+	return(ret);
+	}
+
+const char *OBJ_NAME_get(const char *name, int type)
+	{
+	OBJ_NAME on,*ret;
+	int num=0,alias;
+
+	if (name == NULL) return(NULL);
+	if ((names_lh == NULL) && !OBJ_NAME_init()) return(NULL);
+
+	alias=type&OBJ_NAME_ALIAS;
+	type&= ~OBJ_NAME_ALIAS;
+
+	on.name=name;
+	on.type=type;
+
+	for (;;)
+		{
+		ret=(OBJ_NAME *)lh_retrieve(names_lh,(char *)&on);
+		if (ret == NULL) return(NULL);
+		if ((ret->alias) && !alias)
+			{
+			if (++num > 10) return(NULL);
+			on.name=ret->data;
+			}
+		else
+			{
+			return(ret->data);
+			}
+		}
+	}
+
+int OBJ_NAME_add(const char *name, int type, const char *data)
+	{
+	void (*f)();
+	OBJ_NAME *onp,*ret;
+	int alias;
+
+	if ((names_lh == NULL) && !OBJ_NAME_init()) return(0);
+
+	alias=type&OBJ_NAME_ALIAS;
+	type&= ~OBJ_NAME_ALIAS;
+
+	onp=(OBJ_NAME *)Malloc(sizeof(OBJ_NAME));
+	if (onp == NULL)
+		{
+		/* ERROR */
+		return(0);
+		}
+
+	onp->name=name;
+	onp->alias=alias;
+	onp->type=type;
+	onp->data=data;
+
+	ret=(OBJ_NAME *)lh_insert(names_lh,(char *)onp);
+	if (ret != NULL)
+		{
+		/* free things */
+		if ((names_free != NULL) && (sk_num(names_free) > ret->type))
+			{
+			f=(void (*)())sk_value(names_free,ret->type);
+			f(ret->name,ret->type,ret->data);
+			}
+		Free((char *)ret);
+		}
+	else
+		{
+		if (lh_error(names_lh))
+			{
+			/* ERROR */
+			return(0);
+			}
+		}
+	return(1);
+	}
+
+int OBJ_NAME_remove(const char *name, int type)
+	{
+	OBJ_NAME on,*ret;
+	void (*f)();
+
+	if (names_lh == NULL) return(0);
+
+	type&= ~OBJ_NAME_ALIAS;
+	on.name=name;
+	on.type=type;
+	ret=(OBJ_NAME *)lh_delete(names_lh,(char *)&on);
+	if (ret != NULL)
+		{
+		/* free things */
+		if ((names_free != NULL) && (sk_num(names_free) > type))
+			{
+			f=(void (*)())sk_value(names_free,type);
+			f(ret->name,ret->type,ret->data);
+			}
+		Free((char *)ret);
+		return(1);
+		}
+	else
+		return(0);
+	}
+
+static int free_type;
+
+static void names_lh_free(OBJ_NAME *onp, int type)
+{
+	if(onp == NULL)
+	    return;
+
+	if ((free_type < 0) || (free_type == onp->type))
+		{
+		OBJ_NAME_remove(onp->name,onp->type);
+		}
+	}
+
+void OBJ_NAME_cleanup(int type)
+	{
+	unsigned long down_load;
+
+	if (names_lh == NULL) return;
+
+	free_type=type;
+	down_load=names_lh->down_load;
+	names_lh->down_load=0;
+
+	lh_doall(names_lh,names_lh_free);
+	if (type < 0)
+		{
+		lh_free(names_lh);
+		sk_free(names_hash);
+		sk_free(names_cmp);
+		sk_free(names_free);
+		names_lh=NULL;
+		names_hash=NULL;
+		names_cmp=NULL;
+		names_free=NULL;
+		}
+	else
+		names_lh->down_load=down_load;
+	}
+
diff --git a/lib/libssl/src/crypto/objects/obj_dat.c b/lib/libssl/src/crypto/objects/obj_dat.c
index 34866ebbd28..d47b874399c 100644
--- a/lib/libssl/src/crypto/objects/obj_dat.c
+++ b/lib/libssl/src/crypto/objects/obj_dat.c
@@ -59,23 +59,29 @@
 #include <stdio.h>
 #include <ctype.h>
 #include "cryptlib.h"
-#include "lhash.h"
-#include "asn1.h"
-#include "objects.h"
+#include <openssl/lhash.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
 
 /* obj_dat.h is generated from objects.h by obj_dat.pl */
+#ifndef NO_OBJECT
 #include "obj_dat.h"
+#else
+/* You will have to load all the objects needed manually in the application */
+#define NUM_NID 0
+#define NUM_SN 0
+#define NUM_LN 0
+#define NUM_OBJ 0
+static unsigned char lvalues[1];
+static ASN1_OBJECT nid_objs[1];
+static ASN1_OBJECT *sn_objs[1];
+static ASN1_OBJECT *ln_objs[1];
+static ASN1_OBJECT *obj_objs[1];
+#endif
 
-#ifndef NOPROTO
 static int sn_cmp(ASN1_OBJECT **a, ASN1_OBJECT **b);
 static int ln_cmp(ASN1_OBJECT **a, ASN1_OBJECT **b);
 static int obj_cmp(ASN1_OBJECT **a, ASN1_OBJECT **b);
-#else
-static int sn_cmp();
-static int ln_cmp();
-static int obj_cmp();
-#endif
-
 #define ADDED_DATA	0
 #define ADDED_SNAME	1
 #define ADDED_LNAME	2
@@ -90,18 +96,13 @@ typedef struct added_obj_st
 static int new_nid=NUM_NID;
 static LHASH *added=NULL;
 
-static int sn_cmp(ap,bp)
-ASN1_OBJECT **ap;
-ASN1_OBJECT **bp;
+static int sn_cmp(ASN1_OBJECT **ap, ASN1_OBJECT **bp)
 	{ return(strcmp((*ap)->sn,(*bp)->sn)); }
 
-static int ln_cmp(ap,bp)
-ASN1_OBJECT **ap;
-ASN1_OBJECT **bp;
+static int ln_cmp(ASN1_OBJECT **ap, ASN1_OBJECT **bp)
 	{ return(strcmp((*ap)->ln,(*bp)->ln)); }
 
-static unsigned long add_hash(ca)
-ADDED_OBJ *ca;
+static unsigned long add_hash(ADDED_OBJ *ca)
 	{
 	ASN1_OBJECT *a;
 	int i;
@@ -134,8 +135,7 @@ ADDED_OBJ *ca;
 	return(ret);
 	}
 
-static int add_cmp(ca,cb)
-ADDED_OBJ *ca,*cb;
+static int add_cmp(ADDED_OBJ *ca, ADDED_OBJ *cb)
 	{
 	ASN1_OBJECT *a,*b;
 	int i;
@@ -163,36 +163,35 @@ ADDED_OBJ *ca,*cb;
 	default:
 		abort();
 		}
+	return(1); /* should not get here */
 	}
 
-static int init_added()
+static int init_added(void)
 	{
 	if (added != NULL) return(1);
 	added=lh_new(add_hash,add_cmp);
 	return(added != NULL);
 	}
 
-static void cleanup1(a)
-ADDED_OBJ *a;
+static void cleanup1(ADDED_OBJ *a)
 	{
 	a->obj->nid=0;
 	a->obj->flags|=ASN1_OBJECT_FLAG_DYNAMIC|
-	                ASN1_OBJECT_FLAG_DYNAMIC_STRINGS;
+	                ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|
+			ASN1_OBJECT_FLAG_DYNAMIC_DATA;
 	}
 
-static void cleanup2(a)
-ADDED_OBJ *a;
+static void cleanup2(ADDED_OBJ *a)
 	{ a->obj->nid++; }
 
-static void cleanup3(a)
-ADDED_OBJ *a;
+static void cleanup3(ADDED_OBJ *a)
 	{
 	if (--a->obj->nid == 0)
 		ASN1_OBJECT_free(a->obj);
 	Free(a);
 	}
 
-void OBJ_cleanup()
+void OBJ_cleanup(void)
 	{
 	if (added == NULL) return;
 	added->down_load=0;
@@ -203,8 +202,7 @@ void OBJ_cleanup()
 	added=NULL;
 	}
 
-int OBJ_new_nid(num)
-int num;
+int OBJ_new_nid(int num)
 	{
 	int i;
 
@@ -213,8 +211,7 @@ int num;
 	return(i);
 	}
 
-int OBJ_add_object(obj)
-ASN1_OBJECT *obj;
+int OBJ_add_object(ASN1_OBJECT *obj)
 	{
 	ASN1_OBJECT *o;
 	ADDED_OBJ *ao[4],*aop;
@@ -247,7 +244,9 @@ ASN1_OBJECT *obj;
 				Free(aop);
 			}
 		}
-	o->flags&= ~(ASN1_OBJECT_FLAG_DYNAMIC|ASN1_OBJECT_FLAG_DYNAMIC_STRINGS);
+	o->flags&= ~(ASN1_OBJECT_FLAG_DYNAMIC|ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|
+			ASN1_OBJECT_FLAG_DYNAMIC_DATA);
+
 	return(o->nid);
 err:
 	for (i=ADDED_DATA; i<=ADDED_NID; i++)
@@ -256,8 +255,7 @@ err:
 	return(NID_undef);
 	}
 
-ASN1_OBJECT *OBJ_nid2obj(n)
-int n;
+ASN1_OBJECT *OBJ_nid2obj(int n)
 	{
 	ADDED_OBJ ad,*adp;
 	ASN1_OBJECT ob;
@@ -289,8 +287,7 @@ int n;
 		}
 	}
 
-char *OBJ_nid2sn(n)
-int n;
+const char *OBJ_nid2sn(int n)
 	{
 	ADDED_OBJ ad,*adp;
 	ASN1_OBJECT ob;
@@ -322,8 +319,7 @@ int n;
 		}
 	}
 
-char *OBJ_nid2ln(n)
-int n;
+const char *OBJ_nid2ln(int n)
 	{
 	ADDED_OBJ ad,*adp;
 	ASN1_OBJECT ob;
@@ -355,8 +351,7 @@ int n;
 		}
 	}
 
-int OBJ_obj2nid(a)
-ASN1_OBJECT *a;
+int OBJ_obj2nid(ASN1_OBJECT *a)
 	{
 	ASN1_OBJECT **op;
 	ADDED_OBJ ad,*adp;
@@ -380,45 +375,126 @@ ASN1_OBJECT *a;
 	return((*op)->nid);
 	}
 
-int OBJ_txt2nid(s)
-char *s;
+/* Convert an object name into an ASN1_OBJECT
+ * if "noname" is not set then search for short and long names first.
+ * This will convert the "dotted" form into an object: unlike OBJ_txt2nid
+ * it can be used with any objects, not just registered ones.
+ */
+
+ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)
 	{
-	int ret;
+	int nid = NID_undef;
+	ASN1_OBJECT *op=NULL;
+	unsigned char *buf,*p;
+	int i, j;
 
-	ret=OBJ_sn2nid(s);
-	if (ret == NID_undef)
-		{
-		ret=OBJ_ln2nid(s);
-		if (ret == NID_undef)
-			{
-			ASN1_OBJECT *op=NULL;
-			unsigned char *buf,*p;
-			int i;
+	if(!no_name) {
+		if( ((nid = OBJ_sn2nid(s)) != NID_undef) ||
+			((nid = OBJ_ln2nid(s)) != NID_undef) ) 
+					return OBJ_nid2obj(nid);
+	}
 
-			i=a2d_ASN1_OBJECT(NULL,0,s,-1);
-			if (i <= 0)
-				{
-				/* clear the error */
-				ERR_get_error();
-				return(0);
-				}
+	/* Work out size of content octets */
+	i=a2d_ASN1_OBJECT(NULL,0,s,-1);
+	if (i <= 0) {
+		/* Clear the error */
+		ERR_get_error();
+		return NULL;
+	}
+	/* Work out total size */
+	j = ASN1_object_size(0,i,V_ASN1_OBJECT);
+
+	if((buf=(unsigned char *)Malloc(j)) == NULL) return NULL;
+
+	p = buf;
+	/* Write out tag+length */
+	ASN1_put_object(&p,0,i,V_ASN1_OBJECT,V_ASN1_UNIVERSAL);
+	/* Write out contents */
+	a2d_ASN1_OBJECT(p,i,s,-1);
+	
+	p=buf;
+	op=d2i_ASN1_OBJECT(NULL,&p,i);
+	Free(buf);
+	return op;
+	}
+
+int OBJ_obj2txt(char *buf, int buf_len, ASN1_OBJECT *a, int no_name)
+{
+	int i,idx=0,n=0,len,nid;
+	unsigned long l;
+	unsigned char *p;
+	const char *s;
+	char tbuf[32];
+
+	if (buf_len <= 0) return(0);
+
+	if ((a == NULL) || (a->data == NULL)) {
+		buf[0]='\0';
+		return(0);
+	}
 
-			if ((buf=(unsigned char *)Malloc(i)) == NULL)
-				return(NID_undef);
-			a2d_ASN1_OBJECT(buf,i,s,-1);
-			p=buf;
-			op=d2i_ASN1_OBJECT(NULL,&p,i);
-			if (op == NULL) return(NID_undef);
-			ret=OBJ_obj2nid(op);
-			ASN1_OBJECT_free(op);
-			Free(buf);
+	nid=OBJ_obj2nid(a);
+	if ((nid == NID_undef) || no_name) {
+		len=a->length;
+		p=a->data;
+
+		idx=0;
+		l=0;
+		while (idx < a->length) {
+			l|=(p[idx]&0x7f);
+			if (!(p[idx] & 0x80)) break;
+			l<<=7L;
+			idx++;
+		}
+		idx++;
+		i=(int)(l/40);
+		if (i > 2) i=2;
+		l-=(long)(i*40);
+
+		sprintf(tbuf,"%d.%lu",i,l);
+		i=strlen(tbuf);
+		strncpy(buf,tbuf,buf_len);
+		buf_len-=i;
+		buf+=i;
+		n+=i;
+
+		l=0;
+		for (; idx<len; idx++) {
+			l|=p[idx]&0x7f;
+			if (!(p[idx] & 0x80)) {
+				sprintf(tbuf,".%lu",l);
+				i=strlen(tbuf);
+				if (buf_len > 0)
+					strncpy(buf,tbuf,buf_len);
+				buf_len-=i;
+				buf+=i;
+				n+=i;
+				l=0;
 			}
+			l<<=7L;
 		}
-	return(ret);
+	} else {
+		s=OBJ_nid2ln(nid);
+		if (s == NULL)
+			s=OBJ_nid2sn(nid);
+		strncpy(buf,s,buf_len);
+		n=strlen(s);
 	}
+	buf[buf_len-1]='\0';
+	return(n);
+}
 
-int OBJ_ln2nid(s)
-char *s;
+int OBJ_txt2nid(char *s)
+{
+	ASN1_OBJECT *obj;
+	int nid;
+	obj = OBJ_txt2obj(s, 0);
+	nid = OBJ_obj2nid(obj);
+	ASN1_OBJECT_free(obj);
+	return nid;
+}
+
+int OBJ_ln2nid(const char *s)
 	{
 	ASN1_OBJECT o,*oo= &o,**op;
 	ADDED_OBJ ad,*adp;
@@ -437,8 +513,7 @@ char *s;
 	return((*op)->nid);
 	}
 
-int OBJ_sn2nid(s)
-char *s;
+int OBJ_sn2nid(const char *s)
 	{
 	ASN1_OBJECT o,*oo= &o,**op;
 	ADDED_OBJ ad,*adp;
@@ -457,9 +532,7 @@ char *s;
 	return((*op)->nid);
 	}
 
-static int obj_cmp(ap, bp)
-ASN1_OBJECT **ap;
-ASN1_OBJECT **bp;
+static int obj_cmp(ASN1_OBJECT **ap, ASN1_OBJECT **bp)
 	{
 	int j;
 	ASN1_OBJECT *a= *ap;
@@ -470,12 +543,7 @@ ASN1_OBJECT **bp;
 	return(memcmp(a->data,b->data,a->length));
         }
 
-char *OBJ_bsearch(key,base,num,size,cmp)
-char *key;
-char *base;
-int num;
-int size;
-int (*cmp)();
+char *OBJ_bsearch(char *key, char *base, int num, int size, int (*cmp)())
 	{
 	int l,h,i,c;
 	char *p;
@@ -495,14 +563,24 @@ int (*cmp)();
 		else
 			return(p);
 		}
+#ifdef CHARSET_EBCDIC
+/* THIS IS A KLUDGE - Because the *_obj is sorted in ASCII order, and
+ * I don't have perl (yet), we revert to a *LINEAR* search
+ * when the object wasn't found in the binary search.
+ */
+	for (i=0; i<num; ++i) {
+		p= &(base[i*size]);
+		if ((*cmp)(key,p) == 0)
+			return p;
+	}
+#endif
 	return(NULL);
 	}
 
-int OBJ_create_objects(in)
-BIO *in;
+int OBJ_create_objects(BIO *in)
 	{
 	MS_STATIC char buf[512];
-	int i,num= -1;
+	int i,num=0;
 	char *o,*s,*l=NULL;
 
 	for (;;)
@@ -511,26 +589,26 @@ BIO *in;
 		i=BIO_gets(in,buf,512);
 		if (i <= 0) return(num);
 		buf[i-1]='\0';
-		if (!isalnum(buf[0])) return(num);
+		if (!isalnum((unsigned char)buf[0])) return(num);
 		o=s=buf;
-		while (isdigit(*s) || (*s == '.'))
+		while (isdigit((unsigned char)*s) || (*s == '.'))
 			s++;
 		if (*s != '\0')
 			{
 			*(s++)='\0';
-			while (isspace(*s))
+			while (isspace((unsigned char)*s))
 				s++;
 			if (*s == '\0')
 				s=NULL;
 			else
 				{
 				l=s;
-				while ((*l != '\0') && !isspace(*l))
+				while ((*l != '\0') && !isspace((unsigned char)*l))
 					l++;
 				if (*l != '\0')
 					{
 					*(l++)='\0';
-					while (isspace(*l))
+					while (isspace((unsigned char)*l))
 						l++;
 					if (*l == '\0') l=NULL;
 					}
@@ -544,13 +622,10 @@ BIO *in;
 		if (!OBJ_create(o,s,l)) return(num);
 		num++;
 		}
-	return(num);
+	/* return(num); */
 	}
 
-int OBJ_create(oid,sn,ln)
-char *oid;
-char *sn;
-char *ln;
+int OBJ_create(char *oid, char *sn, char *ln)
 	{
 	int ok=0;
 	ASN1_OBJECT *op=NULL;
diff --git a/lib/libssl/src/crypto/objects/obj_dat.h b/lib/libssl/src/crypto/objects/obj_dat.h
deleted file mode 100644
index 48143ae3c7c..00000000000
--- a/lib/libssl/src/crypto/objects/obj_dat.h
+++ /dev/null
@@ -1,656 +0,0 @@
-/* lib/obj/obj_dat.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* THIS FILE IS GENERATED FROM Objects.h by obj_dat.pl via the
- * following command:
- * perl obj_dat.pl < objects.h > obj_dat.h
- */
-
-#define NUM_NID 124
-#define NUM_SN 95
-#define NUM_LN 122
-#define NUM_OBJ 95
-
-static unsigned char lvalues[600]={
-0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  0] OBJ_rsadsi */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  6] OBJ_pkcs */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02,     /* [ 13] OBJ_md2 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x05,     /* [ 21] OBJ_md5 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x04,     /* [ 29] OBJ_rc4 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,/* [ 37] OBJ_rsaEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x02,/* [ 46] OBJ_md2WithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x04,/* [ 55] OBJ_md5WithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x01,/* [ 64] OBJ_pbeWithMD2AndDES_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x03,/* [ 73] OBJ_pbeWithMD5AndDES_CBC */
-0x55,                                        /* [ 82] OBJ_X500 */
-0x55,0x04,                                   /* [ 83] OBJ_X509 */
-0x55,0x04,0x03,                              /* [ 85] OBJ_commonName */
-0x55,0x04,0x06,                              /* [ 88] OBJ_countryName */
-0x55,0x04,0x07,                              /* [ 91] OBJ_localityName */
-0x55,0x04,0x08,                              /* [ 94] OBJ_stateOrProvinceName */
-0x55,0x04,0x0A,                              /* [ 97] OBJ_organizationName */
-0x55,0x04,0x0B,                              /* [100] OBJ_organizationalUnitName */
-0x55,0x08,0x01,0x01,                         /* [103] OBJ_rsa */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,     /* [107] OBJ_pkcs7 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x01,/* [115] OBJ_pkcs7_data */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x02,/* [124] OBJ_pkcs7_signed */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x03,/* [133] OBJ_pkcs7_enveloped */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x04,/* [142] OBJ_pkcs7_signedAndEnveloped */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x05,/* [151] OBJ_pkcs7_digest */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x06,/* [160] OBJ_pkcs7_encrypted */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,     /* [169] OBJ_pkcs3 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,0x01,/* [177] OBJ_dhKeyAgreement */
-0x2B,0x0E,0x03,0x02,0x06,                    /* [186] OBJ_des_ecb */
-0x2B,0x0E,0x03,0x02,0x09,                    /* [191] OBJ_des_cfb64 */
-0x2B,0x0E,0x03,0x02,0x07,                    /* [196] OBJ_des_cbc */
-0x2B,0x0E,0x03,0x02,0x11,                    /* [201] OBJ_des_ede */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x02,     /* [206] OBJ_rc2_cbc */
-0x2B,0x0E,0x03,0x02,0x12,                    /* [214] OBJ_sha */
-0x2B,0x0E,0x03,0x02,0x0F,                    /* [219] OBJ_shaWithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x07,     /* [224] OBJ_des_ede3_cbc */
-0x2B,0x0E,0x03,0x02,0x08,                    /* [232] OBJ_des_ofb64 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,     /* [237] OBJ_pkcs9 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,/* [245] OBJ_pkcs9_emailAddress */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x02,/* [254] OBJ_pkcs9_unstructuredName */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x03,/* [263] OBJ_pkcs9_contentType */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x04,/* [272] OBJ_pkcs9_messageDigest */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x05,/* [281] OBJ_pkcs9_signingTime */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x06,/* [290] OBJ_pkcs9_countersignature */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x07,/* [299] OBJ_pkcs9_challengePassword */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x08,/* [308] OBJ_pkcs9_unstructuredAddress */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x09,/* [317] OBJ_pkcs9_extCertAttributes */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,          /* [326] OBJ_netscape */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,     /* [333] OBJ_netscape_cert_extension */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,     /* [341] OBJ_netscape_data_type */
-0x2B,0x0E,0x03,0x02,0x1A,                    /* [349] OBJ_sha1 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,/* [354] OBJ_sha1WithRSAEncryption */
-0x2B,0x0E,0x03,0x02,0x0D,                    /* [363] OBJ_dsaWithSHA */
-0x2B,0x0E,0x03,0x02,0x0C,                    /* [368] OBJ_dsa_2 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0B,/* [373] OBJ_pbeWithSHA1AndRC2_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0C,/* [382] OBJ_pbeWithSHA1AndRC4 */
-0x2B,0x0E,0x03,0x02,0x1B,                    /* [391] OBJ_dsaWithSHA1_2 */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x01,/* [396] OBJ_netscape_cert_type */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x02,/* [405] OBJ_netscape_base_url */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x03,/* [414] OBJ_netscape_revocation_url */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x04,/* [423] OBJ_netscape_ca_revocation_url */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x07,/* [432] OBJ_netscape_renewal_url */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x08,/* [441] OBJ_netscape_ca_policy_url */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0C,/* [450] OBJ_netscape_ssl_server_name */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0D,/* [459] OBJ_netscape_comment */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,0x05,/* [468] OBJ_netscape_cert_sequence */
-0x55,0x1D,                                   /* [477] OBJ_ld_ce */
-0x55,0x1D,0x0E,                              /* [479] OBJ_subject_key_identifier */
-0x55,0x1D,0x0F,                              /* [482] OBJ_key_usage */
-0x55,0x1D,0x10,                              /* [485] OBJ_private_key_usage_period */
-0x55,0x1D,0x11,                              /* [488] OBJ_subject_alt_name */
-0x55,0x1D,0x12,                              /* [491] OBJ_issuer_alt_name */
-0x55,0x1D,0x13,                              /* [494] OBJ_basic_constraints */
-0x55,0x1D,0x14,                              /* [497] OBJ_crl_number */
-0x55,0x1D,0x20,                              /* [500] OBJ_certificate_policies */
-0x55,0x1D,0x23,                              /* [503] OBJ_authority_key_identifier */
-0x55,0x08,0x03,0x65,                         /* [506] OBJ_mdc2 */
-0x55,0x08,0x03,0x64,                         /* [510] OBJ_mdc2WithRSA */
-0x55,0x04,0x2A,                              /* [514] OBJ_givenName */
-0x55,0x04,0x04,                              /* [517] OBJ_surname */
-0x55,0x04,0x2B,                              /* [520] OBJ_initials */
-0x55,0x04,0x2D,                              /* [523] OBJ_uniqueIdentifier */
-0x55,0x1D,0x1F,                              /* [526] OBJ_crl_distribution_points */
-0x2B,0x0E,0x03,0x02,0x03,                    /* [529] OBJ_md5WithRSA */
-0x55,0x04,0x05,                              /* [534] OBJ_serialNumber */
-0x55,0x04,0x0C,                              /* [537] OBJ_title */
-0x55,0x04,0x0D,                              /* [540] OBJ_description */
-0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0A,/* [543] OBJ_cast5_cbc */
-0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0C,/* [552] OBJ_pbeWithMD5AndCast5_CBC */
-0x2A,0x86,0x48,0xCE,0x38,0x04,0x03,          /* [561] OBJ_dsaWithSHA1 */
-0x2B,0x0E,0x03,0x02,0x1D,                    /* [568] OBJ_sha1WithRSA */
-0x2A,0x86,0x48,0xCE,0x38,0x04,0x01,          /* [573] OBJ_dsa */
-0x2B,0x24,0x03,0x02,0x01,                    /* [580] OBJ_ripemd160 */
-0x2B,0x24,0x03,0x03,0x01,0x02,               /* [585] OBJ_ripemd160WithRSA */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08,     /* [591] OBJ_rc5_cbc */
-};
-
-static ASN1_OBJECT nid_objs[NUM_NID]={
-{"UNDEF","undefined",NID_undef,0,NULL},
-{"rsadsi","rsadsi",NID_rsadsi,6,&(lvalues[0]),0},
-{"pkcs","pkcs",NID_pkcs,7,&(lvalues[6]),0},
-{"MD2","md2",NID_md2,8,&(lvalues[13]),0},
-{"MD5","md5",NID_md5,8,&(lvalues[21]),0},
-{"RC4","rc4",NID_rc4,8,&(lvalues[29]),0},
-{"rsaEncryption","rsaEncryption",NID_rsaEncryption,9,&(lvalues[37]),0},
-{"RSA-MD2","md2WithRSAEncryption",NID_md2WithRSAEncryption,9,
-	&(lvalues[46]),0},
-{"RSA-MD5","md5WithRSAEncryption",NID_md5WithRSAEncryption,9,
-	&(lvalues[55]),0},
-{"pbeWithMD2AndDES-CBC","pbeWithMD2AndDES-CBC",
-	NID_pbeWithMD2AndDES_CBC,9,&(lvalues[64]),0},
-{"pbeWithMD5AndDES-CBC","pbeWithMD5AndDES-CBC",
-	NID_pbeWithMD5AndDES_CBC,9,&(lvalues[73]),0},
-{"X500","X500",NID_X500,1,&(lvalues[82]),0},
-{"X509","X509",NID_X509,2,&(lvalues[83]),0},
-{"CN","commonName",NID_commonName,3,&(lvalues[85]),0},
-{"C","countryName",NID_countryName,3,&(lvalues[88]),0},
-{"L","localityName",NID_localityName,3,&(lvalues[91]),0},
-{"ST","stateOrProvinceName",NID_stateOrProvinceName,3,&(lvalues[94]),0},
-{"O","organizationName",NID_organizationName,3,&(lvalues[97]),0},
-{"OU","organizationalUnitName",NID_organizationalUnitName,3,
-	&(lvalues[100]),0},
-{"RSA","rsa",NID_rsa,4,&(lvalues[103]),0},
-{"pkcs7","pkcs7",NID_pkcs7,8,&(lvalues[107]),0},
-{"pkcs7-data","pkcs7-data",NID_pkcs7_data,9,&(lvalues[115]),0},
-{"pkcs7-signedData","pkcs7-signedData",NID_pkcs7_signed,9,
-	&(lvalues[124]),0},
-{"pkcs7-envelopedData","pkcs7-envelopedData",NID_pkcs7_enveloped,9,
-	&(lvalues[133]),0},
-{"pkcs7-signedAndEnvelopedData","pkcs7-signedAndEnvelopedData",
-	NID_pkcs7_signedAndEnveloped,9,&(lvalues[142]),0},
-{"pkcs7-digestData","pkcs7-digestData",NID_pkcs7_digest,9,
-	&(lvalues[151]),0},
-{"pkcs7-encryptedData","pkcs7-encryptedData",NID_pkcs7_encrypted,9,
-	&(lvalues[160]),0},
-{"pkcs3","pkcs3",NID_pkcs3,8,&(lvalues[169]),0},
-{"dhKeyAgreement","dhKeyAgreement",NID_dhKeyAgreement,9,
-	&(lvalues[177]),0},
-{"DES-ECB","des-ecb",NID_des_ecb,5,&(lvalues[186]),0},
-{"DES-CFB","des-cfb",NID_des_cfb64,5,&(lvalues[191]),0},
-{"DES-CBC","des-cbc",NID_des_cbc,5,&(lvalues[196]),0},
-{"DES-EDE","des-ede",NID_des_ede,5,&(lvalues[201]),0},
-{"DES-EDE3","des-ede3",NID_des_ede3,0,NULL},
-{"IDEA-CBC","idea-cbc",NID_idea_cbc,0,NULL},
-{"IDEA-CFB","idea-cfb",NID_idea_cfb64,0,NULL},
-{"IDEA-ECB","idea-ecb",NID_idea_ecb,0,NULL},
-{"RC2-CBC","rc2-cbc",NID_rc2_cbc,8,&(lvalues[206]),0},
-{"RC2-ECB","rc2-ecb",NID_rc2_ecb,0,NULL},
-{"RC2-CFB","rc2-cfb",NID_rc2_cfb64,0,NULL},
-{"RC2-OFB","rc2-ofb",NID_rc2_ofb64,0,NULL},
-{"SHA","sha",NID_sha,5,&(lvalues[214]),0},
-{"RSA-SHA","shaWithRSAEncryption",NID_shaWithRSAEncryption,5,
-	&(lvalues[219]),0},
-{"DES-EDE-CBC","des-ede-cbc",NID_des_ede_cbc,0,NULL},
-{"DES-EDE3-CBC","des-ede3-cbc",NID_des_ede3_cbc,8,&(lvalues[224]),0},
-{"DES-OFB","des-ofb",NID_des_ofb64,5,&(lvalues[232]),0},
-{"IDEA-OFB","idea-ofb",NID_idea_ofb64,0,NULL},
-{"pkcs9","pkcs9",NID_pkcs9,8,&(lvalues[237]),0},
-{"Email","emailAddress",NID_pkcs9_emailAddress,9,&(lvalues[245]),0},
-{"unstructuredName","unstructuredName",NID_pkcs9_unstructuredName,9,
-	&(lvalues[254]),0},
-{"contentType","contentType",NID_pkcs9_contentType,9,&(lvalues[263]),0},
-{"messageDigest","messageDigest",NID_pkcs9_messageDigest,9,
-	&(lvalues[272]),0},
-{"signingTime","signingTime",NID_pkcs9_signingTime,9,&(lvalues[281]),0},
-{"countersignature","countersignature",NID_pkcs9_countersignature,9,
-	&(lvalues[290]),0},
-{"challengePassword","challengePassword",NID_pkcs9_challengePassword,
-	9,&(lvalues[299]),0},
-{"unstructuredAddress","unstructuredAddress",
-	NID_pkcs9_unstructuredAddress,9,&(lvalues[308]),0},
-{"extendedCertificateAttributes","extendedCertificateAttributes",
-	NID_pkcs9_extCertAttributes,9,&(lvalues[317]),0},
-{"Netscape","Netscape Communications Corp.",NID_netscape,7,
-	&(lvalues[326]),0},
-{"nsCertExt","Netscape Certificate Extension",
-	NID_netscape_cert_extension,8,&(lvalues[333]),0},
-{"nsDataType","Netscape Data Type",NID_netscape_data_type,8,
-	&(lvalues[341]),0},
-{"DES-EDE-CFB","des-ede-cfb",NID_des_ede_cfb64,0,NULL},
-{"DES-EDE3-CFB","des-ede3-cfb",NID_des_ede3_cfb64,0,NULL},
-{"DES-EDE-OFB","des-ede-ofb",NID_des_ede_ofb64,0,NULL},
-{"DES-EDE3-OFB","des-ede3-ofb",NID_des_ede3_ofb64,0,NULL},
-{"SHA1","sha1",NID_sha1,5,&(lvalues[349]),0},
-{"RSA-SHA1","sha1WithRSAEncryption",NID_sha1WithRSAEncryption,9,
-	&(lvalues[354]),0},
-{"DSA-SHA","dsaWithSHA",NID_dsaWithSHA,5,&(lvalues[363]),0},
-{"DSA-old","dsaEncryption-old",NID_dsa_2,5,&(lvalues[368]),0},
-{"pbeWithSHA1AndRC2-CBC","pbeWithSHA1AndRC2-CBC",
-	NID_pbeWithSHA1AndRC2_CBC,9,&(lvalues[373]),0},
-{"pbeWithSHA1AndRC4","pbeWithSHA1AndRC4",NID_pbeWithSHA1AndRC4,9,
-	&(lvalues[382]),0},
-{"DSA-SHA1-old","dsaWithSHA1",NID_dsaWithSHA1_2,5,&(lvalues[391]),0},
-{"nsCertType","Netscape Cert Type",NID_netscape_cert_type,9,
-	&(lvalues[396]),0},
-{"nsBaseUrl","Netscape Base Url",NID_netscape_base_url,9,
-	&(lvalues[405]),0},
-{"nsRevocationUrl","Netscape Revocation Url",
-	NID_netscape_revocation_url,9,&(lvalues[414]),0},
-{"nsCaRevocationUrl","Netscape CA Revocation Url",
-	NID_netscape_ca_revocation_url,9,&(lvalues[423]),0},
-{"nsRenewalUrl","Netscape Renewal Url",NID_netscape_renewal_url,9,
-	&(lvalues[432]),0},
-{"nsCaPolicyUrl","Netscape CA Policy Url",NID_netscape_ca_policy_url,
-	9,&(lvalues[441]),0},
-{"nsSslServerName","Netscape SSL Server Name",
-	NID_netscape_ssl_server_name,9,&(lvalues[450]),0},
-{"nsComment","Netscape Comment",NID_netscape_comment,9,&(lvalues[459]),0},
-{"nsCertSequence","Netscape Certificate Sequence",
-	NID_netscape_cert_sequence,9,&(lvalues[468]),0},
-{"DESX-CBC","desx-cbc",NID_desx_cbc,0,NULL},
-{"ld-ce","ld-ce",NID_ld_ce,2,&(lvalues[477]),0},
-{"subjectKeyIdentifier","X509v3 Subject Key Identifier",
-	NID_subject_key_identifier,3,&(lvalues[479]),0},
-{"keyUsage","X509v3 Key Usage",NID_key_usage,3,&(lvalues[482]),0},
-{"privateKeyUsagePeriod","X509v3 Private Key Usage Period",
-	NID_private_key_usage_period,3,&(lvalues[485]),0},
-{"subjectAltName","X509v3 Subject Alternative Name",
-	NID_subject_alt_name,3,&(lvalues[488]),0},
-{"issuerAltName","X509v3 Issuer Alternative Name",NID_issuer_alt_name,
-	3,&(lvalues[491]),0},
-{"basicConstraints","X509v3 Basic Constraints",NID_basic_constraints,
-	3,&(lvalues[494]),0},
-{"crlNumber","X509v3 CRL Number",NID_crl_number,3,&(lvalues[497]),0},
-{"certificatePolicies","X509v3 Certificate Policies",
-	NID_certificate_policies,3,&(lvalues[500]),0},
-{"authorityKeyIdentifier","X509v3 Authority Key Identifier",
-	NID_authority_key_identifier,3,&(lvalues[503]),0},
-{"BF-CBC","bf-cbc",NID_bf_cbc,0,NULL},
-{"BF-ECB","bf-ecb",NID_bf_ecb,0,NULL},
-{"BF-CFB","bf-cfb",NID_bf_cfb64,0,NULL},
-{"BF-OFB","bf-ofb",NID_bf_ofb64,0,NULL},
-{"MDC2","mdc2",NID_mdc2,4,&(lvalues[506]),0},
-{"RSA-MDC2","mdc2withRSA",NID_mdc2WithRSA,4,&(lvalues[510]),0},
-{"RC4-40","rc4-40",NID_rc4_40,0,NULL},
-{"RC2-40-CBC","rc2-40-cbc",NID_rc2_40_cbc,0,NULL},
-{"G","givenName",NID_givenName,3,&(lvalues[514]),0},
-{"S","surname",NID_surname,3,&(lvalues[517]),0},
-{"I","initials",NID_initials,3,&(lvalues[520]),0},
-{"UID","uniqueIdentifier",NID_uniqueIdentifier,3,&(lvalues[523]),0},
-{"crlDistributionPoints","X509v3 CRL Distribution Points",
-	NID_crl_distribution_points,3,&(lvalues[526]),0},
-{"RSA-NP-MD5","md5WithRSA",NID_md5WithRSA,5,&(lvalues[529]),0},
-{"SN","serialNumber",NID_serialNumber,3,&(lvalues[534]),0},
-{"T","title",NID_title,3,&(lvalues[537]),0},
-{"D","description",NID_description,3,&(lvalues[540]),0},
-{"CAST5-CBC","cast5-cbc",NID_cast5_cbc,9,&(lvalues[543]),0},
-{"CAST5-ECB","cast5-ecb",NID_cast5_ecb,0,NULL},
-{"CAST5-CFB","cast5-cfb",NID_cast5_cfb64,0,NULL},
-{"CAST5-OFB","cast5-ofb",NID_cast5_ofb64,0,NULL},
-{"pbeWithMD5AndCast5CBC","pbeWithMD5AndCast5CBC",
-	NID_pbeWithMD5AndCast5_CBC,9,&(lvalues[552]),0},
-{"DSA-SHA1","dsaWithSHA1",NID_dsaWithSHA1,7,&(lvalues[561]),0},
-{"MD5-SHA1","md5-sha1",NID_md5_sha1,0,NULL},
-{"RSA-SHA1-2","sha1WithRSA",NID_sha1WithRSA,5,&(lvalues[568]),0},
-{"DSA","dsaEncryption",NID_dsa,7,&(lvalues[573]),0},
-{"RIPEMD160","ripemd160",NID_ripemd160,5,&(lvalues[580]),0},
-{NULL,NULL,NID_undef,0,NULL},
-{"RSA-RIPEMD160","ripemd160WithRSA",NID_ripemd160WithRSA,6,
-	&(lvalues[585]),0},
-{"RC5-CBC","rc5-cbc",NID_rc5_cbc,8,&(lvalues[591]),0},
-{"RC5-ECB","rc5-ecb",NID_rc5_ecb,0,NULL},
-{"RC5-CFB","rc5-cfb",NID_rc5_cfb64,0,NULL},
-{"RC5-OFB","rc5-ofb",NID_rc5_ofb64,0,NULL},
-};
-
-static ASN1_OBJECT *sn_objs[NUM_SN]={
-&(nid_objs[91]),/* "BF-CBC" */
-&(nid_objs[93]),/* "BF-CFB" */
-&(nid_objs[92]),/* "BF-ECB" */
-&(nid_objs[94]),/* "BF-OFB" */
-&(nid_objs[14]),/* "C" */
-&(nid_objs[108]),/* "CAST5-CBC" */
-&(nid_objs[110]),/* "CAST5-CFB" */
-&(nid_objs[109]),/* "CAST5-ECB" */
-&(nid_objs[111]),/* "CAST5-OFB" */
-&(nid_objs[13]),/* "CN" */
-&(nid_objs[107]),/* "D" */
-&(nid_objs[31]),/* "DES-CBC" */
-&(nid_objs[30]),/* "DES-CFB" */
-&(nid_objs[29]),/* "DES-ECB" */
-&(nid_objs[32]),/* "DES-EDE" */
-&(nid_objs[43]),/* "DES-EDE-CBC" */
-&(nid_objs[60]),/* "DES-EDE-CFB" */
-&(nid_objs[62]),/* "DES-EDE-OFB" */
-&(nid_objs[33]),/* "DES-EDE3" */
-&(nid_objs[44]),/* "DES-EDE3-CBC" */
-&(nid_objs[61]),/* "DES-EDE3-CFB" */
-&(nid_objs[63]),/* "DES-EDE3-OFB" */
-&(nid_objs[45]),/* "DES-OFB" */
-&(nid_objs[80]),/* "DESX-CBC" */
-&(nid_objs[116]),/* "DSA" */
-&(nid_objs[66]),/* "DSA-SHA" */
-&(nid_objs[113]),/* "DSA-SHA1" */
-&(nid_objs[70]),/* "DSA-SHA1-old" */
-&(nid_objs[67]),/* "DSA-old" */
-&(nid_objs[48]),/* "Email" */
-&(nid_objs[99]),/* "G" */
-&(nid_objs[101]),/* "I" */
-&(nid_objs[34]),/* "IDEA-CBC" */
-&(nid_objs[35]),/* "IDEA-CFB" */
-&(nid_objs[36]),/* "IDEA-ECB" */
-&(nid_objs[46]),/* "IDEA-OFB" */
-&(nid_objs[15]),/* "L" */
-&(nid_objs[ 3]),/* "MD2" */
-&(nid_objs[ 4]),/* "MD5" */
-&(nid_objs[114]),/* "MD5-SHA1" */
-&(nid_objs[95]),/* "MDC2" */
-&(nid_objs[57]),/* "Netscape" */
-&(nid_objs[17]),/* "O" */
-&(nid_objs[18]),/* "OU" */
-&(nid_objs[98]),/* "RC2-40-CBC" */
-&(nid_objs[37]),/* "RC2-CBC" */
-&(nid_objs[39]),/* "RC2-CFB" */
-&(nid_objs[38]),/* "RC2-ECB" */
-&(nid_objs[40]),/* "RC2-OFB" */
-&(nid_objs[ 5]),/* "RC4" */
-&(nid_objs[97]),/* "RC4-40" */
-&(nid_objs[120]),/* "RC5-CBC" */
-&(nid_objs[122]),/* "RC5-CFB" */
-&(nid_objs[121]),/* "RC5-ECB" */
-&(nid_objs[123]),/* "RC5-OFB" */
-&(nid_objs[117]),/* "RIPEMD160" */
-&(nid_objs[19]),/* "RSA" */
-&(nid_objs[ 7]),/* "RSA-MD2" */
-&(nid_objs[ 8]),/* "RSA-MD5" */
-&(nid_objs[96]),/* "RSA-MDC2" */
-&(nid_objs[104]),/* "RSA-NP-MD5" */
-&(nid_objs[119]),/* "RSA-RIPEMD160" */
-&(nid_objs[42]),/* "RSA-SHA" */
-&(nid_objs[65]),/* "RSA-SHA1" */
-&(nid_objs[115]),/* "RSA-SHA1-2" */
-&(nid_objs[100]),/* "S" */
-&(nid_objs[41]),/* "SHA" */
-&(nid_objs[64]),/* "SHA1" */
-&(nid_objs[105]),/* "SN" */
-&(nid_objs[16]),/* "ST" */
-&(nid_objs[106]),/* "T" */
-&(nid_objs[102]),/* "UID" */
-&(nid_objs[ 0]),/* "UNDEF" */
-&(nid_objs[90]),/* "authorityKeyIdentifier" */
-&(nid_objs[87]),/* "basicConstraints" */
-&(nid_objs[89]),/* "certificatePolicies" */
-&(nid_objs[103]),/* "crlDistributionPoints" */
-&(nid_objs[88]),/* "crlNumber" */
-&(nid_objs[86]),/* "issuerAltName" */
-&(nid_objs[83]),/* "keyUsage" */
-&(nid_objs[81]),/* "ld-ce" */
-&(nid_objs[72]),/* "nsBaseUrl" */
-&(nid_objs[76]),/* "nsCaPolicyUrl" */
-&(nid_objs[74]),/* "nsCaRevocationUrl" */
-&(nid_objs[58]),/* "nsCertExt" */
-&(nid_objs[79]),/* "nsCertSequence" */
-&(nid_objs[71]),/* "nsCertType" */
-&(nid_objs[78]),/* "nsComment" */
-&(nid_objs[59]),/* "nsDataType" */
-&(nid_objs[75]),/* "nsRenewalUrl" */
-&(nid_objs[73]),/* "nsRevocationUrl" */
-&(nid_objs[77]),/* "nsSslServerName" */
-&(nid_objs[84]),/* "privateKeyUsagePeriod" */
-&(nid_objs[85]),/* "subjectAltName" */
-&(nid_objs[82]),/* "subjectKeyIdentifier" */
-};
-
-static ASN1_OBJECT *ln_objs[NUM_LN]={
-&(nid_objs[72]),/* "Netscape Base Url" */
-&(nid_objs[76]),/* "Netscape CA Policy Url" */
-&(nid_objs[74]),/* "Netscape CA Revocation Url" */
-&(nid_objs[71]),/* "Netscape Cert Type" */
-&(nid_objs[58]),/* "Netscape Certificate Extension" */
-&(nid_objs[79]),/* "Netscape Certificate Sequence" */
-&(nid_objs[78]),/* "Netscape Comment" */
-&(nid_objs[57]),/* "Netscape Communications Corp." */
-&(nid_objs[59]),/* "Netscape Data Type" */
-&(nid_objs[75]),/* "Netscape Renewal Url" */
-&(nid_objs[73]),/* "Netscape Revocation Url" */
-&(nid_objs[77]),/* "Netscape SSL Server Name" */
-&(nid_objs[11]),/* "X500" */
-&(nid_objs[12]),/* "X509" */
-&(nid_objs[90]),/* "X509v3 Authority Key Identifier" */
-&(nid_objs[87]),/* "X509v3 Basic Constraints" */
-&(nid_objs[103]),/* "X509v3 CRL Distribution Points" */
-&(nid_objs[88]),/* "X509v3 CRL Number" */
-&(nid_objs[89]),/* "X509v3 Certificate Policies" */
-&(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */
-&(nid_objs[83]),/* "X509v3 Key Usage" */
-&(nid_objs[84]),/* "X509v3 Private Key Usage Period" */
-&(nid_objs[85]),/* "X509v3 Subject Alternative Name" */
-&(nid_objs[82]),/* "X509v3 Subject Key Identifier" */
-&(nid_objs[91]),/* "bf-cbc" */
-&(nid_objs[93]),/* "bf-cfb" */
-&(nid_objs[92]),/* "bf-ecb" */
-&(nid_objs[94]),/* "bf-ofb" */
-&(nid_objs[108]),/* "cast5-cbc" */
-&(nid_objs[110]),/* "cast5-cfb" */
-&(nid_objs[109]),/* "cast5-ecb" */
-&(nid_objs[111]),/* "cast5-ofb" */
-&(nid_objs[54]),/* "challengePassword" */
-&(nid_objs[13]),/* "commonName" */
-&(nid_objs[50]),/* "contentType" */
-&(nid_objs[53]),/* "countersignature" */
-&(nid_objs[14]),/* "countryName" */
-&(nid_objs[31]),/* "des-cbc" */
-&(nid_objs[30]),/* "des-cfb" */
-&(nid_objs[29]),/* "des-ecb" */
-&(nid_objs[32]),/* "des-ede" */
-&(nid_objs[43]),/* "des-ede-cbc" */
-&(nid_objs[60]),/* "des-ede-cfb" */
-&(nid_objs[62]),/* "des-ede-ofb" */
-&(nid_objs[33]),/* "des-ede3" */
-&(nid_objs[44]),/* "des-ede3-cbc" */
-&(nid_objs[61]),/* "des-ede3-cfb" */
-&(nid_objs[63]),/* "des-ede3-ofb" */
-&(nid_objs[45]),/* "des-ofb" */
-&(nid_objs[107]),/* "description" */
-&(nid_objs[80]),/* "desx-cbc" */
-&(nid_objs[28]),/* "dhKeyAgreement" */
-&(nid_objs[116]),/* "dsaEncryption" */
-&(nid_objs[67]),/* "dsaEncryption-old" */
-&(nid_objs[66]),/* "dsaWithSHA" */
-&(nid_objs[113]),/* "dsaWithSHA1" */
-&(nid_objs[70]),/* "dsaWithSHA1" */
-&(nid_objs[48]),/* "emailAddress" */
-&(nid_objs[56]),/* "extendedCertificateAttributes" */
-&(nid_objs[99]),/* "givenName" */
-&(nid_objs[34]),/* "idea-cbc" */
-&(nid_objs[35]),/* "idea-cfb" */
-&(nid_objs[36]),/* "idea-ecb" */
-&(nid_objs[46]),/* "idea-ofb" */
-&(nid_objs[101]),/* "initials" */
-&(nid_objs[15]),/* "localityName" */
-&(nid_objs[ 3]),/* "md2" */
-&(nid_objs[ 7]),/* "md2WithRSAEncryption" */
-&(nid_objs[ 4]),/* "md5" */
-&(nid_objs[114]),/* "md5-sha1" */
-&(nid_objs[104]),/* "md5WithRSA" */
-&(nid_objs[ 8]),/* "md5WithRSAEncryption" */
-&(nid_objs[95]),/* "mdc2" */
-&(nid_objs[96]),/* "mdc2withRSA" */
-&(nid_objs[51]),/* "messageDigest" */
-&(nid_objs[17]),/* "organizationName" */
-&(nid_objs[18]),/* "organizationalUnitName" */
-&(nid_objs[ 9]),/* "pbeWithMD2AndDES-CBC" */
-&(nid_objs[112]),/* "pbeWithMD5AndCast5CBC" */
-&(nid_objs[10]),/* "pbeWithMD5AndDES-CBC" */
-&(nid_objs[68]),/* "pbeWithSHA1AndRC2-CBC" */
-&(nid_objs[69]),/* "pbeWithSHA1AndRC4" */
-&(nid_objs[ 2]),/* "pkcs" */
-&(nid_objs[27]),/* "pkcs3" */
-&(nid_objs[20]),/* "pkcs7" */
-&(nid_objs[21]),/* "pkcs7-data" */
-&(nid_objs[25]),/* "pkcs7-digestData" */
-&(nid_objs[26]),/* "pkcs7-encryptedData" */
-&(nid_objs[23]),/* "pkcs7-envelopedData" */
-&(nid_objs[24]),/* "pkcs7-signedAndEnvelopedData" */
-&(nid_objs[22]),/* "pkcs7-signedData" */
-&(nid_objs[47]),/* "pkcs9" */
-&(nid_objs[98]),/* "rc2-40-cbc" */
-&(nid_objs[37]),/* "rc2-cbc" */
-&(nid_objs[39]),/* "rc2-cfb" */
-&(nid_objs[38]),/* "rc2-ecb" */
-&(nid_objs[40]),/* "rc2-ofb" */
-&(nid_objs[ 5]),/* "rc4" */
-&(nid_objs[97]),/* "rc4-40" */
-&(nid_objs[120]),/* "rc5-cbc" */
-&(nid_objs[122]),/* "rc5-cfb" */
-&(nid_objs[121]),/* "rc5-ecb" */
-&(nid_objs[123]),/* "rc5-ofb" */
-&(nid_objs[117]),/* "ripemd160" */
-&(nid_objs[119]),/* "ripemd160WithRSA" */
-&(nid_objs[19]),/* "rsa" */
-&(nid_objs[ 6]),/* "rsaEncryption" */
-&(nid_objs[ 1]),/* "rsadsi" */
-&(nid_objs[105]),/* "serialNumber" */
-&(nid_objs[41]),/* "sha" */
-&(nid_objs[64]),/* "sha1" */
-&(nid_objs[115]),/* "sha1WithRSA" */
-&(nid_objs[65]),/* "sha1WithRSAEncryption" */
-&(nid_objs[42]),/* "shaWithRSAEncryption" */
-&(nid_objs[52]),/* "signingTime" */
-&(nid_objs[16]),/* "stateOrProvinceName" */
-&(nid_objs[100]),/* "surname" */
-&(nid_objs[106]),/* "title" */
-&(nid_objs[ 0]),/* "undefined" */
-&(nid_objs[102]),/* "uniqueIdentifier" */
-&(nid_objs[55]),/* "unstructuredAddress" */
-&(nid_objs[49]),/* "unstructuredName" */
-};
-
-static ASN1_OBJECT *obj_objs[NUM_OBJ]={
-&(nid_objs[11]),/* OBJ_X500                         2 5 */
-&(nid_objs[12]),/* OBJ_X509                         2 5 4 */
-&(nid_objs[81]),/* OBJ_ld_ce                        2 5 29 */
-&(nid_objs[13]),/* OBJ_commonName                   2 5 4 3 */
-&(nid_objs[100]),/* OBJ_surname                      2 5 4 4 */
-&(nid_objs[105]),/* OBJ_serialNumber                 2 5 4 5 */
-&(nid_objs[14]),/* OBJ_countryName                  2 5 4 6 */
-&(nid_objs[15]),/* OBJ_localityName                 2 5 4 7 */
-&(nid_objs[16]),/* OBJ_stateOrProvinceName          2 5 4 8 */
-&(nid_objs[17]),/* OBJ_organizationName             2 5 4 10 */
-&(nid_objs[18]),/* OBJ_organizationalUnitName       2 5 4 11 */
-&(nid_objs[106]),/* OBJ_title                        2 5 4 12 */
-&(nid_objs[107]),/* OBJ_description                  2 5 4 13 */
-&(nid_objs[99]),/* OBJ_givenName                    2 5 4 42 */
-&(nid_objs[101]),/* OBJ_initials                     2 5 4 43 */
-&(nid_objs[102]),/* OBJ_uniqueIdentifier             2 5 4 45 */
-&(nid_objs[82]),/* OBJ_subject_key_identifier       2 5 29 14 */
-&(nid_objs[83]),/* OBJ_key_usage                    2 5 29 15 */
-&(nid_objs[84]),/* OBJ_private_key_usage_period     2 5 29 16 */
-&(nid_objs[85]),/* OBJ_subject_alt_name             2 5 29 17 */
-&(nid_objs[86]),/* OBJ_issuer_alt_name              2 5 29 18 */
-&(nid_objs[87]),/* OBJ_basic_constraints            2 5 29 19 */
-&(nid_objs[88]),/* OBJ_crl_number                   2 5 29 20 */
-&(nid_objs[103]),/* OBJ_crl_distribution_points      2 5 29 31 */
-&(nid_objs[89]),/* OBJ_certificate_policies         2 5 29 32 */
-&(nid_objs[90]),/* OBJ_authority_key_identifier     2 5 29 35 */
-&(nid_objs[19]),/* OBJ_rsa                          2 5 8 1 1 */
-&(nid_objs[96]),/* OBJ_mdc2WithRSA                  2 5 8 3 100 */
-&(nid_objs[95]),/* OBJ_mdc2                         2 5 8 3 101 */
-&(nid_objs[104]),/* OBJ_md5WithRSA                   1 3 14 3 2 3 */
-&(nid_objs[29]),/* OBJ_des_ecb                      1 3 14 3 2 6 */
-&(nid_objs[31]),/* OBJ_des_cbc                      1 3 14 3 2 7 */
-&(nid_objs[45]),/* OBJ_des_ofb64                    1 3 14 3 2 8 */
-&(nid_objs[30]),/* OBJ_des_cfb64                    1 3 14 3 2 9 */
-&(nid_objs[67]),/* OBJ_dsa_2                        1 3 14 3 2 12 */
-&(nid_objs[66]),/* OBJ_dsaWithSHA                   1 3 14 3 2 13 */
-&(nid_objs[42]),/* OBJ_shaWithRSAEncryption         1 3 14 3 2 15 */
-&(nid_objs[32]),/* OBJ_des_ede                      1 3 14 3 2 17 */
-&(nid_objs[41]),/* OBJ_sha                          1 3 14 3 2 18 */
-&(nid_objs[64]),/* OBJ_sha1                         1 3 14 3 2 26 */
-&(nid_objs[70]),/* OBJ_dsaWithSHA1_2                1 3 14 3 2 27 */
-&(nid_objs[115]),/* OBJ_sha1WithRSA                  1 3 14 3 2 29 */
-&(nid_objs[117]),/* OBJ_ripemd160                    1 3 36 3 2 1 */
-&(nid_objs[ 1]),/* OBJ_rsadsi                       1 2 840 113549 */
-&(nid_objs[119]),/* OBJ_ripemd160WithRSA             1 3 36 3 3 1 2 */
-&(nid_objs[ 2]),/* OBJ_pkcs                         1 2 840 113549 1 */
-&(nid_objs[116]),/* OBJ_dsa                          1 2 840 10040 4 1 */
-&(nid_objs[113]),/* OBJ_dsaWithSHA1                  1 2 840 10040 4 3 */
-&(nid_objs[57]),/* OBJ_netscape                     2 16 840 1 113730 */
-&(nid_objs[27]),/* OBJ_pkcs3                        1 2 840 113549 1 3 */
-&(nid_objs[20]),/* OBJ_pkcs7                        1 2 840 113549 1 7 */
-&(nid_objs[47]),/* OBJ_pkcs9                        1 2 840 113549 1 9 */
-&(nid_objs[ 3]),/* OBJ_md2                          1 2 840 113549 2 2 */
-&(nid_objs[ 4]),/* OBJ_md5                          1 2 840 113549 2 5 */
-&(nid_objs[37]),/* OBJ_rc2_cbc                      1 2 840 113549 3 2 */
-&(nid_objs[ 5]),/* OBJ_rc4                          1 2 840 113549 3 4 */
-&(nid_objs[44]),/* OBJ_des_ede3_cbc                 1 2 840 113549 3 7 */
-&(nid_objs[120]),/* OBJ_rc5_cbc                      1 2 840 113549 3 8 */
-&(nid_objs[58]),/* OBJ_netscape_cert_extension      2 16 840 1 113730 1 */
-&(nid_objs[59]),/* OBJ_netscape_data_type           2 16 840 1 113730 2 */
-&(nid_objs[108]),/* OBJ_cast5_cbc                    1 2 840 113533 7 66 10 */
-&(nid_objs[112]),/* OBJ_pbeWithMD5AndCast5_CBC       1 2 840 113533 7 66 12 */
-&(nid_objs[ 6]),/* OBJ_rsaEncryption                1 2 840 113549 1 1 1 */
-&(nid_objs[ 7]),/* OBJ_md2WithRSAEncryption         1 2 840 113549 1 1 2 */
-&(nid_objs[ 8]),/* OBJ_md5WithRSAEncryption         1 2 840 113549 1 1 4 */
-&(nid_objs[65]),/* OBJ_sha1WithRSAEncryption        1 2 840 113549 1 1 5 */
-&(nid_objs[28]),/* OBJ_dhKeyAgreement               1 2 840 113549 1 3 1 */
-&(nid_objs[ 9]),/* OBJ_pbeWithMD2AndDES_CBC         1 2 840 113549 1 5 1 */
-&(nid_objs[10]),/* OBJ_pbeWithMD5AndDES_CBC         1 2 840 113549 1 5 3 */
-&(nid_objs[68]),/* OBJ_pbeWithSHA1AndRC2_CBC        1 2 840 113549 1 5 11  */
-&(nid_objs[69]),/* OBJ_pbeWithSHA1AndRC4            1 2 840 113549 1 5 12  */
-&(nid_objs[21]),/* OBJ_pkcs7_data                   1 2 840 113549 1 7 1 */
-&(nid_objs[22]),/* OBJ_pkcs7_signed                 1 2 840 113549 1 7 2 */
-&(nid_objs[23]),/* OBJ_pkcs7_enveloped              1 2 840 113549 1 7 3 */
-&(nid_objs[24]),/* OBJ_pkcs7_signedAndEnveloped     1 2 840 113549 1 7 4 */
-&(nid_objs[25]),/* OBJ_pkcs7_digest                 1 2 840 113549 1 7 5 */
-&(nid_objs[26]),/* OBJ_pkcs7_encrypted              1 2 840 113549 1 7 6 */
-&(nid_objs[48]),/* OBJ_pkcs9_emailAddress           1 2 840 113549 1 9 1 */
-&(nid_objs[49]),/* OBJ_pkcs9_unstructuredName       1 2 840 113549 1 9 2 */
-&(nid_objs[50]),/* OBJ_pkcs9_contentType            1 2 840 113549 1 9 3 */
-&(nid_objs[51]),/* OBJ_pkcs9_messageDigest          1 2 840 113549 1 9 4 */
-&(nid_objs[52]),/* OBJ_pkcs9_signingTime            1 2 840 113549 1 9 5 */
-&(nid_objs[53]),/* OBJ_pkcs9_countersignature       1 2 840 113549 1 9 6 */
-&(nid_objs[54]),/* OBJ_pkcs9_challengePassword      1 2 840 113549 1 9 7 */
-&(nid_objs[55]),/* OBJ_pkcs9_unstructuredAddress    1 2 840 113549 1 9 8 */
-&(nid_objs[56]),/* OBJ_pkcs9_extCertAttributes      1 2 840 113549 1 9 9 */
-&(nid_objs[71]),/* OBJ_netscape_cert_type           2 16 840 1 113730 1 1 */
-&(nid_objs[72]),/* OBJ_netscape_base_url            2 16 840 1 113730 1 2 */
-&(nid_objs[73]),/* OBJ_netscape_revocation_url      2 16 840 1 113730 1 3 */
-&(nid_objs[74]),/* OBJ_netscape_ca_revocation_url   2 16 840 1 113730 1 4 */
-&(nid_objs[75]),/* OBJ_netscape_renewal_url         2 16 840 1 113730 1 7 */
-&(nid_objs[76]),/* OBJ_netscape_ca_policy_url       2 16 840 1 113730 1 8 */
-&(nid_objs[77]),/* OBJ_netscape_ssl_server_name     2 16 840 1 113730 1 12 */
-&(nid_objs[78]),/* OBJ_netscape_comment             2 16 840 1 113730 1 13 */
-&(nid_objs[79]),/* OBJ_netscape_cert_sequence       2 16 840 1 113730 2 5 */
-};
-
diff --git a/lib/libssl/src/crypto/objects/obj_dat.pl b/lib/libssl/src/crypto/objects/obj_dat.pl
index 4e7879d3f33..5043daef2a2 100644
--- a/lib/libssl/src/crypto/objects/obj_dat.pl
+++ b/lib/libssl/src/crypto/objects/obj_dat.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 
 sub obj_cmp
 	{
@@ -252,7 +252,7 @@ sub der_it
 	$ret.=pack("C*",$a[0]*40+$a[1]);
 	shift @a;
 	shift @a;
-	while ($_=shift(@a))
+	foreach (@a)
 		{
 		@r=();
 		$t=0;
diff --git a/lib/libssl/src/crypto/objects/obj_err.c b/lib/libssl/src/crypto/objects/obj_err.c
index 45206c616cc..cef401db277 100644
--- a/lib/libssl/src/crypto/objects/obj_err.c
+++ b/lib/libssl/src/crypto/objects/obj_err.c
@@ -1,63 +1,65 @@
-/* lib/obj/obj_err.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* crypto/objects/obj_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
+ */
+
 #include <stdio.h>
-#include "err.h"
-#include "objects.h"
+#include <openssl/err.h>
+#include <openssl/objects.h>
 
 /* BEGIN ERROR CODES */
 #ifndef NO_ERR
@@ -68,24 +70,24 @@ static ERR_STRING_DATA OBJ_str_functs[]=
 {ERR_PACK(0,OBJ_F_OBJ_NID2LN,0),	"OBJ_nid2ln"},
 {ERR_PACK(0,OBJ_F_OBJ_NID2OBJ,0),	"OBJ_nid2obj"},
 {ERR_PACK(0,OBJ_F_OBJ_NID2SN,0),	"OBJ_nid2sn"},
-{0,NULL},
+{0,NULL}
 	};
 
 static ERR_STRING_DATA OBJ_str_reasons[]=
 	{
 {OBJ_R_MALLOC_FAILURE                    ,"malloc failure"},
 {OBJ_R_UNKNOWN_NID                       ,"unknown nid"},
-{0,NULL},
+{0,NULL}
 	};
 
 #endif
 
-void ERR_load_OBJ_strings()
+void ERR_load_OBJ_strings(void)
 	{
 	static int init=1;
 
-	if (init);
-		{;
+	if (init)
+		{
 		init=0;
 #ifndef NO_ERR
 		ERR_load_strings(ERR_LIB_OBJ,OBJ_str_functs);
diff --git a/lib/libssl/src/crypto/objects/obj_lib.c b/lib/libssl/src/crypto/objects/obj_lib.c
index 0a9c7561979..1a1ba0fc063 100644
--- a/lib/libssl/src/crypto/objects/obj_lib.c
+++ b/lib/libssl/src/crypto/objects/obj_lib.c
@@ -58,27 +58,27 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "lhash.h"
-#include "objects.h"
-#include "buffer.h"
+#include <openssl/lhash.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
 
-ASN1_OBJECT *OBJ_dup(o)
-ASN1_OBJECT *o;
+ASN1_OBJECT *OBJ_dup(ASN1_OBJECT *o)
 	{
 	ASN1_OBJECT *r;
 	int i;
+	char *ln=NULL;
 
 	if (o == NULL) return(NULL);
 	if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC))
 		return(o);
 
-	r=(ASN1_OBJECT *)ASN1_OBJECT_new();
+	r=ASN1_OBJECT_new();
 	if (r == NULL)
 		{
 		OBJerr(OBJ_F_OBJ_DUP,ERR_R_ASN1_LIB);
 		return(NULL);
 		}
-	r->data=(unsigned char *)Malloc(o->length);
+	r->data=Malloc(o->length);
 	if (r->data == NULL)
 		goto err;
 	memcpy(r->data,o->data,o->length);
@@ -88,35 +88,35 @@ ASN1_OBJECT *o;
 	if (o->ln != NULL)
 		{
 		i=strlen(o->ln)+1;
-		r->ln=(char *)Malloc(i);
+		r->ln=ln=Malloc(i);
 		if (r->ln == NULL) goto err;
-		memcpy(r->ln,o->ln,i);
+		memcpy(ln,o->ln,i);
 		}
 
 	if (o->sn != NULL)
 		{
+		char *s;
+
 		i=strlen(o->sn)+1;
-		r->sn=(char *)Malloc(i);
+		r->sn=s=Malloc(i);
 		if (r->sn == NULL) goto err;
-		memcpy(r->sn,o->sn,i);
+		memcpy(s,o->sn,i);
 		}
 	r->flags=o->flags|(ASN1_OBJECT_FLAG_DYNAMIC|
-		ASN1_OBJECT_FLAG_DYNAMIC_STRINGS);
+		ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|ASN1_OBJECT_FLAG_DYNAMIC_DATA);
 	return(r);
 err:
 	OBJerr(OBJ_F_OBJ_DUP,ERR_R_MALLOC_FAILURE);
 	if (r != NULL)
 		{
-		if (r->ln != NULL) Free(r->ln);
+		if (ln != NULL) Free(ln);
 		if (r->data != NULL) Free(r->data);
 		Free(r);
 		}
 	return(NULL);
 	}
 
-int OBJ_cmp(a,b)
-ASN1_OBJECT *a;
-ASN1_OBJECT *b;
+int OBJ_cmp(ASN1_OBJECT *a, ASN1_OBJECT *b)
 	{
 	int ret;
 
diff --git a/lib/libssl/src/crypto/objects/objects.err b/lib/libssl/src/crypto/objects/objects.err
deleted file mode 100644
index 8bec3eaea2f..00000000000
--- a/lib/libssl/src/crypto/objects/objects.err
+++ /dev/null
@@ -1,12 +0,0 @@
-/* Error codes for the OBJ functions. */
-
-/* Function codes. */
-#define OBJ_F_OBJ_CREATE				 100
-#define OBJ_F_OBJ_DUP					 101
-#define OBJ_F_OBJ_NID2LN				 102
-#define OBJ_F_OBJ_NID2OBJ				 103
-#define OBJ_F_OBJ_NID2SN				 104
-
-/* Reason codes. */
-#define OBJ_R_MALLOC_FAILURE				 100
-#define OBJ_R_UNKNOWN_NID				 101
diff --git a/lib/libssl/src/crypto/objects/objects.h b/lib/libssl/src/crypto/objects/objects.h
index e1d555b47c3..d03748e0228 100644
--- a/lib/libssl/src/crypto/objects/objects.h
+++ b/lib/libssl/src/crypto/objects/objects.h
@@ -66,6 +66,7 @@ extern "C" {
 #define SN_undef			"UNDEF"
 #define LN_undef			"undefined"
 #define NID_undef			0
+#define OBJ_undef			0L
 
 #define SN_Algorithm			"Algorithm"
 #define LN_algorithm			"algorithm"
@@ -383,13 +384,16 @@ extern "C" {
 #define NID_pbeWithSHA1AndRC2_CBC	68
 #define OBJ_pbeWithSHA1AndRC2_CBC	OBJ_pkcs,5L,11L 
 
-/* proposed by microsoft to RSA */
-#define LN_pbeWithSHA1AndRC4		"pbeWithSHA1AndRC4"
-#define NID_pbeWithSHA1AndRC4		69
-#define OBJ_pbeWithSHA1AndRC4		OBJ_pkcs,5L,12L 
+/* proposed by microsoft to RSA as pbeWithSHA1AndRC4: it is now
+ * defined explicitly in PKCS#5 v2.0 as id-PBKDF2 which is something
+ * completely different.
+ */
+#define LN_id_pbkdf2			"PBKDF2"
+#define NID_id_pbkdf2			69
+#define OBJ_id_pbkdf2			OBJ_pkcs,5L,12L 
 
 #define SN_dsaWithSHA1_2		"DSA-SHA1-old"
-#define LN_dsaWithSHA1_2		"dsaWithSHA1"
+#define LN_dsaWithSHA1_2		"dsaWithSHA1-old"
 #define NID_dsaWithSHA1_2		70
 /* Got this one from 'sdn706r20.pdf' which is actually an NSA document :-) */
 #define OBJ_dsaWithSHA1_2		OBJ_algorithm,27L
@@ -654,21 +658,280 @@ extern "C" {
 #define LN_rc5_ofb64			"rc5-ofb"
 #define NID_rc5_ofb64			123
 
-#include "bio.h"
-#include "asn1.h"
+#define SN_rle_compression		"RLE"
+#define LN_rle_compression		"run length compression"
+#define NID_rle_compression		124
+#define OBJ_rle_compression		1L,1L,1L,1L,666L.1L
+
+#define SN_zlib_compression		"ZLIB"
+#define LN_zlib_compression		"zlib compression"
+#define NID_zlib_compression		125
+#define OBJ_zlib_compression		1L,1L,1L,1L,666L.2L
+
+#define SN_ext_key_usage		"extendedKeyUsage"
+#define LN_ext_key_usage		"X509v3 Extended Key Usage"
+#define NID_ext_key_usage		126
+#define OBJ_ext_key_usage		OBJ_ld_ce,37
+
+#define SN_id_pkix			"PKIX"
+#define NID_id_pkix			127
+#define OBJ_id_pkix			1L,3L,6L,1L,5L,5L,7L
+
+#define SN_id_kp			"id-kp"
+#define NID_id_kp			128
+#define OBJ_id_kp			OBJ_id_pkix,3L
+
+/* PKIX extended key usage OIDs */
+
+#define SN_server_auth			"serverAuth"
+#define LN_server_auth			"TLS Web Server Authentication"
+#define NID_server_auth			129
+#define OBJ_server_auth			OBJ_id_kp,1L
+
+#define SN_client_auth			"clientAuth"
+#define LN_client_auth			"TLS Web Client Authentication"
+#define NID_client_auth			130
+#define OBJ_client_auth			OBJ_id_kp,2L
+
+#define SN_code_sign			"codeSigning"
+#define LN_code_sign			"Code Signing"
+#define NID_code_sign			131
+#define OBJ_code_sign			OBJ_id_kp,3L
+
+#define SN_email_protect		"emailProtection"
+#define LN_email_protect		"E-mail Protection"
+#define NID_email_protect		132
+#define OBJ_email_protect		OBJ_id_kp,4L
+
+#define SN_time_stamp			"timeStamping"
+#define LN_time_stamp			"Time Stamping"
+#define NID_time_stamp			133
+#define OBJ_time_stamp			OBJ_id_kp,8L
+
+/* Additional extended key usage OIDs: Microsoft */
+
+#define SN_ms_code_ind			"msCodeInd"
+#define LN_ms_code_ind			"Microsoft Individual Code Signing"
+#define NID_ms_code_ind			134
+#define OBJ_ms_code_ind			1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+
+#define SN_ms_code_com			"msCodeCom"
+#define LN_ms_code_com			"Microsoft Commercial Code Signing"
+#define NID_ms_code_com			135
+#define OBJ_ms_code_com			1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+
+#define SN_ms_ctl_sign			"msCTLSign"
+#define LN_ms_ctl_sign			"Microsoft Trust List Signing"
+#define NID_ms_ctl_sign			136
+#define OBJ_ms_ctl_sign			1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+
+#define SN_ms_sgc			"msSGC"
+#define LN_ms_sgc			"Microsoft Server Gated Crypto"
+#define NID_ms_sgc			137
+#define OBJ_ms_sgc			1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+
+#define SN_ms_efs			"msEFS"
+#define LN_ms_efs			"Microsoft Encrypted File System"
+#define NID_ms_efs			138
+#define OBJ_ms_efs			1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+
+/* Addidional usage: Netscape */
+
+#define SN_ns_sgc			"nsSGC"
+#define LN_ns_sgc			"Netscape Server Gated Crypto"
+#define NID_ns_sgc			139
+#define OBJ_ns_sgc			OBJ_netscape,4L,1L
+
+#define SN_delta_crl			"deltaCRL"
+#define LN_delta_crl			"X509v3 Delta CRL Indicator"
+#define NID_delta_crl			140
+#define OBJ_delta_crl			OBJ_ld_ce,27L
+
+#define SN_crl_reason			"CRLReason"
+#define LN_crl_reason			"CRL Reason Code"
+#define NID_crl_reason			141
+#define OBJ_crl_reason			OBJ_ld_ce,21L
+
+#define SN_invalidity_date		"invalidityDate"
+#define LN_invalidity_date		"Invalidity Date"
+#define NID_invalidity_date		142
+#define OBJ_invalidity_date		OBJ_ld_ce,24L
+
+#define SN_sxnet			"SXNetID"
+#define LN_sxnet			"Strong Extranet ID"
+#define NID_sxnet			143
+#define OBJ_sxnet			1L,3L,101L,1L,4L,1L
+
+/* PKCS12 and related OBJECT IDENTIFIERS */
+
+#define OBJ_pkcs12			OBJ_pkcs,12L
+#define OBJ_pkcs12_pbeids		OBJ_pkcs12, 1
+
+#define LN_pbe_WithSHA1And128BitRC4	"pbeWithSHA1And128BitRC4"
+#define NID_pbe_WithSHA1And128BitRC4	144
+#define OBJ_pbe_WithSHA1And128BitRC4	OBJ_pkcs12_pbeids, 1L
+
+#define LN_pbe_WithSHA1And40BitRC4	"pbeWithSHA1And40BitRC4"
+#define NID_pbe_WithSHA1And40BitRC4	145
+#define OBJ_pbe_WithSHA1And40BitRC4	OBJ_pkcs12_pbeids, 2L
+
+#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC	"pbeWithSHA1And3-KeyTripleDES-CBC"
+#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC	146
+#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC	OBJ_pkcs12_pbeids, 3L
+
+#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC	"pbeWithSHA1And2-KeyTripleDES-CBC"
+#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC	147
+#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC	OBJ_pkcs12_pbeids, 4L
+
+#define LN_pbe_WithSHA1And128BitRC2_CBC		"pbeWithSHA1And128BitRC2-CBC"
+#define NID_pbe_WithSHA1And128BitRC2_CBC	148
+#define OBJ_pbe_WithSHA1And128BitRC2_CBC	OBJ_pkcs12_pbeids, 5L
+
+#define LN_pbe_WithSHA1And40BitRC2_CBC	"pbeWithSHA1And40BitRC2-CBC"
+#define NID_pbe_WithSHA1And40BitRC2_CBC	149
+#define OBJ_pbe_WithSHA1And40BitRC2_CBC	OBJ_pkcs12_pbeids, 6L
+
+#define OBJ_pkcs12_Version1	OBJ_pkcs12, 10L
+
+#define OBJ_pkcs12_BagIds	OBJ_pkcs12_Version1, 1L
+
+#define LN_keyBag		"keyBag"
+#define NID_keyBag		150
+#define OBJ_keyBag		OBJ_pkcs12_BagIds, 1L
+
+#define LN_pkcs8ShroudedKeyBag	"pkcs8ShroudedKeyBag"
+#define NID_pkcs8ShroudedKeyBag	151
+#define OBJ_pkcs8ShroudedKeyBag	OBJ_pkcs12_BagIds, 2L
+
+#define LN_certBag		"certBag"
+#define NID_certBag		152
+#define OBJ_certBag		OBJ_pkcs12_BagIds, 3L
+
+#define LN_crlBag		"crlBag"
+#define NID_crlBag		153
+#define OBJ_crlBag		OBJ_pkcs12_BagIds, 4L
+
+#define LN_secretBag		"secretBag"
+#define NID_secretBag		154
+#define OBJ_secretBag		OBJ_pkcs12_BagIds, 5L
+
+#define LN_safeContentsBag	"safeContentsBag"
+#define NID_safeContentsBag	155
+#define OBJ_safeContentsBag	OBJ_pkcs12_BagIds, 6L
+
+#define LN_friendlyName		"friendlyName"
+#define	NID_friendlyName	156
+#define OBJ_friendlyName	OBJ_pkcs9, 20L
+
+#define LN_localKeyID		"localKeyID"
+#define	NID_localKeyID		157
+#define OBJ_localKeyID		OBJ_pkcs9, 21L
+
+#define OBJ_certTypes		OBJ_pkcs9, 22L
+
+#define LN_x509Certificate	"x509Certificate"
+#define	NID_x509Certificate	158
+#define OBJ_x509Certificate	OBJ_certTypes, 1L
+
+#define LN_sdsiCertificate	"sdsiCertificate"
+#define	NID_sdsiCertificate	159
+#define OBJ_sdsiCertificate	OBJ_certTypes, 2L
+
+#define OBJ_crlTypes		OBJ_pkcs9, 23L
+
+#define LN_x509Crl		"x509Crl"
+#define	NID_x509Crl		160
+#define OBJ_x509Crl		OBJ_crlTypes, 1L
+
+/* PKCS#5 v2 OIDs */
+
+#define LN_pbes2		"PBES2"
+#define NID_pbes2		161
+#define OBJ_pbes2		OBJ_pkcs,5L,13L
+
+#define LN_pbmac1		"PBMAC1"
+#define NID_pbmac1		162
+#define OBJ_pbmac1		OBJ_pkcs,5L,14L
+
+#define LN_hmacWithSHA1		"hmacWithSHA1"
+#define NID_hmacWithSHA1	163
+#define OBJ_hmacWithSHA1	OBJ_rsadsi,2L,7L
+
+/* Policy Qualifier Ids */
+
+#define LN_id_qt_cps		"Policy Qualifier CPS"
+#define SN_id_qt_cps		"id-qt-cps"
+#define NID_id_qt_cps		164
+#define OBJ_id_qt_cps		OBJ_id_pkix,2L,1L
+
+#define LN_id_qt_unotice	"Policy Qualifier User Notice"
+#define SN_id_qt_unotice	"id-qt-unotice"
+#define NID_id_qt_unotice	165
+#define OBJ_id_qt_unotice	OBJ_id_pkix,2L,2L
+
+#define SN_rc2_64_cbc			"RC2-64-CBC"
+#define LN_rc2_64_cbc			"rc2-64-cbc"
+#define NID_rc2_64_cbc			166
+
+#define SN_SMIMECapabilities		"SMIME-CAPS"
+#define LN_SMIMECapabilities		"S/MIME Capabilities"
+#define NID_SMIMECapabilities		167
+#define OBJ_SMIMECapabilities		OBJ_id_pkcs9,15L
+
+#define LN_pbeWithMD2AndRC2_CBC		"pbeWithMD2AndRC2-CBC"
+#define NID_pbeWithMD2AndRC2_CBC	168
+#define OBJ_pbeWithMD2AndRC2_CBC	OBJ_pkcs,5L,4L
+
+#define LN_pbeWithMD5AndRC2_CBC		"pbeWithMD5AndRC2-CBC"
+#define NID_pbeWithMD5AndRC2_CBC	169
+#define OBJ_pbeWithMD5AndRC2_CBC	OBJ_pkcs,5L,6L
+
+#define LN_pbeWithSHA1AndDES_CBC	"pbeWithSHA1AndDES-CBC"
+#define NID_pbeWithSHA1AndDES_CBC	170
+#define OBJ_pbeWithSHA1AndDES_CBC	OBJ_pkcs,5L,10L
+
+#include <openssl/bio.h>
+#include <openssl/asn1.h>
+
+#define	OBJ_NAME_TYPE_UNDEF		0x00
+#define	OBJ_NAME_TYPE_MD_METH		0x01
+#define	OBJ_NAME_TYPE_CIPHER_METH	0x02
+#define	OBJ_NAME_TYPE_PKEY_METH		0x03
+#define	OBJ_NAME_TYPE_COMP_METH		0x04
+#define	OBJ_NAME_TYPE_NUM		0x05
+
+#define	OBJ_NAME_ALIAS		0x8000
+
+
+typedef struct obj_name_st
+	{
+	int type;
+	int alias;
+	const char *name;
+	const char *data;
+	} OBJ_NAME;
 
 #define		OBJ_create_and_add_object(a,b,c) OBJ_create(a,b,c)
 
-#ifndef NOPROTO
+
+int OBJ_NAME_init(void);
+int OBJ_NAME_new_index(unsigned long (*hash_func)(),int (*cmp_func)(),
+	void (*free_func)());
+const char *OBJ_NAME_get(const char *name,int type);
+int OBJ_NAME_add(const char *name,int type,const char *data);
+int OBJ_NAME_remove(const char *name,int type);
+void OBJ_NAME_cleanup(int type); /* -1 for everything */
 
 ASN1_OBJECT *	OBJ_dup(ASN1_OBJECT *o);
 ASN1_OBJECT *	OBJ_nid2obj(int n);
-char *		OBJ_nid2ln(int n);
-char *		OBJ_nid2sn(int n);
+const char *	OBJ_nid2ln(int n);
+const char *	OBJ_nid2sn(int n);
 int		OBJ_obj2nid(ASN1_OBJECT *o);
+ASN1_OBJECT *	OBJ_txt2obj(const char *s, int no_name);
+int	OBJ_obj2txt(char *buf, int buf_len, ASN1_OBJECT *a, int no_name);
 int		OBJ_txt2nid(char *s);
-int		OBJ_ln2nid(char *s);
-int		OBJ_sn2nid(char *s);
+int		OBJ_ln2nid(const char *s);
+int		OBJ_sn2nid(const char *s);
 int		OBJ_cmp(ASN1_OBJECT *a,ASN1_OBJECT *b);
 char *		OBJ_bsearch(char *key,char *base,int num,int size,int (*cmp)());
 
@@ -680,30 +943,11 @@ int		OBJ_create(char *oid,char *sn,char *ln);
 void		OBJ_cleanup(void );
 int		OBJ_create_objects(BIO *in);
 
-#else
-
-ASN1_OBJECT *	OBJ_dup();
-ASN1_OBJECT *	OBJ_nid2obj();
-char *		OBJ_nid2ln();
-char *		OBJ_nid2sn();
-int		OBJ_obj2nid();
-int		OBJ_txt2nid();
-int		OBJ_ln2nid();
-int		OBJ_sn2nid();
-int		OBJ_cmp();
-char *		OBJ_bsearch();
-
-void		ERR_load_OBJ_strings();
-
-int		OBJ_new_nid();
-int		OBJ_add_object();
-int		OBJ_create();
-void		OBJ_cleanup();
-int		OBJ_create_objects();
-
-#endif
-
 /* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
 /* Error codes for the OBJ functions. */
 
 /* Function codes. */
@@ -716,7 +960,7 @@ int		OBJ_create_objects();
 /* Reason codes. */
 #define OBJ_R_MALLOC_FAILURE				 100
 #define OBJ_R_UNKNOWN_NID				 101
- 
+
 #ifdef  __cplusplus
 }
 #endif
diff --git a/lib/libssl/src/crypto/opensslconf.h.in b/lib/libssl/src/crypto/opensslconf.h.in
new file mode 100644
index 00000000000..e4a8f8ad549
--- /dev/null
+++ b/lib/libssl/src/crypto/opensslconf.h.in
@@ -0,0 +1,142 @@
+/* crypto/opensslconf.h */
+/* WARNING: This file is autogenerated by Configure */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define OPENSSLDIR "/usr/local/ssl"
+#endif
+#endif
+
+#define OPENSSL_UNISTD <unistd.h>
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H) && !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+#define RC4_INT unsigned int
+#endif
+
+#if defined(HEADER_DES_H) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned long
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#undef BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#undef RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#undef DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#undef DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )		/* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )	/* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )	/* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )		/* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )		/* HP-PA */
+  /* Unknown */
+#elif defined( __aux )		/* 68K */
+  /* Unknown */
+#elif defined( __dgux )		/* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )		/* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( i386 )		/* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/lib/libssl/src/crypto/opensslv.h b/lib/libssl/src/crypto/opensslv.h
new file mode 100644
index 00000000000..b841347f05e
--- /dev/null
+++ b/lib/libssl/src/crypto/opensslv.h
@@ -0,0 +1,21 @@
+#ifndef HEADER_OPENSSLV_H
+#define HEADER_OPENSSLV_H
+
+/* Numeric release version identifier:
+ * MMNNFFRBB: major minor fix final beta/patch
+ * For example:
+ * 0.9.3-dev	  0x00903000
+ * 0.9.3beta1	  0x00903001
+ * 0.9.3beta2-dev 0x00903002
+ * 0.9.3beta2     0x00903002
+ * 0.9.3	  0x00903100
+ * 0.9.3a	  0x00903101
+ * 0.9.4 	  0x00904100
+ * 1.2.3z	  0x1020311a
+ * (Prior to 0.9.3-dev a different scheme was used: 0.9.2b is 0x0922.)
+ */
+#define OPENSSL_VERSION_NUMBER	0x00904100L
+#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.4 09 Aug 1999"
+#define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
+
+#endif /* HEADER_OPENSSLV_H */
diff --git a/lib/libssl/src/crypto/pem/Makefile.ssl b/lib/libssl/src/crypto/pem/Makefile.ssl
index fc04a88fd92..b4e7524ea2d 100644
--- a/lib/libssl/src/crypto/pem/Makefile.ssl
+++ b/lib/libssl/src/crypto/pem/Makefile.ssl
@@ -7,30 +7,28 @@ TOP=	../..
 CC=	cc
 INCLUDES= -I.. -I../../include
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
-ERR=pem
-ERRC=pem_err
 GENERAL=Makefile
 TEST=
 APPS=
 
-CTX_SIZE= ctx_size
-
 LIB=$(TOP)/libcrypto.a
-LIBSRC= pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c $(ERRC).c
+LIBSRC= pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c
 
-LIBOBJ=	pem_sign.o pem_seal.o pem_info.o pem_lib.o pem_all.o $(ERRC).o
+LIBOBJ=	pem_sign.o pem_seal.o pem_info.o pem_lib.o pem_all.o pem_err.o
 
 SRC= $(LIBSRC)
 
-EXHEADER= pem.h
+EXHEADER= pem.h pem2.h
 HEADER=	$(EXHEADER)
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
@@ -38,36 +36,27 @@ ALL=    $(GENERAL) $(SRC) $(HEADER)
 top:
 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
 
-all:	pem.h lib
-
-pem.h: $(CTX_SIZE)
-	./$(CTX_SIZE) <pem.org >pem.new
-	if [ -f pem.h ]; then mv -f pem.h pem.old; fi
-	mv -f pem.new pem.h
-
-$(CTX_SIZE): $(CTX_SIZE).o
-	$(CC) $(CFLAGS) -o $(CTX_SIZE) $(CTX_SIZE).o
+all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
-links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+links: $(EXHEADER)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -79,18 +68,121 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(CTX_SIZE).c $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f $(CTX_SIZE) *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
-	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).org # SPECIAL CASE .org
-	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+pem_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_all.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_all.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_all.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pem_all.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+pem_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_all.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+pem_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_all.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+pem_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+pem_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pem_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pem_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_all.o: ../cryptlib.h
+pem_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+pem_err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+pem_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_err.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+pem_err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_err.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+pem_err.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+pem_err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pem_err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pem_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_info.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_info.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_info.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_info.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_info.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pem_info.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+pem_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_info.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+pem_info.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_info.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+pem_info.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+pem_info.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pem_info.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pem_info.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_info.o: ../cryptlib.h
+pem_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pem_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+pem_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_lib.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+pem_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+pem_lib.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
+pem_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pem_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pem_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pem_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_lib.o: ../cryptlib.h
+pem_seal.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_seal.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_seal.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_seal.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_seal.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pem_seal.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+pem_seal.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_seal.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+pem_seal.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_seal.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+pem_seal.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+pem_seal.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+pem_seal.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pem_seal.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pem_seal.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_seal.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+pem_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+pem_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pem_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+pem_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_sign.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+pem_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+pem_sign.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+pem_sign.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+pem_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pem_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pem_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_sign.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+pem_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
diff --git a/lib/libssl/src/crypto/pem/ctx_size.c b/lib/libssl/src/crypto/pem/ctx_size.c
deleted file mode 100644
index 87469bc4af4..00000000000
--- a/lib/libssl/src/crypto/pem/ctx_size.c
+++ /dev/null
@@ -1,122 +0,0 @@
-/* crypto/pem/ctx_size.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "evp.h"
-
-int main(argc,argv)
-int argc;
-char *argv[];
-	{
-	int i,j;
-	char buf[256];
-
-	for (;;)
-		{
-		char *str;
-		buf[0]='\0';
-		fgets(buf,256,stdin);
-		if (buf[0] == '\0') break;
-
-		str="#define EVP_ENCODE_CTX_SIZE ";
-		if (strncmp(buf,str,strlen(str)) == 0)
-			{
-			printf("%s %d\n",str,(int)sizeof(EVP_ENCODE_CTX));
-			continue;
-			}
-		str="#define EVP_MD_SIZE ";
-		if (strncmp(buf,str,strlen(str)) == 0)
-			{
-			printf("%s %d\n",str,(int)sizeof(EVP_MD));
-			continue;
-			}
-		str="#define EVP_MD_CTX_SIZE ";
-		if (strncmp(buf,str,strlen(str)) == 0)
-			{
-			printf("%s %d\n",str,(int)sizeof(EVP_MD_CTX));
-			continue;
-			}
-		str="#define EVP_CIPHER_SIZE ";
-		if (strncmp(buf,str,strlen(str)) == 0)
-			{
-			printf("%s %d\n",str,(int)sizeof(EVP_CIPHER));
-			continue;
-			}
-		str="#define EVP_CIPHER_CTX_SIZE ";
-		if (strncmp(buf,str,strlen(str)) == 0)
-			{
-			printf("%s %d\n",str,(int)sizeof(EVP_CIPHER_CTX));
-			continue;
-			}
-
-		str="#define EVP_MAX_MD_SIZE ";
-		if (strncmp(buf,str,strlen(str)) == 0)
-			{
-			i=MD2_DIGEST_LENGTH;
-			j=MD5_DIGEST_LENGTH;
-			if (j > i) i=j;
-			j=SHA_DIGEST_LENGTH;
-			if (j > i) i=j;
-			printf("%s %d\n",str,i);
-			continue;
-			}
-		fputs(buf,stdout);
-		}
-	exit(0);
-	}
diff --git a/lib/libssl/src/crypto/pem/pem.err b/lib/libssl/src/crypto/pem/pem.err
deleted file mode 100644
index 0e523abf828..00000000000
--- a/lib/libssl/src/crypto/pem/pem.err
+++ /dev/null
@@ -1,38 +0,0 @@
-/* Error codes for the PEM functions. */
-
-/* Function codes. */
-#define PEM_F_DEF_CALLBACK				 100
-#define PEM_F_LOAD_IV					 101
-#define PEM_F_PEM_ASN1_READ				 102
-#define PEM_F_PEM_ASN1_READ_BIO				 103
-#define PEM_F_PEM_ASN1_WRITE				 104
-#define PEM_F_PEM_ASN1_WRITE_BIO			 105
-#define PEM_F_PEM_DO_HEADER				 106
-#define PEM_F_PEM_GET_EVP_CIPHER_INFO			 107
-#define PEM_F_PEM_READ					 108
-#define PEM_F_PEM_READ_BIO				 109
-#define PEM_F_PEM_SEALFINAL				 110
-#define PEM_F_PEM_SEALINIT				 111
-#define PEM_F_PEM_SIGNFINAL				 112
-#define PEM_F_PEM_WRITE					 113
-#define PEM_F_PEM_WRITE_BIO				 114
-#define PEM_F_PEM_X509_INFO_READ			 115
-#define PEM_F_PEM_X509_INFO_READ_BIO			 116
-#define PEM_F_PEM_X509_INFO_WRITE_BIO			 117
-
-/* Reason codes. */
-#define PEM_R_BAD_BASE64_DECODE				 100
-#define PEM_R_BAD_DECRYPT				 101
-#define PEM_R_BAD_END_LINE				 102
-#define PEM_R_BAD_IV_CHARS				 103
-#define PEM_R_BAD_PASSWORD_READ				 104
-#define PEM_R_NOT_DEK_INFO				 105
-#define PEM_R_NOT_ENCRYPTED				 106
-#define PEM_R_NOT_PROC_TYPE				 107
-#define PEM_R_NO_START_LINE				 108
-#define PEM_R_PROBLEMS_GETTING_PASSWORD			 109
-#define PEM_R_PUBLIC_KEY_NO_RSA				 110
-#define PEM_R_READ_KEY					 111
-#define PEM_R_SHORT_HEADER				 112
-#define PEM_R_UNSUPPORTED_CIPHER			 113
-#define PEM_R_UNSUPPORTED_ENCRYPTION			 114
diff --git a/lib/libssl/src/crypto/pem/pem.h b/lib/libssl/src/crypto/pem/pem.h
index 55fbaeffe22..fc333e42c8a 100644
--- a/lib/libssl/src/crypto/pem/pem.h
+++ b/lib/libssl/src/crypto/pem/pem.h
@@ -1,4 +1,4 @@
-/* crypto/pem/pem.org */
+/* crypto/pem/pem.h */
 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,14 +56,6 @@
  * [including the GNU Public Licence.]
  */
 
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 
- *
- * Always modify pem.org since pem.h is automatically generated from
- * it during SSLeay configuration.
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
 #ifndef HEADER_PEM_H
 #define HEADER_PEM_H
 
@@ -71,8 +63,11 @@
 extern "C" {
 #endif
 
-#include "evp.h"
-#include "x509.h"
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem2.h>
+
+#define PEM_BUFSIZE		1024
 
 #define PEM_OBJ_UNDEF		0
 #define PEM_OBJ_X509		1
@@ -111,45 +106,17 @@ extern "C" {
 #define PEM_STRING_X509_REQ_OLD	"NEW CERTIFICATE REQUEST"
 #define PEM_STRING_X509_REQ	"CERTIFICATE REQUEST"
 #define PEM_STRING_X509_CRL	"X509 CRL"
-#define PEM_STRING_EVP_PKEY	"PRIVATE KEY"
+#define PEM_STRING_EVP_PKEY	"ANY PRIVATE KEY"
 #define PEM_STRING_RSA		"RSA PRIVATE KEY"
 #define PEM_STRING_RSA_PUBLIC	"RSA PUBLIC KEY"
 #define PEM_STRING_DSA		"DSA PRIVATE KEY"
 #define PEM_STRING_PKCS7	"PKCS7"
+#define PEM_STRING_PKCS8	"ENCRYPTED PRIVATE KEY"
+#define PEM_STRING_PKCS8INF	"PRIVATE KEY"
 #define PEM_STRING_DHPARAMS	"DH PARAMETERS"
 #define PEM_STRING_SSL_SESSION	"SSL SESSION PARAMETERS"
 #define PEM_STRING_DSAPARAMS	"DSA PARAMETERS"
 
-#ifndef HEADER_ENVELOPE_H
-
-#define EVP_ENCODE_CTX_SIZE  96
-#define EVP_MD_SIZE  60
-#define EVP_MD_CTX_SIZE  152
-#define EVP_CIPHER_SIZE  40
-#define EVP_CIPHER_CTX_SIZE  4212
-#define EVP_MAX_MD_SIZE  20
-
-typedef struct evp_encode_ctx_st
-	{
-	char data[EVP_ENCODE_CTX_SIZE];
-	} EVP_ENCODE_CTX;
-
-typedef struct env_md_ctx_st
-	{
-	char data[EVP_MD_CTX_SIZE];
-	} EVP_MD_CTX;
-
-typedef struct evp_cipher_st
-	{
-	char data[EVP_CIPHER_SIZE];
-	} EVP_CIPHER;
-
-typedef struct evp_cipher_ctx_st
-	{
-	char data[EVP_CIPHER_CTX_SIZE];
-	} EVP_CIPHER_CTX;
-#endif
-
 
 typedef struct PEM_Encode_Seal_st
 	{
@@ -217,151 +184,322 @@ typedef struct pem_ctx_st
 	unsigned char *data;
 	} PEM_CTX;
 
+/* These macros make the PEM_read/PEM_write functions easier to maintain and
+ * write. Now they are all implemented with either:
+ * IMPLEMENT_PEM_rw(...) or IMPLEMENT_PEM_rw_cb(...)
+ */
+
+#ifdef NO_FP_API
+
+#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/
+#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/
+#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/
+
+#else
+
+#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \
+type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\
+{ \
+return((type *)PEM_ASN1_read((char *(*)())d2i_##asn1, str,fp,(char **)x,\
+	cb,u)); \
+} \
+
+#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \
+int PEM_write_##name(FILE *fp, type *x) \
+{ \
+return(PEM_ASN1_write((int (*)())i2d_##asn1,str,fp, (char *)x, \
+							 NULL,NULL,0,NULL,NULL)); \
+} 
+
+#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \
+int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
+	     unsigned char *kstr, int klen, pem_password_cb *cb, \
+		  void *u) \
+	{ \
+	return(PEM_ASN1_write((int (*)())i2d_##asn1,str,fp, \
+		(char *)x,enc,kstr,klen,cb,u)); \
+	}
+
+#endif
+
+#define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
+type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\
+{ \
+return((type *)PEM_ASN1_read_bio((char *(*)())d2i_##asn1, str,bp,\
+							(char **)x,cb,u)); \
+}
+
+#define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
+int PEM_write_bio_##name(BIO *bp, type *x) \
+{ \
+return(PEM_ASN1_write_bio((int (*)())i2d_##asn1,str,bp, (char *)x, \
+							 NULL,NULL,0,NULL,NULL)); \
+}
+
+#define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
+int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
+	     unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
+	{ \
+	return(PEM_ASN1_write_bio((int (*)())i2d_##asn1,str,bp, \
+		(char *)x,enc,kstr,klen,cb,u)); \
+	}
+
+#define IMPLEMENT_PEM_write(name, type, str, asn1) \
+	IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
+	IMPLEMENT_PEM_write_fp(name, type, str, asn1) 
+
+#define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \
+	IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
+	IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) 
+
+#define IMPLEMENT_PEM_read(name, type, str, asn1) \
+	IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
+	IMPLEMENT_PEM_read_fp(name, type, str, asn1) 
+
+#define IMPLEMENT_PEM_rw(name, type, str, asn1) \
+	IMPLEMENT_PEM_read(name, type, str, asn1) \
+	IMPLEMENT_PEM_write(name, type, str, asn1)
+
+#define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \
+	IMPLEMENT_PEM_read(name, type, str, asn1) \
+	IMPLEMENT_PEM_write_cb(name, type, str, asn1)
+
+/* These are the same except they are for the declarations */
+
+#if defined(WIN16) || defined(NO_FP_API)
+
+#define DECLARE_PEM_read_fp(name, type) /**/
+#define DECLARE_PEM_write_fp(name, type) /**/
+#define DECLARE_PEM_write_cb_fp(name, type) /**/
+
+#else
+
+#define DECLARE_PEM_read_fp(name, type) \
+	type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u);
+
+#define DECLARE_PEM_write_fp(name, type) \
+	int PEM_write_##name(FILE *fp, type *x);
+
+#define DECLARE_PEM_write_cb_fp(name, type) \
+	int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
+	     unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
+
+#endif
+
+#ifdef HEADER_BIO_H
+#define DECLARE_PEM_read_bio(name, type) \
+	type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u);
+
+#define DECLARE_PEM_write_bio(name, type) \
+	int PEM_write_bio_##name(BIO *bp, type *x);
+
+#define DECLARE_PEM_write_cb_bio(name, type) \
+	int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
+	     unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
+
+#else
+
+#define DECLARE_PEM_read_bio(name, type) /**/
+#define DECLARE_PEM_write_bio(name, type) /**/
+#define DECLARE_PEM_write_cb_bio(name, type) /**/
+
+#endif
+
+#define DECLARE_PEM_write(name, type) \
+	DECLARE_PEM_write_bio(name, type) \
+	DECLARE_PEM_write_fp(name, type) 
+
+#define DECLARE_PEM_write_cb(name, type) \
+	DECLARE_PEM_write_cb_bio(name, type) \
+	DECLARE_PEM_write_cb_fp(name, type) 
+
+#define DECLARE_PEM_read(name, type) \
+	DECLARE_PEM_read_bio(name, type) \
+	DECLARE_PEM_read_fp(name, type)
+
+#define DECLARE_PEM_rw(name, type) \
+	DECLARE_PEM_read(name, type) \
+	DECLARE_PEM_write(name, type)
+
+#define DECLARE_PEM_rw_cb(name, type) \
+	DECLARE_PEM_read(name, type) \
+	DECLARE_PEM_write_cb(name, type)
+
 #ifdef SSLEAY_MACROS
 
 #define PEM_write_SSL_SESSION(fp,x) \
 		PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \
-			PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL)
+			PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL)
 #define PEM_write_X509(fp,x) \
 		PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \
-			(char *)x, NULL,NULL,0,NULL)
+			(char *)x, NULL,NULL,0,NULL,NULL)
 #define PEM_write_X509_REQ(fp,x) PEM_ASN1_write( \
 		(int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp,(char *)x, \
-			NULL,NULL,0,NULL)
+			NULL,NULL,0,NULL,NULL)
 #define PEM_write_X509_CRL(fp,x) \
 		PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL, \
-			fp,(char *)x, NULL,NULL,0,NULL)
-#define	PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb) \
+			fp,(char *)x, NULL,NULL,0,NULL,NULL)
+#define	PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \
 		PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp,\
-			(char *)x,enc,kstr,klen,cb)
+			(char *)x,enc,kstr,klen,cb,u)
 #define	PEM_write_RSAPublicKey(fp,x) \
 		PEM_ASN1_write((int (*)())i2d_RSAPublicKey,\
-			PEM_STRING_RSA_PUBLIC,fp,(char *)x,NULL,NULL,0,NULL)
-#define	PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb) \
+			PEM_STRING_RSA_PUBLIC,fp,(char *)x,NULL,NULL,0,NULL,NULL)
+#define	PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \
 		PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp,\
-			(char *)x,enc,kstr,klen,cb)
-#define	PEM_write_PrivateKey(bp,x,enc,kstr,klen,cb) \
+			(char *)x,enc,kstr,klen,cb,u)
+#define	PEM_write_PrivateKey(bp,x,enc,kstr,klen,cb,u) \
 		PEM_ASN1_write((int (*)())i2d_PrivateKey,\
 		(((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\
-			bp,(char *)x,enc,kstr,klen,cb)
+			bp,(char *)x,enc,kstr,klen,cb,u)
 #define PEM_write_PKCS7(fp,x) \
 		PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp, \
-			(char *)x, NULL,NULL,0,NULL)
+			(char *)x, NULL,NULL,0,NULL,NULL)
 #define PEM_write_DHparams(fp,x) \
 		PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp,\
-			(char *)x,NULL,NULL,0,NULL)
-
-#define	PEM_read_SSL_SESSION(fp,x,cb) (SSL_SESSION *)PEM_ASN1_read( \
-	(char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb)
-#define	PEM_read_X509(fp,x,cb) (X509 *)PEM_ASN1_read( \
-	(char *(*)())d2i_X509,PEM_STRING_X509,fp,(char **)x,cb)
-#define	PEM_read_X509_REQ(fp,x,cb) (X509_REQ *)PEM_ASN1_read( \
-	(char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,fp,(char **)x,cb)
-#define	PEM_read_X509_CRL(fp,x,cb) (X509_CRL *)PEM_ASN1_read( \
-	(char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,fp,(char **)x,cb)
-#define	PEM_read_RSAPrivateKey(fp,x,cb) (RSA *)PEM_ASN1_read( \
-	(char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,fp,(char **)x,cb)
-#define	PEM_read_RSAPublicKey(fp,x,cb) (RSA *)PEM_ASN1_read( \
-	(char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb)
-#define	PEM_read_DSAPrivateKey(fp,x,cb) (DSA *)PEM_ASN1_read( \
-	(char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,fp,(char **)x,cb)
-#define	PEM_read_PrivateKey(fp,x,cb) (EVP_PKEY *)PEM_ASN1_read( \
-	(char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb)
-#define	PEM_read_PKCS7(fp,x,cb) (PKCS7 *)PEM_ASN1_read( \
-	(char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,fp,(char **)x,cb)
-#define	PEM_read_DHparams(fp,x,cb) (DH *)PEM_ASN1_read( \
-	(char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,fp,(char **)x,cb)
+			(char *)x,NULL,NULL,0,NULL,NULL)
+
+#define PEM_write_NETSCAPE_CERT_SEQUENCE(fp,x) \
+                PEM_ASN1_write((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \
+			PEM_STRING_X509,fp, \
+                        (char *)x, NULL,NULL,0,NULL,NULL)
+
+#define	PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \
+	(char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u)
+#define	PEM_read_X509(fp,x,cb,u) (X509 *)PEM_ASN1_read( \
+	(char *(*)())d2i_X509,PEM_STRING_X509,fp,(char **)x,cb,u)
+#define	PEM_read_X509_REQ(fp,x,cb,u) (X509_REQ *)PEM_ASN1_read( \
+	(char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,fp,(char **)x,cb,u)
+#define	PEM_read_X509_CRL(fp,x,cb,u) (X509_CRL *)PEM_ASN1_read( \
+	(char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,fp,(char **)x,cb,u)
+#define	PEM_read_RSAPrivateKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \
+	(char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,fp,(char **)x,cb,u)
+#define	PEM_read_RSAPublicKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \
+	(char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb,u)
+#define	PEM_read_DSAPrivateKey(fp,x,cb,u) (DSA *)PEM_ASN1_read( \
+	(char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,fp,(char **)x,cb,u)
+#define	PEM_read_PrivateKey(fp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read( \
+	(char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb,u)
+#define	PEM_read_PKCS7(fp,x,cb,u) (PKCS7 *)PEM_ASN1_read( \
+	(char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,fp,(char **)x,cb,u)
+#define	PEM_read_DHparams(fp,x,cb,u) (DH *)PEM_ASN1_read( \
+	(char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,fp,(char **)x,cb,u)
+
+#define PEM_read_NETSCAPE_CERT_SEQUENCE(fp,x,cb,u) \
+		(NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read( \
+        (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,fp,\
+							(char **)x,cb,u)
 
 #define PEM_write_bio_SSL_SESSION(bp,x) \
 		PEM_ASN1_write_bio((int (*)())i2d_SSL_SESSION, \
-			PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL)
+			PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL,NULL)
 #define PEM_write_bio_X509(bp,x) \
 		PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, \
-			(char *)x, NULL,NULL,0,NULL)
+			(char *)x, NULL,NULL,0,NULL,NULL)
 #define PEM_write_bio_X509_REQ(bp,x) PEM_ASN1_write_bio( \
 		(int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,bp,(char *)x, \
-			NULL,NULL,0,NULL)
+			NULL,NULL,0,NULL,NULL)
 #define PEM_write_bio_X509_CRL(bp,x) \
 		PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,\
-			bp,(char *)x, NULL,NULL,0,NULL)
-#define	PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb) \
+			bp,(char *)x, NULL,NULL,0,NULL,NULL)
+#define	PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \
 		PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,\
-			bp,(char *)x,enc,kstr,klen,cb)
+			bp,(char *)x,enc,kstr,klen,cb,u)
 #define	PEM_write_bio_RSAPublicKey(bp,x) \
 		PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey, \
 			PEM_STRING_RSA_PUBLIC,\
-			bp,(char *)x,NULL,NULL,0,NULL)
-#define	PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb) \
+			bp,(char *)x,NULL,NULL,0,NULL,NULL)
+#define	PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \
 		PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,\
-			bp,(char *)x,enc,kstr,klen,cb)
-#define	PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb) \
+			bp,(char *)x,enc,kstr,klen,cb,u)
+#define	PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb,u) \
 		PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,\
 		(((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\
-			bp,(char *)x,enc,kstr,klen,cb)
+			bp,(char *)x,enc,kstr,klen,cb,u)
 #define PEM_write_bio_PKCS7(bp,x) \
 		PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp, \
-			(char *)x, NULL,NULL,0,NULL)
+			(char *)x, NULL,NULL,0,NULL,NULL)
 #define PEM_write_bio_DHparams(bp,x) \
 		PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,\
-			bp,(char *)x,NULL,NULL,0,NULL)
+			bp,(char *)x,NULL,NULL,0,NULL,NULL)
 #define PEM_write_bio_DSAparams(bp,x) \
 		PEM_ASN1_write_bio((int (*)())i2d_DSAparams, \
-			PEM_STRING_DSAPARAMS,bp,(char *)x,NULL,NULL,0,NULL)
-
-#define	PEM_read_bio_SSL_SESSION(bp,x,cb) (SSL_SESSION *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb)
-#define	PEM_read_bio_X509(bp,x,cb) (X509 *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb)
-#define	PEM_read_bio_X509_REQ(bp,x,cb) (X509_REQ *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,bp,(char **)x,cb)
-#define	PEM_read_bio_X509_CRL(bp,x,cb) (X509_CRL *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,bp,(char **)x,cb)
-#define	PEM_read_bio_RSAPrivateKey(bp,x,cb) (RSA *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,bp,(char **)x,cb)
-#define	PEM_read_bio_RSAPublicKey(bp,x,cb) (RSA *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb)
-#define	PEM_read_bio_DSAPrivateKey(bp,x,cb) (DSA *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,bp,(char **)x,cb)
-#define	PEM_read_bio_PrivateKey(bp,x,cb) (EVP_PKEY *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,bp,(char **)x,cb)
-
-#define	PEM_read_bio_PKCS7(bp,x,cb) (PKCS7 *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,bp,(char **)x,cb)
-#define	PEM_read_bio_DHparams(bp,x,cb) (DH *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,bp,(char **)x,cb)
-#define	PEM_read_bio_DSAparams(bp,x,cb) (DSA *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_DSAparams,PEM_STRING_DSAPARAMS,bp,(char **)x,cb)
+			PEM_STRING_DSAPARAMS,bp,(char *)x,NULL,NULL,0,NULL,NULL)
+
+#define PEM_write_bio_NETSCAPE_CERT_SEQUENCE(bp,x) \
+                PEM_ASN1_write_bio((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \
+			PEM_STRING_X509,bp, \
+                        (char *)x, NULL,NULL,0,NULL,NULL)
+
+#define	PEM_read_bio_SSL_SESSION(bp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read_bio( \
+	(char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb,u)
+#define	PEM_read_bio_X509(bp,x,cb,u) (X509 *)PEM_ASN1_read_bio( \
+	(char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb,u)
+#define	PEM_read_bio_X509_REQ(bp,x,cb,u) (X509_REQ *)PEM_ASN1_read_bio( \
+	(char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,bp,(char **)x,cb,u)
+#define	PEM_read_bio_X509_CRL(bp,x,cb,u) (X509_CRL *)PEM_ASN1_read_bio( \
+	(char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,bp,(char **)x,cb,u)
+#define	PEM_read_bio_RSAPrivateKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \
+	(char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,bp,(char **)x,cb,u)
+#define	PEM_read_bio_RSAPublicKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \
+	(char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb,u)
+#define	PEM_read_bio_DSAPrivateKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
+	(char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,bp,(char **)x,cb,u)
+#define	PEM_read_bio_PrivateKey(bp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read_bio( \
+	(char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,bp,(char **)x,cb,u)
+
+#define	PEM_read_bio_PKCS7(bp,x,cb,u) (PKCS7 *)PEM_ASN1_read_bio( \
+	(char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,bp,(char **)x,cb,u)
+#define	PEM_read_bio_DHparams(bp,x,cb,u) (DH *)PEM_ASN1_read_bio( \
+	(char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,bp,(char **)x,cb,u)
+#define	PEM_read_bio_DSAparams(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
+	(char *(*)())d2i_DSAparams,PEM_STRING_DSAPARAMS,bp,(char **)x,cb,u)
+
+#define PEM_read_bio_NETSCAPE_CERT_SEQUENCE(bp,x,cb,u) \
+		(NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,bp,\
+							(char **)x,cb,u)
 
 #endif
 
-#ifndef NOPROTO
+#if 1
+/* "userdata": new with OpenSSL 0.9.4 */
+typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata);
+#else
+/* OpenSSL 0.9.3, 0.9.3a */
+typedef int pem_password_cb(char *buf, int size, int rwflag);
+#endif
+
 int	PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher);
 int	PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len,
-		int (*callback)());
+	pem_password_cb *callback,void *u);
 
 #ifdef HEADER_BIO_H
 int	PEM_read_bio(BIO *bp, char **name, char **header,
 		unsigned char **data,long *len);
-int	PEM_write_bio(BIO *bp,char *name,char *hdr,unsigned char *data,
+int	PEM_write_bio(BIO *bp,const char *name,char *hdr,unsigned char *data,
 		long len);
-char *	PEM_ASN1_read_bio(char *(*d2i)(),char *name,BIO *bp,char **x,
-		int (*cb)());
-int	PEM_ASN1_write_bio(int (*i2d)(),char *name,BIO *bp,char *x,
-		EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)());
-STACK *	PEM_X509_INFO_read_bio(BIO *bp, STACK *sk, int (*cb)());
+char *	PEM_ASN1_read_bio(char *(*d2i)(),const char *name,BIO *bp,char **x,
+		pem_password_cb *cb, void *u);
+int	PEM_ASN1_write_bio(int (*i2d)(),const char *name,BIO *bp,char *x,
+			   const EVP_CIPHER *enc,unsigned char *kstr,int klen,
+			   pem_password_cb *cb, void *u);
+STACK_OF(X509_INFO) *	PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u);
 int	PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc,
-		unsigned char *kstr, int klen, int (*cb)());
+		unsigned char *kstr, int klen, pem_password_cb *cd, void *u);
 #endif
 
 #ifndef WIN16
 int	PEM_read(FILE *fp, char **name, char **header,
 		unsigned char **data,long *len);
 int	PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len);
-char *	PEM_ASN1_read(char *(*d2i)(),char *name,FILE *fp,char **x,
-		int (*cb)());
-int	PEM_ASN1_write(int (*i2d)(),char *name,FILE *fp,char *x,
-		EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)());
-STACK *	PEM_X509_INFO_read(FILE *fp, STACK *sk, int (*cb)());
+char *	PEM_ASN1_read(char *(*d2i)(),const char *name,FILE *fp,char **x,
+	pem_password_cb *cb, void *u);
+int	PEM_ASN1_write(int (*i2d)(),const char *name,FILE *fp,char *x,
+		       const EVP_CIPHER *enc,unsigned char *kstr,int klen,
+		       pem_password_cb *callback, void *u);
+STACK_OF(X509_INFO) *	PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
+	pem_password_cb *cb, void *u);
 #endif
 
 int	PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,
@@ -380,142 +518,64 @@ int	PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
 void	ERR_load_PEM_strings(void);
 
 void	PEM_proc_type(char *buf, int type);
-void	PEM_dek_info(char *buf, char *type, int len, char *str);
+void	PEM_dek_info(char *buf, const char *type, int len, char *str);
 
 #ifndef SSLEAY_MACROS
 
-#ifndef WIN16
-X509 *PEM_read_X509(FILE *fp,X509 **x,int (*cb)());
-X509_REQ *PEM_read_X509_REQ(FILE *fp,X509_REQ **x,int (*cb)());
-X509_CRL *PEM_read_X509_CRL(FILE *fp,X509_CRL **x,int (*cb)());
-RSA *PEM_read_RSAPrivateKey(FILE *fp,RSA **x,int (*cb)());
-RSA *PEM_read_RSAPublicKey(FILE *fp,RSA **x,int (*cb)());
-DSA *PEM_read_DSAPrivateKey(FILE *fp,DSA **x,int (*cb)());
-EVP_PKEY *PEM_read_PrivateKey(FILE *fp,EVP_PKEY **x,int (*cb)());
-PKCS7 *PEM_read_PKCS7(FILE *fp,PKCS7 **x,int (*cb)());
-DH *PEM_read_DHparams(FILE *fp,DH **x,int (*cb)());
-DSA *PEM_read_DSAparams(FILE *fp,DSA **x,int (*cb)());
-int PEM_write_X509(FILE *fp,X509 *x);
-int PEM_write_X509_REQ(FILE *fp,X509_REQ *x);
-int PEM_write_X509_CRL(FILE *fp,X509_CRL *x);
-int PEM_write_RSAPrivateKey(FILE *fp,RSA *x,EVP_CIPHER *enc,unsigned char *kstr,
-        int klen,int (*cb)());
-int PEM_write_RSAPublicKey(FILE *fp,RSA *x);
-int PEM_write_DSAPrivateKey(FILE *fp,DSA *x,EVP_CIPHER *enc,unsigned char *kstr,
-        int klen,int (*cb)());
-int PEM_write_PrivateKey(FILE *fp,EVP_PKEY *x,EVP_CIPHER *enc,
-	unsigned char *kstr,int klen,int (*cb)());
-int PEM_write_PKCS7(FILE *fp,PKCS7 *x);
-int PEM_write_DHparams(FILE *fp,DH *x);
-int PEM_write_DSAparams(FILE *fp,DSA *x);
+#ifdef VMS
+#include <openssl/vms_idhacks.h>
 #endif
 
-#ifdef HEADER_BIO_H
-X509 *PEM_read_bio_X509(BIO *bp,X509 **x,int (*cb)());
-X509_REQ *PEM_read_bio_X509_REQ(BIO *bp,X509_REQ **x,int (*cb)());
-X509_CRL *PEM_read_bio_X509_CRL(BIO *bp,X509_CRL **x,int (*cb)());
-RSA *PEM_read_bio_RSAPrivateKey(BIO *bp,RSA **x,int (*cb)());
-RSA *PEM_read_bio_RSAPublicKey(BIO *bp,RSA **x,int (*cb)());
-DSA *PEM_read_bio_DSAPrivateKey(BIO *bp,DSA **x,int (*cb)());
-EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp,EVP_PKEY **x,int (*cb)());
-PKCS7 *PEM_read_bio_PKCS7(BIO *bp,PKCS7 **x,int (*cb)());
-DH *PEM_read_bio_DHparams(BIO *bp,DH **x,int (*cb)());
-DSA *PEM_read_bio_DSAparams(BIO *bp,DSA **x,int (*cb)());
-int PEM_write_bio_X509(BIO *bp,X509 *x);
-int PEM_write_bio_X509_REQ(BIO *bp,X509_REQ *x);
-int PEM_write_bio_X509_CRL(BIO *bp,X509_CRL *x);
-int PEM_write_bio_RSAPrivateKey(BIO *fp,RSA *x,EVP_CIPHER *enc,
-        unsigned char *kstr,int klen,int (*cb)());
-int PEM_write_bio_RSAPublicKey(BIO *fp,RSA *x);
-int PEM_write_bio_DSAPrivateKey(BIO *fp,DSA *x,EVP_CIPHER *enc,
-        unsigned char *kstr,int klen,int (*cb)());
-int PEM_write_bio_PrivateKey(BIO *fp,EVP_PKEY *x,EVP_CIPHER *enc,
-        unsigned char *kstr,int klen,int (*cb)());
-int PEM_write_bio_PKCS7(BIO *bp,PKCS7 *x);
-int PEM_write_bio_DHparams(BIO *bp,DH *x);
-int PEM_write_bio_DSAparams(BIO *bp,DSA *x);
+DECLARE_PEM_rw(X509, X509)
+
+DECLARE_PEM_rw(X509_REQ, X509_REQ)
+
+DECLARE_PEM_rw(X509_CRL, X509_CRL)
+
+DECLARE_PEM_rw(PKCS7, PKCS7)
+
+DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
+
+DECLARE_PEM_rw(PKCS8, X509_SIG)
+
+DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
+
+#ifndef NO_RSA
+
+DECLARE_PEM_rw_cb(RSAPrivateKey, RSA)
+
+DECLARE_PEM_rw(RSAPublicKey, RSA)
+
 #endif
 
-#endif /* SSLEAY_MACROS */
+#ifndef NO_DSA
 
+DECLARE_PEM_rw_cb(DSAPrivateKey, DSA)
 
-#else
+DECLARE_PEM_rw(DSAparams, DSA)
 
-int	PEM_get_EVP_CIPHER_INFO();
-int	PEM_do_header();
-int	PEM_read_bio();
-int	PEM_write_bio();
-#ifndef WIN16
-int	PEM_read();
-int	PEM_write();
-STACK *	PEM_X509_INFO_read();
-char *	PEM_ASN1_read();
-int	PEM_ASN1_write();
 #endif
-STACK *	PEM_X509_INFO_read_bio();
-int	PEM_X509_INFO_write_bio();
-char *	PEM_ASN1_read_bio();
-int	PEM_ASN1_write_bio();
-int	PEM_SealInit();
-void	PEM_SealUpdate();
-int	PEM_SealFinal();
-int	PEM_SignFinal();
 
-void	ERR_load_PEM_strings();
+#ifndef NO_DH
 
-void	PEM_proc_type();
-void	PEM_dek_info();
+DECLARE_PEM_rw(DHparams, DH)
 
-#ifndef SSLEAY_MACROS
-#ifndef WIN16
-X509 *PEM_read_X509();
-X509_REQ *PEM_read_X509_REQ();
-X509_CRL *PEM_read_X509_CRL();
-RSA *PEM_read_RSAPrivateKey();
-RSA *PEM_read_RSAPublicKey();
-DSA *PEM_read_DSAPrivateKey();
-EVP_PKEY *PEM_read_PrivateKey();
-PKCS7 *PEM_read_PKCS7();
-DH *PEM_read_DHparams();
-DSA *PEM_read_DSAparams();
-int PEM_write_X509();
-int PEM_write_X509_REQ();
-int PEM_write_X509_CRL();
-int PEM_write_RSAPrivateKey();
-int PEM_write_RSAPublicKey();
-int PEM_write_DSAPrivateKey();
-int PEM_write_PrivateKey();
-int PEM_write_PKCS7();
-int PEM_write_DHparams();
-int PEM_write_DSAparams();
 #endif
 
-X509 *PEM_read_bio_X509();
-X509_REQ *PEM_read_bio_X509_REQ();
-X509_CRL *PEM_read_bio_X509_CRL();
-RSA *PEM_read_bio_RSAPrivateKey();
-RSA *PEM_read_bio_RSAPublicKey();
-DSA *PEM_read_bio_DSAPrivateKey();
-EVP_PKEY *PEM_read_bio_PrivateKey();
-PKCS7 *PEM_read_bio_PKCS7();
-DH *PEM_read_bio_DHparams();
-DSA *PEM_read_bio_DSAparams();
-int PEM_write_bio_X509();
-int PEM_write_bio_X509_REQ();
-int PEM_write_bio_X509_CRL();
-int PEM_write_bio_RSAPrivateKey();
-int PEM_write_bio_RSAPublicKey();
-int PEM_write_bio_DSAPrivateKey();
-int PEM_write_bio_PrivateKey();
-int PEM_write_bio_PKCS7();
-int PEM_write_bio_DHparams();
-int PEM_write_bio_DSAparams();
+DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
 
+int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *,
+                                  char *, int, pem_password_cb *, void *);
+int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc,
+			      char *kstr,int klen, pem_password_cb *cd, void *u);
 #endif /* SSLEAY_MACROS */
 
-#endif
 
 /* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
 /* Error codes for the PEM functions. */
 
 /* Function codes. */
@@ -526,6 +586,7 @@ int PEM_write_bio_DSAparams();
 #define PEM_F_PEM_ASN1_WRITE				 104
 #define PEM_F_PEM_ASN1_WRITE_BIO			 105
 #define PEM_F_PEM_DO_HEADER				 106
+#define PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY		 118
 #define PEM_F_PEM_GET_EVP_CIPHER_INFO			 107
 #define PEM_F_PEM_READ					 108
 #define PEM_F_PEM_READ_BIO				 109
@@ -534,6 +595,7 @@ int PEM_write_bio_DSAparams();
 #define PEM_F_PEM_SIGNFINAL				 112
 #define PEM_F_PEM_WRITE					 113
 #define PEM_F_PEM_WRITE_BIO				 114
+#define PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY		 119
 #define PEM_F_PEM_X509_INFO_READ			 115
 #define PEM_F_PEM_X509_INFO_READ_BIO			 116
 #define PEM_F_PEM_X509_INFO_WRITE_BIO			 117
@@ -544,6 +606,7 @@ int PEM_write_bio_DSAparams();
 #define PEM_R_BAD_END_LINE				 102
 #define PEM_R_BAD_IV_CHARS				 103
 #define PEM_R_BAD_PASSWORD_READ				 104
+#define PEM_R_ERROR_CONVERTING_PRIVATE_KEY		 115
 #define PEM_R_NOT_DEK_INFO				 105
 #define PEM_R_NOT_ENCRYPTED				 106
 #define PEM_R_NOT_PROC_TYPE				 107
@@ -554,7 +617,7 @@ int PEM_write_bio_DSAparams();
 #define PEM_R_SHORT_HEADER				 112
 #define PEM_R_UNSUPPORTED_CIPHER			 113
 #define PEM_R_UNSUPPORTED_ENCRYPTION			 114
- 
+
 #ifdef  __cplusplus
 }
 #endif
diff --git a/lib/libssl/src/crypto/pem/pem.org b/lib/libssl/src/crypto/pem/pem.org
deleted file mode 100644
index 38952509dd4..00000000000
--- a/lib/libssl/src/crypto/pem/pem.org
+++ /dev/null
@@ -1,562 +0,0 @@
-/* crypto/pem/pem.org */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 
- *
- * Always modify pem.org since pem.h is automatically generated from
- * it during SSLeay configuration.
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
-#ifndef HEADER_PEM_H
-#define HEADER_PEM_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#include "evp.h"
-#include "x509.h"
-
-#define PEM_OBJ_UNDEF		0
-#define PEM_OBJ_X509		1
-#define PEM_OBJ_X509_REQ	2
-#define PEM_OBJ_CRL		3
-#define PEM_OBJ_SSL_SESSION	4
-#define PEM_OBJ_PRIV_KEY	10
-#define PEM_OBJ_PRIV_RSA	11
-#define PEM_OBJ_PRIV_DSA	12
-#define PEM_OBJ_PRIV_DH		13
-#define PEM_OBJ_PUB_RSA		14
-#define PEM_OBJ_PUB_DSA		15
-#define PEM_OBJ_PUB_DH		16
-#define PEM_OBJ_DHPARAMS	17
-#define PEM_OBJ_DSAPARAMS	18
-#define PEM_OBJ_PRIV_RSA_PUBLIC	19
-
-#define PEM_ERROR		30
-#define PEM_DEK_DES_CBC         40
-#define PEM_DEK_IDEA_CBC        45
-#define PEM_DEK_DES_EDE         50
-#define PEM_DEK_DES_ECB         60
-#define PEM_DEK_RSA             70
-#define PEM_DEK_RSA_MD2         80
-#define PEM_DEK_RSA_MD5         90
-
-#define PEM_MD_MD2		NID_md2
-#define PEM_MD_MD5		NID_md5
-#define PEM_MD_SHA		NID_sha
-#define PEM_MD_MD2_RSA		NID_md2WithRSAEncryption
-#define PEM_MD_MD5_RSA		NID_md5WithRSAEncryption
-#define PEM_MD_SHA_RSA		NID_sha1WithRSAEncryption
-
-#define PEM_STRING_X509_OLD	"X509 CERTIFICATE"
-#define PEM_STRING_X509		"CERTIFICATE"
-#define PEM_STRING_X509_REQ_OLD	"NEW CERTIFICATE REQUEST"
-#define PEM_STRING_X509_REQ	"CERTIFICATE REQUEST"
-#define PEM_STRING_X509_CRL	"X509 CRL"
-#define PEM_STRING_EVP_PKEY	"PRIVATE KEY"
-#define PEM_STRING_RSA		"RSA PRIVATE KEY"
-#define PEM_STRING_RSA_PUBLIC	"RSA PUBLIC KEY"
-#define PEM_STRING_DSA		"DSA PRIVATE KEY"
-#define PEM_STRING_PKCS7	"PKCS7"
-#define PEM_STRING_DHPARAMS	"DH PARAMETERS"
-#define PEM_STRING_SSL_SESSION	"SSL SESSION PARAMETERS"
-#define PEM_STRING_DSAPARAMS	"DSA PARAMETERS"
-
-#ifndef HEADER_ENVELOPE_H
-
-#define EVP_ENCODE_CTX_SIZE  92
-#define EVP_MD_SIZE  48
-#define EVP_MD_CTX_SIZE  152
-#define EVP_CIPHER_SIZE  28
-#define EVP_CIPHER_CTX_SIZE  4212
-#define EVP_MAX_MD_SIZE  20
-
-typedef struct evp_encode_ctx_st
-	{
-	char data[EVP_ENCODE_CTX_SIZE];
-	} EVP_ENCODE_CTX;
-
-typedef struct env_md_ctx_st
-	{
-	char data[EVP_MD_CTX_SIZE];
-	} EVP_MD_CTX;
-
-typedef struct evp_cipher_st
-	{
-	char data[EVP_CIPHER_SIZE];
-	} EVP_CIPHER;
-
-typedef struct evp_cipher_ctx_st
-	{
-	char data[EVP_CIPHER_CTX_SIZE];
-	} EVP_CIPHER_CTX;
-#endif
-
-
-typedef struct PEM_Encode_Seal_st
-	{
-	EVP_ENCODE_CTX encode;
-	EVP_MD_CTX md;
-	EVP_CIPHER_CTX cipher;
-	} PEM_ENCODE_SEAL_CTX;
-
-/* enc_type is one off */
-#define PEM_TYPE_ENCRYPTED      10
-#define PEM_TYPE_MIC_ONLY       20
-#define PEM_TYPE_MIC_CLEAR      30
-#define PEM_TYPE_CLEAR		40
-
-typedef struct pem_recip_st
-	{
-	char *name;
-	X509_NAME *dn;
-
-	int cipher;
-	int key_enc;
-	char iv[8];
-	} PEM_USER;
-
-typedef struct pem_ctx_st
-	{
-	int type;		/* what type of object */
-
-	struct	{
-		int version;	
-		int mode;		
-		} proc_type;
-
-	char *domain;
-
-	struct	{
-		int cipher;
-		unsigned char iv[8];
-		} DEK_info;
-		
-	PEM_USER *originator;
-
-	int num_recipient;
-	PEM_USER **recipient;
-
-#ifdef HEADER_STACK_H
-	STACK *x509_chain;	/* certificate chain */
-#else
-	char *x509_chain;	/* certificate chain */
-#endif
-	EVP_MD *md;		/* signature type */
-
-	int md_enc;		/* is the md encrypted or not? */
-	int md_len;		/* length of md_data */
-	char *md_data;		/* message digest, could be pkey encrypted */
-
-	EVP_CIPHER *dec;	/* date encryption cipher */
-	int key_len;		/* key length */
-	unsigned char *key;	/* key */
-	unsigned char iv[8];	/* the iv */
-
-	
-	int  data_enc;		/* is the data encrypted */
-	int data_len;
-	unsigned char *data;
-	} PEM_CTX;
-
-#ifdef SSLEAY_MACROS
-
-#define PEM_write_SSL_SESSION(fp,x) \
-		PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \
-			PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL)
-#define PEM_write_X509(fp,x) \
-		PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \
-			(char *)x, NULL,NULL,0,NULL)
-#define PEM_write_X509_REQ(fp,x) PEM_ASN1_write( \
-		(int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp,(char *)x, \
-			NULL,NULL,0,NULL)
-#define PEM_write_X509_CRL(fp,x) \
-		PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL, \
-			fp,(char *)x, NULL,NULL,0,NULL)
-#define	PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb) \
-		PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp,\
-			(char *)x,enc,kstr,klen,cb)
-#define	PEM_write_RSAPublicKey(fp,x) \
-		PEM_ASN1_write((int (*)())i2d_RSAPublicKey,\
-			PEM_STRING_RSA_PUBLIC,fp,(char *)x,NULL,NULL,0,NULL)
-#define	PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb) \
-		PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp,\
-			(char *)x,enc,kstr,klen,cb)
-#define	PEM_write_PrivateKey(bp,x,enc,kstr,klen,cb) \
-		PEM_ASN1_write((int (*)())i2d_PrivateKey,\
-		(((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\
-			bp,(char *)x,enc,kstr,klen,cb)
-#define PEM_write_PKCS7(fp,x) \
-		PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp, \
-			(char *)x, NULL,NULL,0,NULL)
-#define PEM_write_DHparams(fp,x) \
-		PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp,\
-			(char *)x,NULL,NULL,0,NULL)
-
-#define	PEM_read_SSL_SESSION(fp,x,cb) (SSL_SESSION *)PEM_ASN1_read( \
-	(char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb)
-#define	PEM_read_X509(fp,x,cb) (X509 *)PEM_ASN1_read( \
-	(char *(*)())d2i_X509,PEM_STRING_X509,fp,(char **)x,cb)
-#define	PEM_read_X509_REQ(fp,x,cb) (X509_REQ *)PEM_ASN1_read( \
-	(char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,fp,(char **)x,cb)
-#define	PEM_read_X509_CRL(fp,x,cb) (X509_CRL *)PEM_ASN1_read( \
-	(char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,fp,(char **)x,cb)
-#define	PEM_read_RSAPrivateKey(fp,x,cb) (RSA *)PEM_ASN1_read( \
-	(char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,fp,(char **)x,cb)
-#define	PEM_read_RSAPublicKey(fp,x,cb) (RSA *)PEM_ASN1_read( \
-	(char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb)
-#define	PEM_read_DSAPrivateKey(fp,x,cb) (DSA *)PEM_ASN1_read( \
-	(char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,fp,(char **)x,cb)
-#define	PEM_read_PrivateKey(fp,x,cb) (EVP_PKEY *)PEM_ASN1_read( \
-	(char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb)
-#define	PEM_read_PKCS7(fp,x,cb) (PKCS7 *)PEM_ASN1_read( \
-	(char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,fp,(char **)x,cb)
-#define	PEM_read_DHparams(fp,x,cb) (DH *)PEM_ASN1_read( \
-	(char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,fp,(char **)x,cb)
-
-#define PEM_write_bio_SSL_SESSION(bp,x) \
-		PEM_ASN1_write_bio((int (*)())i2d_SSL_SESSION, \
-			PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL)
-#define PEM_write_bio_X509(bp,x) \
-		PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, \
-			(char *)x, NULL,NULL,0,NULL)
-#define PEM_write_bio_X509_REQ(bp,x) PEM_ASN1_write_bio( \
-		(int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,bp,(char *)x, \
-			NULL,NULL,0,NULL)
-#define PEM_write_bio_X509_CRL(bp,x) \
-		PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,\
-			bp,(char *)x, NULL,NULL,0,NULL)
-#define	PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb) \
-		PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,\
-			bp,(char *)x,enc,kstr,klen,cb)
-#define	PEM_write_bio_RSAPublicKey(bp,x) \
-		PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey, \
-			PEM_STRING_RSA_PUBLIC,\
-			bp,(char *)x,NULL,NULL,0,NULL)
-#define	PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb) \
-		PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,\
-			bp,(char *)x,enc,kstr,klen,cb)
-#define	PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb) \
-		PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,\
-		(((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\
-			bp,(char *)x,enc,kstr,klen,cb)
-#define PEM_write_bio_PKCS7(bp,x) \
-		PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp, \
-			(char *)x, NULL,NULL,0,NULL)
-#define PEM_write_bio_DHparams(bp,x) \
-		PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,\
-			bp,(char *)x,NULL,NULL,0,NULL)
-#define PEM_write_bio_DSAparams(bp,x) \
-		PEM_ASN1_write_bio((int (*)())i2d_DSAparams, \
-			PEM_STRING_DSAPARAMS,bp,(char *)x,NULL,NULL,0,NULL)
-
-#define	PEM_read_bio_SSL_SESSION(bp,x,cb) (SSL_SESSION *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb)
-#define	PEM_read_bio_X509(bp,x,cb) (X509 *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb)
-#define	PEM_read_bio_X509_REQ(bp,x,cb) (X509_REQ *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,bp,(char **)x,cb)
-#define	PEM_read_bio_X509_CRL(bp,x,cb) (X509_CRL *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,bp,(char **)x,cb)
-#define	PEM_read_bio_RSAPrivateKey(bp,x,cb) (RSA *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,bp,(char **)x,cb)
-#define	PEM_read_bio_RSAPublicKey(bp,x,cb) (RSA *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb)
-#define	PEM_read_bio_DSAPrivateKey(bp,x,cb) (DSA *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,bp,(char **)x,cb)
-#define	PEM_read_bio_PrivateKey(bp,x,cb) (EVP_PKEY *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,bp,(char **)x,cb)
-
-#define	PEM_read_bio_PKCS7(bp,x,cb) (PKCS7 *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,bp,(char **)x,cb)
-#define	PEM_read_bio_DHparams(bp,x,cb) (DH *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,bp,(char **)x,cb)
-#define	PEM_read_bio_DSAparams(bp,x,cb) (DSA *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_DSAparams,PEM_STRING_DSAPARAMS,bp,(char **)x,cb)
-
-#endif
-
-#ifndef NOPROTO
-int	PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher);
-int	PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len,
-		int (*callback)());
-
-#ifdef HEADER_BIO_H
-int	PEM_read_bio(BIO *bp, char **name, char **header,
-		unsigned char **data,long *len);
-int	PEM_write_bio(BIO *bp,char *name,char *hdr,unsigned char *data,
-		long len);
-char *	PEM_ASN1_read_bio(char *(*d2i)(),char *name,BIO *bp,char **x,
-		int (*cb)());
-int	PEM_ASN1_write_bio(int (*i2d)(),char *name,BIO *bp,char *x,
-		EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)());
-STACK *	PEM_X509_INFO_read_bio(BIO *bp, STACK *sk, int (*cb)());
-int	PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc,
-		unsigned char *kstr, int klen, int (*cb)());
-#endif
-
-#ifndef WIN16
-int	PEM_read(FILE *fp, char **name, char **header,
-		unsigned char **data,long *len);
-int	PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len);
-char *	PEM_ASN1_read(char *(*d2i)(),char *name,FILE *fp,char **x,
-		int (*cb)());
-int	PEM_ASN1_write(int (*i2d)(),char *name,FILE *fp,char *x,
-		EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)());
-STACK *	PEM_X509_INFO_read(FILE *fp, STACK *sk, int (*cb)());
-#endif
-
-int	PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,
-		EVP_MD *md_type, unsigned char **ek, int *ekl,
-		unsigned char *iv, EVP_PKEY **pubk, int npubk);
-void	PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
-		unsigned char *in, int inl);
-int	PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig,int *sigl,
-		unsigned char *out, int *outl, EVP_PKEY *priv);
-
-void    PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type);
-void    PEM_SignUpdate(EVP_MD_CTX *ctx,unsigned char *d,unsigned int cnt);
-int	PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
-		unsigned int *siglen, EVP_PKEY *pkey);
-
-void	ERR_load_PEM_strings(void);
-
-void	PEM_proc_type(char *buf, int type);
-void	PEM_dek_info(char *buf, char *type, int len, char *str);
-
-#ifndef SSLEAY_MACROS
-
-#ifndef WIN16
-X509 *PEM_read_X509(FILE *fp,X509 **x,int (*cb)());
-X509_REQ *PEM_read_X509_REQ(FILE *fp,X509_REQ **x,int (*cb)());
-X509_CRL *PEM_read_X509_CRL(FILE *fp,X509_CRL **x,int (*cb)());
-RSA *PEM_read_RSAPrivateKey(FILE *fp,RSA **x,int (*cb)());
-RSA *PEM_read_RSAPublicKey(FILE *fp,RSA **x,int (*cb)());
-DSA *PEM_read_DSAPrivateKey(FILE *fp,DSA **x,int (*cb)());
-EVP_PKEY *PEM_read_PrivateKey(FILE *fp,EVP_PKEY **x,int (*cb)());
-PKCS7 *PEM_read_PKCS7(FILE *fp,PKCS7 **x,int (*cb)());
-DH *PEM_read_DHparams(FILE *fp,DH **x,int (*cb)());
-DSA *PEM_read_DSAparams(FILE *fp,DSA **x,int (*cb)());
-int PEM_write_X509(FILE *fp,X509 *x);
-int PEM_write_X509_REQ(FILE *fp,X509_REQ *x);
-int PEM_write_X509_CRL(FILE *fp,X509_CRL *x);
-int PEM_write_RSAPrivateKey(FILE *fp,RSA *x,EVP_CIPHER *enc,unsigned char *kstr,
-        int klen,int (*cb)());
-int PEM_write_RSAPublicKey(FILE *fp,RSA *x);
-int PEM_write_DSAPrivateKey(FILE *fp,DSA *x,EVP_CIPHER *enc,unsigned char *kstr,
-        int klen,int (*cb)());
-int PEM_write_PrivateKey(FILE *fp,EVP_PKEY *x,EVP_CIPHER *enc,
-	unsigned char *kstr,int klen,int (*cb)());
-int PEM_write_PKCS7(FILE *fp,PKCS7 *x);
-int PEM_write_DHparams(FILE *fp,DH *x);
-int PEM_write_DSAparams(FILE *fp,DSA *x);
-#endif
-
-#ifdef HEADER_BIO_H
-X509 *PEM_read_bio_X509(BIO *bp,X509 **x,int (*cb)());
-X509_REQ *PEM_read_bio_X509_REQ(BIO *bp,X509_REQ **x,int (*cb)());
-X509_CRL *PEM_read_bio_X509_CRL(BIO *bp,X509_CRL **x,int (*cb)());
-RSA *PEM_read_bio_RSAPrivateKey(BIO *bp,RSA **x,int (*cb)());
-RSA *PEM_read_bio_RSAPublicKey(BIO *bp,RSA **x,int (*cb)());
-DSA *PEM_read_bio_DSAPrivateKey(BIO *bp,DSA **x,int (*cb)());
-EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp,EVP_PKEY **x,int (*cb)());
-PKCS7 *PEM_read_bio_PKCS7(BIO *bp,PKCS7 **x,int (*cb)());
-DH *PEM_read_bio_DHparams(BIO *bp,DH **x,int (*cb)());
-DSA *PEM_read_bio_DSAparams(BIO *bp,DSA **x,int (*cb)());
-int PEM_write_bio_X509(BIO *bp,X509 *x);
-int PEM_write_bio_X509_REQ(BIO *bp,X509_REQ *x);
-int PEM_write_bio_X509_CRL(BIO *bp,X509_CRL *x);
-int PEM_write_bio_RSAPrivateKey(BIO *fp,RSA *x,EVP_CIPHER *enc,
-        unsigned char *kstr,int klen,int (*cb)());
-int PEM_write_bio_RSAPublicKey(BIO *fp,RSA *x);
-int PEM_write_bio_DSAPrivateKey(BIO *fp,DSA *x,EVP_CIPHER *enc,
-        unsigned char *kstr,int klen,int (*cb)());
-int PEM_write_bio_PrivateKey(BIO *fp,EVP_PKEY *x,EVP_CIPHER *enc,
-        unsigned char *kstr,int klen,int (*cb)());
-int PEM_write_bio_PKCS7(BIO *bp,PKCS7 *x);
-int PEM_write_bio_DHparams(BIO *bp,DH *x);
-int PEM_write_bio_DSAparams(BIO *bp,DSA *x);
-#endif
-
-#endif /* SSLEAY_MACROS */
-
-
-#else
-
-int	PEM_get_EVP_CIPHER_INFO();
-int	PEM_do_header();
-int	PEM_read_bio();
-int	PEM_write_bio();
-#ifndef WIN16
-int	PEM_read();
-int	PEM_write();
-STACK *	PEM_X509_INFO_read();
-char *	PEM_ASN1_read();
-int	PEM_ASN1_write();
-#endif
-STACK *	PEM_X509_INFO_read_bio();
-int	PEM_X509_INFO_write_bio();
-char *	PEM_ASN1_read_bio();
-int	PEM_ASN1_write_bio();
-int	PEM_SealInit();
-void	PEM_SealUpdate();
-int	PEM_SealFinal();
-int	PEM_SignFinal();
-
-void	ERR_load_PEM_strings();
-
-void	PEM_proc_type();
-void	PEM_dek_info();
-
-#ifndef SSLEAY_MACROS
-#ifndef WIN16
-X509 *PEM_read_X509();
-X509_REQ *PEM_read_X509_REQ();
-X509_CRL *PEM_read_X509_CRL();
-RSA *PEM_read_RSAPrivateKey();
-RSA *PEM_read_RSAPublicKey();
-DSA *PEM_read_DSAPrivateKey();
-EVP_PKEY *PEM_read_PrivateKey();
-PKCS7 *PEM_read_PKCS7();
-DH *PEM_read_DHparams();
-DSA *PEM_read_DSAparams();
-int PEM_write_X509();
-int PEM_write_X509_REQ();
-int PEM_write_X509_CRL();
-int PEM_write_RSAPrivateKey();
-int PEM_write_RSAPublicKey();
-int PEM_write_DSAPrivateKey();
-int PEM_write_PrivateKey();
-int PEM_write_PKCS7();
-int PEM_write_DHparams();
-int PEM_write_DSAparams();
-#endif
-
-X509 *PEM_read_bio_X509();
-X509_REQ *PEM_read_bio_X509_REQ();
-X509_CRL *PEM_read_bio_X509_CRL();
-RSA *PEM_read_bio_RSAPrivateKey();
-RSA *PEM_read_bio_RSAPublicKey();
-DSA *PEM_read_bio_DSAPrivateKey();
-EVP_PKEY *PEM_read_bio_PrivateKey();
-PKCS7 *PEM_read_bio_PKCS7();
-DH *PEM_read_bio_DHparams();
-DSA *PEM_read_bio_DSAparams();
-int PEM_write_bio_X509();
-int PEM_write_bio_X509_REQ();
-int PEM_write_bio_X509_CRL();
-int PEM_write_bio_RSAPrivateKey();
-int PEM_write_bio_RSAPublicKey();
-int PEM_write_bio_DSAPrivateKey();
-int PEM_write_bio_PrivateKey();
-int PEM_write_bio_PKCS7();
-int PEM_write_bio_DHparams();
-int PEM_write_bio_DSAparams();
-
-#endif /* SSLEAY_MACROS */
-
-#endif
-
-/* BEGIN ERROR CODES */
-/* Error codes for the PEM functions. */
-
-/* Function codes. */
-#define PEM_F_DEF_CALLBACK				 100
-#define PEM_F_LOAD_IV					 101
-#define PEM_F_PEM_ASN1_READ				 102
-#define PEM_F_PEM_ASN1_READ_BIO				 103
-#define PEM_F_PEM_ASN1_WRITE				 104
-#define PEM_F_PEM_ASN1_WRITE_BIO			 105
-#define PEM_F_PEM_DO_HEADER				 106
-#define PEM_F_PEM_GET_EVP_CIPHER_INFO			 107
-#define PEM_F_PEM_READ					 108
-#define PEM_F_PEM_READ_BIO				 109
-#define PEM_F_PEM_SEALFINAL				 110
-#define PEM_F_PEM_SEALINIT				 111
-#define PEM_F_PEM_SIGNFINAL				 112
-#define PEM_F_PEM_WRITE					 113
-#define PEM_F_PEM_WRITE_BIO				 114
-#define PEM_F_PEM_X509_INFO_READ			 115
-#define PEM_F_PEM_X509_INFO_READ_BIO			 116
-#define PEM_F_PEM_X509_INFO_WRITE_BIO			 117
-
-/* Reason codes. */
-#define PEM_R_BAD_BASE64_DECODE				 100
-#define PEM_R_BAD_DECRYPT				 101
-#define PEM_R_BAD_END_LINE				 102
-#define PEM_R_BAD_IV_CHARS				 103
-#define PEM_R_BAD_PASSWORD_READ				 104
-#define PEM_R_NOT_DEK_INFO				 105
-#define PEM_R_NOT_ENCRYPTED				 106
-#define PEM_R_NOT_PROC_TYPE				 107
-#define PEM_R_NO_START_LINE				 108
-#define PEM_R_PROBLEMS_GETTING_PASSWORD			 109
-#define PEM_R_PUBLIC_KEY_NO_RSA				 110
-#define PEM_R_READ_KEY					 111
-#define PEM_R_SHORT_HEADER				 112
-#define PEM_R_UNSUPPORTED_CIPHER			 113
-#define PEM_R_UNSUPPORTED_ENCRYPTION			 114
- 
-#ifdef  __cplusplus
-}
-#endif
-#endif
-
diff --git a/lib/libssl/src/crypto/pem/pem2.h b/lib/libssl/src/crypto/pem/pem2.h
new file mode 100644
index 00000000000..4a016aacd2a
--- /dev/null
+++ b/lib/libssl/src/crypto/pem/pem2.h
@@ -0,0 +1,60 @@
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/*
+ * This header only exists to break a circular dependency between pem and err
+ * Ben 30 Jan 1999.
+ */
+
+void ERR_load_PEM_strings(void);
diff --git a/lib/libssl/src/crypto/pem/pem_all.c b/lib/libssl/src/crypto/pem/pem_all.c
index d1cda7aabe4..bc473f3cff4 100644
--- a/lib/libssl/src/crypto/pem/pem_all.c
+++ b/lib/libssl/src/crypto/pem/pem_all.c
@@ -59,430 +59,55 @@
 #include <stdio.h>
 #undef SSLEAY_MACROS
 #include "cryptlib.h"
-#include "bio.h"
-#include "evp.h"
-#include "x509.h"
-#include "pkcs7.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
 
-#ifndef NO_FP_API
-/* The X509 functions */
-X509 *PEM_read_X509(fp,x,cb)
-FILE *fp;
-X509 **x;
-int (*cb)();
-	{
-	return((X509 *)PEM_ASN1_read((char *(*)())d2i_X509,
-		PEM_STRING_X509,fp,(char **)x,cb));
-	}
-#endif
-
-X509 *PEM_read_bio_X509(bp,x,cb)
-BIO *bp;
-X509 **x;
-int (*cb)();
-	{
-	return((X509 *)PEM_ASN1_read_bio((char *(*)())d2i_X509,
-		PEM_STRING_X509,bp,(char **)x,cb));
-	}
-
-#ifndef NO_FP_API
-int PEM_write_X509(fp,x)
-FILE *fp;
-X509 *x;
-	{
-	return(PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp,
-		(char *)x, NULL,NULL,0,NULL));
-	}
-#endif
+IMPLEMENT_PEM_rw(X509, X509, PEM_STRING_X509, X509)
 
-int PEM_write_bio_X509(bp,x)
-BIO *bp;
-X509 *x;
-	{
-	return(PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp,
-		(char *)x, NULL,NULL,0,NULL));
-	}
+IMPLEMENT_PEM_rw(X509_REQ, X509_REQ, PEM_STRING_X509_REQ, X509_REQ)
 
-#ifndef NO_FP_API
-/* The X509_REQ functions */
-X509_REQ *PEM_read_X509_REQ(fp,x,cb)
-FILE *fp;
-X509_REQ **x;
-int (*cb)();
-	{
-	return((X509_REQ *)PEM_ASN1_read((char *(*)())d2i_X509_REQ,
-		PEM_STRING_X509_REQ,fp,(char **)x,cb));
-	}
-#endif
+IMPLEMENT_PEM_rw(X509_CRL, X509_CRL, PEM_STRING_X509_CRL, X509_CRL)
 
-X509_REQ *PEM_read_bio_X509_REQ(bp,x,cb)
-BIO *bp;
-X509_REQ **x;
-int (*cb)();
-	{
-	return((X509_REQ *)PEM_ASN1_read_bio((char *(*)())d2i_X509_REQ,
-		PEM_STRING_X509_REQ,bp,(char **)x,cb));
-	}
+IMPLEMENT_PEM_rw(PKCS7, PKCS7, PEM_STRING_PKCS7, PKCS7)
 
-#ifndef NO_FP_API
-int PEM_write_X509_REQ(fp,x)
-FILE *fp;
-X509_REQ *x;
-	{
-	return(PEM_ASN1_write((int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp,
-		(char *)x, NULL,NULL,0,NULL));
-	}
-#endif
+IMPLEMENT_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE,
+					PEM_STRING_X509, NETSCAPE_CERT_SEQUENCE)
 
-int PEM_write_bio_X509_REQ(bp,x)
-BIO *bp;
-X509_REQ *x;
-	{
-	return(PEM_ASN1_write_bio((int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,
-		bp,(char *)x, NULL,NULL,0,NULL));
-	}
-
-#ifndef NO_FP_API
-/* The X509_CRL functions */
-X509_CRL *PEM_read_X509_CRL(fp,x,cb)
-FILE *fp;
-X509_CRL **x;
-int (*cb)();
-	{
-	return((X509_CRL *)PEM_ASN1_read((char *(*)())d2i_X509_CRL,
-		PEM_STRING_X509_CRL,fp,(char **)x,cb));
-	}
-#endif
-
-X509_CRL *PEM_read_bio_X509_CRL(bp,x,cb)
-BIO *bp;
-X509_CRL **x;
-int (*cb)();
-	{
-	return((X509_CRL *)PEM_ASN1_read_bio((char *(*)())d2i_X509_CRL,
-		PEM_STRING_X509_CRL,bp,(char **)x,cb));
-	}
-
-#ifndef NO_FP_API
-int PEM_write_X509_CRL(fp,x)
-FILE *fp;
-X509_CRL *x;
-	{
-	return(PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,fp,
-		(char *)x, NULL,NULL,0,NULL));
-	}
-#endif
-
-int PEM_write_bio_X509_CRL(bp,x)
-BIO *bp;
-X509_CRL *x;
-	{
-	return(PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,
-		bp,(char *)x, NULL,NULL,0,NULL));
-	}
+IMPLEMENT_PEM_rw(PKCS8, X509_SIG, PEM_STRING_PKCS8, X509_SIG)
+IMPLEMENT_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF,
+							 PKCS8_PRIV_KEY_INFO)
 
 #ifndef NO_RSA
-#ifndef NO_FP_API
-/* The RSAPrivateKey functions */
-RSA *PEM_read_RSAPrivateKey(fp,x,cb)
-FILE *fp;
-RSA **x;
-int (*cb)();
-	{
-	return((RSA *)PEM_ASN1_read((char *(*)())d2i_RSAPrivateKey,
-		PEM_STRING_RSA,fp,(char **)x,cb));
-	}
-
-RSA *PEM_read_RSAPublicKey(fp,x,cb)
-FILE *fp;
-RSA **x;
-int (*cb)();
-	{
-	return((RSA *)PEM_ASN1_read((char *(*)())d2i_RSAPublicKey,
-		PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb));
-	}
-#endif
 
-RSA *PEM_read_bio_RSAPrivateKey(bp,x,cb)
-BIO *bp;
-RSA **x;
-int (*cb)();
-	{
-	return((RSA *)PEM_ASN1_read_bio((char *(*)())d2i_RSAPrivateKey,
-		PEM_STRING_RSA,bp,(char **)x,cb));
-	}
+IMPLEMENT_PEM_rw_cb(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
 
-RSA *PEM_read_bio_RSAPublicKey(bp,x,cb)
-BIO *bp;
-RSA **x;
-int (*cb)();
-	{
-	return((RSA *)PEM_ASN1_read_bio((char *(*)())d2i_RSAPublicKey,
-		PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb));
-	}
+IMPLEMENT_PEM_rw(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
 
-#ifndef NO_FP_API
-int PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb)
-FILE *fp;
-RSA *x;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*cb)();
-	{
-	return(PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp,
-		(char *)x,enc,kstr,klen,cb));
-	}
-
-int PEM_write_RSAPublicKey(fp,x)
-FILE *fp;
-RSA *x;
-	{
-	return(PEM_ASN1_write((int (*)())i2d_RSAPublicKey,
-		PEM_STRING_RSA_PUBLIC,fp,
-		(char *)x,NULL,NULL,0,NULL));
-	}
 #endif
 
-int PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb)
-BIO *bp;
-RSA *x;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*cb)();
-	{
-	return(PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,
-		bp,(char *)x,enc,kstr,klen,cb));
-	}
-
-int PEM_write_bio_RSAPublicKey(bp,x)
-BIO *bp;
-RSA *x;
-	{
-	return(PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey,
-		PEM_STRING_RSA_PUBLIC,
-		bp,(char *)x,NULL,NULL,0,NULL));
-	}
-#endif /* !NO_RSA */
-
 #ifndef NO_DSA
-#ifndef NO_FP_API
-/* The DSAPrivateKey functions */
-DSA *PEM_read_DSAPrivateKey(fp,x,cb)
-FILE *fp;
-DSA **x;
-int (*cb)();
-	{
-	return((DSA *)PEM_ASN1_read((char *(*)())d2i_DSAPrivateKey,
-		PEM_STRING_DSA,fp,(char **)x,cb));
-	}
-#endif
-
-DSA *PEM_read_bio_DSAPrivateKey(bp,x,cb)
-BIO *bp;
-DSA **x;
-int (*cb)();
-	{
-	return((DSA *)PEM_ASN1_read_bio((char *(*)())d2i_DSAPrivateKey,
-		PEM_STRING_DSA,bp,(char **)x,cb));
-	}
-
-#ifndef NO_FP_API
-int PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb)
-FILE *fp;
-DSA *x;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*cb)();
-	{
-	return(PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp,
-		(char *)x,enc,kstr,klen,cb));
-	}
-#endif
 
-int PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb)
-BIO *bp;
-DSA *x;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*cb)();
-	{
-	return(PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,
-		bp,(char *)x,enc,kstr,klen,cb));
-	}
-#endif
-
-#ifndef NO_FP_API
-/* The PrivateKey functions */
-EVP_PKEY *PEM_read_PrivateKey(fp,x,cb)
-FILE *fp;
-EVP_PKEY **x;
-int (*cb)();
-	{
-	return((EVP_PKEY *)PEM_ASN1_read((char *(*)())d2i_PrivateKey,
-		PEM_STRING_EVP_PKEY,fp,(char **)x,cb));
-	}
-#endif
-
-EVP_PKEY *PEM_read_bio_PrivateKey(bp,x,cb)
-BIO *bp;
-EVP_PKEY **x;
-int (*cb)();
-	{
-	return((EVP_PKEY *)PEM_ASN1_read_bio((char *(*)())d2i_PrivateKey,
-		PEM_STRING_EVP_PKEY,bp,(char **)x,cb));
-	}
-
-#ifndef NO_FP_API
-int PEM_write_PrivateKey(fp,x,enc,kstr,klen,cb)
-FILE *fp;
-EVP_PKEY *x;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*cb)();
-	{
-	return(PEM_ASN1_write((int (*)())i2d_PrivateKey,
-		((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),
-		fp,(char *)x,enc,kstr,klen,cb));
-	}
-#endif
+IMPLEMENT_PEM_rw_cb(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
 
-int PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb)
-BIO *bp;
-EVP_PKEY *x;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*cb)();
-	{
-	return(PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,
-		((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),
-		bp,(char *)x,enc,kstr,klen,cb));
-	}
+IMPLEMENT_PEM_rw(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams)
 
-#ifndef NO_FP_API
-/* The PKCS7 functions */
-PKCS7 *PEM_read_PKCS7(fp,x,cb)
-FILE *fp;
-PKCS7 **x;
-int (*cb)();
-	{
-	return((PKCS7 *)PEM_ASN1_read((char *(*)())d2i_PKCS7,
-		PEM_STRING_PKCS7,fp,(char **)x,cb));
-	}
 #endif
 
-PKCS7 *PEM_read_bio_PKCS7(bp,x,cb)
-BIO *bp;
-PKCS7 **x;
-int (*cb)();
-	{
-	return((PKCS7 *)PEM_ASN1_read_bio((char *(*)())d2i_PKCS7,
-		PEM_STRING_PKCS7,bp,(char **)x,cb));
-	}
-
-#ifndef NO_FP_API
-int PEM_write_PKCS7(fp,x)
-FILE *fp;
-PKCS7 *x;
-	{
-	return(PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp,
-		(char *)x, NULL,NULL,0,NULL));
-	}
-#endif
-
-int PEM_write_bio_PKCS7(bp,x)
-BIO *bp;
-PKCS7 *x;
-	{
-	return(PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp,
-		(char *)x, NULL,NULL,0,NULL));
-	}
-
 #ifndef NO_DH
-#ifndef NO_FP_API
-/* The DHparams functions */
-DH *PEM_read_DHparams(fp,x,cb)
-FILE *fp;
-DH **x;
-int (*cb)();
-	{
-	return((DH *)PEM_ASN1_read((char *(*)())d2i_DHparams,
-		PEM_STRING_DHPARAMS,fp,(char **)x,cb));
-	}
-#endif
 
-DH *PEM_read_bio_DHparams(bp,x,cb)
-BIO *bp;
-DH **x;
-int (*cb)();
-	{
-	return((DH *)PEM_ASN1_read_bio((char *(*)())d2i_DHparams,
-		PEM_STRING_DHPARAMS,bp,(char **)x,cb));
-	}
+IMPLEMENT_PEM_rw(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
 
-#ifndef NO_FP_API
-int PEM_write_DHparams(fp,x)
-FILE *fp;
-DH *x;
-	{
-	return(PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp,
-		(char *)x, NULL,NULL,0,NULL));
-	}
 #endif
 
-int PEM_write_bio_DHparams(bp,x)
-BIO *bp;
-DH *x;
-	{
-	return(PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,
-		bp,(char *)x, NULL,NULL,0,NULL));
-	}
-#endif
-
-#ifndef NO_DSA
-#ifndef NO_FP_API
-/* The DSAparams functions */
-DSA *PEM_read_DSAparams(fp,x,cb)
-FILE *fp;
-DSA **x;
-int (*cb)();
-	{
-	return((DSA *)PEM_ASN1_read((char *(*)())d2i_DSAparams,
-		PEM_STRING_DSAPARAMS,fp,(char **)x,cb));
-	}
-#endif
-
-DSA *PEM_read_bio_DSAparams(bp,x,cb)
-BIO *bp;
-DSA **x;
-int (*cb)();
-	{
-	return((DSA *)PEM_ASN1_read_bio((char *(*)())d2i_DSAparams,
-		PEM_STRING_DSAPARAMS,bp,(char **)x,cb));
-	}
-
-#ifndef NO_FP_API
-int PEM_write_DSAparams(fp,x)
-FILE *fp;
-DSA *x;
-	{
-	return(PEM_ASN1_write((int (*)())i2d_DSAparams,PEM_STRING_DSAPARAMS,fp,
-		(char *)x, NULL,NULL,0,NULL));
-	}
-#endif
-
-int PEM_write_bio_DSAparams(bp,x)
-BIO *bp;
-DSA *x;
-	{
-	return(PEM_ASN1_write_bio((int (*)())i2d_DSAparams,PEM_STRING_DSAPARAMS,
-		bp,(char *)x, NULL,NULL,0,NULL));
-	}
-#endif
 
+/* The PrivateKey case is not that straightforward.
+ *   IMPLEMENT_PEM_rw_cb(PrivateKey, EVP_PKEY, PEM_STRING_EVP_PKEY, PrivateKey)
+ * does not work, RSA and DSA keys have specific strings.
+ * (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything
+ * appropriate.)
+ */
+IMPLEMENT_PEM_read(PrivateKey, EVP_PKEY, PEM_STRING_EVP_PKEY, PrivateKey)
+IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA), PrivateKey)
diff --git a/lib/libssl/src/crypto/pem/pem_err.c b/lib/libssl/src/crypto/pem/pem_err.c
index e17fcdb540d..fa70f609986 100644
--- a/lib/libssl/src/crypto/pem/pem_err.c
+++ b/lib/libssl/src/crypto/pem/pem_err.c
@@ -1,63 +1,65 @@
-/* lib/pem/pem_err.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* crypto/pem/pem_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
+ */
+
 #include <stdio.h>
-#include "err.h"
-#include "pem.h"
+#include <openssl/err.h>
+#include <openssl/pem.h>
 
 /* BEGIN ERROR CODES */
 #ifndef NO_ERR
@@ -70,6 +72,7 @@ static ERR_STRING_DATA PEM_str_functs[]=
 {ERR_PACK(0,PEM_F_PEM_ASN1_WRITE,0),	"PEM_ASN1_write"},
 {ERR_PACK(0,PEM_F_PEM_ASN1_WRITE_BIO,0),	"PEM_ASN1_write_bio"},
 {ERR_PACK(0,PEM_F_PEM_DO_HEADER,0),	"PEM_do_header"},
+{ERR_PACK(0,PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY,0),	"PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"},
 {ERR_PACK(0,PEM_F_PEM_GET_EVP_CIPHER_INFO,0),	"PEM_get_EVP_CIPHER_INFO"},
 {ERR_PACK(0,PEM_F_PEM_READ,0),	"PEM_read"},
 {ERR_PACK(0,PEM_F_PEM_READ_BIO,0),	"PEM_read_bio"},
@@ -78,10 +81,11 @@ static ERR_STRING_DATA PEM_str_functs[]=
 {ERR_PACK(0,PEM_F_PEM_SIGNFINAL,0),	"PEM_SignFinal"},
 {ERR_PACK(0,PEM_F_PEM_WRITE,0),	"PEM_write"},
 {ERR_PACK(0,PEM_F_PEM_WRITE_BIO,0),	"PEM_write_bio"},
+{ERR_PACK(0,PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY,0),	"PEM_write_bio_PKCS8PrivateKey"},
 {ERR_PACK(0,PEM_F_PEM_X509_INFO_READ,0),	"PEM_X509_INFO_read"},
 {ERR_PACK(0,PEM_F_PEM_X509_INFO_READ_BIO,0),	"PEM_X509_INFO_read_bio"},
 {ERR_PACK(0,PEM_F_PEM_X509_INFO_WRITE_BIO,0),	"PEM_X509_INFO_write_bio"},
-{0,NULL},
+{0,NULL}
 	};
 
 static ERR_STRING_DATA PEM_str_reasons[]=
@@ -91,6 +95,7 @@ static ERR_STRING_DATA PEM_str_reasons[]=
 {PEM_R_BAD_END_LINE                      ,"bad end line"},
 {PEM_R_BAD_IV_CHARS                      ,"bad iv chars"},
 {PEM_R_BAD_PASSWORD_READ                 ,"bad password read"},
+{PEM_R_ERROR_CONVERTING_PRIVATE_KEY      ,"error converting private key"},
 {PEM_R_NOT_DEK_INFO                      ,"not dek info"},
 {PEM_R_NOT_ENCRYPTED                     ,"not encrypted"},
 {PEM_R_NOT_PROC_TYPE                     ,"not proc type"},
@@ -101,17 +106,17 @@ static ERR_STRING_DATA PEM_str_reasons[]=
 {PEM_R_SHORT_HEADER                      ,"short header"},
 {PEM_R_UNSUPPORTED_CIPHER                ,"unsupported cipher"},
 {PEM_R_UNSUPPORTED_ENCRYPTION            ,"unsupported encryption"},
-{0,NULL},
+{0,NULL}
 	};
 
 #endif
 
-void ERR_load_PEM_strings()
+void ERR_load_PEM_strings(void)
 	{
 	static int init=1;
 
-	if (init);
-		{;
+	if (init)
+		{
 		init=0;
 #ifndef NO_ERR
 		ERR_load_strings(ERR_LIB_PEM,PEM_str_functs);
diff --git a/lib/libssl/src/crypto/pem/pem_info.c b/lib/libssl/src/crypto/pem/pem_info.c
index 4b69833b628..fec18a4c2ed 100644
--- a/lib/libssl/src/crypto/pem/pem_info.c
+++ b/lib/libssl/src/crypto/pem/pem_info.c
@@ -58,20 +58,17 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "objects.h"
-#include "evp.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 #ifndef NO_FP_API
-STACK *PEM_X509_INFO_read(fp,sk,cb)
-FILE *fp;
-STACK *sk;
-int (*cb)();
+STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u)
 	{
         BIO *b;
-        STACK *ret;
+        STACK_OF(X509_INFO) *ret;
 
         if ((b=BIO_new(BIO_s_file())) == NULL)
 		{
@@ -79,29 +76,26 @@ int (*cb)();
                 return(0);
 		}
         BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=PEM_X509_INFO_read_bio(b,sk,cb);
+        ret=PEM_X509_INFO_read_bio(b,sk,cb,u);
         BIO_free(b);
         return(ret);
 	}
 #endif
 
-STACK *PEM_X509_INFO_read_bio(bp,sk,cb)
-BIO *bp;
-STACK *sk;
-int (*cb)();
+STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u)
 	{
 	X509_INFO *xi=NULL;
 	char *name=NULL,*header=NULL,**pp;
 	unsigned char *data=NULL,*p;
 	long len,error=0;
 	int ok=0;
-	STACK *ret=NULL;
+	STACK_OF(X509_INFO) *ret=NULL;
 	unsigned int i,raw;
 	char *(*d2i)();
 
 	if (sk == NULL)
 		{
-		if ((ret=sk_new_null()) == NULL)
+		if ((ret=sk_X509_INFO_new_null()) == NULL)
 			{
 			PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_MALLOC_FAILURE);
 			goto err;
@@ -132,7 +126,7 @@ start:
 			d2i=(char *(*)())d2i_X509;
 			if (xi->x509 != NULL)
 				{
-				if (!sk_push(ret,(char *)xi)) goto err;
+				if (!sk_X509_INFO_push(ret,xi)) goto err;
 				if ((xi=X509_INFO_new()) == NULL) goto err;
 				goto start;
 				}
@@ -143,7 +137,7 @@ start:
 			d2i=(char *(*)())d2i_X509_CRL;
 			if (xi->crl != NULL)
 				{
-				if (!sk_push(ret,(char *)xi)) goto err;
+				if (!sk_X509_INFO_push(ret,xi)) goto err;
 				if ((xi=X509_INFO_new()) == NULL) goto err;
 				goto start;
 				}
@@ -156,7 +150,7 @@ start:
 			d2i=(char *(*)())d2i_RSAPrivateKey;
 			if (xi->x_pkey != NULL) 
 				{
-				if (!sk_push(ret,(char *)xi)) goto err;
+				if (!sk_X509_INFO_push(ret,xi)) goto err;
 				if ((xi=X509_INFO_new()) == NULL) goto err;
 				goto start;
 				}
@@ -180,7 +174,7 @@ start:
 			d2i=(char *(*)())d2i_DSAPrivateKey;
 			if (xi->x_pkey != NULL) 
 				{
-				if (!sk_push(ret,(char *)xi)) goto err;
+				if (!sk_X509_INFO_push(ret,xi)) goto err;
 				if ((xi=X509_INFO_new()) == NULL) goto err;
 				goto start;
 				}
@@ -211,7 +205,7 @@ start:
 
 				if (!PEM_get_EVP_CIPHER_INFO(header,&cipher))
 					goto err;
-				if (!PEM_do_header(&cipher,data,&len,cb))
+				if (!PEM_do_header(&cipher,data,&len,cb,u))
 					goto err;
 				p=data;
 				if (d2i(pp,&p,len) == NULL)
@@ -246,7 +240,7 @@ start:
 	if ((xi->x509 != NULL) || (xi->crl != NULL) ||
 		(xi->x_pkey != NULL) || (xi->enc_data != NULL))
 		{
-		if (!sk_push(ret,(char *)xi)) goto err;
+		if (!sk_X509_INFO_push(ret,xi)) goto err;
 		xi=NULL;
 		}
 	ok=1;
@@ -254,12 +248,12 @@ err:
 	if (xi != NULL) X509_INFO_free(xi);
 	if (!ok)
 		{
-		for (i=0; ((int)i)<sk_num(ret); i++)
+		for (i=0; ((int)i)<sk_X509_INFO_num(ret); i++)
 			{
-			xi=(X509_INFO *)sk_value(ret,i);
+			xi=sk_X509_INFO_value(ret,i);
 			X509_INFO_free(xi);
 			}
-		if (ret != sk) sk_free(ret);
+		if (ret != sk) sk_X509_INFO_free(ret);
 		ret=NULL;
 		}
 		
@@ -271,19 +265,13 @@ err:
 
 
 /* A TJH addition */
-int PEM_X509_INFO_write_bio(bp,xi,enc,kstr,klen,cb)
-BIO *bp;
-X509_INFO *xi;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*cb)();
+int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
+	     unsigned char *kstr, int klen, pem_password_cb *cb, void *u)
 	{
 	EVP_CIPHER_CTX ctx;
 	int i,ret=0;
 	unsigned char *data=NULL;
-	char *objstr=NULL;
-#define PEM_BUFSIZE	1024
+	const char *objstr=NULL;
 	char buf[PEM_BUFSIZE];
 	unsigned char *iv=NULL;
 	
@@ -340,7 +328,7 @@ int (*cb)();
 			/* normal optionally encrypted stuff */
 			if (PEM_write_bio_RSAPrivateKey(bp,
 				xi->x_pkey->dec_pkey->pkey.rsa,
-				enc,kstr,klen,cb)<=0)
+				enc,kstr,klen,cb,u)<=0)
 				goto err;
 #endif
 			}
diff --git a/lib/libssl/src/crypto/pem/pem_lib.c b/lib/libssl/src/crypto/pem/pem_lib.c
index 7a2c0ad83be..90f02011bad 100644
--- a/lib/libssl/src/crypto/pem/pem_lib.c
+++ b/lib/libssl/src/crypto/pem/pem_lib.c
@@ -58,36 +58,25 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "objects.h"
-#include "evp.h"
-#include "rand.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs12.h>
 #ifndef NO_DES
-#include "des.h"
+#include <openssl/des.h>
 #endif
 
-char *PEM_version="PEM part of SSLeay 0.9.0b 29-Jun-1998";
+const char *PEM_version="PEM" OPENSSL_VERSION_PTEXT;
 
 #define MIN_LENGTH	4
 
-/* PEMerr(PEM_F_PEM_WRITE_BIO,ERR_R_MALLOC_FAILURE);
- * PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
- */
-
-#ifndef NOPROTO
-static int def_callback(char *buf, int num, int w);
+static int def_callback(char *buf, int num, int w, void *userdata);
 static int load_iv(unsigned char **fromp,unsigned char *to, int num);
-#else
-static int def_callback();
-static int load_iv();
-#endif
 
-static int def_callback(buf, num, w)
-char *buf;
-int num;
-int w;
+static int def_callback(char *buf, int num, int w, void *userdata)
 	{
 #ifdef NO_FP_API
 	/* We should not ever call the default callback routine from
@@ -96,7 +85,7 @@ int w;
 	return(-1);
 #else
 	int i,j;
-	char *prompt;
+	const char *prompt;
 
 	prompt=EVP_get_pw_prompt();
 	if (prompt == NULL)
@@ -123,11 +112,9 @@ int w;
 #endif
 	}
 
-void PEM_proc_type(buf, type)
-char *buf;
-int type;
+void PEM_proc_type(char *buf, int type)
 	{
-	char *str;
+	const char *str;
 
 	if (type == PEM_TYPE_ENCRYPTED)
 		str="ENCRYPTED";
@@ -143,11 +130,7 @@ int type;
 	strcat(buf,"\n");
 	}
 
-void PEM_dek_info(buf, type, len, str)
-char *buf;
-char *type;
-int len;
-char *str;
+void PEM_dek_info(char *buf, const char *type, int len, char *str)
 	{
 	static unsigned char map[17]="0123456789ABCDEF";
 	long i;
@@ -167,12 +150,8 @@ char *str;
 	}
 
 #ifndef NO_FP_API
-char *PEM_ASN1_read(d2i,name,fp, x, cb)
-char *(*d2i)();
-char *name;
-FILE *fp;
-char **x;
-int (*cb)();
+char *PEM_ASN1_read(char *(*d2i)(), const char *name, FILE *fp, char **x,
+	     pem_password_cb *cb, void *u)
 	{
         BIO *b;
         char *ret;
@@ -183,18 +162,14 @@ int (*cb)();
                 return(0);
 		}
         BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=PEM_ASN1_read_bio(d2i,name,b,x,cb);
+        ret=PEM_ASN1_read_bio(d2i,name,b,x,cb,u);
         BIO_free(b);
         return(ret);
 	}
 #endif
 
-char *PEM_ASN1_read_bio(d2i,name,bp, x, cb)
-char *(*d2i)();
-char *name;
-BIO *bp;
-char **x;
-int (*cb)();
+char *PEM_ASN1_read_bio(char *(*d2i)(), const char *name, BIO *bp, char **x,
+	     pem_password_cb *cb, void *u)
 	{
 	EVP_CIPHER_INFO cipher;
 	char *nm=NULL,*header=NULL;
@@ -210,10 +185,14 @@ int (*cb)();
 			 (strcmp(name,PEM_STRING_EVP_PKEY) == 0)) ||
 			((strcmp(nm,PEM_STRING_DSA) == 0) &&
 			 (strcmp(name,PEM_STRING_EVP_PKEY) == 0)) ||
+			((strcmp(nm,PEM_STRING_PKCS8) == 0) &&
+			 (strcmp(name,PEM_STRING_EVP_PKEY) == 0)) ||
+			((strcmp(nm,PEM_STRING_PKCS8INF) == 0) &&
+			 (strcmp(name,PEM_STRING_EVP_PKEY) == 0)) ||
 			((strcmp(nm,PEM_STRING_X509_OLD) == 0) &&
 			 (strcmp(name,PEM_STRING_X509) == 0)) ||
 			((strcmp(nm,PEM_STRING_X509_REQ_OLD) == 0) &&
-			 (strcmp(name,PEM_STRING_X509_REQ) == 0))
+			 (strcmp(name,PEM_STRING_X509_REQ) == 0)) 
 			)
 			break;
 		Free(nm);
@@ -221,17 +200,41 @@ int (*cb)();
 		Free(data);
 		}
 	if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) goto err;
-	if (!PEM_do_header(&cipher,data,&len,cb)) goto err;
+	if (!PEM_do_header(&cipher,data,&len,cb,u)) goto err;
 	p=data;
-	if (strcmp(name,PEM_STRING_EVP_PKEY) == 0)
-		{
+	if (strcmp(name,PEM_STRING_EVP_PKEY) == 0) {
 		if (strcmp(nm,PEM_STRING_RSA) == 0)
 			ret=d2i(EVP_PKEY_RSA,x,&p,len);
 		else if (strcmp(nm,PEM_STRING_DSA) == 0)
 			ret=d2i(EVP_PKEY_DSA,x,&p,len);
+		else if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) {
+			PKCS8_PRIV_KEY_INFO *p8inf;
+			p8inf=d2i_PKCS8_PRIV_KEY_INFO(
+					(PKCS8_PRIV_KEY_INFO **) x, &p, len);
+			ret = (char *)EVP_PKCS82PKEY(p8inf);
+			PKCS8_PRIV_KEY_INFO_free(p8inf);
+		} else if (strcmp(nm,PEM_STRING_PKCS8) == 0) {
+			PKCS8_PRIV_KEY_INFO *p8inf;
+			X509_SIG *p8;
+			int klen;
+			char psbuf[PEM_BUFSIZE];
+			p8 = d2i_X509_SIG((X509_SIG **)x, &p, len);
+			if(!p8) goto p8err;
+			if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u);
+			else klen=def_callback(psbuf,PEM_BUFSIZE,0,u);
+			if (klen <= 0) {
+				PEMerr(PEM_F_PEM_ASN1_READ_BIO,
+						PEM_R_BAD_PASSWORD_READ);
+				goto err;
+			}
+			p8inf = M_PKCS8_decrypt(p8, psbuf, klen);
+			X509_SIG_free(p8);
+			if(!p8inf) goto p8err;
+			ret = (char *)EVP_PKCS82PKEY(p8inf);
+			PKCS8_PRIV_KEY_INFO_free(p8inf);
 		}
-	else	
-		ret=d2i(x,&p,len);
+	} else	ret=d2i(x,&p,len);
+p8err:
 	if (ret == NULL)
 		PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB);
 err:
@@ -242,15 +245,9 @@ err:
 	}
 
 #ifndef NO_FP_API
-int PEM_ASN1_write(i2d,name,fp, x, enc, kstr, klen, callback)
-int (*i2d)();
-char *name;
-FILE *fp;
-char *x;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*callback)();
+int PEM_ASN1_write(int (*i2d)(), const char *name, FILE *fp, char *x,
+	     const EVP_CIPHER *enc, unsigned char *kstr, int klen,
+	     pem_password_cb *callback, void *u)
         {
         BIO *b;
         int ret;
@@ -261,27 +258,20 @@ int (*callback)();
                 return(0);
 		}
         BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=PEM_ASN1_write_bio(i2d,name,b,x,enc,kstr,klen,callback);
+        ret=PEM_ASN1_write_bio(i2d,name,b,x,enc,kstr,klen,callback,u);
         BIO_free(b);
         return(ret);
         }
 #endif
 
-int PEM_ASN1_write_bio(i2d,name,bp, x, enc, kstr, klen, callback)
-int (*i2d)();
-char *name;
-BIO *bp;
-char *x;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*callback)();
+int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
+	     const EVP_CIPHER *enc, unsigned char *kstr, int klen,
+	     pem_password_cb *callback, void *u)
 	{
 	EVP_CIPHER_CTX ctx;
 	int dsize=0,i,j,ret=0;
 	unsigned char *p,*data=NULL;
-	char *objstr=NULL;
-#define PEM_BUFSIZE	1024
+	const char *objstr=NULL;
 	char buf[PEM_BUFSIZE];
 	unsigned char key[EVP_MAX_KEY_LENGTH];
 	unsigned char iv[EVP_MAX_IV_LENGTH];
@@ -317,14 +307,18 @@ int (*callback)();
 		if (kstr == NULL)
 			{
 			if (callback == NULL)
-				klen=def_callback(buf,PEM_BUFSIZE,1);
+				klen=def_callback(buf,PEM_BUFSIZE,1,u);
 			else
-				klen=(*callback)(buf,PEM_BUFSIZE,1);
+				klen=(*callback)(buf,PEM_BUFSIZE,1,u);
 			if (klen <= 0)
 				{
 				PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_READ_KEY);
 				goto err;
 				}
+#ifdef CHARSET_EBCDIC
+			/* Convert the pass phrase from EBCDIC */
+			ebcdic2ascii(buf, buf, klen);
+#endif
 			kstr=(unsigned char *)buf;
 			}
 		RAND_seed(data,i);/* put in the RSA key. */
@@ -363,11 +357,8 @@ err:
 	return(ret);
 	}
 
-int PEM_do_header(cipher, data, plen, callback)
-EVP_CIPHER_INFO *cipher;
-unsigned char *data;
-long *plen;
-int (*callback)();
+int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
+	     pem_password_cb *callback,void *u)
 	{
 	int i,j,o,klen;
 	long len;
@@ -379,14 +370,19 @@ int (*callback)();
 
 	if (cipher->cipher == NULL) return(1);
 	if (callback == NULL)
-		klen=def_callback(buf,PEM_BUFSIZE,0);
+		klen=def_callback(buf,PEM_BUFSIZE,0,u);
 	else
-		klen=callback(buf,PEM_BUFSIZE,0);
+		klen=callback(buf,PEM_BUFSIZE,0,u);
 	if (klen <= 0)
 		{
 		PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_PASSWORD_READ);
 		return(0);
 		}
+#ifdef CHARSET_EBCDIC
+	/* Convert the pass phrase from EBCDIC */
+	ebcdic2ascii(buf, buf, klen);
+#endif
+
 	EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]),
 		(unsigned char *)buf,klen,1,key,NULL);
 
@@ -407,12 +403,10 @@ int (*callback)();
 	return(1);
 	}
 
-int PEM_get_EVP_CIPHER_INFO(header,cipher)
-char *header;
-EVP_CIPHER_INFO *cipher;
+int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
 	{
 	int o;
-	EVP_CIPHER *enc=NULL;
+	const EVP_CIPHER *enc=NULL;
 	char *p,c;
 
 	cipher->cipher=NULL;
@@ -438,9 +432,15 @@ EVP_CIPHER_INFO *cipher;
 	for (;;)
 		{
 		c= *header;
+#ifndef CHARSET_EBCDIC
 		if (!(	((c >= 'A') && (c <= 'Z')) || (c == '-') ||
 			((c >= '0') && (c <= '9'))))
 			break;
+#else
+		if (!(	isupper(c) || (c == '-') ||
+			isdigit(c)))
+			break;
+#endif
 		header++;
 		}
 	*header='\0';
@@ -459,9 +459,7 @@ EVP_CIPHER_INFO *cipher;
 	return(1);
 	}
 
-static int load_iv(fromp,to,num)
-unsigned char **fromp,*to;
-int num;
+static int load_iv(unsigned char **fromp, unsigned char *to, int num)
 	{
 	int v,i;
 	unsigned char *from;
@@ -491,12 +489,8 @@ int num;
 	}
 
 #ifndef NO_FP_API
-int PEM_write(fp, name, header, data,len)
-FILE *fp;
-char *name;
-char *header;
-unsigned char *data;
-long len;
+int PEM_write(FILE *fp, char *name, char *header, unsigned char *data,
+	     long len)
         {
         BIO *b;
         int ret;
@@ -513,12 +507,8 @@ long len;
         }
 #endif
 
-int PEM_write_bio(bp, name, header, data,len)
-BIO *bp;
-char *name;
-char *header;
-unsigned char *data;
-long len;
+int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
+	     long len)
 	{
 	int nlen,n,i,j,outl;
 	unsigned char *buf;
@@ -573,12 +563,8 @@ err:
 	}
 
 #ifndef NO_FP_API
-int PEM_read(fp, name, header, data,len)
-FILE *fp;
-char **name;
-char **header;
-unsigned char **data;
-long *len;
+int PEM_read(FILE *fp, char **name, char **header, unsigned char **data,
+	     long *len)
         {
         BIO *b;
         int ret;
@@ -595,12 +581,8 @@ long *len;
         }
 #endif
 
-int PEM_read_bio(bp, name, header, data, len)
-BIO *bp;
-char **name;
-char **header;
-unsigned char **data;
-long *len;
+int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
+	     long *len)
 	{
 	EVP_ENCODE_CTX ctx;
 	int end=0,i,k,bl=0,hl=0,nohead=0;
@@ -643,7 +625,7 @@ long *len;
 				PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
 				goto err;
 				}
-			strncpy(nameB->data,&(buf[11]),(unsigned int)i-6);
+			memcpy(nameB->data,&(buf[11]),i-6);
 			nameB->data[i-6]='\0';
 			break;
 			}
@@ -668,7 +650,7 @@ long *len;
 			nohead=1;
 			break;
 			}
-		strncpy(&(headerB->data[hl]),buf,(unsigned int)i);
+		memcpy(&(headerB->data[hl]),buf,i);
 		headerB->data[hl+i]='\0';
 		hl+=i;
 		}
@@ -696,7 +678,7 @@ long *len;
 				PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
 				goto err;
 				}
-			strncpy(&(dataB->data[bl]),buf,(unsigned int)i);
+			memcpy(&(dataB->data[bl]),buf,i);
 			dataB->data[bl+i]='\0';
 			bl+=i;
 			if (end)
@@ -721,7 +703,7 @@ long *len;
 		}
 	i=strlen(nameB->data);
 	if (	(strncmp(buf,"-----END ",9) != 0) ||
-		(strncmp(nameB->data,&(buf[9]),(unsigned int)i) != 0) ||
+		(strncmp(nameB->data,&(buf[9]),i) != 0) ||
 		(strncmp(&(buf[9+i]),"-----\n",6) != 0))
 		{
 		PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_END_LINE);
@@ -760,3 +742,62 @@ err:
 	BUF_MEM_free(dataB);
 	return(0);
 	}
+
+/* This function writes a private key in PKCS#8 format: it is a "drop in"
+ * replacement for PEM_write_bio_PrivateKey(). As usual if 'enc' is NULL then
+ * it uses the unencrypted private key form. It uses PKCS#5 v2.0 password based
+ * encryption algorithms.
+ */
+
+int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+				  char *kstr, int klen,
+				  pem_password_cb *cb, void *u)
+{
+	X509_SIG *p8;
+	PKCS8_PRIV_KEY_INFO *p8inf;
+	char buf[PEM_BUFSIZE];
+	int ret;
+	if(!(p8inf = EVP_PKEY2PKCS8(x))) {
+		PEMerr(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY,
+					PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
+		return 0;
+	}
+	if(enc) {
+		if(!kstr) {
+			if(!cb) klen = def_callback(buf, PEM_BUFSIZE, 1, u);
+			else klen = cb(buf, PEM_BUFSIZE, 1, u);
+			if(klen <= 0) {
+				PEMerr(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY,
+								PEM_R_READ_KEY);
+				PKCS8_PRIV_KEY_INFO_free(p8inf);
+				return 0;
+			}
+				
+			kstr = buf;
+		}
+		p8 = PKCS8_encrypt(-1, enc, kstr, klen, NULL, 0, 0, p8inf);
+		if(kstr == buf) memset(buf, 0, klen);
+		PKCS8_PRIV_KEY_INFO_free(p8inf);
+		ret = PEM_write_bio_PKCS8(bp, p8);
+		X509_SIG_free(p8);
+		return ret;
+	} else {
+		ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf);
+		PKCS8_PRIV_KEY_INFO_free(p8inf);
+		return ret;
+	}
+}
+
+int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+			      char *kstr, int klen, pem_password_cb *cb, void *u)
+{
+	BIO *bp;
+	int ret;
+	if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
+		PEMerr(PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY,ERR_R_BUF_LIB);
+                return(0);
+	}
+	ret = PEM_write_bio_PKCS8PrivateKey(bp, x, enc, kstr, klen, cb, u);
+	BIO_free(bp);
+	return ret;
+}
diff --git a/lib/libssl/src/crypto/pem/pem_seal.c b/lib/libssl/src/crypto/pem/pem_seal.c
index b4b36df453b..23f95beb1e2 100644
--- a/lib/libssl/src/crypto/pem/pem_seal.c
+++ b/lib/libssl/src/crypto/pem/pem_seal.c
@@ -56,23 +56,18 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_RSA
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "rand.h"
-#include "objects.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
-int PEM_SealInit(ctx,type,md_type,ek,ekl,iv,pubk,npubk)
-PEM_ENCODE_SEAL_CTX *ctx;
-EVP_CIPHER *type;
-EVP_MD *md_type;
-unsigned char **ek;
-int *ekl;
-unsigned char *iv;
-EVP_PKEY **pubk;
-int npubk;
+int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
+	     unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk,
+	     int npubk)
 	{
 	unsigned char key[EVP_MAX_KEY_LENGTH];
 	int ret= -1;
@@ -118,12 +113,8 @@ err:
 	return(ret);
 	}
 
-void PEM_SealUpdate(ctx,out,outl,in,inl)
-PEM_ENCODE_SEAL_CTX *ctx;
-unsigned char *out;
-int *outl;
-unsigned char *in;
-int inl;
+void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
+	     unsigned char *in, int inl)
 	{
 	unsigned char buffer[1600];
 	int i,j;
@@ -146,13 +137,8 @@ int inl;
 		}
 	}
 
-int PEM_SealFinal(ctx,sig,sigl,out,outl,priv)
-PEM_ENCODE_SEAL_CTX *ctx;
-unsigned char *sig;
-int *sigl;
-unsigned char *out;
-int *outl;
-EVP_PKEY *priv;
+int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
+	     unsigned char *out, int *outl, EVP_PKEY *priv)
 	{
 	unsigned char *s=NULL;
 	int ret=0,j;
@@ -189,3 +175,4 @@ err:
 	if (s != NULL) Free(s);
 	return(ret);
 	}
+#endif
diff --git a/lib/libssl/src/crypto/pem/pem_sign.c b/lib/libssl/src/crypto/pem/pem_sign.c
index d56f9f9e147..aabafb702df 100644
--- a/lib/libssl/src/crypto/pem/pem_sign.c
+++ b/lib/libssl/src/crypto/pem/pem_sign.c
@@ -58,32 +58,25 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "rand.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/rand.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
-void PEM_SignInit(ctx,type)
-EVP_MD_CTX *ctx;
-EVP_MD *type;
+void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
 	{
 	EVP_DigestInit(ctx,type);
 	}
 
-void PEM_SignUpdate(ctx,data,count)
-EVP_MD_CTX *ctx;
-unsigned char *data;
-unsigned int count;
+void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data,
+	     unsigned int count)
 	{
 	EVP_DigestUpdate(ctx,data,count);
 	}
 
-int PEM_SignFinal(ctx,sigret,siglen,pkey)
-EVP_MD_CTX *ctx;
-unsigned char *sigret;
-unsigned int *siglen;
-EVP_PKEY *pkey;
+int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
+	     EVP_PKEY *pkey)
 	{
 	unsigned char *m;
 	int i,ret=0;
diff --git a/lib/libssl/src/crypto/perlasm/alpha.pl b/lib/libssl/src/crypto/perlasm/alpha.pl
new file mode 100644
index 00000000000..3dac571743c
--- /dev/null
+++ b/lib/libssl/src/crypto/perlasm/alpha.pl
@@ -0,0 +1,434 @@
+#!/usr/local/bin/perl
+
+package alpha;
+use Carp qw(croak cluck);
+
+$label="100";
+
+$n_debug=0;
+$smear_regs=1;
+$reg_alloc=1;
+
+$align="3";
+$com_start="#";
+
+sub main'asm_init_output { @out=(); }
+sub main'asm_get_output { return(@out); }
+sub main'get_labels { return(@labels); }
+sub main'external_label { push(@labels,@_); }
+
+# General registers
+
+%regs=(	'r0',	'$0',
+	'r1',	'$1',
+	'r2',	'$2',
+	'r3',	'$3',
+	'r4',	'$4',
+	'r5',	'$5',
+	'r6',	'$6',
+	'r7',	'$7',
+	'r8',	'$8',
+	'r9',	'$22',
+	'r10',	'$23',
+	'r11',	'$24',
+	'r12',	'$25',
+	'r13',	'$27',
+	'r14',	'$28',
+	'r15',	'$21', # argc == 5
+	'r16',	'$20', # argc == 4
+	'r17',	'$19', # argc == 3
+	'r18',	'$18', # argc == 2
+	'r19',	'$17', # argc == 1
+	'r20',	'$16', # argc == 0
+	'r21',	'$9',  # save 0
+	'r22',	'$10', # save 1
+	'r23',	'$11', # save 2
+	'r24',	'$12', # save 3
+	'r25',	'$13', # save 4
+	'r26',	'$14', # save 5
+
+	'a0',	'$16',
+	'a1',	'$17',
+	'a2',	'$18',
+	'a3',	'$19',
+	'a4',	'$20',
+	'a5',	'$21',
+
+	's0',	'$9',
+	's1',	'$10',
+	's2',	'$11',
+	's3',	'$12',
+	's4',	'$13',
+	's5',	'$14',
+	'zero',	'$31',
+	'sp',	'$30',
+	);
+
+$main'reg_s0="r21";
+$main'reg_s1="r22";
+$main'reg_s2="r23";
+$main'reg_s3="r24";
+$main'reg_s4="r25";
+$main'reg_s5="r26";
+
+@reg=(  '$0', '$1' ,'$2' ,'$3' ,'$4' ,'$5' ,'$6' ,'$7' ,'$8',
+	'$22','$23','$24','$25','$20','$21','$27','$28');
+
+
+sub main'sub	{ &out3("subq",@_); }
+sub main'add	{ &out3("addq",@_); }
+sub main'mov	{ &out3("bis",$_[0],$_[0],$_[1]); }
+sub main'or	{ &out3("bis",@_); }
+sub main'bis	{ &out3("bis",@_); }
+sub main'br	{ &out1("br",@_); }
+sub main'ld	{ &out2("ldq",@_); }
+sub main'st	{ &out2("stq",@_); }
+sub main'cmpult	{ &out3("cmpult",@_); }
+sub main'cmplt	{ &out3("cmplt",@_); }
+sub main'bgt	{ &out2("bgt",@_); }
+sub main'ble	{ &out2("ble",@_); }
+sub main'blt	{ &out2("blt",@_); }
+sub main'mul	{ &out3("mulq",@_); }
+sub main'muh	{ &out3("umulh",@_); }
+
+$main'QWS=8;
+
+sub main'asm_add
+	{
+	push(@out,@_);
+	}
+
+sub main'asm_finish
+	{
+	&main'file_end();
+	print &main'asm_get_output();
+	}
+
+sub main'asm_init
+	{
+	($type,$fn)=@_;
+	$filename=$fn;
+
+	&main'asm_init_output();
+	&main'comment("Don't even think of reading this code");
+	&main'comment("It was automatically generated by $filename");
+	&main'comment("Which is a perl program used to generate the alpha assember.");
+	&main'comment("eric <eay\@cryptsoft.com>");
+	&main'comment("");
+
+	$filename =~ s/\.pl$//;
+	&main'file($filename);
+	}
+
+sub conv
+	{
+	local($r)=@_;
+	local($v);
+
+	return($regs{$r}) if defined($regs{$r});
+	return($r);
+	}
+
+sub main'QWPw
+	{
+	local($off,$reg)=@_;
+
+	return(&main'QWP($off*8,$reg));
+	}
+
+sub main'QWP
+	{
+	local($off,$reg)=@_;
+
+	$ret="$off(".&conv($reg).")";
+	return($ret);
+	}
+
+sub out3
+	{
+	local($name,$p1,$p2,$p3)=@_;
+
+	$p1=&conv($p1);
+	$p2=&conv($p2);
+	$p3=&conv($p3);
+	push(@out,"\t$name\t");
+	$l=length($p1)+1;
+	push(@out,$p1.",");
+	$ll=3-($l+9)/8;
+	$tmp1=sprintf("\t" x $ll);
+	push(@out,$tmp1);
+
+	$l=length($p2)+1;
+	push(@out,$p2.",");
+	$ll=3-($l+9)/8;
+	$tmp1=sprintf("\t" x $ll);
+	push(@out,$tmp1);
+
+	push(@out,&conv($p3)."\n");
+	}
+
+sub out2
+	{
+	local($name,$p1,$p2,$p3)=@_;
+
+	$p1=&conv($p1);
+	$p2=&conv($p2);
+	push(@out,"\t$name\t");
+	$l=length($p1)+1;
+	push(@out,$p1.",");
+	$ll=3-($l+9)/8;
+	$tmp1=sprintf("\t" x $ll);
+	push(@out,$tmp1);
+
+	push(@out,&conv($p2)."\n");
+	}
+
+sub out1
+	{
+	local($name,$p1)=@_;
+
+	$p1=&conv($p1);
+	push(@out,"\t$name\t".$p1."\n");
+	}
+
+sub out0
+	{
+	push(@out,"\t$_[0]\n");
+	}
+
+sub main'file
+	{
+	local($file)=@_;
+
+	local($tmp)=<<"EOF";
+ # DEC Alpha assember
+ # Generated from perl scripts contains in SSLeay
+	.file	1 "$file.s"
+	.set noat
+EOF
+	push(@out,$tmp);
+	}
+
+sub main'function_begin
+	{
+	local($func)=@_;
+
+print STDERR "$func\n";
+	local($tmp)=<<"EOF";
+	.text
+	.align $align
+	.globl $func
+	.ent $func
+${func}:
+${func}..ng:
+	.frame \$30,0,\$26,0
+	.prologue 0
+EOF
+	push(@out,$tmp);
+	$stack=0;
+	}
+
+sub main'function_end
+	{
+	local($func)=@_;
+
+	local($tmp)=<<"EOF";
+	ret	\$31,(\$26),1
+	.end $func
+EOF
+	push(@out,$tmp);
+	$stack=0;
+	%label=();
+	}
+
+sub main'function_end_A
+	{
+	local($func)=@_;
+
+	local($tmp)=<<"EOF";
+	ret	\$31,(\$26),1
+EOF
+	push(@out,$tmp);
+	}
+
+sub main'function_end_B
+	{
+	local($func)=@_;
+
+	$func=$under.$func;
+
+	push(@out,"\t.end $func\n");
+	$stack=0;
+	%label=();
+	}
+
+sub main'wparam
+	{
+	local($num)=@_;
+
+	if ($num < 6)
+		{
+		$num=20-$num;
+		return("r$num");
+		}
+	else
+		{ return(&main'QWP($stack+$num*8,"sp")); }
+	}
+
+sub main'stack_push
+	{
+	local($num)=@_;
+	$stack+=$num*8;
+	&main'sub("sp",$num*8,"sp");
+	}
+
+sub main'stack_pop
+	{
+	local($num)=@_;
+	$stack-=$num*8;
+	&main'add("sp",$num*8,"sp");
+	}
+
+sub main'swtmp
+	{
+	return(&main'QWP(($_[0])*8,"sp"));
+	}
+
+# Should use swtmp, which is above sp.  Linix can trash the stack above esp
+#sub main'wtmp
+#	{
+#	local($num)=@_;
+#
+#	return(&main'QWP(-($num+1)*4,"esp","",0));
+#	}
+
+sub main'comment
+	{
+	foreach (@_)
+		{
+		if (/^\s*$/)
+			{ push(@out,"\n"); }
+		else
+			{ push(@out,"\t$com_start $_ $com_end\n"); }
+		}
+	}
+
+sub main'label
+	{
+	if (!defined($label{$_[0]}))
+		{
+		$label{$_[0]}=$label;
+		$label++;
+		}
+	return('$'.$label{$_[0]});
+	}
+
+sub main'set_label
+	{
+	if (!defined($label{$_[0]}))
+		{
+		$label{$_[0]}=$label;
+		$label++;
+		}
+#	push(@out,".align $align\n") if ($_[1] != 0);
+	push(@out,'$'."$label{$_[0]}:\n");
+	}
+
+sub main'file_end
+	{
+	}
+
+sub main'data_word
+	{
+	push(@out,"\t.long $_[0]\n");
+	}
+
+@pool_free=();
+@pool_taken=();
+$curr_num=0;
+$max=0;
+
+sub main'init_pool
+	{
+	local($args)=@_;
+	local($i);
+
+	@pool_free=();
+	for ($i=(14+(6-$args)); $i >= 0; $i--)
+		{
+		push(@pool_free,"r$i");
+		}
+	print STDERR "START :register pool:@pool_free\n";
+	$curr_num=$max=0;
+	}
+
+sub main'fin_pool
+	{
+	printf STDERR "END %2d:register pool:@pool_free\n",$max;
+	}
+
+sub main'GR
+	{
+	local($r)=@_;
+	local($i,@n,$_);
+
+	foreach (@pool_free)
+		{
+		if ($r ne $_)
+			{ push(@n,$_); }
+		else
+			{
+			$curr_num++;
+			$max=$curr_num if ($curr_num > $max);
+			}
+		}
+	@pool_free=@n;
+print STDERR "GR:@pool_free\n" if $reg_alloc;
+	return(@_);
+	}
+
+sub main'NR
+	{
+	local($num)=@_;
+	local(@ret);
+
+	$num=1 if $num == 0;
+	($#pool_free >= ($num-1)) || croak "out of registers: want $num, have @pool_free";
+	while ($num > 0)
+		{
+		push(@ret,pop @pool_free);
+		$curr_num++;
+		$max=$curr_num if ($curr_num > $max);
+		$num--
+		}
+	print STDERR "nr @ret\n" if $n_debug;
+print STDERR "NR:@pool_free\n" if $reg_alloc;
+	return(@ret);
+
+	}
+
+sub main'FR
+	{
+	local(@r)=@_;
+	local(@a,$v,$w);
+
+	print STDERR "fr @r\n" if $n_debug;
+#	cluck "fr @r";
+	for $w (@pool_free)
+		{
+		foreach $v (@r)
+			{
+			croak "double register free of $v (@pool_free)" if $w eq $v;
+			}
+		}
+	foreach $v (@r)
+		{
+		croak "bad argument to FR" if ($v !~ /^r\d+$/);
+		if ($smear_regs)
+			{ unshift(@pool_free,$v); }
+		else	{ push(@pool_free,$v); }
+		$curr_num--;
+		}
+print STDERR "FR:@pool_free\n" if $reg_alloc;
+	}
+1;
diff --git a/lib/libssl/src/crypto/perlasm/cbc.pl b/lib/libssl/src/crypto/perlasm/cbc.pl
index 2789305790f..0145c4f0cc6 100644
--- a/lib/libssl/src/crypto/perlasm/cbc.pl
+++ b/lib/libssl/src/crypto/perlasm/cbc.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 
 # void des_ncbc_encrypt(input, output, length, schedule, ivec, enc)
 # des_cblock (*input);
diff --git a/lib/libssl/src/crypto/perlasm/x86asm.pl b/lib/libssl/src/crypto/perlasm/x86asm.pl
index 6a9156ae9a2..44e330eb8d1 100644
--- a/lib/libssl/src/crypto/perlasm/x86asm.pl
+++ b/lib/libssl/src/crypto/perlasm/x86asm.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 
 # require 'x86asm.pl';
 # &asm_init("cpp","des-586.pl");
@@ -15,7 +15,7 @@ sub main'asm_finish
 
 sub main'asm_init
 	{
-	($type,$fn)=@_;
+	($type,$fn,$i386)=@_;
 	$filename=$fn;
 
 	$cpp=$sol=$aout=$win32=0;
@@ -29,6 +29,8 @@ sub main'asm_init
 		{ $cpp=1; require "x86unix.pl"; }
 	elsif (	($type eq "win32"))
 		{ $win32=1; require "x86ms.pl"; }
+	elsif (	($type eq "win32n"))
+		{ $win32=1; require "x86nasm.pl"; }
 	else
 		{
 		print STDERR <<"EOF";
@@ -38,6 +40,7 @@ Pick one target type from
 	sol	- x86 solaris
 	cpp	- format so x86unix.cpp can be used
 	win32	- Windows 95/Windows NT
+	win32n	- Windows 95/Windows NT NASM format
 EOF
 		exit(1);
 		}
@@ -75,7 +78,7 @@ sub asm_finish_cpp
 #define TYPE(a,b)       .type   a,b
 #define SIZE(a,b)       .size   a,b
 
-#if defined(OUT) || defined(BSDI)
+#if defined(OUT) || (defined(BSDI) && !defined(ELF))
 $tmp
 #endif
 
@@ -84,7 +87,7 @@ $tmp
 #define ALIGN	4
 #endif
 
-#ifdef BSDI
+#if defined(BSDI) && !defined(ELF)
 #define OK              1
 #define ALIGN           4
 #undef SIZE
diff --git a/lib/libssl/src/crypto/perlasm/x86ms.pl b/lib/libssl/src/crypto/perlasm/x86ms.pl
index 893b50b1a46..51dcce067fa 100644
--- a/lib/libssl/src/crypto/perlasm/x86ms.pl
+++ b/lib/libssl/src/crypto/perlasm/x86ms.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 
 package x86ms;
 
@@ -51,6 +51,16 @@ sub main'DWP
 	&get_mem("DWORD",@_);
 	}
 
+sub main'BC
+	{
+	return @_;
+	}
+
+sub main'DWC
+	{
+	return @_;
+	}
+
 sub main'stack_push
 	{
 	local($num)=@_;
diff --git a/lib/libssl/src/crypto/perlasm/x86nasm.pl b/lib/libssl/src/crypto/perlasm/x86nasm.pl
new file mode 100644
index 00000000000..b4da364bbfd
--- /dev/null
+++ b/lib/libssl/src/crypto/perlasm/x86nasm.pl
@@ -0,0 +1,342 @@
+#!/usr/local/bin/perl
+
+package x86nasm;
+
+$label="L000";
+
+%lb=(	'eax',	'al',
+	'ebx',	'bl',
+	'ecx',	'cl',
+	'edx',	'dl',
+	'ax',	'al',
+	'bx',	'bl',
+	'cx',	'cl',
+	'dx',	'dl',
+	);
+
+%hb=(	'eax',	'ah',
+	'ebx',	'bh',
+	'ecx',	'ch',
+	'edx',	'dh',
+	'ax',	'ah',
+	'bx',	'bh',
+	'cx',	'ch',
+	'dx',	'dh',
+	);
+
+sub main'asm_init_output { @out=(); }
+sub main'asm_get_output { return(@out); }
+sub main'get_labels { return(@labels); }
+
+sub main'external_label
+{
+	push(@labels,@_);
+	foreach (@_) {
+		push(@out, "extern\t_$_\n");
+	}
+}
+
+sub main'LB
+	{
+	(defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n";
+	return($lb{$_[0]});
+	}
+
+sub main'HB
+	{
+	(defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n";
+	return($hb{$_[0]});
+	}
+
+sub main'BP
+	{
+	&get_mem("BYTE",@_);
+	}
+
+sub main'DWP
+	{
+	&get_mem("DWORD",@_);
+	}
+
+sub main'BC
+	{
+	return "BYTE @_";
+	}
+
+sub main'DWC
+	{
+	return "DWORD @_";
+	}
+
+sub main'stack_push
+	{
+	my($num)=@_;
+	$stack+=$num*4;
+	&main'sub("esp",$num*4);
+	}
+
+sub main'stack_pop
+	{
+	my($num)=@_;
+	$stack-=$num*4;
+	&main'add("esp",$num*4);
+	}
+
+sub get_mem
+	{
+	my($size,$addr,$reg1,$reg2,$idx)=@_;
+	my($t,$post);
+	my($ret)="[";
+	$addr =~ s/^\s+//;
+	if ($addr =~ /^(.+)\+(.+)$/)
+		{
+		$reg2=&conv($1);
+		$addr="_$2";
+		}
+	elsif ($addr =~ /^[_a-zA-Z]/)
+		{
+		$addr="_$addr";
+		}
+
+	$reg1="$regs{$reg1}" if defined($regs{$reg1});
+	$reg2="$regs{$reg2}" if defined($regs{$reg2});
+	if (($addr ne "") && ($addr ne 0))
+		{
+		if ($addr !~ /^-/)
+			{ $ret.="${addr}+"; }
+		else	{ $post=$addr; }
+		}
+	if ($reg2 ne "")
+		{
+		$t="";
+		$t="*$idx" if ($idx != 0);
+		$reg1="+".$reg1 if ("$reg1$post" ne "");
+		$ret.="$reg2$t$reg1$post]";
+		}
+	else
+		{
+		$ret.="$reg1$post]"
+		}
+	return($ret);
+	}
+
+sub main'mov	{ &out2("mov",@_); }
+sub main'movb	{ &out2("mov",@_); }
+sub main'and	{ &out2("and",@_); }
+sub main'or	{ &out2("or",@_); }
+sub main'shl	{ &out2("shl",@_); }
+sub main'shr	{ &out2("shr",@_); }
+sub main'xor	{ &out2("xor",@_); }
+sub main'xorb	{ &out2("xor",@_); }
+sub main'add	{ &out2("add",@_); }
+sub main'adc	{ &out2("adc",@_); }
+sub main'sub	{ &out2("sub",@_); }
+sub main'rotl	{ &out2("rol",@_); }
+sub main'rotr	{ &out2("ror",@_); }
+sub main'exch	{ &out2("xchg",@_); }
+sub main'cmp	{ &out2("cmp",@_); }
+sub main'lea	{ &out2("lea",@_); }
+sub main'mul	{ &out1("mul",@_); }
+sub main'div	{ &out1("div",@_); }
+sub main'dec	{ &out1("dec",@_); }
+sub main'inc	{ &out1("inc",@_); }
+sub main'jmp	{ &out1("jmp",@_); }
+sub main'jmp_ptr { &out1p("jmp",@_); }
+
+# This is a bit of a kludge: declare all branches as NEAR.
+sub main'je	{ &out1("je NEAR",@_); }
+sub main'jle	{ &out1("jle NEAR",@_); }
+sub main'jz	{ &out1("jz NEAR",@_); }
+sub main'jge	{ &out1("jge NEAR",@_); }
+sub main'jl	{ &out1("jl NEAR",@_); }
+sub main'jb	{ &out1("jb NEAR",@_); }
+sub main'jc	{ &out1("jc NEAR",@_); }
+sub main'jnc	{ &out1("jnc NEAR",@_); }
+sub main'jnz	{ &out1("jnz NEAR",@_); }
+sub main'jne	{ &out1("jne NEAR",@_); }
+sub main'jno	{ &out1("jno NEAR",@_); }
+
+sub main'push	{ &out1("push",@_); $stack+=4; }
+sub main'pop	{ &out1("pop",@_); $stack-=4; }
+sub main'bswap	{ &out1("bswap",@_); &using486(); }
+sub main'not	{ &out1("not",@_); }
+sub main'call	{ &out1("call",'_'.$_[0]); }
+sub main'ret	{ &out0("ret"); }
+sub main'nop	{ &out0("nop"); }
+
+sub out2
+	{
+	my($name,$p1,$p2)=@_;
+	my($l,$t);
+
+	push(@out,"\t$name\t");
+	$t=&conv($p1).",";
+	$l=length($t);
+	push(@out,$t);
+	$l=4-($l+9)/8;
+	push(@out,"\t" x $l);
+	push(@out,&conv($p2));
+	push(@out,"\n");
+	}
+
+sub out0
+	{
+	my($name)=@_;
+
+	push(@out,"\t$name\n");
+	}
+
+sub out1
+	{
+	my($name,$p1)=@_;
+	my($l,$t);
+	push(@out,"\t$name\t".&conv($p1)."\n");
+	}
+
+sub conv
+	{
+	my($p)=@_;
+	$p =~ s/0x([0-9A-Fa-f]+)/0$1h/;
+	return $p;
+	}
+
+sub using486
+	{
+	return if $using486;
+	$using486++;
+	grep(s/\.386/\.486/,@out);
+	}
+
+sub main'file
+	{
+	push(@out, "segment .text\n");
+	}
+
+sub main'function_begin
+	{
+	my($func,$extra)=@_;
+
+	push(@labels,$func);
+	my($tmp)=<<"EOF";
+global	_$func
+_$func:
+	push	ebp
+	push	ebx
+	push	esi
+	push	edi
+EOF
+	push(@out,$tmp);
+	$stack=20;
+	}
+
+sub main'function_begin_B
+	{
+	my($func,$extra)=@_;
+	my($tmp)=<<"EOF";
+global	_$func
+_$func:
+EOF
+	push(@out,$tmp);
+	$stack=4;
+	}
+
+sub main'function_end
+	{
+	my($func)=@_;
+
+	my($tmp)=<<"EOF";
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
+EOF
+	push(@out,$tmp);
+	$stack=0;
+	%label=();
+	}
+
+sub main'function_end_B
+	{
+	$stack=0;
+	%label=();
+	}
+
+sub main'function_end_A
+	{
+	my($func)=@_;
+
+	my($tmp)=<<"EOF";
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
+EOF
+	push(@out,$tmp);
+	}
+
+sub main'file_end
+	{
+	}
+
+sub main'wparam
+	{
+	my($num)=@_;
+
+	return(&main'DWP($stack+$num*4,"esp","",0));
+	}
+
+sub main'swtmp
+	{
+	return(&main'DWP($_[0]*4,"esp","",0));
+	}
+
+# Should use swtmp, which is above esp.  Linix can trash the stack above esp
+#sub main'wtmp
+#	{
+#	my($num)=@_;
+#
+#	return(&main'DWP(-(($num+1)*4),"esp","",0));
+#	}
+
+sub main'comment
+	{
+	foreach (@_)
+		{
+		push(@out,"\t; $_\n");
+		}
+	}
+
+sub main'label
+	{
+	if (!defined($label{$_[0]}))
+		{
+		$label{$_[0]}="\$${label}${_[0]}";
+		$label++;
+		}
+	return($label{$_[0]});
+	}
+
+sub main'set_label
+	{
+	if (!defined($label{$_[0]}))
+		{
+		$label{$_[0]}="${label}${_[0]}";
+		$label++;
+		}
+	push(@out,"$label{$_[0]}:\n");
+	}
+
+sub main'data_word
+	{
+	push(@out,"\tDD\t$_[0]\n");
+	}
+
+sub out1p
+	{
+	my($name,$p1)=@_;
+	my($l,$t);
+
+	push(@out,"\t$name\t ".&conv($p1)."\n");
+	}
diff --git a/lib/libssl/src/crypto/perlasm/x86unix.pl b/lib/libssl/src/crypto/perlasm/x86unix.pl
index 6ee4dd32455..8c456b14aff 100644
--- a/lib/libssl/src/crypto/perlasm/x86unix.pl
+++ b/lib/libssl/src/crypto/perlasm/x86unix.pl
@@ -1,10 +1,4 @@
-#!/usr/bin/perl
-
-# Because the bswapl instruction is not supported for old assembers
-# (it was a new instruction for the 486), I've added .byte xxxx code
-# to put it in.
-# eric 24-Apr-1998
-#
+#!/usr/local/bin/perl
 
 package x86unix;
 
@@ -90,7 +84,12 @@ sub main'DWP
 	$reg2="$regs{$reg2}" if defined($regs{$reg2});
 	$ret.=$addr if ($addr ne "") && ($addr ne 0);
 	if ($reg2 ne "")
-		{ $ret.="($reg1,$reg2,$idx)"; }
+		{
+		if($idx ne "")
+		    { $ret.="($reg1,$reg2,$idx)"; }
+		else
+		    { $ret.="($reg1,$reg2)"; }
+	        }
 	else
 		{ $ret.="($reg1)" }
 	return($ret);
@@ -101,6 +100,16 @@ sub main'BP
 	return(&main'DWP(@_));
 	}
 
+sub main'BC
+	{
+	return @_;
+	}
+
+sub main'DWC
+	{
+	return @_;
+	}
+
 #sub main'BP
 #	{
 #	local($addr,$reg1,$reg2,$idx)=@_;
@@ -153,12 +162,27 @@ sub main'dec	{ &out1("decl",@_); }
 sub main'inc	{ &out1("incl",@_); }
 sub main'push	{ &out1("pushl",@_); $stack+=4; }
 sub main'pop	{ &out1("popl",@_); $stack-=4; }
-sub main'bswap	{ &out1("bswapl",@_); }
 sub main'not	{ &out1("notl",@_); }
 sub main'call	{ &out1("call",$under.$_[0]); }
 sub main'ret	{ &out0("ret"); }
 sub main'nop	{ &out0("nop"); }
 
+# The bswapl instruction is new for the 486. Emulate if i386.
+sub main'bswap
+	{
+	if ($main'i386)
+		{
+		&main'comment("bswapl @_");
+		&main'exch(main'HB(@_),main'LB(@_));
+		&main'rotr(@_,16);
+		&main'exch(main'HB(@_),main'LB(@_));
+		}
+	else
+		{
+		&out1("bswapl",@_);
+		}
+	}
+
 sub out2
 	{
 	local($name,$p1,$p2)=@_;
diff --git a/lib/libssl/src/crypto/pkcs7/Makefile.ssl b/lib/libssl/src/crypto/pkcs7/Makefile.ssl
index a88359b3202..436442a7a1f 100644
--- a/lib/libssl/src/crypto/pkcs7/Makefile.ssl
+++ b/lib/libssl/src/crypto/pkcs7/Makefile.ssl
@@ -7,16 +7,16 @@ TOP=	../..
 CC=	cc
 INCLUDES= -I.. -I../../include
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
-ERR=pkcs7
-ERRC=pkcs7err
 GENERAL=Makefile README
 TEST=
 APPS=
@@ -39,26 +39,39 @@ test:
 
 all:	lib
 
+testapps: enc dec sign verify
+
+enc: enc.o lib
+	$(CC) $(CFLAGS) -o enc enc.o $(LIB)
+
+dec: dec.o lib
+	$(CC) $(CFLAGS) -o dec dec.o $(LIB)
+
+sign: sign.o lib
+	$(CC) $(CFLAGS) -o sign sign.o $(LIB)
+
+verify: verify.o example.o lib
+	$(CC) $(CFLAGS) -o verify verify.o example.o $(LIB)
+
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -70,17 +83,63 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
-	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+pk7_doit.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pk7_doit.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pk7_doit.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pk7_doit.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pk7_doit.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pk7_doit.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+pk7_doit.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pk7_doit.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+pk7_doit.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pk7_doit.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk7_doit.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+pk7_doit.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+pk7_doit.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pk7_doit.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pk7_doit.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pk7_doit.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+pk7_doit.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+pk7_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pk7_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pk7_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pk7_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pk7_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pk7_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+pk7_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pk7_lib.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+pk7_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pk7_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk7_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+pk7_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pk7_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pk7_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pk7_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pk7_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pk7_lib.o: ../cryptlib.h
+pkcs7err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pkcs7err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pkcs7err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+pkcs7err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+pkcs7err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pkcs7err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pkcs7err.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+pkcs7err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pkcs7err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pkcs7err.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+pkcs7err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pkcs7err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pkcs7err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pkcs7err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pkcs7err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
diff --git a/lib/libssl/src/crypto/pkcs7/bio_ber.c b/lib/libssl/src/crypto/pkcs7/bio_ber.c
new file mode 100644
index 00000000000..2f17723e984
--- /dev/null
+++ b/lib/libssl/src/crypto/pkcs7/bio_ber.c
@@ -0,0 +1,450 @@
+/* crypto/evp/bio_ber.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+
+static int ber_write(BIO *h,char *buf,int num);
+static int ber_read(BIO *h,char *buf,int size);
+/*static int ber_puts(BIO *h,char *str); */
+/*static int ber_gets(BIO *h,char *str,int size); */
+static long ber_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int ber_new(BIO *h);
+static int ber_free(BIO *data);
+#define BER_BUF_SIZE	(32)
+
+/* This is used to hold the state of the BER objects being read. */
+typedef struct ber_struct
+	{
+	int tag;
+	int class;
+	long length;
+	int inf;
+	int num_left;
+	int depth;
+	} BER_CTX;
+
+typedef struct bio_ber_struct
+	{
+	int tag;
+	int class;
+	long length;
+	int inf;
+
+	/* most of the following are used when doing non-blocking IO */
+	/* reading */
+	long num_left;	/* number of bytes still to read/write in block */
+	int depth;	/* used with idefinite encoding. */
+	int finished;	/* No more read data */
+
+	/* writting */ 
+	char *w_addr;
+	int w_offset;
+	int w_left;
+
+	int buf_len;
+	int buf_off;
+	unsigned char buf[BER_BUF_SIZE];
+	} BIO_BER_CTX;
+
+static BIO_METHOD methods_ber=
+	{
+	BIO_TYPE_CIPHER,"cipher",
+	ber_write,
+	ber_read,
+	NULL, /* ber_puts, */
+	NULL, /* ber_gets, */
+	ber_ctrl,
+	ber_new,
+	ber_free,
+	};
+
+BIO_METHOD *BIO_f_ber(void)
+	{
+	return(&methods_ber);
+	}
+
+static int ber_new(BIO *bi)
+	{
+	BIO_BER_CTX *ctx;
+
+	ctx=(BIO_BER_CTX *)Malloc(sizeof(BIO_BER_CTX));
+	if (ctx == NULL) return(0);
+
+	memset((char *)ctx,0,sizeof(BIO_BER_CTX));
+
+	bi->init=0;
+	bi->ptr=(char *)ctx;
+	bi->flags=0;
+	return(1);
+	}
+
+static int ber_free(BIO *a)
+	{
+	BIO_BER_CTX *b;
+
+	if (a == NULL) return(0);
+	b=(BIO_BER_CTX *)a->ptr;
+	memset(a->ptr,0,sizeof(BIO_BER_CTX));
+	Free(a->ptr);
+	a->ptr=NULL;
+	a->init=0;
+	a->flags=0;
+	return(1);
+	}
+
+int bio_ber_get_header(BIO *bio, BIO_BER_CTX *ctx)
+	{
+	char buf[64];
+	int i,j,n;
+	int ret;
+	unsigned char *p;
+	unsigned long length
+	int tag;
+	int class;
+	long max;
+
+	BIO_clear_retry_flags(b);
+
+	/* Pack the buffer down if there is a hole at the front */
+	if (ctx->buf_off != 0)
+		{
+		p=ctx->buf;
+		j=ctx->buf_off;
+		n=ctx->buf_len-j;
+		for (i=0; i<n; i++)
+			{
+			p[0]=p[j];
+			p++;
+			}
+		ctx->buf_len-j;
+		ctx->buf_off=0;
+		}
+
+	/* If there is more room, read some more data */
+	i=BER_BUF_SIZE-ctx->buf_len;
+	if (i)
+		{
+		i=BIO_read(bio->next_bio,&(ctx->buf[ctx->buf_len]),i);
+		if (i <= 0)
+			{
+			BIO_copy_next_retry(b);
+			return(i);
+			}
+		else
+			ctx->buf_len+=i;
+		}
+
+	max=ctx->buf_len;
+	p=ctx->buf;
+	ret=ASN1_get_object(&p,&length,&tag,&class,max);
+
+	if (ret & 0x80)
+		{
+		if ((ctx->buf_len < BER_BUF_SIZE) &&
+			(ERR_GET_REASON(ERR_peek_error()) == ASN1_R_TOO_LONG))
+			{
+			ERR_get_error(); /* clear the error */
+			BIO_set_retry_read(b);
+			}
+		return(-1);
+		}
+
+	/* We have no error, we have a header, so make use of it */
+
+	if ((ctx->tag  >= 0) && (ctx->tag != tag))
+		{
+		BIOerr(BIO_F_BIO_BER_GET_HEADER,BIO_R_TAG_MISMATCH);
+		sprintf(buf,"tag=%d, got %d",ctx->tag,tag);
+		ERR_add_error_data(1,buf);
+		return(-1);
+		}
+	if (ret & 0x01)
+	if (ret & V_ASN1_CONSTRUCTED)
+	}
+	
+static int ber_read(BIO *b, char *out, int outl)
+	{
+	int ret=0,i,n;
+	BIO_BER_CTX *ctx;
+
+	BIO_clear_retry_flags(b);
+
+	if (out == NULL) return(0);
+	ctx=(BIO_BER_CTX *)b->ptr;
+
+	if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
+
+	if (ctx->finished) return(0);
+
+again:
+	/* First see if we are half way through reading a block */
+	if (ctx->num_left > 0)
+		{
+		if (ctx->num_left < outl)
+			n=ctx->num_left;
+		else
+			n=outl;
+		i=BIO_read(b->next_bio,out,n);
+		if (i <= 0)
+			{
+			BIO_copy_next_retry(b);
+			return(i);
+			}
+		ctx->num_left-=i;
+		outl-=i;
+		ret+=i;
+		if (ctx->num_left <= 0)
+			{
+			ctx->depth--;
+			if (ctx->depth <= 0)
+				ctx->finished=1;
+			}
+		if (outl <= 0)
+			return(ret);
+		else
+			goto again;
+		}
+	else	/* we need to read another BER header */
+		{
+		}
+	}
+
+static int ber_write(BIO *b, char *in, int inl)
+	{
+	int ret=0,n,i;
+	BIO_ENC_CTX *ctx;
+
+	ctx=(BIO_ENC_CTX *)b->ptr;
+	ret=inl;
+
+	BIO_clear_retry_flags(b);
+	n=ctx->buf_len-ctx->buf_off;
+	while (n > 0)
+		{
+		i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
+		if (i <= 0)
+			{
+			BIO_copy_next_retry(b);
+			return(i);
+			}
+		ctx->buf_off+=i;
+		n-=i;
+		}
+	/* at this point all pending data has been written */
+
+	if ((in == NULL) || (inl <= 0)) return(0);
+
+	ctx->buf_off=0;
+	while (inl > 0)
+		{
+		n=(inl > ENC_BLOCK_SIZE)?ENC_BLOCK_SIZE:inl;
+		EVP_CipherUpdate(&(ctx->cipher),
+			(unsigned char *)ctx->buf,&ctx->buf_len,
+			(unsigned char *)in,n);
+		inl-=n;
+		in+=n;
+
+		ctx->buf_off=0;
+		n=ctx->buf_len;
+		while (n > 0)
+			{
+			i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
+			if (i <= 0)
+				{
+				BIO_copy_next_retry(b);
+				return(i);
+				}
+			n-=i;
+			ctx->buf_off+=i;
+			}
+		ctx->buf_len=0;
+		ctx->buf_off=0;
+		}
+	BIO_copy_next_retry(b);
+	return(ret);
+	}
+
+static long ber_ctrl(BIO *b, int cmd, long num, char *ptr)
+	{
+	BIO *dbio;
+	BIO_ENC_CTX *ctx,*dctx;
+	long ret=1;
+	int i;
+
+	ctx=(BIO_ENC_CTX *)b->ptr;
+
+	switch (cmd)
+		{
+	case BIO_CTRL_RESET:
+		ctx->ok=1;
+		ctx->finished=0;
+		EVP_CipherInit(&(ctx->cipher),NULL,NULL,NULL,
+			ctx->cipher.berrypt);
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_CTRL_EOF:	/* More to read */
+		if (ctx->cont <= 0)
+			ret=1;
+		else
+			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_CTRL_WPENDING:
+		ret=ctx->buf_len-ctx->buf_off;
+		if (ret <= 0)
+			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_CTRL_PENDING: /* More to read in buffer */
+		ret=ctx->buf_len-ctx->buf_off;
+		if (ret <= 0)
+			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_CTRL_FLUSH:
+		/* do a final write */
+again:
+		while (ctx->buf_len != ctx->buf_off)
+			{
+			i=ber_write(b,NULL,0);
+			if (i < 0)
+				{
+				ret=i;
+				break;
+				}
+			}
+
+		if (!ctx->finished)
+			{
+			ctx->finished=1;
+			ctx->buf_off=0;
+			ret=EVP_CipherFinal(&(ctx->cipher),
+				(unsigned char *)ctx->buf,
+				&(ctx->buf_len));
+			ctx->ok=(int)ret;
+			if (ret <= 0) break;
+
+			/* push out the bytes */
+			goto again;
+			}
+		
+		/* Finally flush the underlying BIO */
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_C_GET_CIPHER_STATUS:
+		ret=(long)ctx->ok;
+		break;
+	case BIO_C_DO_STATE_MACHINE:
+		BIO_clear_retry_flags(b);
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		BIO_copy_next_retry(b);
+		break;
+
+	case BIO_CTRL_DUP:
+		dbio=(BIO *)ptr;
+		dctx=(BIO_ENC_CTX *)dbio->ptr;
+		memcpy(&(dctx->cipher),&(ctx->cipher),sizeof(ctx->cipher));
+		dbio->init=1;
+		break;
+	default:
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+		}
+	return(ret);
+	}
+
+/*
+void BIO_set_cipher_ctx(b,c)
+BIO *b;
+EVP_CIPHER_ctx *c;
+	{
+	if (b == NULL) return;
+
+	if ((b->callback != NULL) &&
+		(b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0))
+		return;
+
+	b->init=1;
+	ctx=(BIO_ENC_CTX *)b->ptr;
+	memcpy(ctx->cipher,c,sizeof(EVP_CIPHER_CTX));
+	
+	if (b->callback != NULL)
+		b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);
+	}
+*/
+
+void BIO_set_cipher(BIO *b, EVP_CIPHER *c, unsigned char *k, unsigned char *i,
+	     int e)
+	{
+	BIO_ENC_CTX *ctx;
+
+	if (b == NULL) return;
+
+	if ((b->callback != NULL) &&
+		(b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0))
+		return;
+
+	b->init=1;
+	ctx=(BIO_ENC_CTX *)b->ptr;
+	EVP_CipherInit(&(ctx->cipher),c,k,i,e);
+	
+	if (b->callback != NULL)
+		b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);
+	}
+
diff --git a/lib/libssl/src/crypto/pkcs7/dec.c b/lib/libssl/src/crypto/pkcs7/dec.c
new file mode 100644
index 00000000000..b3661f28d36
--- /dev/null
+++ b/lib/libssl/src/crypto/pkcs7/dec.c
@@ -0,0 +1,246 @@
+/* crypto/pkcs7/verify.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/bio.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/asn1.h>
+
+int verify_callback(int ok, X509_STORE_CTX *ctx);
+
+BIO *bio_err=NULL;
+
+int main(argc,argv)
+int argc;
+char *argv[];
+	{
+	char *keyfile=NULL;
+	BIO *in;
+	EVP_PKEY *pkey;
+	X509 *x509;
+	PKCS7 *p7;
+	PKCS7_SIGNER_INFO *si;
+	X509_STORE_CTX cert_ctx;
+	X509_STORE *cert_store=NULL;
+	BIO *data,*detached=NULL,*p7bio=NULL;
+	char buf[1024*4];
+	unsigned char *pp;
+	int i,printit=0;
+	STACK_OF(PKCS7_SIGNER_INFO) *sk;
+
+	SSLeay_add_all_algorithms();
+	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+
+	data=BIO_new(BIO_s_file());
+	pp=NULL;
+	while (argc > 1)
+		{
+		argc--;
+		argv++;
+		if (strcmp(argv[0],"-p") == 0)
+			{
+			printit=1;
+			}
+		else if ((strcmp(argv[0],"-k") == 0) && (argc >= 2)) {
+			keyfile = argv[1];
+			argc-=1;
+			argv+=1;
+		} else if ((strcmp(argv[0],"-d") == 0) && (argc >= 2))
+			{
+			detached=BIO_new(BIO_s_file());
+			if (!BIO_read_filename(detached,argv[1]))
+				goto err;
+			argc-=1;
+			argv+=1;
+			}
+		else break;
+		}
+
+	 if (!BIO_read_filename(data,argv[0])) goto err; 
+
+	if(!keyfile) {
+		fprintf(stderr, "No private key file specified\n");
+		goto err;
+	}
+
+        if ((in=BIO_new_file(keyfile,"r")) == NULL) goto err;
+        if ((x509=PEM_read_bio_X509(in,NULL,NULL)) == NULL) goto err;
+        BIO_reset(in);
+        if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL)) == NULL) goto err;
+        BIO_free(in);
+
+	if (pp == NULL)
+		BIO_set_fp(data,stdin,BIO_NOCLOSE);
+
+
+	/* Load the PKCS7 object from a file */
+	if ((p7=PEM_read_bio_PKCS7(data,NULL,NULL)) == NULL) goto err;
+
+
+
+	/* This stuff is being setup for certificate verification.
+	 * When using SSL, it could be replaced with a 
+	 * cert_stre=SSL_CTX_get_cert_store(ssl_ctx); */
+	cert_store=X509_STORE_new();
+	X509_STORE_set_default_paths(cert_store);
+	X509_STORE_load_locations(cert_store,NULL,"../../certs");
+	X509_STORE_set_verify_cb_func(cert_store,verify_callback);
+
+	ERR_clear_error();
+
+	/* We need to process the data */
+	/* We cannot support detached encryption */
+	p7bio=PKCS7_dataDecode(p7,pkey,detached,x509);
+	
+	if (p7bio == NULL)
+		{
+		printf("problems decoding\n");
+		goto err;
+		}
+
+	/* We now have to 'read' from p7bio to calculate digests etc. */
+	for (;;)
+		{
+		i=BIO_read(p7bio,buf,sizeof(buf));
+		/* print it? */
+		if (i <= 0) break;
+		fwrite(buf,1, i, stdout);
+		}
+
+	/* We can now verify signatures */
+	sk=PKCS7_get_signer_info(p7);
+	if (sk == NULL)
+		{
+		fprintf(stderr, "there are no signatures on this data\n");
+		}
+	else
+		{
+		/* Ok, first we need to, for each subject entry,
+		 * see if we can verify */
+		ERR_clear_error();
+		for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sk); i++)
+			{
+			si=sk_PKCS7_SIGNER_INFO_value(sk,i);
+			i=PKCS7_dataVerify(cert_store,&cert_ctx,p7bio,p7,si);
+			if (i <= 0)
+				goto err;
+			else
+				fprintf(stderr,"Signature verified\n");
+			}
+		}
+	X509_STORE_free(cert_store);
+
+	exit(0);
+err:
+	ERR_load_crypto_strings();
+	ERR_print_errors_fp(stderr);
+	exit(1);
+	}
+
+/* should be X509 * but we can just have them as char *. */
+int verify_callback(int ok, X509_STORE_CTX *ctx)
+	{
+	char buf[256];
+	X509 *err_cert;
+	int err,depth;
+
+	err_cert=X509_STORE_CTX_get_current_cert(ctx);
+	err=	X509_STORE_CTX_get_error(ctx);
+	depth=	X509_STORE_CTX_get_error_depth(ctx);
+
+	X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
+	BIO_printf(bio_err,"depth=%d %s\n",depth,buf);
+	if (!ok)
+		{
+		BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
+			X509_verify_cert_error_string(err));
+		if (depth < 6)
+			{
+			ok=1;
+			X509_STORE_CTX_set_error(ctx,X509_V_OK);
+			}
+		else
+			{
+			ok=0;
+			X509_STORE_CTX_set_error(ctx,X509_V_ERR_CERT_CHAIN_TOO_LONG);
+			}
+		}
+	switch (ctx->error)
+		{
+	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+		X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256);
+		BIO_printf(bio_err,"issuer= %s\n",buf);
+		break;
+	case X509_V_ERR_CERT_NOT_YET_VALID:
+	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+		BIO_printf(bio_err,"notBefore=");
+		ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
+		BIO_printf(bio_err,"\n");
+		break;
+	case X509_V_ERR_CERT_HAS_EXPIRED:
+	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+		BIO_printf(bio_err,"notAfter=");
+		ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
+		BIO_printf(bio_err,"\n");
+		break;
+		}
+	BIO_printf(bio_err,"verify return:%d\n",ok);
+	return(ok);
+	}
diff --git a/lib/libssl/src/crypto/pkcs7/des.pem b/lib/libssl/src/crypto/pkcs7/des.pem
new file mode 100644
index 00000000000..62d1657e3e7
--- /dev/null
+++ b/lib/libssl/src/crypto/pkcs7/des.pem
@@ -0,0 +1,15 @@
+
+MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG
+A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
+dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
+ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR+MA0GCSqGSIb3DQEBAQUABEC2vXI1xQDW6lUHM3zQ
+/9uBEBOO5A3TtkrklAXq7v01gsIC21t52qSk36REXY+slhNZ0OQ349tgkTsoETHFLoEwMIHw
+AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI
+QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU
+UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR9MA0G
+CSqGSIb3DQEBAQUABEB8ujxbabxXUYJhopuDm3oDq4JNqX6Io4p3ro+ShqfIndsXTZ1v5a2N
+WtLLCWlHn/habjBwZ/DgQgcKASbZ7QxNMIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA
+oAQIbsL5v1wX98KggAQoAaJ4WHm68fXY1WE5OIjfVBIDpO1K+i8dmKhjnAjrjoyZ9Bwc8rDL
+lgQg4CXb805h5xl+GfvSwUaHJayte1m2mcOhs3J2YyqbQ+MEIMIiJQccmhO3oDKm36CFvYR8
+5PjpclVcZyX2ngbwPFMnBAgy0clOAE6UKAAAAAAAAAAAAAA=
+
diff --git a/lib/libssl/src/crypto/pkcs7/enc.c b/lib/libssl/src/crypto/pkcs7/enc.c
index 625a7c22852..43bfd10a238 100644
--- a/lib/libssl/src/crypto/pkcs7/enc.c
+++ b/lib/libssl/src/crypto/pkcs7/enc.c
@@ -56,61 +56,82 @@
  * [including the GNU Public Licence.]
  */
 #include <stdio.h>
-#include "bio.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
 
-main(argc,argv)
+int main(argc,argv)
 int argc;
 char *argv[];
 	{
 	X509 *x509;
-	EVP_PKEY *pkey;
 	PKCS7 *p7;
-	PKCS7 *p7_data;
-	PKCS7_SIGNER_INFO *si;
 	BIO *in;
 	BIO *data,*p7bio;
 	char buf[1024*4];
-	int i,j;
-	int nodetach=0;
+	int i;
+	int nodetach=1;
+	char *keyfile = NULL;
+	const EVP_CIPHER *cipher=NULL;
+	STACK_OF(X509) *recips=NULL;
 
-	EVP_add_digest(EVP_sha1());
-	EVP_add_cipher(EVP_des_cbc());
+	SSLeay_add_all_algorithms();
 
 	data=BIO_new(BIO_s_file());
-again:
-	if (argc > 1)
+	while(argc > 1)
 		{
 		if (strcmp(argv[1],"-nd") == 0)
 			{
 			nodetach=1;
 			argv++; argc--;
-			goto again;
 			}
-		if (!BIO_read_filename(data,argv[1]))
-			goto err;
-		}
-	else
-		BIO_set_fp(data,stdin,BIO_NOCLOSE);
+		else if ((strcmp(argv[1],"-c") == 0) && (argc >= 2)) {
+			if(!(cipher = EVP_get_cipherbyname(argv[2]))) {
+				fprintf(stderr, "Unknown cipher %s\n", argv[2]);
+				goto err;
+			}
+			argc-=2;
+			argv+=2;
+		} else if ((strcmp(argv[1],"-k") == 0) && (argc >= 2)) {
+			keyfile = argv[2];
+			argc-=2;
+			argv+=2;
+			if (!(in=BIO_new_file(keyfile,"r"))) goto err;
+			if (!(x509=PEM_read_bio_X509(in,NULL,NULL))) goto err;
+			if(!recips) recips = sk_X509_new_null();
+			sk_X509_push(recips, x509);
+			BIO_free(in);
+		} else break;
+	}
 
-	if ((in=BIO_new_file("server.pem","r")) == NULL) goto err;
-	if ((x509=PEM_read_bio_X509(in,NULL,NULL)) == NULL) goto err;
+	if(!recips) {
+		fprintf(stderr, "No recipients\n");
+		goto err;
+	}
+
+	if (!BIO_read_filename(data,argv[1])) goto err;
+
+	p7=PKCS7_new();
+#if 0
 	BIO_reset(in);
 	if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL)) == NULL) goto err;
 	BIO_free(in);
-
-	p7=PKCS7_new();
 	PKCS7_set_type(p7,NID_pkcs7_signedAndEnveloped);
 	 
 	if (PKCS7_add_signature(p7,x509,pkey,EVP_sha1()) == NULL) goto err;
-
-	if (!PKCS7_set_cipher(p7,EVP_des_cbc())) goto err;
-	if (PKCS7_add_recipient(p7,x509) == NULL) goto err;
-
 	/* we may want to add more */
 	PKCS7_add_certificate(p7,x509);
-
+#else
+	PKCS7_set_type(p7,NID_pkcs7_enveloped);
+#endif
+	if(!cipher) cipher = EVP_des_ede3_cbc();
+
+	if (!PKCS7_set_cipher(p7,cipher)) goto err;
+	for(i = 0; i < sk_X509_num(recips); i++) {
+		if (!PKCS7_add_recipient(p7,sk_X509_value(recips, i))) goto err;
+	}
+	sk_X509_pop_free(recips, X509_free);
 
 	/* Set the content of the signed to 'data' */
 	/* PKCS7_content_new(p7,NID_pkcs7_data); not used in envelope */
@@ -129,7 +150,7 @@ again:
 		}
 	BIO_flush(p7bio);
 
-	if (!PKCS7_dataSign(p7,p7bio)) goto err;
+	if (!PKCS7_dataFinal(p7,p7bio)) goto err;
 	BIO_free(p7bio);
 
 	PEM_write_PKCS7(stdout,p7);
diff --git a/lib/libssl/src/crypto/pkcs7/es1.pem b/lib/libssl/src/crypto/pkcs7/es1.pem
new file mode 100644
index 00000000000..47112a238fd
--- /dev/null
+++ b/lib/libssl/src/crypto/pkcs7/es1.pem
@@ -0,0 +1,66 @@
+-----BEGIN PKCS7-----
+MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG
+A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
+dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
+ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0GCSqGSIb3DQEBAQUABEDWak0y/5XZJhQJeCLo
+KECcHXkTEbjzYkYNHIinbiPmRK4QbNfs9z2mA3z/c2ykQ4eAqFR2jyNrUMN/+I5XEiv6MIHw
+AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI
+QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU
+UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR9MA0G
+CSqGSIb3DQEBAQUABEAWg9+KgtCjc77Jdj1Ve4wGgHjVHbbSYEA1ZqKFDoi15vSr9hfpHmC4
+ycZzcRo16JkTfolefiHZzmyjVz94vSN6MIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA
+oAQI7X4Tk4mcbV6ggASBsHl1mCaJ3RhXWlNPCgCRU53d7M5x6TDZRkvwdtdvW96m1lupT03F
+XtonkBqk7oMkH7kGfs5/REQOPjx0QE2Ixmgt1W3szum82EZwA7pZNppcraK7W/odw/7bYZO+
+II3HPmRklE2N9qiu1LPaPUsnYogkO6SennyeL5tZ382vBweL/8pnG0qsbT1OBb65v+llnsjT
+pa1T/p+fIx/iJJGE6K9fYFokC6gXLQ6ozXRdOu5oBDB8mPCYYvAqKycidM/MrGGUkpEtS4f0
+lS31PwQi5YTim8Ig3/TOwVpPX32i46FTuEIEIMHkD/OvpfwCCzXUHHJnKnKUAUvIsSY3vGBs
+8ezpUDfBBBj9LHDy32hZ2tQilkDefP5VM2LLdrWgamYEgfiyITQvn08Ul5lQOQxbFKBheFq5
+otCCN4MR+w5eq12xQu6y+f9z0159ag2ru87D0lLtUtXXtCELbO1nUkT2sJ0k/iDs9TOXr6Cx
+go1XKYho83hlkXYiCteVizdAbgVGNsNRD4wtIdajsorET/LuJECgp11YeL9w1dlDB0HLEZfi
+XCsUphH4jGagba3hDeUSibnjSiJlN0ukfuQurBBbI2UkBAujiEAubKPn7C1FZJRSw6CPPX5t
+KEpmcqT1JNk6LO8Js6/1sCmmBh1VGCy1+EuTI9J1p7Dagf4nQ8cHitoCRpHuKZlFHnZyv7tw
+Rn/KOhHaYP2VzAh40gQIvKMAAWh9oFsEEIMwIoOmLwLH5wf+8QdbDhoECH8HwZt9a12dBAjL
+r4j2zlvtfgQIt7nmEM3wz1EECKlc3EIy1irCBBCAKINcermK3A+jI6ISN2RzBFA3dsh/xwMu
+l61aWMBBZzEz/SF92k6n35KZhCC0d6fIVC/1WMv0fnCwQ8oEDynSre216VEFiYKBaQLJe5o/
+mTAxC7Ht3goXnuc+i1FItOkLrgRI/wyvTICEn2WsNZiMADnGaee2bqPnUopo+VMGexJEtCPk
+l0ZNlDJGquPDkpUwaEtecVZzCNyVPYyyF4J/l8rmGDhDdYUIC8IKBEg/ip/E0BuubBLWVbv+
+HRl4QrnGpyCyeXRXXK603QP3sT1Zbbm1v5pI/loOhVHi724LmtXHSyp5qv9MDcxE1PoX10LY
+gBRtlwwESPeCF8bK5jk4xIQMhK5NMHj1Y1KQWTZ9NGITBL4hjRq2qp4Qk5GIpGgOVPopAuCo
+TIyPikpqBRNtLSPRSsDs6QPUPzWBh6JgxwRQblnDKKUkxUcnJiD4i9QtGa/ZabMn4KxtNOBL
+5JSh1nJkaLXCZY070131WWPAByLcd5TiXq8x84pmzV5NNk4tiMpoXhJNsx8e4rskQQlKd6ME
+SCe2eYDHKcKPX3WJbUzhrJSQ92/aWnI2iUY8WQ+kSNyiZ2QUjyuUg9Z66g/0d2STlvPOBHT/
+y5ODP2CwbcWX4QmCbUc9TT66fQRIrRVuwvtOfnUueyGgYhJ3HpAJfVaB/7kap5bj7Fi/azW4
+9JDfd1bC/W9h0Kyk7RO2gxvE0hIHc26mZJHTm9MNP5D328MnM2MdBEjKjQBtgrp+lFIii7MP
+nGHFTKUkG4WAIZJCf/CsT+p6/SW0qG71Me/YcSw5STB24j+a+HgMV8RVIeUlkP4z0IWWrSoB
+Gh4d/Z0EUMCVHs/HZ/bWgiyhtHpvuVAzidm8D81p1LJ5BQX5/5f/m+q5+fS/npL27dTEbNqs
+LSB6ij3MZAi7LwHWpTn9zWnDajCMEj9vlaV7mcKtHK5iBEg85agFi1h3MvicqLtoFe5hVv9T
+tG0j6CRkjkixPzivltlrf44KHv14gLM0XJxCGyq7vd3l8QYr3+9at0zNnX/yqTiBnsnE5dUE
+SIgrYuz87M2gi/ER9PcDoTtONH3+CkcqVy03q/Sj8cVWD/b1KgEhqnNOfc8Ak9PctyR/ItcR
+8Me5XVn1GJKkQJk4O29fxvgNoAQIrIESvUWGshAEQByXiFoFTDUByjTlgjcy77H1lrH+y3P/
+wAInJjJAut9kCNyGJV0PA4kdPB5USWltuO6t8gk4Pd2YBMl09zqUWkAEUCjFrtZ3mapjcGZI
+uQTASKR5LSjXoWxTT5gae/+64MerF/oCEeO3ehRTpjnPrsiRDo0rWIQTaj9+Nro8Z2xtWstw
+RnfoAHIxV1lEamPwjsceBEi2SD9hiifFeO5ECiVoaE1FdXUXhU+jwYAMx6jHWO9hMkYzS9pM
+Y3IyWR5ybtOjiQgkUdvRJPUPGf5DVVMPnymGX25aDh5PYpIESPbsM9akCpOOVuscywcUswmU
+o7dXvlB48WWCfg/al3BQKAZbn5ZXtWNwpUZkrEdHsrxAVv3rxRcdkT3Z1fzUbIuYkLJN200o
+WgRIJvn6RO8KEj7/HOg2sYuuM8nz1kR0TSgwX7/0y/7JfjBa0JIlP7o75sNJscE8oyoIMzuy
+Dvn6/U9g3BCDXn83A/s+ke60qn9gBFC6NAeLOlXal1YVWYhMQNOqCyUfAjiXBTawaysQb1Mk
+YgeNlF8xuEFcUQWIP+vNG7FJ5JPMaMRL4YEoaQ3sVFhYOERJR1cSb+8xt4QCYtBKQgRIUOmJ
+CHW5o1hXJWJiTkZK2qWFcEMzTINSj5EpYFySr8aVBjkRnI7vxegRT/+XZZXoYedQ3UNsnGI3
+DdkWii5VzX0PNF6C60pfBEiVpausYuX7Wjb3Lfm8cBj7GgN69i6Pm2gxtobVcmpo2nS4D714
+ePyhlX9n8kJ6QAcqWMRj22smDPrHVGNTizfzHBh5zNllK9gESJizILOWI327og3ZWp+qUht5
+kNDJCzMK7Z09UAy+h+vq0VTQuEo3FgLzVdqkJujjSL4Nx97lXg51AovrEn3nd4evydwcjKLX
+1wRIo72NaeWuUEQ+rt1SlCsOJ7k1ioJSqhrPOfvwcaFcb4beVet1JWiy4yvowTjLDGbUje2s
+xjrlVt4BJWI/uA6jbQsrxSe89ADZBAi5YAlR4qszeAQIXD3VSBVKbRUECNTtyvw9vvqXBAhb
+IZNn4H4cxgQI+XW7GkfL+ekECCCCg2reMyGDBAh1PYqkg3lw3gQQkNlggEPU+BH8eh7Gm7n7
+7AQIjC5EWbkil5cEEKcpuqwTWww/X89KnQAg8TcECJPomqHvrlZFBBiRSuIiHpmN+PaujXpv
+qZV2VhjkB2j09GEECOIdv8AVOJgKBAjlHgIqAD9jZQQIXHbs44+wogcEIGGqTACRJxrhMcMG
+X8drNjksIPt+snxTXUBIkTVpZWoABAh6unXPTyIr8QQgBF8xKoX27MWk7iTNmkSNZggZXa2a
+DWCGHSYLngbSOHIECD9XmO6VsvTgBAjfqB70CEW4WwQIVIBkbCocznUEEHB/zFXy/sR4OYHe
+UfbNPnIEEDWBB/NTCLMGE+o8BfyujcAECFik7GQnnF9VBBAhLXExQeWAofZNc6NtN7qZBCC1
+gVIS3ruTwKltmcrgx3heT3M8ZJhCfWa+6KzchnmKygQQ+1NL5sSzR4m/fdrqxHFyUAQYCT2x
+PamQr3wK3h0lyZER+4H0zPM86AhFBBC3CkmvL2vjflMfujnzPBVpBBge9rMbI5+0q9DLrTiT
+5F3AIgXLpD8PQWAECHkHVo6RomV3BAgMbi8E271UeAQIqtS8wnI3XngECG3TWmOMb3/iBEha
+y+mvCS6I3n3JfL8e1B5P4qX9/czJRaERLuKpGNjLiL4A+zxN0LZ0UHd0qfmJjwOTxAx3iJAC
+lGXX4nB9ATYPUT5EU+o1Y4sECN01pP6vWNIdBDAsiE0Ts8/9ltJlqX2B3AoOM4qOt9EaCjXf
+lB+aEmrhtjUwuZ6GqS5Ke7P6XnakTk4ECCLIMatNdootAAAAAAAAAAAAAA==
+-----END PKCS7-----
diff --git a/lib/libssl/src/crypto/pkcs7/example.c b/lib/libssl/src/crypto/pkcs7/example.c
new file mode 100644
index 00000000000..73548900841
--- /dev/null
+++ b/lib/libssl/src/crypto/pkcs7/example.c
@@ -0,0 +1,327 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/pkcs7.h>
+#include <openssl/asn1_mac.h>
+
+int add_signed_time(PKCS7_SIGNER_INFO *si)
+	{
+	ASN1_UTCTIME *sign_time;
+
+	/* The last parameter is the amount to add/subtract from the current
+	 * time (in seconds) */
+	sign_time=X509_gmtime_adj(NULL,0);
+	PKCS7_add_signed_attribute(si,NID_pkcs9_signingTime,
+		V_ASN1_UTCTIME,(char *)sign_time);
+	return(1);
+	}
+
+ASN1_UTCTIME *get_signed_time(PKCS7_SIGNER_INFO *si)
+	{
+	ASN1_TYPE *so;
+
+	so=PKCS7_get_signed_attribute(si,NID_pkcs9_signingTime);
+	if (so->type == V_ASN1_UTCTIME)
+	    return so->value.utctime;
+	return NULL;
+	}
+	
+static int signed_string_nid= -1;
+
+void add_signed_string(PKCS7_SIGNER_INFO *si, char *str)
+	{
+	ASN1_OCTET_STRING *os;
+
+	/* To a an object of OID 1.2.3.4.5, which is an octet string */
+	if (signed_string_nid == -1)
+		signed_string_nid=
+			OBJ_create("1.2.3.4.5","OID_example","Our example OID");
+	os=ASN1_OCTET_STRING_new();
+	ASN1_OCTET_STRING_set(os,str,strlen(str));
+	/* When we add, we do not free */
+	PKCS7_add_signed_attribute(si,signed_string_nid,
+		V_ASN1_OCTET_STRING,(char *)os);
+	}
+
+int get_signed_string(PKCS7_SIGNER_INFO *si, char *buf, int len)
+	{
+	ASN1_TYPE *so;
+	ASN1_OCTET_STRING *os;
+	int i;
+
+	if (signed_string_nid == -1)
+		signed_string_nid=
+			OBJ_create("1.2.3.4.5","OID_example","Our example OID");
+	/* To retrieve */
+	so=PKCS7_get_signed_attribute(si,signed_string_nid);
+	if (so != NULL)
+		{
+		if (so->type == V_ASN1_OCTET_STRING)
+			{
+			os=so->value.octet_string;
+			i=os->length;
+			if ((i+1) > len)
+				i=len-1;
+			memcpy(buf,os->data,i);
+			return(i);
+			}
+		}
+	return(0);
+	}
+
+static signed_seq2string_nid= -1;
+/* ########################################### */
+int add_signed_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2)
+	{
+	/* To add an object of OID 1.9.999, which is a sequence containing
+	 * 2 octet strings */
+	unsigned char *p;
+	ASN1_OCTET_STRING *os1,*os2;
+	ASN1_STRING *seq;
+	unsigned char *data;
+	int i,total;
+
+	if (signed_seq2string_nid == -1)
+		signed_seq2string_nid=
+			OBJ_create("1.9.9999","OID_example","Our example OID");
+
+	os1=ASN1_OCTET_STRING_new();
+	os2=ASN1_OCTET_STRING_new();
+	ASN1_OCTET_STRING_set(os1,str1,strlen(str1));
+	ASN1_OCTET_STRING_set(os2,str1,strlen(str1));
+	i =i2d_ASN1_OCTET_STRING(os1,NULL);
+	i+=i2d_ASN1_OCTET_STRING(os2,NULL);
+	total=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
+
+	data=malloc(total);
+	p=data;
+	ASN1_put_object(&p,1,i,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+	i2d_ASN1_OCTET_STRING(os1,&p);
+	i2d_ASN1_OCTET_STRING(os2,&p);
+
+	seq=ASN1_STRING_new();
+	ASN1_STRING_set(seq,data,total);
+	free(data);
+	ASN1_OCTET_STRING_free(os1);
+	ASN1_OCTET_STRING_free(os2);
+
+	PKCS7_add_signed_attribute(si,signed_seq2string_nid,
+		V_ASN1_SEQUENCE,(char *)seq);
+	return(1);
+	}
+
+/* For this case, I will malloc the return strings */
+int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2)
+	{
+	ASN1_TYPE *so;
+
+	if (signed_seq2string_nid == -1)
+		signed_seq2string_nid=
+			OBJ_create("1.9.9999","OID_example","Our example OID");
+	/* To retrieve */
+	so=PKCS7_get_signed_attribute(si,signed_seq2string_nid);
+	if (so && (so->type == V_ASN1_SEQUENCE))
+		{
+		ASN1_CTX c;
+		ASN1_STRING *s;
+		long length;
+		ASN1_OCTET_STRING *os1,*os2;
+
+		s=so->value.sequence;
+		c.p=ASN1_STRING_data(s);
+		c.max=c.p+ASN1_STRING_length(s);
+		if (!asn1_GetSequence(&c,&length)) goto err;
+		/* Length is the length of the seqence */
+
+		c.q=c.p;
+		if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 
+			goto err;
+		c.slen-=(c.p-c.q);
+
+		c.q=c.p;
+		if ((os2=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 
+			goto err;
+		c.slen-=(c.p-c.q);
+
+		if (!asn1_Finish(&c)) goto err;
+		*str1=malloc(os1->length+1);
+		*str2=malloc(os2->length+1);
+		memcpy(*str1,os1->data,os1->length);
+		memcpy(*str2,os2->data,os2->length);
+		(*str1)[os1->length]='\0';
+		(*str2)[os2->length]='\0';
+		ASN1_OCTET_STRING_free(os1);
+		ASN1_OCTET_STRING_free(os2);
+		return(1);
+		}
+err:
+	return(0);
+	}
+
+
+/* #######################################
+ * THE OTHER WAY TO DO THINGS
+ * #######################################
+ */
+X509_ATTRIBUTE *create_time(void)
+	{
+	ASN1_UTCTIME *sign_time;
+	X509_ATTRIBUTE *ret;
+
+	/* The last parameter is the amount to add/subtract from the current
+	 * time (in seconds) */
+	sign_time=X509_gmtime_adj(NULL,0);
+	ret=X509_ATTRIBUTE_create(NID_pkcs9_signingTime,
+		V_ASN1_UTCTIME,(char *)sign_time);
+	return(ret);
+	}
+
+ASN1_UTCTIME *sk_get_time(STACK_OF(X509_ATTRIBUTE) *sk)
+	{
+	ASN1_TYPE *so;
+	PKCS7_SIGNER_INFO si;
+
+	si.auth_attr=sk;
+	so=PKCS7_get_signed_attribute(&si,NID_pkcs9_signingTime);
+	if (so->type == V_ASN1_UTCTIME)
+	    return so->value.utctime;
+	return NULL;
+	}
+	
+X509_ATTRIBUTE *create_string(char *str)
+	{
+	ASN1_OCTET_STRING *os;
+	X509_ATTRIBUTE *ret;
+
+	/* To a an object of OID 1.2.3.4.5, which is an octet string */
+	if (signed_string_nid == -1)
+		signed_string_nid=
+			OBJ_create("1.2.3.4.5","OID_example","Our example OID");
+	os=ASN1_OCTET_STRING_new();
+	ASN1_OCTET_STRING_set(os,str,strlen(str));
+	/* When we add, we do not free */
+	ret=X509_ATTRIBUTE_create(signed_string_nid,
+		V_ASN1_OCTET_STRING,(char *)os);
+	return(ret);
+	}
+
+int sk_get_string(STACK_OF(X509_ATTRIBUTE) *sk, char *buf, int len)
+	{
+	ASN1_TYPE *so;
+	ASN1_OCTET_STRING *os;
+	int i;
+	PKCS7_SIGNER_INFO si;
+
+	si.auth_attr=sk;
+
+	if (signed_string_nid == -1)
+		signed_string_nid=
+			OBJ_create("1.2.3.4.5","OID_example","Our example OID");
+	/* To retrieve */
+	so=PKCS7_get_signed_attribute(&si,signed_string_nid);
+	if (so != NULL)
+		{
+		if (so->type == V_ASN1_OCTET_STRING)
+			{
+			os=so->value.octet_string;
+			i=os->length;
+			if ((i+1) > len)
+				i=len-1;
+			memcpy(buf,os->data,i);
+			return(i);
+			}
+		}
+	return(0);
+	}
+
+X509_ATTRIBUTE *add_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2)
+	{
+	/* To add an object of OID 1.9.999, which is a sequence containing
+	 * 2 octet strings */
+	unsigned char *p;
+	ASN1_OCTET_STRING *os1,*os2;
+	ASN1_STRING *seq;
+	X509_ATTRIBUTE *ret;
+	unsigned char *data;
+	int i,total;
+
+	if (signed_seq2string_nid == -1)
+		signed_seq2string_nid=
+			OBJ_create("1.9.9999","OID_example","Our example OID");
+
+	os1=ASN1_OCTET_STRING_new();
+	os2=ASN1_OCTET_STRING_new();
+	ASN1_OCTET_STRING_set(os1,str1,strlen(str1));
+	ASN1_OCTET_STRING_set(os2,str1,strlen(str1));
+	i =i2d_ASN1_OCTET_STRING(os1,NULL);
+	i+=i2d_ASN1_OCTET_STRING(os2,NULL);
+	total=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
+
+	data=malloc(total);
+	p=data;
+	ASN1_put_object(&p,1,i,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+	i2d_ASN1_OCTET_STRING(os1,&p);
+	i2d_ASN1_OCTET_STRING(os2,&p);
+
+	seq=ASN1_STRING_new();
+	ASN1_STRING_set(seq,data,total);
+	free(data);
+	ASN1_OCTET_STRING_free(os1);
+	ASN1_OCTET_STRING_free(os2);
+
+	ret=X509_ATTRIBUTE_create(signed_seq2string_nid,
+		V_ASN1_SEQUENCE,(char *)seq);
+	return(ret);
+	}
+
+/* For this case, I will malloc the return strings */
+int sk_get_seq2string(STACK_OF(X509_ATTRIBUTE) *sk, char **str1, char **str2)
+	{
+	ASN1_TYPE *so;
+	PKCS7_SIGNER_INFO si;
+
+	if (signed_seq2string_nid == -1)
+		signed_seq2string_nid=
+			OBJ_create("1.9.9999","OID_example","Our example OID");
+
+	si.auth_attr=sk;
+	/* To retrieve */
+	so=PKCS7_get_signed_attribute(&si,signed_seq2string_nid);
+	if (so->type == V_ASN1_SEQUENCE)
+		{
+		ASN1_CTX c;
+		ASN1_STRING *s;
+		long length;
+		ASN1_OCTET_STRING *os1,*os2;
+
+		s=so->value.sequence;
+		c.p=ASN1_STRING_data(s);
+		c.max=c.p+ASN1_STRING_length(s);
+		if (!asn1_GetSequence(&c,&length)) goto err;
+		/* Length is the length of the seqence */
+
+		c.q=c.p;
+		if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 
+			goto err;
+		c.slen-=(c.p-c.q);
+
+		c.q=c.p;
+		if ((os2=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 
+			goto err;
+		c.slen-=(c.p-c.q);
+
+		if (!asn1_Finish(&c)) goto err;
+		*str1=malloc(os1->length+1);
+		*str2=malloc(os2->length+1);
+		memcpy(*str1,os1->data,os1->length);
+		memcpy(*str2,os2->data,os2->length);
+		(*str1)[os1->length]='\0';
+		(*str2)[os2->length]='\0';
+		ASN1_OCTET_STRING_free(os1);
+		ASN1_OCTET_STRING_free(os2);
+		return(1);
+		}
+err:
+	return(0);
+	}
+
+
diff --git a/lib/libssl/src/crypto/pkcs7/example.h b/lib/libssl/src/crypto/pkcs7/example.h
new file mode 100644
index 00000000000..96167de188d
--- /dev/null
+++ b/lib/libssl/src/crypto/pkcs7/example.h
@@ -0,0 +1,57 @@
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+int add_signed_time(PKCS7_SIGNER_INFO *si);
+ASN1_UTCTIME *get_signed_time(PKCS7_SIGNER_INFO *si);
+int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2);
diff --git a/lib/libssl/src/crypto/pkcs7/info.pem b/lib/libssl/src/crypto/pkcs7/info.pem
new file mode 100644
index 00000000000..989baf87096
--- /dev/null
+++ b/lib/libssl/src/crypto/pkcs7/info.pem
@@ -0,0 +1,57 @@
+issuer :/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=DEMONSTRATION AND TESTING/CN=DEMO ZERO VALUE CA
+subject:/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=SMIME 003/CN=Information/Email=info@cryptsoft.com
+serial :047D
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1149 (0x47d)
+        Signature Algorithm: md5withRSAEncryption
+        Issuer: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=DEMONSTRATION AND TESTING, CN=DEMO ZERO VALUE CA
+        Validity
+            Not Before: May 13 05:40:58 1998 GMT
+            Not After : May 12 05:40:58 2000 GMT
+        Subject: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=SMIME 003, CN=Information/Email=info@cryptsoft.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Modulus:
+                    00:ad:e7:23:89:ee:0d:87:b7:9c:32:44:4b:95:81:
+                    73:dd:22:80:4b:2d:c5:60:b8:fe:1e:18:63:ef:dc:
+                    89:89:22:df:95:3c:7a:db:3d:9a:06:a8:08:d6:29:
+                    fd:ef:41:09:91:ed:bc:ad:98:f9:f6:28:90:62:6f:
+                    e7:e7:0c:4d:0b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            Netscape Comment: 
+                Generated with SSLeay
+    Signature Algorithm: md5withRSAEncryption
+        52:15:ea:88:f4:f0:f9:0b:ef:ce:d5:f8:83:40:61:16:5e:55:
+        f9:ce:2d:d1:8b:31:5c:03:c6:2d:10:7c:61:d5:5c:0a:42:97:
+        d1:fd:65:b6:b6:84:a5:39:ec:46:ec:fc:e0:0d:d9:22:da:1b:
+        50:74:ad:92:cb:4e:90:e5:fa:7d
+
+-----BEGIN CERTIFICATE-----
+MIICTDCCAfagAwIBAgICBH0wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAkFV
+MRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UE
+ChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5E
+IFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQTAeFw05ODA1MTMw
+NTQwNThaFw0wMDA1MTIwNTQwNThaMIGeMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
+UXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
+dCBQdHkgTHRkMRIwEAYDVQQLEwlTTUlNRSAwMDMxFDASBgNVBAMTC0luZm9ybWF0
+aW9uMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGNyeXB0c29mdC5jb20wXDANBgkqhkiG
+9w0BAQEFAANLADBIAkEArecjie4Nh7ecMkRLlYFz3SKASy3FYLj+Hhhj79yJiSLf
+lTx62z2aBqgI1in970EJke28rZj59iiQYm/n5wxNCwIDAQABoygwJjAkBglghkgB
+hvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EA
+UhXqiPTw+QvvztX4g0BhFl5V+c4t0YsxXAPGLRB8YdVcCkKX0f1ltraEpTnsRuz8
+4A3ZItobUHStkstOkOX6fQ==
+-----END CERTIFICATE-----
+
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9
+mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG
+fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/
+zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29
+p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b
+bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk
+IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG
+-----END RSA PRIVATE KEY-----
diff --git a/lib/libssl/src/crypto/pkcs7/infokey.pem b/lib/libssl/src/crypto/pkcs7/infokey.pem
new file mode 100644
index 00000000000..1e2acc954d2
--- /dev/null
+++ b/lib/libssl/src/crypto/pkcs7/infokey.pem
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9
+mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG
+fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/
+zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29
+p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b
+bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk
+IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG
+-----END RSA PRIVATE KEY-----
diff --git a/lib/libssl/src/crypto/pkcs7/mf.p7 b/lib/libssl/src/crypto/pkcs7/mf.p7
deleted file mode 100644
index 524335b4b30..00000000000
--- a/lib/libssl/src/crypto/pkcs7/mf.p7
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN PKCS7-----
-MIAGCSqGSIb3DQEHAqCAMIIC2QIBATEMMAoGCCqGSIb3DQIFMIAGCSqGSIb3DQEH
-AQAAoIIB7TCCAekwggFSAgEAMA0GCSqGSIb3DQEBBAUAMFsxCzAJBgNVBAYTAkFV
-MRMwEQYDVQQIEwpRdWVlbnNsYW5kMRowGAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0
-ZDEbMBkGA1UEAxMSVGVzdCBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0NloX
-DTk4MDYwOTEzNTc0NlowYzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xh
-bmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYDVQQDExpTZXJ2ZXIg
-dGVzdCBjZXJ0ICg1MTIgYml0KTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCfs8OE
-J5X/EjFSDxXvRhHErYDmNlsP3YDXYY3g/HJFCTT+VWZFQ0xol2r+qKCl3194/+7X
-ZLg/BMtv/yr+/rntAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAeEzEdgr2nChPcALL
-vY8gl/GIlpoAjPmKD+pLeGZI9s+SEX5u1q8nCrJ6ZzkfrRnqgI5Anmev9+qPZfdU
-bz5zdVSf4sUL9nX9ChXjK9NCJA3UzQHSFqhZErGUwGNkAHYHp2+zAdY6Ho6rmMzt
-g0CDu/sKR4qzm6REsQGS8kgpjz4xgcUwgcICAQEwYDBbMQswCQYDVQQGEwJBVTET
-MBEGA1UECBMKUXVlZW5zbGFuZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQx
-GzAZBgNVBAMTElRlc3QgQ0EgKDEwMjQgYml0KQIBADAKBggqhkiG9w0CBTANBgkq
-hkiG9w0BAQQFAARALnrxJiOX9XZf2D+3vL8SKMQmMq55LltomwOLGUru/q1uVXzi
-ARg7FSCegOpA1nunsTURMUGgrPXKK4XmL4IseQAAAAA=
------END PKCS7-----
diff --git a/lib/libssl/src/crypto/pkcs7/p7.tst b/lib/libssl/src/crypto/pkcs7/p7.tst
deleted file mode 100644
index 6d14dce1634..00000000000
--- a/lib/libssl/src/crypto/pkcs7/p7.tst
+++ /dev/null
@@ -1,33 +0,0 @@
------BEGIN PKCS7-----
-MIAGCSqGSIb3DQEHAqCAMIIFsQIBATELMAkGBSsOAwIaBQAwgAYJKoZIhvcNAQcB
-AACgggQdMIICJTCCAc+gAwIBAgIBIjANBgkqhkiG9w0BAQQFADCBgjELMAkGA1UE
-BhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRow
-GAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0ZDEUMBIGA1UECxMLZGV2ZWxvcG1lbnQx
-GTAXBgNVBAMTEENyeXB0U29mdCBEZXYgQ0EwHhcNOTcwNjEzMTgxMDE3WhcNOTgw
-NjEzMTgxMDE3WjCBiDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx
-ETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0ZDEU
-MBIGA1UECxMLSUlTIHRlc3RpbmcxDjAMBgNVBAMTBXRlc3QxMQ8wDQYJKoZIhvcN
-AQkBFgAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxtWiv59VH42+rotrmFAyDxTc
-J2osFt5uy/zEllx3vvjtwewqQxGUOwf6cjqFOTrnpEdVvwywpEhIQ5364bJqIwID
-AQABoygwJjAkBglghkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0G
-CSqGSIb3DQEBBAUAA0EAMnYkNV2AdpeHPy/qlcdZx6MDGIJgrLhklhcn6Or6KiAP
-t9+nv9XdOGHyMyQr9ufsweuQfAgJ9yjKPZR2/adTjTCCAfAwggGaAgEAMA0GCSqG
-SIb3DQEBBAUAMIGCMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDER
-MA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRQw
-EgYDVQQLEwtkZXZlbG9wbWVudDEZMBcGA1UEAxMQQ3J5cHRTb2Z0IERldiBDQTAe
-Fw05NzAzMjIxMzM0MDRaFw05ODAzMjIxMzM0MDRaMIGCMQswCQYDVQQGEwJBVTET
-MBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoT
-EUNyeXB0U29mdCBQdHkgTHRkMRQwEgYDVQQLEwtkZXZlbG9wbWVudDEZMBcGA1UE
-AxMQQ3J5cHRTb2Z0IERldiBDQTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDgDgKq
-IBuUMAJi4c8juAqEZ8f8FcuDWT+HcScvNztRJy9K8DnbGpiSrzzix4El6N4A7vbl
-crwn/0CZmQJguZpfAgMBAAEwDQYJKoZIhvcNAQEEBQADQQA0UUvxlXXe6wKkVukn
-ZoCyXbjlNsqt2rwbvfZEam6fQP3S7uq+o1Pnj+KDgE33WxWbQAA9h8fY1LWN7X3a
-yTm/MYIBbTCCAWkCAQEwgYgwgYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVl
-bnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0
-eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQg
-RGV2IENBAgEiMAkGBSsOAwIaBQCgfTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcB
-MCMGCSqGSIb3DQEJBDEWBBSUVhbGkNE+KGqpOK13+FkfOkaoizAcBgkqhkiG9w0B
-CQUxDxcNOTcwNzAxMDE0MzM0WjAeBgkqhkiG9w0BCQ8xETAPMA0GCCqGSIb3DQMC
-AgEoMA0GCSqGSIb3DQEBAQUABECa9Jpo4w/fZOc3Vy78wZFAVF8kvpn7il99Ldsr
-AQ4JiBmcfiSwEBBY6WuKT+/SYtFwZl1oXkTwB5AVCFIC/IFNAAAAAA==
------END PKCS7-----
diff --git a/lib/libssl/src/crypto/pkcs7/pk7_dgst.c b/lib/libssl/src/crypto/pkcs7/pk7_dgst.c
index 7769abeb1e7..90edfa5001f 100644
--- a/lib/libssl/src/crypto/pkcs7/pk7_dgst.c
+++ b/lib/libssl/src/crypto/pkcs7/pk7_dgst.c
@@ -58,9 +58,9 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "rand.h"
-#include "objects.h"
-#include "x509.h"
-#include "pkcs7.h"
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
 
diff --git a/lib/libssl/src/crypto/pkcs7/pk7_doit.c b/lib/libssl/src/crypto/pkcs7/pk7_doit.c
index b5689b3fe4c..dee81b547ad 100644
--- a/lib/libssl/src/crypto/pkcs7/pk7_doit.c
+++ b/lib/libssl/src/crypto/pkcs7/pk7_doit.c
@@ -58,20 +58,23 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "rand.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
-BIO *PKCS7_dataInit(p7,bio)
-PKCS7 *p7;
-BIO *bio;
+static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
+			 void *value);
+static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid);
+
+BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
 	{
 	int i,j;
-	BIO *out=NULL,*btmp;
+	BIO *out=NULL,*btmp=NULL;
 	X509_ALGOR *xa;
-	EVP_MD *evp_md;
-	EVP_CIPHER *evp_cipher=NULL;
-	STACK *md_sk=NULL,*rsk=NULL;
+	const EVP_MD *evp_md;
+	const EVP_CIPHER *evp_cipher=NULL;
+	STACK_OF(X509_ALGOR) *md_sk=NULL;
+	STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
 	X509_ALGOR *xalg=NULL;
 	PKCS7_RECIP_INFO *ri=NULL;
 	EVP_PKEY *pkey;
@@ -87,13 +90,25 @@ BIO *bio;
 	case NID_pkcs7_signedAndEnveloped:
 		rsk=p7->d.signed_and_enveloped->recipientinfo;
 		md_sk=p7->d.signed_and_enveloped->md_algs;
-		evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(p7->d.signed_and_enveloped->enc_data->algorithm->algorithm)));
+		xalg=p7->d.signed_and_enveloped->enc_data->algorithm;
+		evp_cipher=p7->d.signed_and_enveloped->enc_data->cipher;
 		if (evp_cipher == NULL)
 			{
-			PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
+			PKCS7err(PKCS7_F_PKCS7_DATAINIT,
+						PKCS7_R_CIPHER_NOT_INITIALIZED);
+			goto err;
+			}
+		break;
+	case NID_pkcs7_enveloped:
+		rsk=p7->d.enveloped->recipientinfo;
+		xalg=p7->d.enveloped->enc_data->algorithm;
+		evp_cipher=p7->d.enveloped->enc_data->cipher;
+		if (evp_cipher == NULL)
+			{
+			PKCS7err(PKCS7_F_PKCS7_DATAINIT,
+						PKCS7_R_CIPHER_NOT_INITIALIZED);
 			goto err;
 			}
-		xalg=p7->d.signed_and_enveloped->enc_data->algorithm;
 		break;
 	default:
 		PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
@@ -102,10 +117,14 @@ BIO *bio;
 
 	if (md_sk != NULL)
 		{
-		for (i=0; i<sk_num(md_sk); i++)
+		for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
 			{
-			xa=(X509_ALGOR *)sk_value(md_sk,i);
-			if ((btmp=BIO_new(BIO_f_md())) == NULL) goto err;
+			xa=sk_X509_ALGOR_value(md_sk,i);
+			if ((btmp=BIO_new(BIO_f_md())) == NULL)
+				{
+				PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB);
+				goto err;
+				}
 
 			j=OBJ_obj2nid(xa->algorithm);
 			evp_md=EVP_get_digestbyname(OBJ_nid2sn(j));
@@ -120,6 +139,7 @@ BIO *bio;
 				out=btmp;
 			else
 				BIO_push(out,btmp);
+			btmp=NULL;
 			}
 		}
 
@@ -130,49 +150,70 @@ BIO *bio;
 		int keylen,ivlen;
 		int jj,max;
 		unsigned char *tmp;
+		EVP_CIPHER_CTX *ctx;
 
-		if ((btmp=BIO_new(BIO_f_cipher())) == NULL) goto err;
+		if ((btmp=BIO_new(BIO_f_cipher())) == NULL)
+			{
+			PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB);
+			goto err;
+			}
+		BIO_get_cipher_ctx(btmp, &ctx);
 		keylen=EVP_CIPHER_key_length(evp_cipher);
 		ivlen=EVP_CIPHER_iv_length(evp_cipher);
-
-		if (ivlen > 0)
-			{
-			ASN1_OCTET_STRING *os;
-
-			RAND_bytes(iv,ivlen);
-			os=ASN1_OCTET_STRING_new();
-			ASN1_OCTET_STRING_set(os,iv,ivlen);
-		/*	ASN1_TYPE_set(xalg->parameter,V_ASN1_OCTET_STRING,
-				(char *)os);
-		*/	}
 		RAND_bytes(key,keylen);
+		xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
+		if (ivlen > 0) RAND_bytes(iv,ivlen);
+		EVP_CipherInit(ctx, evp_cipher, key, iv, 1);
+
+		if (ivlen > 0) {
+			if (xalg->parameter == NULL) 
+						xalg->parameter=ASN1_TYPE_new();
+			if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)
+								       goto err;
+		}
 
 		/* Lets do the pub key stuff :-) */
 		max=0;
-		for (i=0; i<sk_num(rsk); i++)
+		for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
 			{
-			ri=(PKCS7_RECIP_INFO *)sk_value(rsk,i);
-			if (ri->cert == NULL) abort();
+			ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
+			if (ri->cert == NULL)
+				{
+				PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_MISSING_CERIPEND_INFO);
+				goto err;
+				}
 			pkey=X509_get_pubkey(ri->cert);
 			jj=EVP_PKEY_size(pkey);
+			EVP_PKEY_free(pkey);
 			if (max < jj) max=jj;
 			}
-		if ((tmp=(unsigned char *)Malloc(max)) == NULL) abort();
-		for (i=0; i<sk_num(rsk); i++)
+		if ((tmp=(unsigned char *)Malloc(max)) == NULL)
 			{
-			ri=(PKCS7_RECIP_INFO *)sk_value(rsk,i);
+			PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
+			{
+			ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
 			pkey=X509_get_pubkey(ri->cert);
 			jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey);
-			if (jj <= 0) abort();
+			EVP_PKEY_free(pkey);
+			if (jj <= 0)
+				{
+				PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_EVP_LIB);
+				Free(tmp);
+				goto err;
+				}
 			ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
 			}
-
-		BIO_set_cipher(btmp,evp_cipher,key,iv,1);
+		Free(tmp);
+		memset(key, 0, keylen);
 
 		if (out == NULL)
 			out=btmp;
 		else
 			BIO_push(out,btmp);
+		btmp=NULL;
 		}
 
 	if (bio == NULL) /* ??????????? */
@@ -182,6 +223,11 @@ BIO *bio;
 		else
 			{
 			bio=BIO_new(BIO_s_mem());
+			/* We need to set this so that when we have read all
+			 * the data, the encrypt BIO, if present, will read
+			 * EOF and encode the last few bytes */
+			BIO_set_mem_eof_return(bio,0);
+
 			if (PKCS7_type_is_signed(p7) &&
 				PKCS7_type_is_data(p7->d.sign->contents))
 				{
@@ -195,14 +241,222 @@ BIO *bio;
 			}
 		}
 	BIO_push(out,bio);
+	bio=NULL;
+	if (0)
+		{
+err:
+		if (out != NULL)
+			BIO_free_all(out);
+		if (btmp != NULL)
+			BIO_free_all(btmp);
+		out=NULL;
+		}
 	return(out);
+	}
+
+/* int */
+BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
+	{
+	int i,j;
+	BIO *out=NULL,*btmp=NULL,*etmp=NULL,*bio=NULL;
+	char *tmp=NULL;
+	X509_ALGOR *xa;
+	ASN1_OCTET_STRING *data_body=NULL;
+	const EVP_MD *evp_md;
+	const EVP_CIPHER *evp_cipher=NULL;
+	EVP_CIPHER_CTX *evp_ctx=NULL;
+	X509_ALGOR *enc_alg=NULL;
+	STACK_OF(X509_ALGOR) *md_sk=NULL;
+	STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
+	X509_ALGOR *xalg=NULL;
+	PKCS7_RECIP_INFO *ri=NULL;
+/*	EVP_PKEY *pkey; */
+#if 0
+	X509_STORE_CTX s_ctx;
+#endif
+
+	i=OBJ_obj2nid(p7->type);
+	p7->state=PKCS7_S_HEADER;
+
+	switch (i)
+		{
+	case NID_pkcs7_signed:
+		data_body=p7->d.sign->contents->d.data;
+		md_sk=p7->d.sign->md_algs;
+		break;
+	case NID_pkcs7_signedAndEnveloped:
+		rsk=p7->d.signed_and_enveloped->recipientinfo;
+		md_sk=p7->d.signed_and_enveloped->md_algs;
+		data_body=p7->d.signed_and_enveloped->enc_data->enc_data;
+		enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm;
+		evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm)));
+		if (evp_cipher == NULL)
+			{
+			PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
+			goto err;
+			}
+		xalg=p7->d.signed_and_enveloped->enc_data->algorithm;
+		break;
+	case NID_pkcs7_enveloped:
+		rsk=p7->d.enveloped->recipientinfo;
+		enc_alg=p7->d.enveloped->enc_data->algorithm;
+		data_body=p7->d.enveloped->enc_data->enc_data;
+		evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm)));
+		if (evp_cipher == NULL)
+			{
+			PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
+			goto err;
+			}
+		xalg=p7->d.enveloped->enc_data->algorithm;
+		break;
+	default:
+		PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+	        goto err;
+		}
+
+	/* We will be checking the signature */
+	if (md_sk != NULL)
+		{
+		for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
+			{
+			xa=sk_X509_ALGOR_value(md_sk,i);
+			if ((btmp=BIO_new(BIO_f_md())) == NULL)
+				{
+				PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB);
+				goto err;
+				}
+
+			j=OBJ_obj2nid(xa->algorithm);
+			evp_md=EVP_get_digestbyname(OBJ_nid2sn(j));
+			if (evp_md == NULL)
+				{
+				PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE);
+				goto err;
+				}
+
+			BIO_set_md(btmp,evp_md);
+			if (out == NULL)
+				out=btmp;
+			else
+				BIO_push(out,btmp);
+			btmp=NULL;
+			}
+		}
+
+	if (evp_cipher != NULL)
+		{
+#if 0
+		unsigned char key[EVP_MAX_KEY_LENGTH];
+		unsigned char iv[EVP_MAX_IV_LENGTH];
+		unsigned char *p;
+		int keylen,ivlen;
+		int max;
+		X509_OBJECT ret;
+#endif
+		int jj;
+
+		if ((etmp=BIO_new(BIO_f_cipher())) == NULL)
+			{
+			PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB);
+			goto err;
+			}
+
+		/* It was encrypted, we need to decrypt the secret key
+		 * with the private key */
+
+		/* Find the recipientInfo which matches the passed certificate
+		 * (if any)
+		 */
+
+		for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) {
+			ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
+			if(!X509_NAME_cmp(ri->issuer_and_serial->issuer,
+					pcert->cert_info->issuer) &&
+			     !ASN1_INTEGER_cmp(pcert->cert_info->serialNumber,
+					ri->issuer_and_serial->serial)) break;
+			ri=NULL;
+		}
+		if (ri == NULL) {
+			PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+				 PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
+			return(NULL);
+		}
+
+		jj=EVP_PKEY_size(pkey);
+		tmp=Malloc(jj+10);
+		if (tmp == NULL)
+			{
+			PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+
+		jj=EVP_PKEY_decrypt((unsigned char *)tmp,
+			ASN1_STRING_data(ri->enc_key),
+			ASN1_STRING_length(ri->enc_key),
+			pkey);
+		if (jj <= 0)
+			{
+			PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_EVP_LIB);
+			goto err;
+			}
+
+		evp_ctx=NULL;
+		BIO_get_cipher_ctx(etmp,&evp_ctx);
+		EVP_CipherInit(evp_ctx,evp_cipher,NULL,NULL,0);
+		if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
+			return(NULL);
+
+		if (jj != EVP_CIPHER_CTX_key_length(evp_ctx))
+			{
+			PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+					PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH);
+			goto err;
+			}
+		EVP_CipherInit(evp_ctx,NULL,(unsigned char *)tmp,NULL,0);
+
+		memset(tmp,0,jj);
+
+		if (out == NULL)
+			out=etmp;
+		else
+			BIO_push(out,etmp);
+		etmp=NULL;
+		}
+
+#if 1
+	if (p7->detached || (in_bio != NULL))
+		{
+		bio=in_bio;
+		}
+	else 
+		{
+		bio=BIO_new(BIO_s_mem());
+		/* We need to set this so that when we have read all
+		 * the data, the encrypt BIO, if present, will read
+		 * EOF and encode the last few bytes */
+		BIO_set_mem_eof_return(bio,0);
+
+		if (data_body->length > 0)
+			BIO_write(bio,(char *)data_body->data,data_body->length);
+		}
+	BIO_push(out,bio);
+	bio=NULL;
+#endif
+	if (0)
+		{
 err:
-	return(NULL);
+		if (out != NULL) BIO_free_all(out);
+		if (btmp != NULL) BIO_free_all(btmp);
+		if (etmp != NULL) BIO_free_all(etmp);
+		if (bio != NULL) BIO_free_all(bio);
+		out=NULL;
+		}
+	if (tmp != NULL)
+		Free(tmp);
+	return(out);
 	}
 
-int PKCS7_dataSign(p7,bio)
-PKCS7 *p7;
-BIO *bio;
+int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
 	{
 	int ret=0;
 	int i,j;
@@ -211,7 +465,8 @@ BIO *bio;
 	BUF_MEM *buf=NULL;
 	PKCS7_SIGNER_INFO *si;
 	EVP_MD_CTX *mdc,ctx_tmp;
-	STACK *sk,*si_sk=NULL;
+	STACK_OF(X509_ATTRIBUTE) *sk;
+	STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;
 	unsigned char *p,*pp=NULL;
 	int x;
 	ASN1_OCTET_STRING *os=NULL;
@@ -227,22 +482,35 @@ BIO *bio;
 		os=ASN1_OCTET_STRING_new();
 		p7->d.signed_and_enveloped->enc_data->enc_data=os;
 		break;
+	case NID_pkcs7_enveloped:
+		/* XXXXXXXXXXXXXXXX */
+		os=ASN1_OCTET_STRING_new();
+		p7->d.enveloped->enc_data->enc_data=os;
+		break;
 	case NID_pkcs7_signed:
 		si_sk=p7->d.sign->signer_info;
 		os=p7->d.sign->contents->d.data;
+		/* If detached data then the content is excluded */
+		if(p7->detached) {
+			ASN1_OCTET_STRING_free(os);
+			p7->d.sign->contents->d.data = NULL;
+		}
 		break;
 		}
 
 	if (si_sk != NULL)
 		{
-		if ((buf=BUF_MEM_new()) == NULL) goto err;
-		for (i=0; i<sk_num(si_sk); i++)
+		if ((buf=BUF_MEM_new()) == NULL)
+			{
+			PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB);
+			goto err;
+			}
+		for (i=0; i<sk_PKCS7_SIGNER_INFO_num(si_sk); i++)
 			{
-			si=(PKCS7_SIGNER_INFO *)
-				sk_value(si_sk,i);
-			if (si->pkey == NULL)
-				continue;
-			j=OBJ_obj2nid(si->digest_enc_alg->algorithm);
+			si=sk_PKCS7_SIGNER_INFO_value(si_sk,i);
+			if (si->pkey == NULL) continue;
+
+			j=OBJ_obj2nid(si->digest_alg->algorithm);
 
 			btmp=bio;
 			for (;;)
@@ -259,7 +527,7 @@ BIO *bio;
 					PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_INTERNAL_ERROR);
 					goto err;
 					}
-				if (EVP_MD_pkey_type(EVP_MD_CTX_type(mdc)) == j)
+				if (EVP_MD_type(EVP_MD_CTX_type(mdc)) == j)
 					break;
 				else
 					btmp=btmp->next_bio;
@@ -269,75 +537,117 @@ BIO *bio;
 			 * signing. */
 			memcpy(&ctx_tmp,mdc,sizeof(ctx_tmp));
 			if (!BUF_MEM_grow(buf,EVP_PKEY_size(si->pkey)))
+				{
+				PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB);
 				goto err;
+				}
 
 			sk=si->auth_attr;
-			if ((sk != NULL) && (sk_num(sk) != 0))
+
+			/* If there are attributes, we add the digest
+			 * attribute and only sign the attributes */
+			if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))
 				{
-				x=i2d_ASN1_SET(sk,NULL,i2d_X509_ATTRIBUTE,
-					V_ASN1_SET,V_ASN1_UNIVERSAL);
-				pp=(unsigned char *)Malloc(i);
+				unsigned char md_data[EVP_MAX_MD_SIZE];
+				unsigned int md_len;
+				ASN1_OCTET_STRING *digest;
+				ASN1_UTCTIME *sign_time;
+				const EVP_MD *md_tmp;
+
+				/* Add signing time */
+				sign_time=X509_gmtime_adj(NULL,0);
+				PKCS7_add_signed_attribute(si,
+					NID_pkcs9_signingTime,
+					V_ASN1_UTCTIME,sign_time);
+
+				/* Add digest */
+				md_tmp=EVP_MD_CTX_type(&ctx_tmp);
+				EVP_DigestFinal(&ctx_tmp,md_data,&md_len);
+				digest=ASN1_OCTET_STRING_new();
+				ASN1_OCTET_STRING_set(digest,md_data,md_len);
+				PKCS7_add_signed_attribute(si,
+					NID_pkcs9_messageDigest,
+					V_ASN1_OCTET_STRING,digest);
+
+				/* Now sign the mess */
+				EVP_SignInit(&ctx_tmp,md_tmp);
+				x=i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,NULL,
+					   i2d_X509_ATTRIBUTE,
+					   V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET);
+				pp=(unsigned char *)Malloc(x);
 				p=pp;
-				i2d_ASN1_SET(sk,&p,i2d_X509_ATTRIBUTE,
-					V_ASN1_SET,V_ASN1_UNIVERSAL);
+				i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,&p,
+				           i2d_X509_ATTRIBUTE,
+					   V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET);
 				EVP_SignUpdate(&ctx_tmp,pp,x);
 				Free(pp);
+				pp=NULL;
 				}
 
+			if (si->pkey->type == EVP_PKEY_DSA)
+				ctx_tmp.digest=EVP_dss1();
+
 			if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data,
 				(unsigned int *)&buf->length,si->pkey))
+				{
+				PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_EVP_LIB);
 				goto err;
+				}
 			if (!ASN1_STRING_set(si->enc_digest,
 				(unsigned char *)buf->data,buf->length))
-				goto err;
-			}
-		if (p7->detached)
-			ASN1_OCTET_STRING_set(os,(unsigned char *)"",0);
-		else
-			{
-			btmp=BIO_find_type(bio,BIO_TYPE_MEM);
-			if (btmp == NULL)
 				{
-				PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
+				PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_ASN1_LIB);
 				goto err;
 				}
-			BIO_get_mem_ptr(btmp,&buf_mem);
-			ASN1_OCTET_STRING_set(os,
-				(unsigned char *)buf_mem->data,buf_mem->length);
 			}
-		if (pp != NULL) Free(pp);
-		pp=NULL;
 		}
 
+	if (!p7->detached)
+		{
+		btmp=BIO_find_type(bio,BIO_TYPE_MEM);
+		if (btmp == NULL)
+			{
+			PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
+			goto err;
+			}
+		BIO_get_mem_ptr(btmp,&buf_mem);
+		ASN1_OCTET_STRING_set(os,
+			(unsigned char *)buf_mem->data,buf_mem->length);
+		}
+	if (pp != NULL) Free(pp);
+	pp=NULL;
+
 	ret=1;
 err:
 	if (buf != NULL) BUF_MEM_free(buf);
 	return(ret);
 	}
 
-int PKCS7_dataVerify(cert_store,ctx,bio,p7,si)
-X509_STORE *cert_store;
-X509_STORE_CTX *ctx;
-BIO *bio;
-PKCS7 *p7;
-PKCS7_SIGNER_INFO *si;
+int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
+	     PKCS7 *p7, PKCS7_SIGNER_INFO *si)
 	{
-	PKCS7_SIGNED *s;
-	ASN1_OCTET_STRING *os;
-	EVP_MD_CTX mdc_tmp,*mdc;
-	unsigned char *pp,*p;
 	PKCS7_ISSUER_AND_SERIAL *ias;
-	int ret=0,md_type,i;
-	STACK *sk;
-	BIO *btmp;
+	int ret=0,i;
+	STACK_OF(X509) *cert;
 	X509 *x509;
 
-	if (!PKCS7_type_is_signed(p7)) abort();
+	if (PKCS7_type_is_signed(p7))
+		{
+		cert=p7->d.sign->cert;
+		}
+	else if (PKCS7_type_is_signedAndEnveloped(p7))
+		{
+		cert=p7->d.signed_and_enveloped->cert;
+		}
+	else
+		{
+		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_WRONG_PKCS7_TYPE);
+		goto err;
+		}
 	/* XXXXXXXXXXXXXXXXXXXXXXX */
 	ias=si->issuer_and_serial;
-	s=p7->d.sign;
 
-	x509=X509_find_by_issuer_and_serial(s->cert,ias->issuer,ias->serial);
+	x509=X509_find_by_issuer_and_serial(cert,ias->issuer,ias->serial);
 
 	/* were we able to find the cert in passed to us */
 	if (x509 == NULL)
@@ -347,12 +657,39 @@ PKCS7_SIGNER_INFO *si;
 		}
 
 	/* Lets verify */
-	X509_STORE_CTX_init(ctx,cert_store,x509,s->cert);
+	X509_STORE_CTX_init(ctx,cert_store,x509,cert);
 	i=X509_verify_cert(ctx);
-	if (i <= 0) goto err;
+	if (i <= 0) 
+		{
+		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB);
+		goto err;
+		}
 	X509_STORE_CTX_cleanup(ctx);
 
-	/* So we like 'x509', lets check the signature. */
+	return PKCS7_signatureVerify(bio, p7, si, x509);
+	err:
+	return ret;
+	}
+
+int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
+								X509 *x509)
+	{
+	ASN1_OCTET_STRING *os;
+	EVP_MD_CTX mdc_tmp,*mdc;
+	unsigned char *pp,*p;
+	int ret=0,i;
+	int md_type;
+	STACK_OF(X509_ATTRIBUTE) *sk;
+	BIO *btmp;
+	EVP_PKEY *pkey;
+
+	if (!PKCS7_type_is_signed(p7) && 
+				!PKCS7_type_is_signedAndEnveloped(p7)) {
+		PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+						PKCS7_R_WRONG_PKCS7_TYPE);
+		goto err;
+	}
+
 	md_type=OBJ_obj2nid(si->digest_alg->algorithm);
 
 	btmp=bio;
@@ -361,13 +698,15 @@ PKCS7_SIGNER_INFO *si;
 		if ((btmp == NULL) ||
 			((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) == NULL))
 			{
-			PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+			PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+					PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
 			goto err;
 			}
 		BIO_get_md_ctx(btmp,&mdc);
 		if (mdc == NULL)
 			{
-			PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_INTERNAL_ERROR);
+			PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+							PKCS7_R_INTERNAL_ERROR);
 			goto err;
 			}
 		if (EVP_MD_type(EVP_MD_CTX_type(mdc)) == md_type)
@@ -375,28 +714,68 @@ PKCS7_SIGNER_INFO *si;
 		btmp=btmp->next_bio;	
 		}
 
-	/* mdc is the digest ctx that we want */
+	/* mdc is the digest ctx that we want, unless there are attributes,
+	 * in which case the digest is the signed attributes */
 	memcpy(&mdc_tmp,mdc,sizeof(mdc_tmp));
 
 	sk=si->auth_attr;
-	if ((sk != NULL) && (sk_num(sk) != 0))
+	if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))
 		{
-		i=i2d_ASN1_SET(sk,NULL,i2d_X509_ATTRIBUTE,
-			V_ASN1_SET,V_ASN1_UNIVERSAL);
-		pp=(unsigned char *)malloc(i);
+		unsigned char md_dat[EVP_MAX_MD_SIZE];
+                unsigned int md_len;
+		ASN1_OCTET_STRING *message_digest;
+
+		EVP_DigestFinal(&mdc_tmp,md_dat,&md_len);
+		message_digest=PKCS7_digest_from_attributes(sk);
+		if (!message_digest)
+			{
+			PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+					PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+			goto err;
+			}
+		if ((message_digest->length != (int)md_len) ||
+			(memcmp(message_digest->data,md_dat,md_len)))
+			{
+#if 0
+{
+int ii;
+for (ii=0; ii<message_digest->length; ii++)
+	printf("%02X",message_digest->data[ii]); printf(" sent\n");
+for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
+}
+#endif
+			PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+							PKCS7_R_DIGEST_FAILURE);
+			ret= -1;
+			goto err;
+			}
+
+		EVP_VerifyInit(&mdc_tmp,EVP_get_digestbynid(md_type));
+		/* Note: when forming the encoding of the attributes we
+		 * shouldn't reorder them or this will break the signature.
+		 * This is done by using the IS_SEQUENCE flag.
+		 */
+		i=i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,NULL,i2d_X509_ATTRIBUTE,
+			V_ASN1_SET,V_ASN1_UNIVERSAL, IS_SEQUENCE);
+		pp=Malloc(i);
 		p=pp;
-		i2d_ASN1_SET(sk,&p,i2d_X509_ATTRIBUTE,
-			V_ASN1_SET,V_ASN1_UNIVERSAL);
+		i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,&p,i2d_X509_ATTRIBUTE,
+			V_ASN1_SET,V_ASN1_UNIVERSAL, IS_SEQUENCE);
 		EVP_VerifyUpdate(&mdc_tmp,pp,i);
-		free(pp);
+
+		Free(pp);
 		}
 
 	os=si->enc_digest;
-	i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length,
-		X509_get_pubkey(x509));
+	pkey = X509_get_pubkey(x509);
+	if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1();
+
+	i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey);
+	EVP_PKEY_free(pkey);
 	if (i <= 0)
 		{
-		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_SIGNATURE_FAILURE);
+		PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+						PKCS7_R_SIGNATURE_FAILURE);
 		ret= -1;
 		goto err;
 		}
@@ -406,3 +785,138 @@ err:
 	return(ret);
 	}
 
+PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)
+	{
+	STACK_OF(PKCS7_RECIP_INFO) *rsk;
+	PKCS7_RECIP_INFO *ri;
+	int i;
+
+	i=OBJ_obj2nid(p7->type);
+	if (i != NID_pkcs7_signedAndEnveloped) return(NULL);
+	rsk=p7->d.signed_and_enveloped->recipientinfo;
+	ri=sk_PKCS7_RECIP_INFO_value(rsk,0);
+	if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) return(NULL);
+	ri=sk_PKCS7_RECIP_INFO_value(rsk,idx);
+	return(ri->issuer_and_serial);
+	}
+
+ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid)
+	{
+	return(get_attribute(si->auth_attr,nid));
+	}
+
+ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid)
+	{
+	return(get_attribute(si->unauth_attr,nid));
+	}
+
+static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid)
+	{
+	int i;
+	X509_ATTRIBUTE *xa;
+	ASN1_OBJECT *o;
+
+	o=OBJ_nid2obj(nid);
+	if (!o || !sk) return(NULL);
+	for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
+		{
+		xa=sk_X509_ATTRIBUTE_value(sk,i);
+		if (OBJ_cmp(xa->object,o) == 0)
+			{
+			if (xa->set && sk_ASN1_TYPE_num(xa->value.set))
+				return(sk_ASN1_TYPE_value(xa->value.set,0));
+			else
+				return(NULL);
+			}
+		}
+	return(NULL);
+	}
+
+ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk)
+{
+	ASN1_TYPE *astype;
+	if(!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) return NULL;
+	return astype->value.octet_string;
+}
+
+int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
+				STACK_OF(X509_ATTRIBUTE) *sk)
+	{
+	int i;
+
+	if (p7si->auth_attr != NULL)
+		sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr,X509_ATTRIBUTE_free);
+	p7si->auth_attr=sk_X509_ATTRIBUTE_dup(sk);
+	for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
+		{
+		if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr,i,
+			X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i))))
+		    == NULL)
+			return(0);
+		}
+	return(1);
+	}
+
+int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk)
+	{
+	int i;
+
+	if (p7si->unauth_attr != NULL)
+		sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr,
+					   X509_ATTRIBUTE_free);
+	p7si->unauth_attr=sk_X509_ATTRIBUTE_dup(sk);
+	for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
+		{
+		if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr,i,
+                        X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i))))
+		    == NULL)
+			return(0);
+		}
+	return(1);
+	}
+
+int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
+	     void *value)
+	{
+	return(add_attribute(&(p7si->auth_attr),nid,atrtype,value));
+	}
+
+int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
+	     void *value)
+	{
+	return(add_attribute(&(p7si->unauth_attr),nid,atrtype,value));
+	}
+
+static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
+			 void *value)
+	{
+	X509_ATTRIBUTE *attr=NULL;
+
+	if (*sk == NULL)
+		{
+		*sk = sk_X509_ATTRIBUTE_new(NULL);
+new_attrib:
+		attr=X509_ATTRIBUTE_create(nid,atrtype,value);
+		sk_X509_ATTRIBUTE_push(*sk,attr);
+		}
+	else
+		{
+		int i;
+
+		for (i=0; i<sk_X509_ATTRIBUTE_num(*sk); i++)
+			{
+			attr=sk_X509_ATTRIBUTE_value(*sk,i);
+			if (OBJ_obj2nid(attr->object) == nid)
+				{
+				X509_ATTRIBUTE_free(attr);
+				attr=X509_ATTRIBUTE_create(nid,atrtype,value);
+				sk_X509_ATTRIBUTE_set(*sk,i,attr);
+				goto end;
+				}
+			}
+		goto new_attrib;
+		}
+end:
+	return(1);
+	}
+
diff --git a/lib/libssl/src/crypto/pkcs7/pk7_enc.c b/lib/libssl/src/crypto/pkcs7/pk7_enc.c
index a5b6dc463f0..acbb189c59a 100644
--- a/lib/libssl/src/crypto/pkcs7/pk7_enc.c
+++ b/lib/libssl/src/crypto/pkcs7/pk7_enc.c
@@ -58,11 +58,11 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "rand.h"
-#include "objects.h"
-#include "x509.h"
-#include "pkcs7.h"
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
 
 PKCS7_in_bio(PKCS7 *p7,BIO *in);
 PKCS7_out_bio(PKCS7 *p7,BIO *out);
diff --git a/lib/libssl/src/crypto/pkcs7/pk7_lib.c b/lib/libssl/src/crypto/pkcs7/pk7_lib.c
index 7d14ad11734..8b863d05583 100644
--- a/lib/libssl/src/crypto/pkcs7/pk7_lib.c
+++ b/lib/libssl/src/crypto/pkcs7/pk7_lib.c
@@ -58,14 +58,10 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "objects.h"
-#include "x509.h"
-
-long PKCS7_ctrl(p7,cmd,larg,parg)
-PKCS7 *p7;
-int cmd;
-long larg;
-char *parg;
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
 	{
 	int nid;
 	long ret;
@@ -98,14 +94,13 @@ char *parg;
 			
 		break;
 	default:
-		abort();
+		PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_UNKNOWN_OPERATION);
+		ret=0;
 		}
 	return(ret);
 	}
 
-int PKCS7_content_new(p7,type)
-PKCS7 *p7;
-int type;
+int PKCS7_content_new(PKCS7 *p7, int type)
 	{
 	PKCS7 *ret=NULL;
 
@@ -119,9 +114,7 @@ err:
 	return(0);
 	}
 
-int PKCS7_set_content(p7,p7_data)
-PKCS7 *p7;
-PKCS7 *p7_data;
+int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data)
 	{
 	int i;
 
@@ -147,9 +140,7 @@ err:
 	return(0);
 	}
 
-int PKCS7_set_type(p7,type)
-PKCS7 *p7;
-int type;
+int PKCS7_set_type(PKCS7 *p7, int type)
 	{
 	ASN1_OBJECT *obj;
 
@@ -172,12 +163,19 @@ int type;
 	case NID_pkcs7_signedAndEnveloped:
 		p7->type=obj;
 		if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new())
-			== NULL)
-			goto err;
-		ASN1_INTEGER_set(p7->d.sign->version,1);
+			== NULL) goto err;
+		ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1);
+/*		p7->d.signed_and_enveloped->enc_data->content_type=
+			OBJ_nid2obj(NID_pkcs7_encrypted);*/
+			
 		break;
-	case NID_pkcs7_digest:
 	case NID_pkcs7_enveloped:
+		p7->type=obj;
+		if ((p7->d.enveloped=PKCS7_ENVELOPE_new())
+			== NULL) goto err;
+		ASN1_INTEGER_set(p7->d.enveloped->version,0);
+		break;
+	case NID_pkcs7_digest:
 	case NID_pkcs7_encrypted:
 	default:
 		PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
@@ -188,14 +186,12 @@ err:
 	return(0);
 	}
 
-int PKCS7_add_signer(p7,psi)
-PKCS7 *p7;
-PKCS7_SIGNER_INFO *psi;
+int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
 	{
 	int i,j,nid;
 	X509_ALGOR *alg;
-	STACK *signer_sk;
-	STACK *md_sk;
+	STACK_OF(PKCS7_SIGNER_INFO) *signer_sk;
+	STACK_OF(X509_ALGOR) *md_sk;
 
 	i=OBJ_obj2nid(p7->type);
 	switch (i)
@@ -217,9 +213,9 @@ PKCS7_SIGNER_INFO *psi;
 
 	/* If the digest is not currently listed, add it */
 	j=0;
-	for (i=0; i<sk_num(md_sk); i++)
+	for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
 		{
-		alg=(X509_ALGOR *)sk_value(md_sk,i);
+		alg=sk_X509_ALGOR_value(md_sk,i);
 		if (OBJ_obj2nid(alg->algorithm) == nid)
 			{
 			j=1;
@@ -230,19 +226,17 @@ PKCS7_SIGNER_INFO *psi;
 		{
 		alg=X509_ALGOR_new();
 		alg->algorithm=OBJ_nid2obj(nid);
-		sk_push(md_sk,(char *)alg);
+		sk_X509_ALGOR_push(md_sk,alg);
 		}
 
-	sk_push(signer_sk,(char *)psi);
+	sk_PKCS7_SIGNER_INFO_push(signer_sk,psi);
 	return(1);
 	}
 
-int PKCS7_add_certificate(p7,x509)
-PKCS7 *p7;
-X509 *x509;
+int PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
 	{
 	int i;
-	STACK **sk;
+	STACK_OF(X509) **sk;
 
 	i=OBJ_obj2nid(p7->type);
 	switch (i)
@@ -259,18 +253,16 @@ X509 *x509;
 		}
 
 	if (*sk == NULL)
-		*sk=sk_new_null();
+		*sk=sk_X509_new_null();
 	CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
-	sk_push(*sk,(char *)x509);
+	sk_X509_push(*sk,x509);
 	return(1);
 	}
 
-int PKCS7_add_crl(p7,crl)
-PKCS7 *p7;
-X509_CRL *crl;
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
 	{
 	int i;
-	STACK **sk;
+	STACK_OF(X509_CRL) **sk;
 
 	i=OBJ_obj2nid(p7->type);
 	switch (i)
@@ -287,18 +279,15 @@ X509_CRL *crl;
 		}
 
 	if (*sk == NULL)
-		*sk=sk_new_null();
+		*sk=sk_X509_CRL_new_null();
 
 	CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL);
-	sk_push(*sk,(char *)crl);
+	sk_X509_CRL_push(*sk,crl);
 	return(1);
 	}
 
-int PKCS7_SIGNER_INFO_set(p7i,x509,pkey,dgst)
-PKCS7_SIGNER_INFO *p7i;
-X509 *x509;
-EVP_PKEY *pkey;
-EVP_MD *dgst;
+int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
+	     EVP_MD *dgst)
 	{
 	/* We now need to add another PKCS7_SIGNER_INFO entry */
 	ASN1_INTEGER_set(p7i->version,1);
@@ -316,27 +305,32 @@ EVP_MD *dgst;
 	p7i->pkey=pkey;
 
 	/* Set the algorithms */
-	p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst));
-	p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_MD_pkey_type(dgst));
+	if (pkey->type == EVP_PKEY_DSA)
+		p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1);
+	else	
+		p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst));
+
+	if (p7i->digest_alg->parameter != NULL)
+		ASN1_TYPE_free(p7i->digest_alg->parameter);
+	if ((p7i->digest_alg->parameter=ASN1_TYPE_new()) == NULL)
+		goto err;
+	p7i->digest_alg->parameter->type=V_ASN1_NULL;
+
+	p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_PKEY_type(pkey->type));
 
-#if 1
 	if (p7i->digest_enc_alg->parameter != NULL)
 		ASN1_TYPE_free(p7i->digest_enc_alg->parameter);
 	if ((p7i->digest_enc_alg->parameter=ASN1_TYPE_new()) == NULL)
 		goto err;
 	p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
-#endif
 
 	return(1);
 err:
 	return(0);
 	}
 
-PKCS7_SIGNER_INFO *PKCS7_add_signature(p7,x509,pkey,dgst)
-PKCS7 *p7;
-X509 *x509;
-EVP_PKEY *pkey;
-EVP_MD *dgst;
+PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,
+	     EVP_MD *dgst)
 	{
 	PKCS7_SIGNER_INFO *si;
 
@@ -348,20 +342,21 @@ err:
 	return(NULL);
 	}
 
-STACK *PKCS7_get_signer_info(p7)
-PKCS7 *p7;
+STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
 	{
 	if (PKCS7_type_is_signed(p7))
 		{
 		return(p7->d.sign->signer_info);
 		}
+	else if (PKCS7_type_is_signedAndEnveloped(p7))
+		{
+		return(p7->d.signed_and_enveloped->signer_info);
+		}
 	else
 		return(NULL);
 	}
 
-PKCS7_RECIP_INFO *PKCS7_add_recipient(p7,x509)
-PKCS7 *p7;
-X509 *x509;
+PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509)
 	{
 	PKCS7_RECIP_INFO *ri;
 
@@ -373,12 +368,10 @@ err:
 	return(NULL);
 	}
 
-int PKCS7_add_recipient_info(p7,ri)
-PKCS7 *p7;
-PKCS7_RECIP_INFO *ri;
+int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
 	{
 	int i;
-	STACK *sk;
+	STACK_OF(PKCS7_RECIP_INFO) *sk;
 
 	i=OBJ_obj2nid(p7->type);
 	switch (i)
@@ -386,18 +379,19 @@ PKCS7_RECIP_INFO *ri;
 	case NID_pkcs7_signedAndEnveloped:
 		sk=	p7->d.signed_and_enveloped->recipientinfo;
 		break;
+	case NID_pkcs7_enveloped:
+		sk=	p7->d.enveloped->recipientinfo;
+		break;
 	default:
 		PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,PKCS7_R_WRONG_CONTENT_TYPE);
 		return(0);
 		}
 
-	sk_push(sk,(char *)ri);
+	sk_PKCS7_RECIP_INFO_push(sk,ri);
 	return(1);
 	}
 
-int PKCS7_RECIP_INFO_set(p7i,x509)
-PKCS7_RECIP_INFO *p7i;
-X509 *x509;
+int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
 	{
 	ASN1_INTEGER_set(p7i->version,0);
 	X509_NAME_set(&p7i->issuer_and_serial->issuer,
@@ -407,15 +401,18 @@ X509 *x509;
 	p7i->issuer_and_serial->serial=
 		ASN1_INTEGER_dup(X509_get_serialNumber(x509));
 
+	X509_ALGOR_free(p7i->key_enc_algor);
+	p7i->key_enc_algor=(X509_ALGOR *)ASN1_dup(i2d_X509_ALGOR,
+		(char *(*)())d2i_X509_ALGOR,
+		(char *)x509->cert_info->key->algor);
+
 	CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
 	p7i->cert=x509;
 
 	return(1);
 	}
 
-X509 *PKCS7_cert_from_signer_info(p7,si)
-PKCS7 *p7;
-PKCS7_SIGNER_INFO *si;
+X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
 	{
 	if (PKCS7_type_is_signed(p7))
 		return(X509_find_by_issuer_and_serial(p7->d.sign->cert,
@@ -425,9 +422,7 @@ PKCS7_SIGNER_INFO *si;
 		return(NULL);
 	}
 
-int PKCS7_set_cipher(p7,cipher)
-PKCS7 *p7;
-EVP_CIPHER *cipher;
+int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
 	{
 	int i;
 	PKCS7_ENC_CONTENT *ec;
@@ -438,12 +433,17 @@ EVP_CIPHER *cipher;
 	case NID_pkcs7_signedAndEnveloped:
 		ec=p7->d.signed_and_enveloped->enc_data;
 		break;
+	case NID_pkcs7_enveloped:
+		ec=p7->d.enveloped->enc_data;
+		break;
 	default:
 		PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_WRONG_CONTENT_TYPE);
 		return(0);
 		}
 
-	ec->algorithm->algorithm=OBJ_nid2obj(EVP_CIPHER_nid(cipher));
-	return(ec->algorithm->algorithm != NULL);
+	/* Setup cipher OID */
+
+	ec->cipher = cipher;
+	return 1;
 	}
 
diff --git a/lib/libssl/src/crypto/pkcs7/pkcs7.err b/lib/libssl/src/crypto/pkcs7/pkcs7.err
deleted file mode 100644
index 91413aae432..00000000000
--- a/lib/libssl/src/crypto/pkcs7/pkcs7.err
+++ /dev/null
@@ -1,26 +0,0 @@
-/* Error codes for the PKCS7 functions. */
-
-/* Function codes. */
-#define PKCS7_F_PKCS7_ADD_CERTIFICATE			 100
-#define PKCS7_F_PKCS7_ADD_CRL				 101
-#define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO		 102
-#define PKCS7_F_PKCS7_ADD_SIGNER			 103
-#define PKCS7_F_PKCS7_CTRL				 104
-#define PKCS7_F_PKCS7_DATAINIT				 105
-#define PKCS7_F_PKCS7_DATASIGN				 106
-#define PKCS7_F_PKCS7_DATAVERIFY			 107
-#define PKCS7_F_PKCS7_SET_CIPHER			 108
-#define PKCS7_F_PKCS7_SET_CONTENT			 109
-#define PKCS7_F_PKCS7_SET_TYPE				 110
-
-/* Reason codes. */
-#define PKCS7_R_INTERNAL_ERROR				 100
-#define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE	 101
-#define PKCS7_R_SIGNATURE_FAILURE			 102
-#define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE		 103
-#define PKCS7_R_UNABLE_TO_FIND_MEM_BIO			 104
-#define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST		 105
-#define PKCS7_R_UNKNOWN_DIGEST_TYPE			 106
-#define PKCS7_R_UNSUPPORTED_CIPHER_TYPE			 107
-#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE		 108
-#define PKCS7_R_WRONG_CONTENT_TYPE			 109
diff --git a/lib/libssl/src/crypto/pkcs7/pkcs7.h b/lib/libssl/src/crypto/pkcs7/pkcs7.h
index ee12f670a85..c42bd6d391f 100644
--- a/lib/libssl/src/crypto/pkcs7/pkcs7.h
+++ b/lib/libssl/src/crypto/pkcs7/pkcs7.h
@@ -63,8 +63,17 @@
 extern "C" {
 #endif
 
-#include "bio.h"
-#include "x509.h"
+#include <openssl/bio.h>
+#include <openssl/x509.h>
+
+#ifdef VMS
+#include <openssl/vms_idhacks.h>
+#endif
+
+#ifdef WIN32
+/* Under Win32 this is defined in wincrypt.h */
+#undef PKCS7_ISSUER_AND_SERIAL
+#endif
 
 /*
 Encryption_ID		DES-CBC
@@ -84,15 +93,18 @@ typedef struct pkcs7_signer_info_st
 	ASN1_INTEGER 			*version;	/* version 1 */
 	PKCS7_ISSUER_AND_SERIAL		*issuer_and_serial;
 	X509_ALGOR			*digest_alg;
-	STACK /* X509_ATTRIBUTE */	*auth_attr;	/* [ 0 ] */
+	STACK_OF(X509_ATTRIBUTE)	*auth_attr;	/* [ 0 ] */
 	X509_ALGOR			*digest_enc_alg;
 	ASN1_OCTET_STRING		*enc_digest;
-	STACK /* X509_ATTRIBUTE */	*unauth_attr;	/* [ 1 ] */
+	STACK_OF(X509_ATTRIBUTE)	*unauth_attr;	/* [ 1 ] */
 
 	/* The private key to sign with */
 	EVP_PKEY			*pkey;
 	} PKCS7_SIGNER_INFO;
 
+DECLARE_STACK_OF(PKCS7_SIGNER_INFO)
+DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO)
+
 typedef struct pkcs7_recip_info_st
 	{
 	ASN1_INTEGER			*version;	/* version 0 */
@@ -102,13 +114,16 @@ typedef struct pkcs7_recip_info_st
 	X509				*cert; /* get the pub-key from this */
 	} PKCS7_RECIP_INFO;
 
+DECLARE_STACK_OF(PKCS7_RECIP_INFO)
+DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO)
+
 typedef struct pkcs7_signed_st
 	{
 	ASN1_INTEGER			*version;	/* version 1 */
-	STACK /* X509_ALGOR's */	*md_algs;	/* md used */
-	STACK /* X509 */		*cert;		/* [ 0 ] */
-	STACK /* X509_CRL */		*crl;		/* [ 1 ] */
-	STACK /* PKCS7_SIGNER_INFO */	*signer_info;
+	STACK_OF(X509_ALGOR)		*md_algs;	/* md used */
+	STACK_OF(X509)			*cert;		/* [ 0 ] */
+	STACK_OF(X509_CRL)		*crl;		/* [ 1 ] */
+	STACK_OF(PKCS7_SIGNER_INFO)	*signer_info;
 
 	struct pkcs7_st			*contents;
 	} PKCS7_SIGNED;
@@ -120,25 +135,26 @@ typedef struct pkcs7_enc_content_st
 	ASN1_OBJECT			*content_type;
 	X509_ALGOR			*algorithm;
 	ASN1_OCTET_STRING		*enc_data;	/* [ 0 ] */
+	const EVP_CIPHER		*cipher;
 	} PKCS7_ENC_CONTENT;
 
 typedef struct pkcs7_enveloped_st
 	{
 	ASN1_INTEGER			*version;	/* version 0 */
-	STACK /* PKCS7_RECIP_INFO */	*recipientinfo;
+	STACK_OF(PKCS7_RECIP_INFO)	*recipientinfo;
 	PKCS7_ENC_CONTENT		*enc_data;
 	} PKCS7_ENVELOPE;
-	
+
 typedef struct pkcs7_signedandenveloped_st
 	{
 	ASN1_INTEGER			*version;	/* version 1 */
-	STACK /* X509_ALGOR's */	*md_algs;	/* md used */
-	STACK /* X509 */		*cert;		/* [ 0 ] */
-	STACK /* X509_CRL */		*crl;		/* [ 1 ] */
-	STACK /* PKCS7_SIGNER_INFO */	*signer_info;
+	STACK_OF(X509_ALGOR)		*md_algs;	/* md used */
+	STACK_OF(X509)			*cert;		/* [ 0 ] */
+	STACK_OF(X509_CRL)		*crl;		/* [ 1 ] */
+	STACK_OF(PKCS7_SIGNER_INFO)	*signer_info;
 
 	PKCS7_ENC_CONTENT		*enc_data;
-	STACK /* PKCS7_RECIP_INFO */	*recipientinfo;
+	STACK_OF(PKCS7_RECIP_INFO)	*recipientinfo;
 	} PKCS7_SIGN_ENVELOPE;
 
 typedef struct pkcs7_digest_st
@@ -199,7 +215,12 @@ typedef struct pkcs7_st
 #define PKCS7_OP_SET_DETACHED_SIGNATURE	1
 #define PKCS7_OP_GET_DETACHED_SIGNATURE	2
 
+#define PKCS7_get_signed_attributes(si)	((si)->auth_attr)
+#define PKCS7_get_attributes(si)	((si)->unauth_attr)
+
 #define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed)
+#define PKCS7_type_is_signedAndEnveloped(a) \
+		(OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped)
 #define PKCS7_type_is_data(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_data)
 
 #define PKCS7_set_detached(p,v) \
@@ -208,14 +229,14 @@ typedef struct pkcs7_st
 		PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL)
 
 #ifdef SSLEAY_MACROS
-
+#ifndef PKCS7_ISSUER_AND_SERIAL_digest
 #define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \
         ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\
 	                (char *)data,md,len)
 #endif
+#endif
 
 
-#ifndef NOPROTO
 PKCS7_ISSUER_AND_SERIAL *PKCS7_ISSUER_AND_SERIAL_new(void );
 void			PKCS7_ISSUER_AND_SERIAL_free(
 				PKCS7_ISSUER_AND_SERIAL *a);
@@ -229,11 +250,11 @@ PKCS7_ISSUER_AND_SERIAL *d2i_PKCS7_ISSUER_AND_SERIAL(
 int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,EVP_MD *type,
 	unsigned char *md,unsigned int *len);
 #ifndef NO_FP_API
-PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 *p7);
+PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 **p7);
 int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7);
 #endif
 PKCS7 *PKCS7_dup(PKCS7 *p7);
-PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 *p7);
+PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 **p7);
 int i2d_PKCS7_bio(BIO *bp,PKCS7 *p7);
 #endif
 
@@ -314,107 +335,45 @@ int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
 int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
 int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
 int PKCS7_content_new(PKCS7 *p7, int nid);
-int PKCS7_dataSign(PKCS7 *p7, BIO *bio);
 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
 	BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); 
+int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
+								X509 *x509);
 
 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
-/*int PKCS7_DataFinal(PKCS7 *p7, BIO *bio); */
+int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
+BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert);
+
 
 PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509,
 	EVP_PKEY *pkey, EVP_MD *dgst);
 X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
-STACK *PKCS7_get_signer_info(PKCS7 *p7);
+STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7);
 
 PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509);
 int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri);
 int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509);
-int PKCS7_set_cipher(PKCS7 *p7, EVP_CIPHER *cipher);
-
+int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher);
 
+PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx);
+ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk);
+int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si,int nid,int type,
+	void *data);
+int PKCS7_add_attribute (PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
+	void *value);
+ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid);
+ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid);
+int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
+				STACK_OF(X509_ATTRIBUTE) *sk);
+int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,STACK_OF(X509_ATTRIBUTE) *sk);
 
-#else
 
-PKCS7_ISSUER_AND_SERIAL *PKCS7_ISSUER_AND_SERIAL_new();
-void			PKCS7_ISSUER_AND_SERIAL_free();
-int 			i2d_PKCS7_ISSUER_AND_SERIAL();
-PKCS7_ISSUER_AND_SERIAL *d2i_PKCS7_ISSUER_AND_SERIAL();
-
-#ifndef SSLEAY_MACROS
-int			PKCS7_ISSUER_AND_SERIAL_digest();
-#ifndef NO_FP_API
-PKCS7 *d2i_PKCS7_fp();
-int i2d_PKCS7_fp();
-#endif
-PKCS7 *PKCS7_dup();
-PKCS7 *d2i_PKCS7_bio();
-int i2d_PKCS7_bio();
-
-#endif
-
-PKCS7_SIGNER_INFO	*PKCS7_SIGNER_INFO_new();
-void			PKCS7_SIGNER_INFO_free();
-int 			i2d_PKCS7_SIGNER_INFO();
-PKCS7_SIGNER_INFO	*d2i_PKCS7_SIGNER_INFO();
-PKCS7_RECIP_INFO	*PKCS7_RECIP_INFO_new();
-void			PKCS7_RECIP_INFO_free();
-int 			i2d_PKCS7_RECIP_INFO();
-PKCS7_RECIP_INFO	*d2i_PKCS7_RECIP_INFO();
-PKCS7_SIGNED		*PKCS7_SIGNED_new();
-void			PKCS7_SIGNED_free();
-int 			i2d_PKCS7_SIGNED();
-PKCS7_SIGNED		*d2i_PKCS7_SIGNED();
-PKCS7_ENC_CONTENT	*PKCS7_ENC_CONTENT_new();
-void			PKCS7_ENC_CONTENT_free();
-int 			i2d_PKCS7_ENC_CONTENT();
-PKCS7_ENC_CONTENT	*d2i_PKCS7_ENC_CONTENT();
-PKCS7_ENVELOPE		*PKCS7_ENVELOPE_new();
-void			PKCS7_ENVELOPE_free();
-int 			i2d_PKCS7_ENVELOPE();
-PKCS7_ENVELOPE		*d2i_PKCS7_ENVELOPE();
-PKCS7_SIGN_ENVELOPE	*PKCS7_SIGN_ENVELOPE_new();
-void			PKCS7_SIGN_ENVELOPE_free();
-int 			i2d_PKCS7_SIGN_ENVELOPE();
-PKCS7_SIGN_ENVELOPE	*d2i_PKCS7_SIGN_ENVELOPE();
-PKCS7_DIGEST		*PKCS7_DIGEST_new();
-void			PKCS7_DIGEST_free();
-int 			i2d_PKCS7_DIGEST();
-PKCS7_DIGEST		*d2i_PKCS7_DIGEST();
-PKCS7_ENCRYPT		*PKCS7_ENCRYPT_new();
-void			PKCS7_ENCRYPT_free();
-int 			i2d_PKCS7_ENCRYPT();
-PKCS7_ENCRYPT		*d2i_PKCS7_ENCRYPT();
-PKCS7			*PKCS7_new();
-void			PKCS7_free();
-void			PKCS7_content_free();
-int 			i2d_PKCS7();
-PKCS7			*d2i_PKCS7();
-
-void ERR_load_PKCS7_strings();
-
-long PKCS7_ctrl();
-int PKCS7_set_type();
-int PKCS7_set_content();
-int PKCS7_SIGNER_INFO_set();
-int PKCS7_add_signer();
-int PKCS7_add_certificate();
-int PKCS7_add_crl();
-int PKCS7_content_new();
-int PKCS7_dataSign();
-int PKCS7_dataVerify();
-BIO *PKCS7_dataInit();
-PKCS7_SIGNER_INFO *PKCS7_add_signature();
-X509 *PKCS7_cert_from_signer_info();
-STACK *PKCS7_get_signer_info();
-
-PKCS7_RECIP_INFO *PKCS7_add_recipient();
-int PKCS7_add_recipient_info();
-int PKCS7_RECIP_INFO_set();
-int PKCS7_set_cipher();
-
-#endif
 
 /* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
 /* Error codes for the PKCS7 functions. */
 
 /* Function codes. */
@@ -423,25 +382,34 @@ int PKCS7_set_cipher();
 #define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO		 102
 #define PKCS7_F_PKCS7_ADD_SIGNER			 103
 #define PKCS7_F_PKCS7_CTRL				 104
+#define PKCS7_F_PKCS7_DATADECODE			 112
 #define PKCS7_F_PKCS7_DATAINIT				 105
 #define PKCS7_F_PKCS7_DATASIGN				 106
 #define PKCS7_F_PKCS7_DATAVERIFY			 107
 #define PKCS7_F_PKCS7_SET_CIPHER			 108
 #define PKCS7_F_PKCS7_SET_CONTENT			 109
 #define PKCS7_F_PKCS7_SET_TYPE				 110
+#define PKCS7_F_PKCS7_SIGNATUREVERIFY			 113
 
 /* Reason codes. */
-#define PKCS7_R_INTERNAL_ERROR				 100
-#define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE	 101
-#define PKCS7_R_SIGNATURE_FAILURE			 102
-#define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE		 103
-#define PKCS7_R_UNABLE_TO_FIND_MEM_BIO			 104
-#define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST		 105
-#define PKCS7_R_UNKNOWN_DIGEST_TYPE			 106
-#define PKCS7_R_UNSUPPORTED_CIPHER_TYPE			 107
-#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE		 108
-#define PKCS7_R_WRONG_CONTENT_TYPE			 109
- 
+#define PKCS7_R_CIPHER_NOT_INITIALIZED			 116
+#define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH		 100
+#define PKCS7_R_DIGEST_FAILURE				 101
+#define PKCS7_R_INTERNAL_ERROR				 102
+#define PKCS7_R_MISSING_CERIPEND_INFO			 103
+#define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE	 115
+#define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE	 104
+#define PKCS7_R_SIGNATURE_FAILURE			 105
+#define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE		 106
+#define PKCS7_R_UNABLE_TO_FIND_MEM_BIO			 107
+#define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST		 108
+#define PKCS7_R_UNKNOWN_DIGEST_TYPE			 109
+#define PKCS7_R_UNKNOWN_OPERATION			 110
+#define PKCS7_R_UNSUPPORTED_CIPHER_TYPE			 111
+#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE		 112
+#define PKCS7_R_WRONG_CONTENT_TYPE			 113
+#define PKCS7_R_WRONG_PKCS7_TYPE			 114
+
 #ifdef  __cplusplus
 }
 #endif
diff --git a/lib/libssl/src/crypto/pkcs7/pkcs7err.c b/lib/libssl/src/crypto/pkcs7/pkcs7err.c
index f8510574229..82be3c2ca1e 100644
--- a/lib/libssl/src/crypto/pkcs7/pkcs7err.c
+++ b/lib/libssl/src/crypto/pkcs7/pkcs7err.c
@@ -1,63 +1,65 @@
-/* lib/pkcs7/pkcs7_err.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* crypto/pkcs7/pkcs7err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
+ */
+
 #include <stdio.h>
-#include "err.h"
-#include "pkcs7.h"
+#include <openssl/err.h>
+#include <openssl/pkcs7.h>
 
 /* BEGIN ERROR CODES */
 #ifndef NO_ERR
@@ -68,38 +70,47 @@ static ERR_STRING_DATA PKCS7_str_functs[]=
 {ERR_PACK(0,PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,0),	"PKCS7_add_recipient_info"},
 {ERR_PACK(0,PKCS7_F_PKCS7_ADD_SIGNER,0),	"PKCS7_add_signer"},
 {ERR_PACK(0,PKCS7_F_PKCS7_CTRL,0),	"PKCS7_ctrl"},
+{ERR_PACK(0,PKCS7_F_PKCS7_DATADECODE,0),	"PKCS7_dataDecode"},
 {ERR_PACK(0,PKCS7_F_PKCS7_DATAINIT,0),	"PKCS7_dataInit"},
-{ERR_PACK(0,PKCS7_F_PKCS7_DATASIGN,0),	"PKCS7_dataSign"},
+{ERR_PACK(0,PKCS7_F_PKCS7_DATASIGN,0),	"PKCS7_DATASIGN"},
 {ERR_PACK(0,PKCS7_F_PKCS7_DATAVERIFY,0),	"PKCS7_dataVerify"},
 {ERR_PACK(0,PKCS7_F_PKCS7_SET_CIPHER,0),	"PKCS7_set_cipher"},
 {ERR_PACK(0,PKCS7_F_PKCS7_SET_CONTENT,0),	"PKCS7_set_content"},
 {ERR_PACK(0,PKCS7_F_PKCS7_SET_TYPE,0),	"PKCS7_set_type"},
-{0,NULL},
+{ERR_PACK(0,PKCS7_F_PKCS7_SIGNATUREVERIFY,0),	"PKCS7_signatureVerify"},
+{0,NULL}
 	};
 
 static ERR_STRING_DATA PKCS7_str_reasons[]=
 	{
+{PKCS7_R_CIPHER_NOT_INITIALIZED          ,"cipher not initialized"},
+{PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH   ,"decrypted key is wrong length"},
+{PKCS7_R_DIGEST_FAILURE                  ,"digest failure"},
 {PKCS7_R_INTERNAL_ERROR                  ,"internal error"},
+{PKCS7_R_MISSING_CERIPEND_INFO           ,"missing ceripend info"},
+{PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE,"no recipient matches certificate"},
 {PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE,"operation not supported on this type"},
 {PKCS7_R_SIGNATURE_FAILURE               ,"signature failure"},
 {PKCS7_R_UNABLE_TO_FIND_CERTIFICATE      ,"unable to find certificate"},
 {PKCS7_R_UNABLE_TO_FIND_MEM_BIO          ,"unable to find mem bio"},
 {PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST   ,"unable to find message digest"},
 {PKCS7_R_UNKNOWN_DIGEST_TYPE             ,"unknown digest type"},
+{PKCS7_R_UNKNOWN_OPERATION               ,"unknown operation"},
 {PKCS7_R_UNSUPPORTED_CIPHER_TYPE         ,"unsupported cipher type"},
 {PKCS7_R_UNSUPPORTED_CONTENT_TYPE        ,"unsupported content type"},
 {PKCS7_R_WRONG_CONTENT_TYPE              ,"wrong content type"},
-{0,NULL},
+{PKCS7_R_WRONG_PKCS7_TYPE                ,"wrong pkcs7 type"},
+{0,NULL}
 	};
 
 #endif
 
-void ERR_load_PKCS7_strings()
+void ERR_load_PKCS7_strings(void)
 	{
 	static int init=1;
 
-	if (init);
-		{;
+	if (init)
+		{
 		init=0;
 #ifndef NO_ERR
 		ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_functs);
diff --git a/lib/libssl/src/crypto/pkcs7/sign.c b/lib/libssl/src/crypto/pkcs7/sign.c
index ead1cb65cae..d5f11540064 100644
--- a/lib/libssl/src/crypto/pkcs7/sign.c
+++ b/lib/libssl/src/crypto/pkcs7/sign.c
@@ -56,23 +56,23 @@
  * [including the GNU Public Licence.]
  */
 #include <stdio.h>
-#include "bio.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
 
-main(argc,argv)
+int main(argc,argv)
 int argc;
 char *argv[];
 	{
 	X509 *x509;
 	EVP_PKEY *pkey;
 	PKCS7 *p7;
-	PKCS7 *p7_data;
 	PKCS7_SIGNER_INFO *si;
 	BIO *in;
 	BIO *data,*p7bio;
 	char buf[1024*4];
-	int i,j;
+	int i;
 	int nodetach=0;
 
 	EVP_add_digest(EVP_md2());
@@ -105,7 +105,12 @@ again:
 	p7=PKCS7_new();
 	PKCS7_set_type(p7,NID_pkcs7_signed);
 	 
-	if (PKCS7_add_signature(p7,x509,pkey,EVP_sha1()) == NULL) goto err;
+	si=PKCS7_add_signature(p7,x509,pkey,EVP_sha1());
+	if (si == NULL) goto err;
+
+	/* If you do this then you get signing time automatically added */
+	PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT,
+						OBJ_nid2obj(NID_pkcs7_data));
 
 	/* we may want to add more */
 	PKCS7_add_certificate(p7,x509);
@@ -125,7 +130,7 @@ again:
 		BIO_write(p7bio,buf,i);
 		}
 
-	if (!PKCS7_dataSign(p7,p7bio)) goto err;
+	if (!PKCS7_dataFinal(p7,p7bio)) goto err;
 	BIO_free(p7bio);
 
 	PEM_write_PKCS7(stdout,p7);
diff --git a/lib/libssl/src/crypto/pkcs7/verify.c b/lib/libssl/src/crypto/pkcs7/verify.c
index 0e1c1b26dcb..32d9783e451 100644
--- a/lib/libssl/src/crypto/pkcs7/verify.c
+++ b/lib/libssl/src/crypto/pkcs7/verify.c
@@ -56,41 +56,41 @@
  * [including the GNU Public Licence.]
  */
 #include <stdio.h>
-#include "asn1.h"
-#include "bio.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include "example.h"
 
 int verify_callback(int ok, X509_STORE_CTX *ctx);
 
 BIO *bio_err=NULL;
+BIO *bio_out=NULL;
 
-main(argc,argv)
+int main(argc,argv)
 int argc;
 char *argv[];
 	{
-	X509 *x509,*x;
 	PKCS7 *p7;
-	PKCS7_SIGNED *s;
 	PKCS7_SIGNER_INFO *si;
-	PKCS7_ISSUER_AND_SERIAL *ias;
 	X509_STORE_CTX cert_ctx;
 	X509_STORE *cert_store=NULL;
-	X509_LOOKUP *lookup=NULL;
 	BIO *data,*detached=NULL,*p7bio=NULL;
 	char buf[1024*4];
-	unsigned char *p,*pp;
-	int i,j,printit=0;
-	STACK *sk;
+	char *pp;
+	int i,printit=0;
+	STACK_OF(PKCS7_SIGNER_INFO) *sk;
 
 	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+	bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
 	EVP_add_digest(EVP_md2());
 	EVP_add_digest(EVP_md5());
 	EVP_add_digest(EVP_sha1());
 	EVP_add_digest(EVP_mdc2());
 
 	data=BIO_new(BIO_s_file());
-again:
+
 	pp=NULL;
 	while (argc > 1)
 		{
@@ -131,10 +131,10 @@ again:
 	X509_STORE_load_locations(cert_store,NULL,"../../certs");
 	X509_STORE_set_verify_cb_func(cert_store,verify_callback);
 
-	ERR_clear_errors();
+	ERR_clear_error();
 
 	/* We need to process the data */
-	if (PKCS7_get_detached(p7))
+	if ((PKCS7_get_detached(p7) || detached))
 		{
 		if (detached == NULL)
 			{
@@ -166,12 +166,29 @@ again:
 		}
 
 	/* Ok, first we need to, for each subject entry, see if we can verify */
-	for (i=0; i<sk_num(sk); i++)
+	for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sk); i++)
 		{
-		si=(PKCS7_SIGNER_INFO *)sk_value(sk,i);
+		ASN1_UTCTIME *tm;
+		char *str1,*str2;
+
+		si=sk_PKCS7_SIGNER_INFO_value(sk,i);
 		i=PKCS7_dataVerify(cert_store,&cert_ctx,p7bio,p7,si);
 		if (i <= 0)
 			goto err;
+		printf("signer info\n");
+		if ((tm=get_signed_time(si)) != NULL)
+			{
+			BIO_printf(bio_out,"Signed time:");
+			ASN1_UTCTIME_print(bio_out,tm);
+			ASN1_UTCTIME_free(tm);
+			BIO_printf(bio_out,"\n");
+			}
+		if (get_signed_seq2string(si,&str1,&str2))
+			{
+			BIO_printf(bio_out,"String 1 is %s\n",str1);
+			BIO_printf(bio_out,"String 2 is %s\n",str2);
+			}
+
 		}
 
 	X509_STORE_free(cert_store);
@@ -185,9 +202,7 @@ err:
 	}
 
 /* should be X509 * but we can just have them as char *. */
-int verify_callback(ok, ctx)
-int ok;
-X509_STORE_CTX *ctx;
+int verify_callback(int ok, X509_STORE_CTX *ctx)
 	{
 	char buf[256];
 	X509 *err_cert;
diff --git a/lib/libssl/src/crypto/rand/Makefile.ssl b/lib/libssl/src/crypto/rand/Makefile.ssl
index d04f0a9b43b..76bfdfeae5b 100644
--- a/lib/libssl/src/crypto/rand/Makefile.ssl
+++ b/lib/libssl/src/crypto/rand/Makefile.ssl
@@ -7,9 +7,11 @@ TOP=	../..
 CC=	cc
 INCLUDES=
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -20,8 +22,8 @@ TEST= randtest.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=md_rand.c randfile.c
-LIBOBJ=md_rand.o randfile.o
+LIBSRC=md_rand.c randfile.c rand_lib.c
+LIBOBJ=md_rand.o randfile.o rand_lib.o
 
 SRC= $(LIBSRC)
 
@@ -37,24 +39,23 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -66,15 +67,21 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+md_rand.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+md_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+md_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+md_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+rand_lib.o: ../../include/openssl/rand.h
+randfile.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+randfile.o: ../../include/openssl/opensslconf.h ../../include/openssl/rand.h
diff --git a/lib/libssl/src/crypto/rand/md_rand.c b/lib/libssl/src/crypto/rand/md_rand.c
index f44b36a8b91..6bd1960e1de 100644
--- a/lib/libssl/src/crypto/rand/md_rand.c
+++ b/lib/libssl/src/crypto/rand/md_rand.c
@@ -57,21 +57,25 @@
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
 #include <sys/types.h>
 #include <time.h>
+#include <string.h>
+
+#include "openssl/e_os.h"
+
+#include <openssl/crypto.h>
 
 #if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
-#ifndef NO_MD5
-#define USE_MD5_RAND
-#elif !defined(NO_SHA1)
+#if !defined(NO_SHA) && !defined(NO_SHA1)
 #define USE_SHA1_RAND
-#elif !defined(NO_MDC2)
+#elif !defined(NO_MD5)
+#define USE_MD5_RAND
+#elif !defined(NO_MDC2) && !defined(NO_DES)
 #define USE_MDC2_RAND
 #elif !defined(NO_MD2)
 #define USE_MD2_RAND
 #else
-We need a message digest of some type 
+#error No message digest algorithm available
 #endif
 #endif
 
@@ -82,60 +86,78 @@ We need a message digest of some type
  */
 
 #if defined(USE_MD5_RAND)
-#include "md5.h"
+#include <openssl/md5.h>
 #define MD_DIGEST_LENGTH	MD5_DIGEST_LENGTH
 #define MD_CTX			MD5_CTX
 #define MD_Init(a)		MD5_Init(a)
 #define MD_Update(a,b,c)	MD5_Update(a,b,c)
 #define	MD_Final(a,b)		MD5_Final(a,b)
+#define	MD(a,b,c)		MD5(a,b,c)
 #elif defined(USE_SHA1_RAND)
-#include "sha.h"
+#include <openssl/sha.h>
 #define MD_DIGEST_LENGTH	SHA_DIGEST_LENGTH
 #define MD_CTX			SHA_CTX
 #define MD_Init(a)		SHA1_Init(a)
 #define MD_Update(a,b,c)	SHA1_Update(a,b,c)
 #define	MD_Final(a,b)		SHA1_Final(a,b)
+#define	MD(a,b,c)		SHA1(a,b,c)
 #elif defined(USE_MDC2_RAND)
-#include "mdc2.h"
+#include <openssl/mdc2.h>
 #define MD_DIGEST_LENGTH	MDC2_DIGEST_LENGTH
 #define MD_CTX			MDC2_CTX
 #define MD_Init(a)		MDC2_Init(a)
 #define MD_Update(a,b,c)	MDC2_Update(a,b,c)
 #define	MD_Final(a,b)		MDC2_Final(a,b)
+#define	MD(a,b,c)		MDC2(a,b,c)
 #elif defined(USE_MD2_RAND)
-#include "md2.h"
+#include <openssl/md2.h>
 #define MD_DIGEST_LENGTH	MD2_DIGEST_LENGTH
 #define MD_CTX			MD2_CTX
 #define MD_Init(a)		MD2_Init(a)
 #define MD_Update(a,b,c)	MD2_Update(a,b,c)
 #define	MD_Final(a,b)		MD2_Final(a,b)
+#define	MD(a,b,c)		MD2(a,b,c)
 #endif
 
-#include "rand.h"
+#include <openssl/rand.h>
 
-/*#define NORAND	1 */
-/*#define PREDICT	1 */
+/* #define NORAND	1 */
+/* #define PREDICT	1 */
 
 #define STATE_SIZE	1023
 static int state_num=0,state_index=0;
 static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH];
 static unsigned char md[MD_DIGEST_LENGTH];
-static int md_count=0;
+static long md_count[2]={0,0};
+
+const char *RAND_version="RAND" OPENSSL_VERSION_PTEXT;
+
+static void ssleay_rand_cleanup(void);
+static void ssleay_rand_seed(const void *buf, int num);
+static void ssleay_rand_bytes(unsigned char *buf, int num);
 
-char *RAND_version="RAND part of SSLeay 0.9.0b 29-Jun-1998";
+RAND_METHOD rand_ssleay_meth={
+	ssleay_rand_seed,
+	ssleay_rand_bytes,
+	ssleay_rand_cleanup,
+	}; 
 
-void RAND_cleanup()
+RAND_METHOD *RAND_SSLeay(void)
+	{
+	return(&rand_ssleay_meth);
+	}
+
+static void ssleay_rand_cleanup(void)
 	{
 	memset(state,0,sizeof(state));
 	state_num=0;
 	state_index=0;
 	memset(md,0,MD_DIGEST_LENGTH);
-	md_count=0;
+	md_count[0]=0;
+	md_count[1]=0;
 	}
 
-void RAND_seed(buf,num)
-unsigned char *buf;
-int num;
+static void ssleay_rand_seed(const void *buf, int num)
 	{
 	int i,j,k,st_idx,st_num;
 	MD_CTX m;
@@ -178,9 +200,11 @@ int num;
 			MD_Update(&m,&(state[st_idx]),j);
 			
 		MD_Update(&m,buf,j);
+		MD_Update(&m,(unsigned char *)&(md_count[0]),sizeof(md_count));
 		MD_Final(md,&m);
+		md_count[1]++;
 
-		buf+=j;
+		buf=(const char *)buf + j;
 
 		for (k=0; k<j; k++)
 			{
@@ -195,9 +219,7 @@ int num;
 	memset((char *)&m,0,sizeof(m));
 	}
 
-void RAND_bytes(buf,num)
-unsigned char *buf;
-int num;
+static void ssleay_rand_bytes(unsigned char *buf, int num)
 	{
 	int i,j,k,st_num,st_idx;
 	MD_CTX m;
@@ -221,19 +243,18 @@ int num;
 
 	if (init)
 		{
-		init=0;
 		CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
 		/* put in some default random data, we need more than
 		 * just this */
-		RAND_seed((unsigned char *)&m,sizeof(m));
+		RAND_seed(&m,sizeof(m));
 #ifndef MSDOS
 		l=getpid();
-		RAND_seed((unsigned char *)&l,sizeof(l));
+		RAND_seed(&l,sizeof(l));
 		l=getuid();
-		RAND_seed((unsigned char *)&l,sizeof(l));
+		RAND_seed(&l,sizeof(l));
 #endif
 		l=time(NULL);
-		RAND_seed((unsigned char *)&l,sizeof(l));
+		RAND_seed(&l,sizeof(l));
 
 /* #ifdef DEVRANDOM */
 		/* 
@@ -261,6 +282,7 @@ int num;
 		memset(md,0,MD_DIGEST_LENGTH);
 #endif
 		CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+		init=0;
 		}
 
 	st_idx=state_index;
@@ -277,6 +299,7 @@ int num;
 		num-=j;
 		MD_Init(&m);
 		MD_Update(&m,&(md[MD_DIGEST_LENGTH/2]),MD_DIGEST_LENGTH/2);
+		MD_Update(&m,(unsigned char *)&(md_count[0]),sizeof(md_count));
 #ifndef PURIFY
 		MD_Update(&m,buf,j); /* purify complains */
 #endif
@@ -300,7 +323,8 @@ int num;
 		}
 
 	MD_Init(&m);
-	MD_Update(&m,(unsigned char *)&md_count,sizeof(md_count)); md_count++;
+	MD_Update(&m,(unsigned char *)&(md_count[0]),sizeof(md_count));
+	md_count[0]++;
 	MD_Update(&m,md,MD_DIGEST_LENGTH);
 	MD_Final(md,&m);
 	memset(&m,0,sizeof(m));
@@ -308,7 +332,7 @@ int num;
 
 #ifdef WINDOWS
 #include <windows.h>
-#include <rand.h>
+#include <openssl/rand.h>
 
 /*****************************************************************************
  * Initialisation function for the SSL random generator.  Takes the contents
@@ -320,13 +344,13 @@ int num;
  * <URL:http://www.microsoft.com/kb/developr/win_dk/q97193.htm>;
  * the original copyright message is:
  *
-//   (C) Copyright Microsoft Corp. 1993.  All rights reserved.
-//
-//   You have a royalty-free right to use, modify, reproduce and
-//   distribute the Sample Files (and/or any modified version) in
-//   any way you find useful, provided that you agree that
-//   Microsoft has no warranty obligations or liability for any
-//   Sample Application Files which are modified.
+ *   (C) Copyright Microsoft Corp. 1993.  All rights reserved.
+ *
+ *   You have a royalty-free right to use, modify, reproduce and
+ *   distribute the Sample Files (and/or any modified version) in
+ *   any way you find useful, provided that you agree that
+ *   Microsoft has no warranty obligations or liability for any
+ *   Sample Application Files which are modified.
  */
 /*
  * I have modified the loading of bytes via RAND_seed() mechanism since
@@ -385,7 +409,7 @@ void RAND_screen(void)
 	GetBitmapBits(hBitmap, size, bmbits);
 
 	/* Get the MD5 of the bitmap */
-	MD5(bmbits,size,md);
+	MD(bmbits,size,md);
 
 	/* Seed the random generator with the MD5 digest */
 	RAND_seed(md, MD_DIGEST_LENGTH);
diff --git a/lib/libssl/src/crypto/rand/rand.h b/lib/libssl/src/crypto/rand/rand.h
index 477d7a150a5..fd8ee38366f 100644
--- a/lib/libssl/src/crypto/rand/rand.h
+++ b/lib/libssl/src/crypto/rand/rand.h
@@ -63,28 +63,25 @@
 extern "C" {
 #endif
 
-#ifndef NOPROTO
+typedef struct rand_meth_st
+	{
+	void (*seed)(const void *buf, int num);
+	void (*bytes)(unsigned char *buf, int num);
+	void (*cleanup)(void);
+	} RAND_METHOD;
+
+void RAND_set_rand_method(RAND_METHOD *meth);
+RAND_METHOD *RAND_get_rand_method(void );
+RAND_METHOD *RAND_SSLeay(void);
 void RAND_cleanup(void );
-void RAND_bytes( unsigned char *buf,int num);
-void RAND_seed( unsigned char *buf,int num);
-int  RAND_load_file(char *file,long max_bytes);
-int  RAND_write_file(char *file);
+void RAND_bytes(unsigned char *buf,int num);
+void RAND_seed(const void *buf,int num);
+int  RAND_load_file(const char *file,long max_bytes);
+int  RAND_write_file(const char *file);
 char *RAND_file_name(char *file,int num);
 #ifdef WINDOWS
 void RAND_screen(void);
 #endif
-#else
-void RAND_cleanup();
-void RAND_bytes();
-void RAND_seed();
-int  RAND_load_file();
-int  RAND_write_file();
-char *RAND_file_name();
-#ifdef WINDOWS
-void RAND_screen();
-#endif
-#endif
-
 #ifdef  __cplusplus
 }
 #endif
diff --git a/lib/libssl/src/crypto/cryptall.h b/lib/libssl/src/crypto/rand/rand_lib.c
index 65a46452a81..34c6d5b9681 100644
--- a/lib/libssl/src/crypto/cryptall.h
+++ b/lib/libssl/src/crypto/rand/rand_lib.c
@@ -1,4 +1,4 @@
-/* crypto/cryptall.h */
+/* crypto/rand/rand_lib.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,55 +56,43 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef HEADER_CRYPTOALL_H
-#define HEADER_CRYPTOALL_H
+#include <stdio.h>
+#include <sys/types.h>
+#include <time.h>
+#include <openssl/rand.h>
 
-#include "buffer.h"
-#include "stack.h"
-#include "lhash.h"
-
-#include "err.h"
-
-#ifdef NO_MD2
-#include <md2.h>
-#else
-#include "md2.h"
-#endif
-#ifdef NO_MD5
-#include <md5.h>
+#ifdef NO_RAND
+static RAND_METHOD *rand_meth=NULL;
 #else
-#include "md5.h"
+extern RAND_METHOD rand_ssleay_meth;
+static RAND_METHOD *rand_meth= &rand_ssleay_meth;
 #endif
-#include "sha.h"
 
-#ifdef NO_DES
-#include <des.h>
-#else
-#include "des.h"
-#endif
-#include "rc2.h"
-#include "rc4.h"
-#include "idea.h"
+void RAND_set_rand_method(RAND_METHOD *meth)
+	{
+	rand_meth=meth;
+	}
 
-#include "bn.h"
-#include "dh.h"
-#include "rsa.h"
-#include "dsa.h"
+RAND_METHOD *RAND_get_rand_method(void)
+	{
+	return(rand_meth);
+	}
 
-#include "rand.h"
-#include "conf.h"
-#include "txt_db.h"
+void RAND_cleanup(void)
+	{
+	if (rand_meth != NULL)
+		rand_meth->cleanup();
+	}
 
-#include "err.h"
-#include "evp.h"
+void RAND_seed(const void *buf, int num)
+	{
+	if (rand_meth != NULL)
+		rand_meth->seed(buf,num);
+	}
 
-#include "meth.h"
-#include "x509.h"
-#include "pkcs7.h"
-#include "pem.h"
-#include "asn1.h"
-#include "objects.h"
+void RAND_bytes(unsigned char *buf, int num)
+	{
+	if (rand_meth != NULL)
+		rand_meth->bytes(buf,num);
+	}
 
-#include "crypto.h"
-
-#endif
diff --git a/lib/libssl/src/crypto/rand/randfile.c b/lib/libssl/src/crypto/rand/randfile.c
index f2b37463630..6829d4ec370 100644
--- a/lib/libssl/src/crypto/rand/randfile.c
+++ b/lib/libssl/src/crypto/rand/randfile.c
@@ -56,11 +56,17 @@
  * [including the GNU Public Licence.]
  */
 
+#include <errno.h>
 #include <stdio.h>
-#include "cryptlib.h"
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/types.h>
-#include "rand.h"
+
+#include "openssl/e_os.h"
+
+#include <openssl/rand.h>
 
 #undef BUFSIZE
 #define BUFSIZE	1024
@@ -68,9 +74,7 @@
 
 /* #define RFILE ".rand" - defined in ../../e_os.h */
 
-int RAND_load_file(file,bytes)
-char *file;
-long bytes;
+int RAND_load_file(const char *file, long bytes)
 	{
 	MS_STATIC unsigned char buf[BUFSIZE];
 	struct stat sb;
@@ -81,12 +85,12 @@ long bytes;
 
 	i=stat(file,&sb);
 	/* If the state fails, put some crap in anyway */
-	RAND_seed((unsigned char *)&sb,sizeof(sb));
+	RAND_seed(&sb,sizeof(sb));
 	ret+=sizeof(sb);
 	if (i < 0) return(0);
 	if (bytes <= 0) return(ret);
 
-	in=fopen(file,"r");
+	in=fopen(file,"rb");
 	if (in == NULL) goto err;
 	for (;;)
 		{
@@ -105,15 +109,24 @@ err:
 	return(ret);
 	}
 
-int RAND_write_file(file)
-char *file;
+int RAND_write_file(const char *file)
 	{
 	unsigned char buf[BUFSIZE];
 	int i,ret=0;
 	FILE *out;
 	int n;
 
-	out=fopen(file,"w");
+	/* Under VMS, fopen(file, "wb") will craete a new version of the
+	   same file.  This is not good, so let's try updating an existing
+	   one, and create file only if it doesn't already exist.  This
+	   should be completely harmless on system that have no file
+	   versions.					-- Richard Levitte */
+	out=fopen(file,"rb+");
+	if (out == NULL && errno == ENOENT)
+		{
+		errno = 0;
+		out=fopen(file,"wb");
+		}
 	if (out == NULL) goto err;
 	chmod(file,0600);
 	n=RAND_DATA;
@@ -137,9 +150,7 @@ err:
 	return(ret);
 	}
 
-char *RAND_file_name(buf,size)
-char *buf;
-int size;
+char *RAND_file_name(char *buf, int size)
 	{
 	char *s;
 	char *ret=NULL;
@@ -158,7 +169,9 @@ int size;
 		if (((int)(strlen(s)+strlen(RFILE)+2)) > size)
 			return(RFILE);
 		strcpy(buf,s);
+#ifndef VMS
 		strcat(buf,"/");
+#endif
 		strcat(buf,RFILE);
 		ret=buf;
 		}
diff --git a/lib/libssl/src/crypto/rand/randtest.c b/lib/libssl/src/crypto/rand/randtest.c
index e0ba61e123d..f0706d779a2 100644
--- a/lib/libssl/src/crypto/rand/randtest.c
+++ b/lib/libssl/src/crypto/rand/randtest.c
@@ -58,7 +58,7 @@
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "rand.h"
+#include <openssl/rand.h>
 
 /* some FIPS 140-1 random number test */
 /* some simple tests */
@@ -117,7 +117,7 @@ int main()
 	/* test 1 */
 	if (!((9654 < n1) && (n1 < 10346)))
 		{
-		printf("test 1 failed, X=%ld\n",n1);
+		printf("test 1 failed, X=%lu\n",n1);
 		err++;
 		}
 	printf("test 1 done\n");
@@ -150,37 +150,37 @@ int main()
 		{
 		if (!((2267 < runs[i][0]) && (runs[i][0] < 2733)))
 			{
-			printf("test 3 failed, bit=%d run=%d num=%ld\n",
+			printf("test 3 failed, bit=%d run=%d num=%lu\n",
 				i,1,runs[i][0]);
 			err++;
 			}
 		if (!((1079 < runs[i][1]) && (runs[i][1] < 1421)))
 			{
-			printf("test 3 failed, bit=%d run=%d num=%ld\n",
+			printf("test 3 failed, bit=%d run=%d num=%lu\n",
 				i,2,runs[i][1]);
 			err++;
 			}
 		if (!(( 502 < runs[i][2]) && (runs[i][2] <  748)))
 			{
-			printf("test 3 failed, bit=%d run=%d num=%ld\n",
+			printf("test 3 failed, bit=%d run=%d num=%lu\n",
 				i,3,runs[i][2]);
 			err++;
 			}
 		if (!(( 223 < runs[i][3]) && (runs[i][3] <  402)))
 			{
-			printf("test 3 failed, bit=%d run=%d num=%ld\n",
+			printf("test 3 failed, bit=%d run=%d num=%lu\n",
 				i,4,runs[i][3]);
 			err++;
 			}
 		if (!((  90 < runs[i][4]) && (runs[i][4] <  223)))
 			{
-			printf("test 3 failed, bit=%d run=%d num=%ld\n",
+			printf("test 3 failed, bit=%d run=%d num=%lu\n",
 				i,5,runs[i][4]);
 			err++;
 			}
 		if (!((  90 < runs[i][5]) && (runs[i][5] <  223)))
 			{
-			printf("test 3 failed, bit=%d run=%d num=%ld\n",
+			printf("test 3 failed, bit=%d run=%d num=%lu\n",
 				i,6,runs[i][5]);
 			err++;
 			}
@@ -190,13 +190,13 @@ int main()
 	/* test 4 */
 	if (runs[0][33] != 0)
 		{
-		printf("test 4 failed, bit=%d run=%d num=%ld\n",
+		printf("test 4 failed, bit=%d run=%d num=%lu\n",
 			0,34,runs[0][33]);
 		err++;
 		}
 	if (runs[1][33] != 0)
 		{
-		printf("test 4 failed, bit=%d run=%d num=%ld\n",
+		printf("test 4 failed, bit=%d run=%d num=%lu\n",
 			1,34,runs[1][33]);
 		err++;
 		}
diff --git a/lib/libssl/src/crypto/ranlib.sh b/lib/libssl/src/crypto/ranlib.sh
deleted file mode 100644
index 543f712c6ba..00000000000
--- a/lib/libssl/src/crypto/ranlib.sh
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/bin/sh
-
-cwd=`pwd`
-cd /tmp
-
-if [ -s /bin/ranlib ] ; then 
-	RL=/bin/ranlib
-else if [ -s /usr/bin/ranlib ] ; then
-	RL=/usr/bin/ranlib
-fi
-fi
-
-if [ "x$RL" != "x" ]
-then
-	case "$1" in
-		/*)  
-		$RL "$1"
-		;;
-		*)
-		$RL "$cwd/$1"
-		;;
-	esac
-fi
diff --git a/lib/libssl/src/crypto/rc2/Makefile.ssl b/lib/libssl/src/crypto/rc2/Makefile.ssl
index c5138f13e29..542397d69aa 100644
--- a/lib/libssl/src/crypto/rc2/Makefile.ssl
+++ b/lib/libssl/src/crypto/rc2/Makefile.ssl
@@ -7,9 +7,11 @@ TOP=	../..
 CC=	cc
 INCLUDES=
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -37,24 +39,23 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -66,15 +67,24 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+rc2_cbc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+rc2_cbc.o: rc2_locl.h
+rc2_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rc2_ecb.o: ../../include/openssl/rc2.h rc2_locl.h
+rc2_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+rc2_skey.o: rc2_locl.h
+rc2cfb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+rc2cfb64.o: rc2_locl.h
+rc2ofb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+rc2ofb64.o: rc2_locl.h
diff --git a/lib/libssl/src/crypto/rc2/Makefile.uni b/lib/libssl/src/crypto/rc2/Makefile.uni
index e50b3f2d197..4dc20c6fcfd 100644
--- a/lib/libssl/src/crypto/rc2/Makefile.uni
+++ b/lib/libssl/src/crypto/rc2/Makefile.uni
@@ -15,6 +15,7 @@ MAKE=           make
 MAKEDEPEND=     makedepend
 MAKEFILE=       Makefile.uni
 AR=             ar r
+RANLIB=         ranlib
 
 IDEA_ENC=rc2_cbc.o
 
@@ -39,7 +40,7 @@ all:    $(LIB) $(TEST) $(APPS)
 
 $(LIB):    $(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 
 test:	$(TEST)
 	./$(TEST)
diff --git a/lib/libssl/src/crypto/rc2/rc2.org b/lib/libssl/src/crypto/rc2/rc2.h
index 37354cfa620..9571efb7559 100644
--- a/lib/libssl/src/crypto/rc2/rc2.org
+++ b/lib/libssl/src/crypto/rc2/rc2.h
@@ -1,4 +1,4 @@
-/* crypto/rc2/rc2.org */
+/* crypto/rc2/rc2.h */
 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,14 +56,6 @@
  * [including the GNU Public Licence.]
  */
 
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 
- *
- * Always modify rc2.org since rc2.h is automatically generated from
- * it during SSLeay configuration.
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
 #ifndef HEADER_RC2_H
 #define HEADER_RC2_H
 
@@ -71,12 +63,14 @@
 extern "C" {
 #endif
 
+#ifdef NO_RC2
+#error RC2 is disabled.
+#endif
+
 #define RC2_ENCRYPT	1
 #define RC2_DECRYPT	0
 
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned short
-
+#include <openssl/opensslconf.h> /* RC2_INT */
 #define RC2_BLOCK	8
 #define RC2_KEY_LENGTH	16
 
@@ -85,7 +79,6 @@ typedef struct rc2_key_st
 	RC2_INT data[64];
 	} RC2_KEY;
 
-#ifndef NOPROTO
  
 void RC2_set_key(RC2_KEY *key, int len, unsigned char *data,int bits);
 void RC2_ecb_encrypt(unsigned char *in,unsigned char *out,RC2_KEY *key,
@@ -99,18 +92,6 @@ void RC2_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
 void RC2_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
 	RC2_KEY *schedule, unsigned char *ivec, int *num);
 
-#else
-
-void RC2_set_key();
-void RC2_ecb_encrypt();
-void RC2_encrypt();
-void RC2_decrypt();
-void RC2_cbc_encrypt();
-void RC2_cfb64_encrypt();
-void RC2_ofb64_encrypt();
-
-#endif
-
 #ifdef  __cplusplus
 }
 #endif
diff --git a/lib/libssl/src/crypto/rc2/rc2_cbc.c b/lib/libssl/src/crypto/rc2/rc2_cbc.c
index 22e89f04418..1202184e85e 100644
--- a/lib/libssl/src/crypto/rc2/rc2_cbc.c
+++ b/lib/libssl/src/crypto/rc2/rc2_cbc.c
@@ -56,16 +56,11 @@
  * [including the GNU Public Licence.]
  */
 
-#include "rc2.h"
+#include <openssl/rc2.h>
 #include "rc2_locl.h"
 
-void RC2_cbc_encrypt(in, out, length, ks, iv, encrypt)
-unsigned char *in;
-unsigned char *out;
-long length;
-RC2_KEY *ks;
-unsigned char *iv;
-int encrypt;
+void RC2_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
+	     RC2_KEY *ks, unsigned char *iv, int encrypt)
 	{
 	register unsigned long tin0,tin1;
 	register unsigned long tout0,tout1,xor0,xor1;
@@ -138,9 +133,7 @@ int encrypt;
 	tin[0]=tin[1]=0;
 	}
 
-void RC2_encrypt(d,key)
-unsigned long *d;
-RC2_KEY *key;
+void RC2_encrypt(unsigned long *d, RC2_KEY *key)
 	{
 	int i,n;
 	register RC2_INT *p0,*p1;
@@ -185,9 +178,7 @@ RC2_KEY *key;
 	d[1]=(unsigned long)(x2&0xffff)|((unsigned long)(x3&0xffff)<<16L);
 	}
 
-void RC2_decrypt(d,key)
-unsigned long *d;
-RC2_KEY *key;
+void RC2_decrypt(unsigned long *d, RC2_KEY *key)
 	{
 	int i,n;
 	register RC2_INT *p0,*p1;
diff --git a/lib/libssl/src/crypto/rc2/rc2_ecb.c b/lib/libssl/src/crypto/rc2/rc2_ecb.c
index 96239cd4e03..7d77b9186ca 100644
--- a/lib/libssl/src/crypto/rc2/rc2_ecb.c
+++ b/lib/libssl/src/crypto/rc2/rc2_ecb.c
@@ -56,10 +56,11 @@
  * [including the GNU Public Licence.]
  */
 
-#include "rc2.h"
+#include <openssl/rc2.h>
 #include "rc2_locl.h"
+#include <openssl/opensslv.h>
 
-char *RC2_version="RC2 part of SSLeay 0.9.0b 29-Jun-1998";
+const char *RC2_version="RC2" OPENSSL_VERSION_PTEXT;
 
 /* RC2 as implemented frm a posting from
  * Newsgroups: sci.crypt
@@ -69,11 +70,8 @@ char *RC2_version="RC2 part of SSLeay 0.9.0b 29-Jun-1998";
  * Date: 11 Feb 1996 06:45:03 GMT
  */
 
-void RC2_ecb_encrypt(in, out, ks, encrypt)
-unsigned char *in;
-unsigned char *out;
-RC2_KEY *ks;
-int encrypt;
+void RC2_ecb_encrypt(unsigned char *in, unsigned char *out, RC2_KEY *ks,
+	     int encrypt)
 	{
 	unsigned long l,d[2];
 
diff --git a/lib/libssl/src/crypto/rc2/rc2_skey.c b/lib/libssl/src/crypto/rc2/rc2_skey.c
index 0f1f2533959..7143c4e591a 100644
--- a/lib/libssl/src/crypto/rc2/rc2_skey.c
+++ b/lib/libssl/src/crypto/rc2/rc2_skey.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-#include "rc2.h"
+#include <openssl/rc2.h>
 #include "rc2_locl.h"
 
 static unsigned char key_table[256]={
@@ -90,11 +90,7 @@ static unsigned char key_table[256]={
  * BSAFE uses the 'retarded' version.  What I previously shipped is
  * the same as specifying 1024 for the 'bits' parameter.  Bsafe uses
  * a version where the bits parameter is the same as len*8 */
-void RC2_set_key(key,len,data,bits)
-RC2_KEY *key;
-int len;
-unsigned char *data;
-int bits;
+void RC2_set_key(RC2_KEY *key, int len, unsigned char *data, int bits)
 	{
 	int i,j;
 	unsigned char *k;
diff --git a/lib/libssl/src/crypto/rc2/rc2cfb64.c b/lib/libssl/src/crypto/rc2/rc2cfb64.c
index d409fb77e90..5e3fa07d907 100644
--- a/lib/libssl/src/crypto/rc2/rc2cfb64.c
+++ b/lib/libssl/src/crypto/rc2/rc2cfb64.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-#include "rc2.h"
+#include <openssl/rc2.h>
 #include "rc2_locl.h"
 
 /* The input and output encrypted as though 64bit cfb mode is being
@@ -64,14 +64,8 @@
  * 64bit block we have used is contained in *num;
  */
 
-void RC2_cfb64_encrypt(in, out, length, schedule, ivec, num, encrypt)
-unsigned char *in;
-unsigned char *out;
-long length;
-RC2_KEY *schedule;
-unsigned char *ivec;
-int *num;
-int encrypt;
+void RC2_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
+	     RC2_KEY *schedule, unsigned char *ivec, int *num, int encrypt)
 	{
 	register unsigned long v0,v1,t;
 	register int n= *num;
diff --git a/lib/libssl/src/crypto/rc2/rc2ofb64.c b/lib/libssl/src/crypto/rc2/rc2ofb64.c
index 4f091674475..42cdd40cdd9 100644
--- a/lib/libssl/src/crypto/rc2/rc2ofb64.c
+++ b/lib/libssl/src/crypto/rc2/rc2ofb64.c
@@ -56,20 +56,15 @@
  * [including the GNU Public Licence.]
  */
 
-#include "rc2.h"
+#include <openssl/rc2.h>
 #include "rc2_locl.h"
 
 /* The input and output encrypted as though 64bit ofb mode is being
  * used.  The extra state information to record how much of the
  * 64bit block we have used is contained in *num;
  */
-void RC2_ofb64_encrypt(in, out, length, schedule, ivec, num)
-unsigned char *in;
-unsigned char *out;
-long length;
-RC2_KEY *schedule;
-unsigned char *ivec;
-int *num;
+void RC2_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
+	     RC2_KEY *schedule, unsigned char *ivec, int *num)
 	{
 	register unsigned long v0,v1,t;
 	register int n= *num;
diff --git a/lib/libssl/src/crypto/rc2/rc2speed.c b/lib/libssl/src/crypto/rc2/rc2speed.c
index 6cd8ea8f27c..c3da63e77eb 100644
--- a/lib/libssl/src/crypto/rc2/rc2speed.c
+++ b/lib/libssl/src/crypto/rc2/rc2speed.c
@@ -59,19 +59,17 @@
 /* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
 /* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
 
-#ifndef MSDOS
+#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
 #define TIMES
 #endif
 
 #include <stdio.h>
-#ifndef MSDOS
-#include <unistd.h>
-#else
-#include <io.h>
-extern int exit();
-#endif
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+
 #include <signal.h>
-#ifndef VMS
 #ifndef _IRIX
 #include <time.h>
 #endif
@@ -79,48 +77,40 @@ extern int exit();
 #include <sys/types.h>
 #include <sys/times.h>
 #endif
-#else /* VMS */
-#include <types.h>
-struct tms {
-	time_t tms_utime;
-	time_t tms_stime;
-	time_t tms_uchild;	/* I dunno...  */
-	time_t tms_uchildsys;	/* so these names are a guess :-) */
-	}
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#undef TIMES
 #endif
+
 #ifndef TIMES
 #include <sys/timeb.h>
 #endif
 
-#ifdef sun
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
 #include <limits.h>
 #include <sys/param.h>
 #endif
 
-#include "rc2.h"
+#include <openssl/rc2.h>
 
 /* The following if from times(3) man page.  It may need to be changed */
 #ifndef HZ
 #ifndef CLK_TCK
-#ifndef VMS
-#define HZ	100.0
-#else /* VMS */
 #define HZ	100.0
 #endif
 #else /* CLK_TCK */
 #define HZ ((double)CLK_TCK)
 #endif
-#endif
 
 #define BUFSIZE	((long)1024)
 long run=0;
 
-#ifndef NOPROTO
 double Time_F(int s);
-#else
-double Time_F();
-#endif
-
 #ifdef SIGALRM
 #if defined(__STDC__) || defined(sgi) || defined(_AIX)
 #define SIGRETTYPE void
@@ -128,14 +118,8 @@ double Time_F();
 #define SIGRETTYPE int
 #endif
 
-#ifndef NOPROTO
 SIGRETTYPE sig_done(int sig);
-#else
-SIGRETTYPE sig_done();
-#endif
-
-SIGRETTYPE sig_done(sig)
-int sig;
+SIGRETTYPE sig_done(int sig)
 	{
 	signal(SIGALRM,sig_done);
 	run=0;
@@ -148,8 +132,7 @@ int sig;
 #define START	0
 #define STOP	1
 
-double Time_F(s)
-int s;
+double Time_F(int s)
 	{
 	double ret;
 #ifdef TIMES
@@ -185,9 +168,7 @@ int s;
 #endif
 	}
 
-int main(argc,argv)
-int argc;
-char **argv;
+int main(int argc, char **argv)
 	{
 	long count;
 	static unsigned char buf[BUFSIZE];
diff --git a/lib/libssl/src/crypto/rc2/rc2test.c b/lib/libssl/src/crypto/rc2/rc2test.c
index 9d0f8016ec4..6a5defa6ea8 100644
--- a/lib/libssl/src/crypto/rc2/rc2test.c
+++ b/lib/libssl/src/crypto/rc2/rc2test.c
@@ -62,7 +62,15 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#include "rc2.h"
+
+#ifdef NO_RC2
+int main(int argc, char *argv[])
+{
+    printf("No RC2 support\n");
+    return(0);
+}
+#else
+#include <openssl/rc2.h>
 
 unsigned char RC2key[4][16]={
 	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
@@ -125,19 +133,11 @@ static unsigned char cfb_cipher64[CFB_TEST_SIZE]={
 	}; 
 
 
-#ifndef NOPROTO
 /*static int cfb64_test(unsigned char *cfb_cipher);*/
 static char *pt(unsigned char *p);
-#else
-/*static int cfb64_test(); */
-static char *pt();
 #endif
 
-#endif
-
-int main(argc,argv)
-int argc;
-char *argv[];
+int main(int argc, char *argv[])
 	{
 	int i,n,err=0;
 	RC2_KEY key; 
@@ -208,8 +208,7 @@ char *argv[];
 	}
 
 #ifdef undef
-static int cfb64_test(cfb_cipher)
-unsigned char *cfb_cipher;
+static int cfb64_test(unsigned char *cfb_cipher)
         {
         IDEA_KEY_SCHEDULE eks,dks;
         int err=0,i,n;
@@ -247,8 +246,7 @@ unsigned char *cfb_cipher;
         return(err);
         }
 
-static char *pt(p)
-unsigned char *p;
+static char *pt(unsigned char *p)
 	{
 	static char bufs[10][20];
 	static int bnum=0;
@@ -268,3 +266,4 @@ unsigned char *p;
 	}
 	
 #endif
+#endif
diff --git a/lib/libssl/src/crypto/rc2/tab.c b/lib/libssl/src/crypto/rc2/tab.c
new file mode 100644
index 00000000000..25dc14eeba1
--- /dev/null
+++ b/lib/libssl/src/crypto/rc2/tab.c
@@ -0,0 +1,86 @@
+#include <stdio.h>
+
+unsigned char ebits_to_num[256]={
+	0xbd,0x56,0xea,0xf2,0xa2,0xf1,0xac,0x2a,
+	0xb0,0x93,0xd1,0x9c,0x1b,0x33,0xfd,0xd0,
+	0x30,0x04,0xb6,0xdc,0x7d,0xdf,0x32,0x4b,
+	0xf7,0xcb,0x45,0x9b,0x31,0xbb,0x21,0x5a,
+	0x41,0x9f,0xe1,0xd9,0x4a,0x4d,0x9e,0xda,
+	0xa0,0x68,0x2c,0xc3,0x27,0x5f,0x80,0x36,
+	0x3e,0xee,0xfb,0x95,0x1a,0xfe,0xce,0xa8,
+	0x34,0xa9,0x13,0xf0,0xa6,0x3f,0xd8,0x0c,
+	0x78,0x24,0xaf,0x23,0x52,0xc1,0x67,0x17,
+	0xf5,0x66,0x90,0xe7,0xe8,0x07,0xb8,0x60,
+	0x48,0xe6,0x1e,0x53,0xf3,0x92,0xa4,0x72,
+	0x8c,0x08,0x15,0x6e,0x86,0x00,0x84,0xfa,
+	0xf4,0x7f,0x8a,0x42,0x19,0xf6,0xdb,0xcd,
+	0x14,0x8d,0x50,0x12,0xba,0x3c,0x06,0x4e,
+	0xec,0xb3,0x35,0x11,0xa1,0x88,0x8e,0x2b,
+	0x94,0x99,0xb7,0x71,0x74,0xd3,0xe4,0xbf,
+	0x3a,0xde,0x96,0x0e,0xbc,0x0a,0xed,0x77,
+	0xfc,0x37,0x6b,0x03,0x79,0x89,0x62,0xc6,
+	0xd7,0xc0,0xd2,0x7c,0x6a,0x8b,0x22,0xa3,
+	0x5b,0x05,0x5d,0x02,0x75,0xd5,0x61,0xe3,
+	0x18,0x8f,0x55,0x51,0xad,0x1f,0x0b,0x5e,
+	0x85,0xe5,0xc2,0x57,0x63,0xca,0x3d,0x6c,
+	0xb4,0xc5,0xcc,0x70,0xb2,0x91,0x59,0x0d,
+	0x47,0x20,0xc8,0x4f,0x58,0xe0,0x01,0xe2,
+	0x16,0x38,0xc4,0x6f,0x3b,0x0f,0x65,0x46,
+	0xbe,0x7e,0x2d,0x7b,0x82,0xf9,0x40,0xb5,
+	0x1d,0x73,0xf8,0xeb,0x26,0xc7,0x87,0x97,
+	0x25,0x54,0xb1,0x28,0xaa,0x98,0x9d,0xa5,
+	0x64,0x6d,0x7a,0xd4,0x10,0x81,0x44,0xef,
+	0x49,0xd6,0xae,0x2e,0xdd,0x76,0x5c,0x2f,
+	0xa7,0x1c,0xc9,0x09,0x69,0x9a,0x83,0xcf,
+	0x29,0x39,0xb9,0xe9,0x4c,0xff,0x43,0xab,
+	};
+
+unsigned char num_to_ebits[256]={
+	0x5d,0xbe,0x9b,0x8b,0x11,0x99,0x6e,0x4d,
+	0x59,0xf3,0x85,0xa6,0x3f,0xb7,0x83,0xc5,
+	0xe4,0x73,0x6b,0x3a,0x68,0x5a,0xc0,0x47,
+	0xa0,0x64,0x34,0x0c,0xf1,0xd0,0x52,0xa5,
+	0xb9,0x1e,0x96,0x43,0x41,0xd8,0xd4,0x2c,
+	0xdb,0xf8,0x07,0x77,0x2a,0xca,0xeb,0xef,
+	0x10,0x1c,0x16,0x0d,0x38,0x72,0x2f,0x89,
+	0xc1,0xf9,0x80,0xc4,0x6d,0xae,0x30,0x3d,
+	0xce,0x20,0x63,0xfe,0xe6,0x1a,0xc7,0xb8,
+	0x50,0xe8,0x24,0x17,0xfc,0x25,0x6f,0xbb,
+	0x6a,0xa3,0x44,0x53,0xd9,0xa2,0x01,0xab,
+	0xbc,0xb6,0x1f,0x98,0xee,0x9a,0xa7,0x2d,
+	0x4f,0x9e,0x8e,0xac,0xe0,0xc6,0x49,0x46,
+	0x29,0xf4,0x94,0x8a,0xaf,0xe1,0x5b,0xc3,
+	0xb3,0x7b,0x57,0xd1,0x7c,0x9c,0xed,0x87,
+	0x40,0x8c,0xe2,0xcb,0x93,0x14,0xc9,0x61,
+	0x2e,0xe5,0xcc,0xf6,0x5e,0xa8,0x5c,0xd6,
+	0x75,0x8d,0x62,0x95,0x58,0x69,0x76,0xa1,
+	0x4a,0xb5,0x55,0x09,0x78,0x33,0x82,0xd7,
+	0xdd,0x79,0xf5,0x1b,0x0b,0xde,0x26,0x21,
+	0x28,0x74,0x04,0x97,0x56,0xdf,0x3c,0xf0,
+	0x37,0x39,0xdc,0xff,0x06,0xa4,0xea,0x42,
+	0x08,0xda,0xb4,0x71,0xb0,0xcf,0x12,0x7a,
+	0x4e,0xfa,0x6c,0x1d,0x84,0x00,0xc8,0x7f,
+	0x91,0x45,0xaa,0x2b,0xc2,0xb1,0x8f,0xd5,
+	0xba,0xf2,0xad,0x19,0xb2,0x67,0x36,0xf7,
+	0x0f,0x0a,0x92,0x7d,0xe3,0x9d,0xe9,0x90,
+	0x3e,0x23,0x27,0x66,0x13,0xec,0x81,0x15,
+	0xbd,0x22,0xbf,0x9f,0x7e,0xa9,0x51,0x4b,
+	0x4c,0xfb,0x02,0xd3,0x70,0x86,0x31,0xe7,
+	0x3b,0x05,0x03,0x54,0x60,0x48,0x65,0x18,
+	0xd2,0xcd,0x5f,0x32,0x88,0x0e,0x35,0xfd,
+	};
+	
+main()
+	{
+	int i,j;
+
+	for (i=0; i<256; i++)
+		{
+		for (j=0; j<256; j++)
+			if (ebits_to_num[j] == i)
+				{
+				printf("0x%02x,",j);
+				break;
+				}
+		}
+	}
diff --git a/lib/libssl/src/crypto/rc4/Makefile.ssl b/lib/libssl/src/crypto/rc4/Makefile.ssl
index 19c1e980f37..64092fd4f1c 100644
--- a/lib/libssl/src/crypto/rc4/Makefile.ssl
+++ b/lib/libssl/src/crypto/rc4/Makefile.ssl
@@ -7,9 +7,11 @@ TOP=	../..
 CC=	cc
 INCLUDES=
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -44,7 +46,7 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 	@touch lib
 
 # elf
@@ -63,26 +65,25 @@ asm/rx86-out.o: asm/rx86unix.cpp
 
 # bsdi
 asm/rx86bsdi.o: asm/rx86unix.cpp
-	$(CPP) -DBSDI asm/rx86unix.cpp | as -o asm/rx86bsdi.o
+	$(CPP) -DBSDI asm/rx86unix.cpp | sed 's/ :/:/' | as -o asm/rx86bsdi.o
 
-asm/rx86unix.cpp:
-	(cd asm; perl rc4-586.pl cpp >rx86unix.cpp)
+asm/rx86unix.cpp: asm/rc4-586.pl
+	(cd asm; $(PERL) rc4-586.pl cpp >rx86unix.cpp)
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -94,15 +95,19 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
-
-errors:
+	rm -f asm/rx86unix.cpp *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+rc4_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc4.h
+rc4_enc.o: rc4_locl.h
+rc4_skey.o: ../../include/openssl/opensslconf.h
+rc4_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/rc4.h
+rc4_skey.o: rc4_locl.h
diff --git a/lib/libssl/src/crypto/rc4/Makefile.uni b/lib/libssl/src/crypto/rc4/Makefile.uni
index 79dc17b8d1e..855d9e50f37 100644
--- a/lib/libssl/src/crypto/rc4/Makefile.uni
+++ b/lib/libssl/src/crypto/rc4/Makefile.uni
@@ -19,6 +19,7 @@ MAKE=           make
 MAKEDEPEND=     makedepend
 MAKEFILE=       Makefile.uni
 AR=             ar r
+RANLIB=         ranlib
 
 RC4_ENC=rc4_enc.o
 # or use
@@ -48,7 +49,7 @@ all:    $(LIB) $(TEST) $(APPS)
 
 $(LIB):    $(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 
 # elf
 asm/rx86-elf.o: asm/rx86unix.cpp
diff --git a/lib/libssl/src/crypto/rc4/asm/rc4-586.pl b/lib/libssl/src/crypto/rc4/asm/rc4-586.pl
index 0dd8eb1ba9a..7ef889e5a13 100644
--- a/lib/libssl/src/crypto/rc4/asm/rc4-586.pl
+++ b/lib/libssl/src/crypto/rc4/asm/rc4-586.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 
 # define for pentium pro friendly version
 
diff --git a/lib/libssl/src/crypto/rc4/asm/rx86unix.cpp b/lib/libssl/src/crypto/rc4/asm/rx86unix.cpp
deleted file mode 100644
index ec1d72a1100..00000000000
--- a/lib/libssl/src/crypto/rc4/asm/rx86unix.cpp
+++ /dev/null
@@ -1,358 +0,0 @@
-/* Run the C pre-processor over this file with one of the following defined
- * ELF - elf object files,
- * OUT - a.out object files,
- * BSDI - BSDI style a.out object files
- * SOL - Solaris style elf
- */
-
-#define TYPE(a,b)       .type   a,b
-#define SIZE(a,b)       .size   a,b
-
-#if defined(OUT) || defined(BSDI)
-#define RC4 _RC4
-
-#endif
-
-#ifdef OUT
-#define OK	1
-#define ALIGN	4
-#endif
-
-#ifdef BSDI
-#define OK              1
-#define ALIGN           4
-#undef SIZE
-#undef TYPE
-#define SIZE(a,b)
-#define TYPE(a,b)
-#endif
-
-#if defined(ELF) || defined(SOL)
-#define OK              1
-#define ALIGN           16
-#endif
-
-#ifndef OK
-You need to define one of
-ELF - elf systems - linux-elf, NetBSD and DG-UX
-OUT - a.out systems - linux-a.out and FreeBSD
-SOL - solaris systems, which are elf with strange comment lines
-BSDI - a.out with a very primative version of as.
-#endif
-
-/* Let the Assembler begin :-) */
-	/* Don't even think of reading this code */
-	/* It was automatically generated by rc4-586.pl */
-	/* Which is a perl program used to generate the x86 assember for */
-	/* any of elf, a.out, BSDI,Win32, or Solaris */
-	/* eric <eay@cryptsoft.com> */
-
-	.file	"rc4-586.s"
-	.version	"01.01"
-gcc2_compiled.:
-.text
-	.align ALIGN
-.globl RC4
-	TYPE(RC4,@function)
-RC4:
-
-	pushl	%ebp
-	pushl	%ebx
-	movl	12(%esp),	%ebp
-	movl	16(%esp),	%ebx
-	pushl	%esi
-	pushl	%edi
-	movl	(%ebp),		%ecx
-	movl	4(%ebp),	%edx
-	movl	28(%esp),	%esi
-	incl	%ecx
-	subl	$12,		%esp
-	addl	$8,		%ebp
-	andl	$255,		%ecx
-	leal	-8(%ebx,%esi,),	%ebx
-	movl	44(%esp),	%edi
-	movl	%ebx,		8(%esp)
-	movl	(%ebp,%ecx,4),	%eax
-	cmpl	%esi,		%ebx
-	jl	.L000end
-.L001start:
-	addl	$8,		%esi
-	/* Round 0 */
-	addl	%eax,		%edx
-	andl	$255,		%edx
-	incl	%ecx
-	movl	(%ebp,%edx,4),	%ebx
-	movl	%ebx,		-4(%ebp,%ecx,4)
-	addl	%eax,		%ebx
-	andl	$255,		%ecx
-	andl	$255,		%ebx
-	movl	%eax,		(%ebp,%edx,4)
-	nop
-	movl	(%ebp,%ebx,4),	%ebx
-	movl	(%ebp,%ecx,4),	%eax
-	movb	%bl,		(%esp)
-	/* Round 1 */
-	addl	%eax,		%edx
-	andl	$255,		%edx
-	incl	%ecx
-	movl	(%ebp,%edx,4),	%ebx
-	movl	%ebx,		-4(%ebp,%ecx,4)
-	addl	%eax,		%ebx
-	andl	$255,		%ecx
-	andl	$255,		%ebx
-	movl	%eax,		(%ebp,%edx,4)
-	nop
-	movl	(%ebp,%ebx,4),	%ebx
-	movl	(%ebp,%ecx,4),	%eax
-	movb	%bl,		1(%esp)
-	/* Round 2 */
-	addl	%eax,		%edx
-	andl	$255,		%edx
-	incl	%ecx
-	movl	(%ebp,%edx,4),	%ebx
-	movl	%ebx,		-4(%ebp,%ecx,4)
-	addl	%eax,		%ebx
-	andl	$255,		%ecx
-	andl	$255,		%ebx
-	movl	%eax,		(%ebp,%edx,4)
-	nop
-	movl	(%ebp,%ebx,4),	%ebx
-	movl	(%ebp,%ecx,4),	%eax
-	movb	%bl,		2(%esp)
-	/* Round 3 */
-	addl	%eax,		%edx
-	andl	$255,		%edx
-	incl	%ecx
-	movl	(%ebp,%edx,4),	%ebx
-	movl	%ebx,		-4(%ebp,%ecx,4)
-	addl	%eax,		%ebx
-	andl	$255,		%ecx
-	andl	$255,		%ebx
-	movl	%eax,		(%ebp,%edx,4)
-	nop
-	movl	(%ebp,%ebx,4),	%ebx
-	movl	(%ebp,%ecx,4),	%eax
-	movb	%bl,		3(%esp)
-	/* Round 4 */
-	addl	%eax,		%edx
-	andl	$255,		%edx
-	incl	%ecx
-	movl	(%ebp,%edx,4),	%ebx
-	movl	%ebx,		-4(%ebp,%ecx,4)
-	addl	%eax,		%ebx
-	andl	$255,		%ecx
-	andl	$255,		%ebx
-	movl	%eax,		(%ebp,%edx,4)
-	nop
-	movl	(%ebp,%ebx,4),	%ebx
-	movl	(%ebp,%ecx,4),	%eax
-	movb	%bl,		4(%esp)
-	/* Round 5 */
-	addl	%eax,		%edx
-	andl	$255,		%edx
-	incl	%ecx
-	movl	(%ebp,%edx,4),	%ebx
-	movl	%ebx,		-4(%ebp,%ecx,4)
-	addl	%eax,		%ebx
-	andl	$255,		%ecx
-	andl	$255,		%ebx
-	movl	%eax,		(%ebp,%edx,4)
-	nop
-	movl	(%ebp,%ebx,4),	%ebx
-	movl	(%ebp,%ecx,4),	%eax
-	movb	%bl,		5(%esp)
-	/* Round 6 */
-	addl	%eax,		%edx
-	andl	$255,		%edx
-	incl	%ecx
-	movl	(%ebp,%edx,4),	%ebx
-	movl	%ebx,		-4(%ebp,%ecx,4)
-	addl	%eax,		%ebx
-	andl	$255,		%ecx
-	andl	$255,		%ebx
-	movl	%eax,		(%ebp,%edx,4)
-	nop
-	movl	(%ebp,%ebx,4),	%ebx
-	movl	(%ebp,%ecx,4),	%eax
-	movb	%bl,		6(%esp)
-	/* Round 7 */
-	addl	%eax,		%edx
-	andl	$255,		%edx
-	incl	%ecx
-	movl	(%ebp,%edx,4),	%ebx
-	movl	%ebx,		-4(%ebp,%ecx,4)
-	addl	%eax,		%ebx
-	andl	$255,		%ecx
-	andl	$255,		%ebx
-	movl	%eax,		(%ebp,%edx,4)
-	nop
-	movl	(%ebp,%ebx,4),	%ebx
-	addl	$8,		%edi
-	movb	%bl,		7(%esp)
-	/* apply the cipher text */
-	movl	(%esp),		%eax
-	movl	-8(%esi),	%ebx
-	xorl	%ebx,		%eax
-	movl	-4(%esi),	%ebx
-	movl	%eax,		-8(%edi)
-	movl	4(%esp),	%eax
-	xorl	%ebx,		%eax
-	movl	8(%esp),	%ebx
-	movl	%eax,		-4(%edi)
-	movl	(%ebp,%ecx,4),	%eax
-	cmpl	%ebx,		%esi
-	jle	.L001start
-.L000end:
-	/* Round 0 */
-	addl	$8,		%ebx
-	incl	%esi
-	cmpl	%esi,		%ebx
-	jl	.L002finished
-	movl	%ebx,		8(%esp)
-	addl	%eax,		%edx
-	andl	$255,		%edx
-	incl	%ecx
-	movl	(%ebp,%edx,4),	%ebx
-	movl	%ebx,		-4(%ebp,%ecx,4)
-	addl	%eax,		%ebx
-	andl	$255,		%ecx
-	andl	$255,		%ebx
-	movl	%eax,		(%ebp,%edx,4)
-	nop
-	movl	(%ebp,%ebx,4),	%ebx
-	movl	(%ebp,%ecx,4),	%eax
-	movb	-1(%esi),	%bh
-	xorb	%bh,		%bl
-	movb	%bl,		(%edi)
-	/* Round 1 */
-	movl	8(%esp),	%ebx
-	cmpl	%esi,		%ebx
-	jle	.L002finished
-	incl	%esi
-	addl	%eax,		%edx
-	andl	$255,		%edx
-	incl	%ecx
-	movl	(%ebp,%edx,4),	%ebx
-	movl	%ebx,		-4(%ebp,%ecx,4)
-	addl	%eax,		%ebx
-	andl	$255,		%ecx
-	andl	$255,		%ebx
-	movl	%eax,		(%ebp,%edx,4)
-	nop
-	movl	(%ebp,%ebx,4),	%ebx
-	movl	(%ebp,%ecx,4),	%eax
-	movb	-1(%esi),	%bh
-	xorb	%bh,		%bl
-	movb	%bl,		1(%edi)
-	/* Round 2 */
-	movl	8(%esp),	%ebx
-	cmpl	%esi,		%ebx
-	jle	.L002finished
-	incl	%esi
-	addl	%eax,		%edx
-	andl	$255,		%edx
-	incl	%ecx
-	movl	(%ebp,%edx,4),	%ebx
-	movl	%ebx,		-4(%ebp,%ecx,4)
-	addl	%eax,		%ebx
-	andl	$255,		%ecx
-	andl	$255,		%ebx
-	movl	%eax,		(%ebp,%edx,4)
-	nop
-	movl	(%ebp,%ebx,4),	%ebx
-	movl	(%ebp,%ecx,4),	%eax
-	movb	-1(%esi),	%bh
-	xorb	%bh,		%bl
-	movb	%bl,		2(%edi)
-	/* Round 3 */
-	movl	8(%esp),	%ebx
-	cmpl	%esi,		%ebx
-	jle	.L002finished
-	incl	%esi
-	addl	%eax,		%edx
-	andl	$255,		%edx
-	incl	%ecx
-	movl	(%ebp,%edx,4),	%ebx
-	movl	%ebx,		-4(%ebp,%ecx,4)
-	addl	%eax,		%ebx
-	andl	$255,		%ecx
-	andl	$255,		%ebx
-	movl	%eax,		(%ebp,%edx,4)
-	nop
-	movl	(%ebp,%ebx,4),	%ebx
-	movl	(%ebp,%ecx,4),	%eax
-	movb	-1(%esi),	%bh
-	xorb	%bh,		%bl
-	movb	%bl,		3(%edi)
-	/* Round 4 */
-	movl	8(%esp),	%ebx
-	cmpl	%esi,		%ebx
-	jle	.L002finished
-	incl	%esi
-	addl	%eax,		%edx
-	andl	$255,		%edx
-	incl	%ecx
-	movl	(%ebp,%edx,4),	%ebx
-	movl	%ebx,		-4(%ebp,%ecx,4)
-	addl	%eax,		%ebx
-	andl	$255,		%ecx
-	andl	$255,		%ebx
-	movl	%eax,		(%ebp,%edx,4)
-	nop
-	movl	(%ebp,%ebx,4),	%ebx
-	movl	(%ebp,%ecx,4),	%eax
-	movb	-1(%esi),	%bh
-	xorb	%bh,		%bl
-	movb	%bl,		4(%edi)
-	/* Round 5 */
-	movl	8(%esp),	%ebx
-	cmpl	%esi,		%ebx
-	jle	.L002finished
-	incl	%esi
-	addl	%eax,		%edx
-	andl	$255,		%edx
-	incl	%ecx
-	movl	(%ebp,%edx,4),	%ebx
-	movl	%ebx,		-4(%ebp,%ecx,4)
-	addl	%eax,		%ebx
-	andl	$255,		%ecx
-	andl	$255,		%ebx
-	movl	%eax,		(%ebp,%edx,4)
-	nop
-	movl	(%ebp,%ebx,4),	%ebx
-	movl	(%ebp,%ecx,4),	%eax
-	movb	-1(%esi),	%bh
-	xorb	%bh,		%bl
-	movb	%bl,		5(%edi)
-	/* Round 6 */
-	movl	8(%esp),	%ebx
-	cmpl	%esi,		%ebx
-	jle	.L002finished
-	incl	%esi
-	addl	%eax,		%edx
-	andl	$255,		%edx
-	incl	%ecx
-	movl	(%ebp,%edx,4),	%ebx
-	movl	%ebx,		-4(%ebp,%ecx,4)
-	addl	%eax,		%ebx
-	andl	$255,		%ecx
-	andl	$255,		%ebx
-	movl	%eax,		(%ebp,%edx,4)
-	nop
-	movl	(%ebp,%ebx,4),	%ebx
-	movb	-1(%esi),	%bh
-	xorb	%bh,		%bl
-	movb	%bl,		6(%edi)
-.L002finished:
-	decl	%ecx
-	addl	$12,		%esp
-	movl	%edx,		-4(%ebp)
-	movb	%cl,		-8(%ebp)
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.RC4_end:
-	SIZE(RC4,.RC4_end-RC4)
-.ident	"RC4"
diff --git a/lib/libssl/src/crypto/rc4/rc4.c b/lib/libssl/src/crypto/rc4/rc4.c
index 127e8a50935..709b7aff35a 100644
--- a/lib/libssl/src/crypto/rc4/rc4.c
+++ b/lib/libssl/src/crypto/rc4/rc4.c
@@ -59,7 +59,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include "rc4.h"
+#include <openssl/rc4.h>
 
 char *usage[]={
 "usage: rc4 args\n",
@@ -70,9 +70,7 @@ char *usage[]={
 NULL
 };
 
-int main(argc, argv)
-int argc;
-char *argv[];
+int main(int argc, char *argv[])
 	{
 	FILE *in=NULL,*out=NULL;
 	char *infile=NULL,*outfile=NULL,*keystr=NULL;
diff --git a/lib/libssl/src/crypto/rc4/rc4.org b/lib/libssl/src/crypto/rc4/rc4.h
index c558651af80..7418c2a9a21 100644
--- a/lib/libssl/src/crypto/rc4/rc4.org
+++ b/lib/libssl/src/crypto/rc4/rc4.h
@@ -1,4 +1,4 @@
-/* crypto/rc4/rc4.org */
+/* crypto/rc4/rc4.h */
 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,14 +56,6 @@
  * [including the GNU Public Licence.]
  */
 
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- *
- * Always modify rc4.org since rc4.h is automatically generated from
- * it during SSLeay configuration.
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 
- */
-
 #ifndef HEADER_RC4_H
 #define HEADER_RC4_H
 
@@ -71,9 +63,11 @@
 extern "C" {
 #endif
 
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-#define RC4_INT unsigned int
+#ifdef NO_RC4
+#error RC4 is disabled.
+#endif
+
+#include <openssl/opensslconf.h> /* RC4_INT */
 
 typedef struct rc4_key_st
 	{
@@ -81,21 +75,12 @@ typedef struct rc4_key_st
 	RC4_INT data[256];
 	} RC4_KEY;
 
-#ifndef NOPROTO
  
-char *RC4_options(void);
+const char *RC4_options(void);
 void RC4_set_key(RC4_KEY *key, int len, unsigned char *data);
 void RC4(RC4_KEY *key, unsigned long len, unsigned char *indata,
 		unsigned char *outdata);
 
-#else
-
-char *RC4_options();
-void RC4_set_key();
-void RC4();
-
-#endif
-
 #ifdef  __cplusplus
 }
 #endif
diff --git a/lib/libssl/src/crypto/rc4/rc4_enc.c b/lib/libssl/src/crypto/rc4/rc4_enc.c
index ab8a111b52e..3256bea8cc8 100644
--- a/lib/libssl/src/crypto/rc4/rc4_enc.c
+++ b/lib/libssl/src/crypto/rc4/rc4_enc.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-#include "rc4.h"
+#include <openssl/rc4.h>
 #include "rc4_locl.h"
 
 /* RC4 as implemented from a posting from
@@ -67,11 +67,8 @@
  * Date: Wed, 14 Sep 1994 06:35:31 GMT
  */
 
-void RC4(key, len, indata, outdata)
-RC4_KEY *key;
-unsigned long len;
-unsigned char *indata;
-unsigned char *outdata;
+void RC4(RC4_KEY *key, unsigned long len, unsigned char *indata,
+	     unsigned char *outdata)
 	{
         register RC4_INT *d;
         register RC4_INT x,y,tx,ty;
@@ -95,7 +92,6 @@ unsigned char *outdata;
 #define RC4_LOOP(a,b,i)	LOOP(a[i],b[i])
 #endif
 
-	i= -(int)len;
 	i=(int)(len>>3L);
 	if (i)
 		{
diff --git a/lib/libssl/src/crypto/rc4/rc4_locl.h b/lib/libssl/src/crypto/rc4/rc4_locl.h
new file mode 100644
index 00000000000..3bb80b6ce9e
--- /dev/null
+++ b/lib/libssl/src/crypto/rc4/rc4_locl.h
@@ -0,0 +1,4 @@
+#ifndef HEADER_RC4_LOCL_H
+#define HEADER_RC4_LOCL_H
+#include <openssl/opensslconf.h>
+#endif
diff --git a/lib/libssl/src/crypto/rc4/rc4_skey.c b/lib/libssl/src/crypto/rc4/rc4_skey.c
index 0be5fde67b8..c67a445f1f6 100644
--- a/lib/libssl/src/crypto/rc4/rc4_skey.c
+++ b/lib/libssl/src/crypto/rc4/rc4_skey.c
@@ -56,12 +56,13 @@
  * [including the GNU Public Licence.]
  */
 
-#include "rc4.h"
+#include <openssl/rc4.h>
 #include "rc4_locl.h"
+#include <openssl/opensslv.h>
 
-char *RC4_version="RC4 part of SSLeay 0.9.0b 29-Jun-1998";
+const char *RC4_version="RC4" OPENSSL_VERSION_PTEXT;
 
-char *RC4_options()
+const char *RC4_options(void)
 	{
 #ifdef RC4_INDEX
 	if (sizeof(RC4_INT) == 1)
@@ -84,10 +85,7 @@ char *RC4_options()
  * Date: Wed, 14 Sep 1994 06:35:31 GMT
  */
 
-void RC4_set_key(key, len, data)
-RC4_KEY *key;
-int len;
-register unsigned char *data;
+void RC4_set_key(RC4_KEY *key, int len, register unsigned char *data)
 	{
         register RC4_INT tmp;
         register int id1,id2;
diff --git a/lib/libssl/src/crypto/rc4/rc4s.cpp b/lib/libssl/src/crypto/rc4/rc4s.cpp
index 39f1727dd3f..3814fde9972 100644
--- a/lib/libssl/src/crypto/rc4/rc4s.cpp
+++ b/lib/libssl/src/crypto/rc4/rc4s.cpp
@@ -32,7 +32,7 @@ void GetTSC(unsigned long& tsc)
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "rc4.h"
+#include <openssl/rc4.h>
 
 void main(int argc,char *argv[])
 	{
diff --git a/lib/libssl/src/crypto/rc4/rc4speed.c b/lib/libssl/src/crypto/rc4/rc4speed.c
index 5298dad6d0e..4fb5ebf5738 100644
--- a/lib/libssl/src/crypto/rc4/rc4speed.c
+++ b/lib/libssl/src/crypto/rc4/rc4speed.c
@@ -59,19 +59,17 @@
 /* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
 /* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
 
-#ifndef MSDOS
+#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
 #define TIMES
 #endif
 
 #include <stdio.h>
-#ifndef MSDOS
-#include <unistd.h>
-#else
-#include <io.h>
-extern int exit();
-#endif
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+
 #include <signal.h>
-#ifndef VMS
 #ifndef _IRIX
 #include <time.h>
 #endif
@@ -79,34 +77,31 @@ extern int exit();
 #include <sys/types.h>
 #include <sys/times.h>
 #endif
-#else /* VMS */
-#include <types.h>
-struct tms {
-	time_t tms_utime;
-	time_t tms_stime;
-	time_t tms_uchild;	/* I dunno...  */
-	time_t tms_uchildsys;	/* so these names are a guess :-) */
-	}
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#undef TIMES
 #endif
+
 #ifndef TIMES
 #include <sys/timeb.h>
 #endif
 
-#ifdef sun
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
 #include <limits.h>
 #include <sys/param.h>
 #endif
 
-#include "rc4.h"
+#include <openssl/rc4.h>
 
 /* The following if from times(3) man page.  It may need to be changed */
 #ifndef HZ
 #ifndef CLK_TCK
-#ifndef VMS
-#define HZ	100.0
-#else /* VMS */
 #define HZ	100.0
-#endif
 #else /* CLK_TCK */
 #define HZ ((double)CLK_TCK)
 #endif
@@ -115,12 +110,7 @@ struct tms {
 #define BUFSIZE	((long)1024)
 long run=0;
 
-#ifndef NOPROTO
 double Time_F(int s);
-#else
-double Time_F();
-#endif
-
 #ifdef SIGALRM
 #if defined(__STDC__) || defined(sgi) || defined(_AIX)
 #define SIGRETTYPE void
@@ -128,14 +118,8 @@ double Time_F();
 #define SIGRETTYPE int
 #endif
 
-#ifndef NOPROTO
 SIGRETTYPE sig_done(int sig);
-#else
-SIGRETTYPE sig_done();
-#endif
-
-SIGRETTYPE sig_done(sig)
-int sig;
+SIGRETTYPE sig_done(int sig)
 	{
 	signal(SIGALRM,sig_done);
 	run=0;
@@ -148,8 +132,7 @@ int sig;
 #define START	0
 #define STOP	1
 
-double Time_F(s)
-int s;
+double Time_F(int s)
 	{
 	double ret;
 #ifdef TIMES
@@ -185,9 +168,7 @@ int s;
 #endif
 	}
 
-int main(argc,argv)
-int argc;
-char **argv;
+int main(int argc, char **argv)
 	{
 	long count;
 	static unsigned char buf[BUFSIZE];
diff --git a/lib/libssl/src/crypto/rc4/rc4test.c b/lib/libssl/src/crypto/rc4/rc4test.c
index 041e1aff953..5abf8cff307 100644
--- a/lib/libssl/src/crypto/rc4/rc4test.c
+++ b/lib/libssl/src/crypto/rc4/rc4test.c
@@ -59,7 +59,15 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include "rc4.h"
+
+#ifdef NO_RC4
+int main(int argc, char *argv[])
+{
+    printf("No RC4 support\n");
+    return(0);
+}
+#else
+#include <openssl/rc4.h>
 
 unsigned char keys[7][30]={
 	{8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
@@ -101,9 +109,7 @@ unsigned char output[7][30]={
 	{0},
 	};
 
-int main(argc,argv)
-int argc;
-char *argv[];
+int main(int argc, char *argv[])
 	{
 	int i,err=0;
 	int j;
@@ -192,4 +198,4 @@ char *argv[];
 	exit(err);
 	return(0);
 	}
-
+#endif
diff --git a/lib/libssl/src/crypto/rc5/Makefile.ssl b/lib/libssl/src/crypto/rc5/Makefile.ssl
index 5e98ee23481..666c4b6539e 100644
--- a/lib/libssl/src/crypto/rc5/Makefile.ssl
+++ b/lib/libssl/src/crypto/rc5/Makefile.ssl
@@ -8,9 +8,11 @@ CC=	cc
 CPP=	$(CC) -E
 INCLUDES=
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -42,7 +44,7 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 	@touch lib
 
 # elf
@@ -61,27 +63,25 @@ asm/r586-out.o: asm/r586unix.cpp
 
 # bsdi
 asm/r586bsdi.o: asm/r586unix.cpp
-	$(CPP) -DBSDI asm/r586unix.cpp | as -o asm/r586bsdi.o
+	$(CPP) -DBSDI asm/r586unix.cpp | sed 's/ :/:/' | as -o asm/r586bsdi.o
 
 asm/r586unix.cpp:
-	(cd asm; perl rc5-586.pl cpp >r586unix.cpp)
+	(cd asm; $(PERL) rc5-586.pl cpp >r586unix.cpp)
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/point.sh ../../doc/rc5.doc rc5.doc ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -93,15 +93,20 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
+	rm -f asm/r586unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+rc5_ecb.o: ../../include/openssl/opensslv.h ../../include/openssl/rc5.h
+rc5_ecb.o: rc5_locl.h
+rc5_enc.o: ../../include/openssl/rc5.h rc5_locl.h
+rc5_skey.o: ../../include/openssl/rc5.h rc5_locl.h
+rc5cfb64.o: ../../include/openssl/rc5.h rc5_locl.h
+rc5ofb64.o: ../../include/openssl/rc5.h rc5_locl.h
diff --git a/lib/libssl/src/crypto/rc5/Makefile.uni b/lib/libssl/src/crypto/rc5/Makefile.uni
index e50b3f2d197..4dc20c6fcfd 100644
--- a/lib/libssl/src/crypto/rc5/Makefile.uni
+++ b/lib/libssl/src/crypto/rc5/Makefile.uni
@@ -15,6 +15,7 @@ MAKE=           make
 MAKEDEPEND=     makedepend
 MAKEFILE=       Makefile.uni
 AR=             ar r
+RANLIB=         ranlib
 
 IDEA_ENC=rc2_cbc.o
 
@@ -39,7 +40,7 @@ all:    $(LIB) $(TEST) $(APPS)
 
 $(LIB):    $(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 
 test:	$(TEST)
 	./$(TEST)
diff --git a/lib/libssl/src/crypto/rc5/asm/r586unix.cpp b/lib/libssl/src/crypto/rc5/asm/r586unix.cpp
deleted file mode 100644
index a25dd5a9a44..00000000000
--- a/lib/libssl/src/crypto/rc5/asm/r586unix.cpp
+++ /dev/null
@@ -1,628 +0,0 @@
-/* Run the C pre-processor over this file with one of the following defined
- * ELF - elf object files,
- * OUT - a.out object files,
- * BSDI - BSDI style a.out object files
- * SOL - Solaris style elf
- */
-
-#define TYPE(a,b)       .type   a,b
-#define SIZE(a,b)       .size   a,b
-
-#if defined(OUT) || defined(BSDI)
-#define RC5_32_encrypt _RC5_32_encrypt
-#define RC5_32_decrypt _RC5_32_decrypt
-#define RC5_32_cbc_encrypt _RC5_32_cbc_encrypt
-
-#endif
-
-#ifdef OUT
-#define OK	1
-#define ALIGN	4
-#endif
-
-#ifdef BSDI
-#define OK              1
-#define ALIGN           4
-#undef SIZE
-#undef TYPE
-#define SIZE(a,b)
-#define TYPE(a,b)
-#endif
-
-#if defined(ELF) || defined(SOL)
-#define OK              1
-#define ALIGN           16
-#endif
-
-#ifndef OK
-You need to define one of
-ELF - elf systems - linux-elf, NetBSD and DG-UX
-OUT - a.out systems - linux-a.out and FreeBSD
-SOL - solaris systems, which are elf with strange comment lines
-BSDI - a.out with a very primative version of as.
-#endif
-
-/* Let the Assembler begin :-) */
-	/* Don't even think of reading this code */
-	/* It was automatically generated by rc5-586.pl */
-	/* Which is a perl program used to generate the x86 assember for */
-	/* any of elf, a.out, BSDI,Win32, or Solaris */
-	/* eric <eay@cryptsoft.com> */
-
-	.file	"rc5-586.s"
-	.version	"01.01"
-gcc2_compiled.:
-.text
-	.align ALIGN
-.globl RC5_32_encrypt
-	TYPE(RC5_32_encrypt,@function)
-RC5_32_encrypt:
-
-	pushl	%ebp
-	pushl	%esi
-	pushl	%edi
-	movl	16(%esp),	%edx
-	movl	20(%esp),	%ebp
-	/* Load the 2 words */
-	movl	(%edx),		%edi
-	movl	4(%edx),	%esi
-	pushl	%ebx
-	movl	(%ebp),		%ebx
-	addl	4(%ebp),	%edi
-	addl	8(%ebp),	%esi
-	xorl	%esi,		%edi
-	movl	12(%ebp),	%eax
-	movl	%esi,		%ecx
-	roll	%cl,		%edi
-	addl	%eax,		%edi
-	xorl	%edi,		%esi
-	movl	16(%ebp),	%eax
-	movl	%edi,		%ecx
-	roll	%cl,		%esi
-	addl	%eax,		%esi
-	xorl	%esi,		%edi
-	movl	20(%ebp),	%eax
-	movl	%esi,		%ecx
-	roll	%cl,		%edi
-	addl	%eax,		%edi
-	xorl	%edi,		%esi
-	movl	24(%ebp),	%eax
-	movl	%edi,		%ecx
-	roll	%cl,		%esi
-	addl	%eax,		%esi
-	xorl	%esi,		%edi
-	movl	28(%ebp),	%eax
-	movl	%esi,		%ecx
-	roll	%cl,		%edi
-	addl	%eax,		%edi
-	xorl	%edi,		%esi
-	movl	32(%ebp),	%eax
-	movl	%edi,		%ecx
-	roll	%cl,		%esi
-	addl	%eax,		%esi
-	xorl	%esi,		%edi
-	movl	36(%ebp),	%eax
-	movl	%esi,		%ecx
-	roll	%cl,		%edi
-	addl	%eax,		%edi
-	xorl	%edi,		%esi
-	movl	40(%ebp),	%eax
-	movl	%edi,		%ecx
-	roll	%cl,		%esi
-	addl	%eax,		%esi
-	xorl	%esi,		%edi
-	movl	44(%ebp),	%eax
-	movl	%esi,		%ecx
-	roll	%cl,		%edi
-	addl	%eax,		%edi
-	xorl	%edi,		%esi
-	movl	48(%ebp),	%eax
-	movl	%edi,		%ecx
-	roll	%cl,		%esi
-	addl	%eax,		%esi
-	xorl	%esi,		%edi
-	movl	52(%ebp),	%eax
-	movl	%esi,		%ecx
-	roll	%cl,		%edi
-	addl	%eax,		%edi
-	xorl	%edi,		%esi
-	movl	56(%ebp),	%eax
-	movl	%edi,		%ecx
-	roll	%cl,		%esi
-	addl	%eax,		%esi
-	xorl	%esi,		%edi
-	movl	60(%ebp),	%eax
-	movl	%esi,		%ecx
-	roll	%cl,		%edi
-	addl	%eax,		%edi
-	xorl	%edi,		%esi
-	movl	64(%ebp),	%eax
-	movl	%edi,		%ecx
-	roll	%cl,		%esi
-	addl	%eax,		%esi
-	xorl	%esi,		%edi
-	movl	68(%ebp),	%eax
-	movl	%esi,		%ecx
-	roll	%cl,		%edi
-	addl	%eax,		%edi
-	xorl	%edi,		%esi
-	movl	72(%ebp),	%eax
-	movl	%edi,		%ecx
-	roll	%cl,		%esi
-	addl	%eax,		%esi
-	cmpl	$8,		%ebx
-	je	.L000rc5_exit
-	xorl	%esi,		%edi
-	movl	76(%ebp),	%eax
-	movl	%esi,		%ecx
-	roll	%cl,		%edi
-	addl	%eax,		%edi
-	xorl	%edi,		%esi
-	movl	80(%ebp),	%eax
-	movl	%edi,		%ecx
-	roll	%cl,		%esi
-	addl	%eax,		%esi
-	xorl	%esi,		%edi
-	movl	84(%ebp),	%eax
-	movl	%esi,		%ecx
-	roll	%cl,		%edi
-	addl	%eax,		%edi
-	xorl	%edi,		%esi
-	movl	88(%ebp),	%eax
-	movl	%edi,		%ecx
-	roll	%cl,		%esi
-	addl	%eax,		%esi
-	xorl	%esi,		%edi
-	movl	92(%ebp),	%eax
-	movl	%esi,		%ecx
-	roll	%cl,		%edi
-	addl	%eax,		%edi
-	xorl	%edi,		%esi
-	movl	96(%ebp),	%eax
-	movl	%edi,		%ecx
-	roll	%cl,		%esi
-	addl	%eax,		%esi
-	xorl	%esi,		%edi
-	movl	100(%ebp),	%eax
-	movl	%esi,		%ecx
-	roll	%cl,		%edi
-	addl	%eax,		%edi
-	xorl	%edi,		%esi
-	movl	104(%ebp),	%eax
-	movl	%edi,		%ecx
-	roll	%cl,		%esi
-	addl	%eax,		%esi
-	cmpl	$12,		%ebx
-	je	.L000rc5_exit
-	xorl	%esi,		%edi
-	movl	108(%ebp),	%eax
-	movl	%esi,		%ecx
-	roll	%cl,		%edi
-	addl	%eax,		%edi
-	xorl	%edi,		%esi
-	movl	112(%ebp),	%eax
-	movl	%edi,		%ecx
-	roll	%cl,		%esi
-	addl	%eax,		%esi
-	xorl	%esi,		%edi
-	movl	116(%ebp),	%eax
-	movl	%esi,		%ecx
-	roll	%cl,		%edi
-	addl	%eax,		%edi
-	xorl	%edi,		%esi
-	movl	120(%ebp),	%eax
-	movl	%edi,		%ecx
-	roll	%cl,		%esi
-	addl	%eax,		%esi
-	xorl	%esi,		%edi
-	movl	124(%ebp),	%eax
-	movl	%esi,		%ecx
-	roll	%cl,		%edi
-	addl	%eax,		%edi
-	xorl	%edi,		%esi
-	movl	128(%ebp),	%eax
-	movl	%edi,		%ecx
-	roll	%cl,		%esi
-	addl	%eax,		%esi
-	xorl	%esi,		%edi
-	movl	132(%ebp),	%eax
-	movl	%esi,		%ecx
-	roll	%cl,		%edi
-	addl	%eax,		%edi
-	xorl	%edi,		%esi
-	movl	136(%ebp),	%eax
-	movl	%edi,		%ecx
-	roll	%cl,		%esi
-	addl	%eax,		%esi
-.L000rc5_exit:
-	movl	%edi,		(%edx)
-	movl	%esi,		4(%edx)
-	popl	%ebx
-	popl	%edi
-	popl	%esi
-	popl	%ebp
-	ret
-.RC5_32_encrypt_end:
-	SIZE(RC5_32_encrypt,.RC5_32_encrypt_end-RC5_32_encrypt)
-.ident	"desasm.pl"
-.text
-	.align ALIGN
-.globl RC5_32_decrypt
-	TYPE(RC5_32_decrypt,@function)
-RC5_32_decrypt:
-
-	pushl	%ebp
-	pushl	%esi
-	pushl	%edi
-	movl	16(%esp),	%edx
-	movl	20(%esp),	%ebp
-	/* Load the 2 words */
-	movl	(%edx),		%edi
-	movl	4(%edx),	%esi
-	pushl	%ebx
-	movl	(%ebp),		%ebx
-	cmpl	$12,		%ebx
-	je	.L001rc5_dec_12
-	cmpl	$8,		%ebx
-	je	.L002rc5_dec_8
-	movl	136(%ebp),	%eax
-	subl	%eax,		%esi
-	movl	%edi,		%ecx
-	rorl	%cl,		%esi
-	xorl	%edi,		%esi
-	movl	132(%ebp),	%eax
-	subl	%eax,		%edi
-	movl	%esi,		%ecx
-	rorl	%cl,		%edi
-	xorl	%esi,		%edi
-	movl	128(%ebp),	%eax
-	subl	%eax,		%esi
-	movl	%edi,		%ecx
-	rorl	%cl,		%esi
-	xorl	%edi,		%esi
-	movl	124(%ebp),	%eax
-	subl	%eax,		%edi
-	movl	%esi,		%ecx
-	rorl	%cl,		%edi
-	xorl	%esi,		%edi
-	movl	120(%ebp),	%eax
-	subl	%eax,		%esi
-	movl	%edi,		%ecx
-	rorl	%cl,		%esi
-	xorl	%edi,		%esi
-	movl	116(%ebp),	%eax
-	subl	%eax,		%edi
-	movl	%esi,		%ecx
-	rorl	%cl,		%edi
-	xorl	%esi,		%edi
-	movl	112(%ebp),	%eax
-	subl	%eax,		%esi
-	movl	%edi,		%ecx
-	rorl	%cl,		%esi
-	xorl	%edi,		%esi
-	movl	108(%ebp),	%eax
-	subl	%eax,		%edi
-	movl	%esi,		%ecx
-	rorl	%cl,		%edi
-	xorl	%esi,		%edi
-.L001rc5_dec_12:
-	movl	104(%ebp),	%eax
-	subl	%eax,		%esi
-	movl	%edi,		%ecx
-	rorl	%cl,		%esi
-	xorl	%edi,		%esi
-	movl	100(%ebp),	%eax
-	subl	%eax,		%edi
-	movl	%esi,		%ecx
-	rorl	%cl,		%edi
-	xorl	%esi,		%edi
-	movl	96(%ebp),	%eax
-	subl	%eax,		%esi
-	movl	%edi,		%ecx
-	rorl	%cl,		%esi
-	xorl	%edi,		%esi
-	movl	92(%ebp),	%eax
-	subl	%eax,		%edi
-	movl	%esi,		%ecx
-	rorl	%cl,		%edi
-	xorl	%esi,		%edi
-	movl	88(%ebp),	%eax
-	subl	%eax,		%esi
-	movl	%edi,		%ecx
-	rorl	%cl,		%esi
-	xorl	%edi,		%esi
-	movl	84(%ebp),	%eax
-	subl	%eax,		%edi
-	movl	%esi,		%ecx
-	rorl	%cl,		%edi
-	xorl	%esi,		%edi
-	movl	80(%ebp),	%eax
-	subl	%eax,		%esi
-	movl	%edi,		%ecx
-	rorl	%cl,		%esi
-	xorl	%edi,		%esi
-	movl	76(%ebp),	%eax
-	subl	%eax,		%edi
-	movl	%esi,		%ecx
-	rorl	%cl,		%edi
-	xorl	%esi,		%edi
-.L002rc5_dec_8:
-	movl	72(%ebp),	%eax
-	subl	%eax,		%esi
-	movl	%edi,		%ecx
-	rorl	%cl,		%esi
-	xorl	%edi,		%esi
-	movl	68(%ebp),	%eax
-	subl	%eax,		%edi
-	movl	%esi,		%ecx
-	rorl	%cl,		%edi
-	xorl	%esi,		%edi
-	movl	64(%ebp),	%eax
-	subl	%eax,		%esi
-	movl	%edi,		%ecx
-	rorl	%cl,		%esi
-	xorl	%edi,		%esi
-	movl	60(%ebp),	%eax
-	subl	%eax,		%edi
-	movl	%esi,		%ecx
-	rorl	%cl,		%edi
-	xorl	%esi,		%edi
-	movl	56(%ebp),	%eax
-	subl	%eax,		%esi
-	movl	%edi,		%ecx
-	rorl	%cl,		%esi
-	xorl	%edi,		%esi
-	movl	52(%ebp),	%eax
-	subl	%eax,		%edi
-	movl	%esi,		%ecx
-	rorl	%cl,		%edi
-	xorl	%esi,		%edi
-	movl	48(%ebp),	%eax
-	subl	%eax,		%esi
-	movl	%edi,		%ecx
-	rorl	%cl,		%esi
-	xorl	%edi,		%esi
-	movl	44(%ebp),	%eax
-	subl	%eax,		%edi
-	movl	%esi,		%ecx
-	rorl	%cl,		%edi
-	xorl	%esi,		%edi
-	movl	40(%ebp),	%eax
-	subl	%eax,		%esi
-	movl	%edi,		%ecx
-	rorl	%cl,		%esi
-	xorl	%edi,		%esi
-	movl	36(%ebp),	%eax
-	subl	%eax,		%edi
-	movl	%esi,		%ecx
-	rorl	%cl,		%edi
-	xorl	%esi,		%edi
-	movl	32(%ebp),	%eax
-	subl	%eax,		%esi
-	movl	%edi,		%ecx
-	rorl	%cl,		%esi
-	xorl	%edi,		%esi
-	movl	28(%ebp),	%eax
-	subl	%eax,		%edi
-	movl	%esi,		%ecx
-	rorl	%cl,		%edi
-	xorl	%esi,		%edi
-	movl	24(%ebp),	%eax
-	subl	%eax,		%esi
-	movl	%edi,		%ecx
-	rorl	%cl,		%esi
-	xorl	%edi,		%esi
-	movl	20(%ebp),	%eax
-	subl	%eax,		%edi
-	movl	%esi,		%ecx
-	rorl	%cl,		%edi
-	xorl	%esi,		%edi
-	movl	16(%ebp),	%eax
-	subl	%eax,		%esi
-	movl	%edi,		%ecx
-	rorl	%cl,		%esi
-	xorl	%edi,		%esi
-	movl	12(%ebp),	%eax
-	subl	%eax,		%edi
-	movl	%esi,		%ecx
-	rorl	%cl,		%edi
-	xorl	%esi,		%edi
-	subl	8(%ebp),	%esi
-	subl	4(%ebp),	%edi
-.L003rc5_exit:
-	movl	%edi,		(%edx)
-	movl	%esi,		4(%edx)
-	popl	%ebx
-	popl	%edi
-	popl	%esi
-	popl	%ebp
-	ret
-.RC5_32_decrypt_end:
-	SIZE(RC5_32_decrypt,.RC5_32_decrypt_end-RC5_32_decrypt)
-.ident	"desasm.pl"
-.text
-	.align ALIGN
-.globl RC5_32_cbc_encrypt
-	TYPE(RC5_32_cbc_encrypt,@function)
-RC5_32_cbc_encrypt:
-
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	movl	28(%esp),	%ebp
-	/* getting iv ptr from parameter 4 */
-	movl	36(%esp),	%ebx
-	movl	(%ebx),		%esi
-	movl	4(%ebx),	%edi
-	pushl	%edi
-	pushl	%esi
-	pushl	%edi
-	pushl	%esi
-	movl	%esp,		%ebx
-	movl	36(%esp),	%esi
-	movl	40(%esp),	%edi
-	/* getting encrypt flag from parameter 5 */
-	movl	56(%esp),	%ecx
-	/* get and push parameter 3 */
-	movl	48(%esp),	%eax
-	pushl	%eax
-	pushl	%ebx
-	cmpl	$0,		%ecx
-	jz	.L004decrypt
-	andl	$4294967288,	%ebp
-	movl	8(%esp),	%eax
-	movl	12(%esp),	%ebx
-	jz	.L005encrypt_finish
-.L006encrypt_loop:
-	movl	(%esi),		%ecx
-	movl	4(%esi),	%edx
-	xorl	%ecx,		%eax
-	xorl	%edx,		%ebx
-	movl	%eax,		8(%esp)
-	movl	%ebx,		12(%esp)
-	call	RC5_32_encrypt
-	movl	8(%esp),	%eax
-	movl	12(%esp),	%ebx
-	movl	%eax,		(%edi)
-	movl	%ebx,		4(%edi)
-	addl	$8,		%esi
-	addl	$8,		%edi
-	subl	$8,		%ebp
-	jnz	.L006encrypt_loop
-.L005encrypt_finish:
-	movl	52(%esp),	%ebp
-	andl	$7,		%ebp
-	jz	.L007finish
-	xorl	%ecx,		%ecx
-	xorl	%edx,		%edx
-	movl	.L008cbc_enc_jmp_table(,%ebp,4),%ebp
-	jmp	*%ebp
-.L009ej7:
-	movb	6(%esi),	%dh
-	sall	$8,		%edx
-.L010ej6:
-	movb	5(%esi),	%dh
-.L011ej5:
-	movb	4(%esi),	%dl
-.L012ej4:
-	movl	(%esi),		%ecx
-	jmp	.L013ejend
-.L014ej3:
-	movb	2(%esi),	%ch
-	sall	$8,		%ecx
-.L015ej2:
-	movb	1(%esi),	%ch
-.L016ej1:
-	movb	(%esi),		%cl
-.L013ejend:
-	xorl	%ecx,		%eax
-	xorl	%edx,		%ebx
-	movl	%eax,		8(%esp)
-	movl	%ebx,		12(%esp)
-	call	RC5_32_encrypt
-	movl	8(%esp),	%eax
-	movl	12(%esp),	%ebx
-	movl	%eax,		(%edi)
-	movl	%ebx,		4(%edi)
-	jmp	.L007finish
-.align ALIGN
-.L004decrypt:
-	andl	$4294967288,	%ebp
-	movl	16(%esp),	%eax
-	movl	20(%esp),	%ebx
-	jz	.L017decrypt_finish
-.L018decrypt_loop:
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-	movl	%eax,		8(%esp)
-	movl	%ebx,		12(%esp)
-	call	RC5_32_decrypt
-	movl	8(%esp),	%eax
-	movl	12(%esp),	%ebx
-	movl	16(%esp),	%ecx
-	movl	20(%esp),	%edx
-	xorl	%eax,		%ecx
-	xorl	%ebx,		%edx
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-	movl	%ecx,		(%edi)
-	movl	%edx,		4(%edi)
-	movl	%eax,		16(%esp)
-	movl	%ebx,		20(%esp)
-	addl	$8,		%esi
-	addl	$8,		%edi
-	subl	$8,		%ebp
-	jnz	.L018decrypt_loop
-.L017decrypt_finish:
-	movl	52(%esp),	%ebp
-	andl	$7,		%ebp
-	jz	.L007finish
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-	movl	%eax,		8(%esp)
-	movl	%ebx,		12(%esp)
-	call	RC5_32_decrypt
-	movl	8(%esp),	%eax
-	movl	12(%esp),	%ebx
-	movl	16(%esp),	%ecx
-	movl	20(%esp),	%edx
-	xorl	%eax,		%ecx
-	xorl	%ebx,		%edx
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-.L019dj7:
-	rorl	$16,		%edx
-	movb	%dl,		6(%edi)
-	shrl	$16,		%edx
-.L020dj6:
-	movb	%dh,		5(%edi)
-.L021dj5:
-	movb	%dl,		4(%edi)
-.L022dj4:
-	movl	%ecx,		(%edi)
-	jmp	.L023djend
-.L024dj3:
-	rorl	$16,		%ecx
-	movb	%cl,		2(%edi)
-	sall	$16,		%ecx
-.L025dj2:
-	movb	%ch,		1(%esi)
-.L026dj1:
-	movb	%cl,		(%esi)
-.L023djend:
-	jmp	.L007finish
-.align ALIGN
-.L007finish:
-	movl	60(%esp),	%ecx
-	addl	$24,		%esp
-	movl	%eax,		(%ecx)
-	movl	%ebx,		4(%ecx)
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.align ALIGN
-.L008cbc_enc_jmp_table:
-	.long 0
-	.long .L016ej1
-	.long .L015ej2
-	.long .L014ej3
-	.long .L012ej4
-	.long .L011ej5
-	.long .L010ej6
-	.long .L009ej7
-.align ALIGN
-.L027cbc_dec_jmp_table:
-	.long 0
-	.long .L026dj1
-	.long .L025dj2
-	.long .L024dj3
-	.long .L022dj4
-	.long .L021dj5
-	.long .L020dj6
-	.long .L019dj7
-.RC5_32_cbc_encrypt_end:
-	SIZE(RC5_32_cbc_encrypt,.RC5_32_cbc_encrypt_end-RC5_32_cbc_encrypt)
-.ident	"desasm.pl"
diff --git a/lib/libssl/src/crypto/rc5/asm/rc5-586.pl b/lib/libssl/src/crypto/rc5/asm/rc5-586.pl
index 172bd9ee1b1..edff1d1e64a 100644
--- a/lib/libssl/src/crypto/rc5/asm/rc5-586.pl
+++ b/lib/libssl/src/crypto/rc5/asm/rc5-586.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 
 push(@INC,"perlasm","../../perlasm");
 require "x86asm.pl";
diff --git a/lib/libssl/src/crypto/rc5/rc5.h b/lib/libssl/src/crypto/rc5/rc5.h
index 5fd64e3f103..38e901502b9 100644
--- a/lib/libssl/src/crypto/rc5/rc5.h
+++ b/lib/libssl/src/crypto/rc5/rc5.h
@@ -63,6 +63,10 @@
 extern "C" {
 #endif
 
+#ifdef NO_RC5
+#error RC5 is disabled.
+#endif
+
 #define RC5_ENCRYPT	1
 #define RC5_DECRYPT	0
 
@@ -88,7 +92,6 @@ typedef struct rc5_key_st
 	RC5_32_INT data[2*(RC5_16_ROUNDS+1)];
 	} RC5_32_KEY;
 
-#ifndef NOPROTO
  
 void RC5_32_set_key(RC5_32_KEY *key, int len, unsigned char *data,
 	int rounds);
@@ -103,18 +106,6 @@ void RC5_32_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
 void RC5_32_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
 	RC5_32_KEY *schedule, unsigned char *ivec, int *num);
 
-#else
-
-void RC5_32_set_key();
-void RC5_32_ecb_encrypt();
-void RC5_32_encrypt();
-void RC5_32_decrypt();
-void RC5_32_cbc_encrypt();
-void RC5_32_cfb64_encrypt();
-void RC5_32_ofb64_encrypt();
-
-#endif
-
 #ifdef  __cplusplus
 }
 #endif
diff --git a/lib/libssl/src/crypto/ripemd/Makefile.ssl b/lib/libssl/src/crypto/ripemd/Makefile.ssl
index 67d47ceb2c0..b7cd25f1233 100644
--- a/lib/libssl/src/crypto/ripemd/Makefile.ssl
+++ b/lib/libssl/src/crypto/ripemd/Makefile.ssl
@@ -8,9 +8,11 @@ CC=     cc
 CPP=    $(CC) -E
 INCLUDES=
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=           make -f Makefile.ssl
-MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=       Makefile.ssl
 AR=             ar r
 
@@ -40,7 +42,7 @@ all:    lib
 
 lib:    $(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 	@touch lib
 
 # elf
@@ -59,26 +61,25 @@ asm/rm86-out.o: asm/rm86unix.cpp
 
 # bsdi
 asm/rm86bsdi.o: asm/rm86unix.cpp
-	$(CPP) -DBSDI asm/rm86unix.cpp | as -o asm/rm86bsdi.o
+	$(CPP) -DBSDI asm/rm86unix.cpp | sed 's/ :/:/' | as -o asm/rm86bsdi.o
 
-asm/rm86unix.cpp:
-	(cd asm; perl rmd-586.pl cpp >rm86unix.cpp)
+asm/rm86unix.cpp: asm/rmd-586.pl
+	(cd asm; $(PERL) rmd-586.pl cpp >rm86unix.cpp)
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -90,15 +91,17 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
+	rm -f asm/rm86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h
+rmd_dgst.o: rmd_locl.h rmdconst.h
+rmd_one.o: ../../include/openssl/ripemd.h rmd_locl.h rmdconst.h
diff --git a/lib/libssl/src/crypto/ripemd/Makefile.uni b/lib/libssl/src/crypto/ripemd/Makefile.uni
index 54685712dbe..5310020eb11 100644
--- a/lib/libssl/src/crypto/ripemd/Makefile.uni
+++ b/lib/libssl/src/crypto/ripemd/Makefile.uni
@@ -43,7 +43,7 @@ all:    $(LIB) $(TEST) $(APPS)
 
 $(LIB):    $(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 
 # elf
 asm/mx86-elf.o: asm/mx86unix.cpp
diff --git a/lib/libssl/src/crypto/ripemd/asm/rips.cpp b/lib/libssl/src/crypto/ripemd/asm/rips.cpp
index 78a933c4483..321a98443e5 100644
--- a/lib/libssl/src/crypto/ripemd/asm/rips.cpp
+++ b/lib/libssl/src/crypto/ripemd/asm/rips.cpp
@@ -32,7 +32,7 @@ void GetTSC(unsigned long& tsc)
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "ripemd.h"
+#include <openssl/ripemd.h>
 
 extern "C" {
 void ripemd160_block_x86(RIPEMD160_CTX *ctx, unsigned char *buffer,int num);
diff --git a/lib/libssl/src/crypto/ripemd/asm/rm86unix.cpp b/lib/libssl/src/crypto/ripemd/asm/rm86unix.cpp
deleted file mode 100644
index f90f6f2fd63..00000000000
--- a/lib/libssl/src/crypto/ripemd/asm/rm86unix.cpp
+++ /dev/null
@@ -1,2016 +0,0 @@
-/* Run the C pre-processor over this file with one of the following defined
- * ELF - elf object files,
- * OUT - a.out object files,
- * BSDI - BSDI style a.out object files
- * SOL - Solaris style elf
- */
-
-#define TYPE(a,b)       .type   a,b
-#define SIZE(a,b)       .size   a,b
-
-#if defined(OUT) || defined(BSDI)
-#define ripemd160_block_x86 _ripemd160_block_x86
-
-#endif
-
-#ifdef OUT
-#define OK	1
-#define ALIGN	4
-#endif
-
-#ifdef BSDI
-#define OK              1
-#define ALIGN           4
-#undef SIZE
-#undef TYPE
-#define SIZE(a,b)
-#define TYPE(a,b)
-#endif
-
-#if defined(ELF) || defined(SOL)
-#define OK              1
-#define ALIGN           16
-#endif
-
-#ifndef OK
-You need to define one of
-ELF - elf systems - linux-elf, NetBSD and DG-UX
-OUT - a.out systems - linux-a.out and FreeBSD
-SOL - solaris systems, which are elf with strange comment lines
-BSDI - a.out with a very primative version of as.
-#endif
-
-/* Let the Assembler begin :-) */
-	/* Don't even think of reading this code */
-	/* It was automatically generated by rmd-586.pl */
-	/* Which is a perl program used to generate the x86 assember for */
-	/* any of elf, a.out, BSDI,Win32, or Solaris */
-	/* eric <eay@cryptsoft.com> */
-
-	.file	"rmd-586.s"
-	.version	"01.01"
-gcc2_compiled.:
-.text
-	.align ALIGN
-.globl ripemd160_block_x86
-	TYPE(ripemd160_block_x86,@function)
-ripemd160_block_x86:
-	pushl	%esi
-	movl	16(%esp),	%ecx
-	pushl	%edi
-	movl	16(%esp),	%esi
-	pushl	%ebp
-	addl	%esi,		%ecx
-	pushl	%ebx
-	subl	$64,		%ecx
-	subl	$88,		%esp
-	movl	%ecx,		(%esp)
-	movl	108(%esp),	%edi
-.L000start:
-
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-	movl	%eax,		4(%esp)
-	movl	%ebx,		8(%esp)
-	movl	8(%esi),	%eax
-	movl	12(%esi),	%ebx
-	movl	%eax,		12(%esp)
-	movl	%ebx,		16(%esp)
-	movl	16(%esi),	%eax
-	movl	20(%esi),	%ebx
-	movl	%eax,		20(%esp)
-	movl	%ebx,		24(%esp)
-	movl	24(%esi),	%eax
-	movl	28(%esi),	%ebx
-	movl	%eax,		28(%esp)
-	movl	%ebx,		32(%esp)
-	movl	32(%esi),	%eax
-	movl	36(%esi),	%ebx
-	movl	%eax,		36(%esp)
-	movl	%ebx,		40(%esp)
-	movl	40(%esi),	%eax
-	movl	44(%esi),	%ebx
-	movl	%eax,		44(%esp)
-	movl	%ebx,		48(%esp)
-	movl	48(%esi),	%eax
-	movl	52(%esi),	%ebx
-	movl	%eax,		52(%esp)
-	movl	%ebx,		56(%esp)
-	movl	56(%esi),	%eax
-	movl	60(%esi),	%ebx
-	movl	%eax,		60(%esp)
-	movl	%ebx,		64(%esp)
-	addl	$64,		%esi
-	movl	(%edi),		%eax
-	movl	%esi,		112(%esp)
-	movl	4(%edi),	%ebx
-	movl	8(%edi),	%ecx
-	movl	12(%edi),	%edx
-	movl	16(%edi),	%ebp
-	/* 0 */
-	movl	%ecx,		%esi
-	xorl	%edx,		%esi
-	movl	4(%esp),	%edi
-	xorl	%ebx,		%esi
-	addl	%edi,		%eax
-	roll	$10,		%ecx
-	addl	%esi,		%eax
-	movl	%ebx,		%esi
-	roll	$11,		%eax
-	addl	%ebp,		%eax
-	/* 1 */
-	xorl	%ecx,		%esi
-	movl	8(%esp),	%edi
-	xorl	%eax,		%esi
-	addl	%esi,		%ebp
-	movl	%eax,		%esi
-	roll	$10,		%ebx
-	addl	%edi,		%ebp
-	xorl	%ebx,		%esi
-	roll	$14,		%ebp
-	addl	%edx,		%ebp
-	/* 2 */
-	movl	12(%esp),	%edi
-	xorl	%ebp,		%esi
-	addl	%edi,		%edx
-	roll	$10,		%eax
-	addl	%esi,		%edx
-	movl	%ebp,		%esi
-	roll	$15,		%edx
-	addl	%ecx,		%edx
-	/* 3 */
-	xorl	%eax,		%esi
-	movl	16(%esp),	%edi
-	xorl	%edx,		%esi
-	addl	%esi,		%ecx
-	movl	%edx,		%esi
-	roll	$10,		%ebp
-	addl	%edi,		%ecx
-	xorl	%ebp,		%esi
-	roll	$12,		%ecx
-	addl	%ebx,		%ecx
-	/* 4 */
-	movl	20(%esp),	%edi
-	xorl	%ecx,		%esi
-	addl	%edi,		%ebx
-	roll	$10,		%edx
-	addl	%esi,		%ebx
-	movl	%ecx,		%esi
-	roll	$5,		%ebx
-	addl	%eax,		%ebx
-	/* 5 */
-	xorl	%edx,		%esi
-	movl	24(%esp),	%edi
-	xorl	%ebx,		%esi
-	addl	%esi,		%eax
-	movl	%ebx,		%esi
-	roll	$10,		%ecx
-	addl	%edi,		%eax
-	xorl	%ecx,		%esi
-	roll	$8,		%eax
-	addl	%ebp,		%eax
-	/* 6 */
-	movl	28(%esp),	%edi
-	xorl	%eax,		%esi
-	addl	%edi,		%ebp
-	roll	$10,		%ebx
-	addl	%esi,		%ebp
-	movl	%eax,		%esi
-	roll	$7,		%ebp
-	addl	%edx,		%ebp
-	/* 7 */
-	xorl	%ebx,		%esi
-	movl	32(%esp),	%edi
-	xorl	%ebp,		%esi
-	addl	%esi,		%edx
-	movl	%ebp,		%esi
-	roll	$10,		%eax
-	addl	%edi,		%edx
-	xorl	%eax,		%esi
-	roll	$9,		%edx
-	addl	%ecx,		%edx
-	/* 8 */
-	movl	36(%esp),	%edi
-	xorl	%edx,		%esi
-	addl	%edi,		%ecx
-	roll	$10,		%ebp
-	addl	%esi,		%ecx
-	movl	%edx,		%esi
-	roll	$11,		%ecx
-	addl	%ebx,		%ecx
-	/* 9 */
-	xorl	%ebp,		%esi
-	movl	40(%esp),	%edi
-	xorl	%ecx,		%esi
-	addl	%esi,		%ebx
-	movl	%ecx,		%esi
-	roll	$10,		%edx
-	addl	%edi,		%ebx
-	xorl	%edx,		%esi
-	roll	$13,		%ebx
-	addl	%eax,		%ebx
-	/* 10 */
-	movl	44(%esp),	%edi
-	xorl	%ebx,		%esi
-	addl	%edi,		%eax
-	roll	$10,		%ecx
-	addl	%esi,		%eax
-	movl	%ebx,		%esi
-	roll	$14,		%eax
-	addl	%ebp,		%eax
-	/* 11 */
-	xorl	%ecx,		%esi
-	movl	48(%esp),	%edi
-	xorl	%eax,		%esi
-	addl	%esi,		%ebp
-	movl	%eax,		%esi
-	roll	$10,		%ebx
-	addl	%edi,		%ebp
-	xorl	%ebx,		%esi
-	roll	$15,		%ebp
-	addl	%edx,		%ebp
-	/* 12 */
-	movl	52(%esp),	%edi
-	xorl	%ebp,		%esi
-	addl	%edi,		%edx
-	roll	$10,		%eax
-	addl	%esi,		%edx
-	movl	%ebp,		%esi
-	roll	$6,		%edx
-	addl	%ecx,		%edx
-	/* 13 */
-	xorl	%eax,		%esi
-	movl	56(%esp),	%edi
-	xorl	%edx,		%esi
-	addl	%esi,		%ecx
-	movl	%edx,		%esi
-	roll	$10,		%ebp
-	addl	%edi,		%ecx
-	xorl	%ebp,		%esi
-	roll	$7,		%ecx
-	addl	%ebx,		%ecx
-	/* 14 */
-	movl	60(%esp),	%edi
-	xorl	%ecx,		%esi
-	addl	%edi,		%ebx
-	roll	$10,		%edx
-	addl	%esi,		%ebx
-	movl	%ecx,		%esi
-	roll	$9,		%ebx
-	addl	%eax,		%ebx
-	/* 15 */
-	xorl	%edx,		%esi
-	movl	64(%esp),	%edi
-	xorl	%ebx,		%esi
-	addl	%esi,		%eax
-	movl	$-1,		%esi
-	roll	$10,		%ecx
-	addl	%edi,		%eax
-	movl	32(%esp),	%edi
-	roll	$8,		%eax
-	addl	%ebp,		%eax
-	/* 16 */
-	addl	%edi,		%ebp
-	movl	%ebx,		%edi
-	subl	%eax,		%esi
-	andl	%eax,		%edi
-	andl	%ecx,		%esi
-	orl	%esi,		%edi
-	movl	20(%esp),	%esi
-	roll	$10,		%ebx
-	leal	1518500249(%ebp,%edi,1),%ebp
-	movl	$-1,		%edi
-	roll	$7,		%ebp
-	addl	%edx,		%ebp
-	/* 17 */
-	addl	%esi,		%edx
-	movl	%eax,		%esi
-	subl	%ebp,		%edi
-	andl	%ebp,		%esi
-	andl	%ebx,		%edi
-	orl	%edi,		%esi
-	movl	56(%esp),	%edi
-	roll	$10,		%eax
-	leal	1518500249(%edx,%esi,1),%edx
-	movl	$-1,		%esi
-	roll	$6,		%edx
-	addl	%ecx,		%edx
-	/* 18 */
-	addl	%edi,		%ecx
-	movl	%ebp,		%edi
-	subl	%edx,		%esi
-	andl	%edx,		%edi
-	andl	%eax,		%esi
-	orl	%esi,		%edi
-	movl	8(%esp),	%esi
-	roll	$10,		%ebp
-	leal	1518500249(%ecx,%edi,1),%ecx
-	movl	$-1,		%edi
-	roll	$8,		%ecx
-	addl	%ebx,		%ecx
-	/* 19 */
-	addl	%esi,		%ebx
-	movl	%edx,		%esi
-	subl	%ecx,		%edi
-	andl	%ecx,		%esi
-	andl	%ebp,		%edi
-	orl	%edi,		%esi
-	movl	44(%esp),	%edi
-	roll	$10,		%edx
-	leal	1518500249(%ebx,%esi,1),%ebx
-	movl	$-1,		%esi
-	roll	$13,		%ebx
-	addl	%eax,		%ebx
-	/* 20 */
-	addl	%edi,		%eax
-	movl	%ecx,		%edi
-	subl	%ebx,		%esi
-	andl	%ebx,		%edi
-	andl	%edx,		%esi
-	orl	%esi,		%edi
-	movl	28(%esp),	%esi
-	roll	$10,		%ecx
-	leal	1518500249(%eax,%edi,1),%eax
-	movl	$-1,		%edi
-	roll	$11,		%eax
-	addl	%ebp,		%eax
-	/* 21 */
-	addl	%esi,		%ebp
-	movl	%ebx,		%esi
-	subl	%eax,		%edi
-	andl	%eax,		%esi
-	andl	%ecx,		%edi
-	orl	%edi,		%esi
-	movl	64(%esp),	%edi
-	roll	$10,		%ebx
-	leal	1518500249(%ebp,%esi,1),%ebp
-	movl	$-1,		%esi
-	roll	$9,		%ebp
-	addl	%edx,		%ebp
-	/* 22 */
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	subl	%ebp,		%esi
-	andl	%ebp,		%edi
-	andl	%ebx,		%esi
-	orl	%esi,		%edi
-	movl	16(%esp),	%esi
-	roll	$10,		%eax
-	leal	1518500249(%edx,%edi,1),%edx
-	movl	$-1,		%edi
-	roll	$7,		%edx
-	addl	%ecx,		%edx
-	/* 23 */
-	addl	%esi,		%ecx
-	movl	%ebp,		%esi
-	subl	%edx,		%edi
-	andl	%edx,		%esi
-	andl	%eax,		%edi
-	orl	%edi,		%esi
-	movl	52(%esp),	%edi
-	roll	$10,		%ebp
-	leal	1518500249(%ecx,%esi,1),%ecx
-	movl	$-1,		%esi
-	roll	$15,		%ecx
-	addl	%ebx,		%ecx
-	/* 24 */
-	addl	%edi,		%ebx
-	movl	%edx,		%edi
-	subl	%ecx,		%esi
-	andl	%ecx,		%edi
-	andl	%ebp,		%esi
-	orl	%esi,		%edi
-	movl	4(%esp),	%esi
-	roll	$10,		%edx
-	leal	1518500249(%ebx,%edi,1),%ebx
-	movl	$-1,		%edi
-	roll	$7,		%ebx
-	addl	%eax,		%ebx
-	/* 25 */
-	addl	%esi,		%eax
-	movl	%ecx,		%esi
-	subl	%ebx,		%edi
-	andl	%ebx,		%esi
-	andl	%edx,		%edi
-	orl	%edi,		%esi
-	movl	40(%esp),	%edi
-	roll	$10,		%ecx
-	leal	1518500249(%eax,%esi,1),%eax
-	movl	$-1,		%esi
-	roll	$12,		%eax
-	addl	%ebp,		%eax
-	/* 26 */
-	addl	%edi,		%ebp
-	movl	%ebx,		%edi
-	subl	%eax,		%esi
-	andl	%eax,		%edi
-	andl	%ecx,		%esi
-	orl	%esi,		%edi
-	movl	24(%esp),	%esi
-	roll	$10,		%ebx
-	leal	1518500249(%ebp,%edi,1),%ebp
-	movl	$-1,		%edi
-	roll	$15,		%ebp
-	addl	%edx,		%ebp
-	/* 27 */
-	addl	%esi,		%edx
-	movl	%eax,		%esi
-	subl	%ebp,		%edi
-	andl	%ebp,		%esi
-	andl	%ebx,		%edi
-	orl	%edi,		%esi
-	movl	12(%esp),	%edi
-	roll	$10,		%eax
-	leal	1518500249(%edx,%esi,1),%edx
-	movl	$-1,		%esi
-	roll	$9,		%edx
-	addl	%ecx,		%edx
-	/* 28 */
-	addl	%edi,		%ecx
-	movl	%ebp,		%edi
-	subl	%edx,		%esi
-	andl	%edx,		%edi
-	andl	%eax,		%esi
-	orl	%esi,		%edi
-	movl	60(%esp),	%esi
-	roll	$10,		%ebp
-	leal	1518500249(%ecx,%edi,1),%ecx
-	movl	$-1,		%edi
-	roll	$11,		%ecx
-	addl	%ebx,		%ecx
-	/* 29 */
-	addl	%esi,		%ebx
-	movl	%edx,		%esi
-	subl	%ecx,		%edi
-	andl	%ecx,		%esi
-	andl	%ebp,		%edi
-	orl	%edi,		%esi
-	movl	48(%esp),	%edi
-	roll	$10,		%edx
-	leal	1518500249(%ebx,%esi,1),%ebx
-	movl	$-1,		%esi
-	roll	$7,		%ebx
-	addl	%eax,		%ebx
-	/* 30 */
-	addl	%edi,		%eax
-	movl	%ecx,		%edi
-	subl	%ebx,		%esi
-	andl	%ebx,		%edi
-	andl	%edx,		%esi
-	orl	%esi,		%edi
-	movl	36(%esp),	%esi
-	roll	$10,		%ecx
-	leal	1518500249(%eax,%edi,1),%eax
-	movl	$-1,		%edi
-	roll	$13,		%eax
-	addl	%ebp,		%eax
-	/* 31 */
-	addl	%esi,		%ebp
-	movl	%ebx,		%esi
-	subl	%eax,		%edi
-	andl	%eax,		%esi
-	andl	%ecx,		%edi
-	orl	%edi,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ebx
-	leal	1518500249(%ebp,%esi,1),%ebp
-	subl	%eax,		%edi
-	roll	$12,		%ebp
-	addl	%edx,		%ebp
-	/* 32 */
-	movl	16(%esp),	%esi
-	orl	%ebp,		%edi
-	addl	%esi,		%edx
-	xorl	%ebx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%eax
-	leal	1859775393(%edx,%edi,1),%edx
-	subl	%ebp,		%esi
-	roll	$11,		%edx
-	addl	%ecx,		%edx
-	/* 33 */
-	movl	44(%esp),	%edi
-	orl	%edx,		%esi
-	addl	%edi,		%ecx
-	xorl	%eax,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ebp
-	leal	1859775393(%ecx,%esi,1),%ecx
-	subl	%edx,		%edi
-	roll	$13,		%ecx
-	addl	%ebx,		%ecx
-	/* 34 */
-	movl	60(%esp),	%esi
-	orl	%ecx,		%edi
-	addl	%esi,		%ebx
-	xorl	%ebp,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%edx
-	leal	1859775393(%ebx,%edi,1),%ebx
-	subl	%ecx,		%esi
-	roll	$6,		%ebx
-	addl	%eax,		%ebx
-	/* 35 */
-	movl	20(%esp),	%edi
-	orl	%ebx,		%esi
-	addl	%edi,		%eax
-	xorl	%edx,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ecx
-	leal	1859775393(%eax,%esi,1),%eax
-	subl	%ebx,		%edi
-	roll	$7,		%eax
-	addl	%ebp,		%eax
-	/* 36 */
-	movl	40(%esp),	%esi
-	orl	%eax,		%edi
-	addl	%esi,		%ebp
-	xorl	%ecx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%ebx
-	leal	1859775393(%ebp,%edi,1),%ebp
-	subl	%eax,		%esi
-	roll	$14,		%ebp
-	addl	%edx,		%ebp
-	/* 37 */
-	movl	64(%esp),	%edi
-	orl	%ebp,		%esi
-	addl	%edi,		%edx
-	xorl	%ebx,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%eax
-	leal	1859775393(%edx,%esi,1),%edx
-	subl	%ebp,		%edi
-	roll	$9,		%edx
-	addl	%ecx,		%edx
-	/* 38 */
-	movl	36(%esp),	%esi
-	orl	%edx,		%edi
-	addl	%esi,		%ecx
-	xorl	%eax,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%ebp
-	leal	1859775393(%ecx,%edi,1),%ecx
-	subl	%edx,		%esi
-	roll	$13,		%ecx
-	addl	%ebx,		%ecx
-	/* 39 */
-	movl	8(%esp),	%edi
-	orl	%ecx,		%esi
-	addl	%edi,		%ebx
-	xorl	%ebp,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%edx
-	leal	1859775393(%ebx,%esi,1),%ebx
-	subl	%ecx,		%edi
-	roll	$15,		%ebx
-	addl	%eax,		%ebx
-	/* 40 */
-	movl	12(%esp),	%esi
-	orl	%ebx,		%edi
-	addl	%esi,		%eax
-	xorl	%edx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%ecx
-	leal	1859775393(%eax,%edi,1),%eax
-	subl	%ebx,		%esi
-	roll	$14,		%eax
-	addl	%ebp,		%eax
-	/* 41 */
-	movl	32(%esp),	%edi
-	orl	%eax,		%esi
-	addl	%edi,		%ebp
-	xorl	%ecx,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ebx
-	leal	1859775393(%ebp,%esi,1),%ebp
-	subl	%eax,		%edi
-	roll	$8,		%ebp
-	addl	%edx,		%ebp
-	/* 42 */
-	movl	4(%esp),	%esi
-	orl	%ebp,		%edi
-	addl	%esi,		%edx
-	xorl	%ebx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%eax
-	leal	1859775393(%edx,%edi,1),%edx
-	subl	%ebp,		%esi
-	roll	$13,		%edx
-	addl	%ecx,		%edx
-	/* 43 */
-	movl	28(%esp),	%edi
-	orl	%edx,		%esi
-	addl	%edi,		%ecx
-	xorl	%eax,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ebp
-	leal	1859775393(%ecx,%esi,1),%ecx
-	subl	%edx,		%edi
-	roll	$6,		%ecx
-	addl	%ebx,		%ecx
-	/* 44 */
-	movl	56(%esp),	%esi
-	orl	%ecx,		%edi
-	addl	%esi,		%ebx
-	xorl	%ebp,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%edx
-	leal	1859775393(%ebx,%edi,1),%ebx
-	subl	%ecx,		%esi
-	roll	$5,		%ebx
-	addl	%eax,		%ebx
-	/* 45 */
-	movl	48(%esp),	%edi
-	orl	%ebx,		%esi
-	addl	%edi,		%eax
-	xorl	%edx,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ecx
-	leal	1859775393(%eax,%esi,1),%eax
-	subl	%ebx,		%edi
-	roll	$12,		%eax
-	addl	%ebp,		%eax
-	/* 46 */
-	movl	24(%esp),	%esi
-	orl	%eax,		%edi
-	addl	%esi,		%ebp
-	xorl	%ecx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%ebx
-	leal	1859775393(%ebp,%edi,1),%ebp
-	subl	%eax,		%esi
-	roll	$7,		%ebp
-	addl	%edx,		%ebp
-	/* 47 */
-	movl	52(%esp),	%edi
-	orl	%ebp,		%esi
-	addl	%edi,		%edx
-	xorl	%ebx,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%eax
-	leal	1859775393(%edx,%esi,1),%edx
-	movl	%eax,		%esi
-	roll	$5,		%edx
-	addl	%ecx,		%edx
-	/* 48 */
-	subl	%eax,		%edi
-	andl	%edx,		%esi
-	andl	%ebp,		%edi
-	orl	%esi,		%edi
-	movl	8(%esp),	%esi
-	roll	$10,		%ebp
-	leal	2400959708(%ecx,%edi,),%ecx
-	movl	$-1,		%edi
-	addl	%esi,		%ecx
-	movl	%ebp,		%esi
-	roll	$11,		%ecx
-	addl	%ebx,		%ecx
-	/* 49 */
-	subl	%ebp,		%edi
-	andl	%ecx,		%esi
-	andl	%edx,		%edi
-	orl	%esi,		%edi
-	movl	40(%esp),	%esi
-	roll	$10,		%edx
-	leal	2400959708(%ebx,%edi,),%ebx
-	movl	$-1,		%edi
-	addl	%esi,		%ebx
-	movl	%edx,		%esi
-	roll	$12,		%ebx
-	addl	%eax,		%ebx
-	/* 50 */
-	subl	%edx,		%edi
-	andl	%ebx,		%esi
-	andl	%ecx,		%edi
-	orl	%esi,		%edi
-	movl	48(%esp),	%esi
-	roll	$10,		%ecx
-	leal	2400959708(%eax,%edi,),%eax
-	movl	$-1,		%edi
-	addl	%esi,		%eax
-	movl	%ecx,		%esi
-	roll	$14,		%eax
-	addl	%ebp,		%eax
-	/* 51 */
-	subl	%ecx,		%edi
-	andl	%eax,		%esi
-	andl	%ebx,		%edi
-	orl	%esi,		%edi
-	movl	44(%esp),	%esi
-	roll	$10,		%ebx
-	leal	2400959708(%ebp,%edi,),%ebp
-	movl	$-1,		%edi
-	addl	%esi,		%ebp
-	movl	%ebx,		%esi
-	roll	$15,		%ebp
-	addl	%edx,		%ebp
-	/* 52 */
-	subl	%ebx,		%edi
-	andl	%ebp,		%esi
-	andl	%eax,		%edi
-	orl	%esi,		%edi
-	movl	4(%esp),	%esi
-	roll	$10,		%eax
-	leal	2400959708(%edx,%edi,),%edx
-	movl	$-1,		%edi
-	addl	%esi,		%edx
-	movl	%eax,		%esi
-	roll	$14,		%edx
-	addl	%ecx,		%edx
-	/* 53 */
-	subl	%eax,		%edi
-	andl	%edx,		%esi
-	andl	%ebp,		%edi
-	orl	%esi,		%edi
-	movl	36(%esp),	%esi
-	roll	$10,		%ebp
-	leal	2400959708(%ecx,%edi,),%ecx
-	movl	$-1,		%edi
-	addl	%esi,		%ecx
-	movl	%ebp,		%esi
-	roll	$15,		%ecx
-	addl	%ebx,		%ecx
-	/* 54 */
-	subl	%ebp,		%edi
-	andl	%ecx,		%esi
-	andl	%edx,		%edi
-	orl	%esi,		%edi
-	movl	52(%esp),	%esi
-	roll	$10,		%edx
-	leal	2400959708(%ebx,%edi,),%ebx
-	movl	$-1,		%edi
-	addl	%esi,		%ebx
-	movl	%edx,		%esi
-	roll	$9,		%ebx
-	addl	%eax,		%ebx
-	/* 55 */
-	subl	%edx,		%edi
-	andl	%ebx,		%esi
-	andl	%ecx,		%edi
-	orl	%esi,		%edi
-	movl	20(%esp),	%esi
-	roll	$10,		%ecx
-	leal	2400959708(%eax,%edi,),%eax
-	movl	$-1,		%edi
-	addl	%esi,		%eax
-	movl	%ecx,		%esi
-	roll	$8,		%eax
-	addl	%ebp,		%eax
-	/* 56 */
-	subl	%ecx,		%edi
-	andl	%eax,		%esi
-	andl	%ebx,		%edi
-	orl	%esi,		%edi
-	movl	56(%esp),	%esi
-	roll	$10,		%ebx
-	leal	2400959708(%ebp,%edi,),%ebp
-	movl	$-1,		%edi
-	addl	%esi,		%ebp
-	movl	%ebx,		%esi
-	roll	$9,		%ebp
-	addl	%edx,		%ebp
-	/* 57 */
-	subl	%ebx,		%edi
-	andl	%ebp,		%esi
-	andl	%eax,		%edi
-	orl	%esi,		%edi
-	movl	16(%esp),	%esi
-	roll	$10,		%eax
-	leal	2400959708(%edx,%edi,),%edx
-	movl	$-1,		%edi
-	addl	%esi,		%edx
-	movl	%eax,		%esi
-	roll	$14,		%edx
-	addl	%ecx,		%edx
-	/* 58 */
-	subl	%eax,		%edi
-	andl	%edx,		%esi
-	andl	%ebp,		%edi
-	orl	%esi,		%edi
-	movl	32(%esp),	%esi
-	roll	$10,		%ebp
-	leal	2400959708(%ecx,%edi,),%ecx
-	movl	$-1,		%edi
-	addl	%esi,		%ecx
-	movl	%ebp,		%esi
-	roll	$5,		%ecx
-	addl	%ebx,		%ecx
-	/* 59 */
-	subl	%ebp,		%edi
-	andl	%ecx,		%esi
-	andl	%edx,		%edi
-	orl	%esi,		%edi
-	movl	64(%esp),	%esi
-	roll	$10,		%edx
-	leal	2400959708(%ebx,%edi,),%ebx
-	movl	$-1,		%edi
-	addl	%esi,		%ebx
-	movl	%edx,		%esi
-	roll	$6,		%ebx
-	addl	%eax,		%ebx
-	/* 60 */
-	subl	%edx,		%edi
-	andl	%ebx,		%esi
-	andl	%ecx,		%edi
-	orl	%esi,		%edi
-	movl	60(%esp),	%esi
-	roll	$10,		%ecx
-	leal	2400959708(%eax,%edi,),%eax
-	movl	$-1,		%edi
-	addl	%esi,		%eax
-	movl	%ecx,		%esi
-	roll	$8,		%eax
-	addl	%ebp,		%eax
-	/* 61 */
-	subl	%ecx,		%edi
-	andl	%eax,		%esi
-	andl	%ebx,		%edi
-	orl	%esi,		%edi
-	movl	24(%esp),	%esi
-	roll	$10,		%ebx
-	leal	2400959708(%ebp,%edi,),%ebp
-	movl	$-1,		%edi
-	addl	%esi,		%ebp
-	movl	%ebx,		%esi
-	roll	$6,		%ebp
-	addl	%edx,		%ebp
-	/* 62 */
-	subl	%ebx,		%edi
-	andl	%ebp,		%esi
-	andl	%eax,		%edi
-	orl	%esi,		%edi
-	movl	28(%esp),	%esi
-	roll	$10,		%eax
-	leal	2400959708(%edx,%edi,),%edx
-	movl	$-1,		%edi
-	addl	%esi,		%edx
-	movl	%eax,		%esi
-	roll	$5,		%edx
-	addl	%ecx,		%edx
-	/* 63 */
-	subl	%eax,		%edi
-	andl	%edx,		%esi
-	andl	%ebp,		%edi
-	orl	%esi,		%edi
-	movl	12(%esp),	%esi
-	roll	$10,		%ebp
-	leal	2400959708(%ecx,%edi,),%ecx
-	movl	$-1,		%edi
-	addl	%esi,		%ecx
-	subl	%ebp,		%edi
-	roll	$12,		%ecx
-	addl	%ebx,		%ecx
-	/* 64 */
-	movl	20(%esp),	%esi
-	orl	%edx,		%edi
-	addl	%esi,		%ebx
-	xorl	%ecx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%edx
-	leal	2840853838(%ebx,%edi,1),%ebx
-	subl	%edx,		%esi
-	roll	$9,		%ebx
-	addl	%eax,		%ebx
-	/* 65 */
-	movl	4(%esp),	%edi
-	orl	%ecx,		%esi
-	addl	%edi,		%eax
-	xorl	%ebx,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ecx
-	leal	2840853838(%eax,%esi,1),%eax
-	subl	%ecx,		%edi
-	roll	$15,		%eax
-	addl	%ebp,		%eax
-	/* 66 */
-	movl	24(%esp),	%esi
-	orl	%ebx,		%edi
-	addl	%esi,		%ebp
-	xorl	%eax,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%ebx
-	leal	2840853838(%ebp,%edi,1),%ebp
-	subl	%ebx,		%esi
-	roll	$5,		%ebp
-	addl	%edx,		%ebp
-	/* 67 */
-	movl	40(%esp),	%edi
-	orl	%eax,		%esi
-	addl	%edi,		%edx
-	xorl	%ebp,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%eax
-	leal	2840853838(%edx,%esi,1),%edx
-	subl	%eax,		%edi
-	roll	$11,		%edx
-	addl	%ecx,		%edx
-	/* 68 */
-	movl	32(%esp),	%esi
-	orl	%ebp,		%edi
-	addl	%esi,		%ecx
-	xorl	%edx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%ebp
-	leal	2840853838(%ecx,%edi,1),%ecx
-	subl	%ebp,		%esi
-	roll	$6,		%ecx
-	addl	%ebx,		%ecx
-	/* 69 */
-	movl	52(%esp),	%edi
-	orl	%edx,		%esi
-	addl	%edi,		%ebx
-	xorl	%ecx,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%edx
-	leal	2840853838(%ebx,%esi,1),%ebx
-	subl	%edx,		%edi
-	roll	$8,		%ebx
-	addl	%eax,		%ebx
-	/* 70 */
-	movl	12(%esp),	%esi
-	orl	%ecx,		%edi
-	addl	%esi,		%eax
-	xorl	%ebx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%ecx
-	leal	2840853838(%eax,%edi,1),%eax
-	subl	%ecx,		%esi
-	roll	$13,		%eax
-	addl	%ebp,		%eax
-	/* 71 */
-	movl	44(%esp),	%edi
-	orl	%ebx,		%esi
-	addl	%edi,		%ebp
-	xorl	%eax,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ebx
-	leal	2840853838(%ebp,%esi,1),%ebp
-	subl	%ebx,		%edi
-	roll	$12,		%ebp
-	addl	%edx,		%ebp
-	/* 72 */
-	movl	60(%esp),	%esi
-	orl	%eax,		%edi
-	addl	%esi,		%edx
-	xorl	%ebp,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%eax
-	leal	2840853838(%edx,%edi,1),%edx
-	subl	%eax,		%esi
-	roll	$5,		%edx
-	addl	%ecx,		%edx
-	/* 73 */
-	movl	8(%esp),	%edi
-	orl	%ebp,		%esi
-	addl	%edi,		%ecx
-	xorl	%edx,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ebp
-	leal	2840853838(%ecx,%esi,1),%ecx
-	subl	%ebp,		%edi
-	roll	$12,		%ecx
-	addl	%ebx,		%ecx
-	/* 74 */
-	movl	16(%esp),	%esi
-	orl	%edx,		%edi
-	addl	%esi,		%ebx
-	xorl	%ecx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%edx
-	leal	2840853838(%ebx,%edi,1),%ebx
-	subl	%edx,		%esi
-	roll	$13,		%ebx
-	addl	%eax,		%ebx
-	/* 75 */
-	movl	36(%esp),	%edi
-	orl	%ecx,		%esi
-	addl	%edi,		%eax
-	xorl	%ebx,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ecx
-	leal	2840853838(%eax,%esi,1),%eax
-	subl	%ecx,		%edi
-	roll	$14,		%eax
-	addl	%ebp,		%eax
-	/* 76 */
-	movl	48(%esp),	%esi
-	orl	%ebx,		%edi
-	addl	%esi,		%ebp
-	xorl	%eax,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%ebx
-	leal	2840853838(%ebp,%edi,1),%ebp
-	subl	%ebx,		%esi
-	roll	$11,		%ebp
-	addl	%edx,		%ebp
-	/* 77 */
-	movl	28(%esp),	%edi
-	orl	%eax,		%esi
-	addl	%edi,		%edx
-	xorl	%ebp,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%eax
-	leal	2840853838(%edx,%esi,1),%edx
-	subl	%eax,		%edi
-	roll	$8,		%edx
-	addl	%ecx,		%edx
-	/* 78 */
-	movl	64(%esp),	%esi
-	orl	%ebp,		%edi
-	addl	%esi,		%ecx
-	xorl	%edx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%ebp
-	leal	2840853838(%ecx,%edi,1),%ecx
-	subl	%ebp,		%esi
-	roll	$5,		%ecx
-	addl	%ebx,		%ecx
-	/* 79 */
-	movl	56(%esp),	%edi
-	orl	%edx,		%esi
-	addl	%edi,		%ebx
-	xorl	%ecx,		%esi
-	movl	108(%esp),	%edi
-	roll	$10,		%edx
-	leal	2840853838(%ebx,%esi,1),%ebx
-	movl	%eax,		68(%esp)
-	roll	$6,		%ebx
-	addl	%eax,		%ebx
-	movl	(%edi),		%eax
-	movl	%ebx,		72(%esp)
-	movl	%ecx,		76(%esp)
-	movl	4(%edi),	%ebx
-	movl	%edx,		80(%esp)
-	movl	8(%edi),	%ecx
-	movl	%ebp,		84(%esp)
-	movl	12(%edi),	%edx
-	movl	16(%edi),	%ebp
-	/* 80 */
-	movl	$-1,		%edi
-	subl	%edx,		%edi
-	movl	24(%esp),	%esi
-	orl	%ecx,		%edi
-	addl	%esi,		%eax
-	xorl	%ebx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%ecx
-	leal	1352829926(%eax,%edi,1),%eax
-	subl	%ecx,		%esi
-	roll	$8,		%eax
-	addl	%ebp,		%eax
-	/* 81 */
-	movl	60(%esp),	%edi
-	orl	%ebx,		%esi
-	addl	%edi,		%ebp
-	xorl	%eax,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ebx
-	leal	1352829926(%ebp,%esi,1),%ebp
-	subl	%ebx,		%edi
-	roll	$9,		%ebp
-	addl	%edx,		%ebp
-	/* 82 */
-	movl	32(%esp),	%esi
-	orl	%eax,		%edi
-	addl	%esi,		%edx
-	xorl	%ebp,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%eax
-	leal	1352829926(%edx,%edi,1),%edx
-	subl	%eax,		%esi
-	roll	$9,		%edx
-	addl	%ecx,		%edx
-	/* 83 */
-	movl	4(%esp),	%edi
-	orl	%ebp,		%esi
-	addl	%edi,		%ecx
-	xorl	%edx,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ebp
-	leal	1352829926(%ecx,%esi,1),%ecx
-	subl	%ebp,		%edi
-	roll	$11,		%ecx
-	addl	%ebx,		%ecx
-	/* 84 */
-	movl	40(%esp),	%esi
-	orl	%edx,		%edi
-	addl	%esi,		%ebx
-	xorl	%ecx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%edx
-	leal	1352829926(%ebx,%edi,1),%ebx
-	subl	%edx,		%esi
-	roll	$13,		%ebx
-	addl	%eax,		%ebx
-	/* 85 */
-	movl	12(%esp),	%edi
-	orl	%ecx,		%esi
-	addl	%edi,		%eax
-	xorl	%ebx,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ecx
-	leal	1352829926(%eax,%esi,1),%eax
-	subl	%ecx,		%edi
-	roll	$15,		%eax
-	addl	%ebp,		%eax
-	/* 86 */
-	movl	48(%esp),	%esi
-	orl	%ebx,		%edi
-	addl	%esi,		%ebp
-	xorl	%eax,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%ebx
-	leal	1352829926(%ebp,%edi,1),%ebp
-	subl	%ebx,		%esi
-	roll	$15,		%ebp
-	addl	%edx,		%ebp
-	/* 87 */
-	movl	20(%esp),	%edi
-	orl	%eax,		%esi
-	addl	%edi,		%edx
-	xorl	%ebp,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%eax
-	leal	1352829926(%edx,%esi,1),%edx
-	subl	%eax,		%edi
-	roll	$5,		%edx
-	addl	%ecx,		%edx
-	/* 88 */
-	movl	56(%esp),	%esi
-	orl	%ebp,		%edi
-	addl	%esi,		%ecx
-	xorl	%edx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%ebp
-	leal	1352829926(%ecx,%edi,1),%ecx
-	subl	%ebp,		%esi
-	roll	$7,		%ecx
-	addl	%ebx,		%ecx
-	/* 89 */
-	movl	28(%esp),	%edi
-	orl	%edx,		%esi
-	addl	%edi,		%ebx
-	xorl	%ecx,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%edx
-	leal	1352829926(%ebx,%esi,1),%ebx
-	subl	%edx,		%edi
-	roll	$7,		%ebx
-	addl	%eax,		%ebx
-	/* 90 */
-	movl	64(%esp),	%esi
-	orl	%ecx,		%edi
-	addl	%esi,		%eax
-	xorl	%ebx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%ecx
-	leal	1352829926(%eax,%edi,1),%eax
-	subl	%ecx,		%esi
-	roll	$8,		%eax
-	addl	%ebp,		%eax
-	/* 91 */
-	movl	36(%esp),	%edi
-	orl	%ebx,		%esi
-	addl	%edi,		%ebp
-	xorl	%eax,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ebx
-	leal	1352829926(%ebp,%esi,1),%ebp
-	subl	%ebx,		%edi
-	roll	$11,		%ebp
-	addl	%edx,		%ebp
-	/* 92 */
-	movl	8(%esp),	%esi
-	orl	%eax,		%edi
-	addl	%esi,		%edx
-	xorl	%ebp,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%eax
-	leal	1352829926(%edx,%edi,1),%edx
-	subl	%eax,		%esi
-	roll	$14,		%edx
-	addl	%ecx,		%edx
-	/* 93 */
-	movl	44(%esp),	%edi
-	orl	%ebp,		%esi
-	addl	%edi,		%ecx
-	xorl	%edx,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ebp
-	leal	1352829926(%ecx,%esi,1),%ecx
-	subl	%ebp,		%edi
-	roll	$14,		%ecx
-	addl	%ebx,		%ecx
-	/* 94 */
-	movl	16(%esp),	%esi
-	orl	%edx,		%edi
-	addl	%esi,		%ebx
-	xorl	%ecx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%edx
-	leal	1352829926(%ebx,%edi,1),%ebx
-	subl	%edx,		%esi
-	roll	$12,		%ebx
-	addl	%eax,		%ebx
-	/* 95 */
-	movl	52(%esp),	%edi
-	orl	%ecx,		%esi
-	addl	%edi,		%eax
-	xorl	%ebx,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ecx
-	leal	1352829926(%eax,%esi,1),%eax
-	movl	%ecx,		%esi
-	roll	$6,		%eax
-	addl	%ebp,		%eax
-	/* 96 */
-	subl	%ecx,		%edi
-	andl	%eax,		%esi
-	andl	%ebx,		%edi
-	orl	%esi,		%edi
-	movl	28(%esp),	%esi
-	roll	$10,		%ebx
-	leal	1548603684(%ebp,%edi,),%ebp
-	movl	$-1,		%edi
-	addl	%esi,		%ebp
-	movl	%ebx,		%esi
-	roll	$9,		%ebp
-	addl	%edx,		%ebp
-	/* 97 */
-	subl	%ebx,		%edi
-	andl	%ebp,		%esi
-	andl	%eax,		%edi
-	orl	%esi,		%edi
-	movl	48(%esp),	%esi
-	roll	$10,		%eax
-	leal	1548603684(%edx,%edi,),%edx
-	movl	$-1,		%edi
-	addl	%esi,		%edx
-	movl	%eax,		%esi
-	roll	$13,		%edx
-	addl	%ecx,		%edx
-	/* 98 */
-	subl	%eax,		%edi
-	andl	%edx,		%esi
-	andl	%ebp,		%edi
-	orl	%esi,		%edi
-	movl	16(%esp),	%esi
-	roll	$10,		%ebp
-	leal	1548603684(%ecx,%edi,),%ecx
-	movl	$-1,		%edi
-	addl	%esi,		%ecx
-	movl	%ebp,		%esi
-	roll	$15,		%ecx
-	addl	%ebx,		%ecx
-	/* 99 */
-	subl	%ebp,		%edi
-	andl	%ecx,		%esi
-	andl	%edx,		%edi
-	orl	%esi,		%edi
-	movl	32(%esp),	%esi
-	roll	$10,		%edx
-	leal	1548603684(%ebx,%edi,),%ebx
-	movl	$-1,		%edi
-	addl	%esi,		%ebx
-	movl	%edx,		%esi
-	roll	$7,		%ebx
-	addl	%eax,		%ebx
-	/* 100 */
-	subl	%edx,		%edi
-	andl	%ebx,		%esi
-	andl	%ecx,		%edi
-	orl	%esi,		%edi
-	movl	4(%esp),	%esi
-	roll	$10,		%ecx
-	leal	1548603684(%eax,%edi,),%eax
-	movl	$-1,		%edi
-	addl	%esi,		%eax
-	movl	%ecx,		%esi
-	roll	$12,		%eax
-	addl	%ebp,		%eax
-	/* 101 */
-	subl	%ecx,		%edi
-	andl	%eax,		%esi
-	andl	%ebx,		%edi
-	orl	%esi,		%edi
-	movl	56(%esp),	%esi
-	roll	$10,		%ebx
-	leal	1548603684(%ebp,%edi,),%ebp
-	movl	$-1,		%edi
-	addl	%esi,		%ebp
-	movl	%ebx,		%esi
-	roll	$8,		%ebp
-	addl	%edx,		%ebp
-	/* 102 */
-	subl	%ebx,		%edi
-	andl	%ebp,		%esi
-	andl	%eax,		%edi
-	orl	%esi,		%edi
-	movl	24(%esp),	%esi
-	roll	$10,		%eax
-	leal	1548603684(%edx,%edi,),%edx
-	movl	$-1,		%edi
-	addl	%esi,		%edx
-	movl	%eax,		%esi
-	roll	$9,		%edx
-	addl	%ecx,		%edx
-	/* 103 */
-	subl	%eax,		%edi
-	andl	%edx,		%esi
-	andl	%ebp,		%edi
-	orl	%esi,		%edi
-	movl	44(%esp),	%esi
-	roll	$10,		%ebp
-	leal	1548603684(%ecx,%edi,),%ecx
-	movl	$-1,		%edi
-	addl	%esi,		%ecx
-	movl	%ebp,		%esi
-	roll	$11,		%ecx
-	addl	%ebx,		%ecx
-	/* 104 */
-	subl	%ebp,		%edi
-	andl	%ecx,		%esi
-	andl	%edx,		%edi
-	orl	%esi,		%edi
-	movl	60(%esp),	%esi
-	roll	$10,		%edx
-	leal	1548603684(%ebx,%edi,),%ebx
-	movl	$-1,		%edi
-	addl	%esi,		%ebx
-	movl	%edx,		%esi
-	roll	$7,		%ebx
-	addl	%eax,		%ebx
-	/* 105 */
-	subl	%edx,		%edi
-	andl	%ebx,		%esi
-	andl	%ecx,		%edi
-	orl	%esi,		%edi
-	movl	64(%esp),	%esi
-	roll	$10,		%ecx
-	leal	1548603684(%eax,%edi,),%eax
-	movl	$-1,		%edi
-	addl	%esi,		%eax
-	movl	%ecx,		%esi
-	roll	$7,		%eax
-	addl	%ebp,		%eax
-	/* 106 */
-	subl	%ecx,		%edi
-	andl	%eax,		%esi
-	andl	%ebx,		%edi
-	orl	%esi,		%edi
-	movl	36(%esp),	%esi
-	roll	$10,		%ebx
-	leal	1548603684(%ebp,%edi,),%ebp
-	movl	$-1,		%edi
-	addl	%esi,		%ebp
-	movl	%ebx,		%esi
-	roll	$12,		%ebp
-	addl	%edx,		%ebp
-	/* 107 */
-	subl	%ebx,		%edi
-	andl	%ebp,		%esi
-	andl	%eax,		%edi
-	orl	%esi,		%edi
-	movl	52(%esp),	%esi
-	roll	$10,		%eax
-	leal	1548603684(%edx,%edi,),%edx
-	movl	$-1,		%edi
-	addl	%esi,		%edx
-	movl	%eax,		%esi
-	roll	$7,		%edx
-	addl	%ecx,		%edx
-	/* 108 */
-	subl	%eax,		%edi
-	andl	%edx,		%esi
-	andl	%ebp,		%edi
-	orl	%esi,		%edi
-	movl	20(%esp),	%esi
-	roll	$10,		%ebp
-	leal	1548603684(%ecx,%edi,),%ecx
-	movl	$-1,		%edi
-	addl	%esi,		%ecx
-	movl	%ebp,		%esi
-	roll	$6,		%ecx
-	addl	%ebx,		%ecx
-	/* 109 */
-	subl	%ebp,		%edi
-	andl	%ecx,		%esi
-	andl	%edx,		%edi
-	orl	%esi,		%edi
-	movl	40(%esp),	%esi
-	roll	$10,		%edx
-	leal	1548603684(%ebx,%edi,),%ebx
-	movl	$-1,		%edi
-	addl	%esi,		%ebx
-	movl	%edx,		%esi
-	roll	$15,		%ebx
-	addl	%eax,		%ebx
-	/* 110 */
-	subl	%edx,		%edi
-	andl	%ebx,		%esi
-	andl	%ecx,		%edi
-	orl	%esi,		%edi
-	movl	8(%esp),	%esi
-	roll	$10,		%ecx
-	leal	1548603684(%eax,%edi,),%eax
-	movl	$-1,		%edi
-	addl	%esi,		%eax
-	movl	%ecx,		%esi
-	roll	$13,		%eax
-	addl	%ebp,		%eax
-	/* 111 */
-	subl	%ecx,		%edi
-	andl	%eax,		%esi
-	andl	%ebx,		%edi
-	orl	%esi,		%edi
-	movl	12(%esp),	%esi
-	roll	$10,		%ebx
-	leal	1548603684(%ebp,%edi,),%ebp
-	movl	$-1,		%edi
-	addl	%esi,		%ebp
-	subl	%eax,		%edi
-	roll	$11,		%ebp
-	addl	%edx,		%ebp
-	/* 112 */
-	movl	64(%esp),	%esi
-	orl	%ebp,		%edi
-	addl	%esi,		%edx
-	xorl	%ebx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%eax
-	leal	1836072691(%edx,%edi,1),%edx
-	subl	%ebp,		%esi
-	roll	$9,		%edx
-	addl	%ecx,		%edx
-	/* 113 */
-	movl	24(%esp),	%edi
-	orl	%edx,		%esi
-	addl	%edi,		%ecx
-	xorl	%eax,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ebp
-	leal	1836072691(%ecx,%esi,1),%ecx
-	subl	%edx,		%edi
-	roll	$7,		%ecx
-	addl	%ebx,		%ecx
-	/* 114 */
-	movl	8(%esp),	%esi
-	orl	%ecx,		%edi
-	addl	%esi,		%ebx
-	xorl	%ebp,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%edx
-	leal	1836072691(%ebx,%edi,1),%ebx
-	subl	%ecx,		%esi
-	roll	$15,		%ebx
-	addl	%eax,		%ebx
-	/* 115 */
-	movl	16(%esp),	%edi
-	orl	%ebx,		%esi
-	addl	%edi,		%eax
-	xorl	%edx,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ecx
-	leal	1836072691(%eax,%esi,1),%eax
-	subl	%ebx,		%edi
-	roll	$11,		%eax
-	addl	%ebp,		%eax
-	/* 116 */
-	movl	32(%esp),	%esi
-	orl	%eax,		%edi
-	addl	%esi,		%ebp
-	xorl	%ecx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%ebx
-	leal	1836072691(%ebp,%edi,1),%ebp
-	subl	%eax,		%esi
-	roll	$8,		%ebp
-	addl	%edx,		%ebp
-	/* 117 */
-	movl	60(%esp),	%edi
-	orl	%ebp,		%esi
-	addl	%edi,		%edx
-	xorl	%ebx,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%eax
-	leal	1836072691(%edx,%esi,1),%edx
-	subl	%ebp,		%edi
-	roll	$6,		%edx
-	addl	%ecx,		%edx
-	/* 118 */
-	movl	28(%esp),	%esi
-	orl	%edx,		%edi
-	addl	%esi,		%ecx
-	xorl	%eax,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%ebp
-	leal	1836072691(%ecx,%edi,1),%ecx
-	subl	%edx,		%esi
-	roll	$6,		%ecx
-	addl	%ebx,		%ecx
-	/* 119 */
-	movl	40(%esp),	%edi
-	orl	%ecx,		%esi
-	addl	%edi,		%ebx
-	xorl	%ebp,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%edx
-	leal	1836072691(%ebx,%esi,1),%ebx
-	subl	%ecx,		%edi
-	roll	$14,		%ebx
-	addl	%eax,		%ebx
-	/* 120 */
-	movl	48(%esp),	%esi
-	orl	%ebx,		%edi
-	addl	%esi,		%eax
-	xorl	%edx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%ecx
-	leal	1836072691(%eax,%edi,1),%eax
-	subl	%ebx,		%esi
-	roll	$12,		%eax
-	addl	%ebp,		%eax
-	/* 121 */
-	movl	36(%esp),	%edi
-	orl	%eax,		%esi
-	addl	%edi,		%ebp
-	xorl	%ecx,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ebx
-	leal	1836072691(%ebp,%esi,1),%ebp
-	subl	%eax,		%edi
-	roll	$13,		%ebp
-	addl	%edx,		%ebp
-	/* 122 */
-	movl	52(%esp),	%esi
-	orl	%ebp,		%edi
-	addl	%esi,		%edx
-	xorl	%ebx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%eax
-	leal	1836072691(%edx,%edi,1),%edx
-	subl	%ebp,		%esi
-	roll	$5,		%edx
-	addl	%ecx,		%edx
-	/* 123 */
-	movl	12(%esp),	%edi
-	orl	%edx,		%esi
-	addl	%edi,		%ecx
-	xorl	%eax,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ebp
-	leal	1836072691(%ecx,%esi,1),%ecx
-	subl	%edx,		%edi
-	roll	$14,		%ecx
-	addl	%ebx,		%ecx
-	/* 124 */
-	movl	44(%esp),	%esi
-	orl	%ecx,		%edi
-	addl	%esi,		%ebx
-	xorl	%ebp,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%edx
-	leal	1836072691(%ebx,%edi,1),%ebx
-	subl	%ecx,		%esi
-	roll	$13,		%ebx
-	addl	%eax,		%ebx
-	/* 125 */
-	movl	4(%esp),	%edi
-	orl	%ebx,		%esi
-	addl	%edi,		%eax
-	xorl	%edx,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ecx
-	leal	1836072691(%eax,%esi,1),%eax
-	subl	%ebx,		%edi
-	roll	$13,		%eax
-	addl	%ebp,		%eax
-	/* 126 */
-	movl	20(%esp),	%esi
-	orl	%eax,		%edi
-	addl	%esi,		%ebp
-	xorl	%ecx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%ebx
-	leal	1836072691(%ebp,%edi,1),%ebp
-	subl	%eax,		%esi
-	roll	$7,		%ebp
-	addl	%edx,		%ebp
-	/* 127 */
-	movl	56(%esp),	%edi
-	orl	%ebp,		%esi
-	addl	%edi,		%edx
-	xorl	%ebx,		%esi
-	movl	36(%esp),	%edi
-	roll	$10,		%eax
-	leal	1836072691(%edx,%esi,1),%edx
-	movl	$-1,		%esi
-	roll	$5,		%edx
-	addl	%ecx,		%edx
-	/* 128 */
-	addl	%edi,		%ecx
-	movl	%ebp,		%edi
-	subl	%edx,		%esi
-	andl	%edx,		%edi
-	andl	%eax,		%esi
-	orl	%esi,		%edi
-	movl	28(%esp),	%esi
-	roll	$10,		%ebp
-	leal	2053994217(%ecx,%edi,1),%ecx
-	movl	$-1,		%edi
-	roll	$15,		%ecx
-	addl	%ebx,		%ecx
-	/* 129 */
-	addl	%esi,		%ebx
-	movl	%edx,		%esi
-	subl	%ecx,		%edi
-	andl	%ecx,		%esi
-	andl	%ebp,		%edi
-	orl	%edi,		%esi
-	movl	20(%esp),	%edi
-	roll	$10,		%edx
-	leal	2053994217(%ebx,%esi,1),%ebx
-	movl	$-1,		%esi
-	roll	$5,		%ebx
-	addl	%eax,		%ebx
-	/* 130 */
-	addl	%edi,		%eax
-	movl	%ecx,		%edi
-	subl	%ebx,		%esi
-	andl	%ebx,		%edi
-	andl	%edx,		%esi
-	orl	%esi,		%edi
-	movl	8(%esp),	%esi
-	roll	$10,		%ecx
-	leal	2053994217(%eax,%edi,1),%eax
-	movl	$-1,		%edi
-	roll	$8,		%eax
-	addl	%ebp,		%eax
-	/* 131 */
-	addl	%esi,		%ebp
-	movl	%ebx,		%esi
-	subl	%eax,		%edi
-	andl	%eax,		%esi
-	andl	%ecx,		%edi
-	orl	%edi,		%esi
-	movl	16(%esp),	%edi
-	roll	$10,		%ebx
-	leal	2053994217(%ebp,%esi,1),%ebp
-	movl	$-1,		%esi
-	roll	$11,		%ebp
-	addl	%edx,		%ebp
-	/* 132 */
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	subl	%ebp,		%esi
-	andl	%ebp,		%edi
-	andl	%ebx,		%esi
-	orl	%esi,		%edi
-	movl	48(%esp),	%esi
-	roll	$10,		%eax
-	leal	2053994217(%edx,%edi,1),%edx
-	movl	$-1,		%edi
-	roll	$14,		%edx
-	addl	%ecx,		%edx
-	/* 133 */
-	addl	%esi,		%ecx
-	movl	%ebp,		%esi
-	subl	%edx,		%edi
-	andl	%edx,		%esi
-	andl	%eax,		%edi
-	orl	%edi,		%esi
-	movl	64(%esp),	%edi
-	roll	$10,		%ebp
-	leal	2053994217(%ecx,%esi,1),%ecx
-	movl	$-1,		%esi
-	roll	$14,		%ecx
-	addl	%ebx,		%ecx
-	/* 134 */
-	addl	%edi,		%ebx
-	movl	%edx,		%edi
-	subl	%ecx,		%esi
-	andl	%ecx,		%edi
-	andl	%ebp,		%esi
-	orl	%esi,		%edi
-	movl	4(%esp),	%esi
-	roll	$10,		%edx
-	leal	2053994217(%ebx,%edi,1),%ebx
-	movl	$-1,		%edi
-	roll	$6,		%ebx
-	addl	%eax,		%ebx
-	/* 135 */
-	addl	%esi,		%eax
-	movl	%ecx,		%esi
-	subl	%ebx,		%edi
-	andl	%ebx,		%esi
-	andl	%edx,		%edi
-	orl	%edi,		%esi
-	movl	24(%esp),	%edi
-	roll	$10,		%ecx
-	leal	2053994217(%eax,%esi,1),%eax
-	movl	$-1,		%esi
-	roll	$14,		%eax
-	addl	%ebp,		%eax
-	/* 136 */
-	addl	%edi,		%ebp
-	movl	%ebx,		%edi
-	subl	%eax,		%esi
-	andl	%eax,		%edi
-	andl	%ecx,		%esi
-	orl	%esi,		%edi
-	movl	52(%esp),	%esi
-	roll	$10,		%ebx
-	leal	2053994217(%ebp,%edi,1),%ebp
-	movl	$-1,		%edi
-	roll	$6,		%ebp
-	addl	%edx,		%ebp
-	/* 137 */
-	addl	%esi,		%edx
-	movl	%eax,		%esi
-	subl	%ebp,		%edi
-	andl	%ebp,		%esi
-	andl	%ebx,		%edi
-	orl	%edi,		%esi
-	movl	12(%esp),	%edi
-	roll	$10,		%eax
-	leal	2053994217(%edx,%esi,1),%edx
-	movl	$-1,		%esi
-	roll	$9,		%edx
-	addl	%ecx,		%edx
-	/* 138 */
-	addl	%edi,		%ecx
-	movl	%ebp,		%edi
-	subl	%edx,		%esi
-	andl	%edx,		%edi
-	andl	%eax,		%esi
-	orl	%esi,		%edi
-	movl	56(%esp),	%esi
-	roll	$10,		%ebp
-	leal	2053994217(%ecx,%edi,1),%ecx
-	movl	$-1,		%edi
-	roll	$12,		%ecx
-	addl	%ebx,		%ecx
-	/* 139 */
-	addl	%esi,		%ebx
-	movl	%edx,		%esi
-	subl	%ecx,		%edi
-	andl	%ecx,		%esi
-	andl	%ebp,		%edi
-	orl	%edi,		%esi
-	movl	40(%esp),	%edi
-	roll	$10,		%edx
-	leal	2053994217(%ebx,%esi,1),%ebx
-	movl	$-1,		%esi
-	roll	$9,		%ebx
-	addl	%eax,		%ebx
-	/* 140 */
-	addl	%edi,		%eax
-	movl	%ecx,		%edi
-	subl	%ebx,		%esi
-	andl	%ebx,		%edi
-	andl	%edx,		%esi
-	orl	%esi,		%edi
-	movl	32(%esp),	%esi
-	roll	$10,		%ecx
-	leal	2053994217(%eax,%edi,1),%eax
-	movl	$-1,		%edi
-	roll	$12,		%eax
-	addl	%ebp,		%eax
-	/* 141 */
-	addl	%esi,		%ebp
-	movl	%ebx,		%esi
-	subl	%eax,		%edi
-	andl	%eax,		%esi
-	andl	%ecx,		%edi
-	orl	%edi,		%esi
-	movl	44(%esp),	%edi
-	roll	$10,		%ebx
-	leal	2053994217(%ebp,%esi,1),%ebp
-	movl	$-1,		%esi
-	roll	$5,		%ebp
-	addl	%edx,		%ebp
-	/* 142 */
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	subl	%ebp,		%esi
-	andl	%ebp,		%edi
-	andl	%ebx,		%esi
-	orl	%esi,		%edi
-	movl	60(%esp),	%esi
-	roll	$10,		%eax
-	leal	2053994217(%edx,%edi,1),%edx
-	movl	$-1,		%edi
-	roll	$15,		%edx
-	addl	%ecx,		%edx
-	/* 143 */
-	addl	%esi,		%ecx
-	movl	%ebp,		%esi
-	subl	%edx,		%edi
-	andl	%edx,		%esi
-	andl	%eax,		%edi
-	orl	%esi,		%edi
-	movl	%edx,		%esi
-	roll	$10,		%ebp
-	leal	2053994217(%ecx,%edi,1),%ecx
-	xorl	%ebp,		%esi
-	roll	$8,		%ecx
-	addl	%ebx,		%ecx
-	/* 144 */
-	movl	52(%esp),	%edi
-	xorl	%ecx,		%esi
-	addl	%edi,		%ebx
-	roll	$10,		%edx
-	addl	%esi,		%ebx
-	movl	%ecx,		%esi
-	roll	$8,		%ebx
-	addl	%eax,		%ebx
-	/* 145 */
-	xorl	%edx,		%esi
-	movl	64(%esp),	%edi
-	xorl	%ebx,		%esi
-	addl	%esi,		%eax
-	movl	%ebx,		%esi
-	roll	$10,		%ecx
-	addl	%edi,		%eax
-	xorl	%ecx,		%esi
-	roll	$5,		%eax
-	addl	%ebp,		%eax
-	/* 146 */
-	movl	44(%esp),	%edi
-	xorl	%eax,		%esi
-	addl	%edi,		%ebp
-	roll	$10,		%ebx
-	addl	%esi,		%ebp
-	movl	%eax,		%esi
-	roll	$12,		%ebp
-	addl	%edx,		%ebp
-	/* 147 */
-	xorl	%ebx,		%esi
-	movl	20(%esp),	%edi
-	xorl	%ebp,		%esi
-	addl	%esi,		%edx
-	movl	%ebp,		%esi
-	roll	$10,		%eax
-	addl	%edi,		%edx
-	xorl	%eax,		%esi
-	roll	$9,		%edx
-	addl	%ecx,		%edx
-	/* 148 */
-	movl	8(%esp),	%edi
-	xorl	%edx,		%esi
-	addl	%edi,		%ecx
-	roll	$10,		%ebp
-	addl	%esi,		%ecx
-	movl	%edx,		%esi
-	roll	$12,		%ecx
-	addl	%ebx,		%ecx
-	/* 149 */
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%edi
-	xorl	%ecx,		%esi
-	addl	%esi,		%ebx
-	movl	%ecx,		%esi
-	roll	$10,		%edx
-	addl	%edi,		%ebx
-	xorl	%edx,		%esi
-	roll	$5,		%ebx
-	addl	%eax,		%ebx
-	/* 150 */
-	movl	36(%esp),	%edi
-	xorl	%ebx,		%esi
-	addl	%edi,		%eax
-	roll	$10,		%ecx
-	addl	%esi,		%eax
-	movl	%ebx,		%esi
-	roll	$14,		%eax
-	addl	%ebp,		%eax
-	/* 151 */
-	xorl	%ecx,		%esi
-	movl	32(%esp),	%edi
-	xorl	%eax,		%esi
-	addl	%esi,		%ebp
-	movl	%eax,		%esi
-	roll	$10,		%ebx
-	addl	%edi,		%ebp
-	xorl	%ebx,		%esi
-	roll	$6,		%ebp
-	addl	%edx,		%ebp
-	/* 152 */
-	movl	28(%esp),	%edi
-	xorl	%ebp,		%esi
-	addl	%edi,		%edx
-	roll	$10,		%eax
-	addl	%esi,		%edx
-	movl	%ebp,		%esi
-	roll	$8,		%edx
-	addl	%ecx,		%edx
-	/* 153 */
-	xorl	%eax,		%esi
-	movl	12(%esp),	%edi
-	xorl	%edx,		%esi
-	addl	%esi,		%ecx
-	movl	%edx,		%esi
-	roll	$10,		%ebp
-	addl	%edi,		%ecx
-	xorl	%ebp,		%esi
-	roll	$13,		%ecx
-	addl	%ebx,		%ecx
-	/* 154 */
-	movl	56(%esp),	%edi
-	xorl	%ecx,		%esi
-	addl	%edi,		%ebx
-	roll	$10,		%edx
-	addl	%esi,		%ebx
-	movl	%ecx,		%esi
-	roll	$6,		%ebx
-	addl	%eax,		%ebx
-	/* 155 */
-	xorl	%edx,		%esi
-	movl	60(%esp),	%edi
-	xorl	%ebx,		%esi
-	addl	%esi,		%eax
-	movl	%ebx,		%esi
-	roll	$10,		%ecx
-	addl	%edi,		%eax
-	xorl	%ecx,		%esi
-	roll	$5,		%eax
-	addl	%ebp,		%eax
-	/* 156 */
-	movl	4(%esp),	%edi
-	xorl	%eax,		%esi
-	addl	%edi,		%ebp
-	roll	$10,		%ebx
-	addl	%esi,		%ebp
-	movl	%eax,		%esi
-	roll	$15,		%ebp
-	addl	%edx,		%ebp
-	/* 157 */
-	xorl	%ebx,		%esi
-	movl	16(%esp),	%edi
-	xorl	%ebp,		%esi
-	addl	%esi,		%edx
-	movl	%ebp,		%esi
-	roll	$10,		%eax
-	addl	%edi,		%edx
-	xorl	%eax,		%esi
-	roll	$13,		%edx
-	addl	%ecx,		%edx
-	/* 158 */
-	movl	40(%esp),	%edi
-	xorl	%edx,		%esi
-	addl	%edi,		%ecx
-	roll	$10,		%ebp
-	addl	%esi,		%ecx
-	movl	%edx,		%esi
-	roll	$11,		%ecx
-	addl	%ebx,		%ecx
-	/* 159 */
-	xorl	%ebp,		%esi
-	movl	48(%esp),	%edi
-	xorl	%ecx,		%esi
-	addl	%esi,		%ebx
-	roll	$10,		%edx
-	addl	%edi,		%ebx
-	movl	108(%esp),	%edi
-	roll	$11,		%ebx
-	addl	%eax,		%ebx
-	movl	4(%edi),	%esi
-	addl	%esi,		%edx
-	movl	76(%esp),	%esi
-	addl	%esi,		%edx
-	movl	8(%edi),	%esi
-	addl	%esi,		%ebp
-	movl	80(%esp),	%esi
-	addl	%esi,		%ebp
-	movl	12(%edi),	%esi
-	addl	%esi,		%eax
-	movl	84(%esp),	%esi
-	addl	%esi,		%eax
-	movl	16(%edi),	%esi
-	addl	%esi,		%ebx
-	movl	68(%esp),	%esi
-	addl	%esi,		%ebx
-	movl	(%edi),		%esi
-	addl	%esi,		%ecx
-	movl	72(%esp),	%esi
-	addl	%esi,		%ecx
-	movl	%edx,		(%edi)
-	movl	%ebp,		4(%edi)
-	movl	%eax,		8(%edi)
-	movl	%ebx,		12(%edi)
-	movl	%ecx,		16(%edi)
-	movl	(%esp),		%edi
-	movl	112(%esp),	%esi
-	cmpl	%esi,		%edi
-	movl	108(%esp),	%edi
-	jge	.L000start
-	addl	$88,		%esp
-	popl	%ebx
-	popl	%ebp
-	popl	%edi
-	popl	%esi
-	ret
-.ripemd160_block_x86_end:
-	SIZE(ripemd160_block_x86,.ripemd160_block_x86_end-ripemd160_block_x86)
-.ident	"desasm.pl"
diff --git a/lib/libssl/src/crypto/ripemd/asm/rmd-586.pl b/lib/libssl/src/crypto/ripemd/asm/rmd-586.pl
index dc3f6c792e2..e53c5fadba7 100644
--- a/lib/libssl/src/crypto/ripemd/asm/rmd-586.pl
+++ b/lib/libssl/src/crypto/ripemd/asm/rmd-586.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 
 # Normal is the
 # ripemd160_block_x86(MD5_CTX *c, ULONG *X);
@@ -530,7 +530,7 @@ sub ripemd160_block
 	# &mov($tmp2,	&wparam(0)); # Moved into last round
 
 	 &mov($tmp1,	&DWP( 4,$tmp2,"",0));	# ctx->B
-	&add($D,	$tmp1);	
+ 	&add($D,	$tmp1);	
 	 &mov($tmp1,	&swtmp(1+18));		# $c
 	&add($D,	$tmp1);
 
diff --git a/lib/libssl/src/crypto/ripemd/ripemd.h b/lib/libssl/src/crypto/ripemd/ripemd.h
index a3bc6e3ab26..ab76be4c332 100644
--- a/lib/libssl/src/crypto/ripemd/ripemd.h
+++ b/lib/libssl/src/crypto/ripemd/ripemd.h
@@ -63,6 +63,10 @@
 extern "C" {
 #endif
 
+#ifdef NO_RIPEMD
+#error RIPEMD is disabled.
+#endif
+
 #define RIPEMD160_CBLOCK	64
 #define RIPEMD160_LBLOCK	16
 #define RIPEMD160_BLOCK		16
@@ -78,20 +82,11 @@ typedef struct RIPEMD160state_st
 	int num;
 	} RIPEMD160_CTX;
 
-#ifndef NOPROTO
 void RIPEMD160_Init(RIPEMD160_CTX *c);
 void RIPEMD160_Update(RIPEMD160_CTX *c, unsigned char *data, unsigned long len);
 void RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
 unsigned char *RIPEMD160(unsigned char *d, unsigned long n, unsigned char *md);
 void RIPEMD160_Transform(RIPEMD160_CTX *c, unsigned char *b);
-#else
-void RIPEMD160_Init();
-void RIPEMD160_Update();
-void RIPEMD160_Final();
-unsigned char *RIPEMD160();
-void RIPEMD160_Transform();
-#endif
-
 #ifdef  __cplusplus
 }
 #endif
diff --git a/lib/libssl/src/crypto/ripemd/rmd160.c b/lib/libssl/src/crypto/ripemd/rmd160.c
index 3fa1b8096e0..4f8b88a18ac 100644
--- a/lib/libssl/src/crypto/ripemd/rmd160.c
+++ b/lib/libssl/src/crypto/ripemd/rmd160.c
@@ -58,23 +58,17 @@
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "ripemd.h"
+#include <openssl/ripemd.h>
 
 #define BUFSIZE	1024*16
 
-#ifndef NOPROTO
 void do_fp(FILE *f);
 void pt(unsigned char *md);
+#ifndef _OSD_POSIX
 int read(int, void *, unsigned int);
-#else
-void do_fp();
-void pt();
-int read();
 #endif
 
-int main(argc, argv)
-int argc;
-char **argv;
+int main(int argc, char **argv)
 	{
 	int i,err=0;
 	FILE *IN;
@@ -102,8 +96,7 @@ char **argv;
 	exit(err);
 	}
 
-void do_fp(f)
-FILE *f;
+void do_fp(FILE *f)
 	{
 	RIPEMD160_CTX c;
 	unsigned char md[RIPEMD160_DIGEST_LENGTH];
@@ -123,8 +116,7 @@ FILE *f;
 	pt(md);
 	}
 
-void pt(md)
-unsigned char *md;
+void pt(unsigned char *md)
 	{
 	int i;
 
diff --git a/lib/libssl/src/crypto/ripemd/rmd_dgst.c b/lib/libssl/src/crypto/ripemd/rmd_dgst.c
index 210de1977d6..b590856229f 100644
--- a/lib/libssl/src/crypto/ripemd/rmd_dgst.c
+++ b/lib/libssl/src/crypto/ripemd/rmd_dgst.c
@@ -58,27 +58,17 @@
 
 #include <stdio.h>
 #include "rmd_locl.h"
+#include <openssl/opensslv.h>
 
-char *RMD160_version="RIPEMD160 part of SSLeay 0.9.0b 29-Jun-1998";
+char *RMD160_version="RIPE-MD160" OPENSSL_VERSION_PTEXT;
 
-#ifndef NOPROTO
 #  ifdef RMD160_ASM
      void ripemd160_block_x86(RIPEMD160_CTX *c, unsigned long *p,int num);
 #    define ripemd160_block ripemd160_block_x86
 #  else
      void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,int num);
 #  endif
-#else
-#  ifdef RMD160_ASM
-     void ripemd160_block_x86();
-#    define ripemd160_block ripemd160_block_x86
-#  else
-     static void ripemd160_block();
-#  endif
-#endif
-
-void RIPEMD160_Init(c)
-RIPEMD160_CTX *c;
+void RIPEMD160_Init(RIPEMD160_CTX *c)
 	{
 	c->A=RIPEMD160_A;
 	c->B=RIPEMD160_B;
@@ -90,10 +80,8 @@ RIPEMD160_CTX *c;
 	c->num=0;
 	}
 
-void RIPEMD160_Update(c, data, len)
-RIPEMD160_CTX *c;
-register unsigned char *data;
-unsigned long len;
+void RIPEMD160_Update(RIPEMD160_CTX *c, register unsigned char *data,
+	     unsigned long len)
 	{
 	register ULONG *p;
 	int sw,sc;
@@ -221,9 +209,7 @@ unsigned long len;
 		}
 	}
 
-void RIPEMD160_Transform(c,b)
-RIPEMD160_CTX *c;
-unsigned char *b;
+void RIPEMD160_Transform(RIPEMD160_CTX *c, unsigned char *b)
 	{
 	ULONG p[16];
 #if !defined(L_ENDIAN)
@@ -260,10 +246,7 @@ unsigned char *b;
 
 #ifndef RMD160_ASM
 
-void ripemd160_block(ctx, X, num)
-RIPEMD160_CTX *ctx;
-register ULONG *X;
-int num;
+void ripemd160_block(RIPEMD160_CTX *ctx, register ULONG *X, int num)
 	{
 	register ULONG A,B,C,D,E;
 	ULONG a,b,c,d,e;
@@ -460,9 +443,7 @@ int num;
 	}
 #endif
 
-void RIPEMD160_Final(md, c)
-unsigned char *md;
-RIPEMD160_CTX *c;
+void RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c)
 	{
 	register int i,j;
 	register ULONG l;
@@ -518,8 +499,7 @@ RIPEMD160_CTX *c;
 	}
 
 #ifdef undef
-int printit(l)
-unsigned long *l;
+int printit(unsigned long *l)
 	{
 	int i,ii;
 
diff --git a/lib/libssl/src/crypto/ripemd/rmd_locl.h b/lib/libssl/src/crypto/ripemd/rmd_locl.h
index a1feccf7c1e..d6ba02001af 100644
--- a/lib/libssl/src/crypto/ripemd/rmd_locl.h
+++ b/lib/libssl/src/crypto/ripemd/rmd_locl.h
@@ -58,16 +58,12 @@
 
 #include <stdlib.h>
 #include <string.h>
-#include "ripemd.h"
+#include <openssl/ripemd.h>
 
 #define ULONG	unsigned long
 #define UCHAR	unsigned char
 #define UINT	unsigned int
 
-#ifdef NOCONST
-#define const
-#endif
-
 #undef c2nl
 #define c2nl(c,l)	(l =(((unsigned long)(*((c)++)))<<24), \
 			 l|=(((unsigned long)(*((c)++)))<<16), \
diff --git a/lib/libssl/src/crypto/ripemd/rmd_one.c b/lib/libssl/src/crypto/ripemd/rmd_one.c
index a7626dbcda9..5b6ff147145 100644
--- a/lib/libssl/src/crypto/ripemd/rmd_one.c
+++ b/lib/libssl/src/crypto/ripemd/rmd_one.c
@@ -59,10 +59,8 @@
 #include <stdio.h>
 #include "rmd_locl.h"
 
-unsigned char *RIPEMD160(d, n, md)
-unsigned char *d;
-unsigned long n;
-unsigned char *md;
+unsigned char *RIPEMD160(unsigned char *d, unsigned long n,
+	     unsigned char *md)
 	{
 	RIPEMD160_CTX c;
 	static unsigned char m[RIPEMD160_DIGEST_LENGTH];
diff --git a/lib/libssl/src/crypto/ripemd/rmdtest.c b/lib/libssl/src/crypto/ripemd/rmdtest.c
index 6a0297f975d..5e93d4627c9 100644
--- a/lib/libssl/src/crypto/ripemd/rmdtest.c
+++ b/lib/libssl/src/crypto/ripemd/rmdtest.c
@@ -59,7 +59,19 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#include "ripemd.h"
+
+#ifdef NO_RIPEMD
+int main(int argc, char *argv[])
+{
+    printf("No ripemd support\n");
+    return(0);
+}
+#else
+#include <openssl/ripemd.h>
+
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
 
 char *test[]={
 	"",
@@ -84,15 +96,8 @@ char *ret[]={
 	"9b752e45573d4b39f4dbd3323cab82bf63326bfb",
 	};
 
-#ifndef NOPROTO
 static char *pt(unsigned char *md);
-#else
-static char *pt();
-#endif
-
-int main(argc,argv)
-int argc;
-char *argv[];
+int main(int argc, char *argv[])
 	{
 	int i,err=0;
 	unsigned char **P,**R;
@@ -103,6 +108,9 @@ char *argv[];
 	i=1;
 	while (*P != NULL)
 		{
+#ifdef CHARSET_EBCDIC
+		ebcdic2ascii((char *)*P, (char *)*P, strlen((char *)*P));
+#endif
 		p=pt(RIPEMD160(&(P[0][0]),(unsigned long)strlen((char *)*P),NULL));
 		if (strcmp(p,(char *)*R) != 0)
 			{
@@ -120,8 +128,7 @@ char *argv[];
 	return(0);
 	}
 
-static char *pt(md)
-unsigned char *md;
+static char *pt(unsigned char *md)
 	{
 	int i;
 	static char buf[80];
@@ -130,4 +137,4 @@ unsigned char *md;
 		sprintf(&(buf[i*2]),"%02x",md[i]);
 	return(buf);
 	}
-
+#endif
diff --git a/lib/libssl/src/crypto/rsa/Makefile.ssl b/lib/libssl/src/crypto/rsa/Makefile.ssl
index d52f2e609e2..da704fc5587 100644
--- a/lib/libssl/src/crypto/rsa/Makefile.ssl
+++ b/lib/libssl/src/crypto/rsa/Makefile.ssl
@@ -7,25 +7,25 @@ TOP=	../..
 CC=	cc
 INCLUDES= -I.. -I../../include
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
-ERR=rsa
-ERRC=rsa_err
 GENERAL=Makefile
-TEST=
+TEST=rsa_oaep_test.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c $(ERRC).c \
-	rsa_pk1.c rsa_ssl.c rsa_none.c
-LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o $(ERRC).o \
-	rsa_pk1.o rsa_ssl.o rsa_none.o
+LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \
+	rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c
+LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \
+	rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o
 
 SRC= $(LIBSRC)
 
@@ -41,24 +41,23 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -70,17 +69,104 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
-	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+rsa_chk.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+rsa_chk.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+rsa_chk.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
+rsa_chk.o: ../../include/openssl/stack.h
+rsa_eay.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_eay.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+rsa_eay.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+rsa_eay.o: ../../include/openssl/rsa.h ../../include/openssl/stack.h
+rsa_eay.o: ../cryptlib.h
+rsa_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+rsa_err.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+rsa_err.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
+rsa_err.o: ../../include/openssl/stack.h
+rsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_gen.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+rsa_gen.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+rsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
+rsa_gen.o: ../../include/openssl/stack.h ../cryptlib.h
+rsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+rsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+rsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/stack.h
+rsa_lib.o: ../cryptlib.h
+rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_none.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_none.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+rsa_none.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+rsa_none.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+rsa_none.o: ../../include/openssl/rsa.h ../../include/openssl/stack.h
+rsa_none.o: ../cryptlib.h
+rsa_oaep.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_oaep.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_oaep.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+rsa_oaep.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+rsa_oaep.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+rsa_oaep.o: ../../include/openssl/rsa.h ../../include/openssl/sha.h
+rsa_oaep.o: ../../include/openssl/stack.h ../cryptlib.h
+rsa_pk1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_pk1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_pk1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+rsa_pk1.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+rsa_pk1.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+rsa_pk1.o: ../../include/openssl/rsa.h ../../include/openssl/stack.h
+rsa_pk1.o: ../cryptlib.h
+rsa_saos.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rsa_saos.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rsa_saos.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+rsa_saos.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rsa_saos.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+rsa_saos.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+rsa_saos.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rsa_saos.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+rsa_saos.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+rsa_saos.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rsa_saos.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+rsa_saos.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+rsa_saos.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+rsa_saos.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_saos.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+rsa_saos.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+rsa_saos.o: ../cryptlib.h
+rsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rsa_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+rsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+rsa_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rsa_sign.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+rsa_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+rsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+rsa_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+rsa_sign.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+rsa_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+rsa_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+rsa_sign.o: ../cryptlib.h
+rsa_ssl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_ssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_ssl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+rsa_ssl.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+rsa_ssl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+rsa_ssl.o: ../../include/openssl/rsa.h ../../include/openssl/stack.h
+rsa_ssl.o: ../cryptlib.h
diff --git a/lib/libssl/src/crypto/rsa/rsa.err b/lib/libssl/src/crypto/rsa/rsa.err
deleted file mode 100644
index 5ded1b5fa2b..00000000000
--- a/lib/libssl/src/crypto/rsa/rsa.err
+++ /dev/null
@@ -1,45 +0,0 @@
-/* Error codes for the RSA functions. */
-
-/* Function codes. */
-#define RSA_F_RSA_EAY_PRIVATE_DECRYPT			 100
-#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT			 101
-#define RSA_F_RSA_EAY_PUBLIC_DECRYPT			 102
-#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT			 103
-#define RSA_F_RSA_GENERATE_KEY				 104
-#define RSA_F_RSA_NEW_METHOD				 105
-#define RSA_F_RSA_PADDING_ADD_NONE			 106
-#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1		 107
-#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2		 108
-#define RSA_F_RSA_PADDING_ADD_SSLV23			 109
-#define RSA_F_RSA_PADDING_CHECK_NONE			 110
-#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1		 111
-#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2		 112
-#define RSA_F_RSA_PADDING_CHECK_SSLV23			 113
-#define RSA_F_RSA_PRINT					 114
-#define RSA_F_RSA_PRINT_FP				 115
-#define RSA_F_RSA_SIGN					 116
-#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING		 117
-#define RSA_F_RSA_VERIFY				 118
-#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING		 119
-
-/* Reason codes. */
-#define RSA_R_ALGORITHM_MISMATCH			 100
-#define RSA_R_BAD_E_VALUE				 101
-#define RSA_R_BAD_FIXED_HEADER_DECRYPT			 102
-#define RSA_R_BAD_PAD_BYTE_COUNT			 103
-#define RSA_R_BAD_SIGNATURE				 104
-#define RSA_R_BAD_ZERO_BYTE				 105
-#define RSA_R_BLOCK_TYPE_IS_NOT_01			 106
-#define RSA_R_BLOCK_TYPE_IS_NOT_02			 107
-#define RSA_R_DATA_GREATER_THAN_MOD_LEN			 108
-#define RSA_R_DATA_TOO_LARGE				 109
-#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 110
-#define RSA_R_DATA_TOO_SMALL				 111
-#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY		 112
-#define RSA_R_NULL_BEFORE_BLOCK_MISSING			 113
-#define RSA_R_PADDING_CHECK_FAILED			 114
-#define RSA_R_SSLV3_ROLLBACK_ATTACK			 115
-#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
-#define RSA_R_UNKNOWN_ALGORITHM_TYPE			 117
-#define RSA_R_UNKNOWN_PADDING_TYPE			 118
-#define RSA_R_WRONG_SIGNATURE_LENGTH			 119
diff --git a/lib/libssl/src/crypto/rsa/rsa.h b/lib/libssl/src/crypto/rsa/rsa.h
index aeb78ffcd3f..9230b2fcc9b 100644
--- a/lib/libssl/src/crypto/rsa/rsa.h
+++ b/lib/libssl/src/crypto/rsa/rsa.h
@@ -63,26 +63,37 @@
 extern "C" {
 #endif
 
-#include "bn.h"
-#include "crypto.h"
+#include <openssl/bn.h>
+#include <openssl/crypto.h>
+
+#ifdef NO_RSA
+#error RSA is disabled.
+#endif
+
+typedef struct rsa_st RSA;
 
 typedef struct rsa_meth_st
 	{
-	char *name;
-	int (*rsa_pub_enc)();
-	int (*rsa_pub_dec)();
-	int (*rsa_priv_enc)();
-	int (*rsa_priv_dec)();
-	int (*rsa_mod_exp)();		/* Can be null */
-	int (*bn_mod_exp)();		/* Can be null */
-	int (*init)(/* RSA * */);	/* called at new */
-	int (*finish)(/* RSA * */);	/* called at free */
-
+	const char *name;
+	int (*rsa_pub_enc)(int flen,unsigned char *from,unsigned char *to,
+			   RSA *rsa,int padding);
+	int (*rsa_pub_dec)(int flen,unsigned char *from,unsigned char *to,
+			   RSA *rsa,int padding);
+	int (*rsa_priv_enc)(int flen,unsigned char *from,unsigned char *to,
+			    RSA *rsa,int padding);
+	int (*rsa_priv_dec)(int flen,unsigned char *from,unsigned char *to,
+			    RSA *rsa,int padding);
+	int (*rsa_mod_exp)(BIGNUM *r0,BIGNUM *I,RSA *rsa); /* Can be null */
+	int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+			  const BIGNUM *m, BN_CTX *ctx,
+			  BN_MONT_CTX *m_ctx); /* Can be null */
+	int (*init)(RSA *rsa);		/* called at new */
+	int (*finish)(RSA *rsa);	/* called at free */
 	int flags;			/* RSA_METHOD_FLAG_* things */
 	char *app_data;			/* may be needed! */
 	} RSA_METHOD;
 
-typedef struct rsa_st
+struct rsa_st
 	{
 	/* The first parameter is used to pickup errors where
 	 * this is passed instead of aEVP_PKEY, it is set to 0 */
@@ -97,41 +108,52 @@ typedef struct rsa_st
 	BIGNUM *dmp1;
 	BIGNUM *dmq1;
 	BIGNUM *iqmp;
-	/* be carefull using this if the RSA structure is shared */
+	/* be careful using this if the RSA structure is shared */
 	CRYPTO_EX_DATA ex_data;
 	int references;
 	int flags;
 
-	/* Normally used to cached montgomery values */
-	char *method_mod_n;
-	char *method_mod_p;
-	char *method_mod_q;
+	/* Used to cache montgomery values */
+	BN_MONT_CTX *_method_mod_n;
+	BN_MONT_CTX *_method_mod_p;
+	BN_MONT_CTX *_method_mod_q;
 
+	/* all BIGNUM values are actually in the following data, if it is not
+	 * NULL */
+	char *bignum_data;
 	BN_BLINDING *blinding;
-	} RSA;
+	};
 
 #define RSA_3	0x3L
 #define RSA_F4	0x10001L
 
 #define RSA_METHOD_FLAG_NO_CHECK	0x01 /* don't check pub/private match */
+
 #define RSA_FLAG_CACHE_PUBLIC		0x02
 #define RSA_FLAG_CACHE_PRIVATE		0x04
 #define RSA_FLAG_BLINDING		0x08
 #define RSA_FLAG_THREAD_SAFE		0x10
+/* This flag means the private key operations will be handled by rsa_mod_exp
+ * and that they do not depend on the private key components being present:
+ * for example a key stored in external hardware. Without this flag bn_mod_exp
+ * gets called when private key components are absent.
+ */
+#define RSA_FLAG_EXT_PKEY		0x20
 
 #define RSA_PKCS1_PADDING	1
 #define RSA_SSLV23_PADDING	2
 #define RSA_NO_PADDING		3
+#define RSA_PKCS1_OAEP_PADDING	4
 
 #define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,(char *)arg)
 #define RSA_get_app_data(s)             RSA_get_ex_data(s,0)
 
-#ifndef NOPROTO
 RSA *	RSA_new(void);
 RSA *	RSA_new_method(RSA_METHOD *method);
 int	RSA_size(RSA *);
 RSA *	RSA_generate_key(int bits, unsigned long e,void
-		(*callback)(int,int,char *),char *cb_arg);
+		(*callback)(int,int,void *),void *cb_arg);
+int	RSA_check_key(RSA *);
 	/* next 4 return -1 on error */
 int	RSA_public_encrypt(int flen, unsigned char *from,
 		unsigned char *to, RSA *rsa,int padding);
@@ -146,6 +168,12 @@ void	RSA_free (RSA *r);
 int	RSA_flags(RSA *r);
 
 void RSA_set_default_method(RSA_METHOD *meth);
+RSA_METHOD *RSA_get_default_method(void);
+RSA_METHOD *RSA_get_method(RSA *rsa);
+RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth);
+
+/* This function needs the memory locking malloc callbacks to be installed */
+int RSA_memory_lock(RSA *r);
 
 /* If you have RSAref compiled in. */
 RSA_METHOD *RSA_PKCS1_RSAref(void);
@@ -193,107 +221,63 @@ void RSA_blinding_off(RSA *rsa);
 int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen,
 	unsigned char *f,int fl);
 int RSA_padding_check_PKCS1_type_1(unsigned char *to,int tlen,
-	unsigned char *f,int fl);
+	unsigned char *f,int fl,int rsa_len);
 int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen,
 	unsigned char *f,int fl);
 int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen,
-	unsigned char *f,int fl);
+	unsigned char *f,int fl,int rsa_len);
+int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen,
+			       unsigned char *f,int fl,unsigned char *p,
+			       int pl);
+int RSA_padding_check_PKCS1_OAEP(unsigned char *to,int tlen,
+				 unsigned char *f,int fl,int rsa_len,
+				 unsigned char *p,int pl);
 int RSA_padding_add_SSLv23(unsigned char *to,int tlen,
 	unsigned char *f,int fl);
 int RSA_padding_check_SSLv23(unsigned char *to,int tlen,
-	unsigned char *f,int fl);
+	unsigned char *f,int fl,int rsa_len);
 int RSA_padding_add_none(unsigned char *to,int tlen,
 	unsigned char *f,int fl);
 int RSA_padding_check_none(unsigned char *to,int tlen,
-	unsigned char *f,int fl);
+	unsigned char *f,int fl,int rsa_len);
 
 int RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
 	int (*dup_func)(), void (*free_func)());
 int RSA_set_ex_data(RSA *r,int idx,char *arg);
 char *RSA_get_ex_data(RSA *r, int idx);
 
-#else
-
-RSA *	RSA_new();
-RSA *	RSA_new_method();
-int	RSA_size();
-RSA *	RSA_generate_key();
-int	RSA_public_encrypt();
-int	RSA_private_encrypt();
-int	RSA_public_decrypt();
-int	RSA_private_decrypt();
-void	RSA_free ();
-
-int	RSA_flags();
-
-void RSA_set_default_method();
-
-/* RSA_METHOD *RSA_PKCS1_RSAref(); */
-RSA_METHOD *RSA_PKCS1_SSLeay();
-
-void	ERR_load_RSA_strings();
-
-RSA *	d2i_RSAPublicKey();
-int	i2d_RSAPublicKey();
-RSA *	d2i_RSAPrivateKey();
-int 	i2d_RSAPrivateKey();
-#ifndef NO_FP_API
-int	RSA_print_fp();
-#endif
-
-int	RSA_print();
-
-int i2d_Netscape_RSA();
-RSA *d2i_Netscape_RSA();
-RSA *d2i_Netscape_RSA_2();
-
-int RSA_sign();
-int RSA_verify();
-
-int RSA_sign_ASN1_OCTET_STRING();
-int RSA_verify_ASN1_OCTET_STRING();
-int RSA_blinding_on();
-void RSA_blinding_off();
-
-int RSA_padding_add_PKCS1_type_1();
-int RSA_padding_check_PKCS1_type_1();
-int RSA_padding_add_PKCS1_type_2();
-int RSA_padding_check_PKCS1_type_2();
-int RSA_padding_add_SSLv23();
-int RSA_padding_check_SSLv23();
-int RSA_padding_add_none();
-int RSA_padding_check_none();
-
-int RSA_get_ex_new_index();
-int RSA_set_ex_data();
-char *RSA_get_ex_data();
-
-#endif
-
 /* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
 /* Error codes for the RSA functions. */
 
 /* Function codes. */
-#define RSA_F_RSA_EAY_PRIVATE_DECRYPT			 100
-#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT			 101
-#define RSA_F_RSA_EAY_PUBLIC_DECRYPT			 102
-#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT			 103
-#define RSA_F_RSA_GENERATE_KEY				 104
-#define RSA_F_RSA_NEW_METHOD				 105
-#define RSA_F_RSA_PADDING_ADD_NONE			 106
-#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1		 107
-#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2		 108
-#define RSA_F_RSA_PADDING_ADD_SSLV23			 109
-#define RSA_F_RSA_PADDING_CHECK_NONE			 110
-#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1		 111
-#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2		 112
-#define RSA_F_RSA_PADDING_CHECK_SSLV23			 113
-#define RSA_F_RSA_PRINT					 114
-#define RSA_F_RSA_PRINT_FP				 115
-#define RSA_F_RSA_SIGN					 116
-#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING		 117
-#define RSA_F_RSA_VERIFY				 118
-#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING		 119
+#define RSA_F_MEMORY_LOCK				 100
+#define RSA_F_RSA_CHECK_KEY				 123
+#define RSA_F_RSA_EAY_PRIVATE_DECRYPT			 101
+#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT			 102
+#define RSA_F_RSA_EAY_PUBLIC_DECRYPT			 103
+#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT			 104
+#define RSA_F_RSA_GENERATE_KEY				 105
+#define RSA_F_RSA_NEW_METHOD				 106
+#define RSA_F_RSA_PADDING_ADD_NONE			 107
+#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP		 121
+#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1		 108
+#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2		 109
+#define RSA_F_RSA_PADDING_ADD_SSLV23			 110
+#define RSA_F_RSA_PADDING_CHECK_NONE			 111
+#define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP		 122
+#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1		 112
+#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2		 113
+#define RSA_F_RSA_PADDING_CHECK_SSLV23			 114
+#define RSA_F_RSA_PRINT					 115
+#define RSA_F_RSA_PRINT_FP				 116
+#define RSA_F_RSA_SIGN					 117
+#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING		 118
+#define RSA_F_RSA_VERIFY				 119
+#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING		 120
 
 /* Reason codes. */
 #define RSA_R_ALGORITHM_MISMATCH			 100
@@ -301,22 +285,31 @@ char *RSA_get_ex_data();
 #define RSA_R_BAD_FIXED_HEADER_DECRYPT			 102
 #define RSA_R_BAD_PAD_BYTE_COUNT			 103
 #define RSA_R_BAD_SIGNATURE				 104
-#define RSA_R_BAD_ZERO_BYTE				 105
 #define RSA_R_BLOCK_TYPE_IS_NOT_01			 106
 #define RSA_R_BLOCK_TYPE_IS_NOT_02			 107
 #define RSA_R_DATA_GREATER_THAN_MOD_LEN			 108
 #define RSA_R_DATA_TOO_LARGE				 109
 #define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 110
 #define RSA_R_DATA_TOO_SMALL				 111
+#define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE		 122
+#define RSA_R_D_E_NOT_CONGRUENT_TO_1			 123
 #define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY		 112
+#define RSA_R_DMP1_NOT_CONGRUENT_TO_D			 124
+#define RSA_R_DMQ1_NOT_CONGRUENT_TO_D			 125
+#define RSA_R_IQMP_NOT_INVERSE_OF_Q			 126
+#define RSA_R_KEY_SIZE_TOO_SMALL			 120
 #define RSA_R_NULL_BEFORE_BLOCK_MISSING			 113
+#define RSA_R_N_DOES_NOT_EQUAL_P_Q			 127
+#define RSA_R_OAEP_DECODING_ERROR			 121
 #define RSA_R_PADDING_CHECK_FAILED			 114
+#define RSA_R_P_NOT_PRIME				 128
+#define RSA_R_Q_NOT_PRIME				 129
 #define RSA_R_SSLV3_ROLLBACK_ATTACK			 115
 #define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
 #define RSA_R_UNKNOWN_ALGORITHM_TYPE			 117
 #define RSA_R_UNKNOWN_PADDING_TYPE			 118
 #define RSA_R_WRONG_SIGNATURE_LENGTH			 119
- 
+
 #ifdef  __cplusplus
 }
 #endif
diff --git a/lib/libssl/src/crypto/rsa/rsa_chk.c b/lib/libssl/src/crypto/rsa/rsa_chk.c
new file mode 100644
index 00000000000..91b91157983
--- /dev/null
+++ b/lib/libssl/src/crypto/rsa/rsa_chk.c
@@ -0,0 +1,184 @@
+/* crypto/rsa/rsa_chk.c  -*- Mode: C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <openssl/bn.h>
+#include <openssl/err.h>
+#include <openssl/rsa.h>
+
+
+int RSA_check_key(RSA *key)
+	{
+	BIGNUM *i, *j, *k, *l, *m;
+	BN_CTX *ctx;
+	int r;
+	int ret=1;
+	
+	i = BN_new();
+	j = BN_new();
+	k = BN_new();
+	l = BN_new();
+	m = BN_new();
+	ctx = BN_CTX_new();
+	if (i == NULL || j == NULL || k == NULL || l == NULL ||
+		m == NULL || ctx == NULL)
+		{
+		ret = -1;
+		RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+	
+	/* p prime? */
+	r = BN_is_prime(key->p, BN_prime_checks, NULL, NULL, NULL);
+	if (r != 1)
+		{
+		ret = r;
+		if (r != 0)
+			goto err;
+		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME);
+		}
+	
+	/* q prime? */
+	r = BN_is_prime(key->q, BN_prime_checks, NULL, NULL, NULL);
+	if (r != 1)
+		{
+		ret = r;
+		if (r != 0)
+			goto err;
+		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME);
+		}
+	
+	/* n = p*q? */
+	r = BN_mul(i, key->p, key->q, ctx);
+	if (!r) { ret = -1; goto err; }
+	
+	if (BN_cmp(i, key->n) != 0)
+		{
+		ret = 0;
+		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q);
+		}
+	
+	/* d*e = 1  mod lcm(p-1,q-1)? */
+
+	r = BN_sub(i, key->p, BN_value_one());
+	if (!r) { ret = -1; goto err; }
+	r = BN_sub(j, key->q, BN_value_one());
+	if (!r) { ret = -1; goto err; }
+
+	/* now compute k = lcm(i,j) */
+	r = BN_mul(l, i, j, ctx);
+	if (!r) { ret = -1; goto err; }
+	r = BN_gcd(m, i, j, ctx);
+	if (!r) { ret = -1; goto err; }
+	r = BN_div(k, NULL, l, m, ctx); /* remainder is 0 */
+	if (!r) { ret = -1; goto err; }
+
+	r = BN_mod_mul(i, key->d, key->e, k, ctx);
+	if (!r) { ret = -1; goto err; }
+
+	if (!BN_is_one(i))
+		{
+		ret = 0;
+		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1);
+		}
+	
+	if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL)
+		{
+		/* dmp1 = d mod (p-1)? */
+		r = BN_sub(i, key->p, BN_value_one());
+		if (!r) { ret = -1; goto err; }
+
+		r = BN_mod(j, key->d, i, ctx);
+		if (!r) { ret = -1; goto err; }
+
+		if (BN_cmp(j, key->dmp1) != 0)
+			{
+			ret = 0;
+			RSAerr(RSA_F_RSA_CHECK_KEY,
+				RSA_R_DMP1_NOT_CONGRUENT_TO_D);
+			}
+	
+		/* dmq1 = d mod (q-1)? */    
+		r = BN_sub(i, key->q, BN_value_one());
+		if (!r) { ret = -1; goto err; }
+	
+		r = BN_mod(j, key->d, i, ctx);
+		if (!r) { ret = -1; goto err; }
+
+		if (BN_cmp(j, key->dmq1) != 0)
+			{
+			ret = 0;
+			RSAerr(RSA_F_RSA_CHECK_KEY,
+				RSA_R_DMQ1_NOT_CONGRUENT_TO_D);
+			}
+	
+		/* iqmp = q^-1 mod p? */
+		if(!BN_mod_inverse(i, key->q, key->p, ctx))
+			{
+			ret = -1;
+			goto err;
+			}
+
+		if (BN_cmp(i, key->iqmp) != 0)
+			{
+			ret = 0;
+			RSAerr(RSA_F_RSA_CHECK_KEY,
+				RSA_R_IQMP_NOT_INVERSE_OF_Q);
+			}
+		}
+
+ err:
+	if (i != NULL) BN_free(i);
+	if (j != NULL) BN_free(j);
+	if (k != NULL) BN_free(k);
+	if (l != NULL) BN_free(l);
+	if (m != NULL) BN_free(m);
+	if (ctx != NULL) BN_CTX_free(ctx);
+	return (ret);
+	}
diff --git a/lib/libssl/src/crypto/rsa/rsa_eay.c b/lib/libssl/src/crypto/rsa/rsa_eay.c
index 42a77f11cdf..776324860c7 100644
--- a/lib/libssl/src/crypto/rsa/rsa_eay.c
+++ b/lib/libssl/src/crypto/rsa/rsa_eay.c
@@ -68,11 +68,10 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "rsa.h"
-#include "rand.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
 
-#ifndef NOPROTO
 static int RSA_eay_public_encrypt(int flen, unsigned char *from,
 		unsigned char *to, RSA *rsa,int padding);
 static int RSA_eay_private_encrypt(int flen, unsigned char *from,
@@ -84,16 +83,6 @@ static int RSA_eay_private_decrypt(int flen, unsigned char *from,
 static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *i, RSA *rsa);
 static int RSA_eay_init(RSA *rsa);
 static int RSA_eay_finish(RSA *rsa);
-#else
-static int RSA_eay_public_encrypt();
-static int RSA_eay_private_encrypt();
-static int RSA_eay_public_decrypt();
-static int RSA_eay_private_decrypt();
-static int RSA_eay_mod_exp();
-static int RSA_eay_init();
-static int RSA_eay_finish();
-#endif
-
 static RSA_METHOD rsa_pkcs1_eay_meth={
 	"Eric Young's PKCS#1 RSA",
 	RSA_eay_public_encrypt,
@@ -108,31 +97,75 @@ static RSA_METHOD rsa_pkcs1_eay_meth={
 	NULL,
 	};
 
-RSA_METHOD *RSA_PKCS1_SSLeay()
+RSA_METHOD *RSA_PKCS1_SSLeay(void)
 	{
 	return(&rsa_pkcs1_eay_meth);
 	}
 
-static int RSA_eay_public_encrypt(flen, from, to, rsa, padding)
-int flen;
-unsigned char *from;
-unsigned char *to;
-RSA *rsa;
-int padding;
+static int RSA_eay_public_encrypt(int flen, unsigned char *from,
+	     unsigned char *to, RSA *rsa, int padding)
 	{
-	BIGNUM *f=NULL,*ret=NULL;
+	BIGNUM f,ret;
 	int i,j,k,num=0,r= -1;
 	unsigned char *buf=NULL;
 	BN_CTX *ctx=NULL;
 
-	/* Body of this routine removed for OpenBSD - will return
-	 * when the RSA patent expires
-	 */
+	BN_init(&f);
+	BN_init(&ret);
+	if ((ctx=BN_CTX_new()) == NULL) goto err;
+	num=BN_num_bytes(rsa->n);
+	if ((buf=(unsigned char *)Malloc(num)) == NULL)
+		{
+		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	switch (padding)
+		{
+	case RSA_PKCS1_PADDING:
+		i=RSA_padding_add_PKCS1_type_2(buf,num,from,flen);
+		break;
+#ifndef NO_SHA
+	case RSA_PKCS1_OAEP_PADDING:
+	        i=RSA_padding_add_PKCS1_OAEP(buf,num,from,flen,NULL,0);
+		break;
+#endif
+	case RSA_SSLV23_PADDING:
+		i=RSA_padding_add_SSLv23(buf,num,from,flen);
+		break;
+	case RSA_NO_PADDING:
+		i=RSA_padding_add_none(buf,num,from,flen);
+		break;
+	default:
+		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
+		goto err;
+		}
+	if (i <= 0) goto err;
+
+	if (BN_bin2bn(buf,num,&f) == NULL) goto err;
+	
+	if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
+		{
+		if ((rsa->_method_mod_n=BN_MONT_CTX_new()) != NULL)
+			if (!BN_MONT_CTX_set(rsa->_method_mod_n,rsa->n,ctx))
+			    goto err;
+		}
+
+	if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
+		rsa->_method_mod_n)) goto err;
 
+	/* put in leading 0 bytes if the number is less than the
+	 * length of the modulus */
+	j=BN_num_bytes(&ret);
+	i=BN_bn2bin(&ret,&(to[num-j]));
+	for (k=0; k<(num-i); k++)
+		to[k]=0;
+
+	r=num;
 err:
 	if (ctx != NULL) BN_CTX_free(ctx);
-	if (f != NULL) BN_free(f);
-	if (ret != NULL) BN_free(ret);
+	BN_clear_free(&f);
+	BN_clear_free(&ret);
 	if (buf != NULL) 
 		{
 		memset(buf,0,num);
@@ -141,14 +174,10 @@ err:
 	return(r);
 	}
 
-static int RSA_eay_private_encrypt(flen, from, to, rsa, padding)
-int flen;
-unsigned char *from;
-unsigned char *to;
-RSA *rsa;
-int padding;
+static int RSA_eay_private_encrypt(int flen, unsigned char *from,
+	     unsigned char *to, RSA *rsa, int padding)
 	{
-	BIGNUM *f=NULL,*ret=NULL;
+	BIGNUM f,ret;
 	int i,j,k,num=0,r= -1;
 	unsigned char *buf=NULL;
 	BN_CTX *ctx=NULL;
@@ -159,8 +188,8 @@ int padding;
 
 err:
 	if (ctx != NULL) BN_CTX_free(ctx);
-	if (ret != NULL) BN_free(ret);
-	if (f != NULL) BN_free(f);
+	BN_clear_free(&ret);
+	BN_clear_free(&f);
 	if (buf != NULL)
 		{
 		memset(buf,0,num);
@@ -169,14 +198,10 @@ err:
 	return(r);
 	}
 
-static int RSA_eay_private_decrypt(flen, from, to, rsa,padding)
-int flen;
-unsigned char *from;
-unsigned char *to;
-RSA *rsa;
-int padding;
+static int RSA_eay_private_decrypt(int flen, unsigned char *from,
+	     unsigned char *to, RSA *rsa, int padding)
 	{
-	BIGNUM *f=NULL,*ret=NULL;
+	BIGNUM f,ret;
 	int j,num=0,r= -1;
 	unsigned char *p;
 	unsigned char *buf=NULL;
@@ -188,8 +213,8 @@ int padding;
 
 err:
 	if (ctx != NULL) BN_CTX_free(ctx);
-	if (f != NULL) BN_free(f);
-	if (ret != NULL) BN_free(ret);
+	BN_clear_free(&f);
+	BN_clear_free(&ret);
 	if (buf != NULL)
 		{
 		memset(buf,0,num);
@@ -198,28 +223,23 @@ err:
 	return(r);
 	}
 
-static int RSA_eay_public_decrypt(flen, from, to, rsa, padding)
-int flen;
-unsigned char *from;
-unsigned char *to;
-RSA *rsa;
-int padding;
+static int RSA_eay_public_decrypt(int flen, unsigned char *from,
+	     unsigned char *to, RSA *rsa, int padding)
 	{
-	BIGNUM *f=NULL,*ret=NULL;
+	BIGNUM f,ret;
 	int i,num=0,r= -1;
 	unsigned char *p;
 	unsigned char *buf=NULL;
 	BN_CTX *ctx=NULL;
 
-
 	/* Body of this routine removed for OpenBSD - will return
 	 * when the RSA patent expires
 	 */
 
 err:
 	if (ctx != NULL) BN_CTX_free(ctx);
-	if (f != NULL) BN_free(f);
-	if (ret != NULL) BN_free(ret);
+	BN_clear_free(&f);
+	BN_clear_free(&ret);
 	if (buf != NULL)
 		{
 		memset(buf,0,num);
@@ -228,46 +248,40 @@ err:
 	return(r);
 	}
 
-static int RSA_eay_mod_exp(r0, I, rsa)
-BIGNUM *r0;
-BIGNUM *I;
-RSA *rsa;
+static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
 	{
-	BIGNUM *r1=NULL,*m1=NULL;
+	BIGNUM r1,m1;
 	int ret=0;
 	BN_CTX *ctx;
 
 	if ((ctx=BN_CTX_new()) == NULL) goto err;
-	m1=BN_new();
-	r1=BN_new();
-	if ((m1 == NULL) || (r1 == NULL)) goto err;
+	BN_init(&m1);
+	BN_init(&r1);
 
 	/* Body of this routine removed for OpenBSD - will return
 	 * when the RSA patent expires
 	 */
 err:
-	if (m1 != NULL) BN_free(m1);
-	if (r1 != NULL) BN_free(r1);
+	BN_clear_free(&m1);
+	BN_clear_free(&r1);
 	BN_CTX_free(ctx);
 	return(ret);
 	}
 
-static int RSA_eay_init(rsa)
-RSA *rsa;
+static int RSA_eay_init(RSA *rsa)
 	{
 	rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
 	return(1);
 	}
 
-static int RSA_eay_finish(rsa)
-RSA *rsa;
+static int RSA_eay_finish(RSA *rsa)
 	{
-	if (rsa->method_mod_n != NULL)
-		BN_MONT_CTX_free((BN_MONT_CTX *)rsa->method_mod_n);
-	if (rsa->method_mod_p != NULL)
-		BN_MONT_CTX_free((BN_MONT_CTX *)rsa->method_mod_p);
-	if (rsa->method_mod_q != NULL)
-		BN_MONT_CTX_free((BN_MONT_CTX *)rsa->method_mod_q);
+	if (rsa->_method_mod_n != NULL)
+		BN_MONT_CTX_free(rsa->_method_mod_n);
+	if (rsa->_method_mod_p != NULL)
+		BN_MONT_CTX_free(rsa->_method_mod_p);
+	if (rsa->_method_mod_q != NULL)
+		BN_MONT_CTX_free(rsa->_method_mod_q);
 	return(1);
 	}
 
diff --git a/lib/libssl/src/crypto/rsa/rsa_err.c b/lib/libssl/src/crypto/rsa/rsa_err.c
index 796b3afd478..9fb15e398dd 100644
--- a/lib/libssl/src/crypto/rsa/rsa_err.c
+++ b/lib/libssl/src/crypto/rsa/rsa_err.c
@@ -1,68 +1,72 @@
-/* lib/rsa/rsa_err.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* crypto/rsa/rsa_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
+ */
+
 #include <stdio.h>
-#include "err.h"
-#include "rsa.h"
+#include <openssl/err.h>
+#include <openssl/rsa.h>
 
 /* BEGIN ERROR CODES */
 #ifndef NO_ERR
 static ERR_STRING_DATA RSA_str_functs[]=
 	{
+{ERR_PACK(0,RSA_F_MEMORY_LOCK,0),	"MEMORY_LOCK"},
+{ERR_PACK(0,RSA_F_RSA_CHECK_KEY,0),	"RSA_check_key"},
 {ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_DECRYPT,0),	"RSA_EAY_PRIVATE_DECRYPT"},
 {ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_ENCRYPT,0),	"RSA_EAY_PRIVATE_ENCRYPT"},
 {ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_DECRYPT,0),	"RSA_EAY_PUBLIC_DECRYPT"},
@@ -70,10 +74,12 @@ static ERR_STRING_DATA RSA_str_functs[]=
 {ERR_PACK(0,RSA_F_RSA_GENERATE_KEY,0),	"RSA_generate_key"},
 {ERR_PACK(0,RSA_F_RSA_NEW_METHOD,0),	"RSA_new_method"},
 {ERR_PACK(0,RSA_F_RSA_PADDING_ADD_NONE,0),	"RSA_padding_add_none"},
+{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,0),	"RSA_padding_add_PKCS1_OAEP"},
 {ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,0),	"RSA_padding_add_PKCS1_type_1"},
 {ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,0),	"RSA_padding_add_PKCS1_type_2"},
 {ERR_PACK(0,RSA_F_RSA_PADDING_ADD_SSLV23,0),	"RSA_padding_add_SSLv23"},
 {ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_NONE,0),	"RSA_padding_check_none"},
+{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP,0),	"RSA_padding_check_PKCS1_OAEP"},
 {ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,0),	"RSA_padding_check_PKCS1_type_1"},
 {ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,0),	"RSA_padding_check_PKCS1_type_2"},
 {ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_SSLV23,0),	"RSA_padding_check_SSLv23"},
@@ -83,7 +89,7 @@ static ERR_STRING_DATA RSA_str_functs[]=
 {ERR_PACK(0,RSA_F_RSA_SIGN_ASN1_OCTET_STRING,0),	"RSA_sign_ASN1_OCTET_STRING"},
 {ERR_PACK(0,RSA_F_RSA_VERIFY,0),	"RSA_verify"},
 {ERR_PACK(0,RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,0),	"RSA_verify_ASN1_OCTET_STRING"},
-{0,NULL},
+{0,NULL}
 	};
 
 static ERR_STRING_DATA RSA_str_reasons[]=
@@ -93,32 +99,41 @@ static ERR_STRING_DATA RSA_str_reasons[]=
 {RSA_R_BAD_FIXED_HEADER_DECRYPT          ,"bad fixed header decrypt"},
 {RSA_R_BAD_PAD_BYTE_COUNT                ,"bad pad byte count"},
 {RSA_R_BAD_SIGNATURE                     ,"bad signature"},
-{RSA_R_BAD_ZERO_BYTE                     ,"bad zero byte"},
 {RSA_R_BLOCK_TYPE_IS_NOT_01              ,"block type is not 01"},
 {RSA_R_BLOCK_TYPE_IS_NOT_02              ,"block type is not 02"},
 {RSA_R_DATA_GREATER_THAN_MOD_LEN         ,"data greater than mod len"},
 {RSA_R_DATA_TOO_LARGE                    ,"data too large"},
 {RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE       ,"data too large for key size"},
 {RSA_R_DATA_TOO_SMALL                    ,"data too small"},
+{RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE       ,"data too small for key size"},
+{RSA_R_D_E_NOT_CONGRUENT_TO_1            ,"d e not congruent to 1"},
 {RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY        ,"digest too big for rsa key"},
+{RSA_R_DMP1_NOT_CONGRUENT_TO_D           ,"dmp1 not congruent to d"},
+{RSA_R_DMQ1_NOT_CONGRUENT_TO_D           ,"dmq1 not congruent to d"},
+{RSA_R_IQMP_NOT_INVERSE_OF_Q             ,"iqmp not inverse of q"},
+{RSA_R_KEY_SIZE_TOO_SMALL                ,"key size too small"},
 {RSA_R_NULL_BEFORE_BLOCK_MISSING         ,"null before block missing"},
+{RSA_R_N_DOES_NOT_EQUAL_P_Q              ,"n does not equal p q"},
+{RSA_R_OAEP_DECODING_ERROR               ,"oaep decoding error"},
 {RSA_R_PADDING_CHECK_FAILED              ,"padding check failed"},
+{RSA_R_P_NOT_PRIME                       ,"p not prime"},
+{RSA_R_Q_NOT_PRIME                       ,"q not prime"},
 {RSA_R_SSLV3_ROLLBACK_ATTACK             ,"sslv3 rollback attack"},
 {RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"},
 {RSA_R_UNKNOWN_ALGORITHM_TYPE            ,"unknown algorithm type"},
 {RSA_R_UNKNOWN_PADDING_TYPE              ,"unknown padding type"},
 {RSA_R_WRONG_SIGNATURE_LENGTH            ,"wrong signature length"},
-{0,NULL},
+{0,NULL}
 	};
 
 #endif
 
-void ERR_load_RSA_strings()
+void ERR_load_RSA_strings(void)
 	{
 	static int init=1;
 
-	if (init);
-		{;
+	if (init)
+		{
 		init=0;
 #ifndef NO_ERR
 		ERR_load_strings(ERR_LIB_RSA,RSA_str_functs);
diff --git a/lib/libssl/src/crypto/rsa/rsa_gen.c b/lib/libssl/src/crypto/rsa/rsa_gen.c
index 4cbd373829f..3227dba7947 100644
--- a/lib/libssl/src/crypto/rsa/rsa_gen.c
+++ b/lib/libssl/src/crypto/rsa/rsa_gen.c
@@ -59,18 +59,15 @@
 #include <stdio.h>
 #include <time.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "rsa.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
 
-RSA *RSA_generate_key(bits, e_value, callback,cb_arg)
-int bits;
-unsigned long e_value;
-void (*callback)(P_I_I_P);
-char *cb_arg;
+RSA *RSA_generate_key(int bits, unsigned long e_value,
+	     void (*callback)(int,int,void *), void *cb_arg)
 	{
 	RSA *rsa=NULL;
 	BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp;
-	int bitsp,bitsq,ok= -1,n=0;
+	int bitsp,bitsq,ok= -1,n=0,i;
 	BN_CTX *ctx=NULL,*ctx2=NULL;
 
 	ctx=BN_CTX_new();
@@ -81,6 +78,7 @@ char *cb_arg;
 	/* Body of this routine removed for OpenBSD - will return
 	 * when the RSA patent expires
 	 */
+
 err:
 	if (ok == -1)
 		{
diff --git a/lib/libssl/src/crypto/rsa/rsa_lib.c b/lib/libssl/src/crypto/rsa/rsa_lib.c
index 95a56f8a28c..c0ca2923a69 100644
--- a/lib/libssl/src/crypto/rsa/rsa_lib.c
+++ b/lib/libssl/src/crypto/rsa/rsa_lib.c
@@ -57,31 +57,49 @@
  */
 
 #include <stdio.h>
-#include "crypto.h"
+#include <openssl/crypto.h>
 #include "cryptlib.h"
-#include "lhash.h"
-#include "bn.h"
-#include "rsa.h"
+#include <openssl/lhash.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
 
-char *RSA_version="RSA part of SSLeay 0.9.0b 29-Jun-1998";
+const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT;
 
 static RSA_METHOD *default_RSA_meth=NULL;
 static int rsa_meth_num=0;
 static STACK *rsa_meth=NULL;
 
-RSA *RSA_new()
+RSA *RSA_new(void)
 	{
 	return(RSA_new_method(NULL));
 	}
 
-void RSA_set_default_method(meth)
-RSA_METHOD *meth;
+void RSA_set_default_method(RSA_METHOD *meth)
 	{
 	default_RSA_meth=meth;
 	}
 
-RSA *RSA_new_method(meth)
-RSA_METHOD *meth;
+RSA_METHOD *RSA_get_default_method(void)
+{
+	return default_RSA_meth;
+}
+
+RSA_METHOD *RSA_get_method(RSA *rsa)
+{
+	return rsa->meth;
+}
+
+RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth)
+{
+	RSA_METHOD *mtmp;
+	mtmp = rsa->meth;
+	if (mtmp->finish) mtmp->finish(rsa);
+	rsa->meth = meth;
+	if (meth->init) meth->init(rsa);
+	return mtmp;
+}
+
+RSA *RSA_new_method(RSA_METHOD *meth)
 	{
 	RSA *ret;
 
@@ -116,22 +134,23 @@ RSA_METHOD *meth;
 	ret->dmq1=NULL;
 	ret->iqmp=NULL;
 	ret->references=1;
-	ret->method_mod_n=NULL;
-	ret->method_mod_p=NULL;
-	ret->method_mod_q=NULL;
+	ret->_method_mod_n=NULL;
+	ret->_method_mod_p=NULL;
+	ret->_method_mod_q=NULL;
 	ret->blinding=NULL;
+	ret->bignum_data=NULL;
 	ret->flags=ret->meth->flags;
 	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
 		{
 		Free(ret);
 		ret=NULL;
 		}
-	CRYPTO_new_ex_data(rsa_meth,(char *)ret,&ret->ex_data);
+	else
+		CRYPTO_new_ex_data(rsa_meth,(char *)ret,&ret->ex_data);
 	return(ret);
 	}
 
-void RSA_free(r)
-RSA *r;
+void RSA_free(RSA *r)
 	{
 	int i;
 
@@ -164,90 +183,63 @@ RSA *r;
 	if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
 	if (r->iqmp != NULL) BN_clear_free(r->iqmp);
 	if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
+	if (r->bignum_data != NULL) Free_locked(r->bignum_data);
 	Free(r);
 	}
 
-int RSA_get_ex_new_index(argl,argp,new_func,dup_func,free_func)
-long argl;
-char *argp;
-int (*new_func)();
-int (*dup_func)();
-void (*free_func)();
+int RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+	     int (*dup_func)(), void (*free_func)())
         {
 	rsa_meth_num++;
 	return(CRYPTO_get_ex_new_index(rsa_meth_num-1,
 		&rsa_meth,argl,argp,new_func,dup_func,free_func));
         }
 
-int RSA_set_ex_data(r,idx,arg)
-RSA *r;
-int idx;
-char *arg;
+int RSA_set_ex_data(RSA *r, int idx, char *arg)
 	{
 	return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
 	}
 
-char *RSA_get_ex_data(r,idx)
-RSA *r;
-int idx;
+char *RSA_get_ex_data(RSA *r, int idx)
 	{
 	return(CRYPTO_get_ex_data(&r->ex_data,idx));
 	}
 
-int RSA_size(r)
-RSA *r;
+int RSA_size(RSA *r)
 	{
 	return(BN_num_bytes(r->n));
 	}
 
-int RSA_public_encrypt(flen, from, to, rsa, padding)
-int flen;
-unsigned char *from;
-unsigned char *to;
-RSA *rsa;
-int padding;
+int RSA_public_encrypt(int flen, unsigned char *from, unsigned char *to,
+	     RSA *rsa, int padding)
 	{
 	return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding));
 	}
 
-int RSA_private_encrypt(flen, from, to, rsa, padding)
-int flen;
-unsigned char *from;
-unsigned char *to;
-RSA *rsa;
-int padding;
+int RSA_private_encrypt(int flen, unsigned char *from, unsigned char *to,
+	     RSA *rsa, int padding)
 	{
 	return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
 	}
 
-int RSA_private_decrypt(flen, from, to, rsa, padding)
-int flen;
-unsigned char *from;
-unsigned char *to;
-RSA *rsa;
-int padding;
+int RSA_private_decrypt(int flen, unsigned char *from, unsigned char *to,
+	     RSA *rsa, int padding)
 	{
 	return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding));
 	}
 
-int RSA_public_decrypt(flen, from, to, rsa, padding)
-int flen;
-unsigned char *from;
-unsigned char *to;
-RSA *rsa;
-int padding;
+int RSA_public_decrypt(int flen, unsigned char *from, unsigned char *to,
+	     RSA *rsa, int padding)
 	{
 	return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
 	}
 
-int RSA_flags(r)
-RSA *r;
+int RSA_flags(RSA *r)
 	{
 	return((r == NULL)?0:r->meth->flags);
 	}
 
-void RSA_blinding_off(rsa)
-RSA *rsa;
+void RSA_blinding_off(RSA *rsa)
 	{
 	if (rsa->blinding != NULL)
 		{
@@ -257,9 +249,7 @@ RSA *rsa;
 	rsa->flags&= ~RSA_FLAG_BLINDING;
 	}
 
-int RSA_blinding_on(rsa,p_ctx)
-RSA *rsa;
-BN_CTX *p_ctx;
+int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
 	{
 	BIGNUM *A,*Ai;
 	BN_CTX *ctx;
@@ -275,13 +265,13 @@ BN_CTX *p_ctx;
 	if (rsa->blinding != NULL)
 		BN_BLINDING_free(rsa->blinding);
 
-	A=ctx->bn[0];
+	A= &(ctx->bn[0]);
 	ctx->tos++;
 	if (!BN_rand(A,BN_num_bits(rsa->n)-1,1,0)) goto err;
-	if ((Ai=BN_mod_inverse(A,rsa->n,ctx)) == NULL) goto err;
+	if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;
 
-	if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,
-		(char *)rsa->method_mod_n)) goto err;
+	if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n))
+	    goto err;
 	rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n);
 	ctx->tos--;
 	rsa->flags|=RSA_FLAG_BLINDING;
@@ -292,3 +282,48 @@ err:
 	return(ret);
 	}
 
+int RSA_memory_lock(RSA *r)
+	{
+	int i,j,k,off;
+	char *p;
+	BIGNUM *bn,**t[6],*b;
+	BN_ULONG *ul;
+
+	if (r->d == NULL) return(1);
+	t[0]= &r->d;
+	t[1]= &r->p;
+	t[2]= &r->q;
+	t[3]= &r->dmp1;
+	t[4]= &r->dmq1;
+	t[5]= &r->iqmp;
+	k=sizeof(BIGNUM)*6;
+	off=k/sizeof(BN_ULONG)+1;
+	j=1;
+	for (i=0; i<6; i++)
+		j+= (*t[i])->top;
+	if ((p=Malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL)
+		{
+		RSAerr(RSA_F_MEMORY_LOCK,ERR_R_MALLOC_FAILURE);
+		return(0);
+		}
+	bn=(BIGNUM *)p;
+	ul=(BN_ULONG *)&(p[off]);
+	for (i=0; i<6; i++)
+		{
+		b= *(t[i]);
+		*(t[i])= &(bn[i]);
+		memcpy((char *)&(bn[i]),(char *)b,sizeof(BIGNUM));
+		bn[i].flags=BN_FLG_STATIC_DATA;
+		bn[i].d=ul;
+		memcpy((char *)ul,b->d,sizeof(BN_ULONG)*b->top);
+		ul+=b->top;
+		BN_clear_free(b);
+		}
+	
+	/* I should fix this so it can still be done */
+	r->flags&= ~(RSA_FLAG_CACHE_PRIVATE|RSA_FLAG_CACHE_PUBLIC);
+
+	r->bignum_data=p;
+	return(1);
+	}
+
diff --git a/lib/libssl/src/crypto/rsa/rsa_none.c b/lib/libssl/src/crypto/rsa/rsa_none.c
index f0dd9436571..f22fce5016e 100644
--- a/lib/libssl/src/crypto/rsa/rsa_none.c
+++ b/lib/libssl/src/crypto/rsa/rsa_none.c
@@ -58,52 +58,41 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "rsa.h"
-#include "rand.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
 
-int RSA_padding_add_none(to,tlen,from,flen)
-unsigned char *to;
-int tlen;
-unsigned char *from;
-int flen;
+int RSA_padding_add_none(unsigned char *to, int tlen, unsigned char *from,
+	     int flen)
 	{
-	if (flen >= tlen)
+	if (flen > tlen)
 		{
 		RSAerr(RSA_F_RSA_PADDING_ADD_NONE,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
 		return(0);
 		}
+
+	if (flen < tlen)
+		{
+		RSAerr(RSA_F_RSA_PADDING_ADD_NONE,RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE);
+		return(0);
+		}
 	
-	*(to++)=0;
 	memcpy(to,from,(unsigned int)flen);
 	return(1);
 	}
 
-int RSA_padding_check_none(to,tlen,from,flen)
-unsigned char *to;
-int tlen;
-unsigned char *from;
-int flen;
+int RSA_padding_check_none(unsigned char *to, int tlen, unsigned char *from,
+	     int flen, int num)
 	{
-	int j;
 
-	from++;
-	if (flen+1 > tlen)
+	if (flen > tlen)
 		{
 		RSAerr(RSA_F_RSA_PADDING_CHECK_NONE,RSA_R_DATA_TOO_LARGE);
 		return(-1);
 		}
-	if (*(from++) != 0)
-		{
-		RSAerr(RSA_F_RSA_PADDING_CHECK_NONE,RSA_R_BAD_ZERO_BYTE);
-		return(-1);
-		}
 
-	/* scan over padding data */
-	j=flen-1; /* one for type and one for the prepended 0. */
-	memset(to,0,tlen-j);
-	to+=(tlen-j);
-	memcpy(to,from,j);
-	return(j);
+	memset(to,0,tlen-flen);
+	memcpy(to+tlen-flen,from,flen);
+	return(tlen);
 	}
 
diff --git a/lib/libssl/src/crypto/rsa/rsa_oaep.c b/lib/libssl/src/crypto/rsa/rsa_oaep.c
new file mode 100644
index 00000000000..843c40c8640
--- /dev/null
+++ b/lib/libssl/src/crypto/rsa/rsa_oaep.c
@@ -0,0 +1,162 @@
+/* crypto/rsa/rsa_oaep.c */
+/* Written by Ulf Moeller. This software is distributed on an "AS IS"
+   basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */
+
+/* EME_OAEP as defined in RFC 2437 (PKCS #1 v2.0) */
+
+#if !defined(NO_SHA) && !defined(NO_SHA1)
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/sha.h>
+#include <openssl/rand.h>
+
+int MGF1(unsigned char *mask, long len, unsigned char *seed, long seedlen);
+
+int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
+	     unsigned char *from, int flen, unsigned char *param, int plen)
+    {
+    int i, emlen = tlen - 1;
+    unsigned char *db, *seed;
+    unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH];
+
+    if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1)
+	{
+	RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,
+	       RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+	return (0);
+	}
+
+    if (emlen < 2 * SHA_DIGEST_LENGTH + 1)
+	{
+	RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_KEY_SIZE_TOO_SMALL);
+	return (0);
+	}
+    
+    dbmask = Malloc(emlen - SHA_DIGEST_LENGTH);
+    if (dbmask == NULL)
+	{
+	RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
+	return (0);
+	}
+
+    to[0] = 0;
+    seed = to + 1;
+    db = to + SHA_DIGEST_LENGTH + 1;
+
+    SHA1(param, plen, db);
+    memset(db + SHA_DIGEST_LENGTH, 0,
+	   emlen - flen - 2 * SHA_DIGEST_LENGTH - 1);
+    db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01;
+    memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, (unsigned int) flen);
+    RAND_bytes(seed, SHA_DIGEST_LENGTH);
+#ifdef PKCS_TESTVECT
+    memcpy(seed,
+	   "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f",
+	   20);
+#endif
+
+    MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH);
+    for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++)
+	db[i] ^= dbmask[i];
+
+    MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH);
+    for (i = 0; i < SHA_DIGEST_LENGTH; i++)
+	seed[i] ^= seedmask[i];
+
+    Free(dbmask);
+    return (1);
+    }
+
+int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
+	     unsigned char *from, int flen, int num, unsigned char *param,
+	     int plen)
+    {
+    int i, dblen, mlen = -1;
+    unsigned char *maskeddb;
+    int lzero;
+    unsigned char *db, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH];
+
+    if (--num < 2 * SHA_DIGEST_LENGTH + 1)
+	{
+	RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
+	return (-1);
+	}
+
+    dblen = num - SHA_DIGEST_LENGTH;
+    db = Malloc(dblen);
+    if (db == NULL)
+	{
+	RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
+	return (-1);
+	}
+
+    lzero = num - flen;
+    maskeddb = from - lzero + SHA_DIGEST_LENGTH;
+    
+    MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen);
+    for (i = lzero; i < SHA_DIGEST_LENGTH; i++)
+	seed[i] ^= from[i - lzero];
+  
+    MGF1(db, dblen, seed, SHA_DIGEST_LENGTH);
+    for (i = 0; i < dblen; i++)
+	db[i] ^= maskeddb[i];
+
+    SHA1(param, plen, phash);
+
+    if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0)
+	RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
+    else
+	{
+	for (i = SHA_DIGEST_LENGTH; i < dblen; i++)
+	    if (db[i] != 0x00)
+		break;
+	if (db[i] != 0x01 || i++ >= dblen)
+	    RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP,
+		   RSA_R_OAEP_DECODING_ERROR);
+	else
+	    {
+	    mlen = dblen - i;
+	    if (tlen < mlen)
+		{
+		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE);
+		mlen = -1;
+		}
+	    else
+		memcpy(to, db + i, mlen);
+	    }
+	}
+    Free(db);
+    return (mlen);
+    }
+
+int MGF1(unsigned char *mask, long len, unsigned char *seed, long seedlen)
+    {
+    long i, outlen = 0;
+    unsigned char cnt[4];
+    SHA_CTX c;
+    unsigned char md[SHA_DIGEST_LENGTH];
+
+    for (i = 0; outlen < len; i++)
+	{
+	cnt[0] = (i >> 24) & 255, cnt[1] = (i >> 16) & 255,
+	  cnt[2] = (i >> 8) & 255, cnt[3] = i & 255;
+	SHA1_Init(&c);
+	SHA1_Update(&c, seed, seedlen);
+	SHA1_Update(&c, cnt, 4);
+	if (outlen + SHA_DIGEST_LENGTH <= len)
+	    {
+	    SHA1_Final(mask + outlen, &c);
+	    outlen += SHA_DIGEST_LENGTH;
+	    }
+	else
+	    {
+	    SHA1_Final(md, &c);
+	    memcpy(mask + outlen, md, len - outlen);
+	    outlen = len;
+	    }
+	}
+    return (0);
+    }
+#endif
diff --git a/lib/libssl/src/crypto/rsa/rsa_oaep_test.c b/lib/libssl/src/crypto/rsa/rsa_oaep_test.c
new file mode 100644
index 00000000000..0d4e39d3dab
--- /dev/null
+++ b/lib/libssl/src/crypto/rsa/rsa_oaep_test.c
@@ -0,0 +1,309 @@
+/* test vectors from p1ovect1.txt */
+
+#include <stdio.h>
+#include <string.h>
+
+#include "openssl/e_os.h"
+
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#ifdef NO_RSA
+int main(int argc, char *argv[])
+{
+    printf("No RSA support\n");
+    return(0);
+}
+#else
+#include <openssl/rsa.h>
+
+#define SetKey \
+  key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \
+  key->e = BN_bin2bn(e, sizeof(e)-1, key->e); \
+  key->d = BN_bin2bn(d, sizeof(d)-1, key->d); \
+  key->p = BN_bin2bn(p, sizeof(p)-1, key->p); \
+  key->q = BN_bin2bn(q, sizeof(q)-1, key->q); \
+  key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1)-1, key->dmp1); \
+  key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1)-1, key->dmq1); \
+  key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp)-1, key->iqmp); \
+  memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \
+  return (sizeof(ctext_ex) - 1);
+
+static int key1(RSA *key, unsigned char *c)
+    {
+    static unsigned char n[] =
+"\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F"
+"\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5"
+"\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93"
+"\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1"
+"\xF5";
+
+    static unsigned char e[] = "\x11";
+
+    static unsigned char d[] =
+"\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44"
+"\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64"
+"\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9"
+"\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51";
+
+    static unsigned char p[] =
+"\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
+"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12"
+"\x0D";
+    
+    static unsigned char q[] =
+"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
+"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
+"\x89";
+
+    static unsigned char dmp1[] =
+"\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF"
+"\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05";
+
+    static unsigned char dmq1[] =
+"\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99"
+"\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D"
+"\x51";
+
+    static unsigned char iqmp[] =
+"\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8"
+"\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26";
+
+    static unsigned char ctext_ex[] =
+"\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89"
+"\x2b\xfb\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52"
+"\x33\x89\x5c\x74\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44"
+"\xb0\x05\xc3\x9e\xd8\x27\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2";
+
+    SetKey;
+    }
+
+static int key2(RSA *key, unsigned char *c)
+    {
+    static unsigned char n[] =
+"\x00\xA3\x07\x9A\x90\xDF\x0D\xFD\x72\xAC\x09\x0C\xCC\x2A\x78\xB8"
+"\x74\x13\x13\x3E\x40\x75\x9C\x98\xFA\xF8\x20\x4F\x35\x8A\x0B\x26"
+"\x3C\x67\x70\xE7\x83\xA9\x3B\x69\x71\xB7\x37\x79\xD2\x71\x7B\xE8"
+"\x34\x77\xCF";
+
+    static unsigned char e[] = "\x3";
+
+    static unsigned char d[] =
+"\x6C\xAF\xBC\x60\x94\xB3\xFE\x4C\x72\xB0\xB3\x32\xC6\xFB\x25\xA2"
+"\xB7\x62\x29\x80\x4E\x68\x65\xFC\xA4\x5A\x74\xDF\x0F\x8F\xB8\x41"
+"\x3B\x52\xC0\xD0\xE5\x3D\x9B\x59\x0F\xF1\x9B\xE7\x9F\x49\xDD\x21"
+"\xE5\xEB";
+
+    static unsigned char p[] =
+"\x00\xCF\x20\x35\x02\x8B\x9D\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92"
+"\xEA\x0D\xA3\xB4\x32\x04\xB5\xCF\xCE\x91";
+
+    static unsigned char q[] =
+"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
+"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5F";
+    
+    static unsigned char dmp1[] =
+"\x00\x8A\x15\x78\xAC\x5D\x13\xAF\x10\x2B\x22\xB9\x99\xCD\x74\x61"
+"\xF1\x5E\x6D\x22\xCC\x03\x23\xDF\xDF\x0B";
+
+    static unsigned char dmq1[] =
+"\x00\x86\x55\x21\x4A\xC5\x4D\x8D\x4E\xCD\x61\x77\xF1\xC7\x36\x90"
+"\xCE\x2A\x48\x2C\x8B\x05\x99\xCB\xE0\x3F";
+
+    static unsigned char iqmp[] =
+"\x00\x83\xEF\xEF\xB8\xA9\xA4\x0D\x1D\xB6\xED\x98\xAD\x84\xED\x13"
+"\x35\xDC\xC1\x08\xF3\x22\xD0\x57\xCF\x8D";
+
+    static unsigned char ctext_ex[] =
+"\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a"
+"\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4"
+"\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52"
+"\x62\x51";
+
+    SetKey;
+    }
+
+static int key3(RSA *key, unsigned char *c)
+    {
+    static unsigned char n[] =
+"\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"
+"\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5"
+"\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD"
+"\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80"
+"\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25"
+"\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39"
+"\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68"
+"\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD"
+"\xCB";
+
+    static unsigned char e[] = "\x11";
+
+    static unsigned char d[] =
+"\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD"
+"\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41"
+"\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69"
+"\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA"
+"\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94"
+"\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A"
+"\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94"
+"\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"
+"\xC1";
+
+    static unsigned char p[] =
+"\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60"
+"\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6"
+"\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A"
+"\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65"
+"\x99";
+
+    static unsigned char q[] =
+"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
+"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
+"\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
+"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15"
+"\x03";
+
+    static unsigned char dmp1[] =
+"\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A"
+"\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E"
+"\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E"
+"\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81";
+
+    static unsigned char dmq1[] =
+"\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9"
+"\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7"
+"\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D"
+"\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D";
+    
+    static unsigned char iqmp[] =
+"\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23"
+"\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11"
+"\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E"
+"\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39"
+"\xF7";
+
+    static unsigned char ctext_ex[] =
+"\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7"
+"\x90\xc4\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce"
+"\xf0\xc4\x36\x6f\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3"
+"\xf2\xf1\x92\xdb\xea\xca\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06"
+"\x69\xac\x22\xe9\xf3\xa7\x85\x2e\x3c\x15\xd9\x13\xca\xb0\xb8\x86"
+"\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49\x54\x61\x03\x46\xf4\xd4"
+"\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a\x1f\xc4\x02\x6a"
+"\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20\x2f\xb1";
+
+    SetKey;
+    }
+
+static int pad_unknown(void)
+{
+    unsigned long l;
+    while ((l = ERR_get_error()) != 0)
+      if (ERR_GET_REASON(l) == RSA_R_UNKNOWN_PADDING_TYPE)
+	return(1);
+    return(0);
+}
+
+int main() 
+    {
+    int err=0;
+    int v;
+    RSA *key;
+    unsigned char ptext[256];
+    unsigned char ctext[256];
+    static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
+    unsigned char ctext_ex[256];
+    int plen;
+    int clen = 0;
+    int num;
+
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+	
+    plen = sizeof(ptext_ex) - 1;
+
+    for (v = 0; v < 3; v++)
+	{
+	key = RSA_new();
+	switch (v) {
+    case 0:
+	clen = key1(key, ctext_ex);
+	break;
+    case 1:
+	clen = key2(key, ctext_ex);
+	break;
+    case 2:
+	clen = key3(key, ctext_ex);
+	break;
+	}
+
+	num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
+				 RSA_PKCS1_PADDING);
+	if (num != clen)
+	    {
+	    printf("PKCS#1 v1.5 encryption failed!\n");
+	    err=1;
+	    goto oaep;
+	    }
+  
+	num = RSA_private_decrypt(num, ctext, ptext, key,
+				  RSA_PKCS1_PADDING);
+	if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
+	    {
+	    printf("PKCS#1 v1.5 decryption failed!\n");
+	    err=1;
+	    }
+	else
+	    printf("PKCS #1 v1.5 encryption/decryption ok\n");
+
+    oaep:
+	ERR_clear_error();
+	num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
+				 RSA_PKCS1_OAEP_PADDING);
+	if (num == -1 && pad_unknown())
+	    {
+	    printf("No OAEP support\n");
+	    goto next;
+	    }
+	if (num != clen)
+	    {
+	    printf("OAEP encryption failed!\n");
+	    err=1;
+	    goto next;
+	    }
+  
+	num = RSA_private_decrypt(num, ctext, ptext, key,
+				  RSA_PKCS1_OAEP_PADDING);
+	if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
+	    {
+	    printf("OAEP decryption (encrypted data) failed!\n");
+	    err=1;
+	    }
+	else if (memcmp(ctext, ctext_ex, num) == 0)
+	    {
+	    printf("OAEP test vector %d passed!\n", v);
+	    goto next;
+	    }
+    
+	/* Different ciphertexts (rsa_oaep.c without -DPKCS_TESTVECT).
+	   Try decrypting ctext_ex */
+
+	num = RSA_private_decrypt(clen, ctext_ex, ptext, key,
+				  RSA_PKCS1_OAEP_PADDING);
+
+	if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
+	    {
+	    printf("OAEP decryption (test vector data) failed!\n");
+	    err=1;
+	    }
+	else
+	    printf("OAEP encryption/decryption ok\n");
+    next:
+	RSA_free(key);
+	}
+
+    ERR_remove_state(0);
+
+    CRYPTO_mem_leaks_fp(stdout);
+
+    return err;
+    }
+#endif
diff --git a/lib/libssl/src/crypto/rsa/rsa_pk1.c b/lib/libssl/src/crypto/rsa/rsa_pk1.c
index 2791291b948..f0ae51f234e 100644
--- a/lib/libssl/src/crypto/rsa/rsa_pk1.c
+++ b/lib/libssl/src/crypto/rsa/rsa_pk1.c
@@ -58,27 +58,12 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "rsa.h"
-#include "rand.h"
-
-#ifndef NOPROTO
-int RSA_padding_add_PKCS1_type_1();
-int RSA_padding_check_PKCS1_type_1();
-int RSA_padding_add_PKCS1_type_2();
-int RSA_padding_check_PKCS1_type_2();
-int RSA_padding_add_SSLv23();
-int RSA_padding_check_SSLv23();
-int RSA_padding_add_none();
-int RSA_padding_check_none();
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
 
-#endif
-
-int RSA_padding_add_PKCS1_type_1(to,tlen,from,flen)
-unsigned char *to;
-int tlen;
-unsigned char *from;
-int flen;
+int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
+	     unsigned char *from, int flen)
 	{
 	int j;
 	unsigned char *p;
@@ -103,17 +88,14 @@ int flen;
 	return(1);
 	}
 
-int RSA_padding_check_PKCS1_type_1(to,tlen,from,flen)
-unsigned char *to;
-int tlen;
-unsigned char *from;
-int flen;
+int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
+	     unsigned char *from, int flen, int num)
 	{
 	int i,j;
 	unsigned char *p;
 
 	p=from;
-	if (*(p++) != 01)
+	if ((num != (flen+1)) || (*(p++) != 01))
 		{
 		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BLOCK_TYPE_IS_NOT_01);
 		return(-1);
@@ -153,11 +135,8 @@ int flen;
 	return(j);
 	}
 
-int RSA_padding_add_PKCS1_type_2(to,tlen,from,flen)
-unsigned char *to;
-int tlen;
-unsigned char *from;
-int flen;
+int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
+	     unsigned char *from, int flen)
 	{
 	int i,j;
 	unsigned char *p;
@@ -192,21 +171,21 @@ int flen;
 	return(1);
 	}
 
-int RSA_padding_check_PKCS1_type_2(to,tlen,from,flen)
-unsigned char *to;
-int tlen;
-unsigned char *from;
-int flen;
+int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
+	     unsigned char *from, int flen, int num)
 	{
 	int i,j;
 	unsigned char *p;
 
 	p=from;
-	if (*(p++) != 02)
+	if ((num != (flen+1)) || (*(p++) != 02))
 		{
 		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BLOCK_TYPE_IS_NOT_02);
 		return(-1);
 		}
+#ifdef PKCS1_CHECK
+	return(num-11);
+#endif
 
 	/* scan over padding data */
 	j=flen-1; /* one for type. */
diff --git a/lib/libssl/src/crypto/rsa/rsa_saos.c b/lib/libssl/src/crypto/rsa/rsa_saos.c
index fb0fae5a431..73b8b0c7ad6 100644
--- a/lib/libssl/src/crypto/rsa/rsa_saos.c
+++ b/lib/libssl/src/crypto/rsa/rsa_saos.c
@@ -58,18 +58,13 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "rsa.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
-int RSA_sign_ASN1_OCTET_STRING(type,m,m_len,sigret,siglen,rsa)
-int type;
-unsigned char *m;
-unsigned int m_len;
-unsigned char *sigret;
-unsigned int *siglen;
-RSA *rsa;
+int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len,
+	     unsigned char *sigret, unsigned int *siglen, RSA *rsa)
 	{
 	ASN1_OCTET_STRING sig;
 	int i,j,ret=1;
@@ -105,13 +100,9 @@ RSA *rsa;
 	return(ret);
 	}
 
-int RSA_verify_ASN1_OCTET_STRING(dtype, m, m_len, sigbuf, siglen, rsa)
-int dtype;
-unsigned char *m;
-unsigned int m_len;
-unsigned char *sigbuf;
-unsigned int siglen;
-RSA *rsa;
+int RSA_verify_ASN1_OCTET_STRING(int dtype, unsigned char *m,
+	     unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
+	     RSA *rsa)
 	{
 	int i,ret=0;
 	unsigned char *p,*s;
diff --git a/lib/libssl/src/crypto/rsa/rsa_sign.c b/lib/libssl/src/crypto/rsa/rsa_sign.c
index 28c5571e74a..1740494a4c7 100644
--- a/lib/libssl/src/crypto/rsa/rsa_sign.c
+++ b/lib/libssl/src/crypto/rsa/rsa_sign.c
@@ -58,18 +58,13 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "rsa.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
-int RSA_sign(type,m,m_len,sigret,siglen,rsa)
-int type;
-unsigned char *m;
-unsigned int m_len;
-unsigned char *sigret;
-unsigned int *siglen;
-RSA *rsa;
+int RSA_sign(int type, unsigned char *m, unsigned int m_len,
+	     unsigned char *sigret, unsigned int *siglen, RSA *rsa)
 	{
 	X509_SIG sig;
 	ASN1_TYPE parameter;
@@ -124,13 +119,8 @@ RSA *rsa;
 	return(ret);
 	}
 
-int RSA_verify(dtype, m, m_len, sigbuf, siglen, rsa)
-int dtype;
-unsigned char *m;
-unsigned int m_len;
-unsigned char *sigbuf;
-unsigned int siglen;
-RSA *rsa;
+int RSA_verify(int dtype, unsigned char *m, unsigned int m_len,
+	     unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
 	{
 	int i,ret=0,sigtype;
 	unsigned char *p,*s;
@@ -154,9 +144,11 @@ RSA *rsa;
 
 	p=s;
 	sig=d2i_X509_SIG(NULL,&p,(long)i);
+
 	if (sig == NULL) goto err;
 	sigtype=OBJ_obj2nid(sig->algor->algorithm);
 
+
 #ifdef RSA_DEBUG
 	/* put a backward compatability flag in EAY */
 	fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype),
diff --git a/lib/libssl/src/crypto/rsa/rsa_ssl.c b/lib/libssl/src/crypto/rsa/rsa_ssl.c
index 9bcd4b2c03a..1050844f8d2 100644
--- a/lib/libssl/src/crypto/rsa/rsa_ssl.c
+++ b/lib/libssl/src/crypto/rsa/rsa_ssl.c
@@ -58,15 +58,12 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "rsa.h"
-#include "rand.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
 
-int RSA_padding_add_SSLv23(to,tlen,from,flen)
-unsigned char *to;
-int tlen;
-unsigned char *from;
-int flen;
+int RSA_padding_add_SSLv23(unsigned char *to, int tlen, unsigned char *from,
+	     int flen)
 	{
 	int i,j;
 	unsigned char *p;
@@ -103,11 +100,8 @@ int flen;
 	return(1);
 	}
 
-int RSA_padding_check_SSLv23(to,tlen,from,flen)
-unsigned char *to;
-int tlen;
-unsigned char *from;
-int flen;
+int RSA_padding_check_SSLv23(unsigned char *to, int tlen, unsigned char *from,
+	     int flen, int num)
 	{
 	int i,j,k;
 	unsigned char *p;
@@ -118,7 +112,7 @@ int flen;
 		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_DATA_TOO_SMALL);
 		return(-1);
 		}
-	if (*(p++) != 02)
+	if ((num != (flen+1)) || (*(p++) != 02))
 		{
 		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_BLOCK_TYPE_IS_NOT_02);
 		return(-1);
diff --git a/lib/libssl/src/crypto/sha/Makefile.ssl b/lib/libssl/src/crypto/sha/Makefile.ssl
index eeb545d140f..d01245ce373 100644
--- a/lib/libssl/src/crypto/sha/Makefile.ssl
+++ b/lib/libssl/src/crypto/sha/Makefile.ssl
@@ -7,9 +7,11 @@ TOP=    ../..
 CC=     cc
 INCLUDES=
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=           make -f Makefile.ssl
-MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=       Makefile.ssl
 AR=             ar r
 
@@ -39,7 +41,7 @@ all:    lib
 
 lib:    $(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 	@touch lib
 
 # elf
@@ -58,26 +60,25 @@ asm/sx86-out.o: asm/sx86unix.cpp
 
 # bsdi
 asm/sx86bsdi.o: asm/sx86unix.cpp
-	$(CPP) -DBSDI asm/sx86unix.cpp | as -o asm/sx86bsdi.o
+	$(CPP) -DBSDI asm/sx86unix.cpp | sed 's/ :/:/' | as -o asm/sx86bsdi.o
 
 asm/sx86unix.cpp:
-	(cd asm; perl sha1-586.pl cpp >sx86unix.cpp)
+	(cd asm; $(PERL) sha1-586.pl cpp $(PROCESSOR) >sx86unix.cpp)
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -89,15 +90,22 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
-
-errors:
+	rm -f asm/sx86unix.cpp *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+sha1_one.o: ../../include/openssl/sha.h
+sha1dgst.o: ../../include/openssl/opensslconf.h
+sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+sha1dgst.o: sha_locl.h
+sha_dgst.o: ../../include/openssl/opensslconf.h
+sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+sha_dgst.o: sha_locl.h
+sha_one.o: ../../include/openssl/sha.h
diff --git a/lib/libssl/src/crypto/sha/Makefile.uni b/lib/libssl/src/crypto/sha/Makefile.uni
index f3236755b27..b7ec5caa4e5 100644
--- a/lib/libssl/src/crypto/sha/Makefile.uni
+++ b/lib/libssl/src/crypto/sha/Makefile.uni
@@ -49,7 +49,7 @@ all:    $(LIB) $(TEST) $(APPS)
 
 $(LIB): $(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 
 # elf
 asm/sx86-elf.o: asm/sx86unix.cpp
diff --git a/lib/libssl/src/crypto/sha/asm/sha1-586.pl b/lib/libssl/src/crypto/sha/asm/sha1-586.pl
index d6d998f8ee6..04e42ab09fd 100644
--- a/lib/libssl/src/crypto/sha/asm/sha1-586.pl
+++ b/lib/libssl/src/crypto/sha/asm/sha1-586.pl
@@ -1,11 +1,11 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 
 $normal=0;
 
 push(@INC,"perlasm","../../perlasm");
 require "x86asm.pl";
 
-&asm_init($ARGV[0],"sha1-586.pl");
+&asm_init($ARGV[0],"sha1-586.pl",$ARGV[$#ARGV] eq "386");
 
 $A="eax";
 $B="ebx";
diff --git a/lib/libssl/src/crypto/sha/asm/sx86unix.cpp b/lib/libssl/src/crypto/sha/asm/sx86unix.cpp
deleted file mode 100644
index 8366664a395..00000000000
--- a/lib/libssl/src/crypto/sha/asm/sx86unix.cpp
+++ /dev/null
@@ -1,1948 +0,0 @@
-/* Run the C pre-processor over this file with one of the following defined
- * ELF - elf object files,
- * OUT - a.out object files,
- * BSDI - BSDI style a.out object files
- * SOL - Solaris style elf
- */
-
-#define TYPE(a,b)       .type   a,b
-#define SIZE(a,b)       .size   a,b
-
-#if defined(OUT) || defined(BSDI)
-#define sha1_block_x86 _sha1_block_x86
-
-#endif
-
-#ifdef OUT
-#define OK	1
-#define ALIGN	4
-#endif
-
-#ifdef BSDI
-#define OK              1
-#define ALIGN           4
-#undef SIZE
-#undef TYPE
-#define SIZE(a,b)
-#define TYPE(a,b)
-#endif
-
-#if defined(ELF) || defined(SOL)
-#define OK              1
-#define ALIGN           16
-#endif
-
-#ifndef OK
-You need to define one of
-ELF - elf systems - linux-elf, NetBSD and DG-UX
-OUT - a.out systems - linux-a.out and FreeBSD
-SOL - solaris systems, which are elf with strange comment lines
-BSDI - a.out with a very primative version of as.
-#endif
-
-/* Let the Assembler begin :-) */
-	/* Don't even think of reading this code */
-	/* It was automatically generated by sha1-586.pl */
-	/* Which is a perl program used to generate the x86 assember for */
-	/* any of elf, a.out, BSDI,Win32, or Solaris */
-	/* eric <eay@cryptsoft.com> */
-
-	.file	"sha1-586.s"
-	.version	"01.01"
-gcc2_compiled.:
-.text
-	.align ALIGN
-.globl sha1_block_x86
-	TYPE(sha1_block_x86,@function)
-sha1_block_x86:
-	pushl	%esi
-	pushl	%ebp
-	movl	20(%esp),	%eax
-	movl	16(%esp),	%esi
-	addl	%esi,		%eax
-	movl	12(%esp),	%ebp
-	pushl	%ebx
-	subl	$64,		%eax
-	pushl	%edi
-	movl	4(%ebp),	%ebx
-	subl	$72,		%esp
-	movl	12(%ebp),	%edx
-	movl	16(%ebp),	%edi
-	movl	8(%ebp),	%ecx
-	movl	%eax,		68(%esp)
-	/* First we need to setup the X array */
-	movl	(%esi),		%eax
-.L000start:
-	/* First, load the words onto the stack in network byte order */
-.byte 15
-.byte 200		/* bswapl  %eax */
-	movl	%eax,		(%esp)
-	movl	4(%esi),	%eax
-.byte 15
-.byte 200		/* bswapl  %eax */
-	movl	%eax,		4(%esp)
-	movl	8(%esi),	%eax
-.byte 15
-.byte 200		/* bswapl  %eax */
-	movl	%eax,		8(%esp)
-	movl	12(%esi),	%eax
-.byte 15
-.byte 200		/* bswapl  %eax */
-	movl	%eax,		12(%esp)
-	movl	16(%esi),	%eax
-.byte 15
-.byte 200		/* bswapl  %eax */
-	movl	%eax,		16(%esp)
-	movl	20(%esi),	%eax
-.byte 15
-.byte 200		/* bswapl  %eax */
-	movl	%eax,		20(%esp)
-	movl	24(%esi),	%eax
-.byte 15
-.byte 200		/* bswapl  %eax */
-	movl	%eax,		24(%esp)
-	movl	28(%esi),	%eax
-.byte 15
-.byte 200		/* bswapl  %eax */
-	movl	%eax,		28(%esp)
-	movl	32(%esi),	%eax
-.byte 15
-.byte 200		/* bswapl  %eax */
-	movl	%eax,		32(%esp)
-	movl	36(%esi),	%eax
-.byte 15
-.byte 200		/* bswapl  %eax */
-	movl	%eax,		36(%esp)
-	movl	40(%esi),	%eax
-.byte 15
-.byte 200		/* bswapl  %eax */
-	movl	%eax,		40(%esp)
-	movl	44(%esi),	%eax
-.byte 15
-.byte 200		/* bswapl  %eax */
-	movl	%eax,		44(%esp)
-	movl	48(%esi),	%eax
-.byte 15
-.byte 200		/* bswapl  %eax */
-	movl	%eax,		48(%esp)
-	movl	52(%esi),	%eax
-.byte 15
-.byte 200		/* bswapl  %eax */
-	movl	%eax,		52(%esp)
-	movl	56(%esi),	%eax
-.byte 15
-.byte 200		/* bswapl  %eax */
-	movl	%eax,		56(%esp)
-	movl	60(%esi),	%eax
-.byte 15
-.byte 200		/* bswapl  %eax */
-	movl	%eax,		60(%esp)
-	/* We now have the X array on the stack */
-	/* starting at sp-4 */
-	movl	%esi,		64(%esp)
-
-	/* Start processing */
-	movl	(%ebp),		%eax
-	/* 00_15 0 */
-	movl	%ecx,		%esi
-	movl	%eax,		%ebp
-	xorl	%edx,		%esi
-	roll	$5,		%ebp
-	andl	%ebx,		%esi
-	addl	%edi,		%ebp
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	movl	(%esp),		%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	xorl	%edx,		%esi
-	leal	1518500249(%ebp,%edi,1),%ebp
-	movl	%ebx,		%edi
-	addl	%ebp,		%esi
-	xorl	%ecx,		%edi
-	movl	%esi,		%ebp
-	andl	%eax,		%edi
-	roll	$5,		%ebp
-	addl	%edx,		%ebp
-	movl	4(%esp),	%edx
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	xorl	%ecx,		%edi
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	leal	1518500249(%ebp,%edx,1),%ebp
-	addl	%ebp,		%edi
-	/* 00_15 2 */
-	movl	%eax,		%edx
-	movl	%edi,		%ebp
-	xorl	%ebx,		%edx
-	roll	$5,		%ebp
-	andl	%esi,		%edx
-	addl	%ecx,		%ebp
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	movl	8(%esp),	%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	xorl	%ebx,		%edx
-	leal	1518500249(%ebp,%ecx,1),%ebp
-	movl	%esi,		%ecx
-	addl	%ebp,		%edx
-	xorl	%eax,		%ecx
-	movl	%edx,		%ebp
-	andl	%edi,		%ecx
-	roll	$5,		%ebp
-	addl	%ebx,		%ebp
-	movl	12(%esp),	%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	xorl	%eax,		%ecx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	leal	1518500249(%ebp,%ebx,1),%ebp
-	addl	%ebp,		%ecx
-	/* 00_15 4 */
-	movl	%edi,		%ebx
-	movl	%ecx,		%ebp
-	xorl	%esi,		%ebx
-	roll	$5,		%ebp
-	andl	%edx,		%ebx
-	addl	%eax,		%ebp
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	movl	16(%esp),	%eax
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	xorl	%esi,		%ebx
-	leal	1518500249(%ebp,%eax,1),%ebp
-	movl	%edx,		%eax
-	addl	%ebp,		%ebx
-	xorl	%edi,		%eax
-	movl	%ebx,		%ebp
-	andl	%ecx,		%eax
-	roll	$5,		%ebp
-	addl	%esi,		%ebp
-	movl	20(%esp),	%esi
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	xorl	%edi,		%eax
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	leal	1518500249(%ebp,%esi,1),%ebp
-	addl	%ebp,		%eax
-	/* 00_15 6 */
-	movl	%ecx,		%esi
-	movl	%eax,		%ebp
-	xorl	%edx,		%esi
-	roll	$5,		%ebp
-	andl	%ebx,		%esi
-	addl	%edi,		%ebp
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	movl	24(%esp),	%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	xorl	%edx,		%esi
-	leal	1518500249(%ebp,%edi,1),%ebp
-	movl	%ebx,		%edi
-	addl	%ebp,		%esi
-	xorl	%ecx,		%edi
-	movl	%esi,		%ebp
-	andl	%eax,		%edi
-	roll	$5,		%ebp
-	addl	%edx,		%ebp
-	movl	28(%esp),	%edx
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	xorl	%ecx,		%edi
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	leal	1518500249(%ebp,%edx,1),%ebp
-	addl	%ebp,		%edi
-	/* 00_15 8 */
-	movl	%eax,		%edx
-	movl	%edi,		%ebp
-	xorl	%ebx,		%edx
-	roll	$5,		%ebp
-	andl	%esi,		%edx
-	addl	%ecx,		%ebp
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	movl	32(%esp),	%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	xorl	%ebx,		%edx
-	leal	1518500249(%ebp,%ecx,1),%ebp
-	movl	%esi,		%ecx
-	addl	%ebp,		%edx
-	xorl	%eax,		%ecx
-	movl	%edx,		%ebp
-	andl	%edi,		%ecx
-	roll	$5,		%ebp
-	addl	%ebx,		%ebp
-	movl	36(%esp),	%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	xorl	%eax,		%ecx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	leal	1518500249(%ebp,%ebx,1),%ebp
-	addl	%ebp,		%ecx
-	/* 00_15 10 */
-	movl	%edi,		%ebx
-	movl	%ecx,		%ebp
-	xorl	%esi,		%ebx
-	roll	$5,		%ebp
-	andl	%edx,		%ebx
-	addl	%eax,		%ebp
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	movl	40(%esp),	%eax
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	xorl	%esi,		%ebx
-	leal	1518500249(%ebp,%eax,1),%ebp
-	movl	%edx,		%eax
-	addl	%ebp,		%ebx
-	xorl	%edi,		%eax
-	movl	%ebx,		%ebp
-	andl	%ecx,		%eax
-	roll	$5,		%ebp
-	addl	%esi,		%ebp
-	movl	44(%esp),	%esi
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	xorl	%edi,		%eax
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	leal	1518500249(%ebp,%esi,1),%ebp
-	addl	%ebp,		%eax
-	/* 00_15 12 */
-	movl	%ecx,		%esi
-	movl	%eax,		%ebp
-	xorl	%edx,		%esi
-	roll	$5,		%ebp
-	andl	%ebx,		%esi
-	addl	%edi,		%ebp
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	movl	48(%esp),	%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	xorl	%edx,		%esi
-	leal	1518500249(%ebp,%edi,1),%ebp
-	movl	%ebx,		%edi
-	addl	%ebp,		%esi
-	xorl	%ecx,		%edi
-	movl	%esi,		%ebp
-	andl	%eax,		%edi
-	roll	$5,		%ebp
-	addl	%edx,		%ebp
-	movl	52(%esp),	%edx
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	xorl	%ecx,		%edi
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	leal	1518500249(%ebp,%edx,1),%ebp
-	addl	%ebp,		%edi
-	/* 00_15 14 */
-	movl	%eax,		%edx
-	movl	%edi,		%ebp
-	xorl	%ebx,		%edx
-	roll	$5,		%ebp
-	andl	%esi,		%edx
-	addl	%ecx,		%ebp
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	movl	56(%esp),	%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	xorl	%ebx,		%edx
-	leal	1518500249(%ebp,%ecx,1),%ebp
-	movl	%esi,		%ecx
-	addl	%ebp,		%edx
-	xorl	%eax,		%ecx
-	movl	%edx,		%ebp
-	andl	%edi,		%ecx
-	roll	$5,		%ebp
-	addl	%ebx,		%ebp
-	movl	60(%esp),	%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	xorl	%eax,		%ecx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	leal	1518500249(%ebp,%ebx,1),%ebp
-	addl	%ebp,		%ecx
-	/* 16_19 16 */
-	nop
-	movl	(%esp),		%ebp
-	movl	8(%esp),	%ebx
-	xorl	%ebp,		%ebx
-	movl	32(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	52(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	%edi,		%ebp
-.byte 209
-.byte 195		/* roll $1 %ebx */
-	xorl	%esi,		%ebp
-	movl	%ebx,		(%esp)
-	andl	%edx,		%ebp
-	leal	1518500249(%ebx,%eax,1),%ebx
-	xorl	%esi,		%ebp
-	movl	%ecx,		%eax
-	addl	%ebp,		%ebx
-	roll	$5,		%eax
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	addl	%eax,		%ebx
-	movl	4(%esp),	%eax
-	movl	12(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	36(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	56(%esp),	%ebp
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	xorl	%ebp,		%eax
-.byte 209
-.byte 192		/* roll $1 %eax */
-	movl	%edx,		%ebp
-	xorl	%edi,		%ebp
-	movl	%eax,		4(%esp)
-	andl	%ecx,		%ebp
-	leal	1518500249(%eax,%esi,1),%eax
-	xorl	%edi,		%ebp
-	movl	%ebx,		%esi
-	roll	$5,		%esi
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%esi,		%eax
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%ebp,		%eax
-	/* 16_19 18 */
-	movl	8(%esp),	%ebp
-	movl	16(%esp),	%esi
-	xorl	%ebp,		%esi
-	movl	40(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	60(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	%ecx,		%ebp
-.byte 209
-.byte 198		/* roll $1 %esi */
-	xorl	%edx,		%ebp
-	movl	%esi,		8(%esp)
-	andl	%ebx,		%ebp
-	leal	1518500249(%esi,%edi,1),%esi
-	xorl	%edx,		%ebp
-	movl	%eax,		%edi
-	addl	%ebp,		%esi
-	roll	$5,		%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	addl	%edi,		%esi
-	movl	12(%esp),	%edi
-	movl	20(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	44(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	(%esp),		%ebp
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	xorl	%ebp,		%edi
-.byte 209
-.byte 199		/* roll $1 %edi */
-	movl	%ebx,		%ebp
-	xorl	%ecx,		%ebp
-	movl	%edi,		12(%esp)
-	andl	%eax,		%ebp
-	leal	1518500249(%edi,%edx,1),%edi
-	xorl	%ecx,		%ebp
-	movl	%esi,		%edx
-	roll	$5,		%edx
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%edx,		%edi
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%ebp,		%edi
-	/* 20_39 20 */
-	movl	16(%esp),	%edx
-	movl	24(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	48(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	4(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	%esi,		%ebp
-.byte 209
-.byte 194		/* roll $1 %edx */
-	xorl	%eax,		%ebp
-	movl	%edx,		16(%esp)
-	xorl	%ebx,		%ebp
-	leal	1859775393(%edx,%ecx,1),%edx
-	movl	%edi,		%ecx
-	roll	$5,		%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	addl	%ebp,		%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	addl	%ecx,		%edx
-	/* 20_39 21 */
-	movl	20(%esp),	%ecx
-	movl	28(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	52(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	8(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	%edi,		%ebp
-.byte 209
-.byte 193		/* roll $1 %ecx */
-	xorl	%esi,		%ebp
-	movl	%ecx,		20(%esp)
-	xorl	%eax,		%ebp
-	leal	1859775393(%ecx,%ebx,1),%ecx
-	movl	%edx,		%ebx
-	roll	$5,		%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebp,		%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebx,		%ecx
-	/* 20_39 22 */
-	movl	24(%esp),	%ebx
-	movl	32(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	56(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	12(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	%edx,		%ebp
-.byte 209
-.byte 195		/* roll $1 %ebx */
-	xorl	%edi,		%ebp
-	movl	%ebx,		24(%esp)
-	xorl	%esi,		%ebp
-	leal	1859775393(%ebx,%eax,1),%ebx
-	movl	%ecx,		%eax
-	roll	$5,		%eax
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	addl	%ebp,		%eax
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	addl	%eax,		%ebx
-	/* 20_39 23 */
-	movl	28(%esp),	%eax
-	movl	36(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	60(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	16(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	%ecx,		%ebp
-.byte 209
-.byte 192		/* roll $1 %eax */
-	xorl	%edx,		%ebp
-	movl	%eax,		28(%esp)
-	xorl	%edi,		%ebp
-	leal	1859775393(%eax,%esi,1),%eax
-	movl	%ebx,		%esi
-	roll	$5,		%esi
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%ebp,		%esi
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%esi,		%eax
-	/* 20_39 24 */
-	movl	32(%esp),	%esi
-	movl	40(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	(%esp),		%ebp
-	xorl	%ebp,		%esi
-	movl	20(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	%ebx,		%ebp
-.byte 209
-.byte 198		/* roll $1 %esi */
-	xorl	%ecx,		%ebp
-	movl	%esi,		32(%esp)
-	xorl	%edx,		%ebp
-	leal	1859775393(%esi,%edi,1),%esi
-	movl	%eax,		%edi
-	roll	$5,		%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	addl	%ebp,		%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	addl	%edi,		%esi
-	/* 20_39 25 */
-	movl	36(%esp),	%edi
-	movl	44(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	4(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	%eax,		%ebp
-.byte 209
-.byte 199		/* roll $1 %edi */
-	xorl	%ebx,		%ebp
-	movl	%edi,		36(%esp)
-	xorl	%ecx,		%ebp
-	leal	1859775393(%edi,%edx,1),%edi
-	movl	%esi,		%edx
-	roll	$5,		%edx
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%ebp,		%edx
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%edx,		%edi
-	/* 20_39 26 */
-	movl	40(%esp),	%edx
-	movl	48(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	8(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	28(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	%esi,		%ebp
-.byte 209
-.byte 194		/* roll $1 %edx */
-	xorl	%eax,		%ebp
-	movl	%edx,		40(%esp)
-	xorl	%ebx,		%ebp
-	leal	1859775393(%edx,%ecx,1),%edx
-	movl	%edi,		%ecx
-	roll	$5,		%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	addl	%ebp,		%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	addl	%ecx,		%edx
-	/* 20_39 27 */
-	movl	44(%esp),	%ecx
-	movl	52(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	12(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	32(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	%edi,		%ebp
-.byte 209
-.byte 193		/* roll $1 %ecx */
-	xorl	%esi,		%ebp
-	movl	%ecx,		44(%esp)
-	xorl	%eax,		%ebp
-	leal	1859775393(%ecx,%ebx,1),%ecx
-	movl	%edx,		%ebx
-	roll	$5,		%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebp,		%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebx,		%ecx
-	/* 20_39 28 */
-	movl	48(%esp),	%ebx
-	movl	56(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	16(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	36(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	%edx,		%ebp
-.byte 209
-.byte 195		/* roll $1 %ebx */
-	xorl	%edi,		%ebp
-	movl	%ebx,		48(%esp)
-	xorl	%esi,		%ebp
-	leal	1859775393(%ebx,%eax,1),%ebx
-	movl	%ecx,		%eax
-	roll	$5,		%eax
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	addl	%ebp,		%eax
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	addl	%eax,		%ebx
-	/* 20_39 29 */
-	movl	52(%esp),	%eax
-	movl	60(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	20(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	40(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	%ecx,		%ebp
-.byte 209
-.byte 192		/* roll $1 %eax */
-	xorl	%edx,		%ebp
-	movl	%eax,		52(%esp)
-	xorl	%edi,		%ebp
-	leal	1859775393(%eax,%esi,1),%eax
-	movl	%ebx,		%esi
-	roll	$5,		%esi
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%ebp,		%esi
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%esi,		%eax
-	/* 20_39 30 */
-	movl	56(%esp),	%esi
-	movl	(%esp),		%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	44(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	%ebx,		%ebp
-.byte 209
-.byte 198		/* roll $1 %esi */
-	xorl	%ecx,		%ebp
-	movl	%esi,		56(%esp)
-	xorl	%edx,		%ebp
-	leal	1859775393(%esi,%edi,1),%esi
-	movl	%eax,		%edi
-	roll	$5,		%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	addl	%ebp,		%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	addl	%edi,		%esi
-	/* 20_39 31 */
-	movl	60(%esp),	%edi
-	movl	4(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	28(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	48(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	%eax,		%ebp
-.byte 209
-.byte 199		/* roll $1 %edi */
-	xorl	%ebx,		%ebp
-	movl	%edi,		60(%esp)
-	xorl	%ecx,		%ebp
-	leal	1859775393(%edi,%edx,1),%edi
-	movl	%esi,		%edx
-	roll	$5,		%edx
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%ebp,		%edx
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%edx,		%edi
-	/* 20_39 32 */
-	movl	(%esp),		%edx
-	movl	8(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	32(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	52(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	%esi,		%ebp
-.byte 209
-.byte 194		/* roll $1 %edx */
-	xorl	%eax,		%ebp
-	movl	%edx,		(%esp)
-	xorl	%ebx,		%ebp
-	leal	1859775393(%edx,%ecx,1),%edx
-	movl	%edi,		%ecx
-	roll	$5,		%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	addl	%ebp,		%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	addl	%ecx,		%edx
-	/* 20_39 33 */
-	movl	4(%esp),	%ecx
-	movl	12(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	36(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	56(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	%edi,		%ebp
-.byte 209
-.byte 193		/* roll $1 %ecx */
-	xorl	%esi,		%ebp
-	movl	%ecx,		4(%esp)
-	xorl	%eax,		%ebp
-	leal	1859775393(%ecx,%ebx,1),%ecx
-	movl	%edx,		%ebx
-	roll	$5,		%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebp,		%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebx,		%ecx
-	/* 20_39 34 */
-	movl	8(%esp),	%ebx
-	movl	16(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	40(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	60(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	%edx,		%ebp
-.byte 209
-.byte 195		/* roll $1 %ebx */
-	xorl	%edi,		%ebp
-	movl	%ebx,		8(%esp)
-	xorl	%esi,		%ebp
-	leal	1859775393(%ebx,%eax,1),%ebx
-	movl	%ecx,		%eax
-	roll	$5,		%eax
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	addl	%ebp,		%eax
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	addl	%eax,		%ebx
-	/* 20_39 35 */
-	movl	12(%esp),	%eax
-	movl	20(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	44(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	(%esp),		%ebp
-	xorl	%ebp,		%eax
-	movl	%ecx,		%ebp
-.byte 209
-.byte 192		/* roll $1 %eax */
-	xorl	%edx,		%ebp
-	movl	%eax,		12(%esp)
-	xorl	%edi,		%ebp
-	leal	1859775393(%eax,%esi,1),%eax
-	movl	%ebx,		%esi
-	roll	$5,		%esi
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%ebp,		%esi
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%esi,		%eax
-	/* 20_39 36 */
-	movl	16(%esp),	%esi
-	movl	24(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	48(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	4(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	%ebx,		%ebp
-.byte 209
-.byte 198		/* roll $1 %esi */
-	xorl	%ecx,		%ebp
-	movl	%esi,		16(%esp)
-	xorl	%edx,		%ebp
-	leal	1859775393(%esi,%edi,1),%esi
-	movl	%eax,		%edi
-	roll	$5,		%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	addl	%ebp,		%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	addl	%edi,		%esi
-	/* 20_39 37 */
-	movl	20(%esp),	%edi
-	movl	28(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	52(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	8(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	%eax,		%ebp
-.byte 209
-.byte 199		/* roll $1 %edi */
-	xorl	%ebx,		%ebp
-	movl	%edi,		20(%esp)
-	xorl	%ecx,		%ebp
-	leal	1859775393(%edi,%edx,1),%edi
-	movl	%esi,		%edx
-	roll	$5,		%edx
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%ebp,		%edx
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%edx,		%edi
-	/* 20_39 38 */
-	movl	24(%esp),	%edx
-	movl	32(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	56(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	12(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	%esi,		%ebp
-.byte 209
-.byte 194		/* roll $1 %edx */
-	xorl	%eax,		%ebp
-	movl	%edx,		24(%esp)
-	xorl	%ebx,		%ebp
-	leal	1859775393(%edx,%ecx,1),%edx
-	movl	%edi,		%ecx
-	roll	$5,		%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	addl	%ebp,		%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	addl	%ecx,		%edx
-	/* 20_39 39 */
-	movl	28(%esp),	%ecx
-	movl	36(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	60(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	16(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	%edi,		%ebp
-.byte 209
-.byte 193		/* roll $1 %ecx */
-	xorl	%esi,		%ebp
-	movl	%ecx,		28(%esp)
-	xorl	%eax,		%ebp
-	leal	1859775393(%ecx,%ebx,1),%ecx
-	movl	%edx,		%ebx
-	roll	$5,		%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebp,		%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebx,		%ecx
-	/* 40_59 40 */
-	movl	32(%esp),	%ebx
-	movl	40(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	(%esp),		%ebp
-	xorl	%ebp,		%ebx
-	movl	20(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	%edx,		%ebp
-.byte 209
-.byte 195		/* roll $1 %ebx */
-	orl	%edi,		%ebp
-	movl	%ebx,		32(%esp)
-	andl	%esi,		%ebp
-	leal	2400959708(%ebx,%eax,1),%ebx
-	movl	%edx,		%eax
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	andl	%edi,		%eax
-	orl	%eax,		%ebp
-	movl	%ecx,		%eax
-	roll	$5,		%eax
-	addl	%eax,		%ebp
-	movl	36(%esp),	%eax
-	addl	%ebp,		%ebx
-	movl	44(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	4(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	24(%esp),	%ebp
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	xorl	%ebp,		%eax
-.byte 209
-.byte 192		/* roll $1 %eax */
-	movl	%ecx,		%ebp
-	movl	%eax,		36(%esp)
-	orl	%edx,		%ebp
-	leal	2400959708(%eax,%esi,1),%eax
-	movl	%ecx,		%esi
-	andl	%edi,		%ebp
-	andl	%edx,		%esi
-	orl	%esi,		%ebp
-	movl	%ebx,		%esi
-	roll	$5,		%esi
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%esi,		%ebp
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%ebp,		%eax
-	/* 40_59 41 */
-	/* 40_59 42 */
-	movl	40(%esp),	%esi
-	movl	48(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	8(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	28(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	%ebx,		%ebp
-.byte 209
-.byte 198		/* roll $1 %esi */
-	orl	%ecx,		%ebp
-	movl	%esi,		40(%esp)
-	andl	%edx,		%ebp
-	leal	2400959708(%esi,%edi,1),%esi
-	movl	%ebx,		%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	andl	%ecx,		%edi
-	orl	%edi,		%ebp
-	movl	%eax,		%edi
-	roll	$5,		%edi
-	addl	%edi,		%ebp
-	movl	44(%esp),	%edi
-	addl	%ebp,		%esi
-	movl	52(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	12(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	32(%esp),	%ebp
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	xorl	%ebp,		%edi
-.byte 209
-.byte 199		/* roll $1 %edi */
-	movl	%eax,		%ebp
-	movl	%edi,		44(%esp)
-	orl	%ebx,		%ebp
-	leal	2400959708(%edi,%edx,1),%edi
-	movl	%eax,		%edx
-	andl	%ecx,		%ebp
-	andl	%ebx,		%edx
-	orl	%edx,		%ebp
-	movl	%esi,		%edx
-	roll	$5,		%edx
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%edx,		%ebp
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%ebp,		%edi
-	/* 40_59 43 */
-	/* 40_59 44 */
-	movl	48(%esp),	%edx
-	movl	56(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	16(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	36(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	%esi,		%ebp
-.byte 209
-.byte 194		/* roll $1 %edx */
-	orl	%eax,		%ebp
-	movl	%edx,		48(%esp)
-	andl	%ebx,		%ebp
-	leal	2400959708(%edx,%ecx,1),%edx
-	movl	%esi,		%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	andl	%eax,		%ecx
-	orl	%ecx,		%ebp
-	movl	%edi,		%ecx
-	roll	$5,		%ecx
-	addl	%ecx,		%ebp
-	movl	52(%esp),	%ecx
-	addl	%ebp,		%edx
-	movl	60(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	20(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	40(%esp),	%ebp
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	xorl	%ebp,		%ecx
-.byte 209
-.byte 193		/* roll $1 %ecx */
-	movl	%edi,		%ebp
-	movl	%ecx,		52(%esp)
-	orl	%esi,		%ebp
-	leal	2400959708(%ecx,%ebx,1),%ecx
-	movl	%edi,		%ebx
-	andl	%eax,		%ebp
-	andl	%esi,		%ebx
-	orl	%ebx,		%ebp
-	movl	%edx,		%ebx
-	roll	$5,		%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebx,		%ebp
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebp,		%ecx
-	/* 40_59 45 */
-	/* 40_59 46 */
-	movl	56(%esp),	%ebx
-	movl	(%esp),		%ebp
-	xorl	%ebp,		%ebx
-	movl	24(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	44(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	%edx,		%ebp
-.byte 209
-.byte 195		/* roll $1 %ebx */
-	orl	%edi,		%ebp
-	movl	%ebx,		56(%esp)
-	andl	%esi,		%ebp
-	leal	2400959708(%ebx,%eax,1),%ebx
-	movl	%edx,		%eax
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	andl	%edi,		%eax
-	orl	%eax,		%ebp
-	movl	%ecx,		%eax
-	roll	$5,		%eax
-	addl	%eax,		%ebp
-	movl	60(%esp),	%eax
-	addl	%ebp,		%ebx
-	movl	4(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	28(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	48(%esp),	%ebp
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	xorl	%ebp,		%eax
-.byte 209
-.byte 192		/* roll $1 %eax */
-	movl	%ecx,		%ebp
-	movl	%eax,		60(%esp)
-	orl	%edx,		%ebp
-	leal	2400959708(%eax,%esi,1),%eax
-	movl	%ecx,		%esi
-	andl	%edi,		%ebp
-	andl	%edx,		%esi
-	orl	%esi,		%ebp
-	movl	%ebx,		%esi
-	roll	$5,		%esi
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%esi,		%ebp
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%ebp,		%eax
-	/* 40_59 47 */
-	/* 40_59 48 */
-	movl	(%esp),		%esi
-	movl	8(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	32(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	52(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	%ebx,		%ebp
-.byte 209
-.byte 198		/* roll $1 %esi */
-	orl	%ecx,		%ebp
-	movl	%esi,		(%esp)
-	andl	%edx,		%ebp
-	leal	2400959708(%esi,%edi,1),%esi
-	movl	%ebx,		%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	andl	%ecx,		%edi
-	orl	%edi,		%ebp
-	movl	%eax,		%edi
-	roll	$5,		%edi
-	addl	%edi,		%ebp
-	movl	4(%esp),	%edi
-	addl	%ebp,		%esi
-	movl	12(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	36(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	56(%esp),	%ebp
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	xorl	%ebp,		%edi
-.byte 209
-.byte 199		/* roll $1 %edi */
-	movl	%eax,		%ebp
-	movl	%edi,		4(%esp)
-	orl	%ebx,		%ebp
-	leal	2400959708(%edi,%edx,1),%edi
-	movl	%eax,		%edx
-	andl	%ecx,		%ebp
-	andl	%ebx,		%edx
-	orl	%edx,		%ebp
-	movl	%esi,		%edx
-	roll	$5,		%edx
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%edx,		%ebp
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%ebp,		%edi
-	/* 40_59 49 */
-	/* 40_59 50 */
-	movl	8(%esp),	%edx
-	movl	16(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	40(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	60(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	%esi,		%ebp
-.byte 209
-.byte 194		/* roll $1 %edx */
-	orl	%eax,		%ebp
-	movl	%edx,		8(%esp)
-	andl	%ebx,		%ebp
-	leal	2400959708(%edx,%ecx,1),%edx
-	movl	%esi,		%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	andl	%eax,		%ecx
-	orl	%ecx,		%ebp
-	movl	%edi,		%ecx
-	roll	$5,		%ecx
-	addl	%ecx,		%ebp
-	movl	12(%esp),	%ecx
-	addl	%ebp,		%edx
-	movl	20(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	44(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	(%esp),		%ebp
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	xorl	%ebp,		%ecx
-.byte 209
-.byte 193		/* roll $1 %ecx */
-	movl	%edi,		%ebp
-	movl	%ecx,		12(%esp)
-	orl	%esi,		%ebp
-	leal	2400959708(%ecx,%ebx,1),%ecx
-	movl	%edi,		%ebx
-	andl	%eax,		%ebp
-	andl	%esi,		%ebx
-	orl	%ebx,		%ebp
-	movl	%edx,		%ebx
-	roll	$5,		%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebx,		%ebp
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebp,		%ecx
-	/* 40_59 51 */
-	/* 40_59 52 */
-	movl	16(%esp),	%ebx
-	movl	24(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	48(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	4(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	%edx,		%ebp
-.byte 209
-.byte 195		/* roll $1 %ebx */
-	orl	%edi,		%ebp
-	movl	%ebx,		16(%esp)
-	andl	%esi,		%ebp
-	leal	2400959708(%ebx,%eax,1),%ebx
-	movl	%edx,		%eax
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	andl	%edi,		%eax
-	orl	%eax,		%ebp
-	movl	%ecx,		%eax
-	roll	$5,		%eax
-	addl	%eax,		%ebp
-	movl	20(%esp),	%eax
-	addl	%ebp,		%ebx
-	movl	28(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	52(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	8(%esp),	%ebp
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	xorl	%ebp,		%eax
-.byte 209
-.byte 192		/* roll $1 %eax */
-	movl	%ecx,		%ebp
-	movl	%eax,		20(%esp)
-	orl	%edx,		%ebp
-	leal	2400959708(%eax,%esi,1),%eax
-	movl	%ecx,		%esi
-	andl	%edi,		%ebp
-	andl	%edx,		%esi
-	orl	%esi,		%ebp
-	movl	%ebx,		%esi
-	roll	$5,		%esi
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%esi,		%ebp
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%ebp,		%eax
-	/* 40_59 53 */
-	/* 40_59 54 */
-	movl	24(%esp),	%esi
-	movl	32(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	56(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	12(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	%ebx,		%ebp
-.byte 209
-.byte 198		/* roll $1 %esi */
-	orl	%ecx,		%ebp
-	movl	%esi,		24(%esp)
-	andl	%edx,		%ebp
-	leal	2400959708(%esi,%edi,1),%esi
-	movl	%ebx,		%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	andl	%ecx,		%edi
-	orl	%edi,		%ebp
-	movl	%eax,		%edi
-	roll	$5,		%edi
-	addl	%edi,		%ebp
-	movl	28(%esp),	%edi
-	addl	%ebp,		%esi
-	movl	36(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	60(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	16(%esp),	%ebp
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	xorl	%ebp,		%edi
-.byte 209
-.byte 199		/* roll $1 %edi */
-	movl	%eax,		%ebp
-	movl	%edi,		28(%esp)
-	orl	%ebx,		%ebp
-	leal	2400959708(%edi,%edx,1),%edi
-	movl	%eax,		%edx
-	andl	%ecx,		%ebp
-	andl	%ebx,		%edx
-	orl	%edx,		%ebp
-	movl	%esi,		%edx
-	roll	$5,		%edx
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%edx,		%ebp
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%ebp,		%edi
-	/* 40_59 55 */
-	/* 40_59 56 */
-	movl	32(%esp),	%edx
-	movl	40(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	(%esp),		%ebp
-	xorl	%ebp,		%edx
-	movl	20(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	%esi,		%ebp
-.byte 209
-.byte 194		/* roll $1 %edx */
-	orl	%eax,		%ebp
-	movl	%edx,		32(%esp)
-	andl	%ebx,		%ebp
-	leal	2400959708(%edx,%ecx,1),%edx
-	movl	%esi,		%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	andl	%eax,		%ecx
-	orl	%ecx,		%ebp
-	movl	%edi,		%ecx
-	roll	$5,		%ecx
-	addl	%ecx,		%ebp
-	movl	36(%esp),	%ecx
-	addl	%ebp,		%edx
-	movl	44(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	4(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	24(%esp),	%ebp
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	xorl	%ebp,		%ecx
-.byte 209
-.byte 193		/* roll $1 %ecx */
-	movl	%edi,		%ebp
-	movl	%ecx,		36(%esp)
-	orl	%esi,		%ebp
-	leal	2400959708(%ecx,%ebx,1),%ecx
-	movl	%edi,		%ebx
-	andl	%eax,		%ebp
-	andl	%esi,		%ebx
-	orl	%ebx,		%ebp
-	movl	%edx,		%ebx
-	roll	$5,		%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebx,		%ebp
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebp,		%ecx
-	/* 40_59 57 */
-	/* 40_59 58 */
-	movl	40(%esp),	%ebx
-	movl	48(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	8(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	28(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	%edx,		%ebp
-.byte 209
-.byte 195		/* roll $1 %ebx */
-	orl	%edi,		%ebp
-	movl	%ebx,		40(%esp)
-	andl	%esi,		%ebp
-	leal	2400959708(%ebx,%eax,1),%ebx
-	movl	%edx,		%eax
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	andl	%edi,		%eax
-	orl	%eax,		%ebp
-	movl	%ecx,		%eax
-	roll	$5,		%eax
-	addl	%eax,		%ebp
-	movl	44(%esp),	%eax
-	addl	%ebp,		%ebx
-	movl	52(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	12(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	32(%esp),	%ebp
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	xorl	%ebp,		%eax
-.byte 209
-.byte 192		/* roll $1 %eax */
-	movl	%ecx,		%ebp
-	movl	%eax,		44(%esp)
-	orl	%edx,		%ebp
-	leal	2400959708(%eax,%esi,1),%eax
-	movl	%ecx,		%esi
-	andl	%edi,		%ebp
-	andl	%edx,		%esi
-	orl	%esi,		%ebp
-	movl	%ebx,		%esi
-	roll	$5,		%esi
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%esi,		%ebp
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%ebp,		%eax
-	/* 40_59 59 */
-	/* 20_39 60 */
-	movl	48(%esp),	%esi
-	movl	56(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	16(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	36(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	%ebx,		%ebp
-.byte 209
-.byte 198		/* roll $1 %esi */
-	xorl	%ecx,		%ebp
-	movl	%esi,		48(%esp)
-	xorl	%edx,		%ebp
-	leal	3395469782(%esi,%edi,1),%esi
-	movl	%eax,		%edi
-	roll	$5,		%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	addl	%ebp,		%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	addl	%edi,		%esi
-	/* 20_39 61 */
-	movl	52(%esp),	%edi
-	movl	60(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	20(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	40(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	%eax,		%ebp
-.byte 209
-.byte 199		/* roll $1 %edi */
-	xorl	%ebx,		%ebp
-	movl	%edi,		52(%esp)
-	xorl	%ecx,		%ebp
-	leal	3395469782(%edi,%edx,1),%edi
-	movl	%esi,		%edx
-	roll	$5,		%edx
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%ebp,		%edx
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%edx,		%edi
-	/* 20_39 62 */
-	movl	56(%esp),	%edx
-	movl	(%esp),		%ebp
-	xorl	%ebp,		%edx
-	movl	24(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	44(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	%esi,		%ebp
-.byte 209
-.byte 194		/* roll $1 %edx */
-	xorl	%eax,		%ebp
-	movl	%edx,		56(%esp)
-	xorl	%ebx,		%ebp
-	leal	3395469782(%edx,%ecx,1),%edx
-	movl	%edi,		%ecx
-	roll	$5,		%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	addl	%ebp,		%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	addl	%ecx,		%edx
-	/* 20_39 63 */
-	movl	60(%esp),	%ecx
-	movl	4(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	28(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	48(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	%edi,		%ebp
-.byte 209
-.byte 193		/* roll $1 %ecx */
-	xorl	%esi,		%ebp
-	movl	%ecx,		60(%esp)
-	xorl	%eax,		%ebp
-	leal	3395469782(%ecx,%ebx,1),%ecx
-	movl	%edx,		%ebx
-	roll	$5,		%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebp,		%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebx,		%ecx
-	/* 20_39 64 */
-	movl	(%esp),		%ebx
-	movl	8(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	32(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	52(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	%edx,		%ebp
-.byte 209
-.byte 195		/* roll $1 %ebx */
-	xorl	%edi,		%ebp
-	movl	%ebx,		(%esp)
-	xorl	%esi,		%ebp
-	leal	3395469782(%ebx,%eax,1),%ebx
-	movl	%ecx,		%eax
-	roll	$5,		%eax
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	addl	%ebp,		%eax
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	addl	%eax,		%ebx
-	/* 20_39 65 */
-	movl	4(%esp),	%eax
-	movl	12(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	36(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	56(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	%ecx,		%ebp
-.byte 209
-.byte 192		/* roll $1 %eax */
-	xorl	%edx,		%ebp
-	movl	%eax,		4(%esp)
-	xorl	%edi,		%ebp
-	leal	3395469782(%eax,%esi,1),%eax
-	movl	%ebx,		%esi
-	roll	$5,		%esi
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%ebp,		%esi
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%esi,		%eax
-	/* 20_39 66 */
-	movl	8(%esp),	%esi
-	movl	16(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	40(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	60(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	%ebx,		%ebp
-.byte 209
-.byte 198		/* roll $1 %esi */
-	xorl	%ecx,		%ebp
-	movl	%esi,		8(%esp)
-	xorl	%edx,		%ebp
-	leal	3395469782(%esi,%edi,1),%esi
-	movl	%eax,		%edi
-	roll	$5,		%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	addl	%ebp,		%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	addl	%edi,		%esi
-	/* 20_39 67 */
-	movl	12(%esp),	%edi
-	movl	20(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	44(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	(%esp),		%ebp
-	xorl	%ebp,		%edi
-	movl	%eax,		%ebp
-.byte 209
-.byte 199		/* roll $1 %edi */
-	xorl	%ebx,		%ebp
-	movl	%edi,		12(%esp)
-	xorl	%ecx,		%ebp
-	leal	3395469782(%edi,%edx,1),%edi
-	movl	%esi,		%edx
-	roll	$5,		%edx
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%ebp,		%edx
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%edx,		%edi
-	/* 20_39 68 */
-	movl	16(%esp),	%edx
-	movl	24(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	48(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	4(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	%esi,		%ebp
-.byte 209
-.byte 194		/* roll $1 %edx */
-	xorl	%eax,		%ebp
-	movl	%edx,		16(%esp)
-	xorl	%ebx,		%ebp
-	leal	3395469782(%edx,%ecx,1),%edx
-	movl	%edi,		%ecx
-	roll	$5,		%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	addl	%ebp,		%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	addl	%ecx,		%edx
-	/* 20_39 69 */
-	movl	20(%esp),	%ecx
-	movl	28(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	52(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	8(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	%edi,		%ebp
-.byte 209
-.byte 193		/* roll $1 %ecx */
-	xorl	%esi,		%ebp
-	movl	%ecx,		20(%esp)
-	xorl	%eax,		%ebp
-	leal	3395469782(%ecx,%ebx,1),%ecx
-	movl	%edx,		%ebx
-	roll	$5,		%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebp,		%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebx,		%ecx
-	/* 20_39 70 */
-	movl	24(%esp),	%ebx
-	movl	32(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	56(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	12(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	%edx,		%ebp
-.byte 209
-.byte 195		/* roll $1 %ebx */
-	xorl	%edi,		%ebp
-	movl	%ebx,		24(%esp)
-	xorl	%esi,		%ebp
-	leal	3395469782(%ebx,%eax,1),%ebx
-	movl	%ecx,		%eax
-	roll	$5,		%eax
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	addl	%ebp,		%eax
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	addl	%eax,		%ebx
-	/* 20_39 71 */
-	movl	28(%esp),	%eax
-	movl	36(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	60(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	16(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	%ecx,		%ebp
-.byte 209
-.byte 192		/* roll $1 %eax */
-	xorl	%edx,		%ebp
-	movl	%eax,		28(%esp)
-	xorl	%edi,		%ebp
-	leal	3395469782(%eax,%esi,1),%eax
-	movl	%ebx,		%esi
-	roll	$5,		%esi
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%ebp,		%esi
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%esi,		%eax
-	/* 20_39 72 */
-	movl	32(%esp),	%esi
-	movl	40(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	(%esp),		%ebp
-	xorl	%ebp,		%esi
-	movl	20(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	%ebx,		%ebp
-.byte 209
-.byte 198		/* roll $1 %esi */
-	xorl	%ecx,		%ebp
-	movl	%esi,		32(%esp)
-	xorl	%edx,		%ebp
-	leal	3395469782(%esi,%edi,1),%esi
-	movl	%eax,		%edi
-	roll	$5,		%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	addl	%ebp,		%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	addl	%edi,		%esi
-	/* 20_39 73 */
-	movl	36(%esp),	%edi
-	movl	44(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	4(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	%eax,		%ebp
-.byte 209
-.byte 199		/* roll $1 %edi */
-	xorl	%ebx,		%ebp
-	movl	%edi,		36(%esp)
-	xorl	%ecx,		%ebp
-	leal	3395469782(%edi,%edx,1),%edi
-	movl	%esi,		%edx
-	roll	$5,		%edx
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%ebp,		%edx
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%edx,		%edi
-	/* 20_39 74 */
-	movl	40(%esp),	%edx
-	movl	48(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	8(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	28(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	%esi,		%ebp
-.byte 209
-.byte 194		/* roll $1 %edx */
-	xorl	%eax,		%ebp
-	movl	%edx,		40(%esp)
-	xorl	%ebx,		%ebp
-	leal	3395469782(%edx,%ecx,1),%edx
-	movl	%edi,		%ecx
-	roll	$5,		%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	addl	%ebp,		%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	addl	%ecx,		%edx
-	/* 20_39 75 */
-	movl	44(%esp),	%ecx
-	movl	52(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	12(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	32(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	%edi,		%ebp
-.byte 209
-.byte 193		/* roll $1 %ecx */
-	xorl	%esi,		%ebp
-	movl	%ecx,		44(%esp)
-	xorl	%eax,		%ebp
-	leal	3395469782(%ecx,%ebx,1),%ecx
-	movl	%edx,		%ebx
-	roll	$5,		%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebp,		%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebx,		%ecx
-	/* 20_39 76 */
-	movl	48(%esp),	%ebx
-	movl	56(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	16(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	36(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	%edx,		%ebp
-.byte 209
-.byte 195		/* roll $1 %ebx */
-	xorl	%edi,		%ebp
-	movl	%ebx,		48(%esp)
-	xorl	%esi,		%ebp
-	leal	3395469782(%ebx,%eax,1),%ebx
-	movl	%ecx,		%eax
-	roll	$5,		%eax
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	addl	%ebp,		%eax
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	addl	%eax,		%ebx
-	/* 20_39 77 */
-	movl	52(%esp),	%eax
-	movl	60(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	20(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	40(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	%ecx,		%ebp
-.byte 209
-.byte 192		/* roll $1 %eax */
-	xorl	%edx,		%ebp
-	movl	%eax,		52(%esp)
-	xorl	%edi,		%ebp
-	leal	3395469782(%eax,%esi,1),%eax
-	movl	%ebx,		%esi
-	roll	$5,		%esi
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%ebp,		%esi
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%esi,		%eax
-	/* 20_39 78 */
-	movl	56(%esp),	%esi
-	movl	(%esp),		%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	44(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	%ebx,		%ebp
-.byte 209
-.byte 198		/* roll $1 %esi */
-	xorl	%ecx,		%ebp
-	movl	%esi,		56(%esp)
-	xorl	%edx,		%ebp
-	leal	3395469782(%esi,%edi,1),%esi
-	movl	%eax,		%edi
-	roll	$5,		%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	addl	%ebp,		%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	addl	%edi,		%esi
-	/* 20_39 79 */
-	movl	60(%esp),	%edi
-	movl	4(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	28(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	48(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	%eax,		%ebp
-.byte 209
-.byte 199		/* roll $1 %edi */
-	xorl	%ebx,		%ebp
-	movl	%edi,		60(%esp)
-	xorl	%ecx,		%ebp
-	leal	3395469782(%edi,%edx,1),%edi
-	movl	%esi,		%edx
-	roll	$5,		%edx
-	addl	%ebp,		%edx
-	movl	92(%esp),	%ebp
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%edx,		%edi
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	/* End processing */
-
-	movl	12(%ebp),	%edx
-	addl	%ebx,		%edx
-	movl	4(%ebp),	%ebx
-	addl	%esi,		%ebx
-	movl	%eax,		%esi
-	movl	(%ebp),		%eax
-	movl	%edx,		12(%ebp)
-	addl	%edi,		%eax
-	movl	16(%ebp),	%edi
-	addl	%ecx,		%edi
-	movl	8(%ebp),	%ecx
-	addl	%esi,		%ecx
-	movl	%eax,		(%ebp)
-	movl	64(%esp),	%esi
-	movl	%ecx,		8(%ebp)
-	addl	$64,		%esi
-	movl	68(%esp),	%eax
-	movl	%edi,		16(%ebp)
-	cmpl	%esi,		%eax
-	movl	%ebx,		4(%ebp)
-	jl	.L001end
-	movl	(%esi),		%eax
-	jmp	.L000start
-.L001end:
-	addl	$72,		%esp
-	popl	%edi
-	popl	%ebx
-	popl	%ebp
-	popl	%esi
-	ret
-.sha1_block_x86_end:
-	SIZE(sha1_block_x86,.sha1_block_x86_end-sha1_block_x86)
-.ident	"desasm.pl"
diff --git a/lib/libssl/src/crypto/sha/sha.c b/lib/libssl/src/crypto/sha/sha.c
index 713fec36109..42126551d12 100644
--- a/lib/libssl/src/crypto/sha/sha.c
+++ b/lib/libssl/src/crypto/sha/sha.c
@@ -58,23 +58,14 @@
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "sha.h"
+#include <openssl/sha.h>
 
 #define BUFSIZE	1024*16
 
-#ifndef NOPROTO
 void do_fp(FILE *f);
 void pt(unsigned char *md);
 int read(int, void *, unsigned int);
-#else
-void do_fp();
-void pt();
-int read();
-#endif
-
-int main(argc, argv)
-int argc;
-char **argv;
+int main(int argc, char **argv)
 	{
 	int i,err=0;
 	FILE *IN;
@@ -102,8 +93,7 @@ char **argv;
 	exit(err);
 	}
 
-void do_fp(f)
-FILE *f;
+void do_fp(FILE *f)
 	{
 	SHA_CTX c;
 	unsigned char md[SHA_DIGEST_LENGTH];
@@ -123,8 +113,7 @@ FILE *f;
 	pt(md);
 	}
 
-void pt(md)
-unsigned char *md;
+void pt(unsigned char *md)
 	{
 	int i;
 
diff --git a/lib/libssl/src/crypto/sha/sha.h b/lib/libssl/src/crypto/sha/sha.h
index 4cf0ea02254..cd6960ee1a3 100644
--- a/lib/libssl/src/crypto/sha/sha.h
+++ b/lib/libssl/src/crypto/sha/sha.h
@@ -63,45 +63,55 @@
 extern "C" {
 #endif
 
-#define SHA_CBLOCK	64
+#ifdef NO_SHA
+#error SHA is disabled.
+#endif
+
+/*
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then !
+ * ! SHA_LONG_LOG2 has to be defined along.                        !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+
+#if defined(WIN16) || defined(__LP32__)
+#define SHA_LONG unsigned long
+#elif defined(_CRAY) || defined(__ILP64__)
+#define SHA_LONG unsigned long
+#define SHA_LONG_LOG2 3
+#else
+#define SHA_LONG unsigned int
+#endif
+
 #define SHA_LBLOCK	16
-#define SHA_BLOCK	16
-#define SHA_LAST_BLOCK  56
-#define SHA_LENGTH_BLOCK 8
+#define SHA_CBLOCK	(SHA_LBLOCK*4)	/* SHA treats input data as a
+					 * contiguous array of 32 bit
+					 * wide big-endian values. */
+#define SHA_LAST_BLOCK  (SHA_CBLOCK-8)
 #define SHA_DIGEST_LENGTH 20
 
 typedef struct SHAstate_st
 	{
-	unsigned long h0,h1,h2,h3,h4;
-	unsigned long Nl,Nh;
-	unsigned long data[SHA_LBLOCK];
+	SHA_LONG h0,h1,h2,h3,h4;
+	SHA_LONG Nl,Nh;
+	SHA_LONG data[SHA_LBLOCK];
 	int num;
 	} SHA_CTX;
 
-#ifndef NOPROTO
+#ifndef NO_SHA0
 void SHA_Init(SHA_CTX *c);
-void SHA_Update(SHA_CTX *c, unsigned char *data, unsigned long len);
+void SHA_Update(SHA_CTX *c, const unsigned char *data, unsigned long len);
 void SHA_Final(unsigned char *md, SHA_CTX *c);
-unsigned char *SHA(unsigned char *d, unsigned long n,unsigned char *md);
+unsigned char *SHA(const unsigned char *d, unsigned long n,unsigned char *md);
 void SHA_Transform(SHA_CTX *c, unsigned char *data);
+#endif
+#ifndef NO_SHA1
 void SHA1_Init(SHA_CTX *c);
-void SHA1_Update(SHA_CTX *c, unsigned char *data, unsigned long len);
+void SHA1_Update(SHA_CTX *c, const unsigned char *data, unsigned long len);
 void SHA1_Final(unsigned char *md, SHA_CTX *c);
-unsigned char *SHA1(unsigned char *d, unsigned long n,unsigned char *md);
+unsigned char *SHA1(const unsigned char *d, unsigned long n,unsigned char *md);
 void SHA1_Transform(SHA_CTX *c, unsigned char *data);
-#else
-void SHA_Init();
-void SHA_Update();
-void SHA_Final();
-unsigned char *SHA();
-void SHA_Transform();
-void SHA1_Init();
-void SHA1_Update();
-void SHA1_Final();
-unsigned char *SHA1();
-void SHA1_Transform();
 #endif
-
 #ifdef  __cplusplus
 }
 #endif
diff --git a/lib/libssl/src/crypto/sha/sha1.c b/lib/libssl/src/crypto/sha/sha1.c
index a4739ac9fda..d350c88ee47 100644
--- a/lib/libssl/src/crypto/sha/sha1.c
+++ b/lib/libssl/src/crypto/sha/sha1.c
@@ -58,23 +58,17 @@
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "sha.h"
+#include <openssl/sha.h>
 
 #define BUFSIZE	1024*16
 
-#ifndef NOPROTO
 void do_fp(FILE *f);
 void pt(unsigned char *md);
+#ifndef _OSD_POSIX
 int read(int, void *, unsigned int);
-#else
-void do_fp();
-void pt();
-int read();
 #endif
 
-int main(argc, argv)
-int argc;
-char **argv;
+int main(int argc, char **argv)
 	{
 	int i,err=0;
 	FILE *IN;
@@ -102,8 +96,7 @@ char **argv;
 	exit(err);
 	}
 
-void do_fp(f)
-FILE *f;
+void do_fp(FILE *f)
 	{
 	SHA_CTX c;
 	unsigned char md[SHA_DIGEST_LENGTH];
@@ -123,8 +116,7 @@ FILE *f;
 	pt(md);
 	}
 
-void pt(md)
-unsigned char *md;
+void pt(unsigned char *md)
 	{
 	int i;
 
diff --git a/lib/libssl/src/crypto/sha/sha1_one.c b/lib/libssl/src/crypto/sha/sha1_one.c
index fe5770d6019..861752eaa7e 100644
--- a/lib/libssl/src/crypto/sha/sha1_one.c
+++ b/lib/libssl/src/crypto/sha/sha1_one.c
@@ -58,12 +58,10 @@
 
 #include <stdio.h>
 #include <string.h>
-#include "sha.h"
+#include <openssl/sha.h>
 
-unsigned char *SHA1(d, n, md)
-unsigned char *d;
-unsigned long n;
-unsigned char *md;
+#ifndef NO_SHA1
+unsigned char *SHA1(const unsigned char *d, unsigned long n, unsigned char *md)
 	{
 	SHA_CTX c;
 	static unsigned char m[SHA_DIGEST_LENGTH];
@@ -75,3 +73,4 @@ unsigned char *md;
 	memset(&c,0,sizeof(c));
 	return(md);
 	}
+#endif
diff --git a/lib/libssl/src/crypto/sha/sha1dgst.c b/lib/libssl/src/crypto/sha/sha1dgst.c
index 2b0ae1f0d44..66e885dd76d 100644
--- a/lib/libssl/src/crypto/sha/sha1dgst.c
+++ b/lib/libssl/src/crypto/sha/sha1dgst.c
@@ -60,43 +60,35 @@
 #include <string.h>
 #undef  SHA_0
 #define SHA_1
-#include "sha.h"
+#include <openssl/sha.h>
 #include "sha_locl.h"
+#include <openssl/opensslv.h>
 
-char *SHA1_version="SHA1 part of SSLeay 0.9.0b 29-Jun-1998";
+#ifndef NO_SHA1
+char *SHA1_version="SHA1" OPENSSL_VERSION_PTEXT;
 
 /* Implemented from SHA-1 document - The Secure Hash Algorithm
  */
 
-#define INIT_DATA_h0 (unsigned long)0x67452301L
-#define INIT_DATA_h1 (unsigned long)0xefcdab89L
-#define INIT_DATA_h2 (unsigned long)0x98badcfeL
-#define INIT_DATA_h3 (unsigned long)0x10325476L
-#define INIT_DATA_h4 (unsigned long)0xc3d2e1f0L
+#define INIT_DATA_h0 0x67452301UL
+#define INIT_DATA_h1 0xefcdab89UL
+#define INIT_DATA_h2 0x98badcfeUL
+#define INIT_DATA_h3 0x10325476UL
+#define INIT_DATA_h4 0xc3d2e1f0UL
 
-#define K_00_19	0x5a827999L
-#define K_20_39 0x6ed9eba1L
-#define K_40_59 0x8f1bbcdcL
-#define K_60_79 0xca62c1d6L
+#define K_00_19	0x5a827999UL
+#define K_20_39 0x6ed9eba1UL
+#define K_40_59 0x8f1bbcdcUL
+#define K_60_79 0xca62c1d6UL
 
-#ifndef NOPROTO
-#  ifdef SHA1_ASM
-     void sha1_block_x86(SHA_CTX *c, register unsigned long *p, int num);
-#    define sha1_block sha1_block_x86
-#  else
-     void sha1_block(SHA_CTX *c, register unsigned long *p, int num);
-#  endif
+#ifdef SHA1_ASM
+   void sha1_block_x86(SHA_CTX *c, register SHA_LONG *p, int num);
+#  define sha1_block(c,p,n) sha1_block_x86((c),(p),(n)*SHA_CBLOCK)
 #else
-#  ifdef SHA1_ASM
-     void sha1_block_x86();
-#    define sha1_block sha1_block_x86
-#  else
-     void sha1_block();
-#  endif
+   static void sha1_block(SHA_CTX *c, register SHA_LONG *p, int num);
 #endif
 
-
-#if defined(L_ENDIAN) && defined(SHA1_ASM)
+#if !defined(B_ENDIAN) && defined(SHA1_ASM)
 #  define	M_c2nl 		c2l
 #  define	M_p_c2nl 	p_c2l
 #  define	M_c2nl_p	c2l_p
@@ -110,8 +102,7 @@ char *SHA1_version="SHA1 part of SSLeay 0.9.0b 29-Jun-1998";
 #  define	M_nl2c		nl2c
 #endif
 
-void SHA1_Init(c)
-SHA_CTX *c;
+void SHA1_Init(SHA_CTX *c)
 	{
 	c->h0=INIT_DATA_h0;
 	c->h1=INIT_DATA_h1;
@@ -123,14 +114,12 @@ SHA_CTX *c;
 	c->num=0;
 	}
 
-void SHA1_Update(c, data, len)
-SHA_CTX *c;
-register unsigned char *data;
-unsigned long len;
+void SHA1_Update(SHA_CTX *c, register const unsigned char *data,
+	     unsigned long len)
 	{
-	register ULONG *p;
+	register SHA_LONG *p;
 	int ew,ec,sw,sc;
-	ULONG l;
+	SHA_LONG l;
 
 	if (len == 0) return;
 
@@ -158,7 +147,7 @@ unsigned long len;
 				}
 			len-=(SHA_CBLOCK-c->num);
 
-			sha1_block(c,p,64);
+			sha1_block(c,p,1);
 			c->num=0;
 			/* drop through and do the rest */
 			}
@@ -195,15 +184,15 @@ unsigned long len;
 	 * copies it to a local array.  I should be able to do this for
 	 * the C version as well....
 	 */
-#if 1
+#if SHA_LONG_LOG2==2
 #if defined(B_ENDIAN) || defined(SHA1_ASM)
-	if ((((unsigned int)data)%sizeof(ULONG)) == 0)
+	if ((((unsigned long)data)%sizeof(SHA_LONG)) == 0)
 		{
 		sw=len/SHA_CBLOCK;
 		if (sw)
 			{
+			sha1_block(c,(SHA_LONG *)data,sw);
 			sw*=SHA_CBLOCK;
-			sha1_block(c,(ULONG *)data,sw);
 			data+=sw;
 			len-=sw;
 			}
@@ -215,35 +204,61 @@ unsigned long len;
 	p=c->data;
 	while (len >= SHA_CBLOCK)
 		{
-#if defined(B_ENDIAN) || defined(L_ENDIAN)
-		if (p != (unsigned long *)data)
+#if SHA_LONG_LOG2==2
+#if defined(B_ENDIAN) || defined(SHA1_ASM)
+#define SHA_NO_TAIL_CODE
+		/*
+		 * Basically we get here only when data happens
+		 * to be unaligned.
+		 */
+		if (p != (SHA_LONG *)data)
 			memcpy(p,data,SHA_CBLOCK);
 		data+=SHA_CBLOCK;
-#  ifdef L_ENDIAN
-#    ifndef SHA1_ASM /* Will not happen */
-		for (sw=(SHA_LBLOCK/4); sw; sw--)
+		sha1_block(c,p=c->data,1);
+		len-=SHA_CBLOCK;
+#elif defined(L_ENDIAN)
+#define BE_COPY(dst,src,i)	{				\
+				l = ((SHA_LONG *)src)[i];	\
+				Endian_Reverse32(l);		\
+				dst[i] = l;			\
+				}
+		if ((((unsigned long)data)%sizeof(SHA_LONG)) == 0)
 			{
-			Endian_Reverse32(p[0]);
-			Endian_Reverse32(p[1]);
-			Endian_Reverse32(p[2]);
-			Endian_Reverse32(p[3]);
-			p+=4;
+			for (sw=(SHA_LBLOCK/4); sw; sw--)
+				{
+				BE_COPY(p,data,0);
+				BE_COPY(p,data,1);
+				BE_COPY(p,data,2);
+				BE_COPY(p,data,3);
+				p+=4;
+				data += 4*sizeof(SHA_LONG);
+				}
+			sha1_block(c,p=c->data,1);
+			len-=SHA_CBLOCK;
+			continue;
 			}
+#endif
+#endif
+#ifndef SHA_NO_TAIL_CODE
+		/*
+		 * In addition to "sizeof(SHA_LONG)!= 4" case the
+		 * following code covers unaligned access cases on
+		 * little-endian machines.
+		 *			<appro@fy.chalmers.se>
+		 */
 		p=c->data;
-#    endif
-#  endif
-#else
-		for (sw=(SHA_BLOCK/4); sw; sw--)
+		for (sw=(SHA_LBLOCK/4); sw; sw--)
 			{
-			M_c2nl(data,l); *(p++)=l;
-			M_c2nl(data,l); *(p++)=l;
-			M_c2nl(data,l); *(p++)=l;
-			M_c2nl(data,l); *(p++)=l;
+			M_c2nl(data,l); p[0]=l;
+			M_c2nl(data,l); p[1]=l;
+			M_c2nl(data,l); p[2]=l;
+			M_c2nl(data,l); p[3]=l;
+			p+=4;
 			}
 		p=c->data;
-#endif
-		sha1_block(c,p,64);
+		sha1_block(c,p,1);
 		len-=SHA_CBLOCK;
+#endif
 		}
 	ec=(int)len;
 	c->num=ec;
@@ -256,52 +271,61 @@ unsigned long len;
 	p[sw]=l;
 	}
 
-void SHA1_Transform(c,b)
-SHA_CTX *c;
-unsigned char *b;
+void SHA1_Transform(SHA_CTX *c, unsigned char *b)
 	{
-	ULONG p[16];
-#ifndef B_ENDIAN
-	ULONG *q;
-	int i;
-#endif
+	SHA_LONG p[SHA_LBLOCK];
 
-#if defined(B_ENDIAN) || defined(L_ENDIAN)
-	memcpy(p,b,64);
-#ifdef L_ENDIAN
-	q=p;
-	for (i=(SHA_LBLOCK/4); i; i--)
+#if SHA_LONG_LOG2==2
+#if defined(B_ENDIAN) || defined(SHA1_ASM)
+	memcpy(p,b,SHA_CBLOCK);
+	sha1_block(c,p,1);
+	return;
+#elif defined(L_ENDIAN)
+	if (((unsigned long)b%sizeof(SHA_LONG)) == 0)
 		{
-		Endian_Reverse32(q[0]);
-		Endian_Reverse32(q[1]);
-		Endian_Reverse32(q[2]);
-		Endian_Reverse32(q[3]);
-		q+=4;
+		SHA_LONG *q;
+		int i;
+
+		q=p;
+		for (i=(SHA_LBLOCK/4); i; i--)
+			{
+			unsigned long l;
+			BE_COPY(q,b,0);	/* BE_COPY was defined above */
+			BE_COPY(q,b,1);
+			BE_COPY(q,b,2);
+			BE_COPY(q,b,3);
+			q+=4;
+			b+=4*sizeof(SHA_LONG);
+			}
+		sha1_block(c,p,1);
+		return;
 		}
 #endif
-#else
-	q=p;
-	for (i=(SHA_LBLOCK/4); i; i--)
+#endif
+#ifndef SHA_NO_TAIL_CODE /* defined above, see comment */
 		{
-		ULONG l;
-		c2nl(b,l); *(q++)=l;
-		c2nl(b,l); *(q++)=l;
-		c2nl(b,l); *(q++)=l;
-		c2nl(b,l); *(q++)=l; 
-		} 
+		SHA_LONG *q;
+		int i;
+	
+		q=p;
+		for (i=(SHA_LBLOCK/4); i; i--)
+			{
+			SHA_LONG l;
+			c2nl(b,l); *(q++)=l;
+			c2nl(b,l); *(q++)=l;
+			c2nl(b,l); *(q++)=l;
+			c2nl(b,l); *(q++)=l; 
+			} 
+		sha1_block(c,p,1);
+		}
 #endif
-	sha1_block(c,p,64);
 	}
 
 #ifndef SHA1_ASM
-
-void sha1_block(c, W, num)
-SHA_CTX *c;
-register unsigned long *W;
-int num;
+static void sha1_block(SHA_CTX *c, register SHA_LONG *W, int num)
 	{
-	register ULONG A,B,C,D,E,T;
-	ULONG X[16];
+	register SHA_LONG A,B,C,D,E,T;
+	SHA_LONG X[SHA_LBLOCK];
 
 	A=c->h0;
 	B=c->h1;
@@ -401,8 +425,7 @@ int num;
 	c->h3=(c->h3+B)&0xffffffffL;
 	c->h4=(c->h4+C)&0xffffffffL;
 
-	num-=64;
-	if (num <= 0) break;
+	if (--num <= 0) break;
 
 	A=c->h0;
 	B=c->h1;
@@ -410,18 +433,21 @@ int num;
 	D=c->h3;
 	E=c->h4;
 
-	W+=16;
+	W+=SHA_LBLOCK;	/* Note! This can happen only when sizeof(SHA_LONG)
+			 * is 4. Whenever it's not the actual case this
+			 * function is never called with num larger than 1
+			 * and we never advance down here.
+			 *			<appro@fy.chalmers.se>
+			 */
 		}
 	}
 #endif
 
-void SHA1_Final(md, c)
-unsigned char *md;
-SHA_CTX *c;
+void SHA1_Final(unsigned char *md, SHA_CTX *c)
 	{
 	register int i,j;
-	register ULONG l;
-	register ULONG *p;
+	register SHA_LONG l;
+	register SHA_LONG *p;
 	static unsigned char end[4]={0x80,0x00,0x00,0x00};
 	unsigned char *cp=end;
 
@@ -441,18 +467,20 @@ SHA_CTX *c;
 		{
 		for (; i<SHA_LBLOCK; i++)
 			p[i]=0;
-		sha1_block(c,p,64);
+		sha1_block(c,p,1);
 		i=0;
 		}
 	for (; i<(SHA_LBLOCK-2); i++)
 		p[i]=0;
 	p[SHA_LBLOCK-2]=c->Nh;
 	p[SHA_LBLOCK-1]=c->Nl;
-#if defined(L_ENDIAN) && defined(SHA1_ASM)
+#if SHA_LONG_LOG2==2
+#if !defined(B_ENDIAN) && defined(SHA1_ASM)
 	Endian_Reverse32(p[SHA_LBLOCK-2]);
 	Endian_Reverse32(p[SHA_LBLOCK-1]);
 #endif
-	sha1_block(c,p,64);
+#endif
+	sha1_block(c,p,1);
 	cp=md;
 	l=c->h0; nl2c(l,cp);
 	l=c->h1; nl2c(l,cp);
@@ -460,9 +488,11 @@ SHA_CTX *c;
 	l=c->h3; nl2c(l,cp);
 	l=c->h4; nl2c(l,cp);
 
-	/* clear stuff, sha1_block may be leaving some stuff on the stack
-	 * but I'm not worried :-) */
 	c->num=0;
-/*	memset((char *)&c,0,sizeof(c));*/
+	/* sha_block may be leaving some stuff on the stack
+	 * but I'm not worried :-)
+	memset((void *)c,0,sizeof(SHA_CTX));
+	 */
 	}
+#endif
 
diff --git a/lib/libssl/src/crypto/sha/sha1s.cpp b/lib/libssl/src/crypto/sha/sha1s.cpp
index 0163377de69..3103e1871bb 100644
--- a/lib/libssl/src/crypto/sha/sha1s.cpp
+++ b/lib/libssl/src/crypto/sha/sha1s.cpp
@@ -32,7 +32,7 @@ void GetTSC(unsigned long& tsc)
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "sha.h"
+#include <openssl/sha.h>
 
 extern "C" {
 void sha1_block_x86(SHA_CTX *ctx, unsigned char *buffer,int num);
diff --git a/lib/libssl/src/crypto/sha/sha1test.c b/lib/libssl/src/crypto/sha/sha1test.c
index 3c62a218b42..9400ad2a61f 100644
--- a/lib/libssl/src/crypto/sha/sha1test.c
+++ b/lib/libssl/src/crypto/sha/sha1test.c
@@ -59,7 +59,19 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#include "sha.h"
+
+#ifdef NO_SHA
+int main(int argc, char *argv[])
+{
+    printf("No SHA support\n");
+    return(0);
+}
+#else
+#include <openssl/sha.h>
+
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
 
 #undef SHA_0 /* FIPS 180 */
 #define  SHA_1 /* FIPS 180-1 */
@@ -87,15 +99,8 @@ char *bigret=
 	"34aa973cd4c4daa4f61eeb2bdbad27316534016f";
 #endif
 
-#ifndef NOPROTO
 static char *pt(unsigned char *md);
-#else
-static char *pt();
-#endif
-
-int main(argc,argv)
-int argc;
-char *argv[];
+int main(int argc, char *argv[])
 	{
 	int i,err=0;
 	unsigned char **P,**R;
@@ -104,6 +109,11 @@ char *argv[];
 	SHA_CTX c;
 	unsigned char md[SHA_DIGEST_LENGTH];
 
+#ifdef CHARSET_EBCDIC
+	ebcdic2ascii(test[0], test[0], strlen(test[0]));
+	ebcdic2ascii(test[1], test[1], strlen(test[1]));
+#endif
+
 	P=(unsigned char **)test;
 	R=(unsigned char **)ret;
 	i=1;
@@ -124,6 +134,9 @@ char *argv[];
 		}
 
 	memset(buf,'a',1000);
+#ifdef CHARSET_EBCDIC
+	ebcdic2ascii(buf, buf, 1000);
+#endif /*CHARSET_EBCDIC*/
 	SHA1_Init(&c);
 	for (i=0; i<1000; i++)
 		SHA1_Update(&c,buf,1000);
@@ -143,8 +156,7 @@ char *argv[];
 	return(0);
 	}
 
-static char *pt(md)
-unsigned char *md;
+static char *pt(unsigned char *md)
 	{
 	int i;
 	static char buf[80];
@@ -153,3 +165,4 @@ unsigned char *md;
 		sprintf(&(buf[i*2]),"%02x",md[i]);
 	return(buf);
 	}
+#endif
diff --git a/lib/libssl/src/crypto/sha/sha_dgst.c b/lib/libssl/src/crypto/sha/sha_dgst.c
index 8ed533ea26d..4df535360f3 100644
--- a/lib/libssl/src/crypto/sha/sha_dgst.c
+++ b/lib/libssl/src/crypto/sha/sha_dgst.c
@@ -60,39 +60,44 @@
 #include <string.h>
 #define  SHA_0
 #undef SHA_1
-#include "sha.h"
+#include <openssl/sha.h>
 #include "sha_locl.h"
+#include <openssl/opensslv.h>
 
-char *SHA_version="SHA part of SSLeay 0.9.0b 29-Jun-1998";
+#ifndef NO_SHA0
+char *SHA_version="SHA" OPENSSL_VERSION_PTEXT;
 
 /* Implemented from SHA-0 document - The Secure Hash Algorithm
  */
 
-#define INIT_DATA_h0 (unsigned long)0x67452301L
-#define INIT_DATA_h1 (unsigned long)0xefcdab89L
-#define INIT_DATA_h2 (unsigned long)0x98badcfeL
-#define INIT_DATA_h3 (unsigned long)0x10325476L
-#define INIT_DATA_h4 (unsigned long)0xc3d2e1f0L
+#define INIT_DATA_h0 0x67452301UL
+#define INIT_DATA_h1 0xefcdab89UL
+#define INIT_DATA_h2 0x98badcfeUL
+#define INIT_DATA_h3 0x10325476UL
+#define INIT_DATA_h4 0xc3d2e1f0UL
 
-#define K_00_19	0x5a827999L
-#define K_20_39 0x6ed9eba1L
-#define K_40_59 0x8f1bbcdcL
-#define K_60_79 0xca62c1d6L
+#define K_00_19	0x5a827999UL
+#define K_20_39 0x6ed9eba1UL
+#define K_40_59 0x8f1bbcdcUL
+#define K_60_79 0xca62c1d6UL
 
-#ifndef NOPROTO
-   void sha_block(SHA_CTX *c, register unsigned long *p, int num);
+static void sha_block(SHA_CTX *c, register SHA_LONG *p, int num);
+
+#if !defined(B_ENDIAN) && defined(SHA_ASM)
+#  define	M_c2nl 		c2l
+#  define	M_p_c2nl 	p_c2l
+#  define	M_c2nl_p	c2l_p
+#  define	M_p_c2nl_p	p_c2l_p
+#  define	M_nl2c		l2c
 #else
-   void sha_block();
+#  define	M_c2nl 		c2nl
+#  define	M_p_c2nl	p_c2nl
+#  define	M_c2nl_p	c2nl_p
+#  define	M_p_c2nl_p	p_c2nl_p
+#  define	M_nl2c		nl2c
 #endif
 
-#define	M_c2nl 		c2nl
-#define	M_p_c2nl	p_c2nl
-#define	M_c2nl_p	c2nl_p
-#define	M_p_c2nl_p	p_c2nl_p
-#define	M_nl2c		nl2c
-
-void SHA_Init(c)
-SHA_CTX *c;
+void SHA_Init(SHA_CTX *c)
 	{
 	c->h0=INIT_DATA_h0;
 	c->h1=INIT_DATA_h1;
@@ -104,14 +109,12 @@ SHA_CTX *c;
 	c->num=0;
 	}
 
-void SHA_Update(c, data, len)
-SHA_CTX *c;
-register unsigned char *data;
-unsigned long len;
+void SHA_Update(SHA_CTX *c, register const unsigned char *data,
+		unsigned long len)
 	{
-	register ULONG *p;
+	register SHA_LONG *p;
 	int ew,ec,sw,sc;
-	ULONG l;
+	SHA_LONG l;
 
 	if (len == 0) return;
 
@@ -139,7 +142,7 @@ unsigned long len;
 				}
 			len-=(SHA_CBLOCK-c->num);
 
-			sha_block(c,p,64);
+			sha_block(c,p,1);
 			c->num=0;
 			/* drop through and do the rest */
 			}
@@ -176,15 +179,15 @@ unsigned long len;
 	 * copies it to a local array.  I should be able to do this for
 	 * the C version as well....
 	 */
-#if 1
+#if SHA_LONG_LOG2==2
 #if defined(B_ENDIAN) || defined(SHA_ASM)
-	if ((((unsigned int)data)%sizeof(ULONG)) == 0)
+	if ((((unsigned long)data)%sizeof(SHA_LONG)) == 0)
 		{
 		sw=len/SHA_CBLOCK;
 		if (sw)
 			{
+			sha_block(c,(SHA_LONG *)data,sw);
 			sw*=SHA_CBLOCK;
-			sha_block(c,(ULONG *)data,sw);
 			data+=sw;
 			len-=sw;
 			}
@@ -196,35 +199,61 @@ unsigned long len;
 	p=c->data;
 	while (len >= SHA_CBLOCK)
 		{
-#if defined(B_ENDIAN) || defined(L_ENDIAN)
-		if (p != (unsigned long *)data)
+#if SHA_LONG_LOG2==2
+#if defined(B_ENDIAN) || defined(SHA_ASM)
+#define SHA_NO_TAIL_CODE
+		/*
+		 * Basically we get here only when data happens
+		 * to be unaligned.
+		 */
+		if (p != (SHA_LONG *)data)
 			memcpy(p,data,SHA_CBLOCK);
 		data+=SHA_CBLOCK;
-#  ifdef L_ENDIAN
-#    ifndef SHA_ASM /* Will not happen */
-		for (sw=(SHA_LBLOCK/4); sw; sw--)
+		sha_block(c,p=c->data,1);
+		len-=SHA_CBLOCK;
+#elif defined(L_ENDIAN)
+#define BE_COPY(dst,src,i)	{				\
+				l = ((SHA_LONG *)src)[i];	\
+				Endian_Reverse32(l);		\
+				dst[i] = l;			\
+				}
+		if ((((unsigned long)data)%sizeof(SHA_LONG)) == 0)
 			{
-			Endian_Reverse32(p[0]);
-			Endian_Reverse32(p[1]);
-			Endian_Reverse32(p[2]);
-			Endian_Reverse32(p[3]);
-			p+=4;
+			for (sw=(SHA_LBLOCK/4); sw; sw--)
+				{
+				BE_COPY(p,data,0);
+				BE_COPY(p,data,1);
+				BE_COPY(p,data,2);
+				BE_COPY(p,data,3);
+				p+=4;
+				data += 4*sizeof(SHA_LONG);
+				}
+			sha_block(c,p=c->data,1);
+			len-=SHA_CBLOCK;
+			continue;
 			}
+#endif
+#endif
+#ifndef SHA_NO_TAIL_CODE
+		/*
+		 * In addition to "sizeof(SHA_LONG)!= 4" case the
+		 * following code covers unaligned access cases on
+		 * little-endian machines.
+		 *			<appro@fy.chalmers.se>
+		 */
 		p=c->data;
-#    endif
-#  endif
-#else
-		for (sw=(SHA_BLOCK/4); sw; sw--)
+		for (sw=(SHA_LBLOCK/4); sw; sw--)
 			{
-			M_c2nl(data,l); *(p++)=l;
-			M_c2nl(data,l); *(p++)=l;
-			M_c2nl(data,l); *(p++)=l;
-			M_c2nl(data,l); *(p++)=l;
+			M_c2nl(data,l); p[0]=l;
+			M_c2nl(data,l); p[1]=l;
+			M_c2nl(data,l); p[2]=l;
+			M_c2nl(data,l); p[3]=l;
+			p+=4;
 			}
 		p=c->data;
-#endif
-		sha_block(c,p,64);
+		sha_block(c,p,1);
 		len-=SHA_CBLOCK;
+#endif
 		}
 	ec=(int)len;
 	c->num=ec;
@@ -237,50 +266,61 @@ unsigned long len;
 	p[sw]=l;
 	}
 
-void SHA_Transform(c,b)
-SHA_CTX *c;
-unsigned char *b;
+void SHA_Transform(SHA_CTX *c, unsigned char *b)
 	{
-	ULONG p[16];
-#if !defined(B_ENDIAN)
-	ULONG *q;
-	int i;
-#endif
+	SHA_LONG p[SHA_LBLOCK];
 
-#if defined(B_ENDIAN) || defined(L_ENDIAN)
-	memcpy(p,b,64);
-#ifdef L_ENDIAN
-	q=p;
-	for (i=(SHA_LBLOCK/4); i; i--)
+#if SHA_LONG_LOG2==2
+#if defined(B_ENDIAN) || defined(SHA_ASM)
+	memcpy(p,b,SHA_CBLOCK);
+	sha_block(c,p,1);
+	return;
+#elif defined(L_ENDIAN)
+	if (((unsigned long)b%sizeof(SHA_LONG)) == 0)
 		{
-		Endian_Reverse32(q[0]);
-		Endian_Reverse32(q[1]);
-		Endian_Reverse32(q[2]);
-		Endian_Reverse32(q[3]);
-		q+=4;
+		SHA_LONG *q;
+		int i;
+
+		q=p;
+		for (i=(SHA_LBLOCK/4); i; i--)
+			{
+			unsigned long l;
+			BE_COPY(q,b,0);	/* BE_COPY was defined above */
+			BE_COPY(q,b,1);
+			BE_COPY(q,b,2);
+			BE_COPY(q,b,3);
+			q+=4;
+			b+=4*sizeof(SHA_LONG);
+			}
+		sha_block(c,p,1);
+		return;
 		}
 #endif
-#else
-	q=p;
-	for (i=(SHA_LBLOCK/4); i; i--)
+#endif
+#ifndef SHA_NO_TAIL_CODE /* defined above, see comment */
 		{
-		ULONG l;
-		c2nl(b,l); *(q++)=l;
-		c2nl(b,l); *(q++)=l;
-		c2nl(b,l); *(q++)=l;
-		c2nl(b,l); *(q++)=l; 
-		} 
+		SHA_LONG *q;
+		int i;
+
+		q=p;
+		for (i=(SHA_LBLOCK/4); i; i--)
+			{
+			SHA_LONG l;
+			c2nl(b,l); *(q++)=l;
+			c2nl(b,l); *(q++)=l;
+			c2nl(b,l); *(q++)=l;
+			c2nl(b,l); *(q++)=l; 
+			} 
+		sha_block(c,p,1);
+		}
 #endif
-	sha_block(c,p,64);
 	}
 
-void sha_block(c, W, num)
-SHA_CTX *c;
-register unsigned long *W;
-int num;
+#ifndef SHA_ASM
+static void sha_block(SHA_CTX *c, register SHA_LONG *W, int num)
 	{
-	register ULONG A,B,C,D,E,T;
-	ULONG X[16];
+	register SHA_LONG A,B,C,D,E,T;
+	SHA_LONG X[SHA_LBLOCK];
 
 	A=c->h0;
 	B=c->h1;
@@ -380,8 +420,7 @@ int num;
 	c->h3=(c->h3+B)&0xffffffffL;
 	c->h4=(c->h4+C)&0xffffffffL;
 
-	num-=64;
-	if (num <= 0) break;
+	if (--num <= 0) break;
 
 	A=c->h0;
 	B=c->h1;
@@ -389,17 +428,21 @@ int num;
 	D=c->h3;
 	E=c->h4;
 
-	W+=16;
+	W+=SHA_LBLOCK;	/* Note! This can happen only when sizeof(SHA_LONG)
+			 * is 4. Whenever it's not the actual case this
+			 * function is never called with num larger than 1
+			 * and we never advance down here.
+			 *			<appro@fy.chalmers.se>
+			 */
 		}
 	}
+#endif
 
-void SHA_Final(md, c)
-unsigned char *md;
-SHA_CTX *c;
+void SHA_Final(unsigned char *md, SHA_CTX *c)
 	{
 	register int i,j;
-	register ULONG l;
-	register ULONG *p;
+	register SHA_LONG l;
+	register SHA_LONG *p;
 	static unsigned char end[4]={0x80,0x00,0x00,0x00};
 	unsigned char *cp=end;
 
@@ -419,14 +462,20 @@ SHA_CTX *c;
 		{
 		for (; i<SHA_LBLOCK; i++)
 			p[i]=0;
-		sha_block(c,p,64);
+		sha_block(c,p,1);
 		i=0;
 		}
 	for (; i<(SHA_LBLOCK-2); i++)
 		p[i]=0;
 	p[SHA_LBLOCK-2]=c->Nh;
 	p[SHA_LBLOCK-1]=c->Nl;
-	sha_block(c,p,64);
+#if SHA_LONG_LOG2==2
+#if !defined(B_ENDIAN) && defined(SHA_ASM)
+	Endian_Reverse32(p[SHA_LBLOCK-2]);
+	Endian_Reverse32(p[SHA_LBLOCK-1]);
+#endif
+#endif
+	sha_block(c,p,1);
 	cp=md;
 	l=c->h0; nl2c(l,cp);
 	l=c->h1; nl2c(l,cp);
@@ -434,9 +483,10 @@ SHA_CTX *c;
 	l=c->h3; nl2c(l,cp);
 	l=c->h4; nl2c(l,cp);
 
-	/* clear stuff, sha_block may be leaving some stuff on the stack
-	 * but I'm not worried :-) */
 	c->num=0;
-/*	memset((char *)&c,0,sizeof(c));*/
+	/* sha_block may be leaving some stuff on the stack
+	 * but I'm not worried :-)
+	memset((void *)c,0,sizeof(SHA_CTX));
+	 */
 	}
-
+#endif
diff --git a/lib/libssl/src/crypto/sha/sha_locl.h b/lib/libssl/src/crypto/sha/sha_locl.h
index 2814ad15fa1..6646a8915b7 100644
--- a/lib/libssl/src/crypto/sha/sha_locl.h
+++ b/lib/libssl/src/crypto/sha/sha_locl.h
@@ -59,6 +59,8 @@
 #include <stdlib.h>
 #include <string.h>
 
+#include <openssl/opensslconf.h>
+
 #ifdef undef
 /* one or the other needs to be defined */
 #ifndef SHA_1 /* FIPE 180-1 */
@@ -66,14 +68,6 @@
 #endif
 #endif
 
-#define ULONG	unsigned long
-#define UCHAR	unsigned char
-#define UINT	unsigned int
-
-#ifdef NOCONST
-#define const
-#endif
-
 #undef c2nl
 #define c2nl(c,l)	(l =(((unsigned long)(*((c)++)))<<24), \
 			 l|=(((unsigned long)(*((c)++)))<<16), \
@@ -166,30 +160,79 @@
 			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
 			 *((c)++)=(unsigned char)(((l)>>24)&0xff))
 
+#ifndef SHA_LONG_LOG2
+#define SHA_LONG_LOG2	2	/* default to 32 bits */
+#endif
+
 #undef ROTATE
+#undef Endian_Reverse32
 #if defined(WIN32)
 #define ROTATE(a,n)     _lrotl(a,n)
-#else
-#define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
+#elif defined(__GNUC__) && !defined(PEDANTIC)
+/* some inline assembler templates by <appro@fy.chalmers.se> */
+#if defined(__i386) && !defined(NO_ASM)
+#define ROTATE(a,n)	({ register unsigned int ret;	\
+				asm ("roll %1,%0"	\
+				: "=r"(ret)		\
+				: "I"(n), "0"(a)	\
+				: "cc");		\
+			   ret;				\
+			})
+#ifndef I386_ONLY
+#define Endian_Reverse32(a) \
+			{ register unsigned int ltmp=(a);	\
+				asm ("bswapl %0"	\
+				: "=r"(ltmp) : "0"(ltmp));	\
+			  (a)=ltmp;			\
+			}
+#endif
+#elif defined(__powerpc)
+#define ROTATE(a,n)	({ register unsigned int ret;		\
+				asm ("rlwinm %0,%1,%2,0,31"	\
+				: "=r"(ret)			\
+				: "r"(a), "I"(n));		\
+			   ret;					\
+			})
+/* Endian_Reverse32 is not needed for PowerPC */
+#endif
 #endif
 
 /* A nice byte order reversal from Wei Dai <weidai@eskimo.com> */
-#if defined(WIN32)
+#ifdef ROTATE
+#ifndef Endian_Reverse32
 /* 5 instructions with rotate instruction, else 9 */
 #define Endian_Reverse32(a) \
 	{ \
-	unsigned long l=(a); \
-	(a)=((ROTATE(l,8)&0x00FF00FF)|(ROTATE(l,24)&0xFF00FF00)); \
+	unsigned long t=(a); \
+	(a)=((ROTATE(t,8)&0x00FF00FF)|(ROTATE((t&0x00FF00FF),24))); \
 	}
+#endif
 #else
+#define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
+#ifndef Endian_Reverse32
 /* 6 instructions with rotate instruction, else 8 */
 #define Endian_Reverse32(a) \
 	{ \
-	unsigned long l=(a); \
-	l=(((l&0xFF00FF00)>>8L)|((l&0x00FF00FF)<<8L)); \
-	(a)=ROTATE(l,16L); \
+	unsigned long t=(a); \
+	t=(((t>>8)&0x00FF00FF)|((t&0x00FF00FF)<<8)); \
+	(a)=ROTATE(t,16); \
 	}
 #endif
+/*
+ * Originally the middle line started with l=(((l&0xFF00FF00)>>8)|...
+ * It's rewritten as above for two reasons:
+ *	- RISCs aren't good at long constants and have to explicitely
+ *	  compose 'em with several (well, usually 2) instructions in a
+ *	  register before performing the actual operation and (as you
+ *	  already realized:-) having same constant should inspire the
+ *	  compiler to permanently allocate the only register for it;
+ *	- most modern CPUs have two ALUs, but usually only one has
+ *	  circuitry for shifts:-( this minor tweak inspires compiler
+ *	  to schedule shift instructions in a better way...
+ *
+ *				<appro@fy.chalmers.se>
+ */
+#endif
 
 /* As  pointed out by Wei Dai <weidai@eskimo.com>, F() below can be
  * simplified to the code in F_00_19.  Wei attributes these optimisations
@@ -203,13 +246,12 @@
 #define F_40_59(b,c,d)	(((b) & (c)) | (((b)|(c)) & (d))) 
 #define	F_60_79(b,c,d)	F_20_39(b,c,d)
 
-#ifdef SHA_0
 #undef Xupdate
+#ifdef SHA_0
 #define Xupdate(a,i,ia,ib,ic,id) X[(i)&0x0f]=(a)=\
 	(ia[(i)&0x0f]^ib[((i)+2)&0x0f]^ic[((i)+8)&0x0f]^id[((i)+13)&0x0f]);
 #endif
 #ifdef SHA_1
-#undef Xupdate
 #define Xupdate(a,i,ia,ib,ic,id) (a)=\
 	(ia[(i)&0x0f]^ib[((i)+2)&0x0f]^ic[((i)+8)&0x0f]^id[((i)+13)&0x0f]);\
 	X[(i)&0x0f]=(a)=ROTATE((a),1);
diff --git a/lib/libssl/src/crypto/sha/sha_one.c b/lib/libssl/src/crypto/sha/sha_one.c
index 18ab7f61bc5..2d955de1628 100644
--- a/lib/libssl/src/crypto/sha/sha_one.c
+++ b/lib/libssl/src/crypto/sha/sha_one.c
@@ -58,12 +58,10 @@
 
 #include <stdio.h>
 #include <string.h>
-#include "sha.h"
+#include <openssl/sha.h>
 
-unsigned char *SHA(d, n, md)
-unsigned char *d;
-unsigned long n;
-unsigned char *md;
+#ifndef NO_SHA0
+unsigned char *SHA(const unsigned char *d, unsigned long n, unsigned char *md)
 	{
 	SHA_CTX c;
 	static unsigned char m[SHA_DIGEST_LENGTH];
@@ -75,3 +73,4 @@ unsigned char *md;
 	memset(&c,0,sizeof(c));
 	return(md);
 	}
+#endif
diff --git a/lib/libssl/src/crypto/sha/sha_sgst.c b/lib/libssl/src/crypto/sha/sha_sgst.c
deleted file mode 100644
index 8a16801328a..00000000000
--- a/lib/libssl/src/crypto/sha/sha_sgst.c
+++ /dev/null
@@ -1,246 +0,0 @@
-/* crypto/sha/sha_sgst.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdlib.h>
-#include <string.h>
-
-#ifdef undef
-/* one or the other needs to be defined */
-#ifndef SHA_1 /* FIPE 180-1 */
-#define SHA_0 /* FIPS 180   */
-#endif
-#endif
-
-#define ULONG	unsigned long
-#define UCHAR	unsigned char
-#define UINT	unsigned int
-
-#ifdef NOCONST
-#define const
-#endif
-
-#undef c2nl
-#define c2nl(c,l)	(l =(((unsigned long)(*((c)++)))<<24), \
-			 l|=(((unsigned long)(*((c)++)))<<16), \
-			 l|=(((unsigned long)(*((c)++)))<< 8), \
-			 l|=(((unsigned long)(*((c)++)))    ))
-
-#undef p_c2nl
-#define p_c2nl(c,l,n)	{ \
-			switch (n) { \
-			case 0: l =((unsigned long)(*((c)++)))<<24; \
-			case 1: l|=((unsigned long)(*((c)++)))<<16; \
-			case 2: l|=((unsigned long)(*((c)++)))<< 8; \
-			case 3: l|=((unsigned long)(*((c)++))); \
-				} \
-			}
-
-#undef c2nl_p
-/* NOTE the pointer is not incremented at the end of this */
-#define c2nl_p(c,l,n)	{ \
-			l=0; \
-			(c)+=n; \
-			switch (n) { \
-			case 3: l =((unsigned long)(*(--(c))))<< 8; \
-			case 2: l|=((unsigned long)(*(--(c))))<<16; \
-			case 1: l|=((unsigned long)(*(--(c))))<<24; \
-				} \
-			}
-
-#undef p_c2nl_p
-#define p_c2nl_p(c,l,sc,len) { \
-			switch (sc) \
-				{ \
-			case 0: l =((unsigned long)(*((c)++)))<<24; \
-				if (--len == 0) break; \
-			case 1: l|=((unsigned long)(*((c)++)))<<16; \
-				if (--len == 0) break; \
-			case 2: l|=((unsigned long)(*((c)++)))<< 8; \
-				} \
-			}
-
-#undef nl2c
-#define nl2c(l,c)	(*((c)++)=(unsigned char)(((l)>>24)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
-			 *((c)++)=(unsigned char)(((l)    )&0xff))
-
-#undef c2l
-#define c2l(c,l)	(l =(((unsigned long)(*((c)++)))    ), \
-			 l|=(((unsigned long)(*((c)++)))<< 8), \
-			 l|=(((unsigned long)(*((c)++)))<<16), \
-			 l|=(((unsigned long)(*((c)++)))<<24))
-
-#undef p_c2l
-#define p_c2l(c,l,n)	{ \
-			switch (n) { \
-			case 0: l =((unsigned long)(*((c)++))); \
-			case 1: l|=((unsigned long)(*((c)++)))<< 8; \
-			case 2: l|=((unsigned long)(*((c)++)))<<16; \
-			case 3: l|=((unsigned long)(*((c)++)))<<24; \
-				} \
-			}
-
-#undef c2l_p
-/* NOTE the pointer is not incremented at the end of this */
-#define c2l_p(c,l,n)	{ \
-			l=0; \
-			(c)+=n; \
-			switch (n) { \
-			case 3: l =((unsigned long)(*(--(c))))<<16; \
-			case 2: l|=((unsigned long)(*(--(c))))<< 8; \
-			case 1: l|=((unsigned long)(*(--(c)))); \
-				} \
-			}
-
-#undef p_c2l_p
-#define p_c2l_p(c,l,sc,len) { \
-			switch (sc) \
-				{ \
-			case 0: l =((unsigned long)(*((c)++))); \
-				if (--len == 0) break; \
-			case 1: l|=((unsigned long)(*((c)++)))<< 8; \
-				if (--len == 0) break; \
-			case 2: l|=((unsigned long)(*((c)++)))<<16; \
-				} \
-			}
-
-#undef l2c
-#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)    )&0xff), \
-			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>24)&0xff))
-
-#undef ROTATE
-#if defined(WIN32)
-#define ROTATE(a,n)     _lrotl(a,n)
-#else
-#define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
-#endif
-
-/* A nice byte order reversal from Wei Dai <weidai@eskimo.com> */
-#if defined(WIN32)
-/* 5 instructions with rotate instruction, else 9 */
-#define Endian_Reverse32(a) \
-	{ \
-	unsigned long l=(a); \
-	(a)=((ROTATE(l,8)&0x00FF00FF)|(ROTATE(l,24)&0xFF00FF00)); \
-	}
-#else
-/* 6 instructions with rotate instruction, else 8 */
-#define Endian_Reverse32(a) \
-	{ \
-	unsigned long l=(a); \
-	l=(((l&0xFF00FF00)>>8L)|((l&0x00FF00FF)<<8L)); \
-	(a)=ROTATE(l,16L); \
-	}
-#endif
-
-/* As  pointed out by Wei Dai <weidai@eskimo.com>, F() below can be
- * simplified to the code in F_00_19.  Wei attributes these optimisations
- * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
- * #define F(x,y,z) (((x) & (y))  |  ((~(x)) & (z)))
- * I've just become aware of another tweak to be made, again from Wei Dai,
- * in F_40_59, (x&a)|(y&a) -> (x|y)&a
- */
-#define	F_00_19(b,c,d)	((((c) ^ (d)) & (b)) ^ (d)) 
-#define	F_20_39(b,c,d)	((b) ^ (c) ^ (d))
-#define F_40_59(b,c,d)	(((b) & (c)) | (((b)|(c)) & (d))) 
-#define	F_60_79(b,c,d)	F_20_39(b,c,d)
-
-#ifdef SHA_0
-#undef Xupdate
-#define Xupdate(a,i,ia,ib,ic,id) X[(i)&0x0f]=(a)=\
-	(ia[(i)&0x0f]^ib[((i)+2)&0x0f]^ic[((i)+8)&0x0f]^id[((i)+13)&0x0f]);
-#endif
-#ifdef SHA_1
-#undef Xupdate
-#define Xupdate(a,i,ia,ib,ic,id) (a)=\
-	(ia[(i)&0x0f]^ib[((i)+2)&0x0f]^ic[((i)+8)&0x0f]^id[((i)+13)&0x0f]);\
-	X[(i)&0x0f]=(a)=ROTATE((a),1);
-#endif
-
-#define BODY_00_15(i,a,b,c,d,e,f,xa) \
-	(f)=xa[i]+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
-	(b)=ROTATE((b),30);
-
-#define BODY_16_19(i,a,b,c,d,e,f,xa,xb,xc,xd) \
-	Xupdate(f,i,xa,xb,xc,xd); \
-	(f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
-	(b)=ROTATE((b),30);
-
-#define BODY_20_31(i,a,b,c,d,e,f,xa,xb,xc,xd) \
-	Xupdate(f,i,xa,xb,xc,xd); \
-	(f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
-	(b)=ROTATE((b),30);
-
-#define BODY_32_39(i,a,b,c,d,e,f,xa) \
-	Xupdate(f,i,xa,xa,xa,xa); \
-	(f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
-	(b)=ROTATE((b),30);
-
-#define BODY_40_59(i,a,b,c,d,e,f,xa) \
-	Xupdate(f,i,xa,xa,xa,xa); \
-	(f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \
-	(b)=ROTATE((b),30);
-
-#define BODY_60_79(i,a,b,c,d,e,f,xa) \
-	Xupdate(f,i,xa,xa,xa,xa); \
-	(f)=X[(i)&0x0f]+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \
-	(b)=ROTATE((b),30);
-
diff --git a/lib/libssl/src/crypto/sha/shatest.c b/lib/libssl/src/crypto/sha/shatest.c
index 03816e9b39c..2b0744d937c 100644
--- a/lib/libssl/src/crypto/sha/shatest.c
+++ b/lib/libssl/src/crypto/sha/shatest.c
@@ -59,7 +59,19 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#include "sha.h"
+
+#ifdef NO_SHA
+int main(int argc, char *argv[])
+{
+    printf("No SHA support\n");
+    return(0);
+}
+#else
+#include <openssl/sha.h>
+
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
 
 #define SHA_0 /* FIPS 180 */
 #undef  SHA_1 /* FIPS 180-1 */
@@ -87,15 +99,8 @@ char *bigret=
 	"34aa973cd4c4daa4f61eeb2bdbad27316534016f";
 #endif
 
-#ifndef NOPROTO
 static char *pt(unsigned char *md);
-#else
-static char *pt();
-#endif
-
-int main(argc,argv)
-int argc;
-char *argv[];
+int main(int argc, char *argv[])
 	{
 	int i,err=0;
 	unsigned char **P,**R;
@@ -104,6 +109,11 @@ char *argv[];
 	SHA_CTX c;
 	unsigned char md[SHA_DIGEST_LENGTH];
 
+#ifdef CHARSET_EBCDIC
+	ebcdic2ascii(test[0], test[0], strlen(test[0]));
+	ebcdic2ascii(test[1], test[1], strlen(test[1]));
+#endif
+
 	P=(unsigned char **)test;
 	R=(unsigned char **)ret;
 	i=1;
@@ -124,6 +134,9 @@ char *argv[];
 		}
 
 	memset(buf,'a',1000);
+#ifdef CHARSET_EBCDIC
+	ebcdic2ascii(buf, buf, 1000);
+#endif /*CHARSET_EBCDIC*/
 	SHA_Init(&c);
 	for (i=0; i<1000; i++)
 		SHA_Update(&c,buf,1000);
@@ -143,8 +156,7 @@ char *argv[];
 	return(0);
 	}
 
-static char *pt(md)
-unsigned char *md;
+static char *pt(unsigned char *md)
 	{
 	int i;
 	static char buf[80];
@@ -153,3 +165,4 @@ unsigned char *md;
 		sprintf(&(buf[i*2]),"%02x",md[i]);
 	return(buf);
 	}
+#endif
diff --git a/lib/libssl/src/crypto/stack/Makefile.ssl b/lib/libssl/src/crypto/stack/Makefile.ssl
index 0d232c08cf9..82b36ca624a 100644
--- a/lib/libssl/src/crypto/stack/Makefile.ssl
+++ b/lib/libssl/src/crypto/stack/Makefile.ssl
@@ -7,9 +7,11 @@ TOP=	../..
 CC=	cc
 INCLUDES=
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -25,7 +27,7 @@ LIBOBJ=stack.o
 
 SRC= $(LIBSRC)
 
-EXHEADER= stack.h
+EXHEADER= stack.h safestack.h
 HEADER=	$(EXHEADER)
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
@@ -37,24 +39,23 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -66,15 +67,19 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+stack.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+stack.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+stack.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+stack.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+stack.o: ../../include/openssl/stack.h ../cryptlib.h
diff --git a/lib/libssl/src/crypto/stack/safestack.h b/lib/libssl/src/crypto/stack/safestack.h
new file mode 100644
index 00000000000..38934981e3f
--- /dev/null
+++ b/lib/libssl/src/crypto/stack/safestack.h
@@ -0,0 +1,129 @@
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_SAFESTACK_H
+#define HEADER_SAFESTACK_H
+
+#include <openssl/stack.h>
+
+#define STACK_OF(type)	STACK_##type
+
+#define DECLARE_STACK_OF(type) \
+typedef struct stack_st_##type	\
+    { \
+    STACK stack; \
+    } STACK_OF(type); \
+STACK_OF(type) *sk_##type##_new(int (*cmp)(type **,type **)); \
+STACK_OF(type) *sk_##type##_new_null(void); \
+void sk_##type##_free(STACK_OF(type) *sk); \
+int sk_##type##_num(const STACK_OF(type) *sk); \
+type *sk_##type##_value(const STACK_OF(type) *sk,int n); \
+type *sk_##type##_set(STACK_OF(type) *sk,int n,type *v); \
+void sk_##type##_zero(STACK_OF(type) *sk); \
+int sk_##type##_push(STACK_OF(type) *sk,type *v); \
+int sk_##type##_unshift(STACK_OF(type) *sk,type *v); \
+int sk_##type##_find(STACK_OF(type) *sk,type *v); \
+type *sk_##type##_delete(STACK_OF(type) *sk,int n); \
+void sk_##type##_delete_ptr(STACK_OF(type) *sk,type *v); \
+int sk_##type##_insert(STACK_OF(type) *sk,type *v,int n); \
+int (*sk_##type##_set_cmp_func(STACK_OF(type) *sk, \
+			       int (*cmp)(type **,type **)))(type **,type **); \
+STACK_OF(type) *sk_##type##_dup(STACK_OF(type) *sk); \
+void sk_##type##_pop_free(STACK_OF(type) *sk,void (*func)(type *)); \
+type *sk_##type##_shift(STACK_OF(type) *sk); \
+type *sk_##type##_pop(STACK_OF(type) *sk); \
+void sk_##type##_sort(STACK_OF(type) *sk);
+
+#define IMPLEMENT_STACK_OF(type) \
+STACK_OF(type) *sk_##type##_new(int (*cmp)(type **,type **)) \
+    { return (STACK_OF(type) *)sk_new(cmp); } \
+STACK_OF(type) *sk_##type##_new_null() \
+    { return (STACK_OF(type) *)sk_new_null(); } \
+void sk_##type##_free(STACK_OF(type) *sk) \
+    { sk_free((STACK *)sk); } \
+int sk_##type##_num(const STACK_OF(type) *sk) \
+    { return M_sk_num((const STACK *)sk); } \
+type *sk_##type##_value(const STACK_OF(type) *sk,int n) \
+    { return (type *)sk_value((STACK *)sk,n); } \
+type *sk_##type##_set(STACK_OF(type) *sk,int n,type *v) \
+    { return (type *)(sk_set((STACK *)sk,n,(char *)v)); } \
+void sk_##type##_zero(STACK_OF(type) *sk) \
+    { sk_zero((STACK *)sk); } \
+int sk_##type##_push(STACK_OF(type) *sk,type *v) \
+    { return sk_push((STACK *)sk,(char *)v); } \
+int sk_##type##_unshift(STACK_OF(type) *sk,type *v) \
+    { return sk_unshift((STACK *)sk,(char *)v); } \
+int sk_##type##_find(STACK_OF(type) *sk,type *v) \
+    { return sk_find((STACK *)sk,(char *)v); } \
+type *sk_##type##_delete(STACK_OF(type) *sk,int n) \
+    { return (type *)sk_delete((STACK *)sk,n); } \
+void sk_##type##_delete_ptr(STACK_OF(type) *sk,type *v) \
+    { sk_delete_ptr((STACK *)sk,(char *)v); } \
+int sk_##type##_insert(STACK_OF(type) *sk,type *v,int n) \
+    { return sk_insert((STACK *)sk,(char *)v,n); } \
+int (*sk_##type##_set_cmp_func(STACK_OF(type) *sk, \
+			       int (*cmp)(type **,type **)))(type **,type **) \
+    { return (int (*)(type **,type **))sk_set_cmp_func((STACK *)sk,cmp); } \
+STACK_OF(type) *sk_##type##_dup(STACK_OF(type) *sk) \
+    { return (STACK_OF(type) *)sk_dup((STACK *)sk); } \
+void sk_##type##_pop_free(STACK_OF(type) *sk,void (*func)(type *)) \
+    { sk_pop_free((STACK *)sk,func); } \
+type *sk_##type##_shift(STACK_OF(type) *sk) \
+    { return (type *)sk_shift((STACK *)sk); } \
+type *sk_##type##_pop(STACK_OF(type) *sk) \
+    { return (type *)sk_pop((STACK *)sk); } \
+void sk_##type##_sort(STACK_OF(type) *sk) \
+    { sk_sort((STACK *)sk); }
+
+#endif /* ndef HEADER_SAFESTACK_H */
diff --git a/lib/libssl/src/crypto/stack/stack.c b/lib/libssl/src/crypto/stack/stack.c
index 610ccbb756e..8b967138848 100644
--- a/lib/libssl/src/crypto/stack/stack.c
+++ b/lib/libssl/src/crypto/stack/stack.c
@@ -67,32 +67,28 @@
  */
 #include <stdio.h>
 #include "cryptlib.h"
-#include "stack.h"
+#include <openssl/stack.h>
 
 #undef MIN_NODES
 #define MIN_NODES	4
 
-char *STACK_version="STACK part of SSLeay 0.9.0b 29-Jun-1998";
+const char *STACK_version="Stack" OPENSSL_VERSION_PTEXT;
 
-#ifndef NOPROTO
 #define	FP_ICC	(int (*)(const void *,const void *))
-#else
-#define FP_ICC
-#endif
-
 #include <errno.h>
 
-void sk_set_cmp_func(sk,c)
-STACK *sk;
-int (*c)();
+int (*sk_set_cmp_func(STACK *sk, int (*c)()))(void)
 	{
+	int (*old)()=sk->comp;
+
 	if (sk->comp != c)
 		sk->sorted=0;
 	sk->comp=c;
+
+	return old;
 	}
 
-STACK *sk_dup(sk)
-STACK *sk;
+STACK *sk_dup(STACK *sk)
 	{
 	STACK *ret;
 	char **s;
@@ -113,8 +109,7 @@ err:
 	return(NULL);
 	}
 
-STACK *sk_new(c)
-int (*c)();
+STACK *sk_new(int (*c)())
 	{
 	STACK *ret;
 	int i;
@@ -136,13 +131,11 @@ err0:
 	return(NULL);
 	}
 
-int sk_insert(st,data,loc)
-STACK *st;
-char *data;
-int loc;
+int sk_insert(STACK *st, char *data, int loc)
 	{
 	char **s;
 
+	if(st == NULL) return 0;
 	if (st->num_alloc <= st->num+1)
 		{
 		s=(char **)Realloc((char *)st->data,
@@ -161,7 +154,7 @@ int loc;
 
 		f=(char **)st->data;
 		t=(char **)&(st->data[1]);
-		for (i=st->num; i>loc; i--)
+		for (i=st->num; i>=loc; i--)
 			t[i]=f[i];
 			
 #ifdef undef /* no memmove on sunos :-( */
@@ -176,9 +169,7 @@ int loc;
 	return(st->num);
 	}
 
-char *sk_delete_ptr(st,p)
-STACK *st;
-char *p;
+char *sk_delete_ptr(STACK *st, char *p)
 	{
 	int i;
 
@@ -188,14 +179,13 @@ char *p;
 	return(NULL);
 	}
 
-char *sk_delete(st,loc)
-STACK *st;
-int loc;
+char *sk_delete(STACK *st, int loc)
 	{
 	char *ret;
 	int i,j;
 
-	if ((st->num == 0) || (loc < 0) || (loc >= st->num)) return(NULL);
+	if ((st == NULL) || (st->num == 0) || (loc < 0)
+					 || (loc >= st->num)) return(NULL);
 
 	ret=st->data[loc];
 	if (loc != st->num-1)
@@ -213,13 +203,12 @@ int loc;
 	return(ret);
 	}
 
-int sk_find(st,data)
-STACK *st;
-char *data;
+int sk_find(STACK *st, char *data)
 	{
 	char **r;
 	int i;
 	int (*comp_func)();
+	if(st == NULL) return -1;
 
 	if (st->comp == NULL)
 		{
@@ -228,13 +217,9 @@ char *data;
 				return(i);
 		return(-1);
 		}
-	comp_func=(int (*)())st->comp;
-	if (!st->sorted)
-		{
-		qsort((char *)st->data,st->num,sizeof(char *),FP_ICC comp_func);
-		st->sorted=1;
-		}
+	sk_sort(st);
 	if (data == NULL) return(-1);
+	comp_func=(int (*)())st->comp;
 	r=(char **)bsearch(&data,(char *)st->data,
 		st->num,sizeof(char *),FP_ICC comp_func);
 	if (r == NULL) return(-1);
@@ -245,38 +230,31 @@ char *data;
 	return(i);
 	}
 
-int sk_push(st,data)
-STACK *st;
-char *data;
+int sk_push(STACK *st, char *data)
 	{
 	return(sk_insert(st,data,st->num));
 	}
 
-int sk_unshift(st,data)
-STACK *st;
-char *data;
+int sk_unshift(STACK *st, char *data)
 	{
 	return(sk_insert(st,data,0));
 	}
 
-char *sk_shift(st)
-STACK *st;
+char *sk_shift(STACK *st)
 	{
 	if (st == NULL) return(NULL);
 	if (st->num <= 0) return(NULL);
 	return(sk_delete(st,0));
 	}
 
-char *sk_pop(st)
-STACK *st;
+char *sk_pop(STACK *st)
 	{
 	if (st == NULL) return(NULL);
 	if (st->num <= 0) return(NULL);
 	return(sk_delete(st,st->num-1));
 	}
 
-void sk_zero(st)
-STACK *st;
+void sk_zero(STACK *st)
 	{
 	if (st == NULL) return;
 	if (st->num <= 0) return;
@@ -284,9 +262,7 @@ STACK *st;
 	st->num=0;
 	}
 
-void sk_pop_free(st,func)
-STACK *st;
-void (*func)();
+void sk_pop_free(STACK *st, void (*func)())
 	{
 	int i;
 
@@ -297,11 +273,39 @@ void (*func)();
 	sk_free(st);
 	}
 
-void sk_free(st)
-STACK *st;
+void sk_free(STACK *st)
 	{
 	if (st == NULL) return;
 	if (st->data != NULL) Free((char *)st->data);
 	Free((char *)st);
 	}
 
+int sk_num(STACK *st)
+{
+	if(st == NULL) return -1;
+	return st->num;
+}
+
+char *sk_value(STACK *st, int i)
+{
+	if(st == NULL) return NULL;
+	return st->data[i];
+}
+
+char *sk_set(STACK *st, int i, char *value)
+{
+	if(st == NULL) return NULL;
+	return (st->data[i] = value);
+}
+
+void sk_sort(STACK *st)
+    {
+    if (!st->sorted)
+	{
+	int (*comp_func)();
+
+	comp_func=(int (*)())st->comp;
+	qsort(st->data,st->num,sizeof(char *),FP_ICC comp_func);
+	st->sorted=1;
+	}
+    }
diff --git a/lib/libssl/src/crypto/stack/stack.h b/lib/libssl/src/crypto/stack/stack.h
index 615eb6ff945..0f825cc0c4a 100644
--- a/lib/libssl/src/crypto/stack/stack.h
+++ b/lib/libssl/src/crypto/stack/stack.h
@@ -73,11 +73,16 @@ typedef struct stack_st
 	int (*comp)();
 	} STACK;
 
-#define sk_num(sk)		((sk)->num)
-#define sk_value(sk,n)		((sk)->data[n])
 
 #define sk_new_null()	sk_new(NULL)
-#ifndef NOPROTO
+
+#define M_sk_num(sk)		((sk)->num)
+#define M_sk_value(sk,n)	((sk)->data[n])
+
+int sk_num(STACK *);
+char *sk_value(STACK *, int);
+
+char *sk_set(STACK *, int, char *);
 
 STACK *sk_new(int (*cmp)());
 void sk_free(STACK *);
@@ -91,27 +96,9 @@ int sk_unshift(STACK *st,char *data);
 char *sk_shift(STACK *st);
 char *sk_pop(STACK *st);
 void sk_zero(STACK *st);
-void sk_set_cmp_func(STACK *sk, int (*c)());
+int (*sk_set_cmp_func(STACK *sk, int (*c)()))();
 STACK *sk_dup(STACK *st);
-
-#else
-
-STACK *sk_new();
-void sk_free();
-void sk_pop_free();
-int sk_insert();
-char *sk_delete();
-char *sk_delete_ptr();
-int sk_find();
-int sk_push();
-int sk_unshift();
-char *sk_shift();
-char *sk_pop();
-void sk_zero();
-void sk_set_cmp_func();
-STACK *sk_dup();
-
-#endif
+void sk_sort(STACK *st);
 
 #ifdef  __cplusplus
 }
diff --git a/lib/libssl/src/crypto/threads/mttest.c b/lib/libssl/src/crypto/threads/mttest.c
index be395f2bc4a..142623eddab 100644
--- a/lib/libssl/src/crypto/threads/mttest.c
+++ b/lib/libssl/src/crypto/threads/mttest.c
@@ -74,13 +74,13 @@
 #include <ulocks.h>
 #include <sys/prctl.h>
 #endif
-#include "lhash.h"
-#include "crypto.h"
-#include "buffer.h"
+#include <openssl/lhash.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
 #include "../e_os.h"
-#include "x509.h"
-#include "ssl.h"
-#include "err.h"
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
 
 #ifdef NO_FP_API
 #define APPS_WIN16
@@ -92,7 +92,6 @@
 
 #define MAX_THREAD_NUMBER	100
 
-#ifndef NOPROTO
 int MS_CALLBACK verify_callback(int ok, X509 *xs, X509 *xi, int depth,
 	int error,char *arg);
 void thread_setup(void);
@@ -108,23 +107,6 @@ unsigned long irix_thread_id(void );
 unsigned long solaris_thread_id(void );
 unsigned long pthreads_thread_id(void );
 
-#else
-int MS_CALLBACK verify_callback();
-void thread_setup();
-void thread_cleanup();
-void do_threads();
-
-void irix_locking_callback();
-void solaris_locking_callback();
-void win32_locking_callback();
-void pthreads_locking_callback();
-
-unsigned long irix_thread_id();
-unsigned long solaris_thread_id();
-unsigned long pthreads_thread_id();
-
-#endif
-
 BIO *bio_err=NULL;
 BIO *bio_stdout=NULL;
 
@@ -139,15 +121,8 @@ int number_of_loops=10;
 int reconnect=0;
 int cache_stats=0;
 
-#ifndef  NOPROTO
 int doit(char *ctx[4]);
-#else
-int doit();
-#endif
-
-static void print_stats(fp,ctx)
-FILE *fp;
-SSL_CTX *ctx;
+static void print_stats(FILE *fp, SSL_CTX *ctx)
 {
 	fprintf(fp,"%4ld items in the session cache\n",
 		SSL_CTX_sess_number(ctx));
@@ -164,7 +139,7 @@ SSL_CTX *ctx;
 	fprintf(fp,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ctx));
 	}
 
-static void sv_usage()
+static void sv_usage(void)
 	{
 	fprintf(stderr,"usage: ssltest [args ...]\n");
 	fprintf(stderr,"\n");
@@ -182,9 +157,7 @@ static void sv_usage()
 	fprintf(stderr," -ssl3         - just SSLv3n\n");
 	}
 
-int main(argc, argv)
-int argc;
-char *argv[];
+int main(int argc, char *argv[])
 	{
 	char *CApath=NULL,*CAfile=NULL;
 	int badop=0;
@@ -358,8 +331,7 @@ end:
 #define C_DONE	1
 #define S_DONE	2
 
-int ndoit(ssl_ctx)
-SSL_CTX *ssl_ctx[2];
+int ndoit(SSL_CTX *ssl_ctx[2])
 	{
 	int i;
 	int ret;
@@ -405,8 +377,7 @@ SSL_CTX *ssl_ctx[2];
 	return(0);
 	}
 
-int doit(ctx)
-char *ctx[4];
+int doit(char *ctx[4])
 	{
 	SSL_CTX *s_ctx,*c_ctx;
 	static char cbuf[200],sbuf[200];
@@ -681,13 +652,8 @@ err:
 	return(0);
 	}
 
-int MS_CALLBACK verify_callback(ok, xs, xi, depth, error, arg)
-int ok;
-X509 *xs;
-X509 *xi;
-int depth;
-int error;
-char *arg;
+int MS_CALLBACK verify_callback(int ok, X509 *xs, X509 *xi, int depth,
+	     int error, char *arg)
 	{
 	char buf[256];
 
@@ -708,7 +674,7 @@ char *arg;
 
 static HANDLE lock_cs[CRYPTO_NUM_LOCKS];
 
-void thread_setup()
+void thread_setup(void)
 	{
 	int i;
 
@@ -721,7 +687,7 @@ void thread_setup()
 	/* id callback defined */
 	}
 
-void thread_cleanup()
+void thread_cleanup(void)
 	{
 	int i;
 
@@ -730,11 +696,7 @@ void thread_cleanup()
 		CloseHandle(lock_cs[i]);
 	}
 
-void win32_locking_callback(mode,type,file,line)
-int mode;
-int type;
-char *file;
-int line;
+void win32_locking_callback(int mode, int type, char *file, int line)
 	{
 	if (mode & CRYPTO_LOCK)
 		{
@@ -746,8 +708,7 @@ int line;
 		}
 	}
 
-void do_threads(s_ctx,c_ctx)
-SSL_CTX *s_ctx,*c_ctx;
+void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
 	{
 	double ret;
 	SSL_CTX *ssl_ctx[2];
@@ -806,7 +767,7 @@ static mutex_t lock_cs[CRYPTO_NUM_LOCKS];
 /*static rwlock_t lock_cs[CRYPTO_NUM_LOCKS]; */
 static long lock_count[CRYPTO_NUM_LOCKS];
 
-void thread_setup()
+void thread_setup(void)
 	{
 	int i;
 
@@ -821,7 +782,7 @@ void thread_setup()
 	CRYPTO_set_locking_callback((void (*)())solaris_locking_callback);
 	}
 
-void thread_cleanup()
+void thread_cleanup(void)
 	{
 	int i;
 
@@ -836,11 +797,7 @@ fprintf(stderr,"cleanup\n");
 fprintf(stderr,"done cleanup\n");
 	}
 
-void solaris_locking_callback(mode,type,file,line)
-int mode;
-int type;
-char *file;
-int line;
+void solaris_locking_callback(int mode, int type, char *file, int line)
 	{
 #ifdef undef
 fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
@@ -872,8 +829,7 @@ if (CRYPTO_LOCK_SSL_CERT == type)
 		}
 	}
 
-void do_threads(s_ctx,c_ctx)
-SSL_CTX *s_ctx,*c_ctx;
+void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
 	{
 	SSL_CTX *ssl_ctx[2];
 	thread_t thread_ctx[MAX_THREAD_NUMBER];
@@ -902,7 +858,7 @@ SSL_CTX *s_ctx,*c_ctx;
 		s_ctx->references,c_ctx->references);
 	}
 
-unsigned long solaris_thread_id()
+unsigned long solaris_thread_id(void)
 	{
 	unsigned long ret;
 
@@ -917,7 +873,7 @@ unsigned long solaris_thread_id()
 static usptr_t *arena;
 static usema_t *lock_cs[CRYPTO_NUM_LOCKS];
 
-void thread_setup()
+void thread_setup(void)
 	{
 	int i;
 	char filename[20];
@@ -941,7 +897,7 @@ void thread_setup()
 	CRYPTO_set_locking_callback((void (*)())irix_locking_callback);
 	}
 
-void thread_cleanup()
+void thread_cleanup(void)
 	{
 	int i;
 
@@ -956,11 +912,7 @@ void thread_cleanup()
 		}
 	}
 
-void irix_locking_callback(mode,type,file,line)
-int mode;
-int type;
-char *file;
-int line;
+void irix_locking_callback(int mode, int type, char *file, int line)
 	{
 	if (mode & CRYPTO_LOCK)
 		{
@@ -974,8 +926,7 @@ int line;
 		}
 	}
 
-void do_threads(s_ctx,c_ctx)
-SSL_CTX *s_ctx,*c_ctx;
+void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
 	{
 	SSL_CTX *ssl_ctx[2];
 	int thread_ctx[MAX_THREAD_NUMBER];
@@ -1000,7 +951,7 @@ SSL_CTX *s_ctx,*c_ctx;
 		s_ctx->references,c_ctx->references);
 	}
 
-unsigned long irix_thread_id()
+unsigned long irix_thread_id(void)
 	{
 	unsigned long ret;
 
@@ -1014,7 +965,7 @@ unsigned long irix_thread_id()
 static pthread_mutex_t lock_cs[CRYPTO_NUM_LOCKS];
 static long lock_count[CRYPTO_NUM_LOCKS];
 
-void thread_setup()
+void thread_setup(void)
 	{
 	int i;
 
@@ -1028,7 +979,7 @@ void thread_setup()
 	CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback);
 	}
 
-void thread_cleanup()
+void thread_cleanup(void)
 	{
 	int i;
 
@@ -1043,11 +994,8 @@ void thread_cleanup()
 	fprintf(stderr,"done cleanup\n");
 	}
 
-void pthreads_locking_callback(mode,type,file,line)
-int mode;
-int type;
-char *file;
-int line;
+void pthreads_locking_callback(int mode, int type, char *file,
+	     int line)
       {
 #ifdef undef
 	fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
@@ -1072,8 +1020,7 @@ int line;
 		}
 	}
 
-void do_threads(s_ctx,c_ctx)
-SSL_CTX *s_ctx,*c_ctx;
+void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
 	{
 	SSL_CTX *ssl_ctx[2];
 	pthread_t thread_ctx[MAX_THREAD_NUMBER];
@@ -1101,7 +1048,7 @@ SSL_CTX *s_ctx,*c_ctx;
 	s_ctx->references,c_ctx->references);
 	}
 
-unsigned long pthreads_thread_id()
+unsigned long pthreads_thread_id(void)
 	{
 	unsigned long ret;
 
diff --git a/lib/libssl/src/crypto/threads/th-lock.c b/lib/libssl/src/crypto/threads/th-lock.c
index 039022446dc..afb4f4caf29 100644
--- a/lib/libssl/src/crypto/threads/th-lock.c
+++ b/lib/libssl/src/crypto/threads/th-lock.c
@@ -74,15 +74,14 @@
 #include <ulocks.h>
 #include <sys/prctl.h>
 #endif
-#include "lhash.h"
-#include "crypto.h"
-#include "buffer.h"
-#include "e_os.h"
-#include "x509.h"
-#include "ssl.h"
-#include "err.h"
-
-#ifndef NOPROTO
+#include <openssl/lhash.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/e_os.h>
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
 int CRYPTO_thread_setup(void);
 void CRYPTO_thread_cleanup(void);
 
@@ -95,21 +94,6 @@ static unsigned long irix_thread_id(void );
 static unsigned long solaris_thread_id(void );
 static unsigned long pthreads_thread_id(void );
 
-#else
-int CRYPOTO_thread_setup();
-void CRYPTO_cleanup();
-
-static void irix_locking_callback();
-static void solaris_locking_callback();
-static void win32_locking_callback();
-static void pthreads_locking_callback();
-
-static unsigned long irix_thread_id();
-static unsigned long solaris_thread_id();
-static unsigned long pthreads_thread_id();
-
-#endif
-
 /* usage:
  * CRYPTO_thread_setup();
  * applicaion code
@@ -122,7 +106,7 @@ static unsigned long pthreads_thread_id();
 
 static HANDLE lock_cs[CRYPTO_NUM_LOCKS];
 
-int CRYPTO_thread_setup()
+int CRYPTO_thread_setup(void)
 	{
 	int i;
 
@@ -136,7 +120,7 @@ int CRYPTO_thread_setup()
 	return(1);
 	}
 
-static void CRYPTO_thread_cleanup()
+static void CRYPTO_thread_cleanup(void)
 	{
 	int i;
 
@@ -145,11 +129,7 @@ static void CRYPTO_thread_cleanup()
 		CloseHandle(lock_cs[i]);
 	}
 
-void win32_locking_callback(mode,type,file,line)
-int mode;
-int type;
-char *file;
-int line;
+void win32_locking_callback(int mode, int type, char *file, int line)
 	{
 	if (mode & CRYPTO_LOCK)
 		{
@@ -174,7 +154,7 @@ static long lock_count[CRYPTO_NUM_LOCKS];
 static rwlock_t lock_cs[CRYPTO_NUM_LOCKS];
 #endif
 
-void CRYPTO_thread_setup()
+void CRYPTO_thread_setup(void)
 	{
 	int i;
 
@@ -192,7 +172,7 @@ void CRYPTO_thread_setup()
 	CRYPTO_set_locking_callback((void (*)())solaris_locking_callback);
 	}
 
-void CRYPTO_thread_cleanup()
+void CRYPTO_thread_cleanup(void)
 	{
 	int i;
 
@@ -207,11 +187,7 @@ void CRYPTO_thread_cleanup()
 		}
 	}
 
-void solaris_locking_callback(mode,type,file,line)
-int mode;
-int type;
-char *file;
-int line;
+void solaris_locking_callback(int mode, int type, char *file, int line)
 	{
 #if 0
 	fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
@@ -248,7 +224,7 @@ int line;
 		}
 	}
 
-unsigned long solaris_thread_id()
+unsigned long solaris_thread_id(void)
 	{
 	unsigned long ret;
 
@@ -263,7 +239,7 @@ unsigned long solaris_thread_id()
 static usptr_t *arena;
 static usema_t *lock_cs[CRYPTO_NUM_LOCKS];
 
-void CRYPTO_thread_setup()
+void CRYPTO_thread_setup(void)
 	{
 	int i;
 	char filename[20];
@@ -287,7 +263,7 @@ void CRYPTO_thread_setup()
 	CRYPTO_set_locking_callback((void (*)())irix_locking_callback);
 	}
 
-void CRYPTO_thread_cleanup()
+void CRYPTO_thread_cleanup(void)
 	{
 	int i;
 
@@ -302,11 +278,7 @@ void CRYPTO_thread_cleanup()
 		}
 	}
 
-void irix_locking_callback(mode,type,file,line)
-int mode;
-int type;
-char *file;
-int line;
+void irix_locking_callback(int mode, int type, char *file, int line)
 	{
 	if (mode & CRYPTO_LOCK)
 		{
@@ -318,7 +290,7 @@ int line;
 		}
 	}
 
-unsigned long irix_thread_id()
+unsigned long irix_thread_id(void)
 	{
 	unsigned long ret;
 
@@ -333,7 +305,7 @@ unsigned long irix_thread_id()
 static pthread_mutex_t lock_cs[CRYPTO_NUM_LOCKS];
 static long lock_count[CRYPTO_NUM_LOCKS];
 
-void CRYPTO_thread_setup()
+void CRYPTO_thread_setup(void)
 	{
 	int i;
 
@@ -347,7 +319,7 @@ void CRYPTO_thread_setup()
 	CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback);
 	}
 
-void thread_cleanup()
+void thread_cleanup(void)
 	{
 	int i;
 
@@ -358,11 +330,8 @@ void thread_cleanup()
 		}
 	}
 
-void pthreads_locking_callback(mode,type,file,line)
-int mode;
-int type;
-char *file;
-int line;
+void pthreads_locking_callback(int mode, int type, char *file,
+	     int line)
       {
 #if 0
 	fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
@@ -387,7 +356,7 @@ int line;
 		}
 	}
 
-unsigned long pthreads_thread_id()
+unsigned long pthreads_thread_id(void)
 	{
 	unsigned long ret;
 
diff --git a/lib/libssl/src/crypto/tmdiff.c b/lib/libssl/src/crypto/tmdiff.c
index b93799fc033..0ad8a9ed8d1 100644
--- a/lib/libssl/src/crypto/tmdiff.c
+++ b/lib/libssl/src/crypto/tmdiff.c
@@ -57,32 +57,40 @@
  */
 #include <stdio.h>
 #include <stdlib.h>
+#include "cryptlib.h"
+#include <openssl/tmdiff.h>
+
+#ifdef TIMEB
+#undef WIN32
+#undef TIMES
+#endif
 
 #ifndef MSDOS
 #  ifndef WIN32
-#  define TIMES
+#    if !defined(VMS) || defined(__DECC)
+#      define TIMES
+#    endif
 #  endif
 #endif
 
-#ifndef VMS
-#  ifndef _IRIX
-#   include <time.h>
-#  endif
-#  ifdef TIMES
-#    include <sys/types.h>
-#    include <sys/times.h>
-#  endif
-#else /* VMS */
-#  include <types.h>
-	struct tms {
-		time_t tms_utime;
-		time_t tms_stime;
-		time_t tms_uchild;      /* I dunno...  */
-		time_t tms_uchildsys;   /* so these names are a guess :-) */
-		}
-#endif /* VMS */
-
-#ifdef sun
+#ifndef _IRIX
+#  include <time.h>
+#endif
+#ifdef TIMES
+#  include <sys/types.h>
+#  include <sys/times.h>
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(VMS) && defined(__DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
 #include <limits.h>
 #include <sys/param.h>
 #endif
@@ -99,11 +107,7 @@
 #ifndef HZ
 # ifndef CLK_TCK
 #  ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
-#   ifndef VMS
-#    define HZ  100.0
-#   else /* VMS */
-#    define HZ  100.0
-#   endif
+#   define HZ  100.0
 #  else /* _BSD_CLK_TCK_ */
 #   define HZ ((double)_BSD_CLK_TCK_)
 #  endif
@@ -126,11 +130,11 @@ typedef struct ms_tm
 #endif
 	} MS_TM;
 
-char *ms_time_init()
+char *ms_time_new(void)
 	{
 	MS_TM *ret;
 
-	ret=malloc(sizeof(MS_TM));
+	ret=(MS_TM *)Malloc(sizeof(MS_TM));
 	if (ret == NULL)
 		return(NULL);
 	memset(ret,0,sizeof(MS_TM));
@@ -140,34 +144,31 @@ char *ms_time_init()
 	return((char *)ret);
 	}
 
-void ms_time_final(a)
-char *a;
+void ms_time_free(char *a)
 	{
 	if (a != NULL)
-		free(a);
+		Free(a);
 	}
 
-void ms_time_get(a)
-char *a;
+void ms_time_get(char *a)
 	{
 	MS_TM *tm=(MS_TM *)a;
-    FILETIME tmpa,tmpb,tmpc;
+#ifdef WIN32
+	FILETIME tmpa,tmpb,tmpc;
+#endif
 
 #ifdef TIMES
-    printf("AAA\n");
 	times(&tm->ms_tms);
 #else
 #  ifdef WIN32
 	GetThreadTimes(tm->thread_id,&tmpa,&tmpb,&tmpc,&(tm->ms_win32));
 #  else
-    printf("CCC\n");
-	ftime(tm->ms_timeb);
+	ftime(&tm->ms_timeb);
 #  endif
 #endif
 	}
 
-double ms_time_diff(ap,bp)
-char *ap,*bp;
+double ms_time_diff(char *ap, char *bp)
 	{
 	MS_TM *a=(MS_TM *)ap;
 	MS_TM *b=(MS_TM *)bp;
@@ -177,19 +178,30 @@ char *ap,*bp;
 	ret=(b->ms_tms.tms_utime-a->ms_tms.tms_utime)/HZ;
 #else
 # ifdef WIN32
-	ret =(double)(b->ms_win32.dwHighDateTime&0x000fffff)*10+
-		b->ms_win32.dwLowDateTime/1e7;
-	ret-=(double)(a->ms_win32.dwHighDateTime&0x000fffff)*10+a->ms_win32.dwLowDateTime/1e7;
+	{
+#ifdef __GNUC__
+	signed long long la,lb;
+#else
+	signed _int64 la,lb;
+#endif
+	la=a->ms_win32.dwHighDateTime;
+	lb=b->ms_win32.dwHighDateTime;
+	la<<=32;
+	lb<<=32;
+	la+=a->ms_win32.dwLowDateTime;
+	lb+=b->ms_win32.dwLowDateTime;
+	ret=((double)(lb-la))/1e7;
+	}
 # else
-	ret=	 (double)(b->time-a->time)+
-		((double)((unsigned long)b->mullitm-(unsigned long)))/1000.0;
+	ret=	 (double)(b->ms_timeb.time-a->ms_timeb.time)+
+		(((double)b->ms_timeb.millitm)-
+		((double)a->ms_timeb.millitm))/1000.0;
 #  endif
 #endif
 	return((ret < 0.0000001)?0.0000001:ret);
 	}
 
-int ms_time_cmp(ap,bp)
-char *ap,*bp;
+int ms_time_cmp(char *ap, char *bp)
 	{
 	MS_TM *a=(MS_TM *)ap,*b=(MS_TM *)bp;
 	double d;
@@ -202,8 +214,8 @@ char *ap,*bp;
 	d =(b->ms_win32.dwHighDateTime&0x000fffff)*10+b->ms_win32.dwLowDateTime/1e7;
 	d-=(a->ms_win32.dwHighDateTime&0x000fffff)*10+a->ms_win32.dwLowDateTime/1e7;
 # else
-	d=	 (double)(b->time-a->time)+
-		((double)((unsigned long)b->mullitm-(unsigned long)))/1000.0;
+	d=	 (double)(b->ms_timeb.time-a->ms_timeb.time)+
+		(((double)b->ms_timeb.millitm)-(double)a->ms_timeb.millitm)/1000.0;
 #  endif
 #endif
 	if (d == 0.0)
diff --git a/lib/libssl/src/crypto/evp/pk_lib.c b/lib/libssl/src/crypto/tmdiff.h
index 08f9fabbae6..41a8a1e0e0d 100644
--- a/lib/libssl/src/crypto/evp/pk_lib.c
+++ b/lib/libssl/src/crypto/tmdiff.h
@@ -1,4 +1,4 @@
-/* crypto/evp/pk_lib.c */
+/* crypto/tmdiff.h */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,27 +56,26 @@
  * [including the GNU Public Licence.]
  */
 
-#include <stdio.h>
-#include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-
-static LHASH *pk_md=NULL;
+/* Header for dynamic hash table routines
+ * Author - Eric Young
+ */
 
-static LHASH *pk_md=NULL;
+#ifndef HEADER_TMDIFF_H
+#define HEADER_TMDIFF_H
 
-int EVP_add_pkey_md(oid,pkm,md)
-int oid;
-EVP_PKEY_METHOD *pkm;
-EVP_MD *md;
-	{
-	}
+#ifdef  __cplusplus
+extern "C" {
+#endif
 
-EVP_add_pkey(pkm)
-EVP_PKEY_METHOD *pkm;
-	{
-	}
+char *ms_time_new(void );
+void ms_time_free(char *a);
+void ms_time_get(char *a);
+double ms_time_diff(char *start,char *end);
+int ms_time_cmp(char *ap,char *bp);
 
-EVP_PKEY_METHOD:q
+#ifdef  __cplusplus
+}
+#endif
 
+#endif
 
diff --git a/lib/libssl/src/crypto/txt_db/Makefile.ssl b/lib/libssl/src/crypto/txt_db/Makefile.ssl
index 76e511534f1..552ea5580f1 100644
--- a/lib/libssl/src/crypto/txt_db/Makefile.ssl
+++ b/lib/libssl/src/crypto/txt_db/Makefile.ssl
@@ -7,9 +7,11 @@ TOP=	../..
 CC=	cc
 INCLUDES=
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -37,24 +39,23 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -66,15 +67,20 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+txt_db.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+txt_db.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+txt_db.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+txt_db.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+txt_db.o: ../../include/openssl/opensslv.h ../../include/openssl/stack.h
+txt_db.o: ../../include/openssl/txt_db.h ../cryptlib.h
diff --git a/lib/libssl/src/crypto/txt_db/txt_db.c b/lib/libssl/src/crypto/txt_db/txt_db.c
index e34ce4efa9d..9a9fa5ce557 100644
--- a/lib/libssl/src/crypto/txt_db/txt_db.c
+++ b/lib/libssl/src/crypto/txt_db/txt_db.c
@@ -60,17 +60,15 @@
 #include <stdlib.h>
 #include <string.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "txt_db.h"
+#include <openssl/buffer.h>
+#include <openssl/txt_db.h>
 
 #undef BUFSIZE
 #define BUFSIZE	512
 
-char *TXT_DB_version="TXT_DB part of SSLeay 0.9.0b 29-Jun-1998";
+const char *TXT_DB_version="TXT_DB" OPENSSL_VERSION_PTEXT;
 
-TXT_DB *TXT_DB_read(in,num)
-BIO *in;
-int num;
+TXT_DB *TXT_DB_read(BIO *in, int num)
 	{
 	TXT_DB *ret=NULL;
 	int er=1;
@@ -158,7 +156,7 @@ int num;
 		if ((n != num) || (*f != '\0'))
 			{
 #if !defined(NO_STDIO) && !defined(WIN16)	/* temporaty fix :-( */
-			fprintf(stderr,"wrong number of fields on line %ld\n",ln);
+			fprintf(stderr,"wrong number of fields on line %ld (looking for field %d, got %d, '%s' left)\n",ln,num,n,f);
 #endif
 			er=2;
 			goto err;
@@ -191,10 +189,7 @@ err:
 		return(ret);
 	}
 
-char **TXT_DB_get_by_index(db,idx,value)
-TXT_DB *db;
-int idx;
-char **value;
+char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value)
 	{
 	char **ret;
 	LHASH *lh;
@@ -215,12 +210,8 @@ char **value;
 	return(ret);
 	}
 
-int TXT_DB_create_index(db,field,qual,hash,cmp)
-TXT_DB *db;
-int field;
-int (*qual)();
-unsigned long (*hash)();
-int (*cmp)();
+int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(),
+	     unsigned long (*hash)(), int (*cmp)())
 	{
 	LHASH *idx;
 	char *r;
@@ -256,9 +247,7 @@ int (*cmp)();
 	return(1);
 	}
 
-long TXT_DB_write(out,db)
-BIO *out;
-TXT_DB *db;
+long TXT_DB_write(BIO *out, TXT_DB *db)
 	{
 	long i,j,n,nn,l,tot=0;
 	char *p,**pp,*f;
@@ -306,9 +295,7 @@ err:
 	return(ret);
 	}
 
-int TXT_DB_insert(db,row)
-TXT_DB *db;
-char **row;
+int TXT_DB_insert(TXT_DB *db, char **row)
 	{
 	int i;
 	char **r;
@@ -350,12 +337,14 @@ err:
 	return(0);
 	}
 
-void TXT_DB_free(db)
-TXT_DB *db;
+void TXT_DB_free(TXT_DB *db)
 	{
 	int i,n;
 	char **p,*max;
 
+	if(db == NULL)
+	    return;
+
 	if (db->index != NULL)
 		{
 		for (i=db->num_fields-1; i>=0; i--)
diff --git a/lib/libssl/src/crypto/txt_db/txt_db.h b/lib/libssl/src/crypto/txt_db/txt_db.h
index aca6dae393d..58b9de13532 100644
--- a/lib/libssl/src/crypto/txt_db/txt_db.h
+++ b/lib/libssl/src/crypto/txt_db/txt_db.h
@@ -63,8 +63,8 @@
 extern "C" {
 #endif
 
-#include "stack.h"
-#include "lhash.h"
+#include <openssl/stack.h>
+#include <openssl/lhash.h>
 
 #define DB_ERROR_OK			0
 #define DB_ERROR_MALLOC			1
@@ -85,7 +85,6 @@ typedef struct txt_db_st
 	char **arg_row;
 	} TXT_DB;
 
-#ifndef NOPROTO
 #ifdef HEADER_BIO_H
 TXT_DB *TXT_DB_read(BIO *in, int num);
 long TXT_DB_write(BIO *out, TXT_DB *db);
@@ -99,17 +98,6 @@ void TXT_DB_free(TXT_DB *db);
 char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value);
 int TXT_DB_insert(TXT_DB *db,char **value);
 
-#else
-
-TXT_DB *TXT_DB_read();
-long TXT_DB_write();
-int TXT_DB_create_index();
-void TXT_DB_free();
-char **TXT_DB_get_by_index();
-int TXT_DB_insert();
-
-#endif
-
 #ifdef  __cplusplus
 }
 #endif
diff --git a/lib/libssl/src/crypto/x509/Makefile.ssl b/lib/libssl/src/crypto/x509/Makefile.ssl
index 1c1ca2ffa07..14bb60d4114 100644
--- a/lib/libssl/src/crypto/x509/Makefile.ssl
+++ b/lib/libssl/src/crypto/x509/Makefile.ssl
@@ -7,16 +7,16 @@ TOP=	../..
 CC=	cc
 INCLUDES= -I.. -I../../include
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
-ERR=x509
-ERRC=x509_err
 GENERAL=Makefile README
 TEST=
 APPS=
@@ -24,18 +24,16 @@ APPS=
 LIB=$(TOP)/libcrypto.a
 LIBSRC=	x509_def.c x509_d2.c x509_r2x.c x509_cmp.c \
 	x509_obj.c x509_req.c x509_vfy.c \
-	x509_set.c x509rset.c $(ERRC).c \
-	x509name.c x509_v3.c x509_ext.c x509pack.c \
+	x509_set.c x509rset.c x509_err.c \
+	x509name.c x509_v3.c x509_ext.c \
 	x509type.c x509_lu.c x_all.c x509_txt.c \
-	by_file.c by_dir.c \
-	v3_net.c v3_x509.c
+	by_file.c by_dir.c 
 LIBOBJ= x509_def.o x509_d2.o x509_r2x.o x509_cmp.o \
 	x509_obj.o x509_req.o x509_vfy.o \
-	x509_set.o x509rset.o $(ERRC).o \
-	x509name.o x509_v3.o x509_ext.o x509pack.o \
+	x509_set.o x509rset.o x509_err.o \
+	x509name.o x509_v3.o x509_ext.o \
 	x509type.o x509_lu.o x_all.o x509_txt.o \
-	by_file.o by_dir.o \
-	v3_net.o v3_x509.o
+	by_file.o by_dir.o
 
 SRC= $(LIBSRC)
 
@@ -51,24 +49,23 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -80,17 +77,340 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
-	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+by_dir.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+by_dir.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+by_dir.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+by_dir.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+by_dir.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+by_dir.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+by_dir.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+by_dir.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+by_dir.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+by_dir.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+by_dir.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+by_dir.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+by_dir.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+by_dir.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+by_dir.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+by_dir.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+by_dir.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+by_file.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+by_file.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+by_file.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+by_file.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+by_file.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+by_file.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+by_file.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+by_file.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+by_file.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+by_file.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+by_file.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+by_file.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+by_file.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+by_file.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+by_file.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+by_file.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+by_file.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+by_file.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x509_cmp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_cmp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_cmp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_cmp.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_cmp.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_cmp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_cmp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_cmp.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509_cmp.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_cmp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_cmp.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509_cmp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_cmp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_cmp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_cmp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_cmp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_cmp.o: ../cryptlib.h
+x509_d2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_d2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_d2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_d2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_d2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_d2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_d2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_d2.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509_d2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_d2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_d2.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509_d2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_d2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_d2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_d2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_d2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_d2.o: ../cryptlib.h
+x509_def.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_def.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_def.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_def.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_def.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_def.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_def.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_def.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509_def.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_def.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_def.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509_def.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_def.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_def.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_def.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_def.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_def.o: ../cryptlib.h
+x509_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x509_err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+x509_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_err.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509_err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_err.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509_err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_ext.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_ext.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_ext.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_ext.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_ext.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_ext.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_ext.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_ext.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509_ext.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_ext.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509_ext.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_ext.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_ext.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_ext.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_ext.o: ../cryptlib.h
+x509_lu.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_lu.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_lu.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_lu.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_lu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_lu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_lu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_lu.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_lu.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+x509_lu.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x509_lu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x509_lu.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_lu.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_lu.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_lu.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_lu.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+x509_lu.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+x509_obj.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_obj.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_obj.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_obj.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_obj.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_obj.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_obj.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_obj.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_obj.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+x509_obj.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x509_obj.o: ../../include/openssl/opensslconf.h
+x509_obj.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509_obj.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_obj.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_obj.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_obj.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_obj.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_obj.o: ../cryptlib.h
+x509_r2x.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_r2x.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_r2x.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_r2x.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_r2x.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_r2x.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_r2x.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_r2x.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509_r2x.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_r2x.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_r2x.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509_r2x.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_r2x.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_r2x.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_r2x.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_r2x.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_r2x.o: ../cryptlib.h
+x509_req.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_req.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_req.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_req.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_req.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_req.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_req.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_req.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+x509_req.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+x509_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_req.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_req.o: ../cryptlib.h
+x509_set.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_set.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_set.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_set.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_set.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_set.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_set.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_set.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509_set.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_set.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_set.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509_set.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_set.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_set.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_set.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_set.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_set.o: ../cryptlib.h
+x509_txt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_txt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_txt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_txt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_txt.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_txt.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_txt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_txt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_txt.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+x509_txt.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x509_txt.o: ../../include/openssl/opensslconf.h
+x509_txt.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509_txt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_txt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_txt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_txt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_txt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_txt.o: ../cryptlib.h
+x509_v3.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_v3.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_v3.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_v3.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_v3.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_v3.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_v3.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_v3.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509_v3.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_v3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_v3.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509_v3.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_v3.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_v3.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_v3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_v3.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_v3.o: ../cryptlib.h
+x509_vfy.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_vfy.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_vfy.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_vfy.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_vfy.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509_vfy.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_vfy.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_vfy.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+x509_vfy.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+x509_vfy.o: ../../include/openssl/opensslconf.h
+x509_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509_vfy.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_vfy.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_vfy.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_vfy.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_vfy.o: ../cryptlib.h
+x509name.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509name.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509name.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509name.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509name.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509name.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509name.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509name.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509name.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509name.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509name.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509name.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509name.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509name.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509name.o: ../cryptlib.h
+x509rset.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509rset.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509rset.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509rset.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509rset.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509rset.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509rset.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509rset.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509rset.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509rset.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509rset.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509rset.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509rset.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509rset.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509rset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509rset.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509rset.o: ../cryptlib.h
+x509type.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509type.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509type.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509type.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509type.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509type.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x509type.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509type.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x509type.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509type.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509type.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x509type.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509type.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509type.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509type.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509type.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509type.o: ../cryptlib.h
+x_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x_all.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_all.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_all.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x_all.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+x_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_all.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+x_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_all.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+x_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_all.o: ../cryptlib.h
diff --git a/lib/libssl/src/crypto/x509/attrib b/lib/libssl/src/crypto/x509/attrib
deleted file mode 100644
index 37f6cd755ff..00000000000
--- a/lib/libssl/src/crypto/x509/attrib
+++ /dev/null
@@ -1,38 +0,0 @@
-
-PKCS7
-	STACK of X509_ATTRIBUTES
-		ASN1_OBJECT
-		STACK of ASN1_TYPE
-
-So it is
-
-p7.xa[].obj
-p7.xa[].data[]
-
-get_obj_by_nid(STACK , nid)
-get_num_by_nid(STACK , nid)
-get_data_by_nid(STACK , nid, index)
-
-X509_ATTRIBUTE *X509_ATTRIBUTE_new(void );
-void		X509_ATTRIBUTE_free(X509_ATTRIBUTE *a);
-
-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **ex,
-			int nid, STACK *value);
-
-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **ex,
-			int nid, STACK *value);
-
-int		X509_ATTRIBUTE_set_object(X509_ATTRIBUTE *ex,ASN1_OBJECT *obj);
-int		X509_ATTRIBUTE_add_data(X509_ATTRIBUTE *ex, int index,
-			ASN1_TYPE *value);
-
-ASN1_OBJECT *	X509_ATTRIBUTE_get_object(X509_ATTRIBUTE *ex);
-int 		X509_ATTRIBUTE_get_num(X509_ATTRIBUTE *ne);
-ASN1_TYPE *	X509_ATTRIBUTE_get_data(X509_ATTRIBUTE *ne,int index);
-
-ASN1_TYPE *	X509_ATTRIBUTE_get_data_by_NID(X509_ATTRIBUTE *ne,
-			ASN1_OBJECT *obj);
-
-X509_ATTRUBUTE *PKCS7_get_s_att_by_NID(PKCS7 *p7,int nid);
-X509_ATTRUBUTE *PKCS7_get_u_att_by_NID(PKCS7 *p7,int nid);
-
diff --git a/lib/libssl/src/crypto/x509/by_dir.c b/lib/libssl/src/crypto/x509/by_dir.c
index 11725ec94c6..734e39ac773 100644
--- a/lib/libssl/src/crypto/x509/by_dir.c
+++ b/lib/libssl/src/crypto/x509/by_dir.c
@@ -63,9 +63,8 @@
 #include <sys/stat.h>
 
 #include "cryptlib.h"
-#include "lhash.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/lhash.h>
+#include <openssl/x509.h>
 
 typedef struct lookup_dir_st
 	{
@@ -76,21 +75,13 @@ typedef struct lookup_dir_st
 	int num_dirs_alloced;
 	} BY_DIR;
 
-#ifndef NOPROTO
-static int dir_ctrl(X509_LOOKUP *ctx,int cmd,char *argp,long argl,char **ret);
+static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
+	char **ret);
 static int new_dir(X509_LOOKUP *lu);
 static void free_dir(X509_LOOKUP *lu);
-static int add_cert_dir(BY_DIR *ctx,char *dir,int type);
+static int add_cert_dir(BY_DIR *ctx,const char *dir,int type);
 static int get_cert_by_subject(X509_LOOKUP *xl,int type,X509_NAME *name,
 	X509_OBJECT *ret);
-#else
-static int dir_ctrl();
-static int new_dir();
-static void free_dir();
-static int add_cert_dir();
-static int get_cert_by_subject();
-#endif
-
 X509_LOOKUP_METHOD x509_dir_lookup=
 	{
 	"Load certs from files in a directory",
@@ -105,17 +96,13 @@ X509_LOOKUP_METHOD x509_dir_lookup=
 	NULL,			/* get_by_alias */
 	};
 
-X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir()
+X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void)
 	{
 	return(&x509_dir_lookup);
 	}
 
-static int dir_ctrl(ctx,cmd,argp,argl,retp)
-X509_LOOKUP *ctx;
-int cmd;
-long argl;
-char *argp;
-char **retp;
+static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
+	     char **retp)
 	{
 	int ret=0;
 	BY_DIR *ld;
@@ -147,8 +134,7 @@ char **retp;
 	return(ret);
 	}
 
-static int new_dir(lu)
-X509_LOOKUP *lu;
+static int new_dir(X509_LOOKUP *lu)
 	{
 	BY_DIR *a;
 
@@ -167,8 +153,7 @@ X509_LOOKUP *lu;
 	return(1);
 	}
 
-static void free_dir(lu)
-X509_LOOKUP *lu;
+static void free_dir(X509_LOOKUP *lu)
 	{
 	BY_DIR *a;
 	int i;
@@ -182,17 +167,18 @@ X509_LOOKUP *lu;
 	Free(a);
 	}
 
-static int add_cert_dir(ctx,dir, type)
-BY_DIR *ctx;
-char *dir;
-int type;
+static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
 	{
 	int j,len;
 	int *ip;
-	char *s,*ss,*p;
+	const char *s,*ss,*p;
 	char **pp;
 
-	if (dir == NULL) return(0);
+	if (dir == NULL || !*dir)
+	    {
+	    X509err(X509_F_ADD_CERT_DIR,X509_R_INVALID_DIRECTORY);
+	    return 0;
+	    }
 
 	s=dir;
 	p=s;
@@ -243,11 +229,8 @@ int type;
 	return(1);
 	}
 
-static int get_cert_by_subject(xl,type,name,ret)
-X509_LOOKUP *xl;
-int type;
-X509_NAME *name;
-X509_OBJECT *ret;
+static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
+	     X509_OBJECT *ret)
 	{
 	BY_DIR *ctx;
 	union	{
@@ -266,7 +249,7 @@ X509_OBJECT *ret;
 	BUF_MEM *b=NULL;
 	struct stat st;
 	X509_OBJECT stmp,*tmp;
-	char *postfix="";
+	const char *postfix="";
 
 	if (name == NULL) return(0);
 
diff --git a/lib/libssl/src/crypto/x509/by_file.c b/lib/libssl/src/crypto/x509/by_file.c
index 09ebb9bf083..00ee5e8bbc4 100644
--- a/lib/libssl/src/crypto/x509/by_file.c
+++ b/lib/libssl/src/crypto/x509/by_file.c
@@ -63,20 +63,15 @@
 #include <sys/stat.h>
 
 #include "cryptlib.h"
-#include "lhash.h"
-#include "buffer.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/lhash.h>
+#include <openssl/buffer.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 #ifndef NO_STDIO
 
-#ifndef NOPROTO
-static int by_file_ctrl(X509_LOOKUP *ctx,int cmd,char *argc,
-	long argl,char **ret);
-#else
-static int by_file_ctrl();
-#endif
-
+static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
+	long argl, char **ret);
 X509_LOOKUP_METHOD x509_file_lookup=
 	{
 	"Load file into cache",
@@ -91,17 +86,13 @@ X509_LOOKUP_METHOD x509_file_lookup=
 	NULL,		/* get_by_alias */
 	};
 
-X509_LOOKUP_METHOD *X509_LOOKUP_file()
+X509_LOOKUP_METHOD *X509_LOOKUP_file(void)
 	{
 	return(&x509_file_lookup);
 	}
 
-static int by_file_ctrl(ctx,cmd,argp,argl,ret)
-X509_LOOKUP *ctx;
-int cmd;
-char *argp;
-long argl;
-char **ret;
+static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
+	     char **ret)
 	{
 	int ok=0,ok2=0;
 	char *file;
@@ -138,10 +129,7 @@ char **ret;
 	return((ok && ok2)?ok:0);
 	}
 
-int X509_load_cert_file(ctx,file,type)
-X509_LOOKUP *ctx;
-char *file;
-int type;
+int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
 	{
 	int ret=0;
 	BIO *in=NULL;
@@ -161,7 +149,7 @@ int type;
 		{
 		for (;;)
 			{
-			x=PEM_read_bio_X509(in,NULL,NULL);
+			x=PEM_read_bio_X509(in,NULL,NULL,NULL);
 			if (x == NULL)
 				{
 				if ((ERR_GET_REASON(ERR_peek_error()) ==
@@ -208,10 +196,7 @@ err:
 	return(ret);
 	}
 
-int X509_load_crl_file(ctx,file,type)
-X509_LOOKUP *ctx;
-char *file;
-int type;
+int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
 	{
 	int ret=0;
 	BIO *in=NULL;
@@ -231,7 +216,7 @@ int type;
 		{
 		for (;;)
 			{
-			x=PEM_read_bio_X509_CRL(in,NULL,NULL);
+			x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
 			if (x == NULL)
 				{
 				if ((ERR_GET_REASON(ERR_peek_error()) ==
diff --git a/lib/libssl/src/crypto/x509/v3_net.c b/lib/libssl/src/crypto/x509/v3_net.c
deleted file mode 100644
index 0c2d276d13d..00000000000
--- a/lib/libssl/src/crypto/x509/v3_net.c
+++ /dev/null
@@ -1,87 +0,0 @@
-/* crypto/x509/v3_net.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "stack.h"
-#include "cryptlib.h"
-#include "asn1.h"
-#include "objects.h"
-#include "x509.h"
-
-#define NETSCAPE_X509_EXT_NUM	8
-
-static X509_EXTENSION_METHOD netscape_x509_ext[NETSCAPE_X509_EXT_NUM]={
-{NID_netscape_ca_policy_url,	V_ASN1_IA5STRING,X509_EXT_PACK_STRING},
-{NID_netscape_ssl_server_name,	V_ASN1_IA5STRING,X509_EXT_PACK_STRING},
-{NID_netscape_revocation_url,	V_ASN1_IA5STRING,X509_EXT_PACK_STRING},
-{NID_netscape_base_url,V_ASN1_IA5STRING,X509_EXT_PACK_STRING},
-{NID_netscape_cert_type,V_ASN1_BIT_STRING,X509_EXT_PACK_STRING},
-{NID_netscape_ca_revocation_url,V_ASN1_IA5STRING,X509_EXT_PACK_STRING},
-{NID_netscape_renewal_url,V_ASN1_IA5STRING,X509_EXT_PACK_STRING},
-{NID_netscape_comment,V_ASN1_IA5STRING,X509_EXT_PACK_STRING},
-	};
-
-int X509v3_add_netscape_extensions()
-	{
-	int i;
-
-	for (i=0; i<NETSCAPE_X509_EXT_NUM; i++)
-		if (!X509v3_add_extension(&(netscape_x509_ext[i])))
-			return(0);
-	return(1);
-	}
diff --git a/lib/libssl/src/crypto/x509/v3_x509.c b/lib/libssl/src/crypto/x509/v3_x509.c
deleted file mode 100644
index f685aa4c71d..00000000000
--- a/lib/libssl/src/crypto/x509/v3_x509.c
+++ /dev/null
@@ -1,253 +0,0 @@
-/* crypto/x509/v3_x509.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include "stack.h"
-#include "cryptlib.h"
-#include "bio.h"
-#include "asn1.h"
-#include "objects.h"
-#include "x509.h"
-
-#if 0
-static int i2a_key_usage(BIO *bp, X509 *x);
-static int a2i_key_usage(X509 *x, char *str, int len);
-#endif
-
-int X509v3_get_key_usage(X509 *x);
-int X509v3_set_key_usage(X509 *x,unsigned int use);
-int i2a_X509v3_key_usage(BIO *bp, unsigned int use);
-unsigned int a2i_X509v3_key_usage(char *p);
-
-#define STD_X509_EXT_NUM	9
-
-#if 0
-static X509_OBJECTS std_x509_ext[STD_X509_EXT_NUM]={
-{NID_subject_key_identifier,	NULL,NULL},
-{NID_key_usage,			a2i_key_usage,i2a_key_usage}, /**/
-{NID_private_key_usage_period,	NULL,NULL},
-{NID_subject_alt_name,		NULL,NULL},
-{NID_issuer_alt_name,		NULL,NULL},
-{NID_basic_constraints,		NULL,NULL},
-{NID_crl_number,		NULL,NULL},
-{NID_certificate_policies,	NULL,NULL},
-{NID_authority_key_identifier,  NULL,NULL},
-	};
-#endif
-
-int X509v3_add_standard_extensions()
-	{
-
-#if 0
-	for (i=0; i<STD_X509_EXT_NUM; i++)
-		if (!X509v3_add_extension(&(std_x509_ext[i])))
-			return(0);
-#endif
-	return(1);
-	}
-
-int X509v3_get_key_usage(x)
-X509 *x;
-	{
-	X509_EXTENSION *ext;
-	ASN1_STRING *st;
-	char *p;
-	int i;
-
-	i=X509_get_ext_by_NID(x,NID_key_usage,-1);
-	if (i < 0) return(X509v3_KU_UNDEF);
-	ext=X509_get_ext(x,i);
-	st=X509v3_unpack_string(NULL,V_ASN1_BIT_STRING,
-		X509_EXTENSION_get_data(X509_get_ext(x,i)));
-
-	p=(char *)ASN1_STRING_data(st);
-	if (ASN1_STRING_length(st) == 1)
-		i=p[0];
-	else if (ASN1_STRING_length(st) == 2)
-		i=p[0]|(p[1]<<8);
-	else
-		i=0;
-	return(i);
-	}
-
-static struct
-	{
-	char *name;
-	unsigned int value;
-	} key_usage_data[] ={
-	{"digitalSignature",	X509v3_KU_DIGITAL_SIGNATURE},
-	{"nonRepudiation",	X509v3_KU_NON_REPUDIATION},
-	{"keyEncipherment",	X509v3_KU_KEY_ENCIPHERMENT},
-	{"dataEncipherment",	X509v3_KU_DATA_ENCIPHERMENT},
-	{"keyAgreement",	X509v3_KU_KEY_AGREEMENT},
-	{"keyCertSign",		X509v3_KU_KEY_CERT_SIGN},
-	{"cRLSign",		X509v3_KU_CRL_SIGN},
-	{"encipherOnly",	X509v3_KU_ENCIPHER_ONLY},
-	{"decipherOnly",	X509v3_KU_DECIPHER_ONLY},
-	{NULL,0},
-	};
-
-#if 0
-static int a2i_key_usage(x,str,len)
-X509 *x;
-char *str;
-int len;
-	{
-	return(X509v3_set_key_usage(x,a2i_X509v3_key_usage(str)));
-	}
-
-static int i2a_key_usage(bp,x)
-BIO *bp;
-X509 *x;
-	{
-	return(i2a_X509v3_key_usage(bp,X509v3_get_key_usage(x)));
-	}
-#endif
-
-int i2a_X509v3_key_usage(bp,use)
-BIO *bp;
-unsigned int use;
-	{
-	int i=0,first=1;
-
-	for (;;)
-		{
-		if (use | key_usage_data[i].value)
-			{
-			BIO_printf(bp,"%s%s",((first)?"":" "),
-				key_usage_data[i].name);
-			first=0;
-			}
-		}
-	return(1);
-	}
-
-unsigned int a2i_X509v3_key_usage(p)
-char *p;
-	{
-	unsigned int ret=0;
-	char *q,*s;
-	int i,n;
-
-	q=p;
-	for (;;)
-		{
-		while ((*q != '\0') && isalnum(*q))
-			q++;
-		if (*q == '\0') break;
-		s=q++;
-		while (isalnum(*q))
-			q++;
-		n=q-s;
-		i=0;
-		for (;;)
-			{
-			if (strncmp(key_usage_data[i].name,s,n) == 0)
-				{
-				ret|=key_usage_data[i].value;
-				break;
-				}
-			i++;
-			if (key_usage_data[i].name == NULL)
-				return(X509v3_KU_UNDEF);
-			}
-		}
-	return(ret);
-	}
-
-int X509v3_set_key_usage(x,use)
-X509 *x;
-unsigned int use;
-	{
-	ASN1_OCTET_STRING *os;
-	X509_EXTENSION *ext;
-	int i;
-	unsigned char data[4];
-
-	i=X509_get_ext_by_NID(x,NID_key_usage,-1);
-	if (i < 0)
-		{
-		i=X509_get_ext_count(x)+1;
-		if ((ext=X509_EXTENSION_new()) == NULL) return(0);
-		if (!X509_add_ext(x,ext,i))
-			{
-			X509_EXTENSION_free(ext);
-			return(0);
-			}
-		}
-	else
-		ext=X509_get_ext(x,i);
-
-	/* fill in 'ext' */
-	os=X509_EXTENSION_get_data(ext);
-
-	i=0;
-	if (use > 0)
-		{
-		i=1;
-		data[0]=use&0xff;
-		}
-	if (use > 0xff)
-		{
-		i=2;
-		data[1]=(use>>8)&0xff;
-		}
-	return((X509v3_pack_string(&os,V_ASN1_BIT_STRING,data,i) == NULL)?0:1);
-	}
-
diff --git a/lib/libssl/src/crypto/x509/x509.doc b/lib/libssl/src/crypto/x509/x509.doc
deleted file mode 100644
index 73cfc9f034a..00000000000
--- a/lib/libssl/src/crypto/x509/x509.doc
+++ /dev/null
@@ -1,27 +0,0 @@
-X509_verify()
-X509_sign()
-
-X509_get_version()
-X509_get_serialNumber()
-X509_get_issuer()
-X509_get_subject()
-X509_get_notBefore()
-X509_get_notAfter()
-X509_get_pubkey()
-
-X509_set_version()
-X509_set_serialNumber()
-X509_set_issuer()
-X509_set_subject()
-X509_set_notBefore()
-X509_set_notAfter()
-X509_set_pubkey()
-
-X509_get_extensions()
-X509_set_extensions()
-
-X509_EXTENSIONS_clear()
-X509_EXTENSIONS_retrieve()
-X509_EXTENSIONS_add()
-X509_EXTENSIONS_delete()
-
diff --git a/lib/libssl/src/crypto/x509/x509.err b/lib/libssl/src/crypto/x509/x509.err
deleted file mode 100644
index 8d0862d7d1d..00000000000
--- a/lib/libssl/src/crypto/x509/x509.err
+++ /dev/null
@@ -1,46 +0,0 @@
-/* Error codes for the X509 functions. */
-
-/* Function codes. */
-#define X509_F_ADD_CERT_DIR				 100
-#define X509_F_BY_FILE_CTRL				 101
-#define X509_F_DIR_CTRL					 102
-#define X509_F_GET_CERT_BY_SUBJECT			 103
-#define X509_F_X509V3_ADD_EXT				 104
-#define X509_F_X509V3_ADD_EXTENSION			 105
-#define X509_F_X509V3_PACK_STRING			 106
-#define X509_F_X509V3_UNPACK_STRING			 107
-#define X509_F_X509_EXTENSION_CREATE_BY_NID		 108
-#define X509_F_X509_EXTENSION_CREATE_BY_OBJ		 109
-#define X509_F_X509_GET_PUBKEY_PARAMETERS		 110
-#define X509_F_X509_LOAD_CERT_FILE			 111
-#define X509_F_X509_LOAD_CRL_FILE			 112
-#define X509_F_X509_NAME_ADD_ENTRY			 113
-#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID		 114
-#define X509_F_X509_NAME_ENTRY_SET_OBJECT		 115
-#define X509_F_X509_NAME_ONELINE			 116
-#define X509_F_X509_NAME_PRINT				 117
-#define X509_F_X509_PRINT_FP				 118
-#define X509_F_X509_PUBKEY_GET				 119
-#define X509_F_X509_PUBKEY_SET				 120
-#define X509_F_X509_REQ_PRINT				 121
-#define X509_F_X509_REQ_PRINT_FP			 122
-#define X509_F_X509_REQ_TO_X509				 123
-#define X509_F_X509_STORE_ADD_CERT			 124
-#define X509_F_X509_STORE_ADD_CRL			 125
-#define X509_F_X509_TO_X509_REQ				 126
-#define X509_F_X509_VERIFY_CERT				 127
-
-/* Reason codes. */
-#define X509_R_BAD_X509_FILETYPE			 100
-#define X509_R_CERT_ALREADY_IN_HASH_TABLE		 101
-#define X509_R_ERR_ASN1_LIB				 102
-#define X509_R_LOADING_CERT_DIR				 103
-#define X509_R_LOADING_DEFAULTS				 104
-#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY		 105
-#define X509_R_SHOULD_RETRY				 106
-#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN	 107
-#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY		 108
-#define X509_R_UNKNOWN_NID				 109
-#define X509_R_UNKNOWN_STRING_TYPE			 110
-#define X509_R_UNSUPPORTED_ALGORITHM			 111
-#define X509_R_WRONG_LOOKUP_TYPE			 112
diff --git a/lib/libssl/src/crypto/x509/x509.h b/lib/libssl/src/crypto/x509/x509.h
index 95114f7c43f..35f9484f8b9 100644
--- a/lib/libssl/src/crypto/x509/x509.h
+++ b/lib/libssl/src/crypto/x509/x509.h
@@ -63,28 +63,34 @@
 extern "C" {
 #endif
 
-#include "stack.h"
-#include "asn1.h"
+#ifdef VMS
+#undef X509_REVOKED_get_ext_by_critical
+#define X509_REVOKED_get_ext_by_critical X509_REVOKED_get_ext_by_critic
+#endif
+
+#include <openssl/stack.h>
+#include <openssl/asn1.h>
+#include <openssl/safestack.h>
 
 #ifndef NO_RSA
-#include "rsa.h"
-#else
-#define RSA	long
+#include <openssl/rsa.h>
 #endif
 
 #ifndef NO_DSA
-#include "dsa.h"
-#else
-#define DSA	long
+#include <openssl/dsa.h>
 #endif
 
 #ifndef NO_DH
-#include "dh.h"
-#else
-#define DH	long
+#include <openssl/dh.h>
 #endif
 
-#include "evp.h"
+#include <openssl/evp.h>
+
+
+#ifdef WIN32
+/* Under Win32 this is defined in wincrypt.h */
+#undef X509_NAME
+#endif
 
 #define X509_FILETYPE_PEM	1
 #define X509_FILETYPE_ASN1	2
@@ -114,6 +120,9 @@ typedef struct X509_algor_st
 	ASN1_TYPE *parameter;
 	} X509_ALGOR;
 
+DECLARE_STACK_OF(X509_ALGOR)
+DECLARE_ASN1_SET_OF(X509_ALGOR)
+
 typedef struct X509_val_st
 	{
 	ASN1_UTCTIME *notBefore;
@@ -124,7 +133,7 @@ typedef struct X509_pubkey_st
 	{
 	X509_ALGOR *algor;
 	ASN1_BIT_STRING *public_key;
-	struct evp_pkey_st /* EVP_PKEY*/ *pkey;
+	EVP_PKEY *pkey;
 	} X509_PUBKEY;
 
 typedef struct X509_sig_st
@@ -141,10 +150,13 @@ typedef struct X509_name_entry_st
 	int size; 	/* temp variable */
 	} X509_NAME_ENTRY;
 
+DECLARE_STACK_OF(X509_NAME_ENTRY)
+DECLARE_ASN1_SET_OF(X509_NAME_ENTRY)
+
 /* we always keep X509_NAMEs in 2 forms. */
 typedef struct X509_name_st
 	{
-	STACK *entries; /* of X509_NAME_ENTRY */
+	STACK_OF(X509_NAME_ENTRY) *entries;
 	int modified;	/* true if 'bytes' needs to be built */
 #ifdef HEADER_BUFFER_H
 	BUF_MEM *bytes;
@@ -154,6 +166,8 @@ typedef struct X509_name_st
 	unsigned long hash; /* Keep the hash around for lookups */
 	} X509_NAME;
 
+DECLARE_STACK_OF(X509_NAME)
+
 #define X509_EX_V_NETSCAPE_HACK		0x8000
 #define X509_EX_V_INIT			0x0001
 typedef struct X509_extension_st
@@ -167,23 +181,23 @@ typedef struct X509_extension_st
 	void (*ex_free)();		/* clear argp stuff */
 	} X509_EXTENSION;
 
-/* #if 1 */
-typedef struct x509_extension_method_st
+DECLARE_STACK_OF(X509_EXTENSION)
+DECLARE_ASN1_SET_OF(X509_EXTENSION)
+
+/* a sequence of these are used */
+typedef struct x509_attributes_st
 	{
-	int nid;
-	int data_type;
-	int pack_type;
-	void (*ex_clear)();
-	int (*ex_get_bool)();
-	int (*ex_set_bool)();
-	int (*ex_get_str)();
-	int (*ex_set_str)();
-	char *(*ex_get_struct)();
-	int (*ex_set_struct)();
-	int (*a2i)();
-	int (*i2a)();
-	} X509_EXTENSION_METHOD;
-/* #endif */
+	ASN1_OBJECT *object;
+	int set; /* 1 for a set, 0 for a single item (which is wrong) */
+	union	{
+		char		*ptr;
+/* 1 */		STACK_OF(ASN1_TYPE) *set;
+/* 0 */		ASN1_TYPE	*single;
+		} value;
+	} X509_ATTRIBUTE;
+
+DECLARE_STACK_OF(X509_ATTRIBUTE)
+DECLARE_ASN1_SET_OF(X509_ATTRIBUTE)
 
 typedef struct X509_req_info_st
 	{
@@ -191,7 +205,7 @@ typedef struct X509_req_info_st
 	X509_NAME *subject;
 	X509_PUBKEY *pubkey;
 	/*  d=2 hl=2 l=  0 cons: cont: 00 */
-	STACK /* X509_ATTRIBUTE */ *attributes; /* [ 0 ] */
+	STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
 	int req_kludge;
 	} X509_REQ_INFO;
 
@@ -214,7 +228,7 @@ typedef struct x509_cinf_st
 	X509_PUBKEY *key;
 	ASN1_BIT_STRING *issuerUID;		/* [ 1 ] optional in v2 */
 	ASN1_BIT_STRING *subjectUID;		/* [ 2 ] optional in v2 */
-	STACK /* X509_EXTENSION */ *extensions;	/* [ 3 ] optional in v3 */
+	STACK_OF(X509_EXTENSION) *extensions;	/* [ 3 ] optional in v3 */
 	} X509_CINF;
 
 typedef struct x509_st
@@ -227,14 +241,20 @@ typedef struct x509_st
 	char *name;
 	} X509;
 
+DECLARE_STACK_OF(X509)
+DECLARE_ASN1_SET_OF(X509)
+
 typedef struct X509_revoked_st
 	{
 	ASN1_INTEGER *serialNumber;
 	ASN1_UTCTIME *revocationDate;
-	STACK /* optional X509_EXTENSION */ *extensions;
+	STACK_OF(X509_EXTENSION) /* optional */ *extensions;
 	int sequence; /* load sequence */
 	} X509_REVOKED;
 
+DECLARE_STACK_OF(X509_REVOKED)
+DECLARE_ASN1_SET_OF(X509_REVOKED)
+
 typedef struct X509_crl_info_st
 	{
 	ASN1_INTEGER *version;
@@ -242,8 +262,8 @@ typedef struct X509_crl_info_st
 	X509_NAME *issuer;
 	ASN1_UTCTIME *lastUpdate;
 	ASN1_UTCTIME *nextUpdate;
-	STACK /* X509_REVOKED */ *revoked;
-	STACK /* [0] X509_EXTENSION */ *extensions;
+	STACK_OF(X509_REVOKED) *revoked;
+	STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
 	} X509_CRL_INFO;
 
 typedef struct X509_crl_st
@@ -255,17 +275,8 @@ typedef struct X509_crl_st
 	int references;
 	} X509_CRL;
 
-/* a sequence of these are used */
-typedef struct x509_attributes_st
-	{
-	ASN1_OBJECT *object;
-	int set; /* 1 for a set, 0 for a single item (which is wrong) */
-	union	{
-		char		*ptr;
-/* 1 */		STACK /* ASN1_TYPE */ *set;
-/* 0 */		ASN1_TYPE	*single;
-		} value;
-	} X509_ATTRIBUTE;
+DECLARE_STACK_OF(X509_CRL)
+DECLARE_ASN1_SET_OF(X509_CRL)
 
 typedef struct private_key_st
 	{
@@ -301,6 +312,8 @@ typedef struct X509_info_st
 
 	int references;
 	} X509_INFO;
+
+DECLARE_STACK_OF(X509_INFO)
 #endif
 
 /* The next 2 structures and their 8 routines were sent to me by
@@ -320,17 +333,55 @@ typedef struct Netscape_spki_st
 	ASN1_BIT_STRING *signature;
 	} NETSCAPE_SPKI;
 
-#ifndef HEADER_BN_H
-#define BIGNUM 		char
-#endif
+/* Netscape certificate sequence structure */
+typedef struct Netscape_certificate_sequence
+	{
+	ASN1_OBJECT *type;
+	STACK_OF(X509) *certs;
+	} NETSCAPE_CERT_SEQUENCE;
 
 typedef struct CBCParameter_st
 	{
 	unsigned char iv[8];
 	} CBC_PARAM;
 
-#include "x509_vfy.h"
-#include "pkcs7.h"
+/* Password based encryption structure */
+
+typedef struct PBEPARAM_st {
+ASN1_OCTET_STRING *salt;
+ASN1_INTEGER *iter;
+} PBEPARAM;
+
+/* Password based encryption V2 structures */
+
+typedef struct PBE2PARAM_st {
+X509_ALGOR *keyfunc;
+X509_ALGOR *encryption;
+} PBE2PARAM;
+
+typedef struct PBKDF2PARAM_st {
+ASN1_TYPE *salt;	/* Usually OCTET STRING but could be anything */
+ASN1_INTEGER *iter;
+ASN1_INTEGER *keylength;
+X509_ALGOR *prf;
+} PBKDF2PARAM;
+
+
+/* PKCS#8 private key info structure */
+
+typedef struct pkcs8_priv_key_info_st
+        {
+        int broken;     /* Flag for various broken formats */
+#define PKCS8_OK        0
+#define PKCS8_NO_OCTET  1
+        ASN1_INTEGER *version;
+        X509_ALGOR *pkeyalg;
+        ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */
+        STACK_OF(X509_ATTRIBUTE) *attributes;
+        } PKCS8_PRIV_KEY_INFO;
+
+#include <openssl/x509_vfy.h>
+#include <openssl/pkcs7.h>
 
 #ifdef SSLEAY_MACROS
 #define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\
@@ -355,6 +406,9 @@ typedef struct CBCParameter_st
 
 #define X509_dup(x509) (X509 *)ASN1_dup((int (*)())i2d_X509, \
 		(char *(*)())d2i_X509,(char *)x509)
+#define X509_ATTRIBUTE_dup(xa) (X509_ATTRIBUTE *)ASN1_dup(\
+		(int (*)())i2d_X509_ATTRIBUTE, \
+		(char *(*)())d2i_X509_ATTRIBUTE,(char *)xa)
 #define X509_EXTENSION_dup(ex) (X509_EXTENSION *)ASN1_dup( \
 		(int (*)())i2d_X509_EXTENSION, \
 		(char *(*)())d2i_X509_EXTENSION,(char *)ex)
@@ -442,6 +496,9 @@ typedef struct CBCParameter_st
 #define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \
 		(unsigned char *)dsa)
 
+#define X509_ALGOR_dup(xn) (X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,\
+		(char *(*)())d2i_X509_ALGOR,(char *)xn)
+
 #define X509_NAME_dup(xn) (X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, \
 		(char *(*)())d2i_X509_NAME,(char *)xn)
 #define X509_NAME_ENTRY_dup(ne) (X509_NAME_ENTRY *)ASN1_dup( \
@@ -453,10 +510,12 @@ typedef struct CBCParameter_st
 	ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len)
 #define X509_NAME_digest(data,type,md,len) \
 	ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len)
+#ifndef PKCS7_ISSUER_AND_SERIAL_digest
 #define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \
 	ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\
 		(char *)data,md,len)
 #endif
+#endif
 
 #define X509_EXT_PACK_UNKNOWN	1
 #define X509_EXT_PACK_STRING	2
@@ -472,25 +531,31 @@ typedef struct CBCParameter_st
 #define		X509_name_cmp(a,b)	X509_NAME_cmp((a),(b))
 #define		X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))
 
+#define		X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version)
+#define 	X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)
+#define 	X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate)
+#define		X509_CRL_get_issuer(x) ((x)->crl->issuer)
+#define		X509_CRL_get_REVOKED(x) ((x)->crl->revoked)
+
 /* This one is only used so that a binary form can output, as in
  * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */
 #define 	X509_get_X509_PUBKEY(x) ((x)->cert_info->key)
 
-#ifndef NOPROTO
+
+const char *X509_verify_cert_error_string(long n);
 
 #ifndef SSLEAY_MACROS
 #ifdef HEADER_ENVELOPE_H
 int X509_verify(X509 *a, EVP_PKEY *r);
-char *X509_verify_cert_error_string(long n);
 
 int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
 int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
 int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r);
 
-int X509_sign(X509 *x, EVP_PKEY *pkey, EVP_MD *md);
-int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, EVP_MD *md);
-int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, EVP_MD *md);
-int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, EVP_MD *md);
+int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
+int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
 
 int X509_digest(X509 *data,EVP_MD *type,unsigned char *md,unsigned int *len);
 int X509_NAME_digest(X509_NAME *data,EVP_MD *type,
@@ -498,55 +563,77 @@ int X509_NAME_digest(X509_NAME *data,EVP_MD *type,
 #endif
 
 #ifndef NO_FP_API
-X509 *d2i_X509_fp(FILE *fp, X509 *x509);
+X509 *d2i_X509_fp(FILE *fp, X509 **x509);
 int i2d_X509_fp(FILE *fp,X509 *x509);
-X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL *crl);
+X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL **crl);
 int i2d_X509_CRL_fp(FILE *fp,X509_CRL *crl);
-X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ *req);
+X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ **req);
 int i2d_X509_REQ_fp(FILE *fp,X509_REQ *req);
-RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA *rsa);
+#ifndef NO_RSA
+RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA **rsa);
 int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa);
-DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
-int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
-RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA *rsa);
+RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA **rsa);
 int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa);
 #endif
+#ifndef NO_DSA
+DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
+int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
+X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8);
+int i2d_PKCS8_fp(FILE *fp,X509_SIG *p8);
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
+						PKCS8_PRIV_KEY_INFO **p8inf);
+int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,PKCS8_PRIV_KEY_INFO *p8inf);
+#endif
+#endif
 
 #ifdef HEADER_BIO_H
-X509 *d2i_X509_bio(BIO *bp,X509 *x509);
+X509 *d2i_X509_bio(BIO *bp,X509 **x509);
 int i2d_X509_bio(BIO *bp,X509 *x509);
-X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL *crl);
+X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL **crl);
 int i2d_X509_CRL_bio(BIO *bp,X509_CRL *crl);
-X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ *req);
+X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ **req);
 int i2d_X509_REQ_bio(BIO *bp,X509_REQ *req);
-RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA *rsa);
+#ifndef NO_RSA
+RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa);
 int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa);
-DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
-int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
-RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA *rsa);
+RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA **rsa);
 int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa);
 #endif
+#ifndef NO_DSA
+DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);
+int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
+#endif
+X509_SIG *d2i_PKCS8_bio(BIO *bp,X509_SIG **p8);
+int i2d_PKCS8_bio(BIO *bp,X509_SIG *p8);
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
+						PKCS8_PRIV_KEY_INFO **p8inf);
+int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,PKCS8_PRIV_KEY_INFO *p8inf);
+#endif
 
 X509 *X509_dup(X509 *x509);
+X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa);
 X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex);
 X509_CRL *X509_CRL_dup(X509_CRL *crl);
 X509_REQ *X509_REQ_dup(X509_REQ *req);
+X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
 X509_NAME *X509_NAME_dup(X509_NAME *xn);
 X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
+#ifndef NO_RSA
 RSA *RSAPublicKey_dup(RSA *rsa);
 RSA *RSAPrivateKey_dup(RSA *rsa);
+#endif
 
 #endif /* !SSLEAY_MACROS */
 
 int		X509_cmp_current_time(ASN1_UTCTIME *s);
 ASN1_UTCTIME *	X509_gmtime_adj(ASN1_UTCTIME *s, long adj);
 
-char *		X509_get_default_cert_area(void );
-char *		X509_get_default_cert_dir(void );
-char *		X509_get_default_cert_file(void );
-char *		X509_get_default_cert_dir_env(void );
-char *		X509_get_default_cert_file_env(void );
-char *		X509_get_default_private_dir(void );
+const char *	X509_get_default_cert_area(void );
+const char *	X509_get_default_cert_dir(void );
+const char *	X509_get_default_cert_file(void );
+const char *	X509_get_default_cert_dir_env(void );
+const char *	X509_get_default_cert_file_env(void );
+const char *	X509_get_default_private_dir(void );
 
 X509_REQ *	X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, EVP_MD *md);
 X509 *		X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey);
@@ -571,7 +658,8 @@ X509_PUBKEY *	d2i_X509_PUBKEY(X509_PUBKEY **a,unsigned char **pp,
 			long length);
 int		X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
 EVP_PKEY *	X509_PUBKEY_get(X509_PUBKEY *key);
-int		X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK *chain);
+int		X509_get_pubkey_parameters(EVP_PKEY *pkey,
+					   STACK_OF(X509) *chain);
 
 
 X509_SIG *	X509_SIG_new(void );
@@ -595,6 +683,8 @@ void		X509_ATTRIBUTE_free(X509_ATTRIBUTE *a);
 int		i2d_X509_ATTRIBUTE(X509_ATTRIBUTE *a,unsigned char **pp);
 X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(X509_ATTRIBUTE **a,unsigned char **pp,
 			long length);
+X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value);
+
 
 X509_EXTENSION *X509_EXTENSION_new(void );
 void		X509_EXTENSION_free(X509_EXTENSION *a);
@@ -658,6 +748,12 @@ int		i2d_NETSCAPE_SPKAC(NETSCAPE_SPKAC *a,unsigned char **pp);
 NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC(NETSCAPE_SPKAC **a,unsigned char **pp,
 		long length);
 
+
+int i2d_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE *a, unsigned char **pp);
+NETSCAPE_CERT_SEQUENCE *NETSCAPE_CERT_SEQUENCE_new(void);
+NETSCAPE_CERT_SEQUENCE *d2i_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE **a, unsigned char **pp, long length);
+void NETSCAPE_CERT_SEQUENCE_free(NETSCAPE_CERT_SEQUENCE *a);
+
 #ifdef HEADER_ENVELOPE_H
 X509_INFO *	X509_INFO_new(void);
 void		X509_INFO_free(X509_INFO *a);
@@ -671,7 +767,7 @@ int ASN1_digest(int (*i2d)(),EVP_MD *type,char *data,
 
 int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
 	ASN1_BIT_STRING *signature,
-	char *data,EVP_PKEY *pkey, EVP_MD *type);
+	char *data,EVP_PKEY *pkey, const EVP_MD *type);
 #endif
 
 int 		X509_set_version(X509 *x,long version);
@@ -709,12 +805,14 @@ unsigned long	X509_NAME_hash(X509_NAME *x);
 int		X509_CRL_cmp(X509_CRL *a,X509_CRL *b);
 #ifndef NO_FP_API
 int		X509_print_fp(FILE *bp,X509 *x);
+int		X509_CRL_print_fp(FILE *bp,X509_CRL *x);
 int		X509_REQ_print_fp(FILE *bp,X509_REQ *req);
 #endif
 
 #ifdef HEADER_BIO_H
 int		X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
 int		X509_print(BIO *bp,X509 *x);
+int		X509_CRL_print(BIO *bp,X509_CRL *x);
 int		X509_REQ_print(BIO *bp,X509_REQ *req);
 #endif
 
@@ -745,18 +843,17 @@ int 		X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
 ASN1_OBJECT *	X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
 ASN1_STRING *	X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
 
-int		X509v3_get_ext_count(STACK *x);
-int		X509v3_get_ext_by_NID(STACK *x, int nid, int lastpos);
-int		X509v3_get_ext_by_OBJ(STACK *x,ASN1_OBJECT *obj,int lastpos);
-int		X509v3_get_ext_by_critical(STACK *x, int crit, int lastpos);
-X509_EXTENSION *X509v3_get_ext(STACK *x, int loc);
-X509_EXTENSION *X509v3_delete_ext(STACK *x, int loc);
-STACK *		X509v3_add_ext(STACK **x, X509_EXTENSION *ex, int loc);
-
-int		X509v3_data_type_by_OBJ(ASN1_OBJECT *obj);
-int		X509v3_data_type_by_NID(int nid);
-int		X509v3_pack_type_by_OBJ(ASN1_OBJECT *obj);
-int		X509v3_pack_type_by_NID(int nid);
+int		X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
+int		X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
+				      int nid, int lastpos);
+int		X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,
+				      ASN1_OBJECT *obj,int lastpos);
+int		X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,
+					   int crit, int lastpos);
+X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
+X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc);
+STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
+					 X509_EXTENSION *ex, int loc);
 
 int		X509_get_ext_count(X509 *x);
 int		X509_get_ext_by_NID(X509 *x, int nid, int lastpos);
@@ -793,311 +890,49 @@ int		X509_EXTENSION_set_data(X509_EXTENSION *ex,
 ASN1_OBJECT *	X509_EXTENSION_get_object(X509_EXTENSION *ex);
 ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
 int		X509_EXTENSION_get_critical(X509_EXTENSION *ex);
-ASN1_OCTET_STRING *X509v3_pack_string(ASN1_OCTET_STRING **ex,int type,
-			unsigned char *bytes, int len);
-ASN1_STRING *	X509v3_unpack_string(ASN1_STRING **ex,int type,
-			ASN1_OCTET_STRING *os);
 
 int		X509_verify_cert(X509_STORE_CTX *ctx);
 
 /* lookup a cert from a X509 STACK */
-X509 *X509_find_by_issuer_and_serial(STACK *sk,X509_NAME *name,
-                ASN1_INTEGER *serial);
-X509 *X509_find_by_subject(STACK *sk,X509_NAME *name);
-
-#else
-
-#ifndef SSLEAY_MACROS
-#ifdef HEADER_ENVELOPE_H
-int X509_verify();
-int X509_REQ_verify();
-int X509_CRL_verify();
-int NETSCAPE_SPKI_verify();
-
-int X509_sign();
-int X509_REQ_sign();
-int X509_CRL_sign();
-int NETSCAPE_SPKI_sign();
-
-int X509_digest();
-int X509_NAME_digest();
-#endif
-
-#ifndef NO_FP_API
-X509 *d2i_X509_fp();
-int i2d_X509_fp();
-X509_CRL *d2i_X509_CRL_fp();
-int i2d_X509_CRL_fp();
-X509_REQ *d2i_X509_REQ_fp();
-int i2d_X509_REQ_fp();
-RSA *d2i_RSAPrivateKey_fp();
-int i2d_RSAPrivateKey_fp();
-DSA *d2i_DSAPrivateKey_fp();
-int i2d_DSAPrivateKey_fp();
-RSA *d2i_RSAPublicKey_fp();
-int i2d_RSAPublicKey_fp();
-#endif
-
-X509 *d2i_X509_bio();
-int i2d_X509_bio();
-X509_CRL *d2i_X509_CRL_bio();
-int i2d_X509_CRL_bio();
-X509_REQ *d2i_X509_REQ_bio();
-int i2d_X509_REQ_bio();
-RSA *d2i_RSAPrivateKey_bio();
-int i2d_RSAPrivateKey_bio();
-DSA *d2i_DSAPrivateKey_bio();
-int i2d_DSAPrivateKey_bio();
-RSA *d2i_RSAPublicKey_bio();
-int i2d_RSAPublicKey_bio();
-
-X509 *X509_dup();
-X509_EXTENSION *X509_EXTENSION_dup();
-X509_CRL *X509_CRL_dup();
-X509_REQ *X509_REQ_dup();
-X509_NAME *X509_NAME_dup();
-X509_NAME_ENTRY *X509_NAME_ENTRY_dup();
-RSA *RSAPublicKey_dup();
-RSA *RSAPrivateKey_dup();
-
-#endif /* !SSLEAY_MACROS */
-
-int		X509_cmp_current_time();
-ASN1_UTCTIME *	X509_gmtime_adj();
-
-char *		X509_get_default_cert_area();
-char *		X509_get_default_cert_dir();
-char *		X509_get_default_cert_file();
-char *		X509_get_default_cert_dir_env();
-char *		X509_get_default_cert_file_env();
-char *		X509_get_default_private_dir();
-
-X509_REQ *	X509_to_X509_REQ();
-X509 *		X509_REQ_to_X509();
-void ERR_load_X509_strings();
-
-X509_ALGOR *	X509_ALGOR_new();
-void		X509_ALGOR_free();
-int		i2d_X509_ALGOR();
-X509_ALGOR *	d2i_X509_ALGOR();
-
-X509_VAL *	X509_VAL_new();
-void		X509_VAL_free();
-int		i2d_X509_VAL();
-X509_VAL *	d2i_X509_VAL();
-
-X509_PUBKEY *	X509_PUBKEY_new();
-void		X509_PUBKEY_free();
-int		i2d_X509_PUBKEY();
-X509_PUBKEY *	d2i_X509_PUBKEY();
-int		X509_PUBKEY_set();
-EVP_PKEY *	X509_PUBKEY_get();
-int		X509_get_pubkey_parameters();
-
-X509_SIG *	X509_SIG_new();
-void		X509_SIG_free();
-int		i2d_X509_SIG();
-X509_SIG *	d2i_X509_SIG();
-
-X509_REQ_INFO *X509_REQ_INFO_new();
-void		X509_REQ_INFO_free();
-int		i2d_X509_REQ_INFO();
-X509_REQ_INFO *d2i_X509_REQ_INFO();
-
-X509_REQ *	X509_REQ_new();
-void		X509_REQ_free();
-int		i2d_X509_REQ();
-X509_REQ *	d2i_X509_REQ();
-
-X509_ATTRIBUTE *X509_ATTRIBUTE_new();
-void		X509_ATTRIBUTE_free();
-int		i2d_X509_ATTRIBUTE();
-X509_ATTRIBUTE *d2i_X509_ATTRIBUTE();
-
-X509_EXTENSION *X509_EXTENSION_new();
-void		X509_EXTENSION_free();
-int		i2d_X509_EXTENSION();
-X509_EXTENSION *d2i_X509_EXTENSION();
-
-X509_NAME_ENTRY *X509_NAME_ENTRY_new();
-void		X509_NAME_ENTRY_free();
-int		i2d_X509_NAME_ENTRY();
-X509_NAME_ENTRY *d2i_X509_NAME_ENTRY();
-
-X509_NAME *	X509_NAME_new();
-void		X509_NAME_free();
-int		i2d_X509_NAME();
-X509_NAME *	d2i_X509_NAME();
-int		X509_NAME_set();
-
-
-X509_CINF *	X509_CINF_new();
-void		X509_CINF_free();
-int		i2d_X509_CINF();
-X509_CINF *	d2i_X509_CINF();
-
-X509 *		X509_new();
-void		X509_free();
-int		i2d_X509();
-X509 *		d2i_X509();
-
-X509_REVOKED *	X509_REVOKED_new();
-void		X509_REVOKED_free();
-int		i2d_X509_REVOKED();
-X509_REVOKED *	d2i_X509_REVOKED();
-
-X509_CRL_INFO *X509_CRL_INFO_new();
-void		X509_CRL_INFO_free();
-int		i2d_X509_CRL_INFO();
-X509_CRL_INFO *d2i_X509_CRL_INFO();
-
-X509_CRL *	X509_CRL_new();
-void		X509_CRL_free();
-int		i2d_X509_CRL();
-X509_CRL *	d2i_X509_CRL();
-
-X509_PKEY *	X509_PKEY_new();
-void		X509_PKEY_free();
-int		i2d_X509_PKEY();
-X509_PKEY *	d2i_X509_PKEY();
-
-NETSCAPE_SPKI *	NETSCAPE_SPKI_new();
-void		NETSCAPE_SPKI_free();
-int		i2d_NETSCAPE_SPKI();
-NETSCAPE_SPKI *	d2i_NETSCAPE_SPKI();
-
-NETSCAPE_SPKAC *NETSCAPE_SPKAC_new();
-void		NETSCAPE_SPKAC_free();
-int		i2d_NETSCAPE_SPKAC();
-NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC();
-
-#ifdef HEADER_ENVELOPE_H
-X509_INFO *	X509_INFO_new();
-void		X509_INFO_free();
-#endif
-
-char *		X509_NAME_oneline();
-
-int ASN1_verify();
-int ASN1_digest();
-int ASN1_sign();
-
-int 		X509_set_version();
-int 		X509_set_serialNumber();
-ASN1_INTEGER *	X509_get_serialNumber();
-int 		X509_set_issuer_name();
-X509_NAME *	X509_get_issuer_name();
-int 		X509_set_subject_name();
-X509_NAME *	X509_get_subject_name();
-int 		X509_set_notBefore();
-int 		X509_set_notAfter();
-int 		X509_set_pubkey();
-EVP_PKEY *	X509_get_pubkey();
-int		X509_certificate_type();
-
-int		X509_REQ_set_version();
-int		X509_REQ_set_subject_name();
-int		X509_REQ_set_pubkey();
-EVP_PKEY *	X509_REQ_get_pubkey();
-
-int		X509_check_private_key();
-
-int		X509_issuer_and_serial_cmp();
-unsigned long	X509_issuer_and_serial_hash();
-
-int		X509_issuer_name_cmp();
-unsigned long	X509_issuer_name_hash();
-
-int		X509_subject_name_cmp();
-unsigned long	X509_subject_name_hash();
-
-int		X509_NAME_cmp ();
-unsigned long	X509_NAME_hash();
-
-int		X509_CRL_cmp();
-#ifndef NO_FP_API
-int		X509_print_fp();
-int		X509_REQ_print_fp();
-#endif
-
-int		X509_NAME_print();
-int		X509_print();
-int		X509_REQ_print();
-
-int 		X509_NAME_entry_count();
-int 		X509_NAME_get_text_by_NID();
-int		X509_NAME_get_text_by_OBJ();
-
-int 		X509_NAME_get_index_by_NID();
-int 		X509_NAME_get_index_by_OBJ();
-X509_NAME_ENTRY *X509_NAME_get_entry();
-X509_NAME_ENTRY *X509_NAME_delete_entry();
-int 		X509_NAME_add_entry();
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID();
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ();
-int 		X509_NAME_ENTRY_set_object();
-int 		X509_NAME_ENTRY_set_data();
-ASN1_OBJECT *	X509_NAME_ENTRY_get_object();
-ASN1_STRING *	X509_NAME_ENTRY_get_data();
-
-int		X509v3_get_ext_count();
-int		X509v3_get_ext_by_NID();
-int		X509v3_get_ext_by_OBJ();
-int		X509v3_get_ext_by_critical();
-X509_EXTENSION *X509v3_get_ext();
-X509_EXTENSION *X509v3_delete_ext();
-STACK *		X509v3_add_ext();
-
-int		X509v3_data_type_by_OBJ();
-int		X509v3_data_type_by_NID();
-int		X509v3_pack_type_by_OBJ();
-int		X509v3_pack_type_by_NID();
-
-int		X509_get_ext_count();
-int		X509_get_ext_by_NID();
-int		X509_get_ext_by_OBJ();
-int		X509_get_ext_by_critical();
-X509_EXTENSION *X509_get_ext();
-X509_EXTENSION *X509_delete_ext();
-int		X509_add_ext();
-
-int		X509_CRL_get_ext_count();
-int		X509_CRL_get_ext_by_NID();
-int		X509_CRL_get_ext_by_OBJ();
-int		X509_CRL_get_ext_by_critical();
-X509_EXTENSION *X509_CRL_get_ext();
-X509_EXTENSION *X509_CRL_delete_ext();
-int		X509_CRL_add_ext();
-
-int		X509_REVOKED_get_ext_count();
-int		X509_REVOKED_get_ext_by_NID();
-int		X509_REVOKED_get_ext_by_OBJ();
-int		X509_REVOKED_get_ext_by_critical();
-X509_EXTENSION *X509_REVOKED_get_ext();
-X509_EXTENSION *X509_REVOKED_delete_ext();
-int		X509_REVOKED_add_ext();
-
-X509_EXTENSION *X509_EXTENSION_create_by_NID();
-X509_EXTENSION *X509_EXTENSION_create_by_OBJ();
-int		X509_EXTENSION_set_object();
-int		X509_EXTENSION_set_critical();
-int		X509_EXTENSION_set_data();
-ASN1_OBJECT *	X509_EXTENSION_get_object();
-ASN1_OCTET_STRING *X509_EXTENSION_get_data();
-int		X509_EXTENSION_get_critical();
-ASN1_OCTET_STRING *X509v3_pack_string();
-ASN1_STRING *	X509v3_unpack_string();
-
-int		X509_verify_cert();
-char *          X509_verify_cert_error_string();
-
-/* lookup a cert from a X509 STACK */
-X509 *X509_find_by_issuer_and_serial();
-X509 *X509_find_by_subject();
-
-#endif
+X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk,X509_NAME *name,
+				     ASN1_INTEGER *serial);
+X509 *X509_find_by_subject(STACK_OF(X509) *sk,X509_NAME *name);
+
+int i2d_PBEPARAM(PBEPARAM *a, unsigned char **pp);
+PBEPARAM *PBEPARAM_new(void);
+PBEPARAM *d2i_PBEPARAM(PBEPARAM **a, unsigned char **pp, long length);
+void PBEPARAM_free(PBEPARAM *a);
+X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen);
+X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
+					 unsigned char *salt, int saltlen);
+
+int i2d_PBKDF2PARAM(PBKDF2PARAM *a, unsigned char **pp);
+PBKDF2PARAM *PBKDF2PARAM_new(void);
+PBKDF2PARAM *d2i_PBKDF2PARAM(PBKDF2PARAM **a, unsigned char **pp, long length);
+void PBKDF2PARAM_free(PBKDF2PARAM *a);
+
+int i2d_PBE2PARAM(PBE2PARAM *a, unsigned char **pp);
+PBE2PARAM *PBE2PARAM_new(void);
+PBE2PARAM *d2i_PBE2PARAM(PBE2PARAM **a, unsigned char **pp, long length);
+void PBE2PARAM_free(PBE2PARAM *a);
+
+/* PKCS#8 utilities */
+
+int i2d_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO *a, unsigned char **pp);
+PKCS8_PRIV_KEY_INFO *PKCS8_PRIV_KEY_INFO_new(void);
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO **a,
+					 unsigned char **pp, long length);
+void PKCS8_PRIV_KEY_INFO_free(PKCS8_PRIV_KEY_INFO *a);
+
+EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8);
+PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
+PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);
 
 /* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
 /* Error codes for the X509 functions. */
 
 /* Function codes. */
@@ -1106,9 +941,7 @@ X509 *X509_find_by_subject();
 #define X509_F_DIR_CTRL					 102
 #define X509_F_GET_CERT_BY_SUBJECT			 103
 #define X509_F_X509V3_ADD_EXT				 104
-#define X509_F_X509V3_ADD_EXTENSION			 105
-#define X509_F_X509V3_PACK_STRING			 106
-#define X509_F_X509V3_UNPACK_STRING			 107
+#define X509_F_X509_CHECK_PRIVATE_KEY			 128
 #define X509_F_X509_EXTENSION_CREATE_BY_NID		 108
 #define X509_F_X509_EXTENSION_CREATE_BY_OBJ		 109
 #define X509_F_X509_GET_PUBKEY_PARAMETERS		 110
@@ -1132,19 +965,23 @@ X509 *X509_find_by_subject();
 
 /* Reason codes. */
 #define X509_R_BAD_X509_FILETYPE			 100
+#define X509_R_CANT_CHECK_DH_KEY			 114
 #define X509_R_CERT_ALREADY_IN_HASH_TABLE		 101
 #define X509_R_ERR_ASN1_LIB				 102
+#define X509_R_INVALID_DIRECTORY			 113
+#define X509_R_KEY_TYPE_MISMATCH			 115
+#define X509_R_KEY_VALUES_MISMATCH			 116
 #define X509_R_LOADING_CERT_DIR				 103
 #define X509_R_LOADING_DEFAULTS				 104
 #define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY		 105
 #define X509_R_SHOULD_RETRY				 106
 #define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN	 107
 #define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY		 108
+#define X509_R_UNKNOWN_KEY_TYPE				 117
 #define X509_R_UNKNOWN_NID				 109
-#define X509_R_UNKNOWN_STRING_TYPE			 110
 #define X509_R_UNSUPPORTED_ALGORITHM			 111
 #define X509_R_WRONG_LOOKUP_TYPE			 112
- 
+
 #ifdef  __cplusplus
 }
 #endif
diff --git a/lib/libssl/src/crypto/x509/x509_cmp.c b/lib/libssl/src/crypto/x509/x509_cmp.c
index f9d9510ac50..9a93bae3ff3 100644
--- a/lib/libssl/src/crypto/x509/x509_cmp.c
+++ b/lib/libssl/src/crypto/x509/x509_cmp.c
@@ -60,13 +60,11 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include "cryptlib.h"
-#include "asn1.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
-int X509_issuer_and_serial_cmp(a,b)
-X509 *a;
-X509 *b;
+int X509_issuer_and_serial_cmp(X509 *a, X509 *b)
 	{
 	int i;
 	X509_CINF *ai,*bi;
@@ -79,8 +77,7 @@ X509 *b;
 	}
 
 #ifndef NO_MD5
-unsigned long X509_issuer_and_serial_hash(a)
-X509 *a;
+unsigned long X509_issuer_and_serial_hash(X509 *a)
 	{
 	unsigned long ret=0;
 	MD5_CTX ctx;
@@ -101,70 +98,59 @@ X509 *a;
 	}
 #endif
 	
-int X509_issuer_name_cmp(a, b)
-X509 *a;
-X509 *b;
+int X509_issuer_name_cmp(X509 *a, X509 *b)
 	{
 	return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer));
 	}
 
-int X509_subject_name_cmp(a, b)
-X509 *a;
-X509 *b;
+int X509_subject_name_cmp(X509 *a, X509 *b)
 	{
 	return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject));
 	}
 
-int X509_CRL_cmp(a, b)
-X509_CRL *a;
-X509_CRL *b;
+int X509_CRL_cmp(X509_CRL *a, X509_CRL *b)
 	{
 	return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer));
 	}
 
-X509_NAME *X509_get_issuer_name(a)
-X509 *a;
+X509_NAME *X509_get_issuer_name(X509 *a)
 	{
 	return(a->cert_info->issuer);
 	}
 
-unsigned long X509_issuer_name_hash(x)
-X509 *x;
+unsigned long X509_issuer_name_hash(X509 *x)
 	{
 	return(X509_NAME_hash(x->cert_info->issuer));
 	}
 
-X509_NAME *X509_get_subject_name(a)
-X509 *a;
+X509_NAME *X509_get_subject_name(X509 *a)
 	{
 	return(a->cert_info->subject);
 	}
 
-ASN1_INTEGER *X509_get_serialNumber(a)
-X509 *a;
+ASN1_INTEGER *X509_get_serialNumber(X509 *a)
 	{
 	return(a->cert_info->serialNumber);
 	}
 
-unsigned long X509_subject_name_hash(x)
-X509 *x;
+unsigned long X509_subject_name_hash(X509 *x)
 	{
 	return(X509_NAME_hash(x->cert_info->subject));
 	}
 
-int X509_NAME_cmp(a, b)
-X509_NAME *a;
-X509_NAME *b;
+int X509_NAME_cmp(X509_NAME *a, X509_NAME *b)
 	{
 	int i,j;
 	X509_NAME_ENTRY *na,*nb;
 
-	if (sk_num(a->entries) != sk_num(b->entries))
-		return(sk_num(a->entries)-sk_num(b->entries));
-	for (i=sk_num(a->entries)-1; i>=0; i--)
+	if (sk_X509_NAME_ENTRY_num(a->entries)
+	    != sk_X509_NAME_ENTRY_num(b->entries))
+		return sk_X509_NAME_ENTRY_num(a->entries)
+		  -sk_X509_NAME_ENTRY_num(b->entries);
+	for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
 		{
-		na=(X509_NAME_ENTRY *)sk_value(a->entries,i);
-		nb=(X509_NAME_ENTRY *)sk_value(b->entries,i);
+		na=sk_X509_NAME_ENTRY_value(a->entries,i);
+		nb=sk_X509_NAME_ENTRY_value(b->entries,i);
 		j=na->value->length-nb->value->length;
 		if (j) return(j);
 		j=memcmp(na->value->data,nb->value->data,
@@ -177,10 +163,10 @@ X509_NAME *b;
 	/* We will check the object types after checking the values
 	 * since the values will more often be different than the object
 	 * types. */
-	for (i=sk_num(a->entries)-1; i>=0; i--)
+	for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
 		{
-		na=(X509_NAME_ENTRY *)sk_value(a->entries,i);
-		nb=(X509_NAME_ENTRY *)sk_value(b->entries,i);
+		na=sk_X509_NAME_ENTRY_value(a->entries,i);
+		nb=sk_X509_NAME_ENTRY_value(b->entries,i);
 		j=OBJ_cmp(na->object,nb->object);
 		if (j) return(j);
 		}
@@ -190,8 +176,7 @@ X509_NAME *b;
 #ifndef NO_MD5
 /* I now DER encode the name and hash it.  Since I cache the DER encoding,
  * this is reasonably effiecent. */
-unsigned long X509_NAME_hash(x)
-X509_NAME *x;
+unsigned long X509_NAME_hash(X509_NAME *x)
 	{
 	unsigned long ret=0;
 	unsigned char md[16];
@@ -217,10 +202,8 @@ X509_NAME *x;
 #endif
 
 /* Search a stack of X509 for a match */
-X509 *X509_find_by_issuer_and_serial(sk,name,serial)
-STACK *sk;
-X509_NAME *name;
-ASN1_INTEGER *serial;
+X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
+		ASN1_INTEGER *serial)
 	{
 	int i;
 	X509_CINF cinf;
@@ -230,28 +213,81 @@ ASN1_INTEGER *serial;
 	cinf.serialNumber=serial;
 	cinf.issuer=name;
 
-	for (i=0; i<sk_num(sk); i++)
+	for (i=0; i<sk_X509_num(sk); i++)
 		{
-		x509=(X509 *)sk_value(sk,i);
+		x509=sk_X509_value(sk,i);
 		if (X509_issuer_and_serial_cmp(x509,&x) == 0)
 			return(x509);
 		}
 	return(NULL);
 	}
 
-X509 *X509_find_by_subject(sk,name)
-STACK *sk;
-X509_NAME *name;
+X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name)
 	{
 	X509 *x509;
 	int i;
 
-	for (i=0; i<sk_num(sk); i++)
+	for (i=0; i<sk_X509_num(sk); i++)
 		{
-		x509=(X509 *)sk_value(sk,i);
+		x509=sk_X509_value(sk,i);
 		if (X509_NAME_cmp(X509_get_subject_name(x509),name) == 0)
 			return(x509);
 		}
 	return(NULL);
 	}
 
+EVP_PKEY *X509_get_pubkey(X509 *x)
+	{
+	if ((x == NULL) || (x->cert_info == NULL))
+		return(NULL);
+	return(X509_PUBKEY_get(x->cert_info->key));
+	}
+
+int X509_check_private_key(X509 *x, EVP_PKEY *k)
+	{
+	EVP_PKEY *xk=NULL;
+	int ok=0;
+
+	xk=X509_get_pubkey(x);
+	if (xk->type != k->type)
+	    {
+	    X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
+	    goto err;
+	    }
+	switch (k->type)
+		{
+#ifndef NO_RSA
+	case EVP_PKEY_RSA:
+		if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0
+		    || BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0)
+		    {
+		    X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
+		    goto err;
+		    }
+		break;
+#endif
+#ifndef NO_DSA
+	case EVP_PKEY_DSA:
+		if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0)
+		    {
+		    X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
+		    goto err;
+		    }
+		break;
+#endif
+#ifndef NO_DH
+	case EVP_PKEY_DH:
+		/* No idea */
+	        X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
+		goto err;
+#endif
+	default:
+	        X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
+		goto err;
+		}
+
+	ok=1;
+err:
+	EVP_PKEY_free(xk);
+	return(ok);
+	}
diff --git a/lib/libssl/src/crypto/x509/x509_d2.c b/lib/libssl/src/crypto/x509/x509_d2.c
index 01e22f4cb42..3e7ec5b4326 100644
--- a/lib/libssl/src/crypto/x509/x509_d2.c
+++ b/lib/libssl/src/crypto/x509/x509_d2.c
@@ -60,12 +60,11 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include "cryptlib.h"
-#include "crypto.h"
-#include "x509.h"
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
 
 #ifndef NO_STDIO
-int X509_STORE_set_default_paths(ctx)
-X509_STORE *ctx;
+int X509_STORE_set_default_paths(X509_STORE *ctx)
 	{
 	X509_LOOKUP *lookup;
 
@@ -83,10 +82,8 @@ X509_STORE *ctx;
 	return(1);
 	}
 
-int X509_STORE_load_locations(ctx,file,path)
-X509_STORE *ctx;
-char *file;
-char *path;
+int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
+		const char *path)
 	{
 	X509_LOOKUP *lookup;
 
diff --git a/lib/libssl/src/crypto/x509/x509_def.c b/lib/libssl/src/crypto/x509/x509_def.c
index d9ab39b15af..c4bee715698 100644
--- a/lib/libssl/src/crypto/x509/x509_def.c
+++ b/lib/libssl/src/crypto/x509/x509_def.c
@@ -60,24 +60,24 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include "cryptlib.h"
-#include "crypto.h"
-#include "x509.h"
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
 
-char *X509_get_default_private_dir()
+const char *X509_get_default_private_dir(void)
 	{ return(X509_PRIVATE_DIR); }
 	
-char *X509_get_default_cert_area()
+const char *X509_get_default_cert_area(void)
 	{ return(X509_CERT_AREA); }
 
-char *X509_get_default_cert_dir()
+const char *X509_get_default_cert_dir(void)
 	{ return(X509_CERT_DIR); }
 
-char *X509_get_default_cert_file()
+const char *X509_get_default_cert_file(void)
 	{ return(X509_CERT_FILE); }
 
-char *X509_get_default_cert_dir_env()
+const char *X509_get_default_cert_dir_env(void)
 	{ return(X509_CERT_DIR_EVP); }
 
-char *X509_get_default_cert_file_env()
+const char *X509_get_default_cert_file_env(void)
 	{ return(X509_CERT_FILE_EVP); }
 
diff --git a/lib/libssl/src/crypto/x509/x509_err.c b/lib/libssl/src/crypto/x509/x509_err.c
index 9304721612f..9afd4ccde5f 100644
--- a/lib/libssl/src/crypto/x509/x509_err.c
+++ b/lib/libssl/src/crypto/x509/x509_err.c
@@ -1,63 +1,65 @@
-/* lib/x509/x509_err.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* crypto/x509/x509_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
+ */
+
 #include <stdio.h>
-#include "err.h"
-#include "x509.h"
+#include <openssl/err.h>
+#include <openssl/x509.h>
 
 /* BEGIN ERROR CODES */
 #ifndef NO_ERR
@@ -68,14 +70,12 @@ static ERR_STRING_DATA X509_str_functs[]=
 {ERR_PACK(0,X509_F_DIR_CTRL,0),	"DIR_CTRL"},
 {ERR_PACK(0,X509_F_GET_CERT_BY_SUBJECT,0),	"GET_CERT_BY_SUBJECT"},
 {ERR_PACK(0,X509_F_X509V3_ADD_EXT,0),	"X509v3_add_ext"},
-{ERR_PACK(0,X509_F_X509V3_ADD_EXTENSION,0),	"X509V3_ADD_EXTENSION"},
-{ERR_PACK(0,X509_F_X509V3_PACK_STRING,0),	"X509v3_pack_string"},
-{ERR_PACK(0,X509_F_X509V3_UNPACK_STRING,0),	"X509v3_unpack_string"},
+{ERR_PACK(0,X509_F_X509_CHECK_PRIVATE_KEY,0),	"X509_check_private_key"},
 {ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_NID,0),	"X509_EXTENSION_create_by_NID"},
 {ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_OBJ,0),	"X509_EXTENSION_create_by_OBJ"},
 {ERR_PACK(0,X509_F_X509_GET_PUBKEY_PARAMETERS,0),	"X509_get_pubkey_parameters"},
-{ERR_PACK(0,X509_F_X509_LOAD_CERT_FILE,0),	"X509_LOAD_CERT_FILE"},
-{ERR_PACK(0,X509_F_X509_LOAD_CRL_FILE,0),	"X509_LOAD_CRL_FILE"},
+{ERR_PACK(0,X509_F_X509_LOAD_CERT_FILE,0),	"X509_load_cert_file"},
+{ERR_PACK(0,X509_F_X509_LOAD_CRL_FILE,0),	"X509_load_crl_file"},
 {ERR_PACK(0,X509_F_X509_NAME_ADD_ENTRY,0),	"X509_NAME_add_entry"},
 {ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_NID,0),	"X509_NAME_ENTRY_create_by_NID"},
 {ERR_PACK(0,X509_F_X509_NAME_ENTRY_SET_OBJECT,0),	"X509_NAME_ENTRY_set_object"},
@@ -87,39 +87,43 @@ static ERR_STRING_DATA X509_str_functs[]=
 {ERR_PACK(0,X509_F_X509_REQ_PRINT,0),	"X509_REQ_print"},
 {ERR_PACK(0,X509_F_X509_REQ_PRINT_FP,0),	"X509_REQ_print_fp"},
 {ERR_PACK(0,X509_F_X509_REQ_TO_X509,0),	"X509_REQ_to_X509"},
-{ERR_PACK(0,X509_F_X509_STORE_ADD_CERT,0),	"X509_STORE_ADD_CERT"},
-{ERR_PACK(0,X509_F_X509_STORE_ADD_CRL,0),	"X509_STORE_ADD_CRL"},
+{ERR_PACK(0,X509_F_X509_STORE_ADD_CERT,0),	"X509_STORE_add_cert"},
+{ERR_PACK(0,X509_F_X509_STORE_ADD_CRL,0),	"X509_STORE_add_crl"},
 {ERR_PACK(0,X509_F_X509_TO_X509_REQ,0),	"X509_to_X509_REQ"},
 {ERR_PACK(0,X509_F_X509_VERIFY_CERT,0),	"X509_verify_cert"},
-{0,NULL},
+{0,NULL}
 	};
 
 static ERR_STRING_DATA X509_str_reasons[]=
 	{
 {X509_R_BAD_X509_FILETYPE                ,"bad x509 filetype"},
+{X509_R_CANT_CHECK_DH_KEY                ,"cant check dh key"},
 {X509_R_CERT_ALREADY_IN_HASH_TABLE       ,"cert already in hash table"},
 {X509_R_ERR_ASN1_LIB                     ,"err asn1 lib"},
+{X509_R_INVALID_DIRECTORY                ,"invalid directory"},
+{X509_R_KEY_TYPE_MISMATCH                ,"key type mismatch"},
+{X509_R_KEY_VALUES_MISMATCH              ,"key values mismatch"},
 {X509_R_LOADING_CERT_DIR                 ,"loading cert dir"},
 {X509_R_LOADING_DEFAULTS                 ,"loading defaults"},
 {X509_R_NO_CERT_SET_FOR_US_TO_VERIFY     ,"no cert set for us to verify"},
 {X509_R_SHOULD_RETRY                     ,"should retry"},
 {X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN,"unable to find parameters in chain"},
 {X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY   ,"unable to get certs public key"},
+{X509_R_UNKNOWN_KEY_TYPE                 ,"unknown key type"},
 {X509_R_UNKNOWN_NID                      ,"unknown nid"},
-{X509_R_UNKNOWN_STRING_TYPE              ,"unknown string type"},
 {X509_R_UNSUPPORTED_ALGORITHM            ,"unsupported algorithm"},
 {X509_R_WRONG_LOOKUP_TYPE                ,"wrong lookup type"},
-{0,NULL},
+{0,NULL}
 	};
 
 #endif
 
-void ERR_load_X509_strings()
+void ERR_load_X509_strings(void)
 	{
 	static int init=1;
 
-	if (init);
-		{;
+	if (init)
+		{
 		init=0;
 #ifndef NO_ERR
 		ERR_load_strings(ERR_LIB_X509,X509_str_functs);
diff --git a/lib/libssl/src/crypto/x509/x509_ext.c b/lib/libssl/src/crypto/x509/x509_ext.c
index 1d76ecfcfdc..f8565a60b20 100644
--- a/lib/libssl/src/crypto/x509/x509_ext.c
+++ b/lib/libssl/src/crypto/x509/x509_ext.c
@@ -57,166 +57,118 @@
  */
 
 #include <stdio.h>
-#include "stack.h"
+#include <openssl/stack.h>
 #include "cryptlib.h"
-#include "asn1.h"
-#include "objects.h"
-#include "evp.h"
-#include "x509.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
 
-int X509_CRL_get_ext_count(x)
-X509_CRL *x;
+int X509_CRL_get_ext_count(X509_CRL *x)
 	{
 	return(X509v3_get_ext_count(x->crl->extensions));
 	}
 
-int X509_CRL_get_ext_by_NID(x,nid,lastpos)
-X509_CRL *x;
-int nid;
-int lastpos;
+int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos)
 	{
 	return(X509v3_get_ext_by_NID(x->crl->extensions,nid,lastpos));
 	}
 
-int X509_CRL_get_ext_by_OBJ(x,obj,lastpos)
-X509_CRL *x;
-ASN1_OBJECT *obj;
-int lastpos;
+int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos)
 	{
 	return(X509v3_get_ext_by_OBJ(x->crl->extensions,obj,lastpos));
 	}
 
-int X509_CRL_get_ext_by_critical(x,crit,lastpos)
-X509_CRL *x;
-int crit;
-int lastpos;
+int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos)
 	{
 	return(X509v3_get_ext_by_critical(x->crl->extensions,crit,lastpos));
 	}
 
-X509_EXTENSION *X509_CRL_get_ext(x,loc)
-X509_CRL *x;
-int loc;
+X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc)
 	{
 	return(X509v3_get_ext(x->crl->extensions,loc));
 	}
 
-X509_EXTENSION *X509_CRL_delete_ext(x,loc)
-X509_CRL *x;
-int loc;
+X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc)
 	{
 	return(X509v3_delete_ext(x->crl->extensions,loc));
 	}
 
-int X509_CRL_add_ext(x,ex,loc)
-X509_CRL *x;
-X509_EXTENSION *ex;
-int loc;
+int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc)
 	{
 	return(X509v3_add_ext(&(x->crl->extensions),ex,loc) != NULL);
 	}
 
-int X509_get_ext_count(x)
-X509 *x;
+int X509_get_ext_count(X509 *x)
 	{
 	return(X509v3_get_ext_count(x->cert_info->extensions));
 	}
 
-int X509_get_ext_by_NID(x,nid,lastpos)
-X509 *x;
-int nid;
-int lastpos;
+int X509_get_ext_by_NID(X509 *x, int nid, int lastpos)
 	{
 	return(X509v3_get_ext_by_NID(x->cert_info->extensions,nid,lastpos));
 	}
 
-int X509_get_ext_by_OBJ(x,obj,lastpos)
-X509 *x;
-ASN1_OBJECT *obj;
-int lastpos;
+int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos)
 	{
 	return(X509v3_get_ext_by_OBJ(x->cert_info->extensions,obj,lastpos));
 	}
 
-int X509_get_ext_by_critical(x,crit,lastpos)
-X509 *x;
-int crit;
-int lastpos;
+int X509_get_ext_by_critical(X509 *x, int crit, int lastpos)
 	{
 	return(X509v3_get_ext_by_critical(x->cert_info->extensions,crit,lastpos));
 	}
 
-X509_EXTENSION *X509_get_ext(x,loc)
-X509 *x;
-int loc;
+X509_EXTENSION *X509_get_ext(X509 *x, int loc)
 	{
 	return(X509v3_get_ext(x->cert_info->extensions,loc));
 	}
 
-X509_EXTENSION *X509_delete_ext(x,loc)
-X509 *x;
-int loc;
+X509_EXTENSION *X509_delete_ext(X509 *x, int loc)
 	{
 	return(X509v3_delete_ext(x->cert_info->extensions,loc));
 	}
 
-int X509_add_ext(x,ex,loc)
-X509 *x;
-X509_EXTENSION *ex;
-int loc;
+int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc)
 	{
 	return(X509v3_add_ext(&(x->cert_info->extensions),ex,loc) != NULL);
 	}
 
-int X509_REVOKED_get_ext_count(x)
-X509_REVOKED *x;
+int X509_REVOKED_get_ext_count(X509_REVOKED *x)
 	{
 	return(X509v3_get_ext_count(x->extensions));
 	}
 
-int X509_REVOKED_get_ext_by_NID(x,nid,lastpos)
-X509_REVOKED *x;
-int nid;
-int lastpos;
+int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos)
 	{
 	return(X509v3_get_ext_by_NID(x->extensions,nid,lastpos));
 	}
 
-int X509_REVOKED_get_ext_by_OBJ(x,obj,lastpos)
-X509_REVOKED *x;
-ASN1_OBJECT *obj;
-int lastpos;
+int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj,
+	     int lastpos)
 	{
 	return(X509v3_get_ext_by_OBJ(x->extensions,obj,lastpos));
 	}
 
-int X509_REVOKED_get_ext_by_critical(x,crit,lastpos)
-X509_REVOKED *x;
-int crit;
-int lastpos;
+int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos)
 	{
 	return(X509v3_get_ext_by_critical(x->extensions,crit,lastpos));
 	}
 
-X509_EXTENSION *X509_REVOKED_get_ext(x,loc)
-X509_REVOKED *x;
-int loc;
+X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc)
 	{
 	return(X509v3_get_ext(x->extensions,loc));
 	}
 
-X509_EXTENSION *X509_REVOKED_delete_ext(x,loc)
-X509_REVOKED *x;
-int loc;
+X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc)
 	{
 	return(X509v3_delete_ext(x->extensions,loc));
 	}
 
-int X509_REVOKED_add_ext(x,ex,loc)
-X509_REVOKED *x;
-X509_EXTENSION *ex;
-int loc;
+int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc)
 	{
 	return(X509v3_add_ext(&(x->extensions),ex,loc) != NULL);
 	}
 
+IMPLEMENT_STACK_OF(X509_EXTENSION)
+IMPLEMENT_ASN1_SET_OF(X509_EXTENSION)
diff --git a/lib/libssl/src/crypto/x509/x509_lu.c b/lib/libssl/src/crypto/x509/x509_lu.c
index 2c7e10a46e3..18bfecb11ed 100644
--- a/lib/libssl/src/crypto/x509/x509_lu.c
+++ b/lib/libssl/src/crypto/x509/x509_lu.c
@@ -58,14 +58,13 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "lhash.h"
-#include "x509.h"
+#include <openssl/lhash.h>
+#include <openssl/x509.h>
 
 static STACK *x509_store_meth=NULL;
 static STACK *x509_store_ctx_meth=NULL;
 
-X509_LOOKUP *X509_LOOKUP_new(method)
-X509_LOOKUP_METHOD *method;
+X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
 	{
 	X509_LOOKUP *ret;
 
@@ -85,8 +84,7 @@ X509_LOOKUP_METHOD *method;
 	return(ret);
 	}
 
-void X509_LOOKUP_free(ctx)
-X509_LOOKUP *ctx;
+void X509_LOOKUP_free(X509_LOOKUP *ctx)
 	{
 	if (ctx == NULL) return;
 	if (	(ctx->method != NULL) &&
@@ -95,8 +93,7 @@ X509_LOOKUP *ctx;
 	Free(ctx);
 	}
 
-int X509_LOOKUP_init(ctx)
-X509_LOOKUP *ctx;
+int X509_LOOKUP_init(X509_LOOKUP *ctx)
 	{
 	if (ctx->method == NULL) return(0);
 	if (ctx->method->init != NULL)
@@ -105,22 +102,17 @@ X509_LOOKUP *ctx;
 		return(1);
 	}
 
-int X509_LOOKUP_shutdown(ctx)
-X509_LOOKUP *ctx;
+int X509_LOOKUP_shutdown(X509_LOOKUP *ctx)
 	{
 	if (ctx->method == NULL) return(0);
-	if (ctx->method->init != NULL)
+	if (ctx->method->shutdown != NULL)
 		return(ctx->method->shutdown(ctx));
 	else
 		return(1);
 	}
 
-int X509_LOOKUP_ctrl(ctx,cmd,argc,argl,ret)
-X509_LOOKUP *ctx;
-int cmd;
-char *argc;
-long argl;
-char **ret;
+int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
+	     char **ret)
 	{
 	if (ctx->method == NULL) return(-1);
 	if (ctx->method->ctrl != NULL)
@@ -129,11 +121,8 @@ char **ret;
 		return(1);
 	}
 
-int X509_LOOKUP_by_subject(ctx,type,name,ret)
-X509_LOOKUP *ctx;
-int type;
-X509_NAME *name;
-X509_OBJECT *ret;
+int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
+	     X509_OBJECT *ret)
 	{
 	if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))
 		return(X509_LU_FAIL);
@@ -141,12 +130,8 @@ X509_OBJECT *ret;
 	return(ctx->method->get_by_subject(ctx,type,name,ret));
 	}
 
-int X509_LOOKUP_by_issuer_serial(ctx,type,name,serial,ret)
-X509_LOOKUP *ctx;
-int type;
-X509_NAME *name;
-ASN1_INTEGER *serial;
-X509_OBJECT *ret;
+int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
+	     ASN1_INTEGER *serial, X509_OBJECT *ret)
 	{
 	if ((ctx->method == NULL) ||
 		(ctx->method->get_by_issuer_serial == NULL))
@@ -154,32 +139,23 @@ X509_OBJECT *ret;
 	return(ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret));
 	}
 
-int X509_LOOKUP_by_fingerprint(ctx,type,bytes,len,ret)
-X509_LOOKUP *ctx;
-int type;
-unsigned char *bytes;
-int len;
-X509_OBJECT *ret;
+int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
+	     unsigned char *bytes, int len, X509_OBJECT *ret)
 	{
 	if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
 		return(X509_LU_FAIL);
 	return(ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret));
 	}
 
-int X509_LOOKUP_by_alias(ctx,type,str,len,ret)
-X509_LOOKUP *ctx;
-int type;
-char *str;
-int len;
-X509_OBJECT *ret;
+int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,
+	     X509_OBJECT *ret)
 	{
 	if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
 		return(X509_LU_FAIL);
-	return(ctx->method->get_by_alias(ctx,str,len,ret));
+	return(ctx->method->get_by_alias(ctx,type,str,len,ret));
 	}
 
-static unsigned long x509_object_hash(a)
-X509_OBJECT *a;
+static unsigned long x509_object_hash(X509_OBJECT *a)
 	{
 	unsigned long h;
 
@@ -197,8 +173,7 @@ X509_OBJECT *a;
 	return(h);
 	}
 
-static int x509_object_cmp(a,b)
-X509_OBJECT *a,*b;
+static int x509_object_cmp(X509_OBJECT *a, X509_OBJECT *b)
 	{
 	int ret;
 
@@ -218,7 +193,7 @@ X509_OBJECT *a,*b;
 	return(ret);
 	}
 
-X509_STORE *X509_STORE_new()
+X509_STORE *X509_STORE_new(void)
 	{
 	X509_STORE *ret;
 
@@ -226,16 +201,16 @@ X509_STORE *X509_STORE_new()
 		return(NULL);
 	ret->certs=lh_new(x509_object_hash,x509_object_cmp);
 	ret->cache=1;
-	ret->get_cert_methods=sk_new_null();
+	ret->get_cert_methods=sk_X509_LOOKUP_new_null();
 	ret->verify=NULL;
 	ret->verify_cb=NULL;
 	memset(&ret->ex_data,0,sizeof(CRYPTO_EX_DATA));
 	ret->references=1;
+	ret->depth=0;
 	return(ret);
 	}
 
-static void cleanup(a)
-X509_OBJECT *a;
+static void cleanup(X509_OBJECT *a)
 	{
 	if (a->type == X509_LU_X509)
 		{
@@ -251,21 +226,23 @@ X509_OBJECT *a;
 	Free(a);
 	}
 
-void X509_STORE_free(vfy)
-X509_STORE *vfy;
+void X509_STORE_free(X509_STORE *vfy)
 	{
 	int i;
-	STACK *sk;
+	STACK_OF(X509_LOOKUP) *sk;
 	X509_LOOKUP *lu;
 
+	if(vfy == NULL)
+	    return;
+
 	sk=vfy->get_cert_methods;
-	for (i=0; i<sk_num(sk); i++)
+	for (i=0; i<sk_X509_LOOKUP_num(sk); i++)
 		{
-		lu=(X509_LOOKUP *)sk_value(sk,i);
+		lu=sk_X509_LOOKUP_value(sk,i);
 		X509_LOOKUP_shutdown(lu);
 		X509_LOOKUP_free(lu);
 		}
-	sk_free(sk);
+	sk_X509_LOOKUP_free(sk);
 
 	CRYPTO_free_ex_data(x509_store_meth,(char *)vfy,&vfy->ex_data);
 	lh_doall(vfy->certs,cleanup);
@@ -273,18 +250,16 @@ X509_STORE *vfy;
 	Free(vfy);
 	}
 
-X509_LOOKUP *X509_STORE_add_lookup(v,m)
-X509_STORE *v;
-X509_LOOKUP_METHOD *m;
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
 	{
 	int i;
-	STACK *sk;
+	STACK_OF(X509_LOOKUP) *sk;
 	X509_LOOKUP *lu;
 
 	sk=v->get_cert_methods;
-	for (i=0; i<sk_num(sk); i++)
+	for (i=0; i<sk_X509_LOOKUP_num(sk); i++)
 		{
-		lu=(X509_LOOKUP *)sk_value(sk,i);
+		lu=sk_X509_LOOKUP_value(sk,i);
 		if (m == lu->method)
 			{
 			return(lu);
@@ -297,7 +272,7 @@ X509_LOOKUP_METHOD *m;
 	else
 		{
 		lu->store_ctx=v;
-		if (sk_push(v->get_cert_methods,(char *)lu))
+		if (sk_X509_LOOKUP_push(v->get_cert_methods,lu))
 			return(lu);
 		else
 			{
@@ -307,24 +282,21 @@ X509_LOOKUP_METHOD *m;
 		}
 	}
 
-int X509_STORE_get_by_subject(vs,type,name,ret)
-X509_STORE_CTX *vs;
-int type;
-X509_NAME *name;
-X509_OBJECT *ret;
+int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
+	     X509_OBJECT *ret)
 	{
 	X509_STORE *ctx=vs->ctx;
 	X509_LOOKUP *lu;
 	X509_OBJECT stmp,*tmp;
 	int i,j;
 
-	tmp=X509_OBJECT_retrive_by_subject(ctx->certs,type,name);
+	tmp=X509_OBJECT_retrieve_by_subject(ctx->certs,type,name);
 
 	if (tmp == NULL)
 		{
-		for (i=vs->current_method; i<sk_num(ctx->get_cert_methods); i++)
+		for (i=vs->current_method; i<sk_X509_LOOKUP_num(ctx->get_cert_methods); i++)
 			{
-			lu=(X509_LOOKUP *)sk_value(ctx->get_cert_methods,i);
+			lu=sk_X509_LOOKUP_value(ctx->get_cert_methods,i);
 			j=X509_LOOKUP_by_subject(lu,type,name,&stmp);
 			if (j < 0)
 				{
@@ -353,8 +325,7 @@ X509_OBJECT *ret;
 	return(1);
 	}
 
-void X509_OBJECT_up_ref_count(a)
-X509_OBJECT *a;
+void X509_OBJECT_up_ref_count(X509_OBJECT *a)
 	{
 	switch (a->type)
 		{
@@ -367,8 +338,7 @@ X509_OBJECT *a;
 		}
 	}
 
-void X509_OBJECT_free_contents(a)
-X509_OBJECT *a;
+void X509_OBJECT_free_contents(X509_OBJECT *a)
 	{
 	switch (a->type)
 		{
@@ -381,10 +351,8 @@ X509_OBJECT *a;
 		}
 	}
 
-X509_OBJECT *X509_OBJECT_retrive_by_subject(h,type,name)
-LHASH *h;
-int type;
-X509_NAME *name;
+X509_OBJECT *X509_OBJECT_retrieve_by_subject(LHASH *h, int type,
+	     X509_NAME *name)
 	{
 	X509_OBJECT stmp,*tmp;
 	X509 x509_s;
@@ -413,11 +381,8 @@ X509_NAME *name;
 	return(tmp);
 	}
 
-void X509_STORE_CTX_init(ctx,store,x509,chain)
-X509_STORE_CTX *ctx;
-X509_STORE *store;
-X509 *x509;
-STACK *chain;
+void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
+	     STACK_OF(X509) *chain)
 	{
 	ctx->ctx=store;
 	ctx->current_method=0;
@@ -426,21 +391,21 @@ STACK *chain;
 	ctx->last_untrusted=0;
 	ctx->valid=0;
 	ctx->chain=NULL;
-	ctx->depth=10;
+	ctx->depth=9;
 	ctx->error=0;
 	ctx->current_cert=NULL;
 	memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA));
 	}
 
-void X509_STORE_CTX_cleanup(ctx)
-X509_STORE_CTX *ctx;
+void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
 	{
 	if (ctx->chain != NULL)
 		{
-		sk_pop_free(ctx->chain,X509_free);
+		sk_X509_pop_free(ctx->chain,X509_free);
 		ctx->chain=NULL;
 		}
 	CRYPTO_free_ex_data(x509_store_ctx_meth,(char *)ctx,&(ctx->ex_data));
 	memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
 	}
 
+IMPLEMENT_STACK_OF(X509_LOOKUP)
diff --git a/lib/libssl/src/crypto/x509/x509_obj.c b/lib/libssl/src/crypto/x509/x509_obj.c
index c0576fd6f6f..691b71f0315 100644
--- a/lib/libssl/src/crypto/x509/x509_obj.c
+++ b/lib/libssl/src/crypto/x509/x509_obj.c
@@ -58,27 +58,27 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "lhash.h"
-#include "objects.h"
-#include "x509.h"
-#include "buffer.h"
+#include <openssl/lhash.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/buffer.h>
 
-char *X509_NAME_oneline(a,buf,len)
-X509_NAME *a;
-char *buf;
-int len;
+char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
 	{
 	X509_NAME_ENTRY *ne;
-	unsigned int i;
+int i;
 	int n,lold,l,l1,l2,num,j,type;
-	char *s,*p;
+	const char *s;
+	char *p;
 	unsigned char *q;
 	BUF_MEM *b=NULL;
 	static char hex[17]="0123456789ABCDEF";
 	int gs_doit[4];
 	char tmp_buf[80];
+#ifdef CHARSET_EBCDIC
+	char ebcdic_buf[1024];
+#endif
 
-	if (a == NULL) return("NO X509_NAME");
 	if (buf == NULL)
 		{
 		if ((b=BUF_MEM_new()) == NULL) goto err;
@@ -86,12 +86,22 @@ int len;
 		b->data[0]='\0';
 		len=200;
 		}
+	if (a == NULL)
+	    {
+	    if(b)
+		{
+		buf=b->data;
+		Free(b);
+		}
+	    strncpy(buf,"NO X509_NAME",len);
+	    return buf;
+	    }
 
 	len--; /* space for '\0' */
 	l=0;
-	for (i=0; (int)i<sk_num(a->entries); i++)
+	for (i=0; i<sk_X509_NAME_ENTRY_num(a->entries); i++)
 		{
-		ne=(X509_NAME_ENTRY *)sk_value(a->entries,i);
+		ne=sk_X509_NAME_ENTRY_value(a->entries,i);
 		n=OBJ_obj2nid(ne->object);
 		if ((n == NID_undef) || ((s=OBJ_nid2sn(n)) == NULL))
 			{
@@ -103,6 +113,19 @@ int len;
 		type=ne->value->type;
 		num=ne->value->length;
 		q=ne->value->data;
+#ifdef CHARSET_EBCDIC
+                if (type == V_ASN1_GENERALSTRING ||
+		    type == V_ASN1_VISIBLESTRING ||
+		    type == V_ASN1_PRINTABLESTRING ||
+		    type == V_ASN1_TELETEXSTRING ||
+		    type == V_ASN1_VISIBLESTRING ||
+		    type == V_ASN1_IA5STRING) {
+                        ascii2ebcdic(ebcdic_buf, q,
+				     (num > sizeof ebcdic_buf)
+				     ? sizeof ebcdic_buf : num);
+                        q=ebcdic_buf;
+		}
+#endif
 
 		if ((type == V_ASN1_GENERALSTRING) && ((num%4) == 0))
 			{
@@ -125,7 +148,12 @@ int len;
 			{
 			if (!gs_doit[j&3]) continue;
 			l2++;
+#ifndef CHARSET_EBCDIC
 			if ((q[j] < ' ') || (q[j] > '~')) l2+=3;
+#else
+			if ((os_toascii[q[j]] < os_toascii[' ']) ||
+			    (os_toascii[q[j]] > os_toascii['~'])) l2+=3;
+#endif
 			}
 
 		lold=l;
@@ -145,11 +173,14 @@ int len;
 		memcpy(p,s,(unsigned int)l1); p+=l1;
 		*(p++)='=';
 
+#ifndef CHARSET_EBCDIC /* q was assigned above already. */
 		q=ne->value->data;
+#endif
 
 		for (j=0; j<num; j++)
 			{
 			if (!gs_doit[j&3]) continue;
+#ifndef CHARSET_EBCDIC
 			n=q[j];
 			if ((n < ' ') || (n > '~'))
 				{
@@ -160,13 +191,26 @@ int len;
 				}
 			else
 				*(p++)=n;
+#else
+			n=os_toascii[q[j]];
+			if ((n < os_toascii[' ']) ||
+			    (n > os_toascii['~']))
+				{
+				*(p++)='\\';
+				*(p++)='x';
+				*(p++)=hex[(n>>4)&0x0f];
+				*(p++)=hex[n&0x0f];
+				}
+			else
+				*(p++)=q[j];
+#endif
 			}
 		*p='\0';
 		}
 	if (b != NULL)
 		{
 		p=b->data;
-		Free((char *)b);
+		Free(b);
 		}
 	else
 		p=buf;
diff --git a/lib/libssl/src/crypto/x509/x509_r2x.c b/lib/libssl/src/crypto/x509/x509_r2x.c
index 6aec2427f78..bb4697ae60d 100644
--- a/lib/libssl/src/crypto/x509/x509_r2x.c
+++ b/lib/libssl/src/crypto/x509/x509_r2x.c
@@ -58,22 +58,16 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "evp.h"
-#include "asn1.h"
-#include "x509.h"
-#include "objects.h"
-#include "buffer.h"
-#include "pem.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
 
-X509 *X509_REQ_to_X509(r,days,pkey)
-X509_REQ *r;
-int days;
-EVP_PKEY *pkey;
+X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
 	{
 	X509 *ret=NULL;
-	int er=1;
-	X509_REQ_INFO *ri=NULL;
 	X509_CINF *xi=NULL;
 	X509_NAME *xn;
 
@@ -84,13 +78,9 @@ EVP_PKEY *pkey;
 		}
 
 	/* duplicate the request */
-	ri=(X509_REQ_INFO *)ASN1_dup(i2d_X509_REQ_INFO,
-		(char *(*)())d2i_X509_REQ_INFO,(char *)r->req_info);
-	if (ri == NULL) goto err;
-
 	xi=ret->cert_info;
 
-	if (sk_num(ri->attributes) != 0)
+	if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0)
 		{
 		if ((xi->version=ASN1_INTEGER_new()) == NULL) goto err;
 		if (!ASN1_INTEGER_set(xi->version,2)) goto err;
@@ -109,13 +99,11 @@ EVP_PKEY *pkey;
 
 	if (!X509_sign(ret,pkey,EVP_md5()))
 		goto err;
-	er=0;
-err:
-	if (er)
+	if (0)
 		{
+err:
 		X509_free(ret);
-		X509_REQ_INFO_free(ri);
-		return(NULL);
+		ret=NULL;
 		}
 	return(ret);
 	}
diff --git a/lib/libssl/src/crypto/x509/x509_req.c b/lib/libssl/src/crypto/x509/x509_req.c
index 5004365bad4..2ef94decd14 100644
--- a/lib/libssl/src/crypto/x509/x509_req.c
+++ b/lib/libssl/src/crypto/x509/x509_req.c
@@ -58,22 +58,20 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "evp.h"
-#include "asn1.h"
-#include "x509.h"
-#include "objects.h"
-#include "buffer.h"
-#include "pem.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/pem.h>
 
-X509_REQ *X509_to_X509_REQ(x,pkey,md)
-X509 *x;
-EVP_PKEY *pkey;
-EVP_MD *md;
+X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, EVP_MD *md)
 	{
 	X509_REQ *ret;
 	X509_REQ_INFO *ri;
 	int i;
+	EVP_PKEY *pktmp;
 
 	ret=X509_REQ_new();
 	if (ret == NULL)
@@ -92,7 +90,9 @@ EVP_MD *md;
 	if (!X509_REQ_set_subject_name(ret,X509_get_subject_name(x)))
 		goto err;
 
-	i=X509_REQ_set_pubkey(ret,X509_get_pubkey(x));
+	pktmp = X509_get_pubkey(x);
+	i=X509_REQ_set_pubkey(ret,pktmp);
+	EVP_PKEY_free(pktmp);
 	if (!i) goto err;
 
 	if (pkey != NULL)
@@ -106,8 +106,7 @@ err:
 	return(NULL);
 	}
 
-EVP_PKEY *X509_REQ_get_pubkey(req)
-X509_REQ *req;
+EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)
 	{
 	if ((req == NULL) || (req->req_info == NULL))
 		return(NULL);
diff --git a/lib/libssl/src/crypto/x509/x509_set.c b/lib/libssl/src/crypto/x509/x509_set.c
index 5d0a3a0c0e0..5a6f7b414f4 100644
--- a/lib/libssl/src/crypto/x509/x509_set.c
+++ b/lib/libssl/src/crypto/x509/x509_set.c
@@ -58,14 +58,12 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1.h"
-#include "objects.h"
-#include "evp.h"
-#include "x509.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
 
-int X509_set_version(x,version)
-X509 *x;
-long version;
+int X509_set_version(X509 *x, long version)
 	{
 	if (x == NULL) return(0);
 	if (x->cert_info->version == NULL)
@@ -76,9 +74,7 @@ long version;
 	return(ASN1_INTEGER_set(x->cert_info->version,version));
 	}
 
-int X509_set_serialNumber(x,serial)
-X509 *x;
-ASN1_INTEGER *serial;
+int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial)
 	{
 	ASN1_INTEGER *in;
 
@@ -96,25 +92,19 @@ ASN1_INTEGER *serial;
 	return(in != NULL);
 	}
 
-int X509_set_issuer_name(x,name)
-X509 *x;
-X509_NAME *name;
+int X509_set_issuer_name(X509 *x, X509_NAME *name)
 	{
 	if ((x == NULL) || (x->cert_info == NULL)) return(0);
 	return(X509_NAME_set(&x->cert_info->issuer,name));
 	}
 
-int X509_set_subject_name(x,name)
-X509 *x;
-X509_NAME *name;
+int X509_set_subject_name(X509 *x, X509_NAME *name)
 	{
 	if ((x == NULL) || (x->cert_info == NULL)) return(0);
 	return(X509_NAME_set(&x->cert_info->subject,name));
 	}
 
-int X509_set_notBefore(x,tm)
-X509 *x;
-ASN1_UTCTIME *tm;
+int X509_set_notBefore(X509 *x, ASN1_UTCTIME *tm)
 	{
 	ASN1_UTCTIME *in;
 
@@ -132,9 +122,7 @@ ASN1_UTCTIME *tm;
 	return(in != NULL);
 	}
 
-int X509_set_notAfter(x,tm)
-X509 *x;
-ASN1_UTCTIME *tm;
+int X509_set_notAfter(X509 *x, ASN1_UTCTIME *tm)
 	{
 	ASN1_UTCTIME *in;
 
@@ -152,9 +140,7 @@ ASN1_UTCTIME *tm;
 	return(in != NULL);
 	}
 
-int X509_set_pubkey(x,pkey)
-X509 *x;
-EVP_PKEY *pkey;
+int X509_set_pubkey(X509 *x, EVP_PKEY *pkey)
 	{
 	if ((x == NULL) || (x->cert_info == NULL)) return(0);
 	return(X509_PUBKEY_set(&(x->cert_info->key),pkey));
diff --git a/lib/libssl/src/crypto/x509/x509_txt.c b/lib/libssl/src/crypto/x509/x509_txt.c
index 408d1c277c5..11a3d2012fb 100644
--- a/lib/libssl/src/crypto/x509/x509_txt.c
+++ b/lib/libssl/src/crypto/x509/x509_txt.c
@@ -62,16 +62,14 @@
 #include <sys/types.h>
 
 #include "cryptlib.h"
-#include "lhash.h"
-#include "buffer.h"
-#include "evp.h"
-#include "asn1.h"
-#include "x509.h"
-#include "objects.h"
-#include "pem.h"
+#include <openssl/lhash.h>
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
 
-char *X509_verify_cert_error_string(n)
-long n;
+const char *X509_verify_cert_error_string(long n)
 	{
 	static char buf[100];
 
@@ -121,6 +119,8 @@ long n;
 		return("unable to verify the first certificate");
 	case X509_V_ERR_CERT_CHAIN_TOO_LONG:
 		return("certificate chain too long");
+	case X509_V_ERR_CERT_REVOKED:
+		return("certificate revoked");
 	case X509_V_ERR_APPLICATION_VERIFICATION:
 		return("application verification failure");
 	default:
diff --git a/lib/libssl/src/crypto/x509/x509_v3.c b/lib/libssl/src/crypto/x509/x509_v3.c
index 1c03602f0bb..dd2f9f1b177 100644
--- a/lib/libssl/src/crypto/x509/x509_v3.c
+++ b/lib/libssl/src/crypto/x509/x509_v3.c
@@ -57,34 +57,21 @@
  */
 
 #include <stdio.h>
-#include "stack.h"
+#include <openssl/stack.h>
 #include "cryptlib.h"
-#include "asn1.h"
-#include "objects.h"
-#include "evp.h"
-#include "x509.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
 
-#ifndef NOPROTO
-static X509_EXTENSION_METHOD *find_by_nid(int nid);
-static int xem_cmp(X509_EXTENSION_METHOD **a, X509_EXTENSION_METHOD **b);
-#else
-static X509_EXTENSION_METHOD *find_by_nid();
-static int xem_cmp();
-#endif
-
-static STACK *extensions=NULL;
-
-int X509v3_get_ext_count(x)
-STACK *x;
+int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x)
 	{
 	if (x == NULL) return(0);
-	return(sk_num(x));
+	return(sk_X509_EXTENSION_num(x));
 	}
 
-int X509v3_get_ext_by_NID(x,nid,lastpos)
-STACK *x;
-int nid;
-int lastpos;
+int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid,
+			  int lastpos)
 	{
 	ASN1_OBJECT *obj;
 
@@ -93,10 +80,8 @@ int lastpos;
 	return(X509v3_get_ext_by_OBJ(x,obj,lastpos));
 	}
 
-int X509v3_get_ext_by_OBJ(sk,obj,lastpos)
-STACK *sk;
-ASN1_OBJECT *obj;
-int lastpos;
+int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk, ASN1_OBJECT *obj,
+			  int lastpos)
 	{
 	int n;
 	X509_EXTENSION *ex;
@@ -105,20 +90,18 @@ int lastpos;
 	lastpos++;
 	if (lastpos < 0)
 		lastpos=0;
-	n=sk_num(sk);
+	n=sk_X509_EXTENSION_num(sk);
 	for ( ; lastpos < n; lastpos++)
 		{
-		ex=(X509_EXTENSION *)sk_value(sk,lastpos);
+		ex=sk_X509_EXTENSION_value(sk,lastpos);
 		if (OBJ_cmp(ex->object,obj) == 0)
 			return(lastpos);
 		}
 	return(-1);
 	}
 
-int X509v3_get_ext_by_critical(sk,crit,lastpos)
-STACK *sk;
-int crit;
-int lastpos;
+int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit,
+			       int lastpos)
 	{
 	int n;
 	X509_EXTENSION *ex;
@@ -127,10 +110,10 @@ int lastpos;
 	lastpos++;
 	if (lastpos < 0)
 		lastpos=0;
-	n=sk_num(sk);
+	n=sk_X509_EXTENSION_num(sk);
 	for ( ; lastpos < n; lastpos++)
 		{
-		ex=(X509_EXTENSION *)sk_value(sk,lastpos);
+		ex=sk_X509_EXTENSION_value(sk,lastpos);
 		if (	(ex->critical && crit) ||
 			(!ex->critical && !crit))
 			return(lastpos);
@@ -138,52 +121,46 @@ int lastpos;
 	return(-1);
 	}
 
-X509_EXTENSION *X509v3_get_ext(x,loc)
-STACK *x;
-int loc;
+X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc)
 	{
-	if ((x == NULL) || (sk_num(x) <= loc) || (loc < 0))
-		return(NULL);
+	if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
+		return NULL;
 	else
-		return((X509_EXTENSION *)sk_value(x,loc));
+		return sk_X509_EXTENSION_value(x,loc);
 	}
 
-X509_EXTENSION *X509v3_delete_ext(x,loc)
-STACK *x;
-int loc;
+X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc)
 	{
 	X509_EXTENSION *ret;
 
-	if ((x == NULL) || (sk_num(x) <= loc) || (loc < 0))
+	if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
 		return(NULL);
-	ret=(X509_EXTENSION *)sk_delete(x,loc);
+	ret=sk_X509_EXTENSION_delete(x,loc);
 	return(ret);
 	}
 
-STACK *X509v3_add_ext(x,ex,loc)
-STACK **x;
-X509_EXTENSION *ex;
-int loc;
+STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
+					 X509_EXTENSION *ex, int loc)
 	{
 	X509_EXTENSION *new_ex=NULL;
 	int n;
-	STACK *sk=NULL;
+	STACK_OF(X509_EXTENSION) *sk=NULL;
 
 	if ((x != NULL) && (*x == NULL))
 		{
-		if ((sk=sk_new_null()) == NULL)
+		if ((sk=sk_X509_EXTENSION_new_null()) == NULL)
 			goto err;
 		}
 	else
 		sk= *x;
 
-	n=sk_num(sk);
+	n=sk_X509_EXTENSION_num(sk);
 	if (loc > n) loc=n;
 	else if (loc < 0) loc=n;
 
 	if ((new_ex=X509_EXTENSION_dup(ex)) == NULL)
 		goto err2;
-	if (!sk_insert(sk,(char *)new_ex,loc))
+	if (!sk_X509_EXTENSION_insert(sk,new_ex,loc))
 		goto err;
 	if ((x != NULL) && (*x == NULL))
 		*x=sk;
@@ -192,15 +169,12 @@ err:
 	X509err(X509_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE);
 err2:
 	if (new_ex != NULL) X509_EXTENSION_free(new_ex);
-	if (sk != NULL) sk_free(sk);
+	if (sk != NULL) sk_X509_EXTENSION_free(sk);
 	return(NULL);
 	}
 
-X509_EXTENSION *X509_EXTENSION_create_by_NID(ex,nid,crit,data)
-X509_EXTENSION **ex;
-int nid;
-int crit;
-ASN1_OCTET_STRING *data;
+X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid,
+	     int crit, ASN1_OCTET_STRING *data)
 	{
 	ASN1_OBJECT *obj;
 	X509_EXTENSION *ret;
@@ -216,11 +190,8 @@ ASN1_OCTET_STRING *data;
 	return(ret);
 	}
 
-X509_EXTENSION *X509_EXTENSION_create_by_OBJ(ex,obj,crit,data)
-X509_EXTENSION **ex;
-ASN1_OBJECT *obj;
-int crit;
-ASN1_OCTET_STRING *data;
+X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
+	     ASN1_OBJECT *obj, int crit, ASN1_OCTET_STRING *data)
 	{
 	X509_EXTENSION *ret;
 
@@ -250,9 +221,7 @@ err:
 	return(NULL);
 	}
 
-int X509_EXTENSION_set_object(ex,obj)
-X509_EXTENSION *ex;
-ASN1_OBJECT *obj;
+int X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj)
 	{
 	if ((ex == NULL) || (obj == NULL))
 		return(0);
@@ -261,18 +230,14 @@ ASN1_OBJECT *obj;
 	return(1);
 	}
 
-int X509_EXTENSION_set_critical(ex,crit)
-X509_EXTENSION *ex;
-int crit;
+int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit)
 	{
 	if (ex == NULL) return(0);
 	ex->critical=(crit)?0xFF:0;
 	return(1);
 	}
 
-int X509_EXTENSION_set_data(ex,data)
-X509_EXTENSION *ex;
-ASN1_OCTET_STRING *data;
+int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data)
 	{
 	int i;
 
@@ -282,128 +247,20 @@ ASN1_OCTET_STRING *data;
 	return(1);
 	}
 
-ASN1_OBJECT *X509_EXTENSION_get_object(ex)
-X509_EXTENSION *ex;
+ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex)
 	{
 	if (ex == NULL) return(NULL);
 	return(ex->object);
 	}
 
-ASN1_OCTET_STRING *X509_EXTENSION_get_data(ex)
-X509_EXTENSION *ex;
+ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ex)
 	{
 	if (ex == NULL) return(NULL);
 	return(ex->value);
 	}
 
-int X509_EXTENSION_get_critical(ex)
-X509_EXTENSION *ex;
+int X509_EXTENSION_get_critical(X509_EXTENSION *ex)
 	{
 	if (ex == NULL) return(0);
 	return(ex->critical);
 	}
-
-int X509v3_data_type_by_OBJ(obj)
-ASN1_OBJECT *obj;
-	{
-	int nid;
-
-	nid=OBJ_obj2nid(obj);
-	if (nid == V_ASN1_UNDEF) return(V_ASN1_UNDEF);
-	return(X509v3_data_type_by_NID(nid));
-	}
-
-int X509v3_data_type_by_NID(nid)
-int nid;
-	{
-	X509_EXTENSION_METHOD *x;
-
-	x=find_by_nid(nid);
-	if (x == NULL)
-		return(V_ASN1_UNDEF);
-	else
-		return(x->data_type);
-	}
-
-int X509v3_pack_type_by_OBJ(obj)
-ASN1_OBJECT *obj;
-	{
-	int nid;
-
-	nid=OBJ_obj2nid(obj);
-	if (nid == NID_undef) return(X509_EXT_PACK_UNKNOWN);
-	return(X509v3_pack_type_by_NID(nid));
-	}
-
-int X509v3_pack_type_by_NID(nid)
-int nid;
-	{
-	X509_EXTENSION_METHOD *x;
-
-	x=find_by_nid(nid);
-	if (x == NULL)
-		return(X509_EXT_PACK_UNKNOWN);
-	else
-		return(x->pack_type);
-	}
-
-static X509_EXTENSION_METHOD *find_by_nid(nid)
-int nid;
-	{
-	X509_EXTENSION_METHOD x;
-	int i;
-
-	x.nid=nid;
-	if (extensions == NULL) return(NULL);
-	i=sk_find(extensions,(char *)&x);
-	if (i < 0)
-		return(NULL);
-	else
-		return((X509_EXTENSION_METHOD *)sk_value(extensions,i));
-	}
-
-static int xem_cmp(a,b)
-X509_EXTENSION_METHOD **a,**b;
-	{
-	return((*a)->nid-(*b)->nid);
-	}
-
-void X509v3_cleanup_extensions()
-	{
-	int i;
-
-	if (extensions != NULL)
-		{
-		for (i=0; i<sk_num(extensions); i++)
-			Free(sk_value(extensions,i));
-		sk_free(extensions);
-		extensions=NULL;
-		}
-	}
-
-int X509v3_add_extension(x)
-X509_EXTENSION_METHOD *x;
-	{
-	X509_EXTENSION_METHOD *newx;
-
-	if (extensions == NULL)
-		{
-		extensions=sk_new(xem_cmp);
-		if (extensions == NULL) goto err;
-		}
-	newx=(X509_EXTENSION_METHOD *)Malloc(sizeof(X509_EXTENSION_METHOD));
-	if (newx == NULL) goto err;
-	newx->nid=x->nid;
-	newx->data_type=x->data_type;
-	newx->pack_type=x->pack_type;
-	if (!sk_push(extensions,(char *)newx))
-		{
-		Free(newx);
-		goto err;
-		}
-	return(1);
-err:
-	X509err(X509_F_X509V3_ADD_EXTENSION,ERR_R_MALLOC_FAILURE);
-	return(0);
-	}
-
diff --git a/lib/libssl/src/crypto/x509/x509_vfy.c b/lib/libssl/src/crypto/x509/x509_vfy.c
index c1be91edba5..c72ee4a3855 100644
--- a/lib/libssl/src/crypto/x509/x509_vfy.c
+++ b/lib/libssl/src/crypto/x509/x509_vfy.c
@@ -62,25 +62,19 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 
-#include "crypto.h"
+#include <openssl/crypto.h>
 #include "cryptlib.h"
-#include "lhash.h"
-#include "buffer.h"
-#include "evp.h"
-#include "asn1.h"
-#include "x509.h"
-#include "objects.h"
-#include "pem.h"
-
-#ifndef NOPROTO
+#include <openssl/lhash.h>
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+
 static int null_callback(int ok,X509_STORE_CTX *e);
 static int internal_verify(X509_STORE_CTX *ctx);
-#else
-static int null_callback();
-static int internal_verify();
-#endif
+const char *X509_version="X.509" OPENSSL_VERSION_PTEXT;
 
-char *X509_version="X509 part of SSLeay 0.9.0b 29-Jun-1998";
 static STACK *x509_store_ctx_method=NULL;
 static int x509_store_ctx_num=0;
 #if 0
@@ -88,23 +82,19 @@ static int x509_store_num=1;
 static STACK *x509_store_method=NULL;
 #endif
 
-static int null_callback(ok,e)
-int ok;
-X509_STORE_CTX *e;
+static int null_callback(int ok, X509_STORE_CTX *e)
 	{
 	return(ok);
 	}
 
 #if 0
-static int x509_subject_cmp(a,b)
-X509 **a,**b;
+static int x509_subject_cmp(X509 **a, X509 **b)
 	{
 	return(X509_subject_name_cmp(*a,*b));
 	}
 #endif
 
-int X509_verify_cert(ctx)
-X509_STORE_CTX *ctx;
+int X509_verify_cert(X509_STORE_CTX *ctx)
 	{
 	X509 *x,*xtmp,*chain_ss=NULL;
 	X509_NAME *xn;
@@ -112,7 +102,7 @@ X509_STORE_CTX *ctx;
 	int depth,i,ok=0;
 	int num;
 	int (*cb)();
-	STACK *sktmp=NULL;
+	STACK_OF(X509) *sktmp=NULL;
 
 	if (ctx->cert == NULL)
 		{
@@ -127,8 +117,8 @@ X509_STORE_CTX *ctx;
 	 * present and that the first entry is in place */
 	if (ctx->chain == NULL)
 		{
-		if (	((ctx->chain=sk_new_null()) == NULL) ||
-			(!sk_push(ctx->chain,(char *)ctx->cert)))
+		if (	((ctx->chain=sk_X509_new_null()) == NULL) ||
+			(!sk_X509_push(ctx->chain,ctx->cert)))
 			{
 			X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
 			goto end;
@@ -138,21 +128,26 @@ X509_STORE_CTX *ctx;
 		}
 
 	/* We use a temporary so we can chop and hack at it */
-	if ((ctx->untrusted != NULL) && (sktmp=sk_dup(ctx->untrusted)) == NULL)
+	if (ctx->untrusted != NULL
+	    && (sktmp=sk_X509_dup(ctx->untrusted)) == NULL)
 		{
 		X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
 		goto end;
 		}
 
-	num=sk_num(ctx->chain);
-	x=(X509 *)sk_value(ctx->chain,num-1);
+	num=sk_X509_num(ctx->chain);
+	x=sk_X509_value(ctx->chain,num-1);
 	depth=ctx->depth;
 
 
 	for (;;)
 		{
 		/* If we have enough, we break */
-		if (depth <= num) break;
+		if (depth < num) break; /* FIXME: If this happens, we should take
+		                         * note of it and, if appropriate, use the
+		                         * X509_V_ERR_CERT_CHAIN_TOO_LONG error
+		                         * code later.
+		                         */
 
 		/* If we are self signed, we break */
 		xn=X509_get_issuer_name(x);
@@ -165,13 +160,13 @@ X509_STORE_CTX *ctx;
 			xtmp=X509_find_by_subject(sktmp,xn);
 			if (xtmp != NULL)
 				{
-				if (!sk_push(ctx->chain,(char *)xtmp))
+				if (!sk_X509_push(ctx->chain,xtmp))
 					{
 					X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
 					goto end;
 					}
 				CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509);
-				sk_delete_ptr(sktmp,(char *)xtmp);
+				sk_X509_delete_ptr(sktmp,xtmp);
 				ctx->last_untrusted++;
 				x=xtmp;
 				num++;
@@ -187,13 +182,13 @@ X509_STORE_CTX *ctx;
 	 * certificates.  We now need to add at least one trusted one,
 	 * if possible, otherwise we complain. */
 
-	i=sk_num(ctx->chain);
-	x=(X509 *)sk_value(ctx->chain,i-1);
+	i=sk_X509_num(ctx->chain);
+	x=sk_X509_value(ctx->chain,i-1);
 	if (X509_NAME_cmp(X509_get_subject_name(x),X509_get_issuer_name(x))
 		== 0)
 		{
 		/* we have a self signed certificate */
-		if (sk_num(ctx->chain) == 1)
+		if (sk_X509_num(ctx->chain) == 1)
 			{
 			ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
 			ctx->current_cert=x;
@@ -204,10 +199,10 @@ X509_STORE_CTX *ctx;
 		else
 			{
 			/* worry more about this one elsewhere */
-			chain_ss=(X509 *)sk_pop(ctx->chain);
+			chain_ss=sk_X509_pop(ctx->chain);
 			ctx->last_untrusted--;
 			num--;
-			x=(X509 *)sk_value(ctx->chain,num-1);
+			x=sk_X509_value(ctx->chain,num-1);
 			}
 		}
 
@@ -215,7 +210,7 @@ X509_STORE_CTX *ctx;
 	for (;;)
 		{
 		/* If we have enough, we break */
-		if (depth <= num) break;
+		if (depth < num) break;
 
 		/* If we are self signed, we break */
 		xn=X509_get_issuer_name(x);
@@ -240,7 +235,7 @@ X509_STORE_CTX *ctx;
 			break;
 			}
 		x=obj.data.x509;
-		if (!sk_push(ctx->chain,(char *)obj.data.x509))
+		if (!sk_X509_push(ctx->chain,obj.data.x509))
 			{
 			X509_OBJECT_free_contents(&obj);
 			X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
@@ -264,7 +259,7 @@ X509_STORE_CTX *ctx;
 		else
 			{
 
-			sk_push(ctx->chain,(char *)chain_ss);
+			sk_X509_push(ctx->chain,chain_ss);
 			num++;
 			ctx->last_untrusted=num;
 			ctx->current_cert=chain_ss;
@@ -285,14 +280,17 @@ X509_STORE_CTX *ctx;
 		ok=ctx->ctx->verify(ctx);
 	else
 		ok=internal_verify(ctx);
+	if (0)
+		{
 end:
-	if (sktmp != NULL) sk_free(sktmp);
+		X509_get_pubkey_parameters(NULL,ctx->chain);
+		}
+	if (sktmp != NULL) sk_X509_free(sktmp);
 	if (chain_ss != NULL) X509_free(chain_ss);
 	return(ok);
 	}
 
-static int internal_verify(ctx)
-X509_STORE_CTX *ctx;
+static int internal_verify(X509_STORE_CTX *ctx)
 	{
 	int i,ok=0,n;
 	X509 *xs,*xi;
@@ -302,10 +300,10 @@ X509_STORE_CTX *ctx;
 	cb=ctx->ctx->verify_cb;
 	if (cb == NULL) cb=null_callback;
 
-	n=sk_num(ctx->chain);
+	n=sk_X509_num(ctx->chain);
 	ctx->error_depth=n-1;
 	n--;
-	xi=(X509 *)sk_value(ctx->chain,n);
+	xi=sk_X509_value(ctx->chain,n);
 	if (X509_NAME_cmp(X509_get_subject_name(xi),
 		X509_get_issuer_name(xi)) == 0)
 		xs=xi;
@@ -322,7 +320,7 @@ X509_STORE_CTX *ctx;
 			{
 			n--;
 			ctx->error_depth=n;
-			xs=(X509 *)sk_value(ctx->chain,n);
+			xs=sk_X509_value(ctx->chain,n);
 			}
 		}
 
@@ -341,11 +339,13 @@ X509_STORE_CTX *ctx;
 				}
 			if (X509_verify(xs,pkey) <= 0)
 				{
+				EVP_PKEY_free(pkey);
 				ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
 				ctx->current_cert=xs;
 				ok=(*cb)(0,ctx);
 				if (!ok) goto end;
 				}
+			EVP_PKEY_free(pkey);
 			pkey=NULL;
 
 			i=X509_cmp_current_time(X509_get_notBefore(xs));
@@ -394,7 +394,7 @@ X509_STORE_CTX *ctx;
 		if (n >= 0)
 			{
 			xi=xs;
-			xs=(X509 *)sk_value(ctx->chain,n);
+			xs=sk_X509_value(ctx->chain,n);
 			}
 		}
 	ok=1;
@@ -402,8 +402,7 @@ end:
 	return(ok);
 	}
 
-int X509_cmp_current_time(ctm)
-ASN1_UTCTIME *ctm;
+int X509_cmp_current_time(ASN1_UTCTIME *ctm)
 	{
 	char *str;
 	ASN1_UTCTIME atm;
@@ -434,7 +433,7 @@ ASN1_UTCTIME *ctm;
 		offset=((str[1]-'0')*10+(str[2]-'0'))*60;
 		offset+=(str[3]-'0')*10+(str[4]-'0');
 		if (*str == '-')
-			offset=-offset;
+			offset= -offset;
 		}
 	atm.type=V_ASN1_UTCTIME;
 	atm.length=sizeof(buff2);
@@ -443,9 +442,9 @@ ASN1_UTCTIME *ctm;
 	X509_gmtime_adj(&atm,-offset);
 
 	i=(buff1[0]-'0')*10+(buff1[1]-'0');
-	if (i < 70) i+=100;
+	if (i < 50) i+=100; /* cf. RFC 2459 */
 	j=(buff2[0]-'0')*10+(buff2[1]-'0');
-	if (j < 70) j+=100;
+	if (j < 50) j+=100;
 
 	if (i < j) return (-1);
 	if (i > j) return (1);
@@ -456,9 +455,7 @@ ASN1_UTCTIME *ctm;
 		return(i);
 	}
 
-ASN1_UTCTIME *X509_gmtime_adj(s, adj)
-ASN1_UTCTIME *s;
-long adj;
+ASN1_UTCTIME *X509_gmtime_adj(ASN1_UTCTIME *s, long adj)
 	{
 	time_t t;
 
@@ -467,18 +464,16 @@ long adj;
 	return(ASN1_UTCTIME_set(s,t));
 	}
 
-int X509_get_pubkey_parameters(pkey,chain)
-EVP_PKEY *pkey;
-STACK *chain;
+int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
 	{
 	EVP_PKEY *ktmp=NULL,*ktmp2;
 	int i,j;
 
 	if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return(1);
 
-	for (i=0; i<sk_num(chain); i++)
+	for (i=0; i<sk_X509_num(chain); i++)
 		{
-		ktmp=X509_get_pubkey((X509 *)sk_value(chain,i));
+		ktmp=X509_get_pubkey(sk_X509_value(chain,i));
 		if (ktmp == NULL)
 			{
 			X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
@@ -488,6 +483,7 @@ STACK *chain;
 			break;
 		else
 			{
+			EVP_PKEY_free(ktmp);
 			ktmp=NULL;
 			}
 		}
@@ -500,63 +496,17 @@ STACK *chain;
 	/* first, populate the other certs */
 	for (j=i-1; j >= 0; j--)
 		{
-		ktmp2=X509_get_pubkey((X509 *)sk_value(chain,j));
+		ktmp2=X509_get_pubkey(sk_X509_value(chain,j));
 		EVP_PKEY_copy_parameters(ktmp2,ktmp);
+		EVP_PKEY_free(ktmp2);
 		}
 	
-	if (pkey != NULL)
-		EVP_PKEY_copy_parameters(pkey,ktmp);
+	if (pkey != NULL) EVP_PKEY_copy_parameters(pkey,ktmp);
+	EVP_PKEY_free(ktmp);
 	return(1);
 	}
 
-EVP_PKEY *X509_get_pubkey(x)
-X509 *x;
-	{
-	if ((x == NULL) || (x->cert_info == NULL))
-		return(NULL);
-	return(X509_PUBKEY_get(x->cert_info->key));
-	}
-
-int X509_check_private_key(x,k)
-X509 *x;
-EVP_PKEY *k;
-	{
-	EVP_PKEY *xk=NULL;
-	int ok=0;
-
-	xk=X509_get_pubkey(x);
-	if (xk->type != k->type) goto err;
-	switch (k->type)
-		{
-#ifndef NO_RSA
-	case EVP_PKEY_RSA:
-		if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0) goto err;
-		if (BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0) goto err;
-		break;
-#endif
-#ifndef NO_DSA
-	case EVP_PKEY_DSA:
-		if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0)
-			goto err;
-		break;
-#endif
-#ifndef NO_DH
-	case EVP_PKEY_DH:
-		/* No idea */
-		goto err;
-#endif
-	default:
-		goto err;
-		}
-
-	ok=1;
-err:
-	return(ok);
-	}
-
-int X509_STORE_add_cert(ctx,x)
-X509_STORE *ctx;
-X509 *x;
+int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
 	{
 	X509_OBJECT *obj,*r;
 	int ret=1;
@@ -591,9 +541,7 @@ X509 *x;
 	return(ret);	
 	}
 
-int X509_STORE_add_crl(ctx,x)
-X509_STORE *ctx;
-X509_CRL *x;
+int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
 	{
 	X509_OBJECT *obj,*r;
 	int ret=1;
@@ -628,12 +576,8 @@ X509_CRL *x;
 	return(ret);	
 	}
 
-int X509_STORE_CTX_get_ex_new_index(argl,argp,new_func,dup_func,free_func)
-long argl;
-char *argp;
-int (*new_func)();
-int (*dup_func)();
-void (*free_func)();
+int X509_STORE_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+	     int (*dup_func)(), void (*free_func)())
         {
         x509_store_ctx_num++;
         return(CRYPTO_get_ex_new_index(x509_store_ctx_num-1,
@@ -641,64 +585,55 @@ void (*free_func)();
                 argl,argp,new_func,dup_func,free_func));
         }
 
-int X509_STORE_CTX_set_ex_data(ctx,idx,data)
-X509_STORE_CTX *ctx;
-int idx;
-char *data;
+int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
 	{
 	return(CRYPTO_set_ex_data(&ctx->ex_data,idx,data));
 	}
 
-char *X509_STORE_CTX_get_ex_data(ctx,idx)
-X509_STORE_CTX *ctx;
-int idx;
+void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx)
 	{
 	return(CRYPTO_get_ex_data(&ctx->ex_data,idx));
 	}
 
-int X509_STORE_CTX_get_error(ctx)
-X509_STORE_CTX *ctx;
+int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)
 	{
 	return(ctx->error);
 	}
 
-void X509_STORE_CTX_set_error(ctx,err)
-X509_STORE_CTX *ctx;
-int err;
+void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err)
 	{
 	ctx->error=err;
 	}
 
-int X509_STORE_CTX_get_error_depth(ctx)
-X509_STORE_CTX *ctx;
+int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
 	{
 	return(ctx->error_depth);
 	}
 
-X509 *X509_STORE_CTX_get_current_cert(ctx)
-X509_STORE_CTX *ctx;
+X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)
 	{
 	return(ctx->current_cert);
 	}
 
-STACK *X509_STORE_CTX_get_chain(ctx)
-X509_STORE_CTX *ctx;
+STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
 	{
 	return(ctx->chain);
 	}
 
-void X509_STORE_CTX_set_cert(ctx,x)
-X509_STORE_CTX *ctx;
-X509 *x;
+void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
 	{
 	ctx->cert=x;
 	}
 
-void X509_STORE_CTX_set_chain(ctx,sk)
-X509_STORE_CTX *ctx;
-STACK *sk;
+void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
 	{
 	ctx->untrusted=sk;
 	}
 
+IMPLEMENT_STACK_OF(X509)
+IMPLEMENT_ASN1_SET_OF(X509)
+
+IMPLEMENT_STACK_OF(X509_NAME)
 
+IMPLEMENT_STACK_OF(X509_ATTRIBUTE)
+IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE)
diff --git a/lib/libssl/src/crypto/x509/x509_vfy.h b/lib/libssl/src/crypto/x509/x509_vfy.h
index dfc060f8998..ecfd4cf9eda 100644
--- a/lib/libssl/src/crypto/x509/x509_vfy.h
+++ b/lib/libssl/src/crypto/x509/x509_vfy.h
@@ -56,6 +56,12 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef HEADER_X509_H
+#include <openssl/x509.h>
+/* openssl/x509.h ends up #include-ing this file at about the only
+ * appropriate moment. */
+#endif
+
 #ifndef HEADER_X509_VFY_H
 #define HEADER_X509_VFY_H
 
@@ -63,8 +69,8 @@
 extern "C" {
 #endif
 
-#include "bio.h"
-#include "crypto.h"
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
 
 /* Outer object */
 typedef struct x509_hash_dir_st
@@ -119,21 +125,33 @@ typedef struct x509_object_st
 		} data;
 	} X509_OBJECT;
 
+typedef struct x509_lookup_st X509_LOOKUP;
+
+DECLARE_STACK_OF(X509_LOOKUP)
+
 /* This is a static that defines the function interface */
 typedef struct x509_lookup_method_st
 	{
-	char *name;
-	int (*new_item)();
-	void (*free)();
-	int (*init)(/* meth, char ** */);
-	int (*shutdown)( /* meth, char ** */);
-	int (*ctrl)( /* meth, char **, int cmd, char *argp, int argi */);
-	int (*get_by_subject)(/* meth, char **, XNAME *, X509 **ret */);
-	int (*get_by_issuer_serial)();
-	int (*get_by_fingerprint)();
-	int (*get_by_alias)();
+	const char *name;
+	int (*new_item)(X509_LOOKUP *ctx);
+	void (*free)(X509_LOOKUP *ctx);
+	int (*init)(X509_LOOKUP *ctx);
+	int (*shutdown)(X509_LOOKUP *ctx);
+	int (*ctrl)(X509_LOOKUP *ctx,int cmd,const char *argc,long argl,
+			char **ret);
+	int (*get_by_subject)(X509_LOOKUP *ctx,int type,X509_NAME *name,
+			      X509_OBJECT *ret);
+	int (*get_by_issuer_serial)(X509_LOOKUP *ctx,int type,X509_NAME *name,
+				    ASN1_INTEGER *serial,X509_OBJECT *ret);
+	int (*get_by_fingerprint)(X509_LOOKUP *ctx,int type,
+				  unsigned char *bytes,int len,
+				  X509_OBJECT *ret);
+	int (*get_by_alias)(X509_LOOKUP *ctx,int type,char *str,int len,
+			    X509_OBJECT *ret);
 	} X509_LOOKUP_METHOD;
 
+typedef struct x509_store_state_st X509_STORE_CTX;
+
 /* This is used to hold everything.  It is used for all certificate
  * validation.  Once we have a certificate chain, the 'verify'
  * function is then called to actually check the cert chain. */
@@ -148,13 +166,13 @@ typedef struct x509_store_st
 #endif
 
 	/* These are external lookup methods */
-	STACK *get_cert_methods;/* X509_LOOKUP */
-	int (*verify)();	/* called to verify a certificate */
-	int (*verify_cb)();	/* error callback */
+	STACK_OF(X509_LOOKUP) *get_cert_methods;
+	int (*verify)(X509_STORE_CTX *ctx);	/* called to verify a certificate */
+	int (*verify_cb)(int ok,X509_STORE_CTX *ctx);	/* error callback */
 
 	CRYPTO_EX_DATA ex_data;
 	int references;
-	int depth;		/* how deep to look */
+	int depth;		/* how deep to look (still unused -- X509_STORE_CTX's depth is used) */
 	}  X509_STORE;
 
 #define X509_STORE_set_depth(ctx,d)       ((ctx)->depth=(d))
@@ -163,7 +181,7 @@ typedef struct x509_store_st
 #define X509_STORE_set_verify_func(ctx,func)	((ctx)->verify=(func))
 
 /* This is the functions plus an instance of the local variables. */
-typedef struct x509_lookup_st
+struct x509_lookup_st
 	{
 	int init;			/* have we been started */
 	int skip;			/* don't use us. */
@@ -171,25 +189,25 @@ typedef struct x509_lookup_st
 	char *method_data;		/* method data */
 
 	X509_STORE *store_ctx;	/* who owns us */
-	} X509_LOOKUP;
+	};
 
 /* This is a temporary used when processing cert chains.  Since the
  * gathering of the cert chain can take some time (and have to be
  * 'retried', this needs to be kept and passed around. */
-typedef struct x509_store_state_st
+struct x509_store_state_st      /* X509_STORE_CTX */
 	{
 	X509_STORE *ctx;
 	int current_method;	/* used when looking up certs */
 
 	/* The following are set by the caller */
 	X509 *cert;		/* The cert to check */
-	STACK *untrusted;	/* chain of X509s - untrusted - passed in */
+	STACK_OF(X509) *untrusted;	/* chain of X509s - untrusted - passed in */
 
 	/* The following is built up */
 	int depth;		/* how far to go looking up certs */
 	int valid;		/* if 0, rebuild chain */
 	int last_untrusted;	/* index of last untrusted cert */
-	STACK *chain; 		/* chain of X509s - built up and trusted */
+	STACK_OF(X509) *chain; 		/* chain of X509s - built up and trusted */
 
 	/* When something goes wrong, this is why */
 	int error_depth;
@@ -197,7 +215,9 @@ typedef struct x509_store_state_st
 	X509 *current_cert;
 
 	CRYPTO_EX_DATA ex_data;
-	} X509_STORE_CTX;
+	};
+
+#define X509_STORE_CTX_set_depth(ctx,d)       ((ctx)->depth=(d))
 
 #define X509_STORE_CTX_set_app_data(ctx,data) \
 	X509_STORE_CTX_set_ex_data(ctx,0,data)
@@ -207,11 +227,9 @@ typedef struct x509_store_state_st
 #define X509_L_FILE_LOAD	1
 #define X509_L_ADD_DIR		2
 
-X509_LOOKUP_METHOD *X509_LOOKUP_file();
 #define X509_LOOKUP_load_file(x,name,type) \
 		X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL)
 
-X509_LOOKUP_METHOD *X509_LOOKUP_dir();
 #define X509_LOOKUP_add_dir(x,name,type) \
 		X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
 
@@ -243,9 +261,23 @@ X509_LOOKUP_METHOD *X509_LOOKUP_dir();
 /* The application is not happy */
 #define		X509_V_ERR_APPLICATION_VERIFICATION		50
 
-#ifndef NOPROTO
+		  /* These functions are being redefined in another directory,
+		     and clash when the linker is case-insensitive, so let's
+		     hide them a little, by giving them an extra 'o' at the
+		     beginning of the name... */
+#ifdef VMS
+#undef X509v3_cleanup_extensions
+#define X509v3_cleanup_extensions oX509v3_cleanup_extensions
+#undef X509v3_add_extension
+#define X509v3_add_extension oX509v3_add_extension
+#undef X509v3_add_netscape_extensions
+#define X509v3_add_netscape_extensions oX509v3_add_netscape_extensions
+#undef X509v3_add_standard_extensions
+#define X509v3_add_standard_extensions oX509v3_add_standard_extensions
+#endif
+
 #ifdef HEADER_LHASH_H
-X509_OBJECT *X509_OBJECT_retrive_by_subject(LHASH *h,int type,X509_NAME *name);
+X509_OBJECT *X509_OBJECT_retrieve_by_subject(LHASH *h,int type,X509_NAME *name);
 #endif
 void X509_OBJECT_up_ref_count(X509_OBJECT *a);
 void X509_OBJECT_free_contents(X509_OBJECT *a);
@@ -253,7 +285,7 @@ X509_STORE *X509_STORE_new(void );
 void X509_STORE_free(X509_STORE *v);
 
 void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
-	X509 *x509, STACK *chain);
+			 X509 *x509, STACK_OF(X509) *chain);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 
 X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
@@ -267,17 +299,14 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
 int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,X509_NAME *name,
 	X509_OBJECT *ret);
 
-int X509_LOOKUP_ctrl(X509_LOOKUP *ctx,int cmd,char *argc,long argl,char **ret);
+int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
+	long argl, char **ret);
 
 #ifndef NO_STDIO
-int X509_load_cert_file(X509_LOOKUP *ctx, char *file, int type);
-int X509_load_crl_file(X509_LOOKUP *ctx, char *file, int type);
+int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
+int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
 #endif
 
-void X509v3_cleanup_extensions(void );
-int X509v3_add_extension(X509_EXTENSION_METHOD *x);
-int X509v3_add_netscape_extensions(void );
-int X509v3_add_standard_extensions(void );
 
 X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
 void X509_LOOKUP_free(X509_LOOKUP *ctx);
@@ -294,82 +323,21 @@ int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
 
 #ifndef NO_STDIO
 int	X509_STORE_load_locations (X509_STORE *ctx,
-		char *file, char *dir);
+		const char *file, const char *dir);
 int	X509_STORE_set_default_paths(X509_STORE *ctx);
 #endif
 
 int X509_STORE_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(),
 	int (*dup_func)(), void (*free_func)());
-int	X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,char *data);
-char *	X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx);
+int	X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,void *data);
+void *	X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx);
 int	X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
 void	X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
 int	X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
 X509 *	X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
-STACK *	X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
+STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
 void	X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x);
-void	X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK /* X509 */ *sk);
-
-#else
-
-#ifdef HEADER_LHASH_H
-X509_OBJECT *X509_OBJECT_retrive_by_subject();
-#endif
-void X509_OBJECT_up_ref_count();
-void X509_OBJECT_free_contents();
-X509_STORE *X509_STORE_new();
-void X509_STORE_free();
-
-void X509_STORE_CTX_init();
-void X509_STORE_CTX_cleanup();
-
-X509_LOOKUP *X509_STORE_add_lookup();
-
-X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir();
-X509_LOOKUP_METHOD *X509_LOOKUP_file();
-
-int X509_STORE_add_cert();
-int X509_STORE_add_crl();
-
-int X509_STORE_get_by_subject();
-
-int X509_LOOKUP_ctrl();
-
-#ifndef NO_STDIO
-int X509_load_cert_file();
-int X509_load_crl_file();
-#endif
-
-void X509v3_cleanup_extensions();
-int X509v3_add_extension();
-int X509v3_add_netscape_extensions();
-int X509v3_add_standard_extensions();
-
-X509_LOOKUP *X509_LOOKUP_new();
-void X509_LOOKUP_free();
-int X509_LOOKUP_init();
-int X509_LOOKUP_by_subject();
-int X509_LOOKUP_by_issuer_serial();
-int X509_LOOKUP_by_fingerprint();
-int X509_LOOKUP_by_alias();
-int X509_LOOKUP_shutdown();
-
-#ifndef NO_STDIO
-int	X509_STORE_load_locations ();
-int	X509_STORE_set_default_paths();
-#endif
-
-int	X509_STORE_CTX_set_ex_data();
-char *	X509_STORE_CTX_get_ex_data();
-int	X509_STORE_CTX_get_error();
-void	X509_STORE_CTX_set_error();
-int	X509_STORE_CTX_get_error_depth();
-X509 *	X509_STORE_CTX_get_current_cert();
-STACK *	X509_STORE_CTX_get_chain();
-void	X509_STORE_CTX_set_cert();
-void	X509_STORE_CTX_set_chain();
-
-#endif
+void	X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk);
 
 #ifdef  __cplusplus
 }
diff --git a/lib/libssl/src/crypto/x509/x509name.c b/lib/libssl/src/crypto/x509/x509name.c
index 650e71b1b5e..2a422be3502 100644
--- a/lib/libssl/src/crypto/x509/x509name.c
+++ b/lib/libssl/src/crypto/x509/x509name.c
@@ -57,18 +57,14 @@
  */
 
 #include <stdio.h>
-#include "stack.h"
+#include <openssl/stack.h>
 #include "cryptlib.h"
-#include "asn1.h"
-#include "objects.h"
-#include "evp.h"
-#include "x509.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
 
-int X509_NAME_get_text_by_NID(name,nid,buf,len)
-X509_NAME *name;
-int nid;
-char *buf;
-int len;
+int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len)
 	{
 	ASN1_OBJECT *obj;
 
@@ -77,11 +73,8 @@ int len;
 	return(X509_NAME_get_text_by_OBJ(name,obj,buf,len));
 	}
 
-int X509_NAME_get_text_by_OBJ(name,obj,buf,len)
-X509_NAME *name;
-ASN1_OBJECT *obj;
-char *buf;
-int len;
+int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,
+	     int len)
 	{
 	int i;
 	ASN1_STRING *data;
@@ -96,17 +89,13 @@ int len;
 	return(i);
 	}
 
-int X509_NAME_entry_count(name)
-X509_NAME *name;
+int X509_NAME_entry_count(X509_NAME *name)
 	{
 	if (name == NULL) return(0);
-	return(sk_num(name->entries));
+	return(sk_X509_NAME_ENTRY_num(name->entries));
 	}
 
-int X509_NAME_get_index_by_NID(name,nid,lastpos)
-X509_NAME *name;
-int nid;
-int lastpos;
+int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos)
 	{
 	ASN1_OBJECT *obj;
 
@@ -116,61 +105,57 @@ int lastpos;
 	}
 
 /* NOTE: you should be passsing -1, not 0 as lastpos */
-int X509_NAME_get_index_by_OBJ(name,obj,lastpos)
-X509_NAME *name;
-ASN1_OBJECT *obj;
-int lastpos;
+int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
+	     int lastpos)
 	{
 	int n;
 	X509_NAME_ENTRY *ne;
-	STACK *sk;
+	STACK_OF(X509_NAME_ENTRY) *sk;
 
 	if (name == NULL) return(-1);
 	if (lastpos < 0)
 		lastpos= -1;
 	sk=name->entries;
-	n=sk_num(sk);
+	n=sk_X509_NAME_ENTRY_num(sk);
 	for (lastpos++; lastpos < n; lastpos++)
 		{
-		ne=(X509_NAME_ENTRY *)sk_value(sk,lastpos);
+		ne=sk_X509_NAME_ENTRY_value(sk,lastpos);
 		if (OBJ_cmp(ne->object,obj) == 0)
 			return(lastpos);
 		}
 	return(-1);
 	}
 
-X509_NAME_ENTRY *X509_NAME_get_entry(name,loc)
-X509_NAME *name;
-int loc;
+X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc)
 	{
-	if (	(name == NULL) || (sk_num(name->entries) <= loc) || (loc < 0))
+	if(name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
+	   || loc < 0)
 		return(NULL);
 	else
-		return((X509_NAME_ENTRY *)sk_value(name->entries,loc));
+		return(sk_X509_NAME_ENTRY_value(name->entries,loc));
 	}
 
-X509_NAME_ENTRY *X509_NAME_delete_entry(name,loc)
-X509_NAME *name;
-int loc;
+X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc)
 	{
 	X509_NAME_ENTRY *ret;
-	int i,j,n,set_prev,set_next;
-	STACK *sk;
+	int i,n,set_prev,set_next;
+	STACK_OF(X509_NAME_ENTRY) *sk;
 
-	if ((name == NULL) || (sk_num(name->entries) <= loc) || (loc < 0))
+	if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
+	    || loc < 0)
 		return(NULL);
 	sk=name->entries;
-	ret=(X509_NAME_ENTRY *)sk_delete(sk,loc);
-	n=sk_num(sk);
+	ret=sk_X509_NAME_ENTRY_delete(sk,loc);
+	n=sk_X509_NAME_ENTRY_num(sk);
 	name->modified=1;
 	if (loc == n) return(ret);
 
 	/* else we need to fixup the set field */
 	if (loc != 0)
-		set_prev=((X509_NAME_ENTRY *)sk_value(sk,loc-1))->set;
+		set_prev=(sk_X509_NAME_ENTRY_value(sk,loc-1))->set;
 	else
 		set_prev=ret->set-1;
-	set_next=((X509_NAME_ENTRY *)sk_value(sk,loc))->set;
+	set_next=sk_X509_NAME_ENTRY_value(sk,loc)->set;
 
 	/* set_prev is the previous set
 	 * set is the current set
@@ -181,29 +166,23 @@ int loc;
 	 * so basically only if prev and next differ by 2, then
 	 * re-number down by 1 */
 	if (set_prev+1 < set_next)
-		{
-		j=set_next-set_prev-1;
 		for (i=loc; i<n; i++)
-			((X509_NAME_ENTRY *)sk_value(sk,loc-1))->set-=j;
-		}
+			sk_X509_NAME_ENTRY_value(sk,i)->set--;
 	return(ret);
 	}
 
 /* if set is -1, append to previous set, 0 'a new one', and 1,
  * prepend to the guy we are about to stomp on. */
-int X509_NAME_add_entry(name,ne,loc,set)
-X509_NAME *name;
-X509_NAME_ENTRY *ne;
-int loc;
-int set;
+int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc,
+	     int set)
 	{
 	X509_NAME_ENTRY *new_name=NULL;
 	int n,i,inc;
-	STACK *sk;
+	STACK_OF(X509_NAME_ENTRY) *sk;
 
 	if (name == NULL) return(0);
 	sk=name->entries;
-	n=sk_num(sk);
+	n=sk_X509_NAME_ENTRY_num(sk);
 	if (loc > n) loc=n;
 	else if (loc < 0) loc=n;
 
@@ -218,7 +197,7 @@ int set;
 			}
 		else
 			{
-			set=((X509_NAME_ENTRY *)sk_value(sk,loc-1))->set;
+			set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set;
 			inc=0;
 			}
 		}
@@ -227,43 +206,38 @@ int set;
 		if (loc >= n)
 			{
 			if (loc != 0)
-				set=((X509_NAME_ENTRY *)
-					sk_value(sk,loc-1))->set+1;
+				set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set+1;
 			else
 				set=0;
 			}
 		else
-			set=((X509_NAME_ENTRY *)sk_value(sk,loc))->set;
+			set=sk_X509_NAME_ENTRY_value(sk,loc)->set;
 		inc=(set == 0)?1:0;
 		}
 
 	if ((new_name=X509_NAME_ENTRY_dup(ne)) == NULL)
 		goto err;
 	new_name->set=set;
-	if (!sk_insert(sk,(char *)new_name,loc))
+	if (!sk_X509_NAME_ENTRY_insert(sk,new_name,loc))
 		{
 		X509err(X509_F_X509_NAME_ADD_ENTRY,ERR_R_MALLOC_FAILURE);
 		goto err;
 		}
 	if (inc)
 		{
-		n=sk_num(sk);
+		n=sk_X509_NAME_ENTRY_num(sk);
 		for (i=loc+1; i<n; i++)
-			((X509_NAME_ENTRY *)sk_value(sk,i-1))->set+=1;
+			sk_X509_NAME_ENTRY_value(sk,i-1)->set+=1;
 		}	
 	return(1);
 err:
 	if (new_name != NULL)
-		X509_NAME_ENTRY_free(ne);
+		X509_NAME_ENTRY_free(new_name);
 	return(0);
 	}
 
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(ne,nid,type,bytes,len)
-X509_NAME_ENTRY **ne;
-int nid;
-int type;
-unsigned char *bytes;
-int len;
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
+	     int type, unsigned char *bytes, int len)
 	{
 	ASN1_OBJECT *obj;
 
@@ -276,12 +250,8 @@ int len;
 	return(X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len));
 	}
 
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len)
-X509_NAME_ENTRY **ne;
-ASN1_OBJECT *obj;
-int type;
-unsigned char *bytes;
-int len;
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
+	     ASN1_OBJECT *obj, int type, unsigned char *bytes, int len)
 	{
 	X509_NAME_ENTRY *ret;
 
@@ -306,9 +276,7 @@ err:
 	return(NULL);
 	}
 
-int X509_NAME_ENTRY_set_object(ne,obj)
-X509_NAME_ENTRY *ne;
-ASN1_OBJECT *obj;
+int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj)
 	{
 	if ((ne == NULL) || (obj == NULL))
 		{
@@ -320,11 +288,8 @@ ASN1_OBJECT *obj;
 	return((ne->object == NULL)?0:1);
 	}
 
-int X509_NAME_ENTRY_set_data(ne,type,bytes,len)
-X509_NAME_ENTRY *ne;
-int type;
-unsigned char *bytes;
-int len;
+int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
+	     unsigned char *bytes, int len)
 	{
 	int i;
 
@@ -342,15 +307,13 @@ int len;
 	return(1);
 	}
 
-ASN1_OBJECT *X509_NAME_ENTRY_get_object(ne)
-X509_NAME_ENTRY *ne;
+ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne)
 	{
 	if (ne == NULL) return(NULL);
 	return(ne->object);
 	}
 
-ASN1_STRING *X509_NAME_ENTRY_get_data(ne)
-X509_NAME_ENTRY *ne;
+ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne)
 	{
 	if (ne == NULL) return(NULL);
 	return(ne->value);
diff --git a/lib/libssl/src/crypto/x509/x509rset.c b/lib/libssl/src/crypto/x509/x509rset.c
index 323b25470a1..d9f6b573729 100644
--- a/lib/libssl/src/crypto/x509/x509rset.c
+++ b/lib/libssl/src/crypto/x509/x509rset.c
@@ -58,30 +58,24 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1.h"
-#include "objects.h"
-#include "evp.h"
-#include "x509.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
 
-int X509_REQ_set_version(x,version)
-X509_REQ *x;
-long version;
+int X509_REQ_set_version(X509_REQ *x, long version)
 	{
 	if (x == NULL) return(0);
 	return(ASN1_INTEGER_set(x->req_info->version,version));
 	}
 
-int X509_REQ_set_subject_name(x,name)
-X509_REQ *x;
-X509_NAME *name;
+int X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name)
 	{
 	if ((x == NULL) || (x->req_info == NULL)) return(0);
 	return(X509_NAME_set(&x->req_info->subject,name));
 	}
 
-int X509_REQ_set_pubkey(x,pkey)
-X509_REQ *x;
-EVP_PKEY *pkey;
+int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey)
 	{
 	if ((x == NULL) || (x->req_info == NULL)) return(0);
 	return(X509_PUBKEY_set(&x->req_info->pubkey,pkey));
diff --git a/lib/libssl/src/crypto/x509/x509type.c b/lib/libssl/src/crypto/x509/x509type.c
index 42c23bcfca0..8e78b344581 100644
--- a/lib/libssl/src/crypto/x509/x509type.c
+++ b/lib/libssl/src/crypto/x509/x509type.c
@@ -58,13 +58,11 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
-int X509_certificate_type(x,pkey)
-X509 *x;
-EVP_PKEY *pkey;
+int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
 	{
 	EVP_PKEY *pk;
 	int ret=0,i;
@@ -108,8 +106,9 @@ EVP_PKEY *pkey;
 		break;
 		}
 
-	if (EVP_PKEY_size(pkey) <= 512)
+	if (EVP_PKEY_size(pk) <= 512)
 		ret|=EVP_PKT_EXP;
+	if(pkey==NULL) EVP_PKEY_free(pk);
 	return(ret);
 	}
 
diff --git a/lib/libssl/src/crypto/x509/x509v3.doc b/lib/libssl/src/crypto/x509/x509v3.doc
deleted file mode 100644
index 1e760a94690..00000000000
--- a/lib/libssl/src/crypto/x509/x509v3.doc
+++ /dev/null
@@ -1,24 +0,0 @@
-The 'new' system.
-
-The X509_EXTENSION_METHOD includes extensions and attributes and/or names. 
-Basically everthing that can be added to an X509 with an OID identifying it.
-
-It operates via 2 methods per object id.
-int a2i_XXX(X509 *x,char *str,int len);
-int i2a_XXX(BIO *bp,X509 *x);
-
-The a2i_XXX function will add the object with a value converted from the
-string into the X509.  Len can be -1 in which case the length is calculated
-via strlen(str).   Applications can always use direct knowledge to load and
-unload the relevent objects themselves.
-
-i2a_XXX will print to the passed BIO, a text representation of the
-relevet object.  Use a memory BIO if you want it printed to a buffer :-).
-
-X509_add_by_NID(X509 *x,int nid,char *str,int len);
-X509_add_by_OBJ(X509 *x,ASN1_OBJECT *obj,char *str,int len);
-
-X509_print_by_name(BIO *bp,X509 *x);
-X509_print_by_NID(BIO *bp,X509 *x);
-X509_print_by_OBJ(BIO *bp,X509 *x);
-
diff --git a/lib/libssl/src/crypto/x509/x_all.c b/lib/libssl/src/crypto/x509/x_all.c
index b7dde23e9a9..f2af895df00 100644
--- a/lib/libssl/src/crypto/x509/x_all.c
+++ b/lib/libssl/src/crypto/x509/x_all.c
@@ -58,90 +58,74 @@
 
 #include <stdio.h>
 #undef SSLEAY_MACROS
-#include "stack.h"
+#include <openssl/stack.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "asn1.h"
-#include "evp.h"
-#include "x509.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
 
-int X509_verify(a,r)
-X509 *a;
-EVP_PKEY *r;
+int X509_verify(X509 *a, EVP_PKEY *r)
 	{
 	return(ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,
 		a->signature,(char *)a->cert_info,r));
 	}
 
-int X509_REQ_verify(a,r)
-X509_REQ *a;
-EVP_PKEY *r;
+int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
 	{
 	return( ASN1_verify((int (*)())i2d_X509_REQ_INFO,
 		a->sig_alg,a->signature,(char *)a->req_info,r));
 	}
 
-int X509_CRL_verify(a,r)
-X509_CRL *a;
-EVP_PKEY *r;
+int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r)
 	{
 	return(ASN1_verify((int (*)())i2d_X509_CRL_INFO,
 		a->sig_alg, a->signature,(char *)a->crl,r));
 	}
 
-int NETSCAPE_SPKI_verify(a,r)
-NETSCAPE_SPKI *a;
-EVP_PKEY *r;
+int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
 	{
 	return(ASN1_verify((int (*)())i2d_NETSCAPE_SPKAC,
 		a->sig_algor,a->signature, (char *)a->spkac,r));
 	}
 
-int X509_sign(x,pkey,md)
-X509 *x;
-EVP_PKEY *pkey;
-EVP_MD *md;
+int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
 	{
 	return(ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature,
 		x->sig_alg, x->signature, (char *)x->cert_info,pkey,md));
 	}
 
-int X509_REQ_sign(x,pkey,md)
-X509_REQ *x;
-EVP_PKEY *pkey;
-EVP_MD *md;
+int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
 	{
 	return(ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL,
 		x->signature, (char *)x->req_info,pkey,md));
 	}
 
-int X509_CRL_sign(x,pkey,md)
-X509_CRL *x;
-EVP_PKEY *pkey;
-EVP_MD *md;
+int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
 	{
 	return(ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,
 		x->sig_alg, x->signature, (char *)x->crl,pkey,md));
 	}
 
-int NETSCAPE_SPKI_sign(x,pkey,md)
-NETSCAPE_SPKI *x;
-EVP_PKEY *pkey;
-EVP_MD *md;
+int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
 	{
 	return(ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL,
 		x->signature, (char *)x->spkac,pkey,md));
 	}
 
-X509 *X509_dup(x509)
-X509 *x509;
+X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa)
+	{
+	return((X509_ATTRIBUTE *)ASN1_dup((int (*)())i2d_X509_ATTRIBUTE,
+		(char *(*)())d2i_X509_ATTRIBUTE,(char *)xa));
+	}
+
+X509 *X509_dup(X509 *x509)
 	{
 	return((X509 *)ASN1_dup((int (*)())i2d_X509,
 		(char *(*)())d2i_X509,(char *)x509));
 	}
 
-X509_EXTENSION *X509_EXTENSION_dup(ex)
-X509_EXTENSION *ex;
+X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex)
 	{
 	return((X509_EXTENSION *)ASN1_dup(
 		(int (*)())i2d_X509_EXTENSION,
@@ -149,237 +133,184 @@ X509_EXTENSION *ex;
 	}
 
 #ifndef NO_FP_API
-X509 *d2i_X509_fp(fp,x509)
-FILE *fp;
-X509 *x509;
+X509 *d2i_X509_fp(FILE *fp, X509 **x509)
 	{
 	return((X509 *)ASN1_d2i_fp((char *(*)())X509_new,
 		(char *(*)())d2i_X509, (fp),(unsigned char **)(x509)));
 	}
 
-int i2d_X509_fp(fp,x509)
-FILE *fp;
-X509 *x509;
+int i2d_X509_fp(FILE *fp, X509 *x509)
 	{
 	return(ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509));
 	}
 #endif
 
-X509 *d2i_X509_bio(bp,x509)
-BIO *bp;
-X509 *x509;
+X509 *d2i_X509_bio(BIO *bp, X509 **x509)
 	{
 	return((X509 *)ASN1_d2i_bio((char *(*)())X509_new,
 		(char *(*)())d2i_X509, (bp),(unsigned char **)(x509)));
 	}
 
-int i2d_X509_bio(bp,x509)
-BIO *bp;
-X509 *x509;
+int i2d_X509_bio(BIO *bp, X509 *x509)
 	{
 	return(ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509));
 	}
 
-X509_CRL *X509_CRL_dup(crl)
-X509_CRL *crl;
+X509_CRL *X509_CRL_dup(X509_CRL *crl)
 	{
 	return((X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL,
 		(char *(*)())d2i_X509_CRL,(char *)crl));
 	}
 
 #ifndef NO_FP_API
-X509_CRL *d2i_X509_CRL_fp(fp,crl)
-FILE *fp;
-X509_CRL *crl;
+X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl)
 	{
 	return((X509_CRL *)ASN1_d2i_fp((char *(*)())
 		X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),
 		(unsigned char **)(crl)));
 	}
 
-int i2d_X509_CRL_fp(fp,crl)
-FILE *fp;
-X509_CRL *crl;
+int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl)
 	{
 	return(ASN1_i2d_fp(i2d_X509_CRL,fp,(unsigned char *)crl));
 	}
 #endif
 
-X509_CRL *d2i_X509_CRL_bio(bp,crl)
-BIO *bp;
-X509_CRL *crl;
+X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl)
 	{
 	return((X509_CRL *)ASN1_d2i_bio((char *(*)())
 		X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),
 		(unsigned char **)(crl)));
 	}
 
-int i2d_X509_CRL_bio(bp,crl)
-BIO *bp;
-X509_CRL *crl;
+int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl)
 	{
 	return(ASN1_i2d_bio(i2d_X509_CRL,bp,(unsigned char *)crl));
 	}
 
-PKCS7 *PKCS7_dup(p7)
-PKCS7 *p7;
+PKCS7 *PKCS7_dup(PKCS7 *p7)
 	{
 	return((PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7,
 		(char *(*)())d2i_PKCS7,(char *)p7));
 	}
 
 #ifndef NO_FP_API
-PKCS7 *d2i_PKCS7_fp(fp,p7)
-FILE *fp;
-PKCS7 *p7;
+PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7)
 	{
 	return((PKCS7 *)ASN1_d2i_fp((char *(*)())
 		PKCS7_new,(char *(*)())d2i_PKCS7, (fp),
 		(unsigned char **)(p7)));
 	}
 
-int i2d_PKCS7_fp(fp,p7)
-FILE *fp;
-PKCS7 *p7;
+int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7)
 	{
 	return(ASN1_i2d_fp(i2d_PKCS7,fp,(unsigned char *)p7));
 	}
 #endif
 
-PKCS7 *d2i_PKCS7_bio(bp,p7)
-BIO *bp;
-PKCS7 *p7;
+PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7)
 	{
 	return((PKCS7 *)ASN1_d2i_bio((char *(*)())
 		PKCS7_new,(char *(*)())d2i_PKCS7, (bp),
 		(unsigned char **)(p7)));
 	}
 
-int i2d_PKCS7_bio(bp,p7)
-BIO *bp;
-PKCS7 *p7;
+int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7)
 	{
 	return(ASN1_i2d_bio(i2d_PKCS7,bp,(unsigned char *)p7));
 	}
 
-X509_REQ *X509_REQ_dup(req)
-X509_REQ *req;
+X509_REQ *X509_REQ_dup(X509_REQ *req)
 	{
 	return((X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ,
 		(char *(*)())d2i_X509_REQ,(char *)req));
 	}
 
 #ifndef NO_FP_API
-X509_REQ *d2i_X509_REQ_fp(fp,req)
-FILE *fp;
-X509_REQ *req;
+X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req)
 	{
 	return((X509_REQ *)ASN1_d2i_fp((char *(*)())
 		X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),
 		(unsigned char **)(req)));
 	}
 
-int i2d_X509_REQ_fp(fp,req)
-FILE *fp;
-X509_REQ *req;
+int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req)
 	{
 	return(ASN1_i2d_fp(i2d_X509_REQ,fp,(unsigned char *)req));
 	}
 #endif
 
-X509_REQ *d2i_X509_REQ_bio(bp,req)
-BIO *bp;
-X509_REQ *req;
+X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req)
 	{
 	return((X509_REQ *)ASN1_d2i_bio((char *(*)())
 		X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),
 		(unsigned char **)(req)));
 	}
 
-int i2d_X509_REQ_bio(bp,req)
-BIO *bp;
-X509_REQ *req;
+int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req)
 	{
 	return(ASN1_i2d_bio(i2d_X509_REQ,bp,(unsigned char *)req));
 	}
 
 #ifndef NO_RSA
-RSA *RSAPublicKey_dup(rsa)
-RSA *rsa;
+RSA *RSAPublicKey_dup(RSA *rsa)
 	{
 	return((RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey,
 		(char *(*)())d2i_RSAPublicKey,(char *)rsa));
 	}
 
-RSA *RSAPrivateKey_dup(rsa)
-RSA *rsa;
+RSA *RSAPrivateKey_dup(RSA *rsa)
 	{
 	return((RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey,
 		(char *(*)())d2i_RSAPrivateKey,(char *)rsa));
 	}
 
 #ifndef NO_FP_API
-RSA *d2i_RSAPrivateKey_fp(fp,rsa)
-FILE *fp;
-RSA *rsa;
+RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa)
 	{
 	return((RSA *)ASN1_d2i_fp((char *(*)())
 		RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp),
 		(unsigned char **)(rsa)));
 	}
 
-int i2d_RSAPrivateKey_fp(fp,rsa)
-FILE *fp;
-RSA *rsa;
+int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa)
 	{
 	return(ASN1_i2d_fp(i2d_RSAPrivateKey,fp,(unsigned char *)rsa));
 	}
 
-RSA *d2i_RSAPublicKey_fp(fp,rsa)
-FILE *fp;
-RSA *rsa;
+RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa)
 	{
 	return((RSA *)ASN1_d2i_fp((char *(*)())
 		RSA_new,(char *(*)())d2i_RSAPublicKey, (fp),
 		(unsigned char **)(rsa)));
 	}
 
-int i2d_RSAPublicKey_fp(fp,rsa)
-FILE *fp;
-RSA *rsa;
+int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa)
 	{
 	return(ASN1_i2d_fp(i2d_RSAPublicKey,fp,(unsigned char *)rsa));
 	}
 #endif
 
-RSA *d2i_RSAPrivateKey_bio(bp,rsa)
-BIO *bp;
-RSA *rsa;
+RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa)
 	{
 	return((RSA *)ASN1_d2i_bio((char *(*)())
 		RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp),
 		(unsigned char **)(rsa)));
 	}
 
-int i2d_RSAPrivateKey_bio(bp,rsa)
-BIO *bp;
-RSA *rsa;
+int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa)
 	{
 	return(ASN1_i2d_bio(i2d_RSAPrivateKey,bp,(unsigned char *)rsa));
 	}
 
-RSA *d2i_RSAPublicKey_bio(bp,rsa)
-BIO *bp;
-RSA *rsa;
+RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa)
 	{
 	return((RSA *)ASN1_d2i_bio((char *(*)())
 		RSA_new,(char *(*)())d2i_RSAPublicKey, (bp),
 		(unsigned char **)(rsa)));
 	}
 
-int i2d_RSAPublicKey_bio(bp,rsa)
-BIO *bp;
-RSA *rsa;
+int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa)
 	{
 	return(ASN1_i2d_bio(i2d_RSAPublicKey,bp,(unsigned char *)rsa));
 	}
@@ -387,79 +318,120 @@ RSA *rsa;
 
 #ifndef NO_DSA
 #ifndef NO_FP_API
-DSA *d2i_DSAPrivateKey_fp(fp,dsa)
-FILE *fp;
-DSA *dsa;
+DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa)
 	{
 	return((DSA *)ASN1_d2i_fp((char *(*)())
 		DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp),
 		(unsigned char **)(dsa)));
 	}
 
-int i2d_DSAPrivateKey_fp(fp,dsa)
-FILE *fp;
-DSA *dsa;
+int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa)
 	{
 	return(ASN1_i2d_fp(i2d_DSAPrivateKey,fp,(unsigned char *)dsa));
 	}
 #endif
 
-DSA *d2i_DSAPrivateKey_bio(bp,dsa)
-BIO *bp;
-DSA *dsa;
+DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa)
 	{
 	return((DSA *)ASN1_d2i_bio((char *(*)())
 		DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp),
 		(unsigned char **)(dsa)));
 	}
 
-int i2d_DSAPrivateKey_bio(bp,dsa)
-BIO *bp;
-DSA *dsa;
+int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa)
 	{
 	return(ASN1_i2d_bio(i2d_DSAPrivateKey,bp,(unsigned char *)dsa));
 	}
 #endif
 
-X509_NAME *X509_NAME_dup(xn)
-X509_NAME *xn;
+X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn)
+	{
+	return((X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,
+	(char *(*)())d2i_X509_ALGOR,(char *)xn));
+	}
+
+X509_NAME *X509_NAME_dup(X509_NAME *xn)
 	{
 	return((X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME,
 		(char *(*)())d2i_X509_NAME,(char *)xn));
 	}
 
-X509_NAME_ENTRY *X509_NAME_ENTRY_dup(ne)
-X509_NAME_ENTRY *ne;
+X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne)
 	{
 	return((X509_NAME_ENTRY *)ASN1_dup((int (*)())i2d_X509_NAME_ENTRY,
 		(char *(*)())d2i_X509_NAME_ENTRY,(char *)ne));
 	}
 
-int X509_digest(data,type,md,len)
-X509 *data;
-EVP_MD *type;
-unsigned char *md;
-unsigned int *len;
+int X509_digest(X509 *data, EVP_MD *type, unsigned char *md,
+	     unsigned int *len)
 	{
 	return(ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len));
 	}
 
-int X509_NAME_digest(data,type,md,len)
-X509_NAME *data;
-EVP_MD *type;
-unsigned char *md;
-unsigned int *len;
+int X509_NAME_digest(X509_NAME *data, EVP_MD *type, unsigned char *md,
+	     unsigned int *len)
 	{
 	return(ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len));
 	}
 
-int PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len)
-PKCS7_ISSUER_AND_SERIAL *data;
-EVP_MD *type;
-unsigned char *md;
-unsigned int *len;
+int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, EVP_MD *type,
+	     unsigned char *md, unsigned int *len)
 	{
 	return(ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,
 		(char *)data,md,len));
 	}
 
+
+#ifndef NO_FP_API
+X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8)
+	{
+	return((X509_SIG *)ASN1_d2i_fp((char *(*)())X509_SIG_new,
+		(char *(*)())d2i_X509_SIG, (fp),(unsigned char **)(p8)));
+	}
+
+int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8)
+	{
+	return(ASN1_i2d_fp(i2d_X509_SIG,fp,(unsigned char *)p8));
+	}
+#endif
+
+X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8)
+	{
+	return((X509_SIG *)ASN1_d2i_bio((char *(*)())X509_SIG_new,
+		(char *(*)())d2i_X509_SIG, (bp),(unsigned char **)(p8)));
+	}
+
+int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8)
+	{
+	return(ASN1_i2d_bio(i2d_X509_SIG,bp,(unsigned char *)p8));
+	}
+
+#ifndef NO_FP_API
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
+						 PKCS8_PRIV_KEY_INFO **p8inf)
+	{
+	return((PKCS8_PRIV_KEY_INFO *)ASN1_d2i_fp(
+		(char *(*)())PKCS8_PRIV_KEY_INFO_new,
+		(char *(*)())d2i_PKCS8_PRIV_KEY_INFO, (fp),
+				(unsigned char **)(p8inf)));
+	}
+
+int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf)
+	{
+	return(ASN1_i2d_fp(i2d_PKCS8_PRIV_KEY_INFO,fp,(unsigned char *)p8inf));
+	}
+#endif
+
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
+						 PKCS8_PRIV_KEY_INFO **p8inf)
+	{
+	return((PKCS8_PRIV_KEY_INFO *)ASN1_d2i_bio(
+		(char *(*)())PKCS8_PRIV_KEY_INFO_new,
+		(char *(*)())d2i_PKCS8_PRIV_KEY_INFO, (bp),
+				(unsigned char **)(p8inf)));
+	}
+
+int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf)
+	{
+	return(ASN1_i2d_bio(i2d_PKCS8_PRIV_KEY_INFO,bp,(unsigned char *)p8inf));
+	}
diff --git a/lib/libssl/src/crypto/x509v3/Makefile.ssl b/lib/libssl/src/crypto/x509v3/Makefile.ssl
new file mode 100644
index 00000000000..57006e68754
--- /dev/null
+++ b/lib/libssl/src/crypto/x509v3/Makefile.ssl
@@ -0,0 +1,432 @@
+#
+# SSLeay/crypto/x509v3/Makefile
+#
+
+DIR=	x509v3
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=	v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c \
+v3_lib.c v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c \
+v3_pku.c v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c
+LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \
+v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \
+v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= x509v3.h
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+v3_akey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+v3_akey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_akey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_akey.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_akey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_akey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_akey.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_akey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_akey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_akey.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+v3_akey.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+v3_akey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_akey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_akey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_akey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_akey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_akey.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+v3_akey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_akey.o: ../cryptlib.h
+v3_alt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_alt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_alt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_alt.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_alt.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+v3_alt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+v3_alt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_alt.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_alt.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_alt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_alt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_alt.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_alt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_alt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_alt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_alt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_alt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_alt.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_bcons.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+v3_bcons.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_bcons.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_bcons.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_bcons.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_bcons.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_bcons.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_bcons.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_bcons.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_bcons.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+v3_bcons.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+v3_bcons.o: ../../include/openssl/opensslconf.h
+v3_bcons.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_bcons.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_bcons.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_bcons.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_bcons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_bcons.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_bcons.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_bitst.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_bitst.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_bitst.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_bitst.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+v3_bitst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+v3_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_bitst.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_bitst.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_bitst.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_bitst.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_bitst.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_conf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_conf.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_conf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_conf.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+v3_conf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+v3_conf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_conf.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_conf.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_conf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_conf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_conf.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_conf.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_conf.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_conf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_conf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_conf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_conf.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_cpols.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+v3_cpols.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_cpols.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_cpols.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_cpols.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_cpols.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_cpols.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_cpols.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_cpols.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_cpols.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+v3_cpols.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+v3_cpols.o: ../../include/openssl/opensslconf.h
+v3_cpols.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_cpols.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_cpols.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_cpols.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_cpols.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_cpols.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_cpols.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_crld.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+v3_crld.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_crld.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_crld.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_crld.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_crld.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_crld.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_crld.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_crld.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_crld.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+v3_crld.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+v3_crld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_crld.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_crld.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_crld.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_crld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_crld.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+v3_crld.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_crld.o: ../cryptlib.h
+v3_enum.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_enum.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_enum.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_enum.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_enum.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+v3_enum.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+v3_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_enum.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_enum.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_enum.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_enum.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_enum.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_enum.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_enum.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_enum.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_enum.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_enum.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_extku.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_extku.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_extku.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_extku.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_extku.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+v3_extku.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+v3_extku.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_extku.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_extku.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_extku.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_extku.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_extku.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_extku.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_extku.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_extku.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_extku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_extku.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_extku.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_genn.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+v3_genn.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_genn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_genn.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_genn.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_genn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_genn.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_genn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_genn.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_genn.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+v3_genn.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+v3_genn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_genn.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_genn.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_genn.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_genn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_genn.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+v3_genn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_genn.o: ../cryptlib.h
+v3_ia5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_ia5.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_ia5.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_ia5.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_ia5.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+v3_ia5.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+v3_ia5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_ia5.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_ia5.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_ia5.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_ia5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_ia5.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_ia5.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_ia5.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_ia5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_ia5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_ia5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_ia5.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_int.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_int.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_int.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_int.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_int.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+v3_int.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+v3_int.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_int.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_int.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_int.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_int.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_int.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_int.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_int.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_int.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_int.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_int.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_int.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_lib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+v3_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+v3_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_pku.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+v3_pku.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_pku.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_pku.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_pku.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_pku.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_pku.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_pku.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_pku.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_pku.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+v3_pku.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+v3_pku.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_pku.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_pku.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_pku.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_pku.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_pku.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+v3_pku.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_pku.o: ../cryptlib.h
+v3_prn.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_prn.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_prn.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_prn.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_prn.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+v3_prn.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+v3_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_prn.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_prn.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_prn.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_prn.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_prn.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_prn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_prn.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_skey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_skey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_skey.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_skey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+v3_skey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+v3_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_skey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_skey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_skey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_skey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_skey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_skey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_skey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_skey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_skey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_skey.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_sxnet.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+v3_sxnet.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_sxnet.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_sxnet.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_sxnet.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_sxnet.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_sxnet.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_sxnet.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_sxnet.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_sxnet.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+v3_sxnet.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+v3_sxnet.o: ../../include/openssl/opensslconf.h
+v3_sxnet.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_sxnet.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_sxnet.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_sxnet.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_sxnet.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_sxnet.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_sxnet.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_utl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_utl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_utl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_utl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_utl.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+v3_utl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+v3_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_utl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_utl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_utl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3_utl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_utl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_utl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_utl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_utl.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3err.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3err.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3err.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+v3err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3err.o: ../../include/openssl/x509v3.h
diff --git a/lib/libssl/src/crypto/x509v3/README b/lib/libssl/src/crypto/x509v3/README
new file mode 100644
index 00000000000..3b2cc047beb
--- /dev/null
+++ b/lib/libssl/src/crypto/x509v3/README
@@ -0,0 +1,4 @@
+WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+
+This is ***VERY*** new experimental code and is likely to change
+considerably or vanish altogether.
diff --git a/lib/libssl/src/crypto/x509v3/format b/lib/libssl/src/crypto/x509v3/format
deleted file mode 100644
index 33079781214..00000000000
--- a/lib/libssl/src/crypto/x509v3/format
+++ /dev/null
@@ -1,92 +0,0 @@
-AuthorityKeyIdentifier
-	{
-	keyIdentifier		[0] OCTET_STRING	OPTIONAL
-	authorityCertIssuer	[1] GeneralNames	OPTIONAL
-	authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL
-	}
-
-SubjectKeyIdentifier	OCTET_STRING
-
-KeyUsage
-	{
-	BIT_STRING
-		digitalSignature	0
-		nonRepudiation		1
-		keyEncipherment		2
-		dataEncipherment	3
-		keyAgreement		4
-		keyCertSign		5
-		cRLSign			6
-		encipherOnly		7
-		decipherOnly		8
-	}
-
-extKeyUsage
-	{
-	SEQUENCE of OBJECT_IDENTIFIER
-	}
-
-privateKeyUsagePeriod
-	{
-	notBefore	[0]	GeneralizedTime OPTIONAL
-	notAfter	[1]	GeneralizedTime OPTIONAL
-	}
-
-certificatePoliciesSyntax
-	SEQUENCE of PoliciesInformation
-
-PoliciesInformation	XXX
-policyMappings		XXX
-supportedAlgorithms	XXX
-
-subjectAltName
-	GeneralNames sequence of GeneralName
-
-GeneralName
-	{
-	otherName	[0] INSTANCE OF OTHER-NAME
-	rfc882Name	[1] IA5String
-	dNSName		[2] IA5String
-	x400Address	[3] ORAddress
-	directoryName	[4] Name
-	ediPartyName	[5] 
-				{
-				nameAssigner	[0] DirectoryString OPTIONAL
-				partyName	[1] DirectoryString
-				}
-	uniformResourceIdentifier [6] IA5String
-	iPAddress	[7] OCTET_STRING
-	registeredID	[8] OBJECT_IDENTIFIER
-	}
-
-issuerAltName
-	GeneralNames sequence of GeneralName
-
-subjectDirectoryAttribute SEQUENCE of Attribute
-
-basicConstraints
-	{
-	cA 			BOOLEAN default FALSE
-	pathLenConstraint	INTEGER OPTIONAL
-	}
-
-nameConstraints
-	{
-	permittedSubtrees [0] sequence of GeneralSubtree OPTIONAL
-	excludedSubtrees [1] sequence of GeneralSubtree OPTIONAL
-	}
-
-GeneralSubtree
-	{
-	base	GeneralName
-	minimum	[0] BaseDistance DEFAULT 0
-	maximum	[1] BaseDistance OPTIONAL
-	}
-
-PolicyConstraints
-	{
-	requiredExplicitPolicy	[0] SkipCerts OPTIONAL
-	inhibitPolicyMapping	[1] SkipCerts OPTIONAL
-	}
-SkipCerts == INTEGER
-
diff --git a/lib/libssl/src/crypto/x509v3/header b/lib/libssl/src/crypto/x509v3/header
deleted file mode 100644
index 3d791ca3dd6..00000000000
--- a/lib/libssl/src/crypto/x509v3/header
+++ /dev/null
@@ -1,6 +0,0 @@
-int		a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size)
-int		i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a)
-int		i2d_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp)
-ASN1_INTEGER *	d2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,long length)
-
-
diff --git a/lib/libssl/src/crypto/x509v3/v3_akey.c b/lib/libssl/src/crypto/x509v3/v3_akey.c
new file mode 100644
index 00000000000..4099e6019e3
--- /dev/null
+++ b/lib/libssl/src/crypto/x509v3/v3_akey.c
@@ -0,0 +1,249 @@
+/* v3_akey.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/x509v3.h>
+
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
+			AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist);
+static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
+			X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
+
+X509V3_EXT_METHOD v3_akey_id = {
+NID_authority_key_identifier, X509V3_EXT_MULTILINE,
+(X509V3_EXT_NEW)AUTHORITY_KEYID_new,
+(X509V3_EXT_FREE)AUTHORITY_KEYID_free,
+(X509V3_EXT_D2I)d2i_AUTHORITY_KEYID,
+(X509V3_EXT_I2D)i2d_AUTHORITY_KEYID,
+NULL, NULL,
+(X509V3_EXT_I2V)i2v_AUTHORITY_KEYID,
+(X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
+NULL,NULL,
+NULL
+};
+
+
+int i2d_AUTHORITY_KEYID(AUTHORITY_KEYID *a, unsigned char **pp)
+{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len_IMP_opt (a->keyid, i2d_ASN1_OCTET_STRING);
+	M_ASN1_I2D_len_IMP_opt (a->issuer, i2d_GENERAL_NAMES);
+	M_ASN1_I2D_len_IMP_opt (a->serial, i2d_ASN1_INTEGER);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put_IMP_opt (a->keyid, i2d_ASN1_OCTET_STRING, 0);
+	M_ASN1_I2D_put_IMP_opt (a->issuer, i2d_GENERAL_NAMES, 1);
+	M_ASN1_I2D_put_IMP_opt (a->serial, i2d_ASN1_INTEGER, 2);
+
+	M_ASN1_I2D_finish();
+}
+
+AUTHORITY_KEYID *AUTHORITY_KEYID_new(void)
+{
+	AUTHORITY_KEYID *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, AUTHORITY_KEYID);
+	ret->keyid = NULL;
+	ret->issuer = NULL;
+	ret->serial = NULL;
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_AUTHORITY_KEYID_NEW);
+}
+
+AUTHORITY_KEYID *d2i_AUTHORITY_KEYID(AUTHORITY_KEYID **a, unsigned char **pp,
+	     long length)
+{
+	M_ASN1_D2I_vars(a,AUTHORITY_KEYID *,AUTHORITY_KEYID_new);
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get_IMP_opt (ret->keyid, d2i_ASN1_OCTET_STRING, 0,
+							V_ASN1_OCTET_STRING);
+	M_ASN1_D2I_get_IMP_opt (ret->issuer, d2i_GENERAL_NAMES, 1,
+							V_ASN1_SEQUENCE);
+	M_ASN1_D2I_get_IMP_opt (ret->serial, d2i_ASN1_INTEGER, 2,
+							V_ASN1_INTEGER);
+	M_ASN1_D2I_Finish(a, AUTHORITY_KEYID_free, ASN1_F_D2I_AUTHORITY_KEYID);
+}
+
+void AUTHORITY_KEYID_free(AUTHORITY_KEYID *a)
+{
+	if (a == NULL) return;
+	ASN1_OCTET_STRING_free(a->keyid);
+	sk_GENERAL_NAME_pop_free(a->issuer, GENERAL_NAME_free);
+	ASN1_INTEGER_free (a->serial);
+	Free ((char *)a);
+}
+
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
+	     AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist)
+{
+	char *tmp;
+	if(akeyid->keyid) {
+		tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length);
+		X509V3_add_value("keyid", tmp, &extlist);
+		Free(tmp);
+	}
+	if(akeyid->issuer) 
+		extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
+	if(akeyid->serial) {
+		tmp = hex_to_string(akeyid->serial->data,
+						 akeyid->serial->length);
+		X509V3_add_value("serial", tmp, &extlist);
+		Free(tmp);
+	}
+	return extlist;
+}
+
+/* Currently two options:
+ * keyid: use the issuers subject keyid, the value 'always' means its is
+ * an error if the issuer certificate doesn't have a key id.
+ * issuer: use the issuers cert issuer and serial number. The default is
+ * to only use this if keyid is not present. With the option 'always'
+ * this is always included.
+ */
+
+static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
+	     X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
+{
+char keyid=0, issuer=0;
+int i;
+CONF_VALUE *cnf;
+ASN1_OCTET_STRING *ikeyid = NULL;
+X509_NAME *isname = NULL;
+STACK_OF(GENERAL_NAME) * gens = NULL;
+GENERAL_NAME *gen = NULL;
+ASN1_INTEGER *serial = NULL;
+X509_EXTENSION *ext;
+X509 *cert;
+AUTHORITY_KEYID *akeyid;
+for(i = 0; i < sk_CONF_VALUE_num(values); i++) {
+	cnf = sk_CONF_VALUE_value(values, i);
+	if(!strcmp(cnf->name, "keyid")) {
+		keyid = 1;
+		if(cnf->value && !strcmp(cnf->value, "always")) keyid = 2;
+	} else if(!strcmp(cnf->name, "issuer")) {
+		issuer = 1;
+		if(cnf->value && !strcmp(cnf->value, "always")) issuer = 2;
+	} else {
+		X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNKNOWN_OPTION);
+		ERR_add_error_data(2, "name=", cnf->name);
+		return NULL;
+	}
+}
+
+
+
+if(!ctx || !ctx->issuer_cert) {
+	if(ctx && (ctx->flags==CTX_TEST)) return AUTHORITY_KEYID_new();
+	X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE);
+	return NULL;
+}
+
+cert = ctx->issuer_cert;
+
+if(keyid) {
+	i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
+	if((i >= 0)  && (ext = X509_get_ext(cert, i)))
+						 ikeyid = X509V3_EXT_d2i(ext);
+	if(keyid==2 && !ikeyid) {
+		X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
+		return NULL;
+	}
+}
+
+if((issuer && !ikeyid) || (issuer == 2)) {
+	isname = X509_NAME_dup(X509_get_issuer_name(cert));
+	serial = ASN1_INTEGER_dup(X509_get_serialNumber(cert));
+	if(!isname || !serial) {
+		X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
+		goto err;
+	}
+}
+
+if(!(akeyid = AUTHORITY_KEYID_new())) goto err;
+
+if(isname) {
+	if(!(gens = sk_GENERAL_NAME_new(NULL)) || !(gen = GENERAL_NAME_new())
+		|| !sk_GENERAL_NAME_push(gens, gen)) {
+		X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE);
+		goto err;
+	}
+	gen->type = GEN_DIRNAME;
+	gen->d.dirn = isname;
+}
+
+akeyid->issuer = gens;
+akeyid->serial = serial;
+akeyid->keyid = ikeyid;
+
+return akeyid;
+
+err:
+X509_NAME_free(isname);
+ASN1_INTEGER_free(serial);
+ASN1_OCTET_STRING_free(ikeyid);
+return NULL;
+
+}
+
diff --git a/lib/libssl/src/crypto/x509v3/v3_alt.c b/lib/libssl/src/crypto/x509v3/v3_alt.c
new file mode 100644
index 00000000000..b5e1f8af960
--- /dev/null
+++ b/lib/libssl/src/crypto/x509v3/v3_alt.c
@@ -0,0 +1,402 @@
+/* v3_alt.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+static STACK_OF(GENERAL_NAME) *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static STACK_OF(GENERAL_NAME) *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens);
+static int copy_issuer(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens);
+X509V3_EXT_METHOD v3_alt[] = {
+{ NID_subject_alt_name, 0,
+(X509V3_EXT_NEW)GENERAL_NAMES_new,
+(X509V3_EXT_FREE)GENERAL_NAMES_free,
+(X509V3_EXT_D2I)d2i_GENERAL_NAMES,
+(X509V3_EXT_I2D)i2d_GENERAL_NAMES,
+NULL, NULL,
+(X509V3_EXT_I2V)i2v_GENERAL_NAMES,
+(X509V3_EXT_V2I)v2i_subject_alt,
+NULL, NULL, NULL},
+{ NID_issuer_alt_name, 0,
+(X509V3_EXT_NEW)GENERAL_NAMES_new,
+(X509V3_EXT_FREE)GENERAL_NAMES_free,
+(X509V3_EXT_D2I)d2i_GENERAL_NAMES,
+(X509V3_EXT_I2D)i2d_GENERAL_NAMES,
+NULL, NULL,
+(X509V3_EXT_I2V)i2v_GENERAL_NAMES,
+(X509V3_EXT_V2I)v2i_issuer_alt,
+NULL, NULL, NULL},
+EXT_END
+};
+
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
+		STACK_OF(GENERAL_NAME) *gens, STACK_OF(CONF_VALUE) *ret)
+{
+	int i;
+	GENERAL_NAME *gen;
+	for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+		gen = sk_GENERAL_NAME_value(gens, i);
+		ret = i2v_GENERAL_NAME(method, gen, ret);
+	}
+	if(!ret) return sk_CONF_VALUE_new_null();
+	return ret;
+}
+
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
+				GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret)
+{
+	char oline[256];
+	unsigned char *p;
+	switch (gen->type)
+	{
+		case GEN_OTHERNAME:
+		X509V3_add_value("othername","<unsupported>", &ret);
+		break;
+
+		case GEN_X400:
+		X509V3_add_value("X400Name","<unsupported>", &ret);
+		break;
+
+		case GEN_EDIPARTY:
+		X509V3_add_value("EdiPartyName","<unsupported>", &ret);
+		break;
+
+		case GEN_EMAIL:
+		X509V3_add_value_uchar("email",gen->d.ia5->data, &ret);
+		break;
+
+		case GEN_DNS:
+		X509V3_add_value_uchar("DNS",gen->d.ia5->data, &ret);
+		break;
+
+		case GEN_URI:
+		X509V3_add_value_uchar("URI",gen->d.ia5->data, &ret);
+		break;
+
+		case GEN_DIRNAME:
+		X509_NAME_oneline(gen->d.dirn, oline, 256);
+		X509V3_add_value("DirName",oline, &ret);
+		break;
+
+		case GEN_IPADD:
+		p = gen->d.ip->data;
+		/* BUG: doesn't support IPV6 */
+		if(gen->d.ip->length != 4) {
+			X509V3_add_value("IP Address","<invalid>", &ret);
+			break;
+		}
+		sprintf(oline, "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
+		X509V3_add_value("IP Address",oline, &ret);
+		break;
+
+		case GEN_RID:
+		i2t_ASN1_OBJECT(oline, 256, gen->d.rid);
+		X509V3_add_value("Registered ID",oline, &ret);
+		break;
+	}
+	return ret;
+}
+
+static STACK_OF(GENERAL_NAME) *v2i_issuer_alt(X509V3_EXT_METHOD *method,
+				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+	STACK_OF(GENERAL_NAME) *gens = NULL;
+	CONF_VALUE *cnf;
+	int i;
+	if(!(gens = sk_GENERAL_NAME_new(NULL))) {
+		X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+		cnf = sk_CONF_VALUE_value(nval, i);
+		if(!name_cmp(cnf->name, "issuer") && cnf->value &&
+						!strcmp(cnf->value, "copy")) {
+			if(!copy_issuer(ctx, gens)) goto err;
+		} else {
+			GENERAL_NAME *gen;
+			if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
+								 goto err; 
+			sk_GENERAL_NAME_push(gens, gen);
+		}
+	}
+	return gens;
+	err:
+	sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+	return NULL;
+}
+
+/* Append subject altname of issuer to issuer alt name of subject */
+
+static int copy_issuer(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens)
+{
+	STACK_OF(GENERAL_NAME) *ialt;
+	GENERAL_NAME *gen;
+	X509_EXTENSION *ext;
+	int i;
+	if(ctx && (ctx->flags == CTX_TEST)) return 1;
+	if(!ctx || !ctx->issuer_cert) {
+		X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_NO_ISSUER_DETAILS);
+		goto err;
+	}
+        i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1);
+	if(i < 0) return 1;
+        if(!(ext = X509_get_ext(ctx->issuer_cert, i)) ||
+                        !(ialt = X509V3_EXT_d2i(ext)) ) {
+		X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_ISSUER_DECODE_ERROR);
+		goto err;
+	}
+
+	for(i = 0; i < sk_GENERAL_NAME_num(ialt); i++) {
+		gen = sk_GENERAL_NAME_value(ialt, i);
+		if(!sk_GENERAL_NAME_push(gens, gen)) {
+			X509V3err(X509V3_F_COPY_ISSUER,ERR_R_MALLOC_FAILURE);
+			goto err;
+		}
+	}
+	sk_GENERAL_NAME_free(ialt);
+
+	return 1;
+		
+	err:
+	return 0;
+	
+}
+
+static STACK_OF(GENERAL_NAME) *v2i_subject_alt(X509V3_EXT_METHOD *method,
+				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+	STACK_OF(GENERAL_NAME) *gens = NULL;
+	CONF_VALUE *cnf;
+	int i;
+	if(!(gens = sk_GENERAL_NAME_new(NULL))) {
+		X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+		cnf = sk_CONF_VALUE_value(nval, i);
+		if(!name_cmp(cnf->name, "email") && cnf->value &&
+						!strcmp(cnf->value, "copy")) {
+			if(!copy_email(ctx, gens)) goto err;
+		} else {
+			GENERAL_NAME *gen;
+			if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
+								 goto err; 
+			sk_GENERAL_NAME_push(gens, gen);
+		}
+	}
+	return gens;
+	err:
+	sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+	return NULL;
+}
+
+/* Copy any email addresses in a certificate or request to 
+ * GENERAL_NAMES
+ */
+
+static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens)
+{
+	X509_NAME *nm;
+	ASN1_IA5STRING *email = NULL;
+	X509_NAME_ENTRY *ne;
+	GENERAL_NAME *gen = NULL;
+	int i;
+	if(ctx->flags == CTX_TEST) return 1;
+	if(!ctx || (!ctx->subject_cert && !ctx->subject_req)) {
+		X509V3err(X509V3_F_COPY_EMAIL,X509V3_R_NO_SUBJECT_DETAILS);
+		goto err;
+	}
+	/* Find the subject name */
+	if(ctx->subject_cert) nm = X509_get_subject_name(ctx->subject_cert);
+	else nm = X509_REQ_get_subject_name(ctx->subject_req);
+
+	/* Now add any email address(es) to STACK */
+	i = -1;
+	while((i = X509_NAME_get_index_by_NID(nm,
+					 NID_pkcs9_emailAddress, i)) > 0) {
+		ne = X509_NAME_get_entry(nm, i);
+		email = ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne));
+		if(!email || !(gen = GENERAL_NAME_new())) {
+			X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE);
+			goto err;
+		}
+		gen->d.ia5 = email;
+		email = NULL;
+		gen->type = GEN_EMAIL;
+		if(!sk_GENERAL_NAME_push(gens, gen)) {
+			X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE);
+			goto err;
+		}
+		gen = NULL;
+	}
+
+	
+	return 1;
+		
+	err:
+	GENERAL_NAME_free(gen);
+	ASN1_IA5STRING_free(email);
+	return 0;
+	
+}
+
+STACK_OF(GENERAL_NAME) *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
+				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+	GENERAL_NAME *gen;
+	STACK_OF(GENERAL_NAME) *gens = NULL;
+	CONF_VALUE *cnf;
+	int i;
+	if(!(gens = sk_GENERAL_NAME_new(NULL))) {
+		X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+		cnf = sk_CONF_VALUE_value(nval, i);
+		if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err; 
+		sk_GENERAL_NAME_push(gens, gen);
+	}
+	return gens;
+	err:
+	sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+	return NULL;
+}
+
+GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+							 CONF_VALUE *cnf)
+{
+char is_string = 0;
+int type;
+GENERAL_NAME *gen = NULL;
+
+char *name, *value;
+
+name = cnf->name;
+value = cnf->value;
+
+if(!value) {
+	X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_MISSING_VALUE);
+	return NULL;
+}
+
+if(!(gen = GENERAL_NAME_new())) {
+	X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
+	return NULL;
+}
+
+if(!name_cmp(name, "email")) {
+	is_string = 1;
+	type = GEN_EMAIL;
+} else if(!name_cmp(name, "URI")) {
+	is_string = 1;
+	type = GEN_URI;
+} else if(!name_cmp(name, "DNS")) {
+	is_string = 1;
+	type = GEN_DNS;
+} else if(!name_cmp(name, "RID")) {
+	ASN1_OBJECT *obj;
+	if(!(obj = OBJ_txt2obj(value,0))) {
+		X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_OBJECT);
+		ERR_add_error_data(2, "value=", value);
+		goto err;
+	}
+	gen->d.rid = obj;
+	type = GEN_RID;
+} else if(!name_cmp(name, "IP")) {
+	int i1,i2,i3,i4;
+	unsigned char ip[4];
+	if((sscanf(value, "%d.%d.%d.%d",&i1,&i2,&i3,&i4) != 4) ||
+	    (i1 < 0) || (i1 > 255) || (i2 < 0) || (i2 > 255) ||
+	    (i3 < 0) || (i3 > 255) || (i4 < 0) || (i4 > 255) ) {
+		X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_IP_ADDRESS);
+		ERR_add_error_data(2, "value=", value);
+		goto err;
+	}
+	ip[0] = i1; ip[1] = i2 ; ip[2] = i3 ; ip[3] = i4;
+	if(!(gen->d.ip = ASN1_OCTET_STRING_new()) ||
+		!ASN1_STRING_set(gen->d.ip, ip, 4)) {
+			X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
+			goto err;
+	}
+	type = GEN_IPADD;
+} else {
+	X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_UNSUPPORTED_OPTION);
+	ERR_add_error_data(2, "name=", name);
+	goto err;
+}
+
+if(is_string) {
+	if(!(gen->d.ia5 = ASN1_IA5STRING_new()) ||
+		      !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value,
+				       strlen(value))) {
+		X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
+		goto err;
+	}
+}
+
+gen->type = type;
+
+return gen;
+
+err:
+GENERAL_NAME_free(gen);
+return NULL;
+}
diff --git a/lib/libssl/src/crypto/x509v3/v3_bcons.c b/lib/libssl/src/crypto/x509v3/v3_bcons.c
new file mode 100644
index 00000000000..de2f855c35f
--- /dev/null
+++ b/lib/libssl/src/crypto/x509v3/v3_bcons.c
@@ -0,0 +1,164 @@
+/* v3_bcons.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist);
+static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
+
+X509V3_EXT_METHOD v3_bcons = {
+NID_basic_constraints, 0,
+(X509V3_EXT_NEW)BASIC_CONSTRAINTS_new,
+(X509V3_EXT_FREE)BASIC_CONSTRAINTS_free,
+(X509V3_EXT_D2I)d2i_BASIC_CONSTRAINTS,
+(X509V3_EXT_I2D)i2d_BASIC_CONSTRAINTS,
+NULL, NULL,
+(X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS,
+(X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS,
+NULL,NULL,
+NULL
+};
+
+
+int i2d_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS *a, unsigned char **pp)
+{
+	M_ASN1_I2D_vars(a);
+	if(a->ca) M_ASN1_I2D_len (a->ca, i2d_ASN1_BOOLEAN);
+	M_ASN1_I2D_len (a->pathlen, i2d_ASN1_INTEGER);
+
+	M_ASN1_I2D_seq_total();
+
+	if (a->ca) M_ASN1_I2D_put (a->ca, i2d_ASN1_BOOLEAN);
+	M_ASN1_I2D_put (a->pathlen, i2d_ASN1_INTEGER);
+	M_ASN1_I2D_finish();
+}
+
+BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new(void)
+{
+	BASIC_CONSTRAINTS *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, BASIC_CONSTRAINTS);
+	ret->ca = 0;
+	ret->pathlen = NULL;
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_BASIC_CONSTRAINTS_NEW);
+}
+
+BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a,
+	     unsigned char **pp, long length)
+{
+	M_ASN1_D2I_vars(a,BASIC_CONSTRAINTS *,BASIC_CONSTRAINTS_new);
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	if((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) ==
+		 (V_ASN1_UNIVERSAL|V_ASN1_BOOLEAN) ) {
+			M_ASN1_D2I_get_int (ret->ca, d2i_ASN1_BOOLEAN);
+	}
+	M_ASN1_D2I_get_opt (ret->pathlen, d2i_ASN1_INTEGER, V_ASN1_INTEGER);
+	M_ASN1_D2I_Finish(a, BASIC_CONSTRAINTS_free, ASN1_F_D2I_BASIC_CONSTRAINTS);
+}
+
+void BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a)
+{
+	if (a == NULL) return;
+	ASN1_INTEGER_free (a->pathlen);
+	Free ((char *)a);
+}
+
+static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
+	     BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist)
+{
+	X509V3_add_value_bool("CA", bcons->ca, &extlist);
+	X509V3_add_value_int("pathlen", bcons->pathlen, &extlist);
+	return extlist;
+}
+
+static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
+	     X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
+{
+	BASIC_CONSTRAINTS *bcons=NULL;
+	CONF_VALUE *val;
+	int i;
+	if(!(bcons = BASIC_CONSTRAINTS_new())) {
+		X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	for(i = 0; i < sk_CONF_VALUE_num(values); i++) {
+		val = sk_CONF_VALUE_value(values, i);
+		if(!strcmp(val->name, "CA")) {
+			if(!X509V3_get_value_bool(val, &bcons->ca)) goto err;
+		} else if(!strcmp(val->name, "pathlen")) {
+			if(!X509V3_get_value_int(val, &bcons->pathlen)) goto err;
+		} else {
+			X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, X509V3_R_INVALID_NAME);
+			X509V3_conf_err(val);
+			goto err;
+		}
+	}
+	return bcons;
+	err:
+	BASIC_CONSTRAINTS_free(bcons);
+	return NULL;
+}
+
diff --git a/lib/libssl/src/crypto/x509v3/v3_bitst.c b/lib/libssl/src/crypto/x509v3/v3_bitst.c
new file mode 100644
index 00000000000..9828ba15b3d
--- /dev/null
+++ b/lib/libssl/src/crypto/x509v3/v3_bitst.c
@@ -0,0 +1,147 @@
+/* v3_bitst.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+static ASN1_BIT_STRING *asn1_bit_string_new(void);
+static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
+				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
+				ASN1_BIT_STRING *bits,
+				STACK_OF(CONF_VALUE) *extlist);
+static BIT_STRING_BITNAME ns_cert_type_table[] = {
+{0, "SSL Client", "client"},
+{1, "SSL Server", "server"},
+{2, "S/MIME", "email"},
+{3, "Object Signing", "objsign"},
+{4, "Unused", "reserved"},
+{5, "SSL CA", "sslCA"},
+{6, "S/MIME CA", "emailCA"},
+{7, "Object Signing CA", "objCA"},
+{-1, NULL, NULL}
+};
+
+static BIT_STRING_BITNAME key_usage_type_table[] = {
+{0, "Digital Signature", "digitalSignature"},
+{1, "Non Repudiation", "nonRepudiation"},
+{2, "Key Encipherment", "keyEncipherment"},
+{3, "Data Encipherment", "dataEncipherment"},
+{4, "Key Agreement", "keyAgreement"},
+{5, "Certificate Sign", "keyCertSign"},
+{6, "CRL Sign", "cRLSign"},
+{7, "Encipher Only", "encipherOnly"},
+{8, "Decipher Only", "decipherOnly"},
+{-1, NULL, NULL}
+};
+
+
+
+X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table);
+X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table);
+
+static ASN1_BIT_STRING *asn1_bit_string_new(void)
+{
+	return ASN1_BIT_STRING_new();
+}
+
+static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
+	     ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *ret)
+{
+	BIT_STRING_BITNAME *bnam;
+	for(bnam =method->usr_data; bnam->lname; bnam++) {
+		if(ASN1_BIT_STRING_get_bit(bits, bnam->bitnum)) 
+			X509V3_add_value(bnam->lname, NULL, &ret);
+	}
+	return ret;
+}
+	
+static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
+	     X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+	CONF_VALUE *val;
+	ASN1_BIT_STRING *bs;
+	int i;
+	BIT_STRING_BITNAME *bnam;
+	if(!(bs = ASN1_BIT_STRING_new())) {
+		X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+		val = sk_CONF_VALUE_value(nval, i);
+		for(bnam = method->usr_data; bnam->lname; bnam++) {
+			if(!strcmp(bnam->sname, val->name) ||
+				!strcmp(bnam->lname, val->name) ) {
+				ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1);
+				break;
+			}
+		}
+		if(!bnam->lname) {
+			X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
+					X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT);
+			X509V3_conf_err(val);
+			ASN1_BIT_STRING_free(bs);
+			return NULL;
+		}
+	}
+	return bs;
+}
+	
+
diff --git a/lib/libssl/src/crypto/x509v3/v3_conf.c b/lib/libssl/src/crypto/x509v3/v3_conf.c
new file mode 100644
index 00000000000..f19bb3ad841
--- /dev/null
+++ b/lib/libssl/src/crypto/x509v3/v3_conf.c
@@ -0,0 +1,366 @@
+/* v3_conf.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* extension creation utilities */
+
+
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+static int v3_check_critical(char **value);
+static int v3_check_generic(char **value);
+static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value);
+static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type);
+static char *conf_lhash_get_string(void *db, char *section, char *value);
+static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
+static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
+						 int crit, void *ext_struc);
+/* LHASH *conf:  Config file    */
+/* char *name:  Name    */
+/* char *value:  Value    */
+X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
+	     char *value)
+{
+	int crit;
+	int ext_type;
+	X509_EXTENSION *ret;
+	crit = v3_check_critical(&value);
+	if((ext_type = v3_check_generic(&value))) 
+		return v3_generic_extension(name, value, crit, ext_type);
+	ret = do_ext_conf(conf, ctx, OBJ_sn2nid(name), crit, value);
+	if(!ret) {
+		X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_ERROR_IN_EXTENSION);
+		ERR_add_error_data(4,"name=", name, ", value=", value);
+	}
+	return ret;
+}
+
+/* LHASH *conf:  Config file    */
+/* char *value:  Value    */
+X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
+	     char *value)
+{
+	int crit;
+	int ext_type;
+	crit = v3_check_critical(&value);
+	if((ext_type = v3_check_generic(&value))) 
+		return v3_generic_extension(OBJ_nid2sn(ext_nid),
+							 value, crit, ext_type);
+	return do_ext_conf(conf, ctx, ext_nid, crit, value);
+}
+
+/* LHASH *conf:  Config file    */
+/* char *value:  Value    */
+static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
+	     int crit, char *value)
+{
+	X509V3_EXT_METHOD *method;
+	X509_EXTENSION *ext;
+	STACK_OF(CONF_VALUE) *nval;
+	void *ext_struc;
+	if(ext_nid == NID_undef) {
+		X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION_NAME);
+		return NULL;
+	}
+	if(!(method = X509V3_EXT_get_nid(ext_nid))) {
+		X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION);
+		return NULL;
+	}
+	/* Now get internal extension representation based on type */
+	if(method->v2i) {
+		if(*value == '@') nval = CONF_get_section(conf, value + 1);
+		else nval = X509V3_parse_list(value);
+		if(!nval) {
+			X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_INVALID_EXTENSION_STRING);
+			ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value);
+			return NULL;
+		}
+		ext_struc = method->v2i(method, ctx, nval);
+		if(*value != '@') sk_CONF_VALUE_pop_free(nval,
+							 X509V3_conf_free);
+		if(!ext_struc) return NULL;
+	} else if(method->s2i) {
+		if(!(ext_struc = method->s2i(method, ctx, value))) return NULL;
+	} else if(method->r2i) {
+		if(!ctx->db) {
+			X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_NO_CONFIG_DATABASE);
+			return NULL;
+		}
+		if(!(ext_struc = method->r2i(method, ctx, value))) return NULL;
+	} else {
+		X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
+		ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
+		return NULL;
+	}
+
+	ext  = do_ext_i2d(method, ext_nid, crit, ext_struc);
+	method->ext_free(ext_struc);
+	return ext;
+
+}
+
+static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
+						 int crit, void *ext_struc)
+{
+	unsigned char *ext_der, *p;
+	int ext_len;
+	ASN1_OCTET_STRING *ext_oct;
+	X509_EXTENSION *ext;
+	/* Convert internal representation to DER */
+	ext_len = method->i2d(ext_struc, NULL);
+	if(!(ext_der = Malloc(ext_len))) goto merr;
+	p = ext_der;
+	method->i2d(ext_struc, &p);
+	if(!(ext_oct = ASN1_OCTET_STRING_new())) goto merr;
+	ext_oct->data = ext_der;
+	ext_oct->length = ext_len;
+	
+	ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
+	if(!ext) goto merr;
+	ASN1_OCTET_STRING_free(ext_oct);
+
+	return ext;
+
+	merr:
+	X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE);
+	return NULL;
+
+}
+
+/* Given an internal structure, nid and critical flag create an extension */
+
+X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
+{
+	X509V3_EXT_METHOD *method;
+	if(!(method = X509V3_EXT_get_nid(ext_nid))) {
+		X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION);
+		return NULL;
+	}
+	return do_ext_i2d(method, ext_nid, crit, ext_struc);
+}
+
+/* Check the extension string for critical flag */
+static int v3_check_critical(char **value)
+{
+	char *p = *value;
+	if((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0;
+	p+=9;
+	while(isspace((unsigned char)*p)) p++;
+	*value = p;
+	return 1;
+}
+
+/* Check extension string for generic extension and return the type */
+static int v3_check_generic(char **value)
+{
+	char *p = *value;
+	if((strlen(p) < 4) || strncmp(p, "DER:,", 4)) return 0;
+	p+=4;
+	while(isspace((unsigned char)*p)) p++;
+	*value = p;
+	return 1;
+}
+
+/* Create a generic extension: for now just handle RAW type */
+static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
+	     int crit, int type)
+{
+unsigned char *ext_der=NULL;
+long ext_len;
+ASN1_OBJECT *obj=NULL;
+ASN1_OCTET_STRING *oct=NULL;
+X509_EXTENSION *extension=NULL;
+if(!(obj = OBJ_txt2obj(ext, 0))) {
+	X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR);
+	ERR_add_error_data(2, "name=", ext);
+	goto err;
+}
+
+if(!(ext_der = string_to_hex(value, &ext_len))) {
+	X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR);
+	ERR_add_error_data(2, "value=", value);
+	goto err;
+}
+
+if(!(oct = ASN1_OCTET_STRING_new())) {
+	X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE);
+	goto err;
+}
+
+oct->data = ext_der;
+oct->length = ext_len;
+ext_der = NULL;
+
+extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
+
+err:
+ASN1_OBJECT_free(obj);
+ASN1_OCTET_STRING_free(oct);
+if(ext_der) Free(ext_der);
+return extension;
+}
+
+
+/* This is the main function: add a bunch of extensions based on a config file
+ * section
+ */
+
+int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+	     X509 *cert)
+{
+	X509_EXTENSION *ext;
+	STACK_OF(CONF_VALUE) *nval;
+	CONF_VALUE *val;	
+	int i;
+	if(!(nval = CONF_get_section(conf, section))) return 0;
+	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+		val = sk_CONF_VALUE_value(nval, i);
+		if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
+								return 0;
+		if(cert) X509_add_ext(cert, ext, -1);
+		X509_EXTENSION_free(ext);
+	}
+	return 1;
+}
+
+/* Same as above but for a CRL */
+
+int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+	     X509_CRL *crl)
+{
+	X509_EXTENSION *ext;
+	STACK_OF(CONF_VALUE) *nval;
+	CONF_VALUE *val;	
+	int i;
+	if(!(nval = CONF_get_section(conf, section))) return 0;
+	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+		val = sk_CONF_VALUE_value(nval, i);
+		if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
+								return 0;
+		if(crl) X509_CRL_add_ext(crl, ext, -1);
+		X509_EXTENSION_free(ext);
+	}
+	return 1;
+}
+
+/* Config database functions */
+
+char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
+{
+	if(ctx->db_meth->get_string)
+			return ctx->db_meth->get_string(ctx->db, name, section);
+	return NULL;
+}
+
+STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section)
+{
+	if(ctx->db_meth->get_section)
+			return ctx->db_meth->get_section(ctx->db, section);
+	return NULL;
+}
+
+void X509V3_string_free(X509V3_CTX *ctx, char *str)
+{
+	if(!str) return;
+	if(ctx->db_meth->free_string)
+			ctx->db_meth->free_string(ctx->db, str);
+}
+
+void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
+{
+	if(!section) return;
+	if(ctx->db_meth->free_section)
+			ctx->db_meth->free_section(ctx->db, section);
+}
+
+static char *conf_lhash_get_string(void *db, char *section, char *value)
+{
+	return CONF_get_string(db, section, value);
+}
+
+static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section)
+{
+	return CONF_get_section(db, section);
+}
+
+static X509V3_CONF_METHOD conf_lhash_method = {
+conf_lhash_get_string,
+conf_lhash_get_section,
+NULL,
+NULL
+};
+
+void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash)
+{
+	ctx->db_meth = &conf_lhash_method;
+	ctx->db = lhash;
+}
+
+void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
+	     X509_CRL *crl, int flags)
+{
+	ctx->issuer_cert = issuer;
+	ctx->subject_cert = subj;
+	ctx->crl = crl;
+	ctx->subject_req = req;
+	ctx->flags = flags;
+}
diff --git a/lib/libssl/src/crypto/x509v3/v3_cpols.c b/lib/libssl/src/crypto/x509v3/v3_cpols.c
new file mode 100644
index 00000000000..b4d48835451
--- /dev/null
+++ b/lib/libssl/src/crypto/x509v3/v3_cpols.c
@@ -0,0 +1,655 @@
+/* v3_cpols.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/x509v3.h>
+
+/* Certificate policies extension support: this one is a bit complex... */
+
+static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out, int indent);
+static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value);
+static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent);
+static void print_notice(BIO *out, USERNOTICE *notice, int indent);
+static POLICYINFO *policy_section(X509V3_CTX *ctx,
+				 STACK_OF(CONF_VALUE) *polstrs, int ia5org);
+static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
+					STACK_OF(CONF_VALUE) *unot, int ia5org);
+static STACK *nref_nos(STACK_OF(CONF_VALUE) *nos);
+
+X509V3_EXT_METHOD v3_cpols = {
+NID_certificate_policies, 0,
+(X509V3_EXT_NEW)CERTIFICATEPOLICIES_new,
+(X509V3_EXT_FREE)CERTIFICATEPOLICIES_free,
+(X509V3_EXT_D2I)d2i_CERTIFICATEPOLICIES,
+(X509V3_EXT_I2D)i2d_CERTIFICATEPOLICIES,
+NULL, NULL,
+NULL, NULL,
+(X509V3_EXT_I2R)i2r_certpol,
+(X509V3_EXT_R2I)r2i_certpol,
+NULL
+};
+
+
+static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
+		X509V3_CTX *ctx, char *value)
+{
+	STACK_OF(POLICYINFO) *pols = NULL;
+	char *pstr;
+	POLICYINFO *pol;
+	ASN1_OBJECT *pobj;
+	STACK_OF(CONF_VALUE) *vals;
+	CONF_VALUE *cnf;
+	int i, ia5org;
+	pols = sk_POLICYINFO_new_null();
+	vals =  X509V3_parse_list(value);
+	ia5org = 0;
+	for(i = 0; i < sk_CONF_VALUE_num(vals); i++) {
+		cnf = sk_CONF_VALUE_value(vals, i);
+		if(cnf->value || !cnf->name ) {
+			X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_POLICY_IDENTIFIER);
+			X509V3_conf_err(cnf);
+			goto err;
+		}
+		pstr = cnf->name;
+		if(!strcmp(pstr,"ia5org")) {
+			ia5org = 1;
+			continue;
+		} else if(*pstr == '@') {
+			STACK_OF(CONF_VALUE) *polsect;
+			polsect = X509V3_get_section(ctx, pstr + 1);
+			if(!polsect) {
+				X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_SECTION);
+
+				X509V3_conf_err(cnf);
+				goto err;
+			}
+			pol = policy_section(ctx, polsect, ia5org);
+			X509V3_section_free(ctx, polsect);
+			if(!pol) goto err;
+		} else {
+			if(!(pobj = OBJ_txt2obj(cnf->name, 0))) {
+				X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_OBJECT_IDENTIFIER);
+				X509V3_conf_err(cnf);
+				goto err;
+			}
+			pol = POLICYINFO_new();
+			pol->policyid = pobj;
+		}
+		sk_POLICYINFO_push(pols, pol);
+	}
+	sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
+	return pols;
+	err:
+	sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
+	return NULL;
+}
+
+static POLICYINFO *policy_section(X509V3_CTX *ctx,
+				STACK_OF(CONF_VALUE) *polstrs, int ia5org)
+{
+	int i;
+	CONF_VALUE *cnf;
+	POLICYINFO *pol;
+	POLICYQUALINFO *qual;
+	if(!(pol = POLICYINFO_new())) goto merr;
+	for(i = 0; i < sk_CONF_VALUE_num(polstrs); i++) {
+		cnf = sk_CONF_VALUE_value(polstrs, i);
+		if(!strcmp(cnf->name, "policyIdentifier")) {
+			ASN1_OBJECT *pobj;
+			if(!(pobj = OBJ_txt2obj(cnf->value, 0))) {
+				X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OBJECT_IDENTIFIER);
+				X509V3_conf_err(cnf);
+				goto err;
+			}
+			pol->policyid = pobj;
+
+		} else if(!name_cmp(cnf->name, "CPS")) {
+			if(!pol->qualifiers) pol->qualifiers =
+						 sk_POLICYQUALINFO_new_null();
+			if(!(qual = POLICYQUALINFO_new())) goto merr;
+			if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
+								 goto merr;
+			qual->pqualid = OBJ_nid2obj(NID_id_qt_cps);
+			qual->d.cpsuri = ASN1_IA5STRING_new();
+			if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value,
+						 strlen(cnf->value))) goto merr;
+		} else if(!name_cmp(cnf->name, "userNotice")) {
+			STACK_OF(CONF_VALUE) *unot;
+			if(*cnf->value != '@') {
+				X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_EXPECTED_A_SECTION_NAME);
+				X509V3_conf_err(cnf);
+				goto err;
+			}
+			unot = X509V3_get_section(ctx, cnf->value + 1);
+			if(!unot) {
+				X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_SECTION);
+
+				X509V3_conf_err(cnf);
+				goto err;
+			}
+			qual = notice_section(ctx, unot, ia5org);
+			X509V3_section_free(ctx, unot);
+			if(!qual) goto err;
+			if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
+								 goto merr;
+		} else {
+			X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OPTION);
+
+			X509V3_conf_err(cnf);
+			goto err;
+		}
+	}
+	if(!pol->policyid) {
+		X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_NO_POLICY_IDENTIFIER);
+		goto err;
+	}
+
+	return pol;
+
+	merr:
+	X509V3err(X509V3_F_POLICY_SECTION,ERR_R_MALLOC_FAILURE);
+
+	err:
+	POLICYINFO_free(pol);
+	return NULL;
+	
+	
+}
+
+static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
+					STACK_OF(CONF_VALUE) *unot, int ia5org)
+{
+	int i;
+	CONF_VALUE *cnf;
+	USERNOTICE *not;
+	POLICYQUALINFO *qual;
+	if(!(qual = POLICYQUALINFO_new())) goto merr;
+	qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice);
+	if(!(not = USERNOTICE_new())) goto merr;
+	qual->d.usernotice = not;
+	for(i = 0; i < sk_CONF_VALUE_num(unot); i++) {
+		cnf = sk_CONF_VALUE_value(unot, i);
+		if(!strcmp(cnf->name, "explicitText")) {
+			not->exptext = ASN1_VISIBLESTRING_new();
+			if(!ASN1_STRING_set(not->exptext, cnf->value,
+						 strlen(cnf->value))) goto merr;
+		} else if(!strcmp(cnf->name, "organization")) {
+			NOTICEREF *nref;
+			if(!not->noticeref) {
+				if(!(nref = NOTICEREF_new())) goto merr;
+				not->noticeref = nref;
+			} else nref = not->noticeref;
+			if(ia5org) nref->organization = ASN1_IA5STRING_new();
+			else nref->organization = ASN1_VISIBLESTRING_new();
+			if(!ASN1_STRING_set(nref->organization, cnf->value,
+						 strlen(cnf->value))) goto merr;
+		} else if(!strcmp(cnf->name, "noticeNumbers")) {
+			NOTICEREF *nref;
+			STACK_OF(CONF_VALUE) *nos;
+			if(!not->noticeref) {
+				if(!(nref = NOTICEREF_new())) goto merr;
+				not->noticeref = nref;
+			} else nref = not->noticeref;
+			nos = X509V3_parse_list(cnf->value);
+			if(!nos || !sk_CONF_VALUE_num(nos)) {
+				X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_NUMBERS);
+				X509V3_conf_err(cnf);
+				goto err;
+			}
+			nref->noticenos = nref_nos(nos);
+			sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
+			if(!nref->noticenos) goto err;
+		} else {
+			X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION);
+
+			X509V3_conf_err(cnf);
+			goto err;
+		}
+	}
+
+	if(not->noticeref && 
+	      (!not->noticeref->noticenos || !not->noticeref->organization)) {
+			X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_NEED_ORGANIZATION_AND_NUMBERS);
+			goto err;
+	}
+
+	return qual;
+
+	merr:
+	X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
+
+	err:
+	POLICYQUALINFO_free(qual);
+	return NULL;
+}
+
+static STACK *nref_nos(STACK_OF(CONF_VALUE) *nos)
+{
+	STACK *nnums;
+	CONF_VALUE *cnf;
+	ASN1_INTEGER *aint;
+	int i;
+	if(!(nnums = sk_new_null())) goto merr;
+	for(i = 0; i < sk_CONF_VALUE_num(nos); i++) {
+		cnf = sk_CONF_VALUE_value(nos, i);
+		if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {
+			X509V3err(X509V3_F_NREF_NOS,X509V3_R_INVALID_NUMBER);
+			goto err;
+		}
+		if(!sk_push(nnums, (char *)aint)) goto merr;
+	}
+	return nnums;
+
+	merr:
+	X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
+
+	err:
+	sk_pop_free(nnums, ASN1_STRING_free);
+	return NULL;
+}
+
+
+static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
+		BIO *out, int indent)
+{
+	int i;
+	POLICYINFO *pinfo;
+	/* First print out the policy OIDs */
+	for(i = 0; i < sk_POLICYINFO_num(pol); i++) {
+		pinfo = sk_POLICYINFO_value(pol, i);
+		BIO_printf(out, "%*sPolicy: ", indent, "");
+		i2a_ASN1_OBJECT(out, pinfo->policyid);
+		BIO_puts(out, "\n");
+		if(pinfo->qualifiers)
+			 print_qualifiers(out, pinfo->qualifiers, indent + 2);
+	}
+	return 1;
+}
+
+
+int i2d_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) *a, unsigned char **pp)
+{
+
+return i2d_ASN1_SET_OF_POLICYINFO(a, pp, i2d_POLICYINFO, V_ASN1_SEQUENCE,
+                                                 V_ASN1_UNIVERSAL, IS_SEQUENCE);}
+
+STACK_OF(POLICYINFO) *CERTIFICATEPOLICIES_new(void)
+{
+	return sk_POLICYINFO_new_null();
+}
+
+void CERTIFICATEPOLICIES_free(STACK_OF(POLICYINFO) *a)
+{
+	sk_POLICYINFO_pop_free(a, POLICYINFO_free);
+}
+
+STACK_OF(POLICYINFO) *d2i_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) **a,
+		unsigned char **pp,long length)
+{
+return d2i_ASN1_SET_OF_POLICYINFO(a, pp, length, d2i_POLICYINFO,
+                         POLICYINFO_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+
+}
+
+IMPLEMENT_STACK_OF(POLICYINFO)
+IMPLEMENT_ASN1_SET_OF(POLICYINFO)
+
+int i2d_POLICYINFO(POLICYINFO *a, unsigned char **pp)
+{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len (a->policyid, i2d_ASN1_OBJECT);
+	M_ASN1_I2D_len_SEQUENCE_type(POLICYQUALINFO, a->qualifiers,
+							 i2d_POLICYQUALINFO);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put (a->policyid, i2d_ASN1_OBJECT);
+	M_ASN1_I2D_put_SEQUENCE_type(POLICYQUALINFO, a->qualifiers,
+							 i2d_POLICYQUALINFO);
+
+	M_ASN1_I2D_finish();
+}
+
+POLICYINFO *POLICYINFO_new(void)
+{
+	POLICYINFO *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, POLICYINFO);
+	ret->policyid = NULL;
+	ret->qualifiers = NULL;
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_POLICYINFO_NEW);
+}
+
+POLICYINFO *d2i_POLICYINFO(POLICYINFO **a, unsigned char **pp,long length)
+{
+	M_ASN1_D2I_vars(a,POLICYINFO *,POLICYINFO_new);
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->policyid, d2i_ASN1_OBJECT);
+	if(!M_ASN1_D2I_end_sequence()) {
+		M_ASN1_D2I_get_seq_type (POLICYQUALINFO, ret->qualifiers,
+				 d2i_POLICYQUALINFO, POLICYQUALINFO_free);
+	}
+	M_ASN1_D2I_Finish(a, POLICYINFO_free, ASN1_F_D2I_POLICYINFO);
+}
+
+void POLICYINFO_free(POLICYINFO *a)
+{
+	if (a == NULL) return;
+	ASN1_OBJECT_free(a->policyid);
+	sk_POLICYQUALINFO_pop_free(a->qualifiers, POLICYQUALINFO_free);
+	Free (a);
+}
+
+static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
+		int indent)
+{
+	POLICYQUALINFO *qualinfo;
+	int i;
+	for(i = 0; i < sk_POLICYQUALINFO_num(quals); i++) {
+		qualinfo = sk_POLICYQUALINFO_value(quals, i);
+		switch(OBJ_obj2nid(qualinfo->pqualid))
+		{
+			case NID_id_qt_cps:
+			BIO_printf(out, "%*sCPS: %s\n", indent, "",
+						qualinfo->d.cpsuri->data);
+			break;
+		
+			case NID_id_qt_unotice:
+			BIO_printf(out, "%*sUser Notice:\n", indent, "");
+			print_notice(out, qualinfo->d.usernotice, indent + 2);
+			break;
+
+			default:
+			BIO_printf(out, "%*sUnknown Qualifier: ",
+							 indent + 2, "");
+			
+			i2a_ASN1_OBJECT(out, qualinfo->pqualid);
+			BIO_puts(out, "\n");
+			break;
+		}
+	}
+}
+
+static void print_notice(BIO *out, USERNOTICE *notice, int indent)
+{
+	int i;
+	if(notice->noticeref) {
+		NOTICEREF *ref;
+		ref = notice->noticeref;
+		BIO_printf(out, "%*sOrganization: %s\n", indent, "",
+						 ref->organization->data);
+		BIO_printf(out, "%*sNumber%s: ", indent, "",
+				 (sk_num(ref->noticenos) > 1) ? "s" : "");
+		for(i = 0; i < sk_num(ref->noticenos); i++) {
+			ASN1_INTEGER *num;
+			char *tmp;
+			num = (ASN1_INTEGER *)sk_value(ref->noticenos, i);
+			if(i) BIO_puts(out, ", ");
+			tmp = i2s_ASN1_INTEGER(NULL, num);
+			BIO_puts(out, tmp);
+			Free(tmp);
+		}
+		BIO_puts(out, "\n");
+	}
+	if(notice->exptext)
+		BIO_printf(out, "%*sExplicit Text: %s\n", indent, "",
+							 notice->exptext->data);
+}
+		
+	
+
+int i2d_POLICYQUALINFO(POLICYQUALINFO *a, unsigned char **pp)
+{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len (a->pqualid, i2d_ASN1_OBJECT);
+	switch(OBJ_obj2nid(a->pqualid)) {
+		case NID_id_qt_cps:
+		M_ASN1_I2D_len(a->d.cpsuri, i2d_ASN1_IA5STRING);
+		break;
+
+		case NID_id_qt_unotice:
+		M_ASN1_I2D_len(a->d.usernotice, i2d_USERNOTICE);
+		break;
+
+		default:
+		M_ASN1_I2D_len(a->d.other, i2d_ASN1_TYPE);
+		break;
+	}
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put (a->pqualid, i2d_ASN1_OBJECT);
+	switch(OBJ_obj2nid(a->pqualid)) {
+		case NID_id_qt_cps:
+		M_ASN1_I2D_put(a->d.cpsuri, i2d_ASN1_IA5STRING);
+		break;
+
+		case NID_id_qt_unotice:
+		M_ASN1_I2D_put(a->d.usernotice, i2d_USERNOTICE);
+		break;
+
+		default:
+		M_ASN1_I2D_put(a->d.other, i2d_ASN1_TYPE);
+		break;
+	}
+
+	M_ASN1_I2D_finish();
+}
+
+POLICYQUALINFO *POLICYQUALINFO_new(void)
+{
+	POLICYQUALINFO *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, POLICYQUALINFO);
+	ret->pqualid = NULL;
+	ret->d.other = NULL;
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_POLICYQUALINFO_NEW);
+}
+
+POLICYQUALINFO *d2i_POLICYQUALINFO(POLICYQUALINFO **a, unsigned char **pp,
+		long length)
+{
+	M_ASN1_D2I_vars(a,POLICYQUALINFO *,POLICYQUALINFO_new);
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get (ret->pqualid, d2i_ASN1_OBJECT);
+	switch(OBJ_obj2nid(ret->pqualid)) {
+		case NID_id_qt_cps:
+		M_ASN1_D2I_get(ret->d.cpsuri, d2i_ASN1_IA5STRING);
+		break;
+
+		case NID_id_qt_unotice:
+		M_ASN1_D2I_get(ret->d.usernotice, d2i_USERNOTICE);
+		break;
+
+		default:
+		M_ASN1_D2I_get(ret->d.other, d2i_ASN1_TYPE);
+		break;
+	}
+	M_ASN1_D2I_Finish(a, POLICYQUALINFO_free, ASN1_F_D2I_POLICYQUALINFO);
+}
+
+void POLICYQUALINFO_free(POLICYQUALINFO *a)
+{
+	if (a == NULL) return;
+	switch(OBJ_obj2nid(a->pqualid)) {
+		case NID_id_qt_cps:
+		ASN1_IA5STRING_free(a->d.cpsuri);
+		break;
+
+		case NID_id_qt_unotice:
+		USERNOTICE_free(a->d.usernotice);
+		break;
+
+		default:
+		ASN1_TYPE_free(a->d.other);
+		break;
+	}
+	
+	ASN1_OBJECT_free(a->pqualid);
+	Free (a);
+}
+
+int i2d_USERNOTICE(USERNOTICE *a, unsigned char **pp)
+{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len (a->noticeref, i2d_NOTICEREF);
+	M_ASN1_I2D_len (a->exptext, i2d_DISPLAYTEXT);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put (a->noticeref, i2d_NOTICEREF);
+	M_ASN1_I2D_put (a->exptext, i2d_DISPLAYTEXT);
+
+	M_ASN1_I2D_finish();
+}
+
+USERNOTICE *USERNOTICE_new(void)
+{
+	USERNOTICE *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, USERNOTICE);
+	ret->noticeref = NULL;
+	ret->exptext = NULL;
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_USERNOTICE_NEW);
+}
+
+USERNOTICE *d2i_USERNOTICE(USERNOTICE **a, unsigned char **pp,long length)
+{
+	M_ASN1_D2I_vars(a,USERNOTICE *,USERNOTICE_new);
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get_opt(ret->noticeref, d2i_NOTICEREF, V_ASN1_SEQUENCE);
+	if (!M_ASN1_D2I_end_sequence()) {
+		M_ASN1_D2I_get(ret->exptext, d2i_DISPLAYTEXT);
+	}
+	M_ASN1_D2I_Finish(a, USERNOTICE_free, ASN1_F_D2I_USERNOTICE);
+}
+
+void USERNOTICE_free(USERNOTICE *a)
+{
+	if (a == NULL) return;
+	NOTICEREF_free(a->noticeref);
+	DISPLAYTEXT_free(a->exptext);
+	Free (a);
+}
+
+int i2d_NOTICEREF(NOTICEREF *a, unsigned char **pp)
+{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len (a->organization, i2d_DISPLAYTEXT);
+	M_ASN1_I2D_len_SEQUENCE(a->noticenos, i2d_ASN1_INTEGER);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put (a->organization, i2d_DISPLAYTEXT);
+	M_ASN1_I2D_put_SEQUENCE(a->noticenos, i2d_ASN1_INTEGER);
+
+	M_ASN1_I2D_finish();
+}
+
+NOTICEREF *NOTICEREF_new(void)
+{
+	NOTICEREF *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, NOTICEREF);
+	ret->organization = NULL;
+	ret->noticenos = NULL;
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_NOTICEREF_NEW);
+}
+
+NOTICEREF *d2i_NOTICEREF(NOTICEREF **a, unsigned char **pp,long length)
+{
+	M_ASN1_D2I_vars(a,NOTICEREF *,NOTICEREF_new);
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	/* This is to cope with some broken encodings that use IA5STRING for
+         * the organization field
+	 */
+	M_ASN1_D2I_get_opt(ret->organization, d2i_ASN1_IA5STRING,
+							 V_ASN1_IA5STRING);
+	if(!ret->organization) {
+		 M_ASN1_D2I_get(ret->organization, d2i_DISPLAYTEXT);
+	}
+	M_ASN1_D2I_get_seq(ret->noticenos, d2i_ASN1_INTEGER, ASN1_STRING_free);
+	M_ASN1_D2I_Finish(a, NOTICEREF_free, ASN1_F_D2I_NOTICEREF);
+}
+
+void NOTICEREF_free(NOTICEREF *a)
+{
+	if (a == NULL) return;
+	DISPLAYTEXT_free(a->organization);
+	sk_pop_free(a->noticenos, ASN1_STRING_free);
+	Free (a);
+}
+
+IMPLEMENT_STACK_OF(POLICYQUALINFO)
+IMPLEMENT_ASN1_SET_OF(POLICYQUALINFO)
diff --git a/lib/libssl/src/crypto/x509v3/v3_crld.c b/lib/libssl/src/crypto/x509v3/v3_crld.c
new file mode 100644
index 00000000000..897ffb63e4a
--- /dev/null
+++ b/lib/libssl/src/crypto/x509v3/v3_crld.c
@@ -0,0 +1,283 @@
+/* v3_crld.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/x509v3.h>
+
+static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
+		STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *extlist);
+static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
+				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+
+X509V3_EXT_METHOD v3_crld = {
+NID_crl_distribution_points, X509V3_EXT_MULTILINE,
+(X509V3_EXT_NEW)CRL_DIST_POINTS_new,
+(X509V3_EXT_FREE)CRL_DIST_POINTS_free,
+(X509V3_EXT_D2I)d2i_CRL_DIST_POINTS,
+(X509V3_EXT_I2D)i2d_CRL_DIST_POINTS,
+NULL, NULL,
+(X509V3_EXT_I2V)i2v_crld,
+(X509V3_EXT_V2I)v2i_crld,
+NULL, NULL, NULL
+};
+
+static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
+			STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *exts)
+{
+	DIST_POINT *point;
+	int i;
+	for(i = 0; i < sk_DIST_POINT_num(crld); i++) {
+		point = sk_DIST_POINT_value(crld, i);
+		if(point->distpoint->fullname) {
+			exts = i2v_GENERAL_NAMES(NULL,
+					 point->distpoint->fullname, exts);
+		}
+		if(point->reasons) 
+			X509V3_add_value("reasons","<UNSUPPORTED>", &exts);
+		if(point->CRLissuer)
+			X509V3_add_value("CRLissuer","<UNSUPPORTED>", &exts);
+		if(point->distpoint->relativename)
+		        X509V3_add_value("RelativeName","<UNSUPPORTED>", &exts);
+	}
+	return exts;
+}
+
+static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
+				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+	STACK_OF(DIST_POINT) *crld = NULL;
+	STACK_OF(GENERAL_NAME) *gens = NULL;
+	GENERAL_NAME *gen = NULL;
+	CONF_VALUE *cnf;
+	int i;
+	if(!(crld = sk_DIST_POINT_new(NULL))) goto merr;
+	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+		DIST_POINT *point;
+		cnf = sk_CONF_VALUE_value(nval, i);
+		if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err; 
+		if(!(gens = GENERAL_NAMES_new())) goto merr;
+		if(!sk_GENERAL_NAME_push(gens, gen)) goto merr;
+		gen = NULL;
+		if(!(point = DIST_POINT_new())) goto merr;
+		if(!sk_DIST_POINT_push(crld, point)) {
+			DIST_POINT_free(point);
+			goto merr;
+		}
+		if(!(point->distpoint = DIST_POINT_NAME_new())) goto merr;
+		point->distpoint->fullname = gens;
+		gens = NULL;
+	}
+	return crld;
+
+	merr:
+	X509V3err(X509V3_F_V2I_CRLD,ERR_R_MALLOC_FAILURE);
+	err:
+	GENERAL_NAME_free(gen);
+	GENERAL_NAMES_free(gens);
+	sk_DIST_POINT_pop_free(crld, DIST_POINT_free);
+	return NULL;
+}
+
+int i2d_CRL_DIST_POINTS(STACK_OF(DIST_POINT) *a, unsigned char **pp)
+{
+
+return i2d_ASN1_SET_OF_DIST_POINT(a, pp, i2d_DIST_POINT, V_ASN1_SEQUENCE,
+                                                 V_ASN1_UNIVERSAL, IS_SEQUENCE);}
+
+STACK_OF(DIST_POINT) *CRL_DIST_POINTS_new(void)
+{
+	return sk_DIST_POINT_new_null();
+}
+
+void CRL_DIST_POINTS_free(STACK_OF(DIST_POINT) *a)
+{
+	sk_DIST_POINT_pop_free(a, DIST_POINT_free);
+}
+
+STACK_OF(DIST_POINT) *d2i_CRL_DIST_POINTS(STACK_OF(DIST_POINT) **a,
+		unsigned char **pp,long length)
+{
+return d2i_ASN1_SET_OF_DIST_POINT(a, pp, length, d2i_DIST_POINT,
+                         DIST_POINT_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+
+}
+
+IMPLEMENT_STACK_OF(DIST_POINT)
+IMPLEMENT_ASN1_SET_OF(DIST_POINT)
+
+int i2d_DIST_POINT(DIST_POINT *a, unsigned char **pp)
+{
+	int v = 0;
+	M_ASN1_I2D_vars(a);
+	/* NB: underlying type is a CHOICE so need EXPLICIT tagging */
+	M_ASN1_I2D_len_EXP_opt (a->distpoint, i2d_DIST_POINT_NAME, 0, v);
+	M_ASN1_I2D_len_IMP_opt (a->reasons, i2d_ASN1_BIT_STRING);
+	M_ASN1_I2D_len_IMP_opt (a->CRLissuer, i2d_GENERAL_NAMES);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put_EXP_opt (a->distpoint, i2d_DIST_POINT_NAME, 0, v);
+	M_ASN1_I2D_put_IMP_opt (a->reasons, i2d_ASN1_BIT_STRING, 1);
+	M_ASN1_I2D_put_IMP_opt (a->CRLissuer, i2d_GENERAL_NAMES, 2);
+
+	M_ASN1_I2D_finish();
+}
+
+DIST_POINT *DIST_POINT_new(void)
+{
+	DIST_POINT *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, DIST_POINT);
+	ret->distpoint = NULL;
+	ret->reasons = NULL;
+	ret->CRLissuer = NULL;
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_DIST_POINT_NEW);
+}
+
+DIST_POINT *d2i_DIST_POINT(DIST_POINT **a, unsigned char **pp, long length)
+{
+	M_ASN1_D2I_vars(a,DIST_POINT *,DIST_POINT_new);
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get_EXP_opt (ret->distpoint, d2i_DIST_POINT_NAME, 0);
+	M_ASN1_D2I_get_IMP_opt (ret->reasons, d2i_ASN1_BIT_STRING, 1,
+							V_ASN1_BIT_STRING);
+	M_ASN1_D2I_get_IMP_opt (ret->CRLissuer, d2i_GENERAL_NAMES, 2,
+							V_ASN1_SEQUENCE);
+	M_ASN1_D2I_Finish(a, DIST_POINT_free, ASN1_F_D2I_DIST_POINT);
+}
+
+void DIST_POINT_free(DIST_POINT *a)
+{
+	if (a == NULL) return;
+	DIST_POINT_NAME_free(a->distpoint);
+	ASN1_BIT_STRING_free(a->reasons);
+	sk_GENERAL_NAME_pop_free(a->CRLissuer, GENERAL_NAME_free);
+	Free ((char *)a);
+}
+
+int i2d_DIST_POINT_NAME(DIST_POINT_NAME *a, unsigned char **pp)
+{
+	int v = 0;
+	M_ASN1_I2D_vars(a);
+
+	if(a->fullname) {
+		M_ASN1_I2D_len_IMP_opt (a->fullname, i2d_GENERAL_NAMES);
+	} else {
+		M_ASN1_I2D_len_EXP_opt (a->relativename, i2d_X509_NAME, 1, v);
+	}
+
+	/* Don't want a SEQUENCE so... */
+	if(pp == NULL) return ret;
+	p = *pp;
+
+	if(a->fullname) {
+		M_ASN1_I2D_put_IMP_opt (a->fullname, i2d_GENERAL_NAMES, 0);
+	} else {
+		M_ASN1_I2D_put_EXP_opt (a->relativename, i2d_X509_NAME, 1, v);
+	}
+	M_ASN1_I2D_finish();
+}
+
+DIST_POINT_NAME *DIST_POINT_NAME_new(void)
+{
+	DIST_POINT_NAME *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, DIST_POINT_NAME);
+	ret->fullname = NULL;
+	ret->relativename = NULL;
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_DIST_POINT_NAME_NEW);
+}
+
+void DIST_POINT_NAME_free(DIST_POINT_NAME *a)
+{
+	if (a == NULL) return;
+	X509_NAME_free(a->relativename);
+	sk_GENERAL_NAME_pop_free(a->fullname, GENERAL_NAME_free);
+	Free ((char *)a);
+}
+
+DIST_POINT_NAME *d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, unsigned char **pp,
+	     long length)
+{
+        unsigned char _tmp, tag;
+        M_ASN1_D2I_vars(a,DIST_POINT_NAME *,DIST_POINT_NAME_new);
+        M_ASN1_D2I_Init();
+        c.slen = length;
+
+        _tmp = M_ASN1_next;
+        tag = _tmp & ~V_ASN1_CONSTRUCTED;
+	
+	if(tag == (0|V_ASN1_CONTEXT_SPECIFIC)) {
+		M_ASN1_D2I_get_imp(ret->fullname, d2i_GENERAL_NAMES,
+							V_ASN1_SEQUENCE);
+	} else if (tag == (1|V_ASN1_CONTEXT_SPECIFIC)) {
+		M_ASN1_D2I_get_EXP_opt (ret->relativename, d2i_X509_NAME, 1);
+	} else {
+		c.error = ASN1_R_BAD_TAG;
+		goto err;
+	}
+
+	M_ASN1_D2I_Finish(a, DIST_POINT_NAME_free, ASN1_F_D2I_DIST_POINT_NAME);
+}
diff --git a/lib/libssl/src/crypto/x509v3/v3_enum.c b/lib/libssl/src/crypto/x509v3/v3_enum.c
new file mode 100644
index 00000000000..db423548ff0
--- /dev/null
+++ b/lib/libssl/src/crypto/x509v3/v3_enum.c
@@ -0,0 +1,103 @@
+/* v3_enum.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509v3.h>
+
+static ASN1_ENUMERATED *asn1_enumerated_new(void);
+
+static ENUMERATED_NAMES crl_reasons[] = {
+{0, "Unspecified", "unspecified"},
+{1, "Key Compromise", "keyCompromise"},
+{2, "CA Compromise", "CACompromise"},
+{3, "Affiliation Changed", "affiliationChanged"},
+{4, "Superseded", "superseded"},
+{5, "Cessation Of Operation", "cessationOfOperation"},
+{6, "Certificate Hold", "certificateHold"},
+{8, "Remove From CRL", "removeFromCRL"},
+{-1, NULL, NULL}
+};
+
+X509V3_EXT_METHOD v3_crl_reason = { 
+NID_crl_reason, 0,
+(X509V3_EXT_NEW)asn1_enumerated_new,
+(X509V3_EXT_FREE)ASN1_STRING_free,
+(X509V3_EXT_D2I)d2i_ASN1_ENUMERATED,
+(X509V3_EXT_I2D)i2d_ASN1_ENUMERATED,
+(X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE,
+(X509V3_EXT_S2I)NULL,
+NULL, NULL, NULL, NULL, crl_reasons};
+
+
+static ASN1_ENUMERATED *asn1_enumerated_new(void)
+{
+	return ASN1_ENUMERATED_new();
+}
+
+char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method,
+	     ASN1_ENUMERATED *e)
+{
+	ENUMERATED_NAMES *enam;
+	long strval;
+	strval = ASN1_ENUMERATED_get(e);
+	for(enam = method->usr_data; enam->lname; enam++) {
+		if(strval == enam->bitnum) return BUF_strdup(enam->lname);
+	}
+	return i2s_ASN1_ENUMERATED(method, e);
+}
diff --git a/lib/libssl/src/crypto/x509v3/v3_extku.c b/lib/libssl/src/crypto/x509v3/v3_extku.c
new file mode 100644
index 00000000000..e039d21cbfc
--- /dev/null
+++ b/lib/libssl/src/crypto/x509v3/v3_extku.c
@@ -0,0 +1,150 @@
+/* v3_extku.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+static STACK_OF(ASN1_OBJECT) *v2i_ext_ku(X509V3_EXT_METHOD *method,
+				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static STACK_OF(CONF_VALUE) *i2v_ext_ku(X509V3_EXT_METHOD *method,
+		STACK_OF(ASN1_OBJECT) *eku, STACK_OF(CONF_VALUE) *extlist);
+X509V3_EXT_METHOD v3_ext_ku = {
+NID_ext_key_usage, 0,
+(X509V3_EXT_NEW)ext_ku_new,
+(X509V3_EXT_FREE)ext_ku_free,
+(X509V3_EXT_D2I)d2i_ext_ku,
+(X509V3_EXT_I2D)i2d_ext_ku,
+NULL, NULL,
+(X509V3_EXT_I2V)i2v_ext_ku,
+(X509V3_EXT_V2I)v2i_ext_ku,
+NULL,NULL,
+NULL
+};
+
+STACK_OF(ASN1_OBJECT) *ext_ku_new(void)
+{
+	return sk_ASN1_OBJECT_new_null();
+}
+
+void ext_ku_free(STACK_OF(ASN1_OBJECT) *eku)
+{
+	sk_ASN1_OBJECT_pop_free(eku, ASN1_OBJECT_free);
+	return;
+}
+
+int i2d_ext_ku(STACK_OF(ASN1_OBJECT) *a, unsigned char **pp)
+{
+	return i2d_ASN1_SET_OF_ASN1_OBJECT(a, pp, i2d_ASN1_OBJECT,
+				V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
+}
+
+STACK_OF(ASN1_OBJECT) *d2i_ext_ku(STACK_OF(ASN1_OBJECT) **a,
+					unsigned char **pp, long length)
+{
+	return d2i_ASN1_SET_OF_ASN1_OBJECT(a, pp, length, d2i_ASN1_OBJECT,
+			 ASN1_OBJECT_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+}
+
+
+
+static STACK_OF(CONF_VALUE) *i2v_ext_ku(X509V3_EXT_METHOD *method,
+		STACK_OF(ASN1_OBJECT) *eku, STACK_OF(CONF_VALUE) *ext_list)
+{
+int i;
+ASN1_OBJECT *obj;
+char obj_tmp[80];
+for(i = 0; i < sk_ASN1_OBJECT_num(eku); i++) {
+	obj = sk_ASN1_OBJECT_value(eku, i);
+	i2t_ASN1_OBJECT(obj_tmp, 80, obj);
+	X509V3_add_value(NULL, obj_tmp, &ext_list);
+}
+return ext_list;
+}
+
+static STACK_OF(ASN1_OBJECT) *v2i_ext_ku(X509V3_EXT_METHOD *method,
+				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+STACK_OF(ASN1_OBJECT) *extku;
+char *extval;
+ASN1_OBJECT *objtmp;
+CONF_VALUE *val;
+int i;
+
+if(!(extku = sk_ASN1_OBJECT_new(NULL))) {
+	X509V3err(X509V3_F_V2I_EXT_KU,ERR_R_MALLOC_FAILURE);
+	return NULL;
+}
+
+for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+	val = sk_CONF_VALUE_value(nval, i);
+	if(val->value) extval = val->value;
+	else extval = val->name;
+	if(!(objtmp = OBJ_txt2obj(extval, 0))) {
+		sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);
+		X509V3err(X509V3_F_V2I_EXT_KU,X509V3_R_INVALID_OBJECT_IDENTIFIER);
+		X509V3_conf_err(val);
+		return NULL;
+	}
+	sk_ASN1_OBJECT_push(extku, objtmp);
+}
+return extku;
+}
diff --git a/lib/libssl/src/crypto/x509v3/v3_genn.c b/lib/libssl/src/crypto/x509v3/v3_genn.c
new file mode 100644
index 00000000000..af716232f8b
--- /dev/null
+++ b/lib/libssl/src/crypto/x509v3/v3_genn.c
@@ -0,0 +1,237 @@
+/* v3_genn.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+int i2d_GENERAL_NAME(GENERAL_NAME *a, unsigned char **pp)
+{
+	unsigned char *p;
+	int ret;
+
+	ret = 0;
+
+	/* Save the location of initial TAG */
+	if(pp) p = *pp;
+	else p = NULL;
+
+	/* GEN_DNAME needs special treatment because of EXPLICIT tag */
+
+	if(a->type == GEN_DIRNAME) {
+		int v = 0;
+		M_ASN1_I2D_len_EXP_opt(a->d.dirn, i2d_X509_NAME, 4, v);
+		if(!p) return ret;
+		M_ASN1_I2D_put_EXP_opt(a->d.dirn, i2d_X509_NAME, 4, v);
+		*pp = p;
+		return ret;
+	}
+
+	switch(a->type) {
+
+		case GEN_OTHERNAME:
+		case GEN_X400:
+		case GEN_EDIPARTY:
+		ret = i2d_ASN1_TYPE(a->d.other, pp);
+		break;
+
+		case GEN_EMAIL:
+		case GEN_DNS:
+		case GEN_URI:
+		ret = i2d_ASN1_IA5STRING(a->d.ia5, pp);
+		break;
+
+		case GEN_IPADD:
+		ret = i2d_ASN1_OCTET_STRING(a->d.ip, pp);
+		break;
+	
+		case GEN_RID:
+		ret = i2d_ASN1_OBJECT(a->d.rid, pp);
+		break;
+	}
+	/* Replace TAG with IMPLICIT value */
+	if(p) *p = (*p & V_ASN1_CONSTRUCTED) | a->type;
+	return ret;
+}
+
+GENERAL_NAME *GENERAL_NAME_new()
+{
+	GENERAL_NAME *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, GENERAL_NAME);
+	ret->type = -1;
+	ret->d.ptr = NULL;
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_GENERAL_NAME_NEW);
+}
+
+GENERAL_NAME *d2i_GENERAL_NAME(GENERAL_NAME **a, unsigned char **pp,
+								 long length)
+{
+	unsigned char _tmp;
+	M_ASN1_D2I_vars(a,GENERAL_NAME *,GENERAL_NAME_new);
+	M_ASN1_D2I_Init();
+	c.slen = length;
+
+	_tmp = M_ASN1_next;
+	ret->type = _tmp & ~V_ASN1_CONSTRUCTED;
+
+	switch(ret->type) {
+		/* Just put these in a "blob" for now */
+		case GEN_OTHERNAME:
+		case GEN_X400:
+		case GEN_EDIPARTY:
+		M_ASN1_D2I_get_imp(ret->d.other, d2i_ASN1_TYPE,V_ASN1_SEQUENCE);
+		break;
+
+		case GEN_EMAIL:
+		case GEN_DNS:
+		case GEN_URI:
+		M_ASN1_D2I_get_imp(ret->d.ia5, d2i_ASN1_IA5STRING,
+							V_ASN1_IA5STRING);
+		break;
+
+		case GEN_DIRNAME:
+		M_ASN1_D2I_get_EXP_opt(ret->d.dirn, d2i_X509_NAME, 4);
+		break;
+
+		case GEN_IPADD:
+		M_ASN1_D2I_get_imp(ret->d.ip, d2i_ASN1_OCTET_STRING,
+							V_ASN1_OCTET_STRING);
+		break;
+	
+		case GEN_RID:
+		M_ASN1_D2I_get_imp(ret->d.rid, d2i_ASN1_OBJECT,V_ASN1_OBJECT);
+		break;
+
+		default:
+		c.error = ASN1_R_BAD_TAG;
+		goto err;
+	}
+
+	c.slen = 0;
+	M_ASN1_D2I_Finish(a, GENERAL_NAME_free, ASN1_F_D2I_GENERAL_NAME);
+}
+
+void GENERAL_NAME_free(GENERAL_NAME *a)
+{
+	if (a == NULL) return;
+	switch(a->type) {
+		case GEN_OTHERNAME:
+		case GEN_X400:
+		case GEN_EDIPARTY:
+		ASN1_TYPE_free(a->d.other);
+		break;
+
+		case GEN_EMAIL:
+		case GEN_DNS:
+		case GEN_URI:
+
+		ASN1_IA5STRING_free(a->d.ia5);
+		break;
+
+		case GEN_DIRNAME:
+		X509_NAME_free(a->d.dirn);
+		break;
+
+		case GEN_IPADD:
+		ASN1_OCTET_STRING_free(a->d.ip);
+		break;
+	
+		case GEN_RID:
+		ASN1_OBJECT_free(a->d.rid);
+		break;
+
+	}
+	Free ((char *)a);
+}
+
+/* Now the GeneralNames versions: a SEQUENCE OF GeneralName These are needed as
+ * an explicit functions.
+ */
+
+STACK_OF(GENERAL_NAME) *GENERAL_NAMES_new()
+{
+	return sk_GENERAL_NAME_new(NULL);
+}
+
+void GENERAL_NAMES_free(STACK_OF(GENERAL_NAME) *a)
+{
+	sk_GENERAL_NAME_pop_free(a, GENERAL_NAME_free);
+}
+
+STACK_OF(GENERAL_NAME) *d2i_GENERAL_NAMES(STACK_OF(GENERAL_NAME) **a,
+					 unsigned char **pp, long length)
+{
+return d2i_ASN1_SET_OF_GENERAL_NAME(a, pp, length, d2i_GENERAL_NAME,
+			 GENERAL_NAME_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+}
+
+int i2d_GENERAL_NAMES(STACK_OF(GENERAL_NAME) *a, unsigned char **pp)
+{
+return i2d_ASN1_SET_OF_GENERAL_NAME(a, pp, i2d_GENERAL_NAME, V_ASN1_SEQUENCE,
+						 V_ASN1_UNIVERSAL, IS_SEQUENCE);
+}
+
+IMPLEMENT_STACK_OF(GENERAL_NAME)
+IMPLEMENT_ASN1_SET_OF(GENERAL_NAME)
+
diff --git a/lib/libssl/src/crypto/x509v3/v3_ia5.c b/lib/libssl/src/crypto/x509v3/v3_ia5.c
new file mode 100644
index 00000000000..3446c5cd6a6
--- /dev/null
+++ b/lib/libssl/src/crypto/x509v3/v3_ia5.c
@@ -0,0 +1,116 @@
+/* v3_ia5.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+static ASN1_IA5STRING *ia5string_new(void);
+static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5);
+static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
+X509V3_EXT_METHOD v3_ns_ia5_list[] = { 
+EXT_IA5STRING(NID_netscape_base_url),
+EXT_IA5STRING(NID_netscape_revocation_url),
+EXT_IA5STRING(NID_netscape_ca_revocation_url),
+EXT_IA5STRING(NID_netscape_renewal_url),
+EXT_IA5STRING(NID_netscape_ca_policy_url),
+EXT_IA5STRING(NID_netscape_ssl_server_name),
+EXT_IA5STRING(NID_netscape_comment),
+EXT_END
+};
+
+
+static ASN1_IA5STRING *ia5string_new(void)
+{
+	return ASN1_IA5STRING_new();
+}
+
+static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
+	     ASN1_IA5STRING *ia5)
+{
+	char *tmp;
+	if(!ia5 || !ia5->length) return NULL;
+	tmp = Malloc(ia5->length + 1);
+	memcpy(tmp, ia5->data, ia5->length);
+	tmp[ia5->length] = 0;
+	return tmp;
+}
+
+static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
+	     X509V3_CTX *ctx, char *str)
+{
+	ASN1_IA5STRING *ia5;
+	if(!str) {
+		X509V3err(X509V3_F_S2I_ASN1_IA5STRING,X509V3_R_INVALID_NULL_ARGUMENT);
+		return NULL;
+	}
+	if(!(ia5 = ASN1_IA5STRING_new())) goto err;
+	if(!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char*)str,
+			    strlen(str))) {
+		ASN1_IA5STRING_free(ia5);
+		goto err;
+	}
+	return ia5;
+	err:
+	X509V3err(X509V3_F_S2I_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE);
+	return NULL;
+}
+
diff --git a/lib/libssl/src/crypto/x509v3/v3_int.c b/lib/libssl/src/crypto/x509v3/v3_int.c
new file mode 100644
index 00000000000..637dd5e1288
--- /dev/null
+++ b/lib/libssl/src/crypto/x509v3/v3_int.c
@@ -0,0 +1,79 @@
+/* v3_int.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509v3.h>
+
+static ASN1_INTEGER *asn1_integer_new(void);
+
+X509V3_EXT_METHOD v3_crl_num = { 
+NID_crl_number, 0,
+(X509V3_EXT_NEW)asn1_integer_new,
+(X509V3_EXT_FREE)ASN1_STRING_free,
+(X509V3_EXT_D2I)d2i_ASN1_INTEGER,
+(X509V3_EXT_I2D)i2d_ASN1_INTEGER,
+(X509V3_EXT_I2S)i2s_ASN1_INTEGER,
+(X509V3_EXT_S2I)NULL,
+NULL, NULL, NULL, NULL, NULL};
+
+
+static ASN1_INTEGER *asn1_integer_new(void)
+{
+	return ASN1_INTEGER_new();
+}
diff --git a/lib/libssl/src/crypto/x509v3/v3_ku.c b/lib/libssl/src/crypto/x509v3/v3_ku.c
deleted file mode 100644
index 87c7402f43c..00000000000
--- a/lib/libssl/src/crypto/x509v3/v3_ku.c
+++ /dev/null
@@ -1,318 +0,0 @@
-/* crypto/x509v3/v3_ku.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include "stack.h"
-#include "cryptlib.h"
-#include "bio.h"
-#include "asn1.h"
-#include "objects.h"
-#include "x509.h"
-
-X509_EXTENSION_METHOD X509v3_key_usage_method=
-	{
-	NID_key_usage,
-	ku_clear,
-	ex_get_bool,
-	ex_set_bool,
-	NULL,
-	NULL,
-	NULL,
-	NULL,
-	ku_a2i,
-	ku_i2a,
-	};
-
-static void ku_clear(a)
-X509_EXTENSION *a;
-	{
-	}
-
-static int ku_expand(a)
-X509_EXTENSION *a;
-	{
-	ASN1_BIT_STRING *bs;
-
-	if (a->argp == NULL)
-		{
-		bs=X509v3_unpack_string(NULL,V_ASN1_BIT_STRING,value);
-		if (bs == NULL) return(0);
-		a->argp=(char *)bs;
-		a->ex_free=ASN1_STRING_free;
-		}
-	return(1);
-	}
-
-static int ku_get_bool(a,num)
-X509_EXTENSION *a;
-int num;
-	{
-	int ret;
-	ASN1_BIT_STRING *bs;
-
-	if ((a->argp == NULL) && !ku_expand(a))
-		return(-1);
-	bs=(ASN1_BIT_STRING *)a->argp;
-	ret=ASN1_BIT_STRING_get_bit(bs,num);
-	return(ret);
-	}
-
-static int ku_set_bool(a,num,value)
-X509_EXTENSION *a;
-int num;
-int value;
-	{
-	ASN1_BIT_STRING *a;
-
-	if ((a->argp == NULL) && !ku_expand(a))
-		return(0);
-	bs=(ASN1_BIT_STRING *)a->argp;
-	ret=ASN1_BIT_STRING_set_bit(bs,num,value);
-	}
-
-static int ku_a2i(bio,a,buf,len)
-BIO *bio;
-X509_EXTENSION *a;
-char *buf;
-int len;
-	{
-	get token
-	}
-
-static char ku_names[X509v3_N_KU_NUM]={
-	X509v3_S_KU_digitalSignature,
-	X509v3_S_KU_nonRepudiation,
-	X509v3_S_KU_keyEncipherment,
-	X509v3_S_KU_dataEncipherment,
-	X509v3_S_KU_keyAgreement,
-	X509v3_S_KU_keyCertSign,
-	X509v3_S_KU_cRLSign,
-	X509v3_S_KU_encipherOnly,
-	X509v3_S_KU_decipherOnly,
-	};
-
-static int ku_i2a(bio,a);
-BIO *bio;
-X509_EXTENSION *a;
-	{
-	int i,first=1;
-	char *c;
-
-	for (i=0; i<X509v3_N_KU_NUM; i++)
-		{
-		if (ku_get_bool(a,i) > 0)
-			{
-			BIO_printf(bio,"%s%s",((first)?"":" "),ku_names[i]);
-			first=0;
-			}
-		}
-	}
-
-/***********************/
-
-int X509v3_get_key_usage(x,ret)
-STACK *x;
-unsigned long *ret;
-	{
-	X509_EXTENSION *ext;
-	ASN1_STRING *st;
-	char *p;
-	int i;
-
-	i=X509_get_ext_by_NID(x,NID_key_usage,-1);
-	if (i < 0) return(X509v3_KU_UNDEF);
-	ext=X509_get_ext(x,i);
-	st=X509v3_unpack_string(NULL,V_ASN1_BIT_STRING,
-		X509_EXTENSION_get_data(X509_get_ext(x,i)));
-
-	p=ASN1_STRING_data(st);
-	if (ASN1_STRING_length(st) == 1)
-		i=p[0];
-	else if (ASN1_STRING_length(st) == 2)
-		i=p[0]|(p[1]<<8);
-	else
-		i=0;
-	return(i);
-	}
-
-static struct
-	{
-	char *name;
-	unsigned int value;
-	} key_usage_data[] ={
-	{"digitalSignature",	X509v3_KU_DIGITAL_SIGNATURE},
-	{"nonRepudiation",	X509v3_KU_NON_REPUDIATION},
-	{"keyEncipherment",	X509v3_KU_KEY_ENCIPHERMENT},
-	{"dataEncipherment",	X509v3_KU_DATA_ENCIPHERMENT},
-	{"keyAgreement",	X509v3_KU_KEY_AGREEMENT},
-	{"keyCertSign",		X509v3_KU_KEY_CERT_SIGN},
-	{"cRLSign",		X509v3_KU_CRL_SIGN},
-	{"encipherOnly",	X509v3_KU_ENCIPHER_ONLY},
-	{"decipherOnly",	X509v3_KU_DECIPHER_ONLY},
-	{NULL,0},
-	};
-
-#if 0
-static int a2i_key_usage(x,str,len)
-X509 *x;
-char *str;
-int len;
-	{
-	return(X509v3_set_key_usage(x,a2i_X509v3_key_usage(str)));
-	}
-
-static int i2a_key_usage(bp,x)
-BIO *bp;
-X509 *x;
-	{
-	return(i2a_X509v3_key_usage(bp,X509v3_get_key_usage(x)));
-	}
-#endif
-
-int i2a_X509v3_key_usage(bp,use)
-BIO *bp;
-unsigned int use;
-	{
-	int i=0,first=1;
-
-	for (;;)
-		{
-		if (use | key_usage_data[i].value)
-			{
-			BIO_printf(bp,"%s%s",((first)?"":" "),
-				key_usage_data[i].name);
-			first=0;
-			}
-		}
-	return(1);
-	}
-
-unsigned int a2i_X509v3_key_usage(p)
-char *p;
-	{
-	unsigned int ret=0;
-	char *q,*s;
-	int i,n;
-
-	q=p;
-	for (;;)
-		{
-		while ((*q != '\0') && isalnum(*q))
-			q++;
-		if (*q == '\0') break;
-		s=q++;
-		while (isalnum(*q))
-			q++;
-		n=q-s;
-		i=0;
-		for (;;)
-			{
-			if (strncmp(key_usage_data[i].name,s,n) == 0)
-				{
-				ret|=key_usage_data[i].value;
-				break;
-				}
-			i++;
-			if (key_usage_data[i].name == NULL)
-				return(X509v3_KU_UNDEF);
-			}
-		}
-	return(ret);
-	}
-
-int X509v3_set_key_usage(x,use)
-X509 *x;
-unsigned int use;
-	{
-	ASN1_OCTET_STRING *os;
-	X509_EXTENSION *ext;
-	int i;
-	unsigned char data[4];
-
-	i=X509_get_ext_by_NID(x,NID_key_usage,-1);
-	if (i < 0)
-		{
-		i=X509_get_ext_count(x)+1;
-		if ((ext=X509_EXTENSION_new()) == NULL) return(0);
-		if (!X509_add_ext(x,ext,i))
-			{
-			X509_EXTENSION_free(ext);
-			return(0);
-			}
-		}
-	else
-		ext=X509_get_ext(x,i);
-
-	/* fill in 'ext' */
-	os=X509_EXTENSION_get_data(ext);
-
-	i=0;
-	if (use > 0)
-		{
-		i=1;
-		data[0]=use&0xff;
-		}
-	if (use > 0xff)
-		{
-		i=2;
-		data[1]=(use>>8)&0xff;
-		}
-	return((X509v3_pack_string(&os,V_ASN1_BIT_STRING,data,i) == NULL)?0:1);
-	}
-
diff --git a/lib/libssl/src/crypto/x509v3/v3_lib.c b/lib/libssl/src/crypto/x509v3/v3_lib.c
new file mode 100644
index 00000000000..a0aa5de794d
--- /dev/null
+++ b/lib/libssl/src/crypto/x509v3/v3_lib.c
@@ -0,0 +1,177 @@
+/* v3_lib.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* X509 v3 extension utilities */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+static STACK *ext_list = NULL;
+
+static int ext_cmp(X509V3_EXT_METHOD **a, X509V3_EXT_METHOD **b);
+static void ext_list_free(X509V3_EXT_METHOD *ext);
+
+int X509V3_EXT_add(X509V3_EXT_METHOD *ext)
+{
+	if(!ext_list && !(ext_list = sk_new(ext_cmp))) {
+		X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	if(!sk_push(ext_list, (char *)ext)) {
+		X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	return 1;
+}
+
+static int ext_cmp(X509V3_EXT_METHOD **a, X509V3_EXT_METHOD **b)
+{
+	return ((*a)->ext_nid - (*b)->ext_nid);
+}
+
+X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
+{
+	X509V3_EXT_METHOD tmp;
+	int idx;
+	tmp.ext_nid = nid;
+	if(!ext_list || (tmp.ext_nid < 0) ) return NULL;
+	idx = sk_find(ext_list, (char *)&tmp);
+	if(idx == -1) return NULL;
+	return (X509V3_EXT_METHOD *)sk_value(ext_list, idx);
+}
+
+X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
+{
+	int nid;
+	if((nid = OBJ_obj2nid(ext->object)) == NID_undef) return NULL;
+	return X509V3_EXT_get_nid(nid);
+}
+
+
+int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist)
+{
+	for(;extlist->ext_nid!=-1;extlist++) 
+			if(!X509V3_EXT_add(extlist)) return 0;
+	return 1;
+}
+
+int X509V3_EXT_add_alias(int nid_to, int nid_from)
+{
+	X509V3_EXT_METHOD *ext, *tmpext;
+	if(!(ext = X509V3_EXT_get_nid(nid_from))) {
+		X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,X509V3_R_EXTENSION_NOT_FOUND);
+		return 0;
+	}
+	if(!(tmpext = (X509V3_EXT_METHOD *)Malloc(sizeof(X509V3_EXT_METHOD)))) {
+		X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	*tmpext = *ext;
+	tmpext->ext_nid = nid_to;
+	tmpext->ext_flags |= X509V3_EXT_DYNAMIC;
+	return 1;
+}
+
+void X509V3_EXT_cleanup(void)
+{
+	sk_pop_free(ext_list, ext_list_free);
+	ext_list = NULL;
+}
+
+static void ext_list_free(X509V3_EXT_METHOD *ext)
+{
+	if(ext->ext_flags & X509V3_EXT_DYNAMIC) Free(ext);
+}
+
+extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
+extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet;
+extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
+
+extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_cpols, v3_crld;
+
+int X509V3_add_standard_extensions(void)
+{
+	X509V3_EXT_add_list(v3_ns_ia5_list);
+	X509V3_EXT_add_list(v3_alt);
+	X509V3_EXT_add(&v3_bcons);
+	X509V3_EXT_add(&v3_nscert);
+	X509V3_EXT_add(&v3_key_usage);
+	X509V3_EXT_add(&v3_ext_ku);
+	X509V3_EXT_add(&v3_skey_id);
+	X509V3_EXT_add(&v3_akey_id);
+	X509V3_EXT_add(&v3_pkey_usage_period);
+	X509V3_EXT_add(&v3_crl_num);
+	X509V3_EXT_add(&v3_sxnet);
+	X509V3_EXT_add(&v3_crl_reason);
+	X509V3_EXT_add(&v3_cpols);
+	X509V3_EXT_add(&v3_crld);
+	return 1;
+}
+
+/* Return an extension internal structure */
+
+void *X509V3_EXT_d2i(X509_EXTENSION *ext)
+{
+	X509V3_EXT_METHOD *method;
+	unsigned char *p;
+	if(!(method = X509V3_EXT_get(ext)) || !method->d2i) return NULL;
+	p = ext->value->data;
+	return method->d2i(NULL, &p, ext->value->length);
+}
+
diff --git a/lib/libssl/src/crypto/x509v3/v3_pku.c b/lib/libssl/src/crypto/x509v3/v3_pku.c
new file mode 100644
index 00000000000..c13e7d8f45b
--- /dev/null
+++ b/lib/libssl/src/crypto/x509v3/v3_pku.c
@@ -0,0 +1,151 @@
+/* v3_pku.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/x509v3.h>
+
+static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *usage, BIO *out, int indent);
+/*
+static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
+*/
+X509V3_EXT_METHOD v3_pkey_usage_period = {
+NID_private_key_usage_period, 0,
+(X509V3_EXT_NEW)PKEY_USAGE_PERIOD_new,
+(X509V3_EXT_FREE)PKEY_USAGE_PERIOD_free,
+(X509V3_EXT_D2I)d2i_PKEY_USAGE_PERIOD,
+(X509V3_EXT_I2D)i2d_PKEY_USAGE_PERIOD,
+NULL, NULL, NULL, NULL,
+(X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL,
+NULL
+};
+
+int i2d_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD *a, unsigned char **pp)
+{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len_IMP_opt (a->notBefore, i2d_ASN1_GENERALIZEDTIME);
+	M_ASN1_I2D_len_IMP_opt (a->notAfter, i2d_ASN1_GENERALIZEDTIME);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put_IMP_opt (a->notBefore, i2d_ASN1_GENERALIZEDTIME, 0);
+	M_ASN1_I2D_put_IMP_opt (a->notAfter, i2d_ASN1_GENERALIZEDTIME, 1);
+
+	M_ASN1_I2D_finish();
+}
+
+PKEY_USAGE_PERIOD *PKEY_USAGE_PERIOD_new(void)
+{
+	PKEY_USAGE_PERIOD *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, PKEY_USAGE_PERIOD);
+	ret->notBefore = NULL;
+	ret->notAfter = NULL;
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_PKEY_USAGE_PERIOD_NEW);
+}
+
+PKEY_USAGE_PERIOD *d2i_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD **a,
+	     unsigned char **pp, long length)
+{
+	M_ASN1_D2I_vars(a,PKEY_USAGE_PERIOD *,PKEY_USAGE_PERIOD_new);
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get_IMP_opt (ret->notBefore, d2i_ASN1_GENERALIZEDTIME, 0,
+							V_ASN1_GENERALIZEDTIME);
+	M_ASN1_D2I_get_IMP_opt (ret->notAfter, d2i_ASN1_GENERALIZEDTIME, 1,
+							V_ASN1_GENERALIZEDTIME);
+	M_ASN1_D2I_Finish(a, PKEY_USAGE_PERIOD_free, ASN1_F_D2I_PKEY_USAGE_PERIOD);
+}
+
+void PKEY_USAGE_PERIOD_free(PKEY_USAGE_PERIOD *a)
+{
+	if (a == NULL) return;
+	ASN1_GENERALIZEDTIME_free(a->notBefore);
+	ASN1_GENERALIZEDTIME_free(a->notAfter);
+	Free ((char *)a);
+}
+
+static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
+	     PKEY_USAGE_PERIOD *usage, BIO *out, int indent)
+{
+	BIO_printf(out, "%*s", indent, "");
+	if(usage->notBefore) {
+		BIO_write(out, "Not Before: ", 12);
+		ASN1_GENERALIZEDTIME_print(out, usage->notBefore);
+		if(usage->notAfter) BIO_write(out, ", ", 2);
+	}
+	if(usage->notAfter) {
+		BIO_write(out, "Not After: ", 11);
+		ASN1_GENERALIZEDTIME_print(out, usage->notAfter);
+	}
+	return 1;
+}
+
+/*
+static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(method, ctx, values)
+X509V3_EXT_METHOD *method;
+X509V3_CTX *ctx;
+STACK_OF(CONF_VALUE) *values;
+{
+return NULL;
+}
+*/
diff --git a/lib/libssl/src/crypto/x509v3/v3_prn.c b/lib/libssl/src/crypto/x509v3/v3_prn.c
new file mode 100644
index 00000000000..dc20c6bdba6
--- /dev/null
+++ b/lib/libssl/src/crypto/x509v3/v3_prn.c
@@ -0,0 +1,135 @@
+/* v3_prn.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* X509 v3 extension utilities */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+/* Extension printing routines */
+
+/* Print out a name+value stack */
+
+void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml)
+{
+	int i;
+	CONF_VALUE *nval;
+	if(!val) return;
+	if(!ml || !sk_CONF_VALUE_num(val)) {
+		BIO_printf(out, "%*s", indent, "");
+		if(!sk_CONF_VALUE_num(val)) BIO_puts(out, "<EMPTY>\n");
+	}
+	for(i = 0; i < sk_CONF_VALUE_num(val); i++) {
+		if(ml) BIO_printf(out, "%*s", indent, "");
+		else if(i > 0) BIO_printf(out, ", ");
+		nval = sk_CONF_VALUE_value(val, i);
+		if(!nval->name) BIO_puts(out, nval->value);
+		else if(!nval->value) BIO_puts(out, nval->name);
+		else BIO_printf(out, "%s:%s", nval->name, nval->value);
+		if(ml) BIO_puts(out, "\n");
+	}
+}
+
+/* Main routine: print out a general extension */
+
+int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent)
+{
+	char *ext_str = NULL, *value = NULL;
+	unsigned char *p;
+	X509V3_EXT_METHOD *method;	
+	STACK_OF(CONF_VALUE) *nval = NULL;
+	int ok = 1;
+	if(!(method = X509V3_EXT_get(ext))) return 0;
+	p = ext->value->data;
+	if(!(ext_str = method->d2i(NULL, &p, ext->value->length))) return 0;
+	if(method->i2s) {
+		if(!(value = method->i2s(method, ext_str))) {
+			ok = 0;
+			goto err;
+		}
+		BIO_printf(out, "%*s%s", indent, "", value);
+	} else if(method->i2v) {
+		if(!(nval = method->i2v(method, ext_str, NULL))) {
+			ok = 0;
+			goto err;
+		}
+		X509V3_EXT_val_prn(out, nval, indent,
+				 method->ext_flags & X509V3_EXT_MULTILINE);
+	} else if(method->i2r) {
+		if(!method->i2r(method, ext_str, out, indent)) ok = 0;
+	} else ok = 0;
+
+	err:
+		sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
+		if(value) Free(value);
+		method->ext_free(ext_str);
+		return ok;
+}
+
+#ifndef NO_FP_API
+int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent)
+{
+	BIO *bio_tmp;
+	int ret;
+	if(!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE))) return 0;
+	ret = X509V3_EXT_print(bio_tmp, ext, flag, indent);
+	BIO_free(bio_tmp);
+	return ret;
+}
+#endif
diff --git a/lib/libssl/src/crypto/x509v3/v3_skey.c b/lib/libssl/src/crypto/x509v3/v3_skey.c
new file mode 100644
index 00000000000..fb3e36014d6
--- /dev/null
+++ b/lib/libssl/src/crypto/x509v3/v3_skey.c
@@ -0,0 +1,156 @@
+/* v3_skey.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509v3.h>
+
+static ASN1_OCTET_STRING *octet_string_new(void);
+static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
+X509V3_EXT_METHOD v3_skey_id = { 
+NID_subject_key_identifier, 0,
+(X509V3_EXT_NEW)octet_string_new,
+(X509V3_EXT_FREE)ASN1_STRING_free,
+(X509V3_EXT_D2I)d2i_ASN1_OCTET_STRING,
+(X509V3_EXT_I2D)i2d_ASN1_OCTET_STRING,
+(X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
+(X509V3_EXT_S2I)s2i_skey_id,
+NULL, NULL, NULL, NULL, NULL};
+
+
+static ASN1_OCTET_STRING *octet_string_new(void)
+{
+	return ASN1_OCTET_STRING_new();
+}
+
+char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
+	     ASN1_OCTET_STRING *oct)
+{
+	return hex_to_string(oct->data, oct->length);
+}
+
+ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
+	     X509V3_CTX *ctx, char *str)
+{
+	ASN1_OCTET_STRING *oct;
+	long length;
+
+	if(!(oct = ASN1_OCTET_STRING_new())) {
+		X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+
+	if(!(oct->data = string_to_hex(str, &length))) {
+		ASN1_OCTET_STRING_free(oct);
+		return NULL;
+	}
+
+	oct->length = length;
+
+	return oct;
+
+}
+
+static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
+	     X509V3_CTX *ctx, char *str)
+{
+	ASN1_OCTET_STRING *oct;
+	ASN1_BIT_STRING *pk;
+	unsigned char pkey_dig[EVP_MAX_MD_SIZE];
+	EVP_MD_CTX md;
+	unsigned int diglen;
+
+	if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str);
+
+	if(!(oct = ASN1_OCTET_STRING_new())) {
+		X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+
+	if(ctx && (ctx->flags == CTX_TEST)) return oct;
+
+	if(!ctx || (!ctx->subject_req && !ctx->subject_cert)) {
+		X509V3err(X509V3_F_S2I_ASN1_SKEY_ID,X509V3_R_NO_PUBLIC_KEY);
+		goto err;
+	}
+
+	if(ctx->subject_req) 
+		pk = ctx->subject_req->req_info->pubkey->public_key;
+	else pk = ctx->subject_cert->cert_info->key->public_key;
+
+	if(!pk) {
+		X509V3err(X509V3_F_S2I_ASN1_SKEY_ID,X509V3_R_NO_PUBLIC_KEY);
+		goto err;
+	}
+
+	EVP_DigestInit(&md, EVP_sha1());
+	EVP_DigestUpdate(&md, pk->data, pk->length);
+	EVP_DigestFinal(&md, pkey_dig, &diglen);
+
+	if(!ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
+		X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
+		goto err;
+	}
+
+	return oct;
+	
+	err:
+	ASN1_OCTET_STRING_free(oct);
+	return NULL;
+}
diff --git a/lib/libssl/src/crypto/x509v3/v3_sxnet.c b/lib/libssl/src/crypto/x509v3/v3_sxnet.c
new file mode 100644
index 00000000000..0687bb4e3d0
--- /dev/null
+++ b/lib/libssl/src/crypto/x509v3/v3_sxnet.c
@@ -0,0 +1,340 @@
+/* v3_sxnet.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/x509v3.h>
+
+/* Support for Thawte strong extranet extension */
+
+#define SXNET_TEST
+
+static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, int indent);
+#ifdef SXNET_TEST
+static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+						STACK_OF(CONF_VALUE) *nval);
+#endif
+X509V3_EXT_METHOD v3_sxnet = {
+NID_sxnet, X509V3_EXT_MULTILINE,
+(X509V3_EXT_NEW)SXNET_new,
+(X509V3_EXT_FREE)SXNET_free,
+(X509V3_EXT_D2I)d2i_SXNET,
+(X509V3_EXT_I2D)i2d_SXNET,
+NULL, NULL,
+NULL, 
+#ifdef SXNET_TEST
+(X509V3_EXT_V2I)sxnet_v2i,
+#else
+NULL,
+#endif
+(X509V3_EXT_I2R)sxnet_i2r,
+NULL,
+NULL
+};
+
+
+int i2d_SXNET(SXNET *a, unsigned char **pp)
+{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len (a->version, i2d_ASN1_INTEGER);
+	M_ASN1_I2D_len_SEQUENCE_type (SXNETID, a->ids, i2d_SXNETID);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put (a->version, i2d_ASN1_INTEGER);
+	M_ASN1_I2D_put_SEQUENCE_type (SXNETID, a->ids, i2d_SXNETID);
+
+	M_ASN1_I2D_finish();
+}
+
+SXNET *SXNET_new(void)
+{
+	SXNET *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, SXNET);
+	M_ASN1_New(ret->version,ASN1_INTEGER_new);
+	M_ASN1_New(ret->ids,sk_SXNETID_new_null);
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_SXNET_NEW);
+}
+
+SXNET *d2i_SXNET(SXNET **a, unsigned char **pp, long length)
+{
+	M_ASN1_D2I_vars(a,SXNET *,SXNET_new);
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get (ret->version, d2i_ASN1_INTEGER);
+	M_ASN1_D2I_get_seq_type (SXNETID, ret->ids, d2i_SXNETID, SXNETID_free);
+	M_ASN1_D2I_Finish(a, SXNET_free, ASN1_F_D2I_SXNET);
+}
+
+void SXNET_free(SXNET *a)
+{
+	if (a == NULL) return;
+	ASN1_INTEGER_free(a->version);
+	sk_SXNETID_pop_free(a->ids, SXNETID_free);
+	Free (a);
+}
+
+int i2d_SXNETID(SXNETID *a, unsigned char **pp)
+{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len (a->zone, i2d_ASN1_INTEGER);
+	M_ASN1_I2D_len (a->user, i2d_ASN1_OCTET_STRING);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put (a->zone, i2d_ASN1_INTEGER);
+	M_ASN1_I2D_put (a->user, i2d_ASN1_OCTET_STRING);
+
+	M_ASN1_I2D_finish();
+}
+
+SXNETID *SXNETID_new(void)
+{
+	SXNETID *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, SXNETID);
+	ret->zone = NULL;
+	M_ASN1_New(ret->user,ASN1_OCTET_STRING_new);
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_SXNETID_NEW);
+}
+
+SXNETID *d2i_SXNETID(SXNETID **a, unsigned char **pp, long length)
+{
+	M_ASN1_D2I_vars(a,SXNETID *,SXNETID_new);
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->zone, d2i_ASN1_INTEGER);
+	M_ASN1_D2I_get(ret->user, d2i_ASN1_OCTET_STRING);
+	M_ASN1_D2I_Finish(a, SXNETID_free, ASN1_F_D2I_SXNETID);
+}
+
+void SXNETID_free(SXNETID *a)
+{
+	if (a == NULL) return;
+	ASN1_INTEGER_free(a->zone);
+	ASN1_OCTET_STRING_free(a->user);
+	Free (a);
+}
+
+static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
+	     int indent)
+{
+	long v;
+	char *tmp;
+	SXNETID *id;
+	int i;
+	v = ASN1_INTEGER_get(sx->version);
+	BIO_printf(out, "%*sVersion: %d (0x%X)", indent, "", v + 1, v);
+	for(i = 0; i < sk_SXNETID_num(sx->ids); i++) {
+		id = sk_SXNETID_value(sx->ids, i);
+		tmp = i2s_ASN1_INTEGER(NULL, id->zone);
+		BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
+		Free(tmp);
+		ASN1_OCTET_STRING_print(out, id->user);
+	}
+	return 1;
+}
+
+#ifdef SXNET_TEST
+
+/* NBB: this is used for testing only. It should *not* be used for anything
+ * else because it will just take static IDs from the configuration file and
+ * they should really be separate values for each user.
+ */
+
+
+static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+	     STACK_OF(CONF_VALUE) *nval)
+{
+	CONF_VALUE *cnf;
+	SXNET *sx = NULL;
+	int i;
+	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+		cnf = sk_CONF_VALUE_value(nval, i);
+		if(!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1))
+								 return NULL;
+	}
+	return sx;
+}
+		
+	
+#endif
+
+/* Strong Extranet utility functions */
+
+/* Add an id given the zone as an ASCII number */
+
+int SXNET_add_id_asc(SXNET **psx, char *zone, char *user,
+	     int userlen)
+{
+	ASN1_INTEGER *izone = NULL;
+	if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
+		X509V3err(X509V3_F_SXNET_ADD_ASC,X509V3_R_ERROR_CONVERTING_ZONE);
+		return 0;
+	}
+	return SXNET_add_id_INTEGER(psx, izone, user, userlen);
+}
+
+/* Add an id given the zone as an unsigned long */
+
+int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user,
+	     int userlen)
+{
+	ASN1_INTEGER *izone = NULL;
+	if(!(izone = ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
+		X509V3err(X509V3_F_SXNET_ADD_ID_ULONG,ERR_R_MALLOC_FAILURE);
+		ASN1_INTEGER_free(izone);
+		return 0;
+	}
+	return SXNET_add_id_INTEGER(psx, izone, user, userlen);
+	
+}
+
+/* Add an id given the zone as an ASN1_INTEGER.
+ * Note this version uses the passed integer and doesn't make a copy so don't
+ * free it up afterwards.
+ */
+
+int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user,
+	     int userlen)
+{
+	SXNET *sx = NULL;
+	SXNETID *id = NULL;
+	if(!psx || !zone || !user) {
+		X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_INVALID_NULL_ARGUMENT);
+		return 0;
+	}
+	if(userlen == -1) userlen = strlen(user);
+	if(userlen > 64) {
+		X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_USER_TOO_LONG);
+		return 0;
+	}
+	if(!*psx) {
+		if(!(sx = SXNET_new())) goto err;
+		if(!ASN1_INTEGER_set(sx->version, 0)) goto err;
+		*psx = sx;
+	} else sx = *psx;
+	if(SXNET_get_id_INTEGER(sx, zone)) {
+		X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_DUPLICATE_ZONE_ID);
+		return 0;
+	}
+
+	if(!(id = SXNETID_new())) goto err;
+	if(userlen == -1) userlen = strlen(user);
+		
+	if(!ASN1_OCTET_STRING_set(id->user, user, userlen)) goto err;
+	if(!sk_SXNETID_push(sx->ids, id)) goto err;
+	id->zone = zone;
+	return 1;
+	
+	err:
+	X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,ERR_R_MALLOC_FAILURE);
+	SXNETID_free(id);
+	SXNET_free(sx);
+	*psx = NULL;
+	return 0;
+}
+
+ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone)
+{
+	ASN1_INTEGER *izone = NULL;
+	ASN1_OCTET_STRING *oct;
+	if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
+		X509V3err(X509V3_F_SXNET_GET_ID_ASC,X509V3_R_ERROR_CONVERTING_ZONE);
+		return NULL;
+	}
+	oct = SXNET_get_id_INTEGER(sx, izone);
+	ASN1_INTEGER_free(izone);
+	return oct;
+}
+
+ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone)
+{
+	ASN1_INTEGER *izone = NULL;
+	ASN1_OCTET_STRING *oct;
+	if(!(izone = ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
+		X509V3err(X509V3_F_SXNET_GET_ID_ULONG,ERR_R_MALLOC_FAILURE);
+		ASN1_INTEGER_free(izone);
+		return NULL;
+	}
+	oct = SXNET_get_id_INTEGER(sx, izone);
+	ASN1_INTEGER_free(izone);
+	return oct;
+}
+
+ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone)
+{
+	SXNETID *id;
+	int i;
+	for(i = 0; i < sk_SXNETID_num(sx->ids); i++) {
+		id = sk_SXNETID_value(sx->ids, i);
+		if(!ASN1_INTEGER_cmp(id->zone, zone)) return id->user;
+	}
+	return NULL;
+}
+
+IMPLEMENT_STACK_OF(SXNETID)
+IMPLEMENT_ASN1_SET_OF(SXNETID)
diff --git a/lib/libssl/src/crypto/x509v3/v3_utl.c b/lib/libssl/src/crypto/x509v3/v3_utl.c
new file mode 100644
index 00000000000..40f71c71b4f
--- /dev/null
+++ b/lib/libssl/src/crypto/x509v3/v3_utl.c
@@ -0,0 +1,418 @@
+/* v3_utl.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* X509 v3 extension utilities */
+
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+static char *strip_spaces(char *name);
+
+/* Add a CONF_VALUE name value pair to stack */
+
+int X509V3_add_value(const char *name, const char *value,
+						STACK_OF(CONF_VALUE) **extlist)
+{
+	CONF_VALUE *vtmp = NULL;
+	char *tname = NULL, *tvalue = NULL;
+	if(name && !(tname = BUF_strdup(name))) goto err;
+	if(value && !(tvalue = BUF_strdup(value))) goto err;;
+	if(!(vtmp = (CONF_VALUE *)Malloc(sizeof(CONF_VALUE)))) goto err;
+	if(!*extlist && !(*extlist = sk_CONF_VALUE_new(NULL))) goto err;
+	vtmp->section = NULL;
+	vtmp->name = tname;
+	vtmp->value = tvalue;
+	if(!sk_CONF_VALUE_push(*extlist, vtmp)) goto err;
+	return 1;
+	err:
+	X509V3err(X509V3_F_X509V3_ADD_VALUE,ERR_R_MALLOC_FAILURE);
+	if(vtmp) Free(vtmp);
+	if(tname) Free(tname);
+	if(tvalue) Free(tvalue);
+	return 0;
+}
+
+int X509V3_add_value_uchar(const char *name, const unsigned char *value,
+			   STACK_OF(CONF_VALUE) **extlist)
+    {
+    return X509V3_add_value(name,(const char *)value,extlist);
+    }
+
+/* Free function for STACK_OF(CONF_VALUE) */
+
+void X509V3_conf_free(CONF_VALUE *conf)
+{
+	if(!conf) return;
+	if(conf->name) Free(conf->name);
+	if(conf->value) Free(conf->value);
+	if(conf->section) Free(conf->section);
+	Free((char *)conf);
+}
+
+int X509V3_add_value_bool(const char *name, int asn1_bool,
+						STACK_OF(CONF_VALUE) **extlist)
+{
+	if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
+	return X509V3_add_value(name, "FALSE", extlist);
+}
+
+int X509V3_add_value_bool_nf(char *name, int asn1_bool,
+						STACK_OF(CONF_VALUE) **extlist)
+{
+	if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
+	return 1;
+}
+
+
+char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *a)
+{
+	BIGNUM *bntmp = NULL;
+	char *strtmp = NULL;
+	if(!a) return NULL;
+	if(!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) ||
+	    !(strtmp = BN_bn2dec(bntmp)) )
+		X509V3err(X509V3_F_I2S_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
+	BN_free(bntmp);
+	return strtmp;
+}
+
+char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a)
+{
+	BIGNUM *bntmp = NULL;
+	char *strtmp = NULL;
+	if(!a) return NULL;
+	if(!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) ||
+	    !(strtmp = BN_bn2dec(bntmp)) )
+		X509V3err(X509V3_F_I2S_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
+	BN_free(bntmp);
+	return strtmp;
+}
+
+ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
+{
+	BIGNUM *bn = NULL;
+	ASN1_INTEGER *aint;
+	bn = BN_new();
+	if(!value) {
+		X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_INVALID_NULL_VALUE);
+		return 0;
+	}
+	if(!BN_dec2bn(&bn, value)) {
+		X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_DEC2BN_ERROR);
+		return 0;
+	}
+
+	if(!(aint = BN_to_ASN1_INTEGER(bn, NULL))) {
+		X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_TO_ASN1_INTEGER_ERROR);
+		return 0;
+	}
+	BN_free(bn);
+	return aint;
+}
+
+int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
+	     STACK_OF(CONF_VALUE) **extlist)
+{
+	char *strtmp;
+	int ret;
+	if(!aint) return 1;
+	if(!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) return 0;
+	ret = X509V3_add_value(name, strtmp, extlist);
+	Free(strtmp);
+	return ret;
+}
+
+int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool)
+{
+	char *btmp;
+	if(!(btmp = value->value)) goto err;
+	if(!strcmp(btmp, "TRUE") || !strcmp(btmp, "true")
+		 || !strcmp(btmp, "Y") || !strcmp(btmp, "y")
+		|| !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) {
+		*asn1_bool = 0xff;
+		return 1;
+	} else if(!strcmp(btmp, "FALSE") || !strcmp(btmp, "false")
+		 || !strcmp(btmp, "N") || !strcmp(btmp, "n")
+		|| !strcmp(btmp, "NO") || !strcmp(btmp, "no")) {
+		*asn1_bool = 0;
+		return 1;
+	}
+	err:
+	X509V3err(X509V3_F_X509V3_GET_VALUE_BOOL,X509V3_R_INVALID_BOOLEAN_STRING);
+	X509V3_conf_err(value);
+	return 0;
+}
+
+int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint)
+{
+	ASN1_INTEGER *itmp;
+	if(!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) {
+		X509V3_conf_err(value);
+		return 0;
+	}
+	*aint = itmp;
+	return 1;
+}
+
+#define HDR_NAME	1
+#define HDR_VALUE	2
+
+/*#define DEBUG*/
+
+STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line)
+{
+	char *p, *q, c;
+	char *ntmp, *vtmp;
+	STACK_OF(CONF_VALUE) *values = NULL;
+	char *linebuf;
+	int state;
+	/* We are going to modify the line so copy it first */
+	linebuf = BUF_strdup(line);
+	state = HDR_NAME;
+	ntmp = NULL;
+	/* Go through all characters */
+	for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
+
+		switch(state) {
+			case HDR_NAME:
+			if(c == ':') {
+				state = HDR_VALUE;
+				*p = 0;
+				ntmp = strip_spaces(q);
+				if(!ntmp) {
+					X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
+					goto err;
+				}
+				q = p + 1;
+			} else if(c == ',') {
+				*p = 0;
+				ntmp = strip_spaces(q);
+				q = p + 1;
+#ifdef DEBUG
+				printf("%s\n", ntmp);
+#endif
+				if(!ntmp) {
+					X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
+					goto err;
+				}
+				X509V3_add_value(ntmp, NULL, &values);
+			}
+			break ;
+
+			case HDR_VALUE:
+			if(c == ',') {
+				state = HDR_NAME;
+				*p = 0;
+				vtmp = strip_spaces(q);
+#ifdef DEBUG
+				printf("%s\n", ntmp);
+#endif
+				if(!vtmp) {
+					X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
+					goto err;
+				}
+				X509V3_add_value(ntmp, vtmp, &values);
+				ntmp = NULL;
+				q = p + 1;
+			}
+
+		}
+	}
+
+	if(state == HDR_VALUE) {
+		vtmp = strip_spaces(q);
+#ifdef DEBUG
+		printf("%s=%s\n", ntmp, vtmp);
+#endif
+		if(!vtmp) {
+			X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
+			goto err;
+		}
+		X509V3_add_value(ntmp, vtmp, &values);
+	} else {
+		ntmp = strip_spaces(q);
+#ifdef DEBUG
+		printf("%s\n", ntmp);
+#endif
+		if(!ntmp) {
+			X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
+			goto err;
+		}
+		X509V3_add_value(ntmp, NULL, &values);
+	}
+Free(linebuf);
+return values;
+
+err:
+Free(linebuf);
+sk_CONF_VALUE_pop_free(values, X509V3_conf_free);
+return NULL;
+
+}
+
+/* Delete leading and trailing spaces from a string */
+static char *strip_spaces(char *name)
+{
+	char *p, *q;
+	/* Skip over leading spaces */
+	p = name;
+	while(*p && isspace((unsigned char)*p)) p++;
+	if(!*p) return NULL;
+	q = p + strlen(p) - 1;
+	while((q != p) && isspace((unsigned char)*q)) q--;
+	if(p != q) q[1] = 0;
+	if(!*p) return NULL;
+	return p;
+}
+
+/* hex string utilities */
+
+/* Given a buffer of length 'len' return a Malloc'ed string with its
+ * hex representation
+ */
+
+char *hex_to_string(unsigned char *buffer, long len)
+{
+	char *tmp, *q;
+	unsigned char *p;
+	int i;
+	static char hexdig[] = "0123456789ABCDEF";
+	if(!buffer || !len) return NULL;
+	if(!(tmp = Malloc(len * 3 + 1))) {
+		X509V3err(X509V3_F_HEX_TO_STRING,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	q = tmp;
+	for(i = 0, p = buffer; i < len; i++,p++) {
+		*q++ = hexdig[(*p >> 4) & 0xf];
+		*q++ = hexdig[*p & 0xf];
+		*q++ = ':';
+	}
+	q[-1] = 0;
+	return tmp;
+}
+
+/* Give a string of hex digits convert to
+ * a buffer
+ */
+
+unsigned char *string_to_hex(char *str, long *len)
+{
+	unsigned char *hexbuf, *q;
+	unsigned char ch, cl, *p;
+	if(!str) {
+		X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_INVALID_NULL_ARGUMENT);
+		return NULL;
+	}
+	if(!(hexbuf = Malloc(strlen(str) >> 1))) goto err;
+	for(p = (unsigned char *)str, q = hexbuf; *p;) {
+		ch = *p++;
+		if(ch == ':') continue;
+		cl = *p++;
+		if(!cl) {
+			X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ODD_NUMBER_OF_DIGITS);
+			Free(hexbuf);
+			return NULL;
+		}
+		if(isupper(ch)) ch = tolower(ch);
+		if(isupper(cl)) cl = tolower(cl);
+
+		if((ch >= '0') && (ch <= '9')) ch -= '0';
+		else if ((ch >= 'a') && (ch <= 'f')) ch -= 'a' - 10;
+		else goto badhex;
+
+		if((cl >= '0') && (cl <= '9')) cl -= '0';
+		else if ((cl >= 'a') && (cl <= 'f')) cl -= 'a' - 10;
+		else goto badhex;
+
+		*q++ = (ch << 4) | cl;
+	}
+
+	if(len) *len = q - hexbuf;
+
+	return hexbuf;
+
+	err:
+	if(hexbuf) Free(hexbuf);
+	X509V3err(X509V3_F_STRING_TO_HEX,ERR_R_MALLOC_FAILURE);
+	return NULL;
+
+	badhex:
+	Free(hexbuf);
+	X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ILLEGAL_HEX_DIGIT);
+	return NULL;
+
+}
+
+/* V2I name comparison function: returns zero if 'name' matches
+ * cmp or cmp.*
+ */
+
+int name_cmp(const char *name, const char *cmp)
+{
+	int len, ret;
+	char c;
+	len = strlen(cmp);
+	if((ret = strncmp(name, cmp, len))) return ret;
+	c = name[len];
+	if(!c || (c=='.')) return 0;
+	return 1;
+}
diff --git a/lib/libssl/src/crypto/x509v3/v3conf.c b/lib/libssl/src/crypto/x509v3/v3conf.c
new file mode 100644
index 00000000000..21cf746f459
--- /dev/null
+++ b/lib/libssl/src/crypto/x509v3/v3conf.c
@@ -0,0 +1,128 @@
+/* v3conf.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/conf.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+/* Test application to add extensions from a config file */
+
+int main(int argc, char **argv)
+{
+	LHASH *conf;
+	X509 *cert;
+	FILE *inf;
+	char *conf_file;
+	int i;
+	int count;
+	X509_EXTENSION *ext;
+	X509V3_add_standard_extensions();
+	ERR_load_crypto_strings();
+	if(!argv[1]) {
+		fprintf(stderr, "Usage: v3conf cert.pem [file.cnf]\n");
+		exit(1);
+	}
+	conf_file = argv[2];
+	if(!conf_file) conf_file = "test.cnf";
+	conf = CONF_load(NULL, "test.cnf", NULL);
+	if(!conf) {
+		fprintf(stderr, "Error opening Config file %s\n", conf_file);
+		ERR_print_errors_fp(stderr);
+		exit(1);
+	}
+
+	inf = fopen(argv[1], "r");
+	if(!inf) {
+		fprintf(stderr, "Can't open certificate file %s\n", argv[1]);
+		exit(1);
+	}
+	cert = PEM_read_X509(inf, NULL, NULL);
+	if(!cert) {
+		fprintf(stderr, "Error reading certificate file %s\n", argv[1]);
+		exit(1);
+	}
+	fclose(inf);
+
+	sk_pop_free(cert->cert_info->extensions, X509_EXTENSION_free);
+	cert->cert_info->extensions = NULL;
+
+	if(!X509V3_EXT_add_conf(conf, NULL, "test_section", cert)) {
+		fprintf(stderr, "Error adding extensions\n");
+		ERR_print_errors_fp(stderr);
+		exit(1);
+	}
+
+	count = X509_get_ext_count(cert);
+	printf("%d extensions\n", count);
+	for(i = 0; i < count; i++) {
+		ext = X509_get_ext(cert, i);
+		printf("%s", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
+		if(ext->critical) printf(",critical:\n");
+		else printf(":\n");
+		X509V3_EXT_print_fp(stdout, ext, 0);
+		printf("\n");
+		
+	}
+	return 0;
+}
+
diff --git a/lib/libssl/src/crypto/x509v3/v3err.c b/lib/libssl/src/crypto/x509v3/v3err.c
new file mode 100644
index 00000000000..50efa8d99d8
--- /dev/null
+++ b/lib/libssl/src/crypto/x509v3/v3err.c
@@ -0,0 +1,171 @@
+/* crypto/x509v3/v3err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/x509v3.h>
+
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA X509V3_str_functs[]=
+	{
+{ERR_PACK(0,X509V3_F_COPY_EMAIL,0),	"COPY_EMAIL"},
+{ERR_PACK(0,X509V3_F_COPY_ISSUER,0),	"COPY_ISSUER"},
+{ERR_PACK(0,X509V3_F_DO_EXT_CONF,0),	"DO_EXT_CONF"},
+{ERR_PACK(0,X509V3_F_DO_EXT_I2D,0),	"DO_EXT_I2D"},
+{ERR_PACK(0,X509V3_F_HEX_TO_STRING,0),	"hex_to_string"},
+{ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0),	"i2s_ASN1_ENUMERATED"},
+{ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0),	"i2s_ASN1_INTEGER"},
+{ERR_PACK(0,X509V3_F_NOTICE_SECTION,0),	"NOTICE_SECTION"},
+{ERR_PACK(0,X509V3_F_NREF_NOS,0),	"NREF_NOS"},
+{ERR_PACK(0,X509V3_F_POLICY_SECTION,0),	"POLICY_SECTION"},
+{ERR_PACK(0,X509V3_F_R2I_CERTPOL,0),	"R2I_CERTPOL"},
+{ERR_PACK(0,X509V3_F_S2I_ASN1_IA5STRING,0),	"S2I_ASN1_IA5STRING"},
+{ERR_PACK(0,X509V3_F_S2I_ASN1_INTEGER,0),	"s2i_ASN1_INTEGER"},
+{ERR_PACK(0,X509V3_F_S2I_ASN1_OCTET_STRING,0),	"s2i_ASN1_OCTET_STRING"},
+{ERR_PACK(0,X509V3_F_S2I_ASN1_SKEY_ID,0),	"S2I_ASN1_SKEY_ID"},
+{ERR_PACK(0,X509V3_F_S2I_S2I_SKEY_ID,0),	"S2I_S2I_SKEY_ID"},
+{ERR_PACK(0,X509V3_F_STRING_TO_HEX,0),	"string_to_hex"},
+{ERR_PACK(0,X509V3_F_SXNET_ADD_ASC,0),	"SXNET_ADD_ASC"},
+{ERR_PACK(0,X509V3_F_SXNET_ADD_ID_INTEGER,0),	"SXNET_add_id_INTEGER"},
+{ERR_PACK(0,X509V3_F_SXNET_ADD_ID_ULONG,0),	"SXNET_add_id_ulong"},
+{ERR_PACK(0,X509V3_F_SXNET_GET_ID_ASC,0),	"SXNET_get_id_asc"},
+{ERR_PACK(0,X509V3_F_SXNET_GET_ID_ULONG,0),	"SXNET_get_id_ulong"},
+{ERR_PACK(0,X509V3_F_V2I_ASN1_BIT_STRING,0),	"V2I_ASN1_BIT_STRING"},
+{ERR_PACK(0,X509V3_F_V2I_AUTHORITY_KEYID,0),	"V2I_AUTHORITY_KEYID"},
+{ERR_PACK(0,X509V3_F_V2I_BASIC_CONSTRAINTS,0),	"V2I_BASIC_CONSTRAINTS"},
+{ERR_PACK(0,X509V3_F_V2I_CRLD,0),	"V2I_CRLD"},
+{ERR_PACK(0,X509V3_F_V2I_EXT_KU,0),	"V2I_EXT_KU"},
+{ERR_PACK(0,X509V3_F_V2I_GENERAL_NAME,0),	"v2i_GENERAL_NAME"},
+{ERR_PACK(0,X509V3_F_V2I_GENERAL_NAMES,0),	"v2i_GENERAL_NAMES"},
+{ERR_PACK(0,X509V3_F_V3_GENERIC_EXTENSION,0),	"V3_GENERIC_EXTENSION"},
+{ERR_PACK(0,X509V3_F_X509V3_ADD_VALUE,0),	"X509V3_add_value"},
+{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD,0),	"X509V3_EXT_add"},
+{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD_ALIAS,0),	"X509V3_EXT_add_alias"},
+{ERR_PACK(0,X509V3_F_X509V3_EXT_CONF,0),	"X509V3_EXT_conf"},
+{ERR_PACK(0,X509V3_F_X509V3_EXT_I2D,0),	"X509V3_EXT_i2d"},
+{ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_BOOL,0),	"X509V3_get_value_bool"},
+{ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0),	"X509V3_parse_list"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA X509V3_str_reasons[]=
+	{
+{X509V3_R_BAD_IP_ADDRESS                 ,"bad ip address"},
+{X509V3_R_BAD_OBJECT                     ,"bad object"},
+{X509V3_R_BN_DEC2BN_ERROR                ,"bn dec2bn error"},
+{X509V3_R_BN_TO_ASN1_INTEGER_ERROR       ,"bn to asn1 integer error"},
+{X509V3_R_DUPLICATE_ZONE_ID              ,"duplicate zone id"},
+{X509V3_R_ERROR_CONVERTING_ZONE          ,"error converting zone"},
+{X509V3_R_ERROR_IN_EXTENSION             ,"error in extension"},
+{X509V3_R_EXPECTED_A_SECTION_NAME        ,"expected a section name"},
+{X509V3_R_EXTENSION_NAME_ERROR           ,"extension name error"},
+{X509V3_R_EXTENSION_NOT_FOUND            ,"extension not found"},
+{X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED,"extension setting not supported"},
+{X509V3_R_EXTENSION_VALUE_ERROR          ,"extension value error"},
+{X509V3_R_ILLEGAL_HEX_DIGIT              ,"illegal hex digit"},
+{X509V3_R_INVALID_BOOLEAN_STRING         ,"invalid boolean string"},
+{X509V3_R_INVALID_EXTENSION_STRING       ,"invalid extension string"},
+{X509V3_R_INVALID_NAME                   ,"invalid name"},
+{X509V3_R_INVALID_NULL_ARGUMENT          ,"invalid null argument"},
+{X509V3_R_INVALID_NULL_NAME              ,"invalid null name"},
+{X509V3_R_INVALID_NULL_VALUE             ,"invalid null value"},
+{X509V3_R_INVALID_NUMBER                 ,"invalid number"},
+{X509V3_R_INVALID_NUMBERS                ,"invalid numbers"},
+{X509V3_R_INVALID_OBJECT_IDENTIFIER      ,"invalid object identifier"},
+{X509V3_R_INVALID_OPTION                 ,"invalid option"},
+{X509V3_R_INVALID_POLICY_IDENTIFIER      ,"invalid policy identifier"},
+{X509V3_R_INVALID_SECTION                ,"invalid section"},
+{X509V3_R_ISSUER_DECODE_ERROR            ,"issuer decode error"},
+{X509V3_R_MISSING_VALUE                  ,"missing value"},
+{X509V3_R_NEED_ORGANIZATION_AND_NUMBERS  ,"need organization and numbers"},
+{X509V3_R_NO_CONFIG_DATABASE             ,"no config database"},
+{X509V3_R_NO_ISSUER_CERTIFICATE          ,"no issuer certificate"},
+{X509V3_R_NO_ISSUER_DETAILS              ,"no issuer details"},
+{X509V3_R_NO_POLICY_IDENTIFIER           ,"no policy identifier"},
+{X509V3_R_NO_PUBLIC_KEY                  ,"no public key"},
+{X509V3_R_NO_SUBJECT_DETAILS             ,"no subject details"},
+{X509V3_R_ODD_NUMBER_OF_DIGITS           ,"odd number of digits"},
+{X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS   ,"unable to get issuer details"},
+{X509V3_R_UNABLE_TO_GET_ISSUER_KEYID     ,"unable to get issuer keyid"},
+{X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT    ,"unknown bit string argument"},
+{X509V3_R_UNKNOWN_EXTENSION              ,"unknown extension"},
+{X509V3_R_UNKNOWN_EXTENSION_NAME         ,"unknown extension name"},
+{X509V3_R_UNKNOWN_OPTION                 ,"unknown option"},
+{X509V3_R_UNSUPPORTED_OPTION             ,"unsupported option"},
+{X509V3_R_USER_TOO_LONG                  ,"user too long"},
+{0,NULL}
+	};
+
+#endif
+
+void ERR_load_X509V3_strings(void)
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+#ifndef NO_ERR
+		ERR_load_strings(ERR_LIB_X509V3,X509V3_str_functs);
+		ERR_load_strings(ERR_LIB_X509V3,X509V3_str_reasons);
+#endif
+
+		}
+	}
diff --git a/lib/libssl/src/crypto/x509v3/v3prin.c b/lib/libssl/src/crypto/x509v3/v3prin.c
new file mode 100644
index 00000000000..ee798859f0b
--- /dev/null
+++ b/lib/libssl/src/crypto/x509v3/v3prin.c
@@ -0,0 +1,101 @@
+/* v3prin.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/conf.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+int main(int argc, char **argv)
+{
+	X509 *cert;
+	FILE *inf;
+	int i, count;
+	X509_EXTENSION *ext;
+	X509V3_add_standard_extensions();
+	ERR_load_crypto_strings();
+	if(!argv[1]) {
+		fprintf(stderr, "Usage v3prin cert.pem\n");
+		exit(1);
+	}
+	if(!(inf = fopen(argv[1], "r"))) {
+		fprintf(stderr, "Can't open %s\n", argv[1]);
+		exit(1);
+	}
+	if(!(cert = PEM_read_X509(inf, NULL, NULL))) {
+		fprintf(stderr, "Can't read certificate %s\n", argv[1]);
+		ERR_print_errors_fp(stderr);
+		exit(1);
+	}
+	fclose(inf);
+	count = X509_get_ext_count(cert);
+	printf("%d extensions\n", count);
+	for(i = 0; i < count; i++) {
+		ext = X509_get_ext(cert, i);
+		printf("%s\n", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
+		if(!X509V3_EXT_print_fp(stdout, ext, 0, 0)) ERR_print_errors_fp(stderr);
+		printf("\n");
+		
+	}
+	return 0;
+}
diff --git a/lib/libssl/src/crypto/x509v3/x509v3.h b/lib/libssl/src/crypto/x509v3/x509v3.h
index d7945bc9cdd..4eb04a5a89c 100644
--- a/lib/libssl/src/crypto/x509v3/x509v3.h
+++ b/lib/libssl/src/crypto/x509v3/x509v3.h
@@ -1,87 +1,532 @@
-/* crypto/x509v3/x509v3.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* x509v3.h */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
-#define X509v3_N_KU_digitalSignature	0
-#define X509v3_N_KU_nonRepudiation	1
-#define X509v3_N_KU_keyEncipherment	2
-#define X509v3_N_KU_dataEncipherment	3
-#define X509v3_N_KU_keyAgreement	4
-#define X509v3_N_KU_keyCertSign		5
-#define X509v3_N_KU_cRLSign		6
-#define X509v3_N_KU_encipherOnly	7
-#define X509v3_N_KU_decipherOnly	8
-#define X509v3_N_KU_NUM			9
-#define X509v3_S_KU_digitalSignature	"digitalSignature"
-#define X509v3_S_KU_nonRepudiation	"nonRepudiation"
-#define X509v3_S_KU_keyEncipherment	"keyEncipherment"
-#define X509v3_S_KU_dataEncipherment	"dataEncipherment"
-#define X509v3_S_KU_keyAgreement	"keyAgreement"
-#define X509v3_S_KU_keyCertSign		"keyCertSign"
-#define X509v3_S_KU_cRLSign		"cRLSign"
-#define X509v3_S_KU_encipherOnly	"encipherOnly"
-#define X509v3_S_KU_decipherOnly	"decipherOnly"
-
-
-void X509_ex_clear(X509_EXTENSION *a);
-int X509_ex_get_bool(X509_EXTENSION *a,int num);
-int X509_ex_set_bool(X509_EXTENSION *a,int num,int value);
-int X509_ex_get_str(X509_EXTENSION *a,int index,char **p,int *len);
-int X509_ex_set_str(X509_EXTENSION *a,int oid,int index,char *p,int len);
-char *X509_ex_get_struct(X509_EXTENSION *a,int oid,int index,char **p);
-int X509_ex_set_struct(X509_EXTENSION *a,int index,char *p);
-int a2i_X509_EXTENSION(BIO *bp,X509_EXTENSION *a,char *buf,int len);
-int i2a_X509_EXTENSION(BIO *bp,X509_EXTENSION *a);
+#ifndef HEADER_X509V3_H
+#define HEADER_X509V3_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <openssl/bio.h>
+#include <openssl/x509.h>
+#include <openssl/conf.h>
+
+/* Forward reference */
+struct v3_ext_method;
+struct v3_ext_ctx;
+
+/* Useful typedefs */
+
+typedef void * (*X509V3_EXT_NEW)(void);
+typedef void (*X509V3_EXT_FREE)(void *);
+typedef void * (*X509V3_EXT_D2I)(void *, unsigned char ** , long);
+typedef int (*X509V3_EXT_I2D)(void *, unsigned char **);
+typedef STACK_OF(CONF_VALUE) * (*X509V3_EXT_I2V)(struct v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist);
+typedef void * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values);
+typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext);
+typedef void * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
+typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, void *ext, BIO *out, int indent);
+typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
+
+/* V3 extension structure */
+
+struct v3_ext_method {
+int ext_nid;
+int ext_flags;
+X509V3_EXT_NEW ext_new;
+X509V3_EXT_FREE ext_free;
+X509V3_EXT_D2I d2i;
+X509V3_EXT_I2D i2d;
+
+/* The following pair is used for string extensions */
+X509V3_EXT_I2S i2s;
+X509V3_EXT_S2I s2i;
+
+/* The following pair is used for multi-valued extensions */
+X509V3_EXT_I2V i2v;
+X509V3_EXT_V2I v2i;
+
+/* The following are used for raw extensions */
+X509V3_EXT_I2R i2r;
+X509V3_EXT_R2I r2i;
+
+void *usr_data;	/* Any extension specific data */
+};
+
+typedef struct X509V3_CONF_METHOD_st {
+char * (*get_string)(void *db, char *section, char *value);
+STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section);
+void (*free_string)(void *db, char * string);
+void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
+} X509V3_CONF_METHOD;
+
+/* Context specific info */
+struct v3_ext_ctx {
+#define CTX_TEST 0x1
+int flags;
+X509 *issuer_cert;
+X509 *subject_cert;
+X509_REQ *subject_req;
+X509_CRL *crl;
+X509V3_CONF_METHOD *db_meth;
+void *db;
+/* Maybe more here */
+};
+
+typedef struct v3_ext_method X509V3_EXT_METHOD;
+typedef struct v3_ext_ctx X509V3_CTX;
+
+/* ext_flags values */
+#define X509V3_EXT_DYNAMIC	0x1
+#define X509V3_EXT_CTX_DEP	0x2
+#define X509V3_EXT_MULTILINE	0x4
+
+typedef struct BIT_STRING_BITNAME_st {
+int bitnum;
+const char *lname;
+const char *sname;
+} BIT_STRING_BITNAME;
+
+typedef BIT_STRING_BITNAME ENUMERATED_NAMES;
+
+typedef struct BASIC_CONSTRAINTS_st {
+int ca;
+ASN1_INTEGER *pathlen;
+} BASIC_CONSTRAINTS;
+
+
+typedef struct PKEY_USAGE_PERIOD_st {
+ASN1_GENERALIZEDTIME *notBefore;
+ASN1_GENERALIZEDTIME *notAfter;
+} PKEY_USAGE_PERIOD;
+
+typedef struct GENERAL_NAME_st {
+
+#define GEN_OTHERNAME	(0|V_ASN1_CONTEXT_SPECIFIC)
+#define GEN_EMAIL	(1|V_ASN1_CONTEXT_SPECIFIC)
+#define GEN_DNS		(2|V_ASN1_CONTEXT_SPECIFIC)
+#define GEN_X400	(3|V_ASN1_CONTEXT_SPECIFIC)
+#define GEN_DIRNAME	(4|V_ASN1_CONTEXT_SPECIFIC)
+#define GEN_EDIPARTY	(5|V_ASN1_CONTEXT_SPECIFIC)
+#define GEN_URI		(6|V_ASN1_CONTEXT_SPECIFIC)
+#define GEN_IPADD	(7|V_ASN1_CONTEXT_SPECIFIC)
+#define GEN_RID		(8|V_ASN1_CONTEXT_SPECIFIC)
+
+int type;
+union {
+	char *ptr;
+	ASN1_IA5STRING *ia5;/* rfc822Name, dNSName, uniformResourceIdentifier */
+	ASN1_OCTET_STRING *ip; /* iPAddress */
+	X509_NAME *dirn;		/* dirn */
+	ASN1_OBJECT *rid; /* registeredID */
+	ASN1_TYPE *other; /* otherName, ediPartyName, x400Address */
+} d;
+} GENERAL_NAME;
+
+DECLARE_STACK_OF(GENERAL_NAME)
+DECLARE_ASN1_SET_OF(GENERAL_NAME)
+
+typedef struct DIST_POINT_NAME_st {
+/* NB: this is a CHOICE type and only one of these should be set */
+STACK_OF(GENERAL_NAME) *fullname;
+X509_NAME *relativename;
+} DIST_POINT_NAME;
+
+typedef struct DIST_POINT_st {
+DIST_POINT_NAME	*distpoint;
+ASN1_BIT_STRING *reasons;
+STACK_OF(GENERAL_NAME) *CRLissuer;
+} DIST_POINT;
+
+DECLARE_STACK_OF(DIST_POINT)
+DECLARE_ASN1_SET_OF(DIST_POINT)
+
+typedef struct AUTHORITY_KEYID_st {
+ASN1_OCTET_STRING *keyid;
+STACK_OF(GENERAL_NAME) *issuer;
+ASN1_INTEGER *serial;
+} AUTHORITY_KEYID;
+
+/* Strong extranet structures */
+
+typedef struct SXNET_ID_st {
+	ASN1_INTEGER *zone;
+	ASN1_OCTET_STRING *user;
+} SXNETID;
+
+DECLARE_STACK_OF(SXNETID)
+DECLARE_ASN1_SET_OF(SXNETID)
+
+typedef struct SXNET_st {
+	ASN1_INTEGER *version;
+	STACK_OF(SXNETID) *ids;
+} SXNET;
+
+typedef struct NOTICEREF_st {
+	ASN1_STRING *organization;
+	STACK *noticenos;
+} NOTICEREF;
+
+typedef struct USERNOTICE_st {
+	NOTICEREF *noticeref;
+	ASN1_STRING *exptext;
+} USERNOTICE;
+
+typedef struct POLICYQUALINFO_st {
+	ASN1_OBJECT *pqualid;
+	union {
+		ASN1_IA5STRING *cpsuri;
+		USERNOTICE *usernotice;
+		ASN1_TYPE *other;
+	} d;
+} POLICYQUALINFO;
+
+DECLARE_STACK_OF(POLICYQUALINFO)
+DECLARE_ASN1_SET_OF(POLICYQUALINFO)
+
+typedef struct POLICYINFO_st {
+	ASN1_OBJECT *policyid;
+	STACK_OF(POLICYQUALINFO) *qualifiers;
+} POLICYINFO;
+
+DECLARE_STACK_OF(POLICYINFO)
+DECLARE_ASN1_SET_OF(POLICYINFO)
+
+#define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \
+",name:", val->name, ",value:", val->value);
+
+#define X509V3_set_ctx_test(ctx) \
+			X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
+#define X509V3_set_ctx_nodb(ctx) ctx->db = NULL;
+
+#define EXT_BITSTRING(nid, table) { nid, 0, \
+			(X509V3_EXT_NEW)asn1_bit_string_new, \
+			(X509V3_EXT_FREE)ASN1_STRING_free, \
+			(X509V3_EXT_D2I)d2i_ASN1_BIT_STRING, \
+			(X509V3_EXT_I2D)i2d_ASN1_BIT_STRING, \
+			NULL, NULL, \
+			(X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
+			(X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \
+			NULL, NULL, \
+			(char *)table}
+
+#define EXT_IA5STRING(nid) { nid, 0, \
+			(X509V3_EXT_NEW)ia5string_new, \
+			(X509V3_EXT_FREE)ASN1_STRING_free, \
+			(X509V3_EXT_D2I)d2i_ASN1_IA5STRING, \
+			(X509V3_EXT_I2D)i2d_ASN1_IA5STRING, \
+			(X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \
+			(X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \
+			NULL, NULL, NULL, NULL, \
+			NULL}
+
+#define EXT_END { -1, 0, NULL, NULL, NULL, NULL, NULL, NULL, \
+			 NULL, NULL, NULL, NULL, \
+			 NULL}
+
+void ERR_load_X509V3_strings(void);
+int i2d_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS *a, unsigned char **pp);
+BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a, unsigned char **pp, long length);
+BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new(void);
+void BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a);
+
+int i2d_GENERAL_NAME(GENERAL_NAME *a, unsigned char **pp);
+GENERAL_NAME *d2i_GENERAL_NAME(GENERAL_NAME **a, unsigned char **pp, long length);
+GENERAL_NAME *GENERAL_NAME_new(void);
+void GENERAL_NAME_free(GENERAL_NAME *a);
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret);
+
+int i2d_SXNET(SXNET *a, unsigned char **pp);
+SXNET *d2i_SXNET(SXNET **a, unsigned char **pp, long length);
+SXNET *SXNET_new(void);
+void SXNET_free(SXNET *a);
+
+int i2d_SXNETID(SXNETID *a, unsigned char **pp);
+SXNETID *d2i_SXNETID(SXNETID **a, unsigned char **pp, long length);
+SXNETID *SXNETID_new(void);
+void SXNETID_free(SXNETID *a);
+
+int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen); 
+int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen); 
+int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, int userlen); 
+
+ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone);
+ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone);
+ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone);
+
+int i2d_AUTHORITY_KEYID(AUTHORITY_KEYID *a, unsigned char **pp);
+AUTHORITY_KEYID *d2i_AUTHORITY_KEYID(AUTHORITY_KEYID **a, unsigned char **pp, long length);
+AUTHORITY_KEYID *AUTHORITY_KEYID_new(void);
+void AUTHORITY_KEYID_free(AUTHORITY_KEYID *a);
+
+int i2d_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD *a, unsigned char **pp);
+PKEY_USAGE_PERIOD *d2i_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD **a, unsigned char **pp, long length);
+PKEY_USAGE_PERIOD *PKEY_USAGE_PERIOD_new(void);
+void PKEY_USAGE_PERIOD_free(PKEY_USAGE_PERIOD *a);
+
+STACK_OF(GENERAL_NAME) *GENERAL_NAMES_new(void);
+void GENERAL_NAMES_free(STACK_OF(GENERAL_NAME) *a);
+STACK_OF(GENERAL_NAME) *d2i_GENERAL_NAMES(STACK_OF(GENERAL_NAME) **a, unsigned char **pp, long length);
+int i2d_GENERAL_NAMES(STACK_OF(GENERAL_NAME) *a, unsigned char **pp);
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
+		STACK_OF(GENERAL_NAME) *gen, STACK_OF(CONF_VALUE) *extlist);
+STACK_OF(GENERAL_NAME) *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
+				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+
+char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5);
+ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
+
+int i2d_ext_ku(STACK_OF(ASN1_OBJECT) *a, unsigned char **pp);
+STACK_OF(ASN1_OBJECT) *d2i_ext_ku(STACK_OF(ASN1_OBJECT) **a,
+					unsigned char **pp, long length);
+void ext_ku_free(STACK_OF(ASN1_OBJECT) *a);
+STACK_OF(ASN1_OBJECT) *ext_ku_new(void);
+
+int i2d_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) *a, unsigned char **pp);
+STACK_OF(POLICYINFO) *CERTIFICATEPOLICIES_new(void);
+void CERTIFICATEPOLICIES_free(STACK_OF(POLICYINFO) *a);
+STACK_OF(POLICYINFO) *d2i_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) **a, unsigned char **pp, long length);
+
+int i2d_POLICYINFO(POLICYINFO *a, unsigned char **pp);
+POLICYINFO *POLICYINFO_new(void);
+POLICYINFO *d2i_POLICYINFO(POLICYINFO **a, unsigned char **pp, long length);
+void POLICYINFO_free(POLICYINFO *a);
+
+int i2d_POLICYQUALINFO(POLICYQUALINFO *a, unsigned char **pp);
+POLICYQUALINFO *POLICYQUALINFO_new(void);
+POLICYQUALINFO *d2i_POLICYQUALINFO(POLICYQUALINFO **a, unsigned char **pp,
+								 long length);
+void POLICYQUALINFO_free(POLICYQUALINFO *a);
+
+int i2d_USERNOTICE(USERNOTICE *a, unsigned char **pp);
+USERNOTICE *USERNOTICE_new(void);
+USERNOTICE *d2i_USERNOTICE(USERNOTICE **a, unsigned char **pp, long length);
+void USERNOTICE_free(USERNOTICE *a);
+
+int i2d_NOTICEREF(NOTICEREF *a, unsigned char **pp);
+NOTICEREF *NOTICEREF_new(void);
+NOTICEREF *d2i_NOTICEREF(NOTICEREF **a, unsigned char **pp, long length);
+void NOTICEREF_free(NOTICEREF *a);
+
+int i2d_CRL_DIST_POINTS(STACK_OF(DIST_POINT) *a, unsigned char **pp);
+STACK_OF(DIST_POINT) *CRL_DIST_POINTS_new(void);
+void CRL_DIST_POINTS_free(STACK_OF(DIST_POINT) *a);
+STACK_OF(DIST_POINT) *d2i_CRL_DIST_POINTS(STACK_OF(DIST_POINT) **a,
+                unsigned char **pp,long length);
+
+int i2d_DIST_POINT(DIST_POINT *a, unsigned char **pp);
+DIST_POINT *DIST_POINT_new(void);
+DIST_POINT *d2i_DIST_POINT(DIST_POINT **a, unsigned char **pp, long length);
+void DIST_POINT_free(DIST_POINT *a);
+
+int i2d_DIST_POINT_NAME(DIST_POINT_NAME *a, unsigned char **pp);
+DIST_POINT_NAME *DIST_POINT_NAME_new(void);
+void DIST_POINT_NAME_free(DIST_POINT_NAME *a);
+DIST_POINT_NAME *d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, unsigned char **pp,
+             long length);
+
+#ifdef HEADER_CONF_H
+GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf);
+void X509V3_conf_free(CONF_VALUE *val);
+X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value);
+X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value);
+int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert);
+int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
+int X509V3_add_value_bool_nf(char *name, int asn1_bool,
+						STACK_OF(CONF_VALUE) **extlist);
+int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
+int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
+void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
+#endif
+
+char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
+STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section);
+void X509V3_string_free(X509V3_CTX *ctx, char *str);
+void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
+void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
+				 X509_REQ *req, X509_CRL *crl, int flags);
+
+int X509V3_add_value(const char *name, const char *value,
+						STACK_OF(CONF_VALUE) **extlist);
+int X509V3_add_value_uchar(const char *name, const unsigned char *value,
+						STACK_OF(CONF_VALUE) **extlist);
+int X509V3_add_value_bool(const char *name, int asn1_bool,
+						STACK_OF(CONF_VALUE) **extlist);
+int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
+						STACK_OF(CONF_VALUE) **extlist);
+char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
+ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);
+char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
+char * i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
+int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
+int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);
+int X509V3_EXT_add_alias(int nid_to, int nid_from);
+void X509V3_EXT_cleanup(void);
+
+X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
+X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
+int X509V3_add_standard_extensions(void);
+STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line);
+void *X509V3_EXT_d2i(X509_EXTENSION *ext);
+X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
+
+char *hex_to_string(unsigned char *buffer, long len);
+unsigned char *string_to_hex(char *str, long *len);
+int name_cmp(const char *name, const char *cmp);
+
+void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
+								 int ml);
+int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent);
+int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+/* Error codes for the X509V3 functions. */
+
+/* Function codes. */
+#define X509V3_F_COPY_EMAIL				 122
+#define X509V3_F_COPY_ISSUER				 123
+#define X509V3_F_DO_EXT_CONF				 124
+#define X509V3_F_DO_EXT_I2D				 135
+#define X509V3_F_HEX_TO_STRING				 111
+#define X509V3_F_I2S_ASN1_ENUMERATED			 121
+#define X509V3_F_I2S_ASN1_INTEGER			 120
+#define X509V3_F_NOTICE_SECTION				 132
+#define X509V3_F_NREF_NOS				 133
+#define X509V3_F_POLICY_SECTION				 131
+#define X509V3_F_R2I_CERTPOL				 130
+#define X509V3_F_S2I_ASN1_IA5STRING			 100
+#define X509V3_F_S2I_ASN1_INTEGER			 108
+#define X509V3_F_S2I_ASN1_OCTET_STRING			 112
+#define X509V3_F_S2I_ASN1_SKEY_ID			 114
+#define X509V3_F_S2I_S2I_SKEY_ID			 115
+#define X509V3_F_STRING_TO_HEX				 113
+#define X509V3_F_SXNET_ADD_ASC				 125
+#define X509V3_F_SXNET_ADD_ID_INTEGER			 126
+#define X509V3_F_SXNET_ADD_ID_ULONG			 127
+#define X509V3_F_SXNET_GET_ID_ASC			 128
+#define X509V3_F_SXNET_GET_ID_ULONG			 129
+#define X509V3_F_V2I_ASN1_BIT_STRING			 101
+#define X509V3_F_V2I_AUTHORITY_KEYID			 119
+#define X509V3_F_V2I_BASIC_CONSTRAINTS			 102
+#define X509V3_F_V2I_CRLD				 134
+#define X509V3_F_V2I_EXT_KU				 103
+#define X509V3_F_V2I_GENERAL_NAME			 117
+#define X509V3_F_V2I_GENERAL_NAMES			 118
+#define X509V3_F_V3_GENERIC_EXTENSION			 116
+#define X509V3_F_X509V3_ADD_VALUE			 105
+#define X509V3_F_X509V3_EXT_ADD				 104
+#define X509V3_F_X509V3_EXT_ADD_ALIAS			 106
+#define X509V3_F_X509V3_EXT_CONF			 107
+#define X509V3_F_X509V3_EXT_I2D				 136
+#define X509V3_F_X509V3_GET_VALUE_BOOL			 110
+#define X509V3_F_X509V3_PARSE_LIST			 109
+
+/* Reason codes. */
+#define X509V3_R_BAD_IP_ADDRESS				 118
+#define X509V3_R_BAD_OBJECT				 119
+#define X509V3_R_BN_DEC2BN_ERROR			 100
+#define X509V3_R_BN_TO_ASN1_INTEGER_ERROR		 101
+#define X509V3_R_DUPLICATE_ZONE_ID			 133
+#define X509V3_R_ERROR_CONVERTING_ZONE			 131
+#define X509V3_R_ERROR_IN_EXTENSION			 128
+#define X509V3_R_EXPECTED_A_SECTION_NAME		 137
+#define X509V3_R_EXTENSION_NAME_ERROR			 115
+#define X509V3_R_EXTENSION_NOT_FOUND			 102
+#define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED	 103
+#define X509V3_R_EXTENSION_VALUE_ERROR			 116
+#define X509V3_R_ILLEGAL_HEX_DIGIT			 113
+#define X509V3_R_INVALID_BOOLEAN_STRING			 104
+#define X509V3_R_INVALID_EXTENSION_STRING		 105
+#define X509V3_R_INVALID_NAME				 106
+#define X509V3_R_INVALID_NULL_ARGUMENT			 107
+#define X509V3_R_INVALID_NULL_NAME			 108
+#define X509V3_R_INVALID_NULL_VALUE			 109
+#define X509V3_R_INVALID_NUMBER				 140
+#define X509V3_R_INVALID_NUMBERS			 141
+#define X509V3_R_INVALID_OBJECT_IDENTIFIER		 110
+#define X509V3_R_INVALID_OPTION				 138
+#define X509V3_R_INVALID_POLICY_IDENTIFIER		 134
+#define X509V3_R_INVALID_SECTION			 135
+#define X509V3_R_ISSUER_DECODE_ERROR			 126
+#define X509V3_R_MISSING_VALUE				 124
+#define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS		 142
+#define X509V3_R_NO_CONFIG_DATABASE			 136
+#define X509V3_R_NO_ISSUER_CERTIFICATE			 121
+#define X509V3_R_NO_ISSUER_DETAILS			 127
+#define X509V3_R_NO_POLICY_IDENTIFIER			 139
+#define X509V3_R_NO_PUBLIC_KEY				 114
+#define X509V3_R_NO_SUBJECT_DETAILS			 125
+#define X509V3_R_ODD_NUMBER_OF_DIGITS			 112
+#define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS		 122
+#define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID		 123
+#define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT		 111
+#define X509V3_R_UNKNOWN_EXTENSION			 129
+#define X509V3_R_UNKNOWN_EXTENSION_NAME			 130
+#define X509V3_R_UNKNOWN_OPTION				 120
+#define X509V3_R_UNSUPPORTED_OPTION			 117
+#define X509V3_R_USER_TOO_LONG				 132
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/lib/libssl/src/demos/README b/lib/libssl/src/demos/README
index 769965ab83f..d2155ef9734 100644
--- a/lib/libssl/src/demos/README
+++ b/lib/libssl/src/demos/README
@@ -1,3 +1,9 @@
+NOTE: Don't expect any of these programs to work with current
+OpenSSL releases, or even with later SSLeay releases.
+
+Original README:
+=============================================================================
+
 Some demo programs sent to me by various people
 
 eric
diff --git a/lib/libssl/src/demos/b64.c b/lib/libssl/src/demos/b64.c
index 42abc42d33e..ad86bc9b49a 100644
--- a/lib/libssl/src/demos/b64.c
+++ b/lib/libssl/src/demos/b64.c
@@ -59,13 +59,13 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include "apps.h"
-#include "buffer.h"
-#include "err.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
-#include "pem.h"
+#include "../apps/apps.h"
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 #undef SIZE
 #undef BSIZE
diff --git a/lib/libssl/src/demos/b64.pl b/lib/libssl/src/demos/b64.pl
index dc5d983787d..8aa5fb464d3 100644
--- a/lib/libssl/src/demos/b64.pl
+++ b/lib/libssl/src/demos/b64.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 
 #
 # Make PEM encoded data have lines of 64 bytes of data
diff --git a/lib/libssl/src/demos/bio/Makefile b/lib/libssl/src/demos/bio/Makefile
new file mode 100644
index 00000000000..43515405323
--- /dev/null
+++ b/lib/libssl/src/demos/bio/Makefile
@@ -0,0 +1,16 @@
+CC=cc
+CFLAGS= -g -I../../include
+LIBS= -L../.. ../../libssl.a ../../libcrypto.a
+EXAMPLES=saccept sconnect
+
+all: $(EXAMPLES) 
+
+saccept: saccept.o
+	$(CC) -o saccept saccept.o $(LIBS)
+
+sconnect: sconnect.o
+	$(CC) -o sconnect sconnect.o $(LIBS)
+
+clean:	
+	rm -f $(EXAMPLES) *.o
+
diff --git a/lib/libssl/src/demos/bio/saccept.c b/lib/libssl/src/demos/bio/saccept.c
index 920eab397ca..2f2dc985fe7 100644
--- a/lib/libssl/src/demos/bio/saccept.c
+++ b/lib/libssl/src/demos/bio/saccept.c
@@ -12,8 +12,8 @@
 
 #include <stdio.h>
 #include <signal.h>
-#include "err.h"
-#include "ssl.h"
+#include <openssl/err.h>
+#include <openssl/ssl.h>
 
 #define CERT_FILE	"server.pem"
 
diff --git a/lib/libssl/src/demos/bio/sconnect.c b/lib/libssl/src/demos/bio/sconnect.c
index 8a667f59117..59fab1985e4 100644
--- a/lib/libssl/src/demos/bio/sconnect.c
+++ b/lib/libssl/src/demos/bio/sconnect.c
@@ -9,8 +9,9 @@
  */
 #include <stdio.h>
 #include <stdlib.h>
-#include "err.h"
-#include "ssl.h"
+#include <unistd.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
 
 extern int errno;
 
@@ -48,7 +49,7 @@ char *argv[];
 
 	/* Lets use a connect BIO under the SSL BIO */
 	out=BIO_new(BIO_s_connect());
-	BIO_set_hostname(out,host);
+	BIO_set_conn_hostname(out,host);
 	BIO_set_nbio(out,1);
 	out=BIO_push(ssl_bio,out);
 
diff --git a/lib/libssl/src/demos/maurice/Makefile b/lib/libssl/src/demos/maurice/Makefile
index fa67dcca81b..f9bf62276e8 100644
--- a/lib/libssl/src/demos/maurice/Makefile
+++ b/lib/libssl/src/demos/maurice/Makefile
@@ -1,6 +1,6 @@
 CC=cc
-CFLAGS= -g -I../../include
-LIBS= -L/usr/local/ssl/lib -L../.. -lcrypto
+CFLAGS= -g -I../../include -Wall
+LIBS=  -L../.. -lcrypto
 EXAMPLES=example1 example2 example3 example4
 
 all: $(EXAMPLES) 
@@ -17,7 +17,43 @@ example3: example3.o
 example4: example4.o
 	$(CC) -o example4 example4.o $(LIBS)
 
-	
 clean:	
 	rm -f $(EXAMPLES) *.o
 
+test: all
+	@echo
+	@echo Example 1 Demonstrates the sealing and opening APIs
+	@echo Doing the encrypt side...
+	./example1 <README >t.t
+	@echo Doing the decrypt side...
+	./example1 -d <t.t >t.2
+	diff t.2 README
+	rm -f t.t t.2
+	@echo  example1 is OK
+
+	@echo
+	@echo Example2 Demonstrates rsa encryption and decryption
+	@echo   and it should just print \"This the clear text\"
+	./example2
+
+	@echo
+	@echo Example3 Demonstrates the use of symmetric block ciphers
+	@echo in this case it uses EVP_des_ede3_cbc
+	@echo i.e. triple DES in Cipher Block Chaining mode
+	@echo Doing the encrypt side...
+	./example3 ThisIsThePassword <README >t.t
+	@echo Doing the decrypt side...
+	./example3 -d ThisIsThePassword <t.t >t.2
+	diff t.2 README
+	rm -f t.t t.2
+	@echo  example3 is OK
+
+	@echo
+	@echo Example4 Demonstrates base64 encoding and decoding
+	@echo Doing the encrypt side...
+	./example4 <README >t.t
+	@echo Doing the decrypt side...
+	./example4 -d <t.t >t.2
+	diff t.2 README
+	rm -f t.t t.2
+	@echo example4 is OK
diff --git a/lib/libssl/src/demos/maurice/example1.c b/lib/libssl/src/demos/maurice/example1.c
index 77730d3232e..0e70523a336 100644
--- a/lib/libssl/src/demos/maurice/example1.c
+++ b/lib/libssl/src/demos/maurice/example1.c
@@ -13,13 +13,13 @@
 #include <strings.h>
 #include <stdlib.h>
 
-#include "rsa.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
-#include "err.h"
-#include "pem.h"
-#include "ssl.h"
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
 
 #include "loadkeys.h"
 
diff --git a/lib/libssl/src/demos/maurice/example2.c b/lib/libssl/src/demos/maurice/example2.c
index 99f7b224409..57bce10b5ed 100644
--- a/lib/libssl/src/demos/maurice/example2.c
+++ b/lib/libssl/src/demos/maurice/example2.c
@@ -10,13 +10,13 @@
 #include <stdio.h>
 #include <strings.h>
 
-#include "rsa.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
-#include "err.h"
-#include "pem.h"
-#include "ssl.h"
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
 
 #include "loadkeys.h"
 
@@ -33,7 +33,6 @@ int main()
   	EVP_PKEY *pubKey;
   	EVP_PKEY *privKey;
 	int len;
-	FILE *fp;
 
         ERR_load_crypto_strings();
 
@@ -72,6 +71,5 @@ int main()
 	EVP_PKEY_free(pubKey);
 	free(buf);
 	free(buf2);
+        return 0;
 }
-
-
diff --git a/lib/libssl/src/demos/maurice/example3.c b/lib/libssl/src/demos/maurice/example3.c
index fcaff00c370..c8462a47c37 100644
--- a/lib/libssl/src/demos/maurice/example3.c
+++ b/lib/libssl/src/demos/maurice/example3.c
@@ -8,9 +8,10 @@
 */
 
 #include <stdio.h>
+#include <unistd.h>
 #include <fcntl.h>
 #include <sys/stat.h>
-#include <evp.h>
+#include <openssl/evp.h>
 
 #define STDIN     	0
 #define STDOUT    	1
@@ -47,9 +48,9 @@ void do_cipher(char *pw, int operation)
 {
 	char buf[BUFLEN];
 	char ebuf[BUFLEN + 8];
-	unsigned int ebuflen, rc;
+	unsigned int ebuflen; /* rc; */
         unsigned char iv[EVP_MAX_IV_LENGTH], key[EVP_MAX_KEY_LENGTH];
-	unsigned int ekeylen, net_ekeylen; 
+	/* unsigned int ekeylen, net_ekeylen;  */
 	EVP_CIPHER_CTX ectx;
         
 	memcpy(iv, INIT_VECTOR, sizeof(iv));
@@ -82,5 +83,3 @@ void do_cipher(char *pw, int operation)
 
 	write(STDOUT, ebuf, ebuflen); 
 }
-
-
diff --git a/lib/libssl/src/demos/maurice/example4.c b/lib/libssl/src/demos/maurice/example4.c
index d436a200195..ce629848b74 100644
--- a/lib/libssl/src/demos/maurice/example4.c
+++ b/lib/libssl/src/demos/maurice/example4.c
@@ -8,9 +8,10 @@
 */
 
 #include <stdio.h>
+#include <unistd.h>
 #include <fcntl.h>
 #include <sys/stat.h>
-#include <evp.h>
+#include <openssl/evp.h>
 
 #define STDIN     	0
 #define STDOUT    	1
@@ -44,7 +45,7 @@ void do_encode()
 {
 	char buf[BUFLEN];
 	char ebuf[BUFLEN+24];
-	unsigned int ebuflen, rc;
+	unsigned int ebuflen;
 	EVP_ENCODE_CTX ectx;
         
 	EVP_EncodeInit(&ectx);
@@ -78,7 +79,7 @@ void do_decode()
 {
  	char buf[BUFLEN];
  	char ebuf[BUFLEN+24];
-	unsigned int ebuflen, rc;
+	unsigned int ebuflen;
 	EVP_ENCODE_CTX ectx;
         
 	EVP_DecodeInit(&ectx);
diff --git a/lib/libssl/src/demos/maurice/loadkeys.c b/lib/libssl/src/demos/maurice/loadkeys.c
index 7c89f071f35..0f3464753af 100644
--- a/lib/libssl/src/demos/maurice/loadkeys.c
+++ b/lib/libssl/src/demos/maurice/loadkeys.c
@@ -14,13 +14,13 @@
 #include <strings.h>
 #include <stdlib.h>
 
-#include "rsa.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
-#include "err.h"
-#include "pem.h"
-#include "ssl.h"
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
 
 EVP_PKEY * ReadPublicKey(const char *certfile)
 {
diff --git a/lib/libssl/src/demos/maurice/loadkeys.h b/lib/libssl/src/demos/maurice/loadkeys.h
index e42c6f8dc41..d8fde86eb7f 100644
--- a/lib/libssl/src/demos/maurice/loadkeys.h
+++ b/lib/libssl/src/demos/maurice/loadkeys.h
@@ -10,7 +10,7 @@
 #ifndef LOADKEYS_H_SEEN
 #define LOADKEYS_H_SEEN
 
-#include "evp.h"
+#include <openssl/evp.h>
 
 EVP_PKEY * ReadPublicKey(const char *certfile);
 EVP_PKEY *ReadPrivateKey(const char *keyfile);
diff --git a/lib/libssl/src/demos/prime/Makefile b/lib/libssl/src/demos/prime/Makefile
new file mode 100644
index 00000000000..0166cd46fe4
--- /dev/null
+++ b/lib/libssl/src/demos/prime/Makefile
@@ -0,0 +1,20 @@
+CC=cc
+CFLAGS= -g -I../../include -Wall
+LIBS=  -L../.. -lcrypto
+EXAMPLES=prime
+
+all: $(EXAMPLES) 
+
+prime: prime.o
+	$(CC) -o prime prime.o $(LIBS)
+
+clean:	
+	rm -f $(EXAMPLES) *.o
+
+test: all
+	@echo Test creating a 128-bit prime
+	./prime 128
+	@echo Test creating a 256-bit prime
+	./prime 256
+	@echo Test creating a 512-bit prime
+	./prime 512
diff --git a/lib/libssl/src/demos/prime/prime.c b/lib/libssl/src/demos/prime/prime.c
index e4a17765bb2..103e0efc0cd 100644
--- a/lib/libssl/src/demos/prime/prime.c
+++ b/lib/libssl/src/demos/prime/prime.c
@@ -57,7 +57,8 @@
  */
 
 #include <stdio.h>
-#include "bn.h"    
+#include <stdlib.h>
+#include <openssl/bn.h>    
 
 void callback(type,num)
 int type,num;
@@ -87,8 +88,8 @@ char *argv[];
 		}
 
 	fprintf(stderr,"generate a strong prime\n");
-	rand=BN_generate_prime(num,1,NULL,NULL,callback);
-	/* change the second parameter to 1 for a strong prime */
+        rand=BN_generate_prime(NULL,num,1,NULL,NULL,callback,NULL);
+	/* change the third parameter to 1 for a strong prime */
 	fprintf(stderr,"\n");
 
 	BN_print_fp(stdout,rand);           
diff --git a/lib/libssl/src/demos/selfsign.c b/lib/libssl/src/demos/selfsign.c
index 72146fc068e..f4a83693528 100644
--- a/lib/libssl/src/demos/selfsign.c
+++ b/lib/libssl/src/demos/selfsign.c
@@ -4,13 +4,9 @@
 #include <stdio.h>
 #include <stdlib.h>
 
-#include "buffer.h"
-#include "crypto.h"
-#include "objects.h"
-#include "asn1.h"
-#include "evp.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/pem.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
 
 int mkit(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);
 
@@ -22,7 +18,7 @@ int main()
 
 	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
 
-	X509v3_add_netscape_extensions();
+	X509V3_add_standard_extensions();
 
 	if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 		BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
@@ -39,7 +35,7 @@ int main()
 	EVP_PKEY_free(pkey);
 	BIO_free(bio_err);
 
-	X509_cleanup_extensions();
+	X509V3_EXT_cleanup();
 
 	CRYPTO_mem_leaks(bio_err);
 	return(0);
@@ -53,9 +49,10 @@ int main()
 #  define MS_FAR
 #endif
 
-static void MS_CALLBACK callback(p, n)
+static void MS_CALLBACK callback(p, n, arg)
 int p;
 int n;
+void *arg;
 	{
 	char c='B';
 
@@ -76,11 +73,9 @@ int days;
 	X509 *x;
 	EVP_PKEY *pk;
 	RSA *rsa;
-	char *s;
 	X509_NAME *name=NULL;
 	X509_NAME_ENTRY *ne=NULL;
 	X509_EXTENSION *ex=NULL;
-	ASN1_OCTET_STRING *data=NULL;
 
 	
 	if ((pkeyp == NULL) || (*pkeyp == NULL))
@@ -102,7 +97,7 @@ int days;
 	else
 		x= *x509p;
 
-	rsa=RSA_generate_key(bits,RSA_F4,callback);
+	rsa=RSA_generate_key(bits,RSA_F4,callback,NULL);
 	if (!EVP_PKEY_assign_RSA(pk,rsa))
 		{
 		abort();
@@ -135,24 +130,33 @@ int days;
 	/* finished with structure */
 	X509_NAME_free(name);
 
-	data=X509v3_pack_string(NULL,V_ASN1_BIT_STRING,
-		"\001",1);
-	ex=X509_EXTENSION_create_by_NID(NULL,NID_netscape_cert_type,0,data);
+	/* Add extension using V3 code: we can set the config file as NULL
+	 * because we wont reference any other sections. We can also set
+         * the context to NULL because none of these extensions below will need
+	 * to access it.
+	 */
+
+	ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_cert_type, "server");
 	X509_add_ext(x,ex,-1);
 
-	X509v3_pack_string(&data,V_ASN1_IA5STRING,
-		"example comment extension",-1);
-	X509_EXTENSION_create_by_NID(&ex,NID_netscape_comment,0,data);
+	ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_comment,
+						"example comment extension");
 	X509_add_ext(x,ex,-1);
 
-	X509v3_pack_string(&data,V_ASN1_BIT_STRING,
-		"www.cryptsoft.com",-1);
-	X509_EXTENSION_create_by_NID(&ex,NID_netscape_ssl_server_name,0,data);
+	ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_ssl_server_name,
+							"www.openssl.org");
+
 	X509_add_ext(x,ex,-1);
-	
-	X509_EXTENSION_free(ex);
-	ASN1_OCTET_STRING_free(data);
 
+#if 0
+	/* might want something like this too.... */
+	ex = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,
+							"critical,CA:TRUE");
+
+
+	X509_add_ext(x,ex,-1);
+#endif
+	
 	if (!X509_sign(x,pk,EVP_md5()))
 		goto err;
 
@@ -162,7 +166,3 @@ int days;
 err:
 	return(0);
 	}
-			 
-
-
-
diff --git a/lib/libssl/src/demos/sign/Makefile b/lib/libssl/src/demos/sign/Makefile
new file mode 100644
index 00000000000..e6d391e4ada
--- /dev/null
+++ b/lib/libssl/src/demos/sign/Makefile
@@ -0,0 +1,15 @@
+CC=cc
+CFLAGS= -g -I../../include -Wall
+LIBS=  -L../.. -lcrypto
+EXAMPLES=sign
+
+all: $(EXAMPLES) 
+
+sign: sign.o
+	$(CC) -o sign sign.o $(LIBS)
+
+clean:	
+	rm -f $(EXAMPLES) *.o
+
+test: all
+	./sign
diff --git a/lib/libssl/src/demos/sign/sign.c b/lib/libssl/src/demos/sign/sign.c
index 5cbce3cdc52..0fdf0de387d 100644
--- a/lib/libssl/src/demos/sign/sign.c
+++ b/lib/libssl/src/demos/sign/sign.c
@@ -61,16 +61,20 @@
 
 /* converted to C - eay :-) */
 
+/* reformated a bit and converted to use the more common functions: this was
+ * initially written at the dawn of time :-) - Steve.
+ */
+
 #include <stdio.h>
-#include "rsa.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
-#include "err.h"
-#include "pem.h"
-#include "ssl.h"
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
 
-void main ()
+int main ()
 {
   int err;
   int sig_len;
@@ -90,48 +94,60 @@ void main ()
   
   /* Read private key */
   
-  fp = fopen (keyfile, "r");   if (fp == NULL) exit (1);
-  pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey,
-				   PEM_STRING_EVP_PKEY,
-				   fp,
-				   NULL, NULL);
-  if (pkey == NULL) {  ERR_print_errors_fp (stderr);    exit (1);  }
+  fp = fopen (keyfile, "r");
+  if (fp == NULL) exit (1);
+  pkey = PEM_read_PrivateKey(fp, NULL, NULL);
   fclose (fp);
+
+  if (pkey == NULL) { 
+	ERR_print_errors_fp (stderr);
+	exit (1);
+  }
   
   /* Do the signature */
   
-  EVP_SignInit   (&md_ctx, EVP_md5());
+  EVP_SignInit   (&md_ctx, EVP_sha1());
   EVP_SignUpdate (&md_ctx, data, strlen(data));
   sig_len = sizeof(sig_buf);
-  err = EVP_SignFinal (&md_ctx,
-		       sig_buf, 
-		       &sig_len,
-		       pkey);
-  if (err != 1) {  ERR_print_errors_fp (stderr);    exit (1);  }
+  err = EVP_SignFinal (&md_ctx, sig_buf, &sig_len, pkey);
+
+  if (err != 1) {
+	ERR_print_errors_fp(stderr);
+	exit (1);
+  }
+
   EVP_PKEY_free (pkey);
   
   /* Read public key */
   
-  fp = fopen (certfile, "r");   if (fp == NULL) exit (1);
-  x509 = (X509 *)PEM_ASN1_read ((char *(*)())d2i_X509,
-				   PEM_STRING_X509,
-				   fp, NULL, NULL);
-  if (x509 == NULL) {  ERR_print_errors_fp (stderr);    exit (1);  }
+  fp = fopen (certfile, "r");
+  if (fp == NULL) exit (1);
+  x509 = PEM_read_X509(fp, NULL, NULL);
   fclose (fp);
+
+  if (x509 == NULL) {
+	ERR_print_errors_fp (stderr);
+	exit (1);
+  }
   
   /* Get public key - eay */
-  pkey=X509_extract_key(x509);
-  if (pkey == NULL) {  ERR_print_errors_fp (stderr);    exit (1);  }
+  pkey=X509_get_pubkey(x509);
+  if (pkey == NULL) {
+	ERR_print_errors_fp (stderr);
+	exit (1);
+  }
 
   /* Verify the signature */
   
-  EVP_VerifyInit   (&md_ctx, EVP_md5());
+  EVP_VerifyInit   (&md_ctx, EVP_sha1());
   EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data));
-  err = EVP_VerifyFinal (&md_ctx,
-			 sig_buf,
-			 sig_len,
-			 pkey);
-  if (err != 1) {  ERR_print_errors_fp (stderr);    exit (1);  }
+  err = EVP_VerifyFinal (&md_ctx, sig_buf, sig_len, pkey);
   EVP_PKEY_free (pkey);
+
+  if (err != 1) {
+	ERR_print_errors_fp (stderr);
+	exit (1);
+  }
   printf ("Signature Verified Ok.\n");
+  return(0);
 }
diff --git a/lib/libssl/src/demos/spkigen.c b/lib/libssl/src/demos/spkigen.c
index 01fe6254f22..d87881197c5 100644
--- a/lib/libssl/src/demos/spkigen.c
+++ b/lib/libssl/src/demos/spkigen.c
@@ -6,12 +6,12 @@
  */
 #include <stdio.h>
 #include <stdlib.h>
-#include "err.h"
-#include "asn1.h"
-#include "objects.h"
-#include "evp.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/err.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 /* The following two don't exist in SSLeay but they are in here as
  * examples */
diff --git a/lib/libssl/src/demos/ssl/cli.cpp b/lib/libssl/src/demos/ssl/cli.cpp
index f52a9c025bb..b3d726961f5 100644
--- a/lib/libssl/src/demos/ssl/cli.cpp
+++ b/lib/libssl/src/demos/ssl/cli.cpp
@@ -1,6 +1,10 @@
 /* cli.cpp  -  Minimal ssleay client for Unix
    30.9.1996, Sampo Kellomaki <sampo@iki.fi> */
 
+/* mangled to work with SSLeay-0.9.0b and OpenSSL 0.9.2b
+   Simplified to be even more minimal
+   12/98 - 4/99 Wade Scholine <wades@mail.cybg.com> */
+
 #include <stdio.h>
 #include <memory.h>
 #include <errno.h>
@@ -11,11 +15,12 @@
 #include <netdb.h>
 
 #include "rsa.h"       /* SSLeay stuff */
-#include "crypto.h"
-#include "x509.h"
-#include "pem.h"
-#include "ssl.h"
-#include "err.h"
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
 
 #define CHK_NULL(x) if ((x)==NULL) exit (1)
 #define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }
@@ -31,9 +36,14 @@ void main ()
   X509*    server_cert;
   char*    str;
   char     buf [4096];
+  SSL_METHOD *meth;
 
+  SSLeay_add_ssl_algorithms();
+  meth = SSLv2_client_method();
   SSL_load_error_strings();
-  ctx = SSL_CTX_new ();                        CHK_NULL(ctx);
+  ctx = SSL_CTX_new (meth);                        CHK_NULL(ctx);
+
+  CHK_SSL(err);
   
   /* ----------------------------------------------- */
   /* Create a socket and connect to server using normal socket calls. */
@@ -67,12 +77,12 @@ void main ()
   server_cert = SSL_get_peer_certificate (ssl);       CHK_NULL(server_cert);
   printf ("Server certificate:\n");
   
-  str = X509_NAME_oneline (X509_get_subject_name (server_cert));
+  str = X509_NAME_oneline (X509_get_subject_name (server_cert),0,0);
   CHK_NULL(str);
   printf ("\t subject: %s\n", str);
   Free (str);
 
-  str = X509_NAME_oneline (X509_get_issuer_name  (server_cert));
+  str = X509_NAME_oneline (X509_get_issuer_name  (server_cert),0,0);
   CHK_NULL(str);
   printf ("\t issuer: %s\n", str);
   Free (str);
@@ -87,11 +97,10 @@ void main ()
 
   err = SSL_write (ssl, "Hello World!", strlen("Hello World!"));  CHK_SSL(err);
   
-  shutdown (sd, 1);  /* Half close, send EOF to server. */
-  
   err = SSL_read (ssl, buf, sizeof(buf) - 1);                     CHK_SSL(err);
   buf[err] = '\0';
   printf ("Got %d chars:'%s'\n", err, buf);
+  SSL_shutdown (ssl);  /* send SSL/TLS close_notify */
 
   /* Clean up. */
 
diff --git a/lib/libssl/src/demos/ssl/inetdsrv.cpp b/lib/libssl/src/demos/ssl/inetdsrv.cpp
index b09c8b6e0bb..5b092272106 100644
--- a/lib/libssl/src/demos/ssl/inetdsrv.cpp
+++ b/lib/libssl/src/demos/ssl/inetdsrv.cpp
@@ -8,11 +8,11 @@
 #include <errno.h>
 
 #include "rsa.h"       /* SSLeay stuff */
-#include "crypto.h"
-#include "x509.h"
-#include "pem.h"
-#include "ssl.h"
-#include "err.h"
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
 
 #define HOME "/usr/users/sampo/demo/"
 #define CERTF HOME "plain-cert.pem"
diff --git a/lib/libssl/src/demos/ssl/serv.cpp b/lib/libssl/src/demos/ssl/serv.cpp
index 8681f2f22bf..aec610d0189 100644
--- a/lib/libssl/src/demos/ssl/serv.cpp
+++ b/lib/libssl/src/demos/ssl/serv.cpp
@@ -1,7 +1,14 @@
 /* serv.cpp  -  Minimal ssleay server for Unix
    30.9.1996, Sampo Kellomaki <sampo@iki.fi> */
 
+
+/* mangled to work with SSLeay-0.9.0b and OpenSSL 0.9.2b
+   Simplified to be even more minimal
+   12/98 - 4/99 Wade Scholine <wades@mail.cybg.com> */
+
 #include <stdio.h>
+#include <unistd.h>
+#include <stdlib.h>
 #include <memory.h>
 #include <errno.h>
 #include <sys/types.h>
@@ -10,16 +17,20 @@
 #include <arpa/inet.h>
 #include <netdb.h>
 
-#include "rsa.h"       /* SSLeay stuff */
-#include "crypto.h"
-#include "x509.h"
-#include "pem.h"
-#include "ssl.h"
-#include "err.h"
+#include <openssl/rsa.h>       /* SSLeay stuff */
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+
+/* define HOME to be dir for key and cert files... */
+#define HOME "./"
+/* Make these what you want for cert & key files */
+#define CERTF  HOME "foo-cert.pem"
+#define KEYF  HOME  "foo-cert.pem"
 
-#define HOME "/usr/users/sampo/sibs/tim/"
-#define CERTF HOME "plain-cert.pem"
-#define KEYF  HOME "plain-key.pem"
 
 #define CHK_NULL(x) if ((x)==NULL) exit (1)
 #define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }
@@ -32,24 +43,39 @@ void main ()
   int sd;
   struct sockaddr_in sa_serv;
   struct sockaddr_in sa_cli;
-  int client_len;
+  size_t client_len;
   SSL_CTX* ctx;
   SSL*     ssl;
   X509*    client_cert;
   char*    str;
   char     buf [4096];
-
+  SSL_METHOD *meth;
+  
   /* SSL preliminaries. We keep the certificate and key with the context. */
 
   SSL_load_error_strings();
-  ctx = SSL_CTX_new ();   CHK_NULL(ctx);
-  
-  err = SSL_CTX_use_RSAPrivateKey_file (ctx, KEYF,  SSL_FILETYPE_PEM);
-  CHK_SSL(err);
-  
-  err = SSL_CTX_use_certificate_file   (ctx, CERTF, SSL_FILETYPE_PEM);
-  CHK_SSL(err);
+  SSLeay_add_ssl_algorithms();
+  meth = SSLv23_server_method();
+  ctx = SSL_CTX_new (meth);
+  if (!ctx) {
+    ERR_print_errors_fp(stderr);
+    exit(2);
+  }
   
+  if (SSL_CTX_use_certificate_file(ctx, CERTF, SSL_FILETYPE_PEM) <= 0) {
+    ERR_print_errors_fp(stderr);
+    exit(3);
+  }
+  if (SSL_CTX_use_PrivateKey_file(ctx, KEYF, SSL_FILETYPE_PEM) <= 0) {
+    ERR_print_errors_fp(stderr);
+    exit(4);
+  }
+
+  if (!SSL_CTX_check_private_key(ctx)) {
+    fprintf(stderr,"Private key does not match the certificate public key\n");
+    exit(5);
+  }
+
   /* ----------------------------------------------- */
   /* Prepare TCP socket for receiving connections */
 
@@ -92,12 +118,12 @@ void main ()
   if (client_cert != NULL) {
     printf ("Client certificate:\n");
     
-    str = X509_NAME_oneline (X509_get_subject_name (client_cert));
+    str = X509_NAME_oneline (X509_get_subject_name (client_cert), 0, 0);
     CHK_NULL(str);
     printf ("\t subject: %s\n", str);
     Free (str);
     
-    str = X509_NAME_oneline (X509_get_issuer_name  (client_cert));
+    str = X509_NAME_oneline (X509_get_issuer_name  (client_cert), 0, 0);
     CHK_NULL(str);
     printf ("\t issuer: %s\n", str);
     Free (str);
diff --git a/lib/libssl/src/dep/files b/lib/libssl/src/dep/files
index 8c5550c37c9..85cd7a3ff93 100644
--- a/lib/libssl/src/dep/files
+++ b/lib/libssl/src/dep/files
@@ -538,18 +538,10 @@
 ./apps/rsa.c			APPS
 ./apps/sess_id.c		APPS
 ./apps/s_apps.h			APPS
-./apps/s_args.c			APPS
-./apps/s_cache.c		APPS
 ./apps/s_cb.c			APPS
 ./apps/s_client.c		APPS
-./apps/s_eio.c			APPS
-./apps/s_eio.h			APPS
-./apps/s_filter.c		APPS
-./apps/s_filter.h		APPS
 ./apps/s_server.c		APPS
 ./apps/s_socket.c		APPS
-./apps/s_state.c		APPS
-./apps/s_state.h		APPS
 ./apps/s_time.c			APPS
 ./apps/testdsa.h		APPS
 ./apps/testrsa.h		APPS
diff --git a/lib/libssl/src/dep/gen.pl b/lib/libssl/src/dep/gen.pl
index 35490f27947..8ab6db5c532 100644
--- a/lib/libssl/src/dep/gen.pl
+++ b/lib/libssl/src/dep/gen.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 
 require 'getopts.pl';
 
diff --git a/lib/libssl/src/doc/API.doc b/lib/libssl/src/doc/API.doc
deleted file mode 100644
index fe2820259a3..00000000000
--- a/lib/libssl/src/doc/API.doc
+++ /dev/null
@@ -1,24 +0,0 @@
-SSL - SSLv2/v3/v23 etc.
-
-BIO - methods and how they plug together
-
-MEM - memory allocation callback
-
-CRYPTO - locking for threads
-
-EVP - Ciphers/Digests/signatures
-
-RSA - methods
-
-X509 - certificate retrieval
-
-X509 - validation
-
-X509 - X509v3 extensions
-
-Objects - adding object identifiers
-
-ASN.1 - parsing
-
-PEM - parsing
-
diff --git a/lib/libssl/src/doc/README b/lib/libssl/src/doc/README
new file mode 100644
index 00000000000..a9a588262a0
--- /dev/null
+++ b/lib/libssl/src/doc/README
@@ -0,0 +1,10 @@
+
+ openssl.pod ..... Documentation of OpenSSL `openssl' command
+ crypto.pod ...... Documentation of OpenSSL crypto.h+libcrypto.a
+ ssl.pod ......... Documentation of OpenSSL ssl.h+libssl.a
+ ssleay.txt ...... Assembled documentation files of ancestor SSLeay [obsolete]
+ openssl.txt ..... Assembled documentation files for OpenSSL [not final]
+
+ An archive of HTML documents for the SSLeay library is available from
+ http://www.columbia.edu/~ariel/ssleay/
+
diff --git a/lib/libssl/src/doc/a_verify.doc b/lib/libssl/src/doc/a_verify.doc
deleted file mode 100644
index 06eec17c2b8..00000000000
--- a/lib/libssl/src/doc/a_verify.doc
+++ /dev/null
@@ -1,85 +0,0 @@
-From eay@mincom.com Fri Oct  4 18:29:06 1996
-Received: by orb.mincom.oz.au id AA29080
-  (5.65c/IDA-1.4.4 for eay); Fri, 4 Oct 1996 08:29:07 +1000
-Date: Fri, 4 Oct 1996 08:29:06 +1000 (EST)
-From: Eric Young <eay@mincom.oz.au>
-X-Sender: eay@orb
-To: wplatzer <wplatzer@iaik.tu-graz.ac.at>
-Cc: Eric Young <eay@mincom.oz.au>, SSL Mailing List <ssl-users@mincom.com>
-Subject: Re: Netscape's Public Key
-In-Reply-To: <19961003134837.NTM0049@iaik.tu-graz.ac.at>
-Message-Id: <Pine.SOL.3.91.961004081346.8018K-100000@orb>
-Mime-Version: 1.0
-Content-Type: TEXT/PLAIN; charset=US-ASCII
-Status: RO
-X-Status: 
-
-On Thu, 3 Oct 1996, wplatzer wrote:
-> I get Public Key from Netscape (Gold 3.0b4), but cannot do anything
-> with it... It looks like (asn1parse):
-> 
-> 0:d=0 hl=3 l=180 cons: SEQUENCE
-> 3:d=1 hl=2 l= 96 cons: SEQUENCE
-> 5:d=2 hl=2 l= 92 cons: SEQUENCE
-> 7:d=3 hl=2 l= 13 cons: SEQUENCE
-> 9:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption
-> 20:d=4 hl=2 l= 0 prim: NULL
-> 22:d=3 hl=2 l= 75 prim: BIT STRING
-> 99:d=2 hl=2 l= 0 prim: IA5STRING :
-> 101:d=1 hl=2 l= 13 cons: SEQUENCE
-> 103:d=2 hl=2 l= 9 prim: OBJECT :md5withRSAEncryption
-> 114:d=2 hl=2 l= 0 prim: NULL
-> 116:d=1 hl=2 l= 65 prim: BIT STRING
-> 
-> The first BIT STRING is the public key and the second BIT STRING is 
-> the signature.
-> But a public key consists of the public exponent and the modulus. Are 
-> both numbers in the first BIT STRING?
-> Is there a document simply describing this coding stuff (checking 
-> signature, get the public key, etc.)?
-
-Minimal in SSLeay.  If you want to see what the modulus and exponent are,
-try asn1parse -offset 25 -length 75 <key.pem
-asn1parse will currently stuff up on the 'length 75' part (fixed in next 
-release) but it will print the stuff.  If you are after more 
-documentation on ASN.1, have a look at www.rsa.com and get their PKCS 
-documents, most of my initial work on SSLeay was done using them.
-
-As for SSLeay,
-util/crypto.num and util/ssl.num are lists of all exported functions in 
-the library (but not macros :-(.
-
-The ones for extracting public keys from certificates and certificate 
-requests are EVP_PKEY *      X509_REQ_extract_key(X509_REQ *req);
-EVP_PKEY *      X509_extract_key(X509 *x509);
-
-To verify a signature on a signed ASN.1 object
-int X509_verify(X509 *a,EVP_PKEY *key);
-int X509_REQ_verify(X509_REQ *a,EVP_PKEY *key);
-int X509_CRL_verify(X509_CRL *a,EVP_PKEY *key);
-int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a,EVP_PKEY *key);
-
-I should mention that EVP_PKEY can be used to hold a public or a private key,
-since for  things like RSA and DSS, a public key is just a subset of what 
-is stored for the private key.
-
-To sign any of the above structures
-
-int X509_sign(X509 *a,EVP_PKEY *key,EVP_MD *md);
-int X509_REQ_sign(X509_REQ *a,EVP_PKEY *key,EVP_MD *md);
-int X509_CRL_sign(X509_CRL *a,EVP_PKEY *key,EVP_MD *md);
-int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *a,EVP_PKEY *key,EVP_MD *md);
-
-where md is the message digest to sign with.
-
-There are all defined in x509.h and all the _sign and _verify functions are
-actually macros to the ASN1_sign() and ASN1_verify() functions.
-These functions will put the correct algorithm identifiers in the correct 
-places in the structures.
-
-eric
---
-Eric Young                  | BOOL is tri-state according to Bill Gates.
-AARNet: eay@mincom.oz.au    | RTFM Win32 GetMessage().
-
-
diff --git a/lib/libssl/src/doc/apps.doc b/lib/libssl/src/doc/apps.doc
deleted file mode 100644
index a2a4e0de72d..00000000000
--- a/lib/libssl/src/doc/apps.doc
+++ /dev/null
@@ -1,53 +0,0 @@
-The applications
-
-Ok, where to begin....
-In the begining, when SSLeay was small (April 1995), there
-were but few applications, they did happily cohabit in
-the one bin directory.  Then over time, they did multiply and grow,
-and they started to look like microsoft software; 500k to print 'hello world'.
-A new approach was needed.  They were coalessed into one 'Monolithic'
-application, ssleay.  This one program is composed of many programs that
-can all be compiled independantly.
-
-ssleay has 3 modes of operation.
-1) If the ssleay binaray has the name of one of its component programs, it
-executes that program and then exits.  This can be achieve by using hard or
-symbolic links, or failing that, just renaming the binary.
-2) If the first argument to ssleay is the name of one of the component
-programs, that program runs that program and then exits.
-3) If there are no arguments, ssleay enters a 'command' mode.  Each line is
-interpreted as a program name plus arguments.  After each 'program' is run,
-ssleay returns to the comand line.
-
-dgst	- message digests
-enc	- encryption and base64 encoding
-
-ans1parse - 'pulls' appart ASN.1 encoded objects like certificates.
-
-dh	- Diffle-Hellman parameter manipulation.
-rsa	- RSA manipulations.
-crl	- Certificate revokion list manipulations
-x509	- X509 cert fiddles, including signing.
-pkcs7	- pkcs7 manipulation, only DER versions right now.
-
-genrsa	- generate an RSA private key.
-gendh	- Generate a set of Diffle-Hellman parameters.
-req	- Generate a PKCS#10 object, a certificate request.
-
-s_client - SSL client program
-s_server - SSL server program
-s_time	 - A SSL protocol timing program
-s_mult	 - Another SSL server, but it multiplexes
-	   connections.
-s_filter - under development
-
-errstr	- Convert SSLeay error numbers to strings.
-ca	- Sign certificate requests, and generate
-	  certificate revokion lists
-crl2pkcs7 - put a crl and certifcates into a pkcs7 object.
-speed	- Benchmark the ciphers.
-verify	- Check certificates
-hashdir - under development
-
-[ there a now a few more options, play with the program to see what they
-  are ]
diff --git a/lib/libssl/src/doc/asn1.doc b/lib/libssl/src/doc/asn1.doc
deleted file mode 100644
index fdad17c05c1..00000000000
--- a/lib/libssl/src/doc/asn1.doc
+++ /dev/null
@@ -1,401 +0,0 @@
-The ASN.1 Routines.
-
-ASN.1 is a specification for how to encode structured 'data' in binary form.
-The approach I have take to the manipulation of structures and their encoding
-into ASN.1 is as follows.
-
-For each distinct structure there are 4 function of the following form
-TYPE *TYPE_new(void);
-void TYPE_free(TYPE *);
-TYPE *d2i_TYPE(TYPE **a,unsigned char **pp,long length);
-long i2d_TYPE(TYPE *a,unsigned char **pp); 	/* CHECK RETURN VALUE */
-
-where TYPE is the type of the 'object'.  The TYPE that have these functions
-can be in one of 2 forms, either the internal C malloc()ed data structure
-or in the DER (a variant of ASN.1 encoding) binary encoding which is just
-an array of unsigned bytes.  The 'i2d' functions converts from the internal
-form to the DER form and the 'd2i' functions convert from the DER form to
-the internal form.
-
-The 'new' function returns a malloc()ed version of the structure with all
-substructures either created or left as NULL pointers.  For 'optional'
-fields, they are normally left as NULL to indicate no value.  For variable
-size sub structures (often 'SET OF' or 'SEQUENCE OF' in ASN.1 syntax) the
-STACK data type is used to hold the values.  Have a read of stack.doc
-and have a look at the relevant header files to see what I mean.  If there
-is an error while malloc()ing the structure, NULL is returned.
-
-The 'free' function will free() all the sub components of a particular
-structure.  If any of those sub components have been 'removed', replace
-them with NULL pointers, the 'free' functions are tolerant of NULL fields.
-
-The 'd2i' function copies a binary representation into a C structure.  It
-operates as follows.  'a' is a pointer to a pointer to
-the structure to populate, 'pp' is a pointer to a pointer to where the DER
-byte string is located and 'length' is the length of the '*pp' data.
-If there are no errors, a pointer to the populated structure is returned.
-If there is an error, NULL is returned.  Errors can occur because of
-malloc() failures but normally they will be due to syntax errors in the DER
-encoded data being parsed. It is also an error if there was an
-attempt to read more that 'length' bytes from '*p'.  If
-everything works correctly, the value in '*p' is updated
-to point at the location just beyond where the DER
-structure was read from.  In this way, chained calls to 'd2i' type
-functions can be made, with the pointer into the 'data' array being
-'walked' along the input byte array.
-Depending on the value passed for 'a', different things will be done.  If
-'a' is NULL, a new structure will be malloc()ed and returned.  If '*a' is
-NULL, a new structure will be malloc()ed and put into '*a' and returned.
-If '*a' is not NULL, the structure in '*a' will be populated, or in the
-case of an error, free()ed and then returned.
-Having these semantics means that a structure
-can call a 'd2i' function to populate a field and if the field is currently
-NULL, the structure will be created.
-
-The 'i2d' function type is used to copy a C structure to a byte array.
-The parameter 'a' is the structure to convert and '*p' is where to put it.
-As for the 'd2i' type structure, 'p' is updated to point after the last
-byte written.  If p is NULL, no data is written.  The function also returns
-the number of bytes written.  Where this becomes useful is that if the
-function is called with a NULL 'p' value, the length is returned.  This can
-then be used to malloc() an array of bytes and then the same function can
-be recalled passing the malloced array to be written to. e.g.
-
-int len;
-unsigned char *bytes,*p;
-len=i2d_X509(x,NULL);	/* get the size of the ASN1 encoding of 'x' */
-if ((bytes=(unsigned char *)malloc(len)) == NULL)
-	goto err;
-p=bytes;
-i2d_X509(x,&p);
-
-Please note that a new variable, 'p' was passed to i2d_X509.  After the
-call to i2d_X509 p has been incremented by len bytes.
-
-Now the reason for this functional organisation is that it allows nested
-structures to be built up by calling these functions as required.  There
-are various macros used to help write the general 'i2d', 'd2i', 'new' and
-'free' functions.  They are discussed in another file and would only be
-used by some-one wanting to add new structures to the library.  As you
-might be able to guess, the process of writing ASN.1 files can be a bit CPU
-expensive for complex structures.  I'm willing to live with this since the
-simpler library code make my life easier and hopefully most programs using
-these routines will have their execution profiles dominated by cipher or
-message digest routines.
-What follows is a list of 'TYPE' values and the corresponding ASN.1
-structure and where it is used.
-
-TYPE			ASN.1
-ASN1_INTEGER		INTEGER
-ASN1_BIT_STRING		BIT STRING
-ASN1_OCTET_STRING	OCTET STRING
-ASN1_OBJECT		OBJECT IDENTIFIER
-ASN1_PRINTABLESTRING	PrintableString
-ASN1_T61STRING		T61String
-ASN1_IA5STRING		IA5String
-ASN1_UTCTIME		UTCTime
-ASN1_TYPE		Any of the above mentioned types plus SEQUENCE and SET
-
-Most of the above mentioned types are actualled stored in the
-ASN1_BIT_STRING type and macros are used to differentiate between them.
-The 3 types used are
-
-typedef struct asn1_object_st
-	{
-	/* both null if a dynamic ASN1_OBJECT, one is
-	 * defined if a 'static' ASN1_OBJECT */
-	char *sn,*ln;
-	int nid;
-	int length;
-	unsigned char *data;
-	} ASN1_OBJECT;
-This is used to store ASN1 OBJECTS.  Read 'objects.doc' for details ono
-routines to manipulate this structure.  'sn' and 'ln' are used to hold text
-strings that represent the object (short name and long or lower case name).
-These are used by the 'OBJ' library.  'nid' is a number used by the OBJ
-library to uniquely identify objects.  The ASN1 routines will populate the
-'length' and 'data' fields which will contain the bit string representing
-the object.
-
-typedef struct asn1_bit_string_st
-	{
-	int length;
-	int type;
-	unsigned char *data;
-	} ASN1_BIT_STRING;
-This structure is used to hold all the other base ASN1 types except for
-ASN1_UTCTIME (which is really just a 'char *').  Length is the number of
-bytes held in data and type is the ASN1 type of the object (there is a list
-in asn1.h).
-
-typedef struct asn1_type_st
-	{
-	int type;
-	union	{
-		char *ptr;
-		ASN1_INTEGER *		integer;
-		ASN1_BIT_STRING *	bit_string;
-		ASN1_OCTET_STRING *	octet_string;
-		ASN1_OBJECT *		object;
-		ASN1_PRINTABLESTRING *	printablestring;
-		ASN1_T61STRING *	t61string;
-		ASN1_IA5STRING *	ia5string;
-		ASN1_UTCTIME *		utctime;
-		ASN1_BIT_STRING *	set;
-		ASN1_BIT_STRING *	sequence;
-		} value;
-	} ASN1_TYPE;
-This structure is used in a few places when 'any' type of object can be
-expected.
-
-X509			Certificate
-X509_CINF		CertificateInfo
-X509_ALGOR		AlgorithmIdentifier
-X509_NAME		Name			
-X509_NAME_ENTRY		A single sub component of the name.
-X509_VAL		Validity
-X509_PUBKEY		SubjectPublicKeyInfo
-The above mentioned types are declared in x509.h. They are all quite
-straight forward except for the X509_NAME/X509_NAME_ENTRY pair.
-A X509_NAME is a STACK (see stack.doc) of X509_NAME_ENTRY's.
-typedef struct X509_name_entry_st
-	{
-	ASN1_OBJECT *object;
-	ASN1_BIT_STRING *value;
-	int set;
-	int size; 	/* temp variable */
-	} X509_NAME_ENTRY;
-The size is a temporary variable used by i2d_NAME and set is the set number
-for the particular NAME_ENTRY.  A X509_NAME is encoded as a sequence of
-sequence of sets.  Normally each set contains only a single item.
-Sometimes it contains more.  Normally throughout this library there will be
-only one item per set.  The set field contains the 'set' that this entry is
-a member of.  So if you have just created a X509_NAME structure and
-populated it with X509_NAME_ENTRYs, you should then traverse the X509_NAME
-(which is just a STACK) and set the 'set/' field to incrementing numbers.
-For more details on why this is done, read the ASN.1 spec for Distinguished
-Names.
-
-X509_REQ		CertificateRequest
-X509_REQ_INFO		CertificateRequestInfo
-These are used to hold certificate requests.
-
-X509_CRL		CertificateRevocationList
-These are used to hold a certificate revocation list
-
-RSAPrivateKey		PrivateKeyInfo
-RSAPublicKey		PublicKeyInfo
-Both these 'function groups' operate on 'RSA' structures (see rsa.doc).
-The difference is that the RSAPublicKey operations only manipulate the m
-and e fields in the RSA structure.
-
-DSAPrivateKey		DSS private key
-DSAPublicKey		DSS public key
-Both these 'function groups' operate on 'DSS' structures (see dsa.doc).
-The difference is that the RSAPublicKey operations only manipulate the 
-XXX fields in the DSA structure.
-
-DHparams		DHParameter
-This is used to hold the p and g value for The Diffie-Hellman operation.
-The function deal with the 'DH' strucure (see dh.doc).
-
-Now all of these function types can be used with several other functions to give
-quite useful set of general manipulation routines.  Normally one would
-not uses these functions directly but use them via macros. 
-
-char *ASN1_dup(int (*i2d)(),char *(*d2i)(),char *x);
-'x' is the input structure case to a 'char *', 'i2d' is the 'i2d_TYPE'
-function for the type that 'x' is and d2i is the 'd2i_TYPE' function for the
-type that 'x' is.  As is obvious from the parameters, this function
-duplicates the strucutre by transforming it into the DER form and then
-re-loading it into a new strucutre and returning the new strucutre.  This
-is obviously a bit cpu intensive but when faced with a complex dynamic
-structure this is the simplest programming approach.  There are macros for
-duplicating the major data types but is simple to add extras.
-
-char *ASN1_d2i_fp(char *(*new)(),char *(*d2i)(),FILE *fp,unsigned char **x);
-'x' is a pointer to a pointer of the 'desired type'.  new and d2i are the
-corresponding 'TYPE_new' and 'd2i_TYPE' functions for the type and 'fp' is
-an open file pointer to read from.  This function reads from 'fp' as much
-data as it can and then uses 'd2i' to parse the bytes to load and return
-the parsed strucutre in 'x' (if it was non-NULL) and to actually return the
-strucutre.  The behavior of 'x' is as per all the other d2i functions.
-
-char *ASN1_d2i_bio(char *(*new)(),char *(*d2i)(),BIO *fp,unsigned char **x);
-The 'BIO' is the new IO type being used in SSLeay (see bio.doc).  This
-function is the same as ASN1_d2i_fp() except for the BIO argument.
-ASN1_d2i_fp() actually calls this function.
-
-int ASN1_i2d_fp(int (*i2d)(),FILE *out,unsigned char *x);
-'x' is converted to bytes by 'i2d' and then written to 'out'.  ASN1_i2d_fp
-and ASN1_d2i_fp are not really symetric since ASN1_i2d_fp will read all
-available data from the file pointer before parsing a single item while
-ASN1_i2d_fp can be used to write a sequence of data objects.  To read a
-series of objects from a file I would sugest loading the file into a buffer
-and calling the relevent 'd2i' functions.
-
-char *ASN1_d2i_bio(char *(*new)(),char *(*d2i)(),BIO *fp,unsigned char **x);
-This function is the same as ASN1_i2d_fp() except for the BIO argument.
-ASN1_i2d_fp() actually calls this function.
-
-char *	PEM_ASN1_read(char *(*d2i)(),char *name,FILE *fp,char **x,int (*cb)());
-This function will read the next PEM encoded (base64) object of the same
-type as 'x' (loaded by the d2i function).  'name' is the name that is in
-the '-----BEGIN name-----' that designates the start of that object type.
-If the data is encrypted, 'cb' will be called to prompt for a password.  If
-it is NULL a default function will be used to prompt from the password.
-'x' is delt with as per the standard 'd2i' function interface.  This
-function can be used to read a series of objects from a file.  While any
-data type can be encrypted (see PEM_ASN1_write) only RSA private keys tend
-to be encrypted.
-
-char *	PEM_ASN1_read_bio(char *(*d2i)(),char *name,BIO *fp,
-	char **x,int (*cb)());
-Same as PEM_ASN1_read() except using a BIO.  This is called by
-PEM_ASN1_read().
-
-int	PEM_ASN1_write(int (*i2d)(),char *name,FILE *fp,char *x,EVP_CIPHER *enc,
-		unsigned char *kstr,int klen,int (*callback)());
-
-int	PEM_ASN1_write_bio(int (*i2d)(),char *name,BIO *fp,
-		char *x,EVP_CIPHER *enc,unsigned char *kstr,int klen,
-		int (*callback)());
-
-int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
-	ASN1_BIT_STRING *signature, char *data, RSA *rsa, EVP_MD *type);
-int ASN1_verify(int (*i2d)(), X509_ALGOR *algor1,
-	ASN1_BIT_STRING *signature,char *data, RSA *rsa);
-
-int ASN1_BIT_STRING_cmp(ASN1_BIT_STRING *a, ASN1_BIT_STRING *b);
-ASN1_BIT_STRING *ASN1_BIT_STRING_type_new(int type );
-
-int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
-void ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a);
-ASN1_UTCTIME *ASN1_UTCTIME_dup(ASN1_UTCTIME *a);
-
-ASN1_BIT_STRING *d2i_asn1_print_type(ASN1_BIT_STRING **a,unsigned char **pp,
-		long length,int type);
-
-int		i2d_ASN1_SET(STACK *a, unsigned char **pp,
-			int (*func)(), int ex_tag, int ex_class);
-STACK *		d2i_ASN1_SET(STACK **a, unsigned char **pp, long length,
-			char *(*func)(), int ex_tag, int ex_class);
-
-int i2a_ASN1_OBJECT(BIO *bp,ASN1_OBJECT *object);
-int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
-int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size);
-
-int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
-long ASN1_INTEGER_get(ASN1_INTEGER *a);
-ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai);
-BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai,BIGNUM *bn);
-
-/* given a string, return the correct type.  Max is the maximum number
- * of bytes to parse.  It stops parsing when 'max' bytes have been
- * processed or a '\0' is hit */
-int ASN1_PRINTABLE_type(unsigned char *s,int max);
-
-void ASN1_parse(BIO *fp,unsigned char *pp,long len);
-
-int i2d_ASN1_bytes(ASN1_BIT_STRING *a, unsigned char **pp, int tag, int class);
-ASN1_BIT_STRING *d2i_ASN1_bytes(ASN1_OCTET_STRING **a, unsigned char **pp,
-	long length, int Ptag, int Pclass);
-
-/* PARSING */
-int asn1_Finish(ASN1_CTX *c);
-
-/* SPECIALS */
-int ASN1_get_object(unsigned char **pp, long *plength, int *ptag,
-	int *pclass, long omax);
-int ASN1_check_infinite_end(unsigned char **p,long len);
-void ASN1_put_object(unsigned char **pp, int constructed, int length,
-	int tag, int class);
-int ASN1_object_size(int constructed, int length, int tag);
-
-X509 *	X509_get_cert(CERTIFICATE_CTX *ctx,X509_NAME * name,X509 *tmp_x509);
-int  	X509_add_cert(CERTIFICATE_CTX *ctx,X509 *);
-
-char *	X509_cert_verify_error_string(int n);
-int 	X509_add_cert_file(CERTIFICATE_CTX *c,char *file, int type);
-char *	X509_gmtime (char *s, long adj);
-int	X509_add_cert_dir (CERTIFICATE_CTX *c,char *dir, int type);
-int	X509_load_verify_locations (CERTIFICATE_CTX *ctx,
-		char *file_env, char *dir_env);
-int	X509_set_default_verify_paths(CERTIFICATE_CTX *cts);
-X509 *	X509_new_D2i_X509(int len, unsigned char *p);
-char *	X509_get_default_cert_area(void );
-char *	X509_get_default_cert_dir(void );
-char *	X509_get_default_cert_file(void );
-char *	X509_get_default_cert_dir_env(void );
-char *	X509_get_default_cert_file_env(void );
-char *	X509_get_default_private_dir(void );
-X509_REQ *X509_X509_TO_req(X509 *x, RSA *rsa);
-int	X509_cert_verify(CERTIFICATE_CTX *ctx,X509 *xs, int (*cb)()); 
-
-CERTIFICATE_CTX *CERTIFICATE_CTX_new();
-void CERTIFICATE_CTX_free(CERTIFICATE_CTX *c);
-
-void X509_NAME_print(BIO *fp, X509_NAME *name, int obase);
-int		X509_print_fp(FILE *fp,X509 *x);
-int		X509_print(BIO *fp,X509 *x);
-
-X509_INFO *	X509_INFO_new(void);
-void		X509_INFO_free(X509_INFO *a);
-
-char *		X509_NAME_oneline(X509_NAME *a);
-
-#define X509_verify(x,rsa)
-#define X509_REQ_verify(x,rsa)
-#define X509_CRL_verify(x,rsa)
-
-#define X509_sign(x,rsa,md)
-#define X509_REQ_sign(x,rsa,md)
-#define X509_CRL_sign(x,rsa,md)
-
-#define X509_dup(x509)
-#define d2i_X509_fp(fp,x509)
-#define i2d_X509_fp(fp,x509)
-#define d2i_X509_bio(bp,x509)
-#define i2d_X509_bio(bp,x509)
-
-#define X509_CRL_dup(crl)
-#define d2i_X509_CRL_fp(fp,crl)
-#define i2d_X509_CRL_fp(fp,crl)
-#define d2i_X509_CRL_bio(bp,crl)
-#define i2d_X509_CRL_bio(bp,crl)
-
-#define X509_REQ_dup(req)
-#define d2i_X509_REQ_fp(fp,req)
-#define i2d_X509_REQ_fp(fp,req)
-#define d2i_X509_REQ_bio(bp,req)
-#define i2d_X509_REQ_bio(bp,req)
-
-#define RSAPrivateKey_dup(rsa)
-#define d2i_RSAPrivateKey_fp(fp,rsa)
-#define i2d_RSAPrivateKey_fp(fp,rsa)
-#define d2i_RSAPrivateKey_bio(bp,rsa)
-#define i2d_RSAPrivateKey_bio(bp,rsa)
-
-#define X509_NAME_dup(xn)
-#define X509_NAME_ENTRY_dup(ne)
-
-void X509_REQ_print_fp(FILE *fp,X509_REQ *req);
-void X509_REQ_print(BIO *fp,X509_REQ *req);
-
-RSA *X509_REQ_extract_key(X509_REQ *req);
-RSA *X509_extract_key(X509 *x509);
-
-int		X509_issuer_and_serial_cmp(X509 *a, X509 *b);
-unsigned long	X509_issuer_and_serial_hash(X509 *a);
-
-X509_NAME *	X509_get_issuer_name(X509 *a);
-int		X509_issuer_name_cmp(X509 *a, X509 *b);
-unsigned long	X509_issuer_name_hash(X509 *a);
-
-X509_NAME *	X509_get_subject_name(X509 *a);
-int		X509_subject_name_cmp(X509 *a,X509 *b);
-unsigned long	X509_subject_name_hash(X509 *x);
-
-int		X509_NAME_cmp (X509_NAME *a, X509_NAME *b);
-unsigned long	X509_NAME_hash(X509_NAME *x);
-
diff --git a/lib/libssl/src/doc/bio.doc b/lib/libssl/src/doc/bio.doc
deleted file mode 100644
index 545a57cdff9..00000000000
--- a/lib/libssl/src/doc/bio.doc
+++ /dev/null
@@ -1,423 +0,0 @@
-BIO Routines
-
-This documentation is rather sparse, you are probably best 
-off looking at the code for specific details.
-
-The BIO library is a IO abstraction that was originally 
-inspired by the need to have callbacks to perform IO to FILE 
-pointers when using Windows 3.1 DLLs.  There are two types 
-of BIO; a source/sink type and a filter type.
-The source/sink methods are as follows:
--	BIO_s_mem()  memory buffer - a read/write byte array that
-	grows until memory runs out :-).
--	BIO_s_file()  FILE pointer - A wrapper around the normal 
-	'FILE *' commands, good for use with stdin/stdout.
--	BIO_s_fd()  File descriptor - A wrapper around file 
-	descriptors, often used with pipes.
--	BIO_s_socket()  Socket - Used around sockets.  It is 
-	mostly in the Microsoft world that sockets are different 
-	from file descriptors and there are all those ugly winsock 
-	commands.
--	BIO_s_null()  Null - read nothing and write nothing.; a 
-	useful endpoint for filter type BIO's specifically things 
-	like the message digest BIO.
-
-The filter types are
--	BIO_f_buffer()  IO buffering - does output buffering into 
-	larger chunks and performs input buffering to allow gets() 
-	type functions.
--	BIO_f_md()  Message digest - a transparent filter that can 
-	be asked to return a message digest for the data that has 
-	passed through it.
--	BIO_f_cipher()  Encrypt or decrypt all data passing 
-	through the filter.
--	BIO_f_base64()  Base64 decode on read and encode on write.
--	BIO_f_ssl()  A filter that performs SSL encryption on the 
-	data sent through it.
-
-Base BIO functions.
-The BIO library has a set of base functions that are 
-implemented for each particular type.  Filter BIOs will 
-normally call the equivalent function on the source/sink BIO 
-that they are layered on top of after they have performed 
-some modification to the data stream.  Multiple filter BIOs 
-can be 'push' into a stack of modifers, so to read from a 
-file, unbase64 it, then decrypt it, a BIO_f_cipher, 
-BIO_f_base64 and a BIO_s_file would probably be used.  If a 
-sha-1 and md5 message digest needed to be generated, a stack 
-two BIO_f_md() BIOs and a BIO_s_null() BIO could be used.
-The base functions are
--	BIO *BIO_new(BIO_METHOD *type); Create  a new BIO of  type 'type'.
--	int BIO_free(BIO *a); Free a BIO structure.  Depending on 
-	the configuration, this will free the underlying data 
-	object for a source/sink BIO.
--	int BIO_read(BIO *b, char *data, int len); Read upto 'len' 
-	bytes into 'data'. 
--	int BIO_gets(BIO *bp,char *buf, int size); Depending on 
-	the BIO, this can either be a 'get special' or a get one 
-	line of data, as per fgets();
--	int BIO_write(BIO *b, char *data, int len); Write 'len' 
-	bytes from 'data' to the 'b' BIO.
--	int BIO_puts(BIO *bp,char *buf); Either a 'put special' or 
-	a write null terminated string as per fputs().
--	long BIO_ctrl(BIO *bp,int cmd,long larg,char *parg);  A 
-	control function which is used to manipulate the BIO 
-	structure and modify it's state and or report on it.  This 
-	function is just about never used directly, rather it 
-	should be used in conjunction with BIO_METHOD specific 
-	macros.
--	BIO *BIO_push(BIO *new_top, BIO *old); new_top is apped to the
-	top of the 'old' BIO list.  new_top should be a filter BIO.
-	All writes will go through 'new_top' first and last on read.
-	'old' is returned.
--	BIO *BIO_pop(BIO *bio); the new topmost BIO is returned, NULL if
-	there are no more.
-
-If a particular low level BIO method is not supported 
-(normally BIO_gets()), -2 will be returned if that method is 
-called.  Otherwise the IO methods (read, write, gets, puts) 
-will return the number of bytes read or written, and 0 or -1 
-for error (or end of input).  For the -1 case, 
-BIO_should_retry(bio) can be called to determine if it was a 
-genuine error or a temporary problem.  -2 will also be 
-returned if the BIO has not been initalised yet, in all 
-cases, the correct error codes are set (accessible via the 
-ERR library).
-
-
-The following functions are convenience functions:
--	int BIO_printf(BIO *bio, char * format, ..);  printf but 
-	to a BIO handle.
--	long BIO_ctrl_int(BIO *bp,int cmd,long larg,int iarg); a 
-	convenience function to allow a different argument types 
-	to be passed to BIO_ctrl().
--	int BIO_dump(BIO *b,char *bytes,int len); output 'len' 
-	bytes from 'bytes' in a hex dump debug format.
--	long BIO_debug_callback(BIO *bio, int cmd, char *argp, int 
-	argi, long argl, long ret) - a default debug BIO callback, 
-	this is mentioned below.  To use this one normally has to 
-	use the BIO_set_callback_arg() function to assign an 
-	output BIO for the callback to use.
--	BIO *BIO_find_type(BIO *bio,int type); when there is a 'stack'
-	of BIOs, this function scan the list and returns the first
-	that is of type 'type', as listed in buffer.h under BIO_TYPE_XXX.
--	void BIO_free_all(BIO *bio); Free the bio and all other BIOs
-	in the list.  It walks the bio->next_bio list.
-
-
-
-Extra commands are normally implemented as macros calling BIO_ctrl().
--	BIO_number_read(BIO *bio) - the number of bytes processed 
-	by BIO_read(bio,.).
--	BIO_number_written(BIO *bio) - the number of bytes written 
-	by BIO_write(bio,.).
--	BIO_reset(BIO *bio) - 'reset' the BIO.
--	BIO_eof(BIO *bio) - non zero if we are at the current end 
-	of input.
--	BIO_set_close(BIO *bio, int close_flag) - set the close flag.
--	BIO_get_close(BIO *bio) - return the close flag.
-	BIO_pending(BIO *bio) - return the number of bytes waiting 
-	to be read (normally buffered internally).
--	BIO_flush(BIO *bio) - output any data waiting to be output.
--	BIO_should_retry(BIO *io) - after a BIO_read/BIO_write 
-	operation returns 0 or -1, a call to this function will 
-	return non zero if you should retry the call later (this 
-	is for non-blocking IO).
--	BIO_should_read(BIO *io) - we should retry when data can 
-	be read.
--	BIO_should_write(BIO *io) - we should retry when data can 
-	be written.
--	BIO_method_name(BIO *io) - return a string for the method name.
--	BIO_method_type(BIO *io) - return the unique ID of the BIO method.
--	BIO_set_callback(BIO *io,  long (*callback)(BIO *io, int 
-	cmd, char *argp, int argi, long argl, long ret); - sets 
-	the debug callback.
--	BIO_get_callback(BIO *io) - return the assigned function 
-	as mentioned above.
--	BIO_set_callback_arg(BIO *io, char *arg)  - assign some 
-	data against the BIO.  This is normally used by the debug 
-	callback but could in reality be used for anything.  To 
-	get an idea of how all this works, have a look at the code 
-	in the default debug callback mentioned above.  The 
-	callback can modify the return values.
-
-Details of the BIO_METHOD structure.
-typedef struct bio_method_st
-        {
-	int type;
-	char *name;
-	int (*bwrite)();
-	int (*bread)();
-	int (*bputs)();
-	int (*bgets)();
-	long (*ctrl)();
-	int (*create)();
-	int (*destroy)();
-	} BIO_METHOD;
-
-The 'type' is the numeric type of the BIO, these are listed in buffer.h;
-'Name' is a textual representation of the BIO 'type'.
-The 7 function pointers point to the respective function 
-methods, some of which can be NULL if not implemented.
-The BIO structure
-typedef struct bio_st
-	{
-	BIO_METHOD *method;
-	long (*callback)(BIO * bio, int mode, char *argp, int 
-		argi, long argl, long ret);
-	char *cb_arg; /* first argument for the callback */
-	int init;
-	int shutdown;
-	int flags;      /* extra storage */
-	int num;
-	char *ptr;
-	struct bio_st *next_bio; /* used by filter BIOs */
-	int references;
-	unsigned long num_read;
-	unsigned long num_write;
-	} BIO;
-
--	'Method' is the BIO method.
--	'callback', when configured, is called before and after 
-	each BIO method is called for that particular BIO.  This 
-	is intended primarily for debugging and of informational feedback.
--	'init' is 0 when the BIO can be used for operation.  
-	Often, after a BIO is created, a number of operations may 
-	need to be performed before it is available for use.  An 
-	example is for BIO_s_sock().  A socket needs to be 
-	assigned to the BIO before it can be used.
--	'shutdown', this flag indicates if the underlying 
-	comunication primative being used should be closed/freed 
-	when the BIO is closed.
--	'flags' is used to hold extra state.  It is primarily used 
-	to hold information about why a non-blocking operation 
-	failed and to record startup protocol information for the 
-	SSL BIO.
--	'num' and 'ptr' are used to hold instance specific state 
-	like file descriptors or local data structures.
--	'next_bio' is used by filter BIOs to hold the pointer of the
-	next BIO in the chain. written data is sent to this BIO and
-	data read is taken from it.
--	'references' is used to indicate the number of pointers to 
-	this structure.  This needs to be '1' before a call to 
-	BIO_free() is made if the BIO_free() function is to 
-	actually free() the structure, otherwise the reference 
-	count is just decreased.  The actual BIO subsystem does 
-	not really use this functionality but it is useful when 
-	used in more advanced applicaion.
--	num_read and num_write are the total number of bytes 
-	read/written via the 'read()' and 'write()' methods.
-
-BIO_ctrl operations.
-The following is the list of standard commands passed as the 
-second parameter to BIO_ctrl() and should be supported by 
-all BIO as best as possible.  Some are optional, some are 
-manditory, in any case, where is makes sense, a filter BIO 
-should pass such requests to underlying BIO's.
--	BIO_CTRL_RESET	- Reset the BIO back to an initial state.
--	BIO_CTRL_EOF	- return 0 if we are not at the end of input, 
-	non 0 if we are.
--	BIO_CTRL_INFO	- BIO specific special command, normal
-	information return.
--	BIO_CTRL_SET	- set IO specific parameter.
--	BIO_CTRL_GET	- get IO specific parameter.
--	BIO_CTRL_GET_CLOSE - Get the close on BIO_free() flag, one 
-	of BIO_CLOSE or BIO_NOCLOSE.
--	BIO_CTRL_SET_CLOSE - Set the close on BIO_free() flag.
--	BIO_CTRL_PENDING - Return the number of bytes available 
-	for instant reading
--	BIO_CTRL_FLUSH	- Output pending data, return number of bytes output.
--	BIO_CTRL_SHOULD_RETRY - After an IO error (-1 returned) 
-	should we 'retry' when IO is possible on the underlying IO object.
--	BIO_CTRL_RETRY_TYPE - What kind of IO are we waiting on.
-
-The following command is a special BIO_s_file() specific option.
--	BIO_CTRL_SET_FILENAME - specify a file to open for IO.
-
-The BIO_CTRL_RETRY_TYPE needs a little more explanation.  
-When performing non-blocking IO, or say reading on a memory 
-BIO, when no data is present (or cannot be written), 
-BIO_read() and/or BIO_write() will return -1.  
-BIO_should_retry(bio) will return true if this is due to an 
-IO condition rather than an actual error.  In the case of 
-BIO_s_mem(), a read when there is no data will return -1 and 
-a should retry when there is more 'read' data.
-The retry type is deduced from 2 macros
-BIO_should_read(bio) and BIO_should_write(bio).
-Now while it may appear obvious that a BIO_read() failure 
-should indicate that a retry should be performed when more 
-read data is available, this is often not true when using 
-things like an SSL BIO.  During the SSL protocol startup 
-multiple reads and writes are performed, triggered by any 
-SSL_read or SSL_write.
-So to write code that will transparently handle either a 
-socket or SSL BIO,
-	i=BIO_read(bio,..)
-	if (I == -1)
-		{
-		if (BIO_should_retry(bio))
-			{
-			if (BIO_should_read(bio))
-				{
-				/* call us again when BIO can be read */
-				}
-			if (BIO_should_write(bio))
-				{
-				/* call us again when BIO can be written */
-				}
-			}
-		}
-
-At this point in time only read and write conditions can be 
-used but in the future I can see the situation for other 
-conditions, specifically with SSL there could be a condition 
-of a X509 certificate lookup taking place and so the non-
-blocking BIO_read would require a retry when the certificate 
-lookup subsystem has finished it's lookup.  This is all 
-makes more sense and is easy to use in a event loop type 
-setup.
-When using the SSL BIO, either SSL_read() or SSL_write()s 
-can be called during the protocol startup and things will 
-still work correctly.
-The nice aspect of the use of the BIO_should_retry() macro 
-is that all the errno codes that indicate a non-fatal error 
-are encapsulated in one place.  The Windows specific error 
-codes and WSAGetLastError() calls are also hidden from the 
-application.
-
-Notes on each BIO method.
-Normally buffer.h is just required but depending on the 
-BIO_METHOD, ssl.h or evp.h will also be required.
-
-BIO_METHOD *BIO_s_mem(void);
--	BIO_set_mem_buf(BIO *bio, BUF_MEM *bm, int close_flag) - 
-	set the underlying BUF_MEM structure for the BIO to use.
--	BIO_get_mem_ptr(BIO *bio, char **pp) - if pp is not NULL, 
-	set it to point to the memory array and return the number 
-	of bytes available.
-A read/write BIO.  Any data written is appended to the 
-memory array and any read is read from the front.  This BIO 
-can be used for read/write at the same time. BIO_gets() is 
-supported in the fgets() sense.
-BIO_CTRL_INFO can be used to retrieve pointers to the memory 
-buffer and it's length.
-
-BIO_METHOD *BIO_s_file(void);
--	BIO_set_fp(BIO *bio, FILE *fp, int close_flag) - set 'FILE *' to use.
--	BIO_get_fp(BIO *bio, FILE **fp) - get the 'FILE *' in use.
--	BIO_read_filename(BIO *bio, char *name) - read from file.
--	BIO_write_filename(BIO *bio, char *name) - write to file.
--	BIO_append_filename(BIO *bio, char *name) - append to file.
-This BIO sits over the normal system fread()/fgets() type 
-functions. Gets() is supported.  This BIO in theory could be 
-used for read and write but it is best to think of each BIO 
-of this type as either a read or a write BIO, not both.
-
-BIO_METHOD *BIO_s_socket(void);
-BIO_METHOD *BIO_s_fd(void);
--	BIO_sock_should_retry(int i) - the underlying function 
-	used to determine if a call should be retried; the 
-	argument is the '0' or '-1' returned by the previous BIO 
-	operation.
--	BIO_fd_should_retry(int i) - same as the 
--	BIO_sock_should_retry() except that it is different internally.
--	BIO_set_fd(BIO *bio, int fd, int close_flag) - set the 
-	file descriptor to use
--	BIO_get_fd(BIO *bio, int *fd) - get the file descriptor.
-These two methods are very similar.  Gets() is not 
-supported, if you want this functionality, put a 
-BIO_f_buffer() onto it.  This BIO is bi-directional if the 
-underlying file descriptor is.  This is normally the case 
-for sockets but not the case for stdio descriptors.
-
-BIO_METHOD *BIO_s_null(void);
-Read and write as much data as you like, it all disappears 
-into this BIO.
-
-BIO_METHOD *BIO_f_buffer(void);
--	BIO_get_buffer_num_lines(BIO *bio) - return the number of 
-	complete lines in the buffer.
--	BIO_set_buffer_size(BIO *bio, long size) - set the size of 
-	the buffers.
-This type performs input and output buffering.  It performs 
-both at the same time.  The size of the buffer can be set 
-via the set buffer size option.  Data buffered for output is 
-only written when the buffer fills.
-
-BIO_METHOD *BIO_f_ssl(void);
--	BIO_set_ssl(BIO *bio, SSL *ssl, int close_flag) - the SSL 
-	structure to use.
--	BIO_get_ssl(BIO *bio, SSL **ssl) - get the SSL structure 
-	in use.
-The SSL bio is a little different from normal BIOs because 
-the underlying SSL structure is a little different.  A SSL 
-structure performs IO via a read and write BIO.  These can 
-be different and are normally set via the
-SSL_set_rbio()/SSL_set_wbio() calls.  The SSL_set_fd() calls 
-are just wrappers that create socket BIOs and then call 
-SSL_set_bio() where the read and write BIOs are the same.  
-The BIO_push() operation makes the SSLs IO BIOs the same, so 
-make sure the BIO pushed is capable of two directional 
-traffic.  If it is not, you will have to install the BIOs 
-via the more conventional SSL_set_bio() call.  BIO_pop() will retrieve
-the 'SSL read' BIO.
-
-BIO_METHOD *BIO_f_md(void);
--	BIO_set_md(BIO *bio, EVP_MD *md) - set the message digest 
-	to use.
--	BIO_get_md(BIO *bio, EVP_MD **mdp) - return the digest 
-	method in use in mdp, return 0 if not set yet.
--	BIO_reset() reinitializes the digest (EVP_DigestInit()) 
-	and passes the reset to the underlying BIOs.
-All data read or written via BIO_read() or BIO_write() to 
-this BIO will be added to the calculated digest.  This 
-implies that this BIO is only one directional.  If read and 
-write operations are performed, two separate BIO_f_md() BIOs 
-are reuqired to generate digests on both the input and the 
-output.  BIO_gets(BIO *bio, char *md, int size) will place the 
-generated digest into 'md' and return the number of bytes.  
-The EVP_MAX_MD_SIZE should probably be used to size the 'md' 
-array.  Reading the digest will also reset it.
-
-BIO_METHOD *BIO_f_cipher(void);
--	BIO_reset() reinitializes the cipher.
--	BIO_flush() should be called when the last bytes have been 
-	output to flush the final block of block ciphers.
--	BIO_get_cipher_status(BIO *b), when called after the last 
-	read from a cipher BIO, returns non-zero if the data 
-	decrypted correctly, otherwise, 0.
--	BIO_set_cipher(BIO *b, EVP_CIPHER *c, unsigned char *key, 
-	unsigned char *iv, int encrypt)   This function is used to 
-	setup a cipher BIO.  The length of key and iv are 
-	specified by the choice of EVP_CIPHER.  Encrypt is 1 to 
-	encrypt and 0 to decrypt.
-
-BIO_METHOD *BIO_f_base64(void);
--	BIO_flush() should be called when the last bytes have been output.
-This BIO base64 encodes when writing and base64 decodes when 
-reading.  It will scan the input until a suitable begin line 
-is found.  After reading data, BIO_reset() will reset the 
-BIO to start scanning again.  Do not mix reading and writing 
-on the same base64 BIO.  It is meant as a single stream BIO.
-
-Directions	type
-both		BIO_s_mem()
-one/both	BIO_s_file()
-both		BIO_s_fd()
-both		BIO_s_socket() 
-both		BIO_s_null()
-both		BIO_f_buffer()
-one		BIO_f_md()  
-one		BIO_f_cipher()  
-one		BIO_f_base64()  
-both		BIO_f_ssl()
-
-It is easy to mix one and two directional BIOs, all one has 
-to do is to keep two separate BIO pointers for reading and 
-writing and be careful about usage of underlying BIOs.  The 
-SSL bio by it's very nature has to be two directional but 
-the BIO_push() command will push the one BIO into the SSL 
-BIO for both reading and writing.
-
-The best example program to look at is apps/enc.c and/or perhaps apps/dgst.c.
-
diff --git a/lib/libssl/src/doc/blowfish.doc b/lib/libssl/src/doc/blowfish.doc
deleted file mode 100644
index 8a7f425b32f..00000000000
--- a/lib/libssl/src/doc/blowfish.doc
+++ /dev/null
@@ -1,146 +0,0 @@
-The Blowfish library.
-
-Blowfish is a block cipher that operates on 64bit (8 byte) quantities.  It
-uses variable size key, but 128bit (16 byte) key would normally be considered
-good.  It can be used in all the modes that DES can be used.  This
-library implements the ecb, cbc, cfb64, ofb64 modes.
-
-Blowfish is quite a bit faster that DES, and much faster than IDEA or
-RC2.  It is one of the faster block ciphers.
-
-For all calls that have an 'input' and 'output' variables, they can be the
-same.
-
-This library requires the inclusion of 'blowfish.h'.
-
-All of the encryption functions take what is called an BF_KEY as an 
-argument.  An BF_KEY is an expanded form of the Blowfish key.
-For all modes of the Blowfish algorithm, the BF_KEY used for
-decryption is the same one that was used for encryption.
-
-The define BF_ENCRYPT is passed to specify encryption for the functions
-that require an encryption/decryption flag. BF_DECRYPT is passed to
-specify decryption.
-
-Please note that any of the encryption modes specified in my DES library
-could be used with Blowfish.  I have only implemented ecb, cbc, cfb64 and
-ofb64 for the following reasons.
-- ecb is the basic Blowfish encryption.
-- cbc is the normal 'chaining' form for block ciphers.
-- cfb64 can be used to encrypt single characters, therefore input and output
-  do not need to be a multiple of 8.
-- ofb64 is similar to cfb64 but is more like a stream cipher, not as
-  secure (not cipher feedback) but it does not have an encrypt/decrypt mode.
-- If you want triple Blowfish, thats 384 bits of key and you must be totally
-  obsessed with security.  Still, if you want it, it is simple enough to
-  copy the function from the DES library and change the des_encrypt to
-  BF_encrypt; an exercise left for the paranoid reader :-).
-
-The functions are as follows:
-
-void BF_set_key(
-BF_KEY *ks;
-int len;
-unsigned char *key;
-        BF_set_key converts an 'len' byte key into a BF_KEY.
-        A 'ks' is an expanded form of the 'key' which is used to
-        perform actual encryption.  It can be regenerated from the Blowfish key
-        so it only needs to be kept when encryption or decryption is about
-        to occur.  Don't save or pass around BF_KEY's since they
-        are CPU architecture dependent, 'key's are not.  Blowfish is an
-	interesting cipher in that it can be used with a variable length
-	key.  'len' is the length of 'key' to be used as the key.
-	A 'len' of 16 is recomended by me, but blowfish can use upto
-	72 bytes.  As a warning, blowfish has a very very slow set_key
-	function, it actually runs BF_encrypt 521 times.
-	
-void BF_encrypt(unsigned long *data, BF_KEY *key);
-void BF_decrypt(unsigned long *data, BF_KEY *key);
-	These are the Blowfish encryption function that gets called by just
-	about every other Blowfish routine in the library.  You should not
-	use this function except to implement 'modes' of Blowfish.
-	I say this because the
-	functions that call this routine do the conversion from 'char *' to
-	long, and this needs to be done to make sure 'non-aligned' memory
-	access do not occur.
-	Data is a pointer to 2 unsigned long's and key is the
-	BF_KEY to use. 
-
-void BF_ecb_encrypt(
-unsigned char *in,
-unsigned char *out,
-BF_KEY *key,
-int encrypt);
-	This is the basic Electronic Code Book form of Blowfish (in DES this
-	mode is called Electronic Code Book so I'm going to use the term
-	for blowfish as well.
-	Input is encrypted into output using the key represented by
-	key.  Depending on the encrypt, encryption or
-	decryption occurs.  Input is 8 bytes long and output is 8 bytes.
-	
-void BF_cbc_encrypt(
-unsigned char *in,
-unsigned char *out,
-long length,
-BF_KEY *ks,
-unsigned char *ivec,
-int encrypt);
-	This routine implements Blowfish in Cipher Block Chaining mode.
-	Input, which should be a multiple of 8 bytes is encrypted
-	(or decrypted) to output which will also be a multiple of 8 bytes.
-	The number of bytes is in length (and from what I've said above,
-	should be a multiple of 8).  If length is not a multiple of 8, bad 
-	things will probably happen.  ivec is the initialisation vector.
-	This function updates iv after each call so that it can be passed to
-	the next call to BF_cbc_encrypt().
-	
-void BF_cfb64_encrypt(
-unsigned char *in,
-unsigned char *out,
-long length,
-BF_KEY *schedule,
-unsigned char *ivec,
-int *num,
-int encrypt);
-	This is one of the more useful functions in this Blowfish library, it
-	implements CFB mode of Blowfish with 64bit feedback.
-	This allows you to encrypt an arbitrary number of bytes,
-	you do not require 8 byte padding.  Each call to this
-	routine will encrypt the input bytes to output and then update ivec
-	and num.  Num contains 'how far' we are though ivec.
-	'Encrypt' is used to indicate encryption or decryption.
-	CFB64 mode operates by using the cipher to generate a stream
-	of bytes which is used to encrypt the plain text.
-	The cipher text is then encrypted to generate the next 64 bits to
-	be xored (incrementally) with the next 64 bits of plain
-	text.  As can be seen from this, to encrypt or decrypt,
-	the same 'cipher stream' needs to be generated but the way the next
-	block of data is gathered for encryption is different for
-	encryption and decryption.
-	
-void BF_ofb64_encrypt(
-unsigned char *in,
-unsigned char *out,
-long length,
-BF_KEY *schedule,
-unsigned char *ivec,
-int *num);
-	This functions implements OFB mode of Blowfish with 64bit feedback.
-	This allows you to encrypt an arbitrary number of bytes,
-	you do not require 8 byte padding.  Each call to this
-	routine will encrypt the input bytes to output and then update ivec
-	and num.  Num contains 'how far' we are though ivec.
-	This is in effect a stream cipher, there is no encryption or
-	decryption mode.
-	
-For reading passwords, I suggest using des_read_pw_string() from my DES library.
-To generate a password from a text string, I suggest using MD5 (or MD2) to
-produce a 16 byte message digest that can then be passed directly to
-BF_set_key().
-
-=====
-For more information about the specific Blowfish modes in this library
-(ecb, cbc, cfb and ofb), read the section entitled 'Modes of DES' from the
-documentation on my DES library.  What is said about DES is directly
-applicable for Blowfish.
-
diff --git a/lib/libssl/src/doc/bn.doc b/lib/libssl/src/doc/bn.doc
deleted file mode 100644
index 47be23b6eaf..00000000000
--- a/lib/libssl/src/doc/bn.doc
+++ /dev/null
@@ -1,381 +0,0 @@
-The Big Number library.
-
-#include "bn.h" when using this library.
-
-This big number library was written for use in implementing the RSA and DH
-public key encryption algorithms.  As such, features such as negative
-numbers have not been extensively tested but they should work as expected.
-This library uses dynamic memory allocation for storing its data structures
-and so there are no limit on the size of the numbers manipulated by these
-routines but there is always the requirement to check return codes from
-functions just in case a memory allocation error has occurred.
-
-The basic object in this library is a BIGNUM.  It is used to hold a single
-large integer.  This type should be considered opaque and fields should not
-be modified or accessed directly.
-typedef struct bignum_st
-	{
-	int top;	/* Index of last used d. */
-	BN_ULONG *d;	/* Pointer to an array of 'BITS2' bit chunks. */
-	int max;	/* Size of the d array. */
-	int neg;
-	} BIGNUM;
-The big number is stored in a malloced array of BN_ULONG's.  A BN_ULONG can
-be either 16, 32 or 64 bits in size, depending on the 'number of  bits'
-specified in bn.h. 
-The 'd' field is this array.  'max' is the size of the 'd' array that has
-been allocated.  'top' is the 'last' entry being used, so for a value of 4,
-bn.d[0]=4 and bn.top=1.  'neg' is 1 if the number is negative.
-When a BIGNUM is '0', the 'd' field can be NULL and top == 0.
-
-Various routines in this library require the use of 'temporary' BIGNUM
-variables during their execution.  Due to the use of dynamic memory
-allocation to create BIGNUMs being rather expensive when used in
-conjunction with repeated subroutine calls, the BN_CTX structure is
-used.  This structure contains BN_CTX BIGNUMs.  BN_CTX
-is the maximum number of temporary BIGNUMs any publicly exported 
-function will use.
-
-#define BN_CTX	12
-typedef struct bignum_ctx
-	{
-	int tos;			/* top of stack */
-	BIGNUM *bn[BN_CTX];	/* The variables */
-	} BN_CTX;
-
-The functions that follow have been grouped according to function.  Most
-arithmetic functions return a result in the first argument, sometimes this
-first argument can also be an input parameter, sometimes it cannot.  These
-restrictions are documented.
-
-extern BIGNUM *BN_value_one;
-There is one variable defined by this library, a BIGNUM which contains the
-number 1.  This variable is useful for use in comparisons and assignment.
-
-Get Size functions.
-
-int BN_num_bits(BIGNUM *a);
-	This function returns the size of 'a' in bits.
-	
-int BN_num_bytes(BIGNUM *a);
-	This function (macro) returns the size of 'a' in bytes.
-	For conversion of BIGNUMs to byte streams, this is the number of
-	bytes the output string will occupy.  If the output byte
-	format specifies that the 'top' bit indicates if the number is
-	signed, so an extra '0' byte is required if the top bit on a
-	positive number is being written, it is upto the application to
-	make this adjustment.  Like I said at the start, I don't
-	really support negative numbers :-).
-
-Creation/Destruction routines.
-
-BIGNUM *BN_new();
-	Return a new BIGNUM object.  The number initially has a value of 0.  If
-	there is an error, NULL is returned.
-	
-void	BN_free(BIGNUM *a);
-	Free()s a BIGNUM.
-	
-void	BN_clear(BIGNUM *a);
-	Sets 'a' to a value of 0 and also zeros all unused allocated
-	memory.  This function is used to clear a variable of 'sensitive'
-	data that was held in it.
-	
-void	BN_clear_free(BIGNUM *a);
-	This function zeros the memory used by 'a' and then free()'s it.
-	This function should be used to BN_free() BIGNUMS that have held
-	sensitive numeric values like RSA private key values.  Both this
-	function and BN_clear tend to only be used by RSA and DH routines.
-
-BN_CTX *BN_CTX_new(void);
-	Returns a new BN_CTX.  NULL on error.
-	
-void	BN_CTX_free(BN_CTX *c);
-	Free a BN_CTX structure.  The BIGNUMs in 'c' are BN_clear_free()ed.
-	
-BIGNUM *bn_expand(BIGNUM *b, int bits);
-	This is an internal function that should not normally be used.  It
-	ensures that 'b' has enough room for a 'bits' bit number.  It is
-	mostly used by the various BIGNUM routines.  If there is an error,
-	NULL is returned. if not, 'b' is returned.
-	
-BIGNUM *BN_copy(BIGNUM *to, BIGNUM *from);
-	The 'from' is copied into 'to'.  NULL is returned if there is an
-	error, otherwise 'to' is returned.
-
-BIGNUM *BN_dup(BIGNUM *a);
-	A new BIGNUM is created and returned containing the value of 'a'.
-	NULL is returned on error.
-
-Comparison and Test Functions.
-
-int BN_is_zero(BIGNUM *a)
-	Return 1 if 'a' is zero, else 0.
-
-int BN_is_one(a)
-	Return 1 is 'a' is one, else 0.
-
-int BN_is_word(a,w)
-	Return 1 if 'a' == w, else 0.  'w' is a BN_ULONG.
-
-int BN_cmp(BIGNUM *a, BIGNUM *b);
-	Return -1 if 'a' is less than 'b', 0 if 'a' and 'b' are the same
-	and 1 is 'a' is greater than 'b'.  This is a signed comparison.
-	
-int BN_ucmp(BIGNUM *a, BIGNUM *b);
-	This function is the same as BN_cmp except that the comparison
-	ignores the sign of the numbers.
-	
-Arithmetic Functions
-For all of these functions, 0 is returned if there is an error and 1 is
-returned for success.  The return value should always be checked.  eg.
-if (!BN_add(r,a,b)) goto err;
-Unless explicitly mentioned, the 'return' value can be one of the
-'parameters' to the function.
-
-int BN_add(BIGNUM *r, BIGNUM *a, BIGNUM *b);
-	Add 'a' and 'b' and return the result in 'r'.  This is r=a+b.
-	
-int BN_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b);
-	Subtract 'a' from 'b' and put the result in 'r'. This is r=a-b.
-	
-int BN_lshift(BIGNUM *r, BIGNUM *a, int n);
-	Shift 'a' left by 'n' bits.  This is r=a*(2^n).
-	
-int BN_lshift1(BIGNUM *r, BIGNUM *a);
-	Shift 'a' left by 1 bit.  This form is more efficient than
-	BN_lshift(r,a,1).  This is r=a*2.
-	
-int BN_rshift(BIGNUM *r, BIGNUM *a, int n);
-	Shift 'a' right by 'n' bits.  This is r=int(a/(2^n)).
-	
-int BN_rshift1(BIGNUM *r, BIGNUM *a);
-	Shift 'a' right by 1 bit.  This form is more efficient than
-	BN_rshift(r,a,1).  This is r=int(a/2).
-	
-int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b);
-	Multiply a by b and return the result in 'r'. 'r' must not be
-	either 'a' or 'b'.  It has to be a different BIGNUM.
-	This is r=a*b.
-
-int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
-	Multiply a by a and return the result in 'r'. 'r' must not be
-	'a'.  This function is alot faster than BN_mul(r,a,a).  This is r=a*a.
-
-int BN_div(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BIGNUM *d, BN_CTX *ctx);
-	Divide 'm' by 'd' and return the result in 'dv' and the remainder
-	in 'rem'.  Either of 'dv' or 'rem' can be NULL in which case that
-	value is not returned.  'ctx' needs to be passed as a source of
-	temporary BIGNUM variables.
-	This is dv=int(m/d), rem=m%d.
-	
-int BN_mod(BIGNUM *rem, BIGNUM *m, BIGNUM *d, BN_CTX *ctx);
-	Find the remainder of 'm' divided by 'd' and return it in 'rem'.
-	'ctx' holds the temporary BIGNUMs required by this function.
-	This function is more efficient than BN_div(NULL,rem,m,d,ctx);
-	This is rem=m%d.
-
-int BN_mod_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *m,BN_CTX *ctx);
-	Multiply 'a' by 'b' and return the remainder when divided by 'm'.
-	'ctx' holds the temporary BIGNUMs required by this function.
-	This is r=(a*b)%m.
-
-int BN_mod_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,BN_CTX *ctx);
-	Raise 'a' to the 'p' power and return the remainder when divided by
-	'm'.  'ctx' holds the temporary BIGNUMs required by this function.
-	This is r=(a^p)%m.
-
-int BN_reciprocal(BIGNUM *r, BIGNUM *m, BN_CTX *ctx);
-	Return the reciprocal of 'm'.  'ctx' holds the temporary variables
-	required.  This function returns -1 on error, otherwise it returns
-	the number of bits 'r' is shifted left to make 'r' into an integer.
-	This number of bits shifted is required in BN_mod_mul_reciprocal().
-	This is r=(1/m)<<(BN_num_bits(m)+1).
-	
-int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *x, BIGNUM *y, BIGNUM *m, 
-	BIGNUM *i, int nb, BN_CTX *ctx);
-	This function is used to perform an efficient BN_mod_mul()
-	operation.  If one is going to repeatedly perform BN_mod_mul() with
-	the same modulus is worth calculating the reciprocal of the modulus
-	and then using this function.  This operation uses the fact that
-	a/b == a*r where r is the reciprocal of b.  On modern computers
-	multiplication is very fast and big number division is very slow.
-	'x' is multiplied by 'y' and then divided by 'm' and the remainder
-	is returned.  'i' is the reciprocal of 'm' and 'nb' is the number
-	of bits as returned from BN_reciprocal().  Normal usage is as follows.
-	bn=BN_reciprocal(i,m);
-	for (...)
-		{ BN_mod_mul_reciprocal(r,x,y,m,i,bn,ctx); }
-	This is r=(x*y)%m.  Internally it is approximately
-	r=(x*y)-m*(x*y/m) or r=(x*y)-m*((x*y*i) >> bn)
-	This function is used in BN_mod_exp() and BN_is_prime().
-
-Assignment Operations
-
-int BN_one(BIGNUM *a)
-	Set 'a' to hold the value one.
-	This is a=1.
-	
-int BN_zero(BIGNUM *a)
-	Set 'a' to hold the value zero.
-	This is a=0.
-	
-int BN_set_word(BIGNUM *a, unsigned long w);
-	Set 'a' to hold the value of 'w'.  'w' is an unsigned long.
-	This is a=w.
-
-unsigned long BN_get_word(BIGNUM *a);
-	Returns 'a' in an unsigned long.  Not remarkably, often 'a' will
-	be biger than a word, in which case 0xffffffffL is returned.
-
-Word Operations
-These functions are much more efficient that the normal bignum arithmetic
-operations.
-
-BN_ULONG BN_mod_word(BIGNUM *a, unsigned long w);
-	Return the remainder of 'a' divided by 'w'.
-	This is return(a%w).
-	
-int BN_add_word(BIGNUM *a, unsigned long w);
-	Add 'w' to 'a'.  This function does not take the sign of 'a' into
-	account.  This is a+=w;
-	
-Bit operations.
-
-int BN_is_bit_set(BIGNUM *a, int n);
-	This function return 1 if bit 'n' is set in 'a' else 0.
-
-int BN_set_bit(BIGNUM *a, int n);
-	This function sets bit 'n' to 1 in 'a'. 
-	This is a&= ~(1<<n);
-
-int BN_clear_bit(BIGNUM *a, int n);
-	This function sets bit 'n' to zero in 'a'.  Return 0 if less
-	than 'n' bits in 'a' else 1.  This is a&= ~(1<<n);
-
-int BN_mask_bits(BIGNUM *a, int n);
-	Truncate 'a' to n bits long.  This is a&= ~((~0)<<n)
-
-Format conversion routines.
-
-BIGNUM *BN_bin2bn(unsigned char *s, int len,BIGNUM *ret);
-	This function converts 'len' bytes in 's' into a BIGNUM which
-	is put in 'ret'.  If ret is NULL, a new BIGNUM is created.
-	Either this new BIGNUM or ret is returned.  The number is
-	assumed to be in bigendian form in 's'.  By this I mean that
-	to 'ret' is created as follows for 'len' == 5.
-	ret = s[0]*2^32 + s[1]*2^24 + s[2]*2^16 + s[3]*2^8 + s[4];
-	This function cannot be used to convert negative numbers.  It
-	is always assumed the number is positive.  The application
-	needs to diddle the 'neg' field of th BIGNUM its self.
-	The better solution would be to save the numbers in ASN.1 format
-	since this is a defined standard for storing big numbers.
-	Look at the functions
-
-	ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai);
-	BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai,BIGNUM *bn);
-	int i2d_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);
-	ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,
-		long length;
-
-int BN_bn2bin(BIGNUM *a, unsigned char *to);
-	This function converts 'a' to a byte string which is put into
-	'to'.  The representation is big-endian in that the most
-	significant byte of 'a' is put into to[0].  This function
-	returns the number of bytes used to hold 'a'.  BN_num_bytes(a)
-	would return the same value and can be used to determine how
-	large 'to' needs to be.  If the number is negative, this
-	information is lost.  Since this library was written to
-	manipulate large positive integers, the inability to save and
-	restore them is not considered to be a problem by me :-).
-	As for BN_bin2bn(), look at the ASN.1 integer encoding funtions
-	for SSLeay.  They use BN_bin2bn() and BN_bn2bin() internally.
-	
-char *BN_bn2ascii(BIGNUM *a);
-	This function returns a malloc()ed string that contains the
-	ascii hexadecimal encoding of 'a'.  The number is in bigendian
-	format with a '-' in front if the number is negative.
-
-int BN_ascii2bn(BIGNUM **bn, char *a);
-	The inverse of BN_bn2ascii.  The function returns the number of
-	characters from 'a' were processed in generating a the bignum.
-	error is inticated by 0 being returned.  The number is a
-	hex digit string, optionally with a leading '-'.  If *bn
-	is null, a BIGNUM is created and returned via that variable.
-	
-int BN_print_fp(FILE *fp, BIGNUM *a);
-	'a' is printed to file pointer 'fp'.  It is in the same format
-	that is output from BN_bn2ascii().  0 is returned on error,
-	1 if things are ok.
-
-int BN_print(BIO *bp, BIGNUM *a);
-	Same as BN_print except that the output is done to the SSLeay libraries
-	BIO routines.  BN_print_fp() actually calls this function.
-
-Miscellaneous Routines.
-
-int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
-	This function returns in 'rnd' a random BIGNUM that is bits
-	long.  If bottom is 1, the number returned is odd.  If top is set,
-	the top 2 bits of the number are set.  This is useful because if
-	this is set, 2 'n; bit numbers multiplied together will return a 2n
-	bit number.  If top was not set, they could produce a 2n-1 bit
-	number.
-
-BIGNUM *BN_mod_inverse(BIGNUM *a, BIGNUM *n,BN_CTX *ctx);
-	This function create a new BIGNUM and returns it.  This number
-	is the inverse mod 'n' of 'a'.  By this it is meant that the
-	returned value 'r' satisfies (a*r)%n == 1.  This function is
-	used in the generation of RSA keys.  'ctx', as per usual,
-	is used to hold temporary variables that are required by the
-	function.  NULL is returned on error.
-
-int BN_gcd(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_CTX *ctx);
-	'r' has the greatest common divisor of 'a' and 'b'.  'ctx' is
-	used for temporary variables and 0 is returned on error.
-
-int BN_is_prime(BIGNUM *p,int nchecks,void (*callback)(),BN_CTX *ctx,
-	char *cb_arg);
-	This function is used to check if a BIGNUM ('p') is prime.
-	It performs this test by using the Miller-Rabin randomised
-	primality test.  This is a probalistic test that requires a
-	number of rounds to ensure the number is prime to a high
-	degree of probability.  Since this can take quite some time, a
-	callback function can be passed and it will be called each
-	time 'p' passes a round of the prime testing.  'callback' will
-	be called as follows, callback(1,n,cb_arg) where n is the number of
-	the round, just passed.  As per usual 'ctx' contains temporary
-	variables used.  If ctx is NULL, it does not matter, a local version
-	will be malloced.  This parameter is present to save some mallocing
-	inside the function but probably could be removed.
-	0 is returned on error.
-	'ncheck' is the number of Miller-Rabin tests to run.  It is
-	suggested to use the value 'BN_prime_checks' by default.
-
-BIGNUM *BN_generate_prime(
-int bits,
-int strong,
-BIGNUM *a,
-BIGNUM *rems,
-void (*callback)());
-char *cb_arg
-	This function is used to generate prime numbers.  It returns a
-	new BIGNUM that has a high probability of being a prime.
-	'bits' is the number of bits that
-	are to be in the prime.  If 'strong' is true, the returned prime
-	will also be a strong prime ((p-1)/2 is also prime).
-	While searching for the prime ('p'), we
-	can add the requirement that the prime fill the following
-	condition p%a == rem.  This can be used to help search for
-	primes with specific features, which is required when looking
-	for primes suitable for use with certain 'g' values in the
-	Diffie-Hellman key exchange algorithm.  If 'a' is NULL,
-	this condition is not checked.  If rem is NULL, rem is assumed
-	to be 1.  Since this search for a prime
-	can take quite some time, if callback is not NULL, it is called
-	in the following situations.
-	We have a suspected prime (from a quick sieve),
-	callback(0,sus_prime++,cb_arg). Each item to be passed to BN_is_prime().
-	callback(1,round++,cb_arg).  Each successful 'round' in BN_is_prime().
-	callback(2,round,cb_arg). For each successful BN_is_prime() test.
-
diff --git a/lib/libssl/src/doc/c-indentation.el b/lib/libssl/src/doc/c-indentation.el
new file mode 100644
index 00000000000..9a4a0be598f
--- /dev/null
+++ b/lib/libssl/src/doc/c-indentation.el
@@ -0,0 +1,36 @@
+; This Emacs Lisp file defines a C indentation style that closely
+; follows most aspects of the one that is used throughout SSLeay,
+; and hence in OpenSSL.
+; 
+; This definition is for the "CC mode" package, which is the default
+; mode for editing C source files in Emacs 20, not for the older
+; c-mode.el (which was the default in less recent releaes of Emacs 19).
+;
+; Copy the definition in your .emacs file or use M-x eval-buffer.
+; To activate this indentation style, visit a C file, type
+; M-x c-set-style <RET> (or C-c . for short), and enter "eay".
+; To toggle the auto-newline feature of CC mode, type C-c C-a.
+;
+; Apparently statement blocks that are not introduced by a statement
+; such as "if" and that are not the body of a function cannot
+; be handled too well by CC mode with this indentation style.
+; The style defined below does not indent them at all.
+; To insert tabs manually, prefix them with ^Q (the "quoted-insert"
+; command of Emacs).  If you know a solution to this problem
+; or find other problems with this indentation style definition,
+; please send e-mail to bodo@openssl.org.
+
+(c-add-style "eay"
+	     '((c-basic-offset . 8)
+	       (c-comment-only-line-offset . 0)
+	       (c-hanging-braces-alist)
+	       (c-offsets-alist	. ((defun-open . +)
+				   (defun-block-intro . 0)
+				   (block-open . 0)
+				   (substatement-open . +)
+				   (statement-block-intro . 0)
+				   (statement-case-open . +)
+				   (statement-case-intro . +)
+				   (case-label . -)
+				   (label . -)
+				   (arglist-cont-nonempty . +)))))
diff --git a/lib/libssl/src/doc/ca.1 b/lib/libssl/src/doc/ca.1
deleted file mode 100644
index e9e390a4340..00000000000
--- a/lib/libssl/src/doc/ca.1
+++ /dev/null
@@ -1,121 +0,0 @@
-From eay@orb.mincom.oz.au Thu Dec 28 23:56:45 1995
-Received: by orb.mincom.oz.au id AA07374
-  (5.65c/IDA-1.4.4 for eay); Thu, 28 Dec 1995 13:56:45 +1000
-Date: Thu, 28 Dec 1995 13:56:45 +1000 (EST)
-From: Eric Young <eay@mincom.oz.au>
-X-Sender: eay@orb
-To: sameer <sameer@c2.org>
-Cc: ssleay@mincom.oz.au
-Subject: Re: 'ca'
-In-Reply-To: <199512230440.UAA23410@infinity.c2.org>
-Message-Id: <Pine.SOL.3.91.951228133525.7269A-100000@orb>
-Mime-Version: 1.0
-Content-Type: TEXT/PLAIN; charset=US-ASCII
-Status: RO
-X-Status: 
-
-On Fri, 22 Dec 1995, sameer wrote:
-> 	I could use documentation on 'ca'. Thanks.
-
-Very quickly.
-The ca program uses the ssleay.conf file for most of its configuration
-
-./ca -help
-
- -verbose        - Talk alot while doing things
- -config file    - A config file. If you don't want to use the
-		   default config file
- -name arg       - The particular CA definition to use
-	In the config file, the section to use for parameters.  This lets 
-	multiple setups to be contained in the one file.  By default, the 
-	default_ca variable is looked up in the [ ca ] section.  So in the 
-	shipped ssleay.conf, the CA definition used is CA_default.  It could be 
-	any other name.
- -gencrl days    - Generate a new CRL, days is when the next CRL is due
-	This will generate a new certificate revocion list.
- -days arg       - number of days to certify the certificate for
-	When certifying certificates, this is the number of days to use.
- -md arg         - md to use, one of md2, md5, sha or sha1
- -policy arg     - The CA 'policy' to support
-	I'll describe this later, but there are 2 policies definied in the 
-	shipped ssleay.conf
- -keyfile arg    - PEM RSA private key file
- -key arg        - key to decode the RSA private key if it is encrypted
-	since we need to keep the CA's RSA key encrypted
- -cert           - The CA certificate
- -in file        - The input PEM encoded certificate request(s)
- -out file       - Where to put the output file(s)
- -outdir dir     - Where to put output certificates
-	The -out options concatenates all the output
-	certificates to one file, -outdir puts them in a directory,
-	named by serial number.
- -infiles ....   - The last argument, requests to process
-	The certificate requests to process, -in is the same.
-
-Just about all the above have default values defined in ssleay.conf.
-
-The key variables in ssleay.conf are (for the particular '-name' being 
-used, in the default, it is CA_default).
-
-dir is where all the CA database stuff is kept.
-certs is where all the previously issued certificates are kept.
-The database is a simple text database containing the following tab separated 
-fields.
-status: a value of 'R' - revoked, 'E' -expired or 'V' valid.
-issued date:  When the certificate was certified.
-revoked date:  When it was revoked, blank if not revoked.
-serial number:  The certificate serial number.
-certificate:	Where the certificate is located.
-CN:	The name of the certificate.
-
-The demo file has quite a few made up values it it.  The last 2 were 
-added by the ca program and are acurate.
-The CA program does not update the 'certificate' file correctly right now.
-The serial field should be unique as should the CN/status combination.
-The ca program checks these at startup.  What still needs to be 
-wrtten is a program to 'regenerate' the data base file from the issued 
-certificate list (and a CRL list).
-
-Back to the CA_default variables.
-
-Most of the variables are commented.
-
-policy is the default policy.
-
-Ok for policies, they define the order and which fields must be present 
-in the certificate request and what gets filled in.
-
-So a value of
-countryName             = match
-means that the country name must match the CA certificate.
-organizationalUnitName  = optional
-The org.Unit,Name does not have to be present and
-commonName              = supplied
-commonName must be supplied in the certificate request.
-
-For the 'policy_match' policy, the order of the attributes in the 
-generated certificate would be
-countryName
-stateOrProvinceName
-organizationName
-organizationalUnitName
-commonName
-emailAddress
-
-Have a play, it sort of makes sense.  If you think about how the persona 
-requests operate, it is similar to the 'policy_match' policy and the
-'policy_anything' is similar to what versign is doing.
-
-I hope this helps a bit.  Some backend scripts are definitly needed to 
-update the database and to make certificate revocion easy.  All 
-certificates issued should also be kept forever (or until they expire?)
-
-hope this helps
-eric (who has to run off an buy some cheap knee pads for the caving in 4 
-days time :-)
-
---
-Eric Young                  | Signature removed since it was generating
-AARNet: eay@mincom.oz.au    | more followups than the message contents :-)
-
-
diff --git a/lib/libssl/src/doc/callback.doc b/lib/libssl/src/doc/callback.doc
deleted file mode 100644
index 7ad0f7f7d26..00000000000
--- a/lib/libssl/src/doc/callback.doc
+++ /dev/null
@@ -1,240 +0,0 @@
-Callback functions used in SSLeay.
-
---------------------------
-The BIO library.  
-
-Each BIO structure can have a callback defined against it.  This callback is
-called 2 times for each BIO 'function'.  It is passed 6 parameters.
-BIO_debug_callback() is an example callback which is defined in
-crypto/buffer/bio_cb.c and is used in apps/dgst.c  This is intended mostly
-for debuging or to notify the application of IO.
-
-long BIO_debug_callback(BIO *bio,int cmd,char *argp,int argi,long argl,
-	long ret);
-bio is the BIO being called, cmd is the type of BIO function being called.
-Look at the BIO_CB_* defines in buffer.h.  Argp and argi are the arguments
-passed to BIO_read(), BIO_write, BIO_gets(), BIO_puts().  In the case of
-BIO_ctrl(), argl is also defined.  The first time the callback is called,
-before the underlying function has been executed, 0 is passed as 'ret', and
-if the return code from the callback is not > 0, the call is aborted
-and the returned <= 0 value is returned.
-The second time the callback is called, the 'cmd' value also has
-BIO_CB_RETURN logically 'or'ed with it.  The 'ret' value is the value returned
-from the actuall function call and whatever the callback returns is returned
-from the BIO function.
-
-BIO_set_callback(b,cb) can be used to set the callback function
-(b is a BIO), and BIO_set_callback_arg(b,arg) can be used to
-set the cb_arg argument in the BIO strucutre.  This field is only intended
-to be used by application, primarily in the callback function since it is
-accessable since the BIO is passed.
-
---------------------------
-The PEM library.
-
-The pem library only really uses one type of callback,
-static int def_callback(char *buf, int num, int verify);
-which is used to return a password string if required.
-'buf' is the buffer to put the string in.  'num' is the size of 'buf'
-and 'verify' is used to indicate that the password should be checked.
-This last flag is mostly used when reading a password for encryption.
-
-For all of these functions, a NULL callback will call the above mentioned
-default callback.  This default function does not work under Windows 3.1.
-For other machines, it will use an application defined prompt string
-(EVP_set_pw_prompt(), which defines a library wide prompt string)
-if defined, otherwise it will use it's own PEM password prompt.
-It will then call EVP_read_pw_string() to get a password from the console.
-If your application wishes to use nice fancy windows to retrieve passwords,
-replace this function.  The callback should return the number of bytes read
-into 'buf'.  If the number of bytes <= 0, it is considered an error.
-
-Functions that take this callback are listed below.  For the 'read' type
-functions, the callback will only be required if the PEM data is encrypted.
-
-For the Write functions, normally a password can be passed in 'kstr', of
-'klen' bytes which will be used if the 'enc' cipher is not NULL.  If
-'kstr' is NULL, the callback will be used to retrieve a password.
-
-int PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len,
-	int (*callback)());
-char *PEM_ASN1_read_bio(char *(*d2i)(),char *name,BIO *bp,char **x,int (*cb)());
-char *PEM_ASN1_read(char *(*d2i)(),char *name,FILE *fp,char **x,int (*cb)());
-int PEM_ASN1_write_bio(int (*i2d)(),char *name,BIO *bp,char *x,
-	EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)());
-int PEM_ASN1_write(int (*i2d)(),char *name,FILE *fp,char *x,
-	EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)());
-STACK *PEM_X509_INFO_read(FILE *fp, STACK *sk, int (*cb)());
-STACK *PEM_X509_INFO_read_bio(BIO *fp, STACK *sk, int (*cb)());
-
-#define	PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb)
-#define	PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb)
-#define	PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb)
-#define	PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb)
-#define	PEM_read_SSL_SESSION(fp,x,cb)
-#define	PEM_read_X509(fp,x,cb)
-#define	PEM_read_X509_REQ(fp,x,cb)
-#define	PEM_read_X509_CRL(fp,x,cb)
-#define	PEM_read_RSAPrivateKey(fp,x,cb)
-#define	PEM_read_DSAPrivateKey(fp,x,cb)
-#define	PEM_read_PrivateKey(fp,x,cb)
-#define	PEM_read_PKCS7(fp,x,cb)
-#define	PEM_read_DHparams(fp,x,cb)
-#define	PEM_read_bio_SSL_SESSION(bp,x,cb)
-#define	PEM_read_bio_X509(bp,x,cb)
-#define	PEM_read_bio_X509_REQ(bp,x,cb)
-#define	PEM_read_bio_X509_CRL(bp,x,cb)
-#define	PEM_read_bio_RSAPrivateKey(bp,x,cb)
-#define	PEM_read_bio_DSAPrivateKey(bp,x,cb)
-#define	PEM_read_bio_PrivateKey(bp,x,cb)
-#define	PEM_read_bio_PKCS7(bp,x,cb)
-#define	PEM_read_bio_DHparams(bp,x,cb)
-int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)());
-RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)());
-
-Now you will notice that macros like
-#define PEM_write_X509(fp,x) \
-                PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \
-		                        (char *)x, NULL,NULL,0,NULL)
-Don't do encryption normally.  If you want to PEM encrypt your X509 structure,
-either just call PEM_ASN1_write directly or just define you own
-macro variant.  As you can see, this macro just sets all encryption related
-parameters to NULL.
-
-
---------------------------
-The SSL library.
-
-#define SSL_set_info_callback(ssl,cb)
-#define SSL_CTX_set_info_callback(ctx,cb)
-void callback(SSL *ssl,int location,int ret)
-This callback is called each time around the SSL_connect()/SSL_accept() 
-state machine.  So it will be called each time the SSL protocol progresses.
-It is mostly present for use when debugging.  When SSL_connect() or
-SSL_accept() return, the location flag is SSL_CB_ACCEPT_EXIT or
-SSL_CB_CONNECT_EXIT and 'ret' is the value about to be returned.
-Have a look at the SSL_CB_* defines in ssl.h.  If an info callback is defined
-against the SSL_CTX, it is called unless there is one set against the SSL.
-Have a look at
-void client_info_callback() in apps/s_client() for an example.
-
-Certificate verification.
-void SSL_set_verify(SSL *s, int mode, int (*callback) ());
-void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*callback)());
-This callback is used to help verify client and server X509 certificates.
-It is actually passed to X509_cert_verify(), along with the SSL structure
-so you have to read about X509_cert_verify() :-).  The SSL_CTX version is used
-if the SSL version is not defined.  X509_cert_verify() is the function used
-by the SSL part of the library to verify certificates.  This function is
-nearly always defined by the application.
-
-void SSL_CTX_set_cert_verify_cb(SSL_CTX *ctx, int (*cb)(),char *arg);
-int callback(char *arg,SSL *s,X509 *xs,STACK *cert_chain);
-This call is used to replace the SSLeay certificate verification code.
-The 'arg' is kept in the SSL_CTX and is passed to the callback.
-If the callback returns 0, the certificate is rejected, otherwise it
-is accepted.  The callback is replacing the X509_cert_verify() call.
-This feature is not often used, but if you wished to implement
-some totally different certificate authentication system, this 'hook' is
-vital.
-
-SSLeay keeps a cache of session-ids against each SSL_CTX.  These callbacks can
-be used to notify the application when a SSL_SESSION is added to the cache
-or to retrieve a SSL_SESSION that is not in the cache from the application.
-#define SSL_CTX_sess_set_get_cb(ctx,cb)
-SSL_SESSION *callback(SSL *s,char *session_id,int session_id_len,int *copy);
-If defined, this callback is called to return the SESSION_ID for the
-session-id in 'session_id', of 'session_id_len' bytes.  'copy' is set to 1
-if the server is to 'take a copy' of the SSL_SESSION structure.  It is 0
-if the SSL_SESSION is being 'passed in' so the SSLeay library is now
-responsible for 'free()ing' the structure.  Basically it is used to indicate
-if the reference count on the SSL_SESSION structure needs to be incremented.
-
-#define SSL_CTX_sess_set_new_cb(ctx,cb)
-int callback(SSL *s, SSL_SESSION *sess);
-When a new connection is established, if the SSL_SESSION is going to be added
-to the cache, this callback is called.  Return 1 if a 'copy' is required,
-otherwise, return 0.  This return value just causes the reference count
-to be incremented (on return of a 1), this means the application does
-not need to worry about incrementing the refernece count (and the
-locking that implies in a multi-threaded application).
-
-void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx,int (*cb)());
-This sets the SSL password reading function.
-It is mostly used for windowing applications
-and used by PEM_read_bio_X509() and PEM_read_bio_RSAPrivateKey()
-calls inside the SSL library.   The only reason this is present is because the
-calls to PEM_* functions is hidden in the SSLeay library so you have to
-pass in the callback some how.
-
-#define SSL_CTX_set_client_cert_cb(ctx,cb)
-int callback(SSL *s,X509 **x509, EVP_PKEY **pkey);
-Called when a client certificate is requested but there is not one set
-against the SSL_CTX or the SSL.  If the callback returns 1, x509 and
-pkey need to point to valid data.  The library will free these when
-required so if the application wants to keep these around, increment
-their reference counts.  If 0 is returned, no client cert is
-available.  If -1 is returned, it is assumed that the callback needs
-to be called again at a later point in time.  SSL_connect will return
--1 and SSL_want_x509_lookup(ssl) returns true.  Remember that
-application data can be attached to an SSL structure via the
-SSL_set_app_data(SSL *ssl,char *data) call.
-
---------------------------
-The X509 library.
-
-int X509_cert_verify(CERTIFICATE_CTX *ctx,X509 *xs, int (*cb)(),
-	int *error,char *arg,STACK *cert_chain);
-int verify_callback(int ok,X509 *xs,X509 *xi,int depth,int error,char *arg,
-	STACK *cert_chain);
-
-X509_cert_verify() is used to authenticate X509 certificates.  The 'ctx' holds
-the details of the various caches and files used to locate certificates.
-'xs' is the certificate to verify and 'cb' is the application callback (more
-detail later).  'error' will be set to the error code and 'arg' is passed
-to the 'cb' callback.  Look at the VERIFY_* defines in crypto/x509/x509.h
-
-When ever X509_cert_verify() makes a 'negative' decision about a
-certitificate, the callback is called.  If everything checks out, the
-callback is called with 'VERIFY_OK' or 'VERIFY_ROOT_OK' (for a self
-signed cert that is not the passed certificate).
-
-The callback is passed the X509_cert_verify opinion of the certificate 
-in 'ok', the certificate in 'xs', the issuer certificate in 'xi',
-the 'depth' of the certificate in the verification 'chain', the
-VERIFY_* code in 'error' and the argument passed to X509_cert_verify()
-in 'arg'. cert_chain is a list of extra certs to use if they are not
-in the cache.
-
-The callback can be used to look at the error reason, and then return 0
-for an 'error' or '1' for ok.  This will override the X509_cert_verify()
-opinion of the certificates validity.  Processing will continue depending on
-the return value.  If one just wishes to use the callback for informational
-reason, just return the 'ok' parameter.
-
---------------------------
-The BN and DH library.
-
-BIGNUM *BN_generate_prime(int bits,int strong,BIGNUM *add,
-	BIGNUM *rem,void (*callback)(int,int));
-int BN_is_prime(BIGNUM *p,int nchecks,void (*callback)(int,int),
-
-Read doc/bn.doc for the description of these 2.
-
-DH *DH_generate_parameters(int prime_len,int generator,
-	void (*callback)(int,int));
-Read doc/bn.doc for the description of the callback, since it is just passed
-to BN_generate_prime(), except that it is also called as
-callback(3,0) by this function.
-
---------------------------
-The CRYPTO library.
-
-void CRYPTO_set_locking_callback(void (*func)(int mode,int type,char *file,
-	int line));
-void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,
-	int type,char *file, int line));
-void CRYPTO_set_id_callback(unsigned long (*func)(void));
-
-Read threads.doc for info on these ones.
-
diff --git a/lib/libssl/src/doc/cipher.doc b/lib/libssl/src/doc/cipher.doc
deleted file mode 100644
index d49ba78c5cd..00000000000
--- a/lib/libssl/src/doc/cipher.doc
+++ /dev/null
@@ -1,345 +0,0 @@
-The Cipher subroutines.
-
-These routines require "evp.h" to be included.
-
-These functions are a higher level interface to the various cipher
-routines found in this library.  As such, they allow the same code to be
-used to encrypt and decrypt via different ciphers with only a change
-in an initial parameter.  These routines also provide buffering for block
-ciphers.
-
-These routines all take a pointer to the following structure to specify
-which cipher to use.  If you wish to use a new cipher with these routines,
-you would probably be best off looking an how an existing cipher is
-implemented and copying it.  At this point in time, I'm not going to go
-into many details.  This structure should be considered opaque
-
-typedef struct pem_cipher_st
-	{
-	int type;
-	int block_size;
-	int key_len;
-	int iv_len;
-	void (*enc_init)();	/* init for encryption */
-	void (*dec_init)();	/* init for decryption */
-	void (*do_cipher)();	/* encrypt data */
-	} EVP_CIPHER;
-	
-The type field is the object NID of the cipher type
-(read the section on Objects for an explanation of what a NID is).
-The cipher block_size is how many bytes need to be passed
-to the cipher at a time.  Key_len is the
-length of the key the cipher requires and iv_len is the length of the
-initialisation vector required.  enc_init is the function
-called to initialise the ciphers context for encryption and dec_init is the
-function to initialise for decryption (they need to be different, especially
-for the IDEA cipher).
-
-One reason for specifying the Cipher via a pointer to a structure
-is that if you only use des-cbc, only the des-cbc routines will
-be included when you link the program.  If you passed an integer
-that specified which cipher to use, the routine that mapped that
-integer to a set of cipher functions would cause all the ciphers
-to be link into the code.  This setup also allows new ciphers
-to be added by the application (with some restrictions).
-
-The thirteen ciphers currently defined in this library are
-
-EVP_CIPHER *EVP_des_ecb();     /* DES in ecb mode,     iv=0, block=8, key= 8 */
-EVP_CIPHER *EVP_des_ede();     /* DES in ecb ede mode, iv=0, block=8, key=16 */
-EVP_CIPHER *EVP_des_ede3();    /* DES in ecb ede mode, iv=0, block=8, key=24 */
-EVP_CIPHER *EVP_des_cfb();     /* DES in cfb mode,     iv=8, block=1, key= 8 */
-EVP_CIPHER *EVP_des_ede_cfb(); /* DES in ede cfb mode, iv=8, block=1, key=16 */
-EVP_CIPHER *EVP_des_ede3_cfb();/* DES in ede cfb mode, iv=8, block=1, key=24 */
-EVP_CIPHER *EVP_des_ofb();     /* DES in ofb mode,     iv=8, block=1, key= 8 */
-EVP_CIPHER *EVP_des_ede_ofb(); /* DES in ede ofb mode, iv=8, block=1, key=16 */
-EVP_CIPHER *EVP_des_ede3_ofb();/* DES in ede ofb mode, iv=8, block=1, key=24 */
-EVP_CIPHER *EVP_des_cbc();     /* DES in cbc mode,     iv=8, block=8, key= 8 */
-EVP_CIPHER *EVP_des_ede_cbc(); /* DES in cbc ede mode, iv=8, block=8, key=16 */
-EVP_CIPHER *EVP_des_ede3_cbc();/* DES in cbc ede mode, iv=8, block=8, key=24 */
-EVP_CIPHER *EVP_desx_cbc();    /* DES in desx cbc mode,iv=8, block=8, key=24 */
-EVP_CIPHER *EVP_rc4();         /* RC4,                 iv=0, block=1, key=16 */
-EVP_CIPHER *EVP_idea_ecb();    /* IDEA in ecb mode,    iv=0, block=8, key=16 */
-EVP_CIPHER *EVP_idea_cfb();    /* IDEA in cfb mode,    iv=8, block=1, key=16 */
-EVP_CIPHER *EVP_idea_ofb();    /* IDEA in ofb mode,    iv=8, block=1, key=16 */
-EVP_CIPHER *EVP_idea_cbc();    /* IDEA in cbc mode,    iv=8, block=8, key=16 */
-EVP_CIPHER *EVP_rc2_ecb();     /* RC2 in ecb mode,     iv=0, block=8, key=16 */
-EVP_CIPHER *EVP_rc2_cfb();     /* RC2 in cfb mode,     iv=8, block=1, key=16 */
-EVP_CIPHER *EVP_rc2_ofb();     /* RC2 in ofb mode,     iv=8, block=1, key=16 */
-EVP_CIPHER *EVP_rc2_cbc();     /* RC2 in cbc mode,     iv=8, block=8, key=16 */
-EVP_CIPHER *EVP_bf_ecb();      /* Blowfish in ecb mode,iv=0, block=8, key=16 */
-EVP_CIPHER *EVP_bf_cfb();      /* Blowfish in cfb mode,iv=8, block=1, key=16 */
-EVP_CIPHER *EVP_bf_ofb();      /* Blowfish in ofb mode,iv=8, block=1, key=16 */
-EVP_CIPHER *EVP_bf_cbc();      /* Blowfish in cbc mode,iv=8, block=8, key=16 */
-
-The meaning of the compound names is as follows.
-des	The base cipher is DES.
-idea	The base cipher is IDEA
-rc4	The base cipher is RC4-128
-rc2	The base cipher is RC2-128
-ecb	Electronic Code Book form of the cipher.
-cbc	Cipher Block Chaining form of the cipher.
-cfb	64 bit Cipher Feedback form of the cipher.
-ofb	64 bit Output Feedback form of the cipher.
-ede	The cipher is used in Encrypt, Decrypt, Encrypt mode.  The first
-	and last keys are the same.
-ede3	The cipher is used in Encrypt, Decrypt, Encrypt mode.
-
-All the Cipher routines take a EVP_CIPHER_CTX pointer as an argument.
-The state of the cipher is kept in this structure.
-
-typedef struct EVP_CIPHER_Ctx_st
-	{
-	EVP_CIPHER *cipher;
-	int encrypt;		/* encrypt or decrypt */
-	int buf_len;		/* number we have left */
-	unsigned char buf[8];
-	union	{
-		.... /* cipher specific stuff */
-		} c;
-	} EVP_CIPHER_CTX;
-
-Cipher is a pointer the the EVP_CIPHER for the current context.  The encrypt
-flag indicates encryption or decryption.  buf_len is the number of bytes
-currently being held in buf.
-The 'c' union holds the cipher specify context.
-
-The following functions are to be used.
-
-int EVP_read_pw_string(
-char *buf,
-int len,
-char *prompt,
-int verify,
-	This function is the same as des_read_pw_string() (des.doc).
-
-void EVP_set_pw_prompt(char *prompt);
-	This function sets the 'default' prompt to use to use in
-	EVP_read_pw_string when the prompt parameter is NULL.  If the
-	prompt parameter is NULL, this 'default prompt' feature is turned
-	off.  Be warned, this is a global variable so weird things
-	will happen if it is used under Win16 and care must be taken
-	with a multi-threaded version of the library.
-
-char *EVP_get_pw_prompt();
-	This returns a pointer to the default prompt string.  NULL
-	if it is not set.
-
-int EVP_BytesToKey(
-EVP_CIPHER *type,
-EVP_MD *md,
-unsigned char *salt,
-unsigned char *data,
-int datal,
-int count,
-unsigned char *key,
-unsigned char *iv);
-	This function is used to generate a key and an initialisation vector
-	for a specified cipher from a key string and a salt.  Type
-	specifies the cipher the 'key' is being generated for.  Md is the
-	message digest algorithm to use to generate the key and iv.  The salt
-	is an optional 8 byte object that is used to help seed the key
-	generator.
-	If the salt value is NULL, it is just not used.  Datal is the
-	number of bytes to use from 'data' in the key generation.  
-	This function returns the key size for the specified cipher, if
-	data is NULL, this value is returns and no other
-	computation is performed.  Count is
-	the number of times to loop around the key generator.  I would
-	suggest leaving it's value as 1.  Key and iv are the structures to
-	place the returning iv and key in.  If they are NULL, no value is
-	generated for that particular value.
-	The algorithm used is as follows
-	
-	/* M[] is an array of message digests
-	 * MD() is the message digest function */
-	M[0]=MD(data . salt);
-	for (i=1; i<count; i++) M[0]=MD(M[0]);
-
-	i=1
-	while (data still needed for key and iv)
-		{
-		M[i]=MD(M[i-1] . data . salt);
-		for (i=1; i<count; i++) M[i]=MD(M[i]);
-		i++;
-		}
-
-	If the salt is NULL, it is not used.
-	The digests are concatenated together.
-	M = M[0] . M[1] . M[2] .......
-
-	For key= 8, iv=8 => key=M[0.. 8], iv=M[ 9 .. 16].
-	For key=16, iv=0 => key=M[0..16].
-	For key=16, iv=8 => key=M[0..16], iv=M[17 .. 24].
-	For key=24, iv=8 => key=M[0..24], iv=M[25 .. 32].
-
-	This routine will produce DES-CBC keys and iv that are compatible
-	with the PKCS-5 standard when md2 or md5 are used.  If md5 is
-	used, the salt is NULL and count is 1, this routine will produce
-	the password to key mapping normally used with RC4.
-	I have attempted to logically extend the PKCS-5 standard to
-	generate keys and iv for ciphers that require more than 16 bytes,
-	if anyone knows what the correct standard is, please inform me.
-	When using sha or sha1, things are a bit different under this scheme,
-	since sha produces a 20 byte digest.  So for ciphers requiring
-	24 bits of data, 20 will come from the first MD and 4 will
-	come from the second.
-
-	I have considered having a separate function so this 'routine'
-	can be used without the requirement of passing a EVP_CIPHER *,
-	but I have decided to not bother.  If you wish to use the
-	function without official EVP_CIPHER structures, just declare
-	a local one and set the key_len and iv_len fields to the
-	length you desire.
-
-The following routines perform encryption and decryption 'by parts'.  By
-this I mean that there are groups of 3 routines.  An Init function that is
-used to specify a cipher and initialise data structures.  An Update routine
-that does encryption/decryption, one 'chunk' at a time.  And finally a
-'Final' function that finishes the encryption/decryption process.
-All these functions take a EVP_CIPHER pointer to specify which cipher to
-encrypt/decrypt with.  They also take a EVP_CIPHER_CTX object as an
-argument.  This structure is used to hold the state information associated
-with the operation in progress.
-
-void EVP_EncryptInit(
-EVP_CIPHER_CTX *ctx,
-EVP_CIPHER *type,
-unsigned char *key,
-unsigned char *iv);
-	This function initialise a EVP_CIPHER_CTX for encryption using the
-	cipher passed in the 'type' field.  The cipher is initialised to use
-	'key' as the key and 'iv' for the initialisation vector (if one is
-	required).  If the type, key or iv is NULL, the value currently in the
-	EVP_CIPHER_CTX is reused.  So to perform several decrypt
-	using the same cipher, key and iv, initialise with the cipher,
-	key and iv the first time and then for subsequent calls,
-	reuse 'ctx' but pass NULL for type, key and iv.  You must make sure
-	to pass a key that is large enough for a particular cipher.  I
-	would suggest using the EVP_BytesToKey() function.
-
-void EVP_EncryptUpdate(
-EVP_CIPHER_CTX *ctx,
-unsigned char *out,
-int *outl,
-unsigned char *in,
-int inl);
-	This function takes 'inl' bytes from 'in' and outputs bytes
-	encrypted by the cipher 'ctx' was initialised with into 'out'.  The
-	number of bytes written to 'out' is put into outl.  If a particular
-	cipher encrypts in blocks, less or more bytes than input may be
-	output.  Currently the largest block size used by supported ciphers
-	is 8 bytes, so 'out' should have room for 'inl+7' bytes.  Normally
-	EVP_EncryptInit() is called once, followed by lots and lots of
-	calls to EVP_EncryptUpdate, followed by a single EVP_EncryptFinal
-	call.
-
-void EVP_EncryptFinal(
-EVP_CIPHER_CTX *ctx,
-unsigned char *out,
-int *outl);
-	Because quite a large number of ciphers are block ciphers, there is
-	often an incomplete block to write out at the end of the
-	encryption.  EVP_EncryptFinal() performs processing on this last
-	block.  The last block in encoded in such a way that it is possible
-	to determine how many bytes in the last block are valid.  For 8 byte
-	block size ciphers, if only 5 bytes in the last block are valid, the
-	last three bytes will be filled with the value 3.  If only 2 were
-	valid, the other 6 would be filled with sixes.  If all 8 bytes are
-	valid, a extra 8 bytes are appended to the cipher stream containing
-	nothing but 8 eights.  These last bytes are output into 'out' and
-	the number of bytes written is put into 'outl'  These last bytes
-	are output into 'out' and the number of bytes written is put into
-	'outl'.  This form of block cipher finalisation is compatible with
-	PKCS-5.  Please remember that even if you are using ciphers like
-	RC4 that has no blocking and so the function will not write
-	anything into 'out', it would still be a good idea to pass a
-	variable for 'out' that can hold 8 bytes just in case the cipher is
-	changed some time in the future.  It should also be remembered
-	that the EVP_CIPHER_CTX contains the password and so when one has
-	finished encryption with a particular EVP_CIPHER_CTX, it is good
-	practice to zero the structure 
-	(ie. memset(ctx,0,sizeof(EVP_CIPHER_CTX)).
-	
-void EVP_DecryptInit(
-EVP_CIPHER_CTX *ctx,
-EVP_CIPHER *type,
-unsigned char *key,
-unsigned char *iv);
-	This function is basically the same as EVP_EncryptInit() accept that
-	is prepares the EVP_CIPHER_CTX for decryption.
-
-void EVP_DecryptUpdate(
-EVP_CIPHER_CTX *ctx,
-unsigned char *out,
-int *outl,
-unsigned char *in,
-int inl);
-	This function is basically the same as EVP_EncryptUpdate()
-	except that it performs decryption.  There is one
-	fundamental difference though.  'out' can not be the same as
-	'in' for any ciphers with a block size greater than 1 if more
-	than one call to EVP_DecryptUpdate() will be made.  This
-	is because this routine can hold a 'partial' block between
-	calls.  When a partial block is decrypted (due to more bytes
-	being passed via this function, they will be written to 'out'
-	overwriting the input bytes in 'in' that have not been read
-	yet.  From this it should also be noted that 'out' should
-	be at least one 'block size' larger than 'inl'.  This problem
-	only occurs on the second and subsequent call to
-	EVP_DecryptUpdate() when using a block cipher.
-
-int EVP_DecryptFinal(
-EVP_CIPHER_CTX *ctx,
-unsigned char *out,
-int *outl);
-	This function is different to EVP_EncryptFinal in that it 'removes'
-	any padding bytes appended when the data was encrypted.  Due to the
-	way in which 1 to 8 bytes may have been appended when encryption
-	using a block cipher, 'out' can end up with 0 to 7 bytes being put
-	into it.  When decoding the padding bytes, it is possible to detect
-	an incorrect decryption.  If the decryption appears to be wrong, 0
-	is returned.  If everything seems ok, 1 is returned.  For ciphers
-	with a block size of 1 (RC4), this function would normally not
-	return any bytes and would always return 1.  Just because this
-	function returns 1 does not mean the decryption was correct. It
-	would normally be wrong due to either the wrong key/iv or
-	corruption of the cipher data fed to EVP_DecryptUpdate().
-	As for EVP_EncryptFinal, it is a good idea to zero the
-	EVP_CIPHER_CTX after use since the structure contains the key used
-	to decrypt the data.
-	
-The following Cipher routines are convenience routines that call either
-EVP_EncryptXxx or EVP_DecryptXxx depending on weather the EVP_CIPHER_CTX
-was setup to encrypt or decrypt.  
-
-void EVP_CipherInit(
-EVP_CIPHER_CTX *ctx,
-EVP_CIPHER *type,
-unsigned char *key,
-unsigned char *iv,
-int enc);
-	This function take arguments that are the same as EVP_EncryptInit()
-	and EVP_DecryptInit() except for the extra 'enc' flag.  If 1, the
-	EVP_CIPHER_CTX is setup for encryption, if 0, decryption.
-
-void EVP_CipherUpdate(
-EVP_CIPHER_CTX *ctx,
-unsigned char *out,
-int *outl,
-unsigned char *in,
-int inl);
-	Again this function calls either EVP_EncryptUpdate() or
-	EVP_DecryptUpdate() depending on state in the 'ctx' structure.
-	As noted for EVP_DecryptUpdate(), when this routine is used
-	for decryption with block ciphers, 'out' should not be the
-	same as 'in'.
-
-int EVP_CipherFinal(
-EVP_CIPHER_CTX *ctx,
-unsigned char *outm,
-int *outl);
-	This routine call EVP_EncryptFinal() or EVP_DecryptFinal()
-	depending on the state information in 'ctx'.  1 is always returned
-	if the mode is encryption, otherwise the return value is the return
-	value of EVP_DecryptFinal().
diff --git a/lib/libssl/src/doc/cipher.m b/lib/libssl/src/doc/cipher.m
deleted file mode 100644
index 9f749171352..00000000000
--- a/lib/libssl/src/doc/cipher.m
+++ /dev/null
@@ -1,128 +0,0 @@
-From ssl-lists-owner@mincom.com Tue Oct 15 18:16:14 1996
-Received: from cygnus.mincom.oz.au by orb.mincom.oz.au with SMTP id AA11550
-  (5.65c/IDA-1.4.4 for eay); Tue, 15 Oct 1996 08:17:41 +1000
-Received: (from daemon@localhost) by cygnus.mincom.oz.au (8.7.5/8.7.3) id IAA12472 for ssl-users-outgoing; Tue, 15 Oct 1996 08:16:35 +1000 (EST)
-Received: from orb.mincom.oz.au (eay@orb.mincom.oz.au [192.55.197.1]) by cygnus.mincom.oz.au (8.7.5/8.7.3) with SMTP id IAA12463 for <ssl-users@listserv.mincom.oz.au>; Tue, 15 Oct 1996 08:16:32 +1000 (EST)
-Received: by orb.mincom.oz.au id AA11544
-  (5.65c/IDA-1.4.4 for ssl-users@listserv.mincom.oz.au); Tue, 15 Oct 1996 08:16:15 +1000
-Date: Tue, 15 Oct 1996 08:16:14 +1000 (EST)
-From: Eric Young <eay@mincom.com>
-X-Sender: eay@orb
-To: Roland Haring <rharing@tandem.cl>
-Cc: ssl-users@mincom.com
-Subject: Re: Symmetric encryption with ssleay
-In-Reply-To: <m0vBpyq-00001aC@tandemnet.tandem.cl>
-Message-Id: <Pine.SOL.3.91.961015075623.11394A-100000@orb>
-Mime-Version: 1.0
-Content-Type: TEXT/PLAIN; charset=US-ASCII
-Sender: ssl-lists-owner@mincom.com
-Precedence: bulk
-Status: RO
-X-Status: 
-
-
-On Fri, 11 Oct 1996, Roland Haring wrote:
-> THE_POINT:
-> 	Would somebody be so kind to give me the minimum basic 
-> 	calls I need to do to libcrypto.a to get some text encrypted
-> 	and decrypted again? ...hopefully with code included to do
-> 	base64 encryption and decryption ... e.g. that sign-it.c code
-> 	posted some while ago was a big help :-) (please, do not point
-> 	me to apps/enc.c where I suspect my Heissenbug to be hidden :-)
-
-Ok, the base64 encoding stuff in 'enc.c' does the wrong thing sometimes 
-when the data is less than a line long (this is for decoding).  I'll dig 
-up the exact fix today and post it.  I am taking longer on 0.6.5 than I 
-intended so I'll just post this patch.
-
-The documentation to read is in
-doc/cipher.doc,
-doc/encode.doc (very sparse :-).
-and perhaps
-doc/digest.doc,
-
-The basic calls to encrypt with say triple DES are
-
-Given
-char key[EVP_MAX_KEY_LENGTH];
-char iv[EVP_MAX_IV_LENGTH];
-EVP_CIPHER_CTX ctx;
-unsigned char out[512+8];
-int outl;
-
-/* optional generation of key/iv data from text password using md5
- * via an upward compatable verson of PKCS#5. */
-EVP_BytesToKey(EVP_des_ede3_cbc,EVP_md5,NULL,passwd,strlen(passwd),
-	key,iv);
-
-/* Initalise the EVP_CIPHER_CTX */
-EVP_EncryptInit(ctx,EVP_des_ede3_cbc,key,iv);
-
-while (....)
-	{
-	/* This is processing 512 bytes at a time, the bytes are being
-	 * copied into 'out', outl bytes are output.  'out' should not be the
-	 * same as 'in' for reasons mentioned in the documentation. */
-	EVP_EncryptUpdate(ctx,out,&outl,in,512);
-	}
-
-/* Output the last 'block'.  If the cipher is a block cipher, the last
- * block is encoded in such a way so that a wrong decryption will normally be
- * detected - again, one of the PKCS standards. */
-
-EVP_EncryptFinal(ctx,out,&outl);
-
-To decrypt, use the EVP_DecryptXXXXX functions except that EVP_DecryptFinal()
-will return 0 if the decryption fails (only detectable on block ciphers).
-
-You can also use
-EVP_CipherInit()
-EVP_CipherUpdate()
-EVP_CipherFinal()
-which does either encryption or decryption depending on an extra 
-parameter to EVP_CipherInit().
-
-
-To do the base64 encoding,
-EVP_EncodeInit()
-EVP_EncodeUpdate()
-EVP_EncodeFinal()
-
-EVP_DecodeInit()
-EVP_DecodeUpdate()
-EVP_DecodeFinal()
-
-where the encoding is quite simple, but the decoding can be a bit more 
-fun (due to dud input).
-
-EVP_DecodeUpdate() returns -1 for an error on an input line, 0 if the 
-'last line' was just processed, and 1 if more lines should be submitted.
-
-EVP_DecodeFinal() returns -1 for an error or 1 if things are ok.
-
-So the loop becomes
-EVP_DecodeInit(....)
-for (;;)
-	{
-	i=EVP_DecodeUpdate(....);
-	if (i < 0) goto err;
-
-	/* process the data */
-
-	if (i == 0) break;
-	}
-EVP_DecodeFinal(....);
-/* process the data */
-
-The problem in 'enc.c' is that I was stuff the processing up after the 
-EVP_DecodeFinal(...) when the for(..) loop was not being run (one line of 
-base64 data) and this was because 'enc.c' tries to scan over a file until
-it hits the first valid base64 encoded line.
-
-hope this helps a bit.
-eric
---
-Eric Young                  | BOOL is tri-state according to Bill Gates.
-AARNet: eay@mincom.oz.au    | RTFM Win32 GetMessage().
-
-
diff --git a/lib/libssl/src/doc/conf.doc b/lib/libssl/src/doc/conf.doc
deleted file mode 100644
index f12fe884f57..00000000000
--- a/lib/libssl/src/doc/conf.doc
+++ /dev/null
@@ -1,89 +0,0 @@
-The CONF library.
-
-The CONF library is a simple set of routines that can be used to configure
-programs.  It is a superset of the genenv() function with some extra
-structure.
-
-The library consists of 5 functions.
-
-LHASH *CONF_load(LHASH *config,char *file);
-This function is called to load in a configuration file.  Multiple
-configuration files can be loaded, with each subsequent 'load' overwriting
-any already defined 'variables'.  If there is an error, NULL is returned.
-If config is NULL, a new LHASH structure is created and returned, otherwise
-the new data in the 'file' is loaded into the 'config' structure.
-
-void CONF_free(LHASH *config);
-This function free()s the data in config.
-
-char *CONF_get_string(LHASH *config,char *section,char *name);
-This function returns the string found in 'config' that corresponds to the
-'section' and 'name' specified.  Classes and the naming system used will be
-discussed later in this document.  If the variable is not defined, an NULL
-is returned.
-
-long CONF_get_long(LHASH *config,char *section, char *name);
-This function is the same as CONF_get_string() except that it converts the
-string to an long and returns it.  If variable is not a number or the
-variable does not exist, 0 is returned.  This is a little problematic but I
-don't know of a simple way around it.
-
-STACK *CONF_get_section(LHASH *config, char *section);
-This function returns a 'stack' of CONF_VALUE items that are all the
-items defined in a particular section.  DO NOT free() any of the
-variable returned.  They will disappear when CONF_free() is called.
-
-The 'lookup' model.
-The configuration file is divided into 'sections'.  Each section is started by
-a line of the form '[ section ]'.  All subsequent variable definitions are
-of this section.  A variable definition is a simple alpha-numeric name
-followed by an '=' and then the data.  A section or variable name can be
-described by a regular expression of the following form '[A-Za-z0-9_]+'.
-The value of the variable is the text after the '=' until the end of the
-line, stripped of leading and trailing white space.
-At this point I should mention that a '#' is a comment character, \ is the
-escape character, and all three types of quote can be used to stop any
-special interpretation of the data.
-Now when the data is being loaded, variable expansion can occur.  This is
-done by expanding any $NAME sequences into the value represented by the
-variable NAME.  If the variable is not in the current section, the different
-section can be specified by using the $SECTION::NAME form.  The ${NAME} form
-also works and is very useful for expanding variables inside strings.
-
-When a variable is looked up, there are 2 special section. 'default', which
-is the initial section, and 'ENV' which is the processes environment
-variables (accessed via getenv()).  When a variable is looked up, it is
-first 'matched' with it's section (if one was specified), if this fails, the
-'default' section is matched.
-If the 'lhash' variable passed was NULL, the environment is searched.
-
-Now why do we bother with sections?  So we can have multiple programs using
-the same configuration file, or multiple instances of the same program
-using different variables.  It also provides a nice mechanism to override
-the processes environment variables (eg ENV::HOME=/tmp).  If there is a
-program specific variable missing, we can have default values.
-Multiple configuration files can be loaded, with each new value clearing
-any predefined values.  A system config file can provide 'default' values,
-and application/usr specific files can provide overriding values.
-
-Examples
-
-# This is a simple example
-SSLEAY_HOME	= /usr/local/ssl
-ENV::PATH	= $SSLEAY_HOME/bin:$PATH	# override my path
-
-[X509]
-cert_dir	= $SSLEAY_HOME/certs	# /usr/local/ssl/certs
-
-[SSL]
-CIPHER		= DES-EDE-MD5:RC4-MD5
-USER_CERT	= $HOME/${USER}di'r 5'	# /home/eay/eaydir 5
-USER_CERT	= $HOME/\${USER}di\'r	# /home/eay/${USER}di'r
-USER_CERT	= "$HOME/${US"ER}di\'r	# $HOME/${USER}di'r
-
-TEST		= 1234\
-5678\
-9ab					# TEST=123456789ab
-TTT		= 1234\n\n		# TTT=1234<nl><nl>
-
-
diff --git a/lib/libssl/src/doc/crypto.pod b/lib/libssl/src/doc/crypto.pod
new file mode 100644
index 00000000000..9c8a143b09b
--- /dev/null
+++ b/lib/libssl/src/doc/crypto.pod
@@ -0,0 +1,27 @@
+
+=pod
+
+=head1 NAME
+
+Crypto - OpenSSL Cryptography library
+
+=head1 SYNOPSIS
+
+=head1 DESCRIPTION
+
+The OpenSSL B<crypto> library implements various cryptography standards
+related to the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security
+(TLS v1) protocols. It provides a rich API which is documented here.
+
+...
+
+=head1 SEE ALSO
+
+openssl(1), ssl(3)
+
+=head1 HISTORY
+
+The crypto(3) document appeared in OpenSSL 0.9.2
+
+=cut
+
diff --git a/lib/libssl/src/doc/des.doc b/lib/libssl/src/doc/des.doc
deleted file mode 100644
index 5879d968f3a..00000000000
--- a/lib/libssl/src/doc/des.doc
+++ /dev/null
@@ -1,505 +0,0 @@
-The DES library.
-
-Please note that this library was originally written to operate with
-eBones, a version of Kerberos that had had encryption removed when it left
-the USA and then put back in.  As such there are some routines that I will
-advise not using but they are still in the library for historical reasons.
-For all calls that have an 'input' and 'output' variables, they can be the
-same.
-
-This library requires the inclusion of 'des.h'.
-
-All of the encryption functions take what is called a des_key_schedule as an 
-argument.  A des_key_schedule is an expanded form of the des key.
-A des_key is 8 bytes of odd parity, the type used to hold the key is a
-des_cblock.  A des_cblock is an array of 8 bytes, often in this library
-description I will refer to input bytes when the function specifies
-des_cblock's as input or output, this just means that the variable should
-be a multiple of 8 bytes.
-
-The define DES_ENCRYPT is passed to specify encryption, DES_DECRYPT to
-specify decryption.  The functions and global variable are as follows:
-
-int des_check_key;
-	DES keys are supposed to be odd parity.  If this variable is set to
-	a non-zero value, des_set_key() will check that the key has odd
-	parity and is not one of the known weak DES keys.  By default this
-	variable is turned off;
-	
-void des_set_odd_parity(
-des_cblock *key );
-	This function takes a DES key (8 bytes) and sets the parity to odd.
-	
-int des_is_weak_key(
-des_cblock *key );
-	This function returns a non-zero value if the DES key passed is a
-	weak, DES key.  If it is a weak key, don't use it, try a different
-	one.  If you are using 'random' keys, the chances of hitting a weak
-	key are 1/2^52 so it is probably not worth checking for them.
-	
-int des_set_key(
-des_cblock *key,
-des_key_schedule schedule);
-	Des_set_key converts an 8 byte DES key into a des_key_schedule.
-	A des_key_schedule is an expanded form of the key which is used to
-	perform actual encryption.  It can be regenerated from the DES key
-	so it only needs to be kept when encryption or decryption is about
-	to occur.  Don't save or pass around des_key_schedule's since they
-	are CPU architecture dependent, DES keys are not.  If des_check_key
-	is non zero, zero is returned if the key has the wrong parity or
-	the key is a weak key, else 1 is returned.
-	
-int des_key_sched(
-des_cblock *key,
-des_key_schedule schedule);
-	An alternative name for des_set_key().
-
-int des_rw_mode;		/* defaults to DES_PCBC_MODE */
-	This flag holds either DES_CBC_MODE or DES_PCBC_MODE (default).
-	This specifies the function to use in the enc_read() and enc_write()
-	functions.
-
-void des_encrypt(
-unsigned long *data,
-des_key_schedule ks,
-int enc);
-	This is the DES encryption function that gets called by just about
-	every other DES routine in the library.  You should not use this
-	function except to implement 'modes' of DES.  I say this because the
-	functions that call this routine do the conversion from 'char *' to
-	long, and this needs to be done to make sure 'non-aligned' memory
-	access do not occur.  The characters are loaded 'little endian',
-	have a look at my source code for more details on how I use this
-	function.
-	Data is a pointer to 2 unsigned long's and ks is the
-	des_key_schedule to use.  enc, is non zero specifies encryption,
-	zero if decryption.
-
-void des_encrypt2(
-unsigned long *data,
-des_key_schedule ks,
-int enc);
-	This functions is the same as des_encrypt() except that the DES
-	initial permutation (IP) and final permutation (FP) have been left
-	out.  As for des_encrypt(), you should not use this function.
-	It is used by the routines in my library that implement triple DES.
-	IP() des_encrypt2() des_encrypt2() des_encrypt2() FP() is the same
-	as des_encrypt() des_encrypt() des_encrypt() except faster :-).
-
-void des_ecb_encrypt(
-des_cblock *input,
-des_cblock *output,
-des_key_schedule ks,
-int enc);
-	This is the basic Electronic Code Book form of DES, the most basic
-	form.  Input is encrypted into output using the key represented by
-	ks.  If enc is non zero (DES_ENCRYPT), encryption occurs, otherwise
-	decryption occurs.  Input is 8 bytes long and output is 8 bytes.
-	(the des_cblock structure is 8 chars).
-	
-void des_ecb3_encrypt(
-des_cblock *input,
-des_cblock *output,
-des_key_schedule ks1,
-des_key_schedule ks2,
-des_key_schedule ks3,
-int enc);
-	This is the 3 key EDE mode of ECB DES.  What this means is that 
-	the 8 bytes of input is encrypted with ks1, decrypted with ks2 and
-	then encrypted again with ks3, before being put into output;
-	C=E(ks3,D(ks2,E(ks1,M))).  There is a macro, des_ecb2_encrypt()
-	that only takes 2 des_key_schedules that implements,
-	C=E(ks1,D(ks2,E(ks1,M))) in that the final encrypt is done with ks1.
-	
-void des_cbc_encrypt(
-des_cblock *input,
-des_cblock *output,
-long length,
-des_key_schedule ks,
-des_cblock *ivec,
-int enc);
-	This routine implements DES in Cipher Block Chaining mode.
-	Input, which should be a multiple of 8 bytes is encrypted
-	(or decrypted) to output which will also be a multiple of 8 bytes.
-	The number of bytes is in length (and from what I've said above,
-	should be a multiple of 8).  If length is not a multiple of 8, I'm
-	not being held responsible :-).  ivec is the initialisation vector.
-	This function does not modify this variable.  To correctly implement
-	cbc mode, you need to do one of 2 things; copy the last 8 bytes of
-	cipher text for use as the next ivec in your application,
-	or use des_ncbc_encrypt(). 
-	Only this routine has this problem with updating the ivec, all
-	other routines that are implementing cbc mode update ivec.
-	
-void des_ncbc_encrypt(
-des_cblock *input,
-des_cblock *output,
-long length,
-des_key_schedule sk,
-des_cblock *ivec,
-int enc);
-	For historical reasons, des_cbc_encrypt() did not update the
-	ivec with the value requires so that subsequent calls to
-	des_cbc_encrypt() would 'chain'.  This was needed so that the same
-	'length' values would not need to be used when decrypting.
-	des_ncbc_encrypt() does the right thing.  It is the same as
-	des_cbc_encrypt accept that ivec is updates with the correct value
-	to pass in subsequent calls to des_ncbc_encrypt().  I advise using
-	des_ncbc_encrypt() instead of des_cbc_encrypt();
-
-void des_xcbc_encrypt(
-des_cblock *input,
-des_cblock *output,
-long length,
-des_key_schedule sk,
-des_cblock *ivec,
-des_cblock *inw,
-des_cblock *outw,
-int enc);
-	This is RSA's DESX mode of DES.  It uses inw and outw to
-	'whiten' the encryption.  inw and outw are secret (unlike the iv)
-	and are as such, part of the key.  So the key is sort of 24 bytes.
-	This is much better than cbc des.
-	
-void des_3cbc_encrypt(
-des_cblock *input,
-des_cblock *output,
-long length,
-des_key_schedule sk1,
-des_key_schedule sk2,
-des_cblock *ivec1,
-des_cblock *ivec2,
-int enc);
-	This function is flawed, do not use it.  I have left it in the
-	library because it is used in my des(1) program and will function
-	correctly when used by des(1).  If I removed the function, people
-	could end up unable to decrypt files.
-	This routine implements outer triple cbc encryption using 2 ks and
-	2 ivec's.  Use des_ede2_cbc_encrypt() instead.
-	
-void des_ede3_cbc_encrypt(
-des_cblock *input,
-des_cblock *output, 
-long length,
-des_key_schedule ks1,
-des_key_schedule ks2, 
-des_key_schedule ks3, 
-des_cblock *ivec,
-int enc);
-	This function implements outer triple CBC DES encryption with 3
-	keys.  What this means is that each 'DES' operation
-	inside the cbc mode is really an C=E(ks3,D(ks2,E(ks1,M))).
-	Again, this is cbc mode so an ivec is requires.
-	This mode is used by SSL.
-	There is also a des_ede2_cbc_encrypt() that only uses 2
-	des_key_schedule's, the first being reused for the final
-	encryption.  C=E(ks1,D(ks2,E(ks1,M))).  This form of triple DES
-	is used by the RSAref library.
-	
-void des_pcbc_encrypt(
-des_cblock *input,
-des_cblock *output,
-long length,
-des_key_schedule ks,
-des_cblock *ivec,
-int enc);
-	This is Propagating Cipher Block Chaining mode of DES.  It is used
-	by Kerberos v4.  It's parameters are the same as des_ncbc_encrypt().
-	
-void des_cfb_encrypt(
-unsigned char *in,
-unsigned char *out,
-int numbits,
-long length,
-des_key_schedule ks,
-des_cblock *ivec,
-int enc);
-	Cipher Feedback Back mode of DES.  This implementation 'feeds back'
-	in numbit blocks.  The input (and output) is in multiples of numbits
-	bits.  numbits should to be a multiple of 8 bits.  Length is the
-	number of bytes input.  If numbits is not a multiple of 8 bits,
-	the extra bits in the bytes will be considered padding.  So if
-	numbits is 12, for each 2 input bytes, the 4 high bits of the
-	second byte will be ignored.  So to encode 72 bits when using
-	a numbits of 12 take 12 bytes.  To encode 72 bits when using
-	numbits of 9 will take 16 bytes.  To encode 80 bits when using
-	numbits of 16 will take 10 bytes. etc, etc.  This padding will
-	apply to both input and output.
-
-	
-void des_cfb64_encrypt(
-unsigned char *in,
-unsigned char *out,
-long length,
-des_key_schedule ks,
-des_cblock *ivec,
-int *num,
-int enc);
-	This is one of the more useful functions in this DES library, it
-	implements CFB mode of DES with 64bit feedback.  Why is this
-	useful you ask?  Because this routine will allow you to encrypt an
-	arbitrary number of bytes, no 8 byte padding.  Each call to this
-	routine will encrypt the input bytes to output and then update ivec
-	and num.  num contains 'how far' we are though ivec.  If this does
-	not make much sense, read more about cfb mode of DES :-).
-	
-void des_ede3_cfb64_encrypt(
-unsigned char *in,
-unsigned char *out,
-long length,
-des_key_schedule ks1,
-des_key_schedule ks2,
-des_key_schedule ks3,
-des_cblock *ivec,
-int *num,
-int enc);
-	Same as des_cfb64_encrypt() accept that the DES operation is
-	triple DES.  As usual, there is a macro for
-	des_ede2_cfb64_encrypt() which reuses ks1.
-
-void des_ofb_encrypt(
-unsigned char *in,
-unsigned char *out,
-int numbits,
-long length,
-des_key_schedule ks,
-des_cblock *ivec);
-	This is a implementation of Output Feed Back mode of DES.  It is
-	the same as des_cfb_encrypt() in that numbits is the size of the
-	units dealt with during input and output (in bits).
-	
-void des_ofb64_encrypt(
-unsigned char *in,
-unsigned char *out,
-long length,
-des_key_schedule ks,
-des_cblock *ivec,
-int *num);
-	The same as des_cfb64_encrypt() except that it is Output Feed Back
-	mode.
-
-void des_ede3_ofb64_encrypt(
-unsigned char *in,
-unsigned char *out,
-long length,
-des_key_schedule ks1,
-des_key_schedule ks2,
-des_key_schedule ks3,
-des_cblock *ivec,
-int *num);
-	Same as des_ofb64_encrypt() accept that the DES operation is
-	triple DES.  As usual, there is a macro for
-	des_ede2_ofb64_encrypt() which reuses ks1.
-
-int des_read_pw_string(
-char *buf,
-int length,
-char *prompt,
-int verify);
-	This routine is used to get a password from the terminal with echo
-	turned off.  Buf is where the string will end up and length is the
-	size of buf.  Prompt is a string presented to the 'user' and if
-	verify is set, the key is asked for twice and unless the 2 copies
-	match, an error is returned.  A return code of -1 indicates a
-	system error, 1 failure due to use interaction, and 0 is success.
-
-unsigned long des_cbc_cksum(
-des_cblock *input,
-des_cblock *output,
-long length,
-des_key_schedule ks,
-des_cblock *ivec);
-	This function produces an 8 byte checksum from input that it puts in
-	output and returns the last 4 bytes as a long.  The checksum is
-	generated via cbc mode of DES in which only the last 8 byes are
-	kept.  I would recommend not using this function but instead using
-	the EVP_Digest routines, or at least using MD5 or SHA.  This
-	function is used by Kerberos v4 so that is why it stays in the
-	library.
-	
-char *des_fcrypt(
-const char *buf,
-const char *salt
-char *ret);
-	This is my fast version of the unix crypt(3) function.  This version
-	takes only a small amount of space relative to other fast
-	crypt() implementations.  This is different to the normal crypt
-	in that the third parameter is the buffer that the return value
-	is written into.  It needs to be at least 14 bytes long.  This
-	function is thread safe, unlike the normal crypt.
-
-char *crypt(
-const char *buf,
-const char *salt);
-	This function calls des_fcrypt() with a static array passed as the
-	third parameter.  This emulates the normal non-thread safe semantics
-	of crypt(3).
-
-void des_string_to_key(
-char *str,
-des_cblock *key);
-	This function takes str and converts it into a DES key.  I would
-	recommend using MD5 instead and use the first 8 bytes of output.
-	When I wrote the first version of these routines back in 1990, MD5
-	did not exist but I feel these routines are still sound.  This
-	routines is compatible with the one in MIT's libdes.
-	
-void des_string_to_2keys(
-char *str,
-des_cblock *key1,
-des_cblock *key2);
-	This function takes str and converts it into 2 DES keys.
-	I would recommend using MD5 and using the 16 bytes as the 2 keys.
-	I have nothing against these 2 'string_to_key' routines, it's just
-	that if you say that your encryption key is generated by using the
-	16 bytes of an MD5 hash, every-one knows how you generated your
-	keys.
-
-int des_read_password(
-des_cblock *key,
-char *prompt,
-int verify);
-	This routine combines des_read_pw_string() with des_string_to_key().
-
-int des_read_2passwords(
-des_cblock *key1,
-des_cblock *key2,
-char *prompt,
-int verify);
-	This routine combines des_read_pw_string() with des_string_to_2key().
-
-void des_random_seed(
-des_cblock key);
-	This routine sets a starting point for des_random_key().
-	
-void des_random_key(
-des_cblock ret);
-	This function return a random key.  Make sure to 'seed' the random
-	number generator (with des_random_seed()) before using this function.
-	I personally now use a MD5 based random number system.
-
-int des_enc_read(
-int fd,
-char *buf,
-int len,
-des_key_schedule ks,
-des_cblock *iv);
-	This function will write to a file descriptor the encrypted data
-	from buf.  This data will be preceded by a 4 byte 'byte count' and
-	will be padded out to 8 bytes.  The encryption is either CBC of
-	PCBC depending on the value of des_rw_mode.  If it is DES_PCBC_MODE,
-	pcbc is used, if DES_CBC_MODE, cbc is used.  The default is to use
-	DES_PCBC_MODE.
-
-int des_enc_write(
-int fd,
-char *buf,
-int len,
-des_key_schedule ks,
-des_cblock *iv);
-	This routines read stuff written by des_enc_read() and decrypts it.
-	I have used these routines quite a lot but I don't believe they are
-	suitable for non-blocking io.  If you are after a full
-	authentication/encryption over networks, have a look at SSL instead.
-
-unsigned long des_quad_cksum(
-des_cblock *input,
-des_cblock *output,
-long length,
-int out_count,
-des_cblock *seed);
-	This is a function from Kerberos v4 that is not anything to do with
-	DES but was needed.  It is a cksum that is quicker to generate than
-	des_cbc_cksum();  I personally would use MD5 routines now.
-=====
-Modes of DES
-Quite a bit of the following information has been taken from
-	AS 2805.5.2
-	Australian Standard
-	Electronic funds transfer - Requirements for interfaces,
-	Part 5.2: Modes of operation for an n-bit block cipher algorithm
-	Appendix A
-
-There are several different modes in which DES can be used, they are
-as follows.
-
-Electronic Codebook Mode (ECB) (des_ecb_encrypt())
-- 64 bits are enciphered at a time.
-- The order of the blocks can be rearranged without detection.
-- The same plaintext block always produces the same ciphertext block
-  (for the same key) making it vulnerable to a 'dictionary attack'.
-- An error will only affect one ciphertext block.
-
-Cipher Block Chaining Mode (CBC) (des_cbc_encrypt())
-- a multiple of 64 bits are enciphered at a time.
-- The CBC mode produces the same ciphertext whenever the same
-  plaintext is encrypted using the same key and starting variable.
-- The chaining operation makes the ciphertext blocks dependent on the
-  current and all preceding plaintext blocks and therefore blocks can not
-  be rearranged.
-- The use of different starting variables prevents the same plaintext
-  enciphering to the same ciphertext.
-- An error will affect the current and the following ciphertext blocks.
-
-Cipher Feedback Mode (CFB) (des_cfb_encrypt())
-- a number of bits (j) <= 64 are enciphered at a time.
-- The CFB mode produces the same ciphertext whenever the same
-  plaintext is encrypted using the same key and starting variable.
-- The chaining operation makes the ciphertext variables dependent on the
-  current and all preceding variables and therefore j-bit variables are
-  chained together and can not be rearranged.
-- The use of different starting variables prevents the same plaintext
-  enciphering to the same ciphertext.
-- The strength of the CFB mode depends on the size of k (maximal if
-  j == k).  In my implementation this is always the case.
-- Selection of a small value for j will require more cycles through
-  the encipherment algorithm per unit of plaintext and thus cause
-  greater processing overheads.
-- Only multiples of j bits can be enciphered.
-- An error will affect the current and the following ciphertext variables.
-
-Output Feedback Mode (OFB) (des_ofb_encrypt())
-- a number of bits (j) <= 64 are enciphered at a time.
-- The OFB mode produces the same ciphertext whenever the same
-  plaintext enciphered using the same key and starting variable.  More
-  over, in the OFB mode the same key stream is produced when the same
-  key and start variable are used.  Consequently, for security reasons
-  a specific start variable should be used only once for a given key.
-- The absence of chaining makes the OFB more vulnerable to specific attacks.
-- The use of different start variables values prevents the same
-  plaintext enciphering to the same ciphertext, by producing different
-  key streams.
-- Selection of a small value for j will require more cycles through
-  the encipherment algorithm per unit of plaintext and thus cause
-  greater processing overheads.
-- Only multiples of j bits can be enciphered.
-- OFB mode of operation does not extend ciphertext errors in the
-  resultant plaintext output.  Every bit error in the ciphertext causes
-  only one bit to be in error in the deciphered plaintext.
-- OFB mode is not self-synchronising.  If the two operation of
-  encipherment and decipherment get out of synchronism, the system needs
-  to be re-initialised.
-- Each re-initialisation should use a value of the start variable
- different from the start variable values used before with the same
- key.  The reason for this is that an identical bit stream would be
- produced each time from the same parameters.  This would be
- susceptible to a ' known plaintext' attack.
-
-Triple ECB Mode (des_ecb3_encrypt())
-- Encrypt with key1, decrypt with key2 and encrypt with key3 again.
-- As for ECB encryption but increases the key length to 168 bits.
-  There are theoretic attacks that can be used that make the effective
-  key length 112 bits, but this attack also requires 2^56 blocks of
-  memory, not very likely, even for the NSA.
-- If both keys are the same it is equivalent to encrypting once with
-  just one key.
-- If the first and last key are the same, the key length is 112 bits.
-  There are attacks that could reduce the key space to 55 bit's but it
-  requires 2^56 blocks of memory.
-- If all 3 keys are the same, this is effectively the same as normal
-  ecb mode.
-
-Triple CBC Mode (des_ede3_cbc_encrypt())
-- Encrypt with key1, decrypt with key2 and then encrypt with key3.
-- As for CBC encryption but increases the key length to 168 bits with
-  the same restrictions as for triple ecb mode.
diff --git a/lib/libssl/src/doc/digest.doc b/lib/libssl/src/doc/digest.doc
deleted file mode 100644
index d2fb9875911..00000000000
--- a/lib/libssl/src/doc/digest.doc
+++ /dev/null
@@ -1,94 +0,0 @@
-
-The Message Digest subroutines.
-
-These routines require "evp.h" to be included.
-
-These functions are a higher level interface to the various message digest
-routines found in this library.  As such, they allow the same code to be
-used to digest via different algorithms with only a change in an initial
-parameter.  They are basically just a front-end to the MD2, MD5, SHA
-and SHA1
-routines.
-
-These routines all take a pointer to the following structure to specify
-which message digest algorithm to use.
-typedef struct evp_md_st
-	{
-	int type;
-	int pkey_type;
-	int md_size;
-	void (*init)();
-	void (*update)();
-	void (*final)();
-
-	int required_pkey_type; /*EVP_PKEY_xxx */
-	int (*sign)();
-	int (*verify)();
-	} EVP_MD;
-
-If additional message digest algorithms are to be supported, a structure of
-this type needs to be declared and populated and then the Digest routines
-can be used with that algorithm.  The type field is the object NID of the
-digest type (read the section on Objects for an explanation).  The pkey_type
-is the Object type to use when the a message digest is generated by there
-routines and then is to be signed with the pkey algorithm.  Md_size is
-the size of the message digest returned.  Init, update
-and final are the relevant functions to perform the message digest function
-by parts.  One reason for specifying the message digest to use via this
-mechanism is that if you only use md5, only the md5 routines will
-be included in you linked program.  If you passed an integer
-that specified which message digest to use, the routine that mapped that
-integer to a set of message digest functions would cause all the message
-digests functions to be link into the code.  This setup also allows new
-message digest functions to be added by the application.
-
-The six message digests defined in this library are
-
-EVP_MD *EVP_md2(void);	/* RSA sign/verify */
-EVP_MD *EVP_md5(void);	/* RSA sign/verify */
-EVP_MD *EVP_sha(void);	/* RSA sign/verify */
-EVP_MD *EVP_sha1(void);	/* RSA sign/verify */
-EVP_MD *EVP_dss(void);	/* DSA sign/verify */
-EVP_MD *EVP_dss1(void);	/* DSA sign/verify */
-
-All the message digest routines take a EVP_MD_CTX pointer as an argument.
-The state of the message digest is kept in this structure.
-
-typedef struct pem_md_ctx_st
-	{
-	EVP_MD *digest;
-	union	{
-		unsigned char base[4]; /* this is used in my library as a
-					* 'pointer' to all union elements
-					* structures. */
-		MD2_CTX md2;
-		MD5_CTX md5;
-		SHA_CTX sha;
-		} md;
-	} EVP_MD_CTX;
-
-The Digest functions are as follows.
-
-void EVP_DigestInit(
-EVP_MD_CTX *ctx,
-EVP_MD *type);
-	This function is used to initialise the EVP_MD_CTX.  The message
-	digest that will associated with 'ctx' is specified by 'type'.
-
-void EVP_DigestUpdate(
-EVP_MD_CTX *ctx,
-unsigned char *data,
-unsigned int cnt);
-	This function is used to pass more data to the message digest
-	function.  'cnt' bytes are digested from 'data'.
-
-void EVP_DigestFinal(
-EVP_MD_CTX *ctx,
-unsigned char *md,
-unsigned int *len);
-	This function finishes the digestion and puts the message digest
-	into 'md'.  The length of the message digest is put into len;
-	EVP_MAX_MD_SIZE is the size of the largest message digest that
-	can be returned from this function.  Len can be NULL if the
-	size of the digest is not required.
-	
diff --git a/lib/libssl/src/doc/encode.doc b/lib/libssl/src/doc/encode.doc
deleted file mode 100644
index af175492897..00000000000
--- a/lib/libssl/src/doc/encode.doc
+++ /dev/null
@@ -1,15 +0,0 @@
-
-void    EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
-void    EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,
-		int *outl,unsigned char *in,int inl);
-void    EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl);
-int     EVP_EncodeBlock(unsigned char *t, unsigned char *f, int n);
-
-void    EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
-int     EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl,
-		unsigned char *in, int inl);
-int     EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned
-		char *out, int *outl);
-int     EVP_DecodeBlock(unsigned char *t, unsigned
-		char *f, int n);
-
diff --git a/lib/libssl/src/doc/envelope.doc b/lib/libssl/src/doc/envelope.doc
deleted file mode 100644
index 483e4fca6b3..00000000000
--- a/lib/libssl/src/doc/envelope.doc
+++ /dev/null
@@ -1,67 +0,0 @@
-The following routines are use to create 'digital' envelopes.
-By this I mean that they perform various 'higher' level cryptographic
-functions.  Have a read of 'cipher.doc' and 'digest.doc' since those
-routines are used by these functions.
-cipher.doc contains documentation about the cipher part of the
-envelope library and digest.doc contatins the description of the
-message digests supported.
-
-To 'sign' a document involves generating a message digest and then encrypting
-the digest with an private key.
-
-#define EVP_SignInit(a,b)		EVP_DigestInit(a,b)
-#define EVP_SignUpdate(a,b,c)		EVP_DigestUpdate(a,b,c)
-Due to the fact this operation is basically just an extended message
-digest, the first 2 functions are macro calls to Digest generating
-functions.
-
-int     EVP_SignFinal(
-EVP_MD_CTX *ctx,
-unsigned char *md,
-unsigned int *s,
-EVP_PKEY *pkey);
-	This finalisation function finishes the generation of the message
-digest and then encrypts the digest (with the correct message digest 
-object identifier) with the EVP_PKEY private key.  'ctx' is the message digest
-context.  'md' will end up containing the encrypted message digest.  This
-array needs to be EVP_PKEY_size(pkey) bytes long.  's' will actually
-contain the exact length.  'pkey' of course is the private key.  It is
-one of EVP_PKEY_RSA or EVP_PKEY_DSA type.
-If there is an error, 0 is returned, otherwise 1.
-		
-Verify is used to check an signed message digest.
-
-#define EVP_VerifyInit(a,b)		EVP_DigestInit(a,b)
-#define EVP_VerifyUpdate(a,b,c)		EVP_DigestUpdate(a,b,c)
-Since the first step is to generate a message digest, the first 2 functions
-are macros.
-
-int EVP_VerifyFinal(
-EVP_MD_CTX *ctx,
-unsigned char *md,
-unsigned int s,
-EVP_PKEY *pkey);
-	This function finishes the generation of the message digest and then
-compares it with the supplied encrypted message digest.  'md' contains the
-'s' bytes of encrypted message digest.  'pkey' is used to public key decrypt
-the digest.  It is then compared with the message digest just generated.
-If they match, 1 is returned else 0.
-
-int	EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek,
-		int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk);
-Must have at least one public key, error is 0.  I should also mention that
-the buffers pointed to by 'ek' need to be EVP_PKEY_size(pubk[n]) is size.
-
-#define EVP_SealUpdate(a,b,c,d,e)	EVP_EncryptUpdate(a,b,c,d,e)	
-void	EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl);
-
-
-int	EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek,
-		int ekl,unsigned char *iv,EVP_PKEY *priv);
-0 on failure
-
-#define EVP_OpenUpdate(a,b,c,d,e)	EVP_DecryptUpdate(a,b,c,d,e)
-
-int	EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
-Decrypt final return code
-
diff --git a/lib/libssl/src/doc/error.doc b/lib/libssl/src/doc/error.doc
deleted file mode 100644
index a91654999ab..00000000000
--- a/lib/libssl/src/doc/error.doc
+++ /dev/null
@@ -1,115 +0,0 @@
-The error routines.
-
-The 'error' system I've implemented is intended to server 2 purpose, to
-record the reason why a command failed and to record where in the libraries
-the failure occurred.  It is more or less setup to record a 'trace' of which
-library components were being traversed when the error occurred.
-
-When an error is recorded, it is done so a as single unsigned long which is
-composed of three parts.  The top byte is the 'library' number, the middle
-12 bytes is the function code, and the bottom 12 bits is the 'reason' code.
-
-Each 'library', or should a say, 'section' of the SSLeay library has a
-different unique 'library' error number.  Each function in the library has
-a number that is unique for that library.  Each 'library' also has a number
-for each 'error reason' that is only unique for that 'library'.
-
-Due to the way these error routines record a 'error trace', there is an
-array per thread that is used to store the error codes.
-The various functions in this library are used to access
-and manipulate this array.
-
-void ERR_put_error(int lib, int func,int reason);
-	This routine records an error in library 'lib', function 'func'
-and reason 'reason'.  As errors get 'put' into the buffer, they wrap
-around and overwrite old errors if too many are written.  It is assumed
-that the last errors are the most important.
-
-unsigned long ERR_get_error(void );
-	This function returns the last error added to the error buffer.
-In effect it is popping the value off the buffer so repeated calls will
-continue to return values until there are no more errors to return in which
-case 0 is returned.
-
-unsigned long ERR_peek_error(void );
-	This function returns the value of the last error added to the
-error buffer but does not 'pop' it from the buffer.
-
-void ERR_clear_error(void );
-	This function clears the error buffer, discarding all unread
-errors.
-
-While the above described error system obviously produces lots of different
-error number, a method for 'reporting' these errors in a human readable
-form is required.  To achieve this, each library has the option of
-'registering' error strings.
-
-typedef struct ERR_string_data_st
-	{
-	unsigned long error;
-	char *string;
-	} ERR_STRING_DATA;
-
-The 'ERR_STRING_DATA' contains an error code and the corresponding text
-string.  To add new function error strings for a library, the
-ERR_STRING_DATA needs to be 'registered' with the library.
-
-void ERR_load_strings(unsigned long lib,ERR_STRING_DATA *err);
-	This function 'registers' the array of ERR_STRING_DATA pointed to by
-'err' as error text strings for the error library 'lib'.
-
-void ERR_free_strings(void);
-	This function free()s all the loaded error strings.
-
-char *ERR_error_string(unsigned long error,char *buf);
-	This function returns a text string that is a human readable
-version of the error represented by 'error'.  Buff should be at least 120
-bytes long and if it is NULL, the return value is a pointer to a static
-variable that will contain the error string, otherwise 'buf' is returned.
-If there is not a text string registered for a particular error, a text
-string containing the error number is returned instead.
-
-void ERR_print_errors(BIO *bp);
-void ERR_print_errors_fp(FILE *fp);
-	This function is a convenience routine that prints the error string
-for each error until all errors have been accounted for.
-
-char *ERR_lib_error_string(unsigned long e);
-char *ERR_func_error_string(unsigned long e);
-char *ERR_reason_error_string(unsigned long e);
-The above three functions return the 3 different components strings for the
-error 'e'.  ERR_error_string() uses these functions.
-
-void ERR_load_ERR_strings(void );
-	This function 'registers' the error strings for the 'ERR' module.
-
-void ERR_load_crypto_strings(void );
-	This function 'register' the error strings for just about every
-library in the SSLeay package except for the SSL routines.  There is no
-need to ever register any error text strings and you will probably save in
-program size.  If on the other hand you do 'register' all errors, it is
-quite easy to determine why a particular routine failed.
-
-As a final footnote as to why the error system is designed as it is.
-1) I did not want a single 'global' error code.
-2) I wanted to know which subroutine a failure occurred in.
-3) For Windows NT etc, it should be simple to replace the 'key' routines
-   with code to pass error codes back to the application.
-4) I wanted the option of meaningful error text strings.
-
-Late breaking news - the changes to support threads.
-
-Each 'thread' has an 'ERR_STATE' state associated with it.
-ERR_STATE *ERR_get_state(void ) will return the 'state' for the calling
-thread/process.
-
-ERR_remove_state(unsigned long pid); will 'free()' this state.  If pid == 0
-the current 'thread/process' will have it's error state removed.
-If you do not remove the error state of a thread, this could be considered a
-form of memory leak, so just after 'reaping' a thread that has died,
-call ERR_remove_state(pid).
-
-Have a read of thread.doc for more details for what is required for
-multi-threading support.  All the other error routines will
-work correctly when using threads.
-
diff --git a/lib/libssl/src/doc/legal.doc b/lib/libssl/src/doc/legal.doc
deleted file mode 100644
index b55ed5ce6a2..00000000000
--- a/lib/libssl/src/doc/legal.doc
+++ /dev/null
@@ -1,117 +0,0 @@
-From eay@mincom.com Thu Jun 27 00:25:45 1996
-Received: by orb.mincom.oz.au id AA15821
-  (5.65c/IDA-1.4.4 for eay); Wed, 26 Jun 1996 14:25:45 +1000
-Date: Wed, 26 Jun 1996 14:25:45 +1000 (EST)
-From: Eric Young <eay@mincom.oz.au>
-X-Sender: eay@orb
-To: Ken Toll <ktoll@ren.digitalage.com>
-Cc: Eric Young <eay@mincom.oz.au>, ssl-talk@netscape.com
-Subject: Re: Unidentified subject!
-In-Reply-To: <9606261950.ZM28943@ren.digitalage.com>
-Message-Id: <Pine.SOL.3.91.960626131156.28573K-100000@orb>
-Mime-Version: 1.0
-Content-Type: TEXT/PLAIN; charset=US-ASCII
-Status: O
-X-Status: 
-
-
-This is a little off topic but since SSLeay is a free implementation of
-the SSLv2 protocol, I feel it is worth responding on the topic of if it 
-is actually legal for Americans to use free cryptographic software.
-
-On Wed, 26 Jun 1996, Ken Toll wrote:
-> Is the U.S the only country that SSLeay cannot be used commercially 
-> (because of RSAref) or is that going to be an issue with every country 
-> that a client/server application (non-web browser/server) is deployed 
-> and sold?
-
->From what I understand, the software patents that apply to algorithms 
-like RSA and DH only apply in the USA.  The IDEA algorithm I believe is 
-patened in europe (USA?), but considing how little it is used by other SSL 
-implementations, it quite easily be left out of the SSLeay build
-(this can be done with a compile flag).
-
-Actually if the RSA patent did apply outside the USA, it could be rather
-interesting since RSA is not alowed to let RSA toolkits outside of the USA
-[1], and since these are the only forms that they will alow the algorithm
-to be used in, it would mean that non-one outside of the USA could produce
-public key software which would be a very strong statment for
-international patent law to make :-).  This logic is a little flawed but
-it still points out some of the more interesting permutations of USA
-patent law and ITAR restrictions. 
-
-Inside the USA there is also the unresolved issue of RC4/RC2 which were
-made public on sci.crypt in Sep 1994 (RC4) and Feb 1996 (RC2).  I have
-copies of the origional postings if people are interested.  RSA I believe 
-claim that they were 'trade-secrets' and that some-one broke an NDA in 
-revealing them.  Other claim they reverse engineered the algorithms from 
-compiled binaries.  If the algorithms were reverse engineered, I belive 
-RSA had no legal leg to stand on.  If an NDA was broken, I don't know.
-Regardless, RSA, I belive, is willing to go to court over the issue so 
-licencing is probably the best idea, or at least talk to them.
-If there are people who actually know more about this, pease let me know, I 
-don't want to vilify or spread miss-information if I can help it.
-
-If you are not producing a web browser, it is easy to build SSLeay with
-RC2/RC4 removed. Since RC4 is the defacto standard cipher in 
-all web software (and it is damn fast) it is more or less required for 
-www use. For non www use of SSL, especially for an application where 
-interoperability with other vendors is not critical just leave it out.
-
-Removing IDEA, RC2 and RC4 would only leave DES and Triple DES but 
-they should be ok.  Considing that Triple DES can encrypt at rates of
-410k/sec on a pentium 100, and 940k/sec on a P6/200, this is quite 
-reasonable performance.  Single DES clocks in at 1160k/s and 2467k/s
-respectivly is actually quite fast for those not so paranoid (56 bit key).[1]
-
-> Is it possible to get a certificate for commercial use outside of the U.S.?
-yes.
-
-Thawte Consulting issues certificates (they are the people who sell the
-	Sioux httpd server and are based in South Africa)
-Verisign will issue certificates for Sioux (sold from South Africa), so this
-	proves that they will issue certificate for OS use if they are
-	happy with the quality of the software.
-
-(The above mentioned companies just the ones that I know for sure are issuing
- certificates outside the USA).
-
-There is always the point that if you are using SSL for an intra net, 
-SSLeay provides programs that can be used so you can issue your own 
-certificates.  They need polishing but at least it is a good starting point.
-
-I am not doing anything outside Australian law by implementing these
-algorithms (to the best of my knowedge).  It is another example of how 
-the world legal system does not cope with the internet very well.
-
-I may start making shared libraries available (I have now got DLL's for 
-Windows).  This will mean that distributions into the usa could be 
-shipped with a version with a reduced cipher set and the versions outside 
-could use the DLL/shared library with all the ciphers (and without RSAref).
-
-This could be completly hidden from the application, so this would not 
-even require a re-linking.
-
-This is the reverse of what people were talking about doing to get around 
-USA export regulations :-)
-
-eric
-
-[1]:	The RSAref2.0 tookit is available on at least 3 ftp sites in Europe
-	and one in South Africa.
-
-[2]:	Since I always get questions when I post benchmark numbers :-),
-	DES performace figures are in 1000's of bytes per second in cbc 
-	mode using an 8192 byte buffer.  The pentium 100 was running Windows NT 
-	3.51 DLLs and the 686/200 was running NextStep.
-	I quote pentium 100 benchmarks because it is basically the
-	'entry level' computer that most people buy for personal use.
-	Windows 95 is the OS shipping on those boxes, so I'll give
-	NT numbers (the same Win32 runtime environment).  The 686
-	numbers are present as an indication of where we will be in a
-	few years.
---
-Eric Young                  | BOOL is tri-state according to Bill Gates.
-AARNet: eay@mincom.oz.au    | RTFM Win32 GetMessage().
-
-
diff --git a/lib/libssl/src/doc/lhash.doc b/lib/libssl/src/doc/lhash.doc
deleted file mode 100644
index 5a2aeb4b38b..00000000000
--- a/lib/libssl/src/doc/lhash.doc
+++ /dev/null
@@ -1,151 +0,0 @@
-The LHASH library.
-
-I wrote this library in 1991 and have since forgotten why I called it lhash.
-It implements a hash table from an article I read at the
-time from 'Communications of the ACM'.  What makes this hash
-table different is that as the table fills, the hash table is
-increased (or decreased) in size via realloc().
-When a 'resize' is done, instead of all hashes being redistributed over
-twice as many 'buckets', one bucket is split.  So when an 'expand' is done,
-there is only a minimal cost to redistribute some values.  Subsequent
-inserts will cause more single 'bucket' redistributions but there will
-never be a sudden large cost due to redistributing all the 'buckets'.
-
-The state for a particular hash table is kept in the LHASH structure.
-The LHASH structure also records statistics about most aspects of accessing
-the hash table.  This is mostly a legacy of my writing this library for
-the reasons of implementing what looked like a nice algorithm rather than
-for a particular software product.
-
-Internal stuff you probably don't want to know about.
-The decision to increase or decrease the hash table size is made depending
-on the 'load' of the hash table.  The load is the number of items in the
-hash table divided by the size of the hash table.  The default values are
-as follows.  If (hash->up_load < load) => expand.
-if (hash->down_load > load) =>  contract.  The 'up_load' has a default value of
-1 and 'down_load' has a default value of 2.  These numbers can be modified
-by the application by just playing with the 'up_load' and 'down_load'
-variables.  The 'load' is kept in a form which is multiplied by 256.  So
-hash->up_load=8*256; will cause a load of 8 to be set.
-
-If you are interested in performance the field to watch is
-num_comp_calls.  The hash library keeps track of the 'hash' value for
-each item so when a lookup is done, the 'hashes' are compared, if
-there is a match, then a full compare is done, and
-hash->num_comp_calls is incremented.  If num_comp_calls is not equal
-to num_delete plus num_retrieve it means that your hash function is
-generating hashes that are the same for different values.  It is
-probably worth changing your hash function if this is the case because
-even if your hash table has 10 items in a 'bucked', it can be searched
-with 10 'unsigned long' compares and 10 linked list traverses.  This
-will be much less expensive that 10 calls to you compare function.
-
-LHASH *lh_new(
-unsigned long (*hash)(),
-int (*cmp)());
-	This function is used to create a new LHASH structure.  It is passed
-	function pointers that are used to store and retrieve values passed
-	into the hash table.  The 'hash'
-	function is a hashing function that will return a hashed value of
-	it's passed structure.  'cmp' is passed 2 parameters, it returns 0
-	is they are equal, otherwise, non zero.
-	If there are any problems (usually malloc failures), NULL is
-	returned, otherwise a new LHASH structure is returned.  The
-	hash value is normally truncated to a power of 2, so make sure
-	that your hash function returns well mixed low order bits.
-	
-void lh_free(
-LHASH *lh);
-	This function free()s a LHASH structure.  If there is malloced
-	data in the hash table, it will not be freed.  Consider using the
-	lh_doall function to deallocate any remaining entries in the hash
-	table.
-	
-char *lh_insert(
-LHASH *lh,
-char *data);
-	This function inserts the data pointed to by data into the lh hash
-	table.  If there is already and entry in the hash table entry, the
-	value being replaced is returned.  A NULL is returned if the new
-	entry does not clash with an entry already in the table (the normal
-	case) or on a malloc() failure (perhaps I should change this....).
-	The 'char *data' is exactly what is passed to the hash and
-	comparison functions specified in lh_new().
-	
-char *lh_delete(
-LHASH *lh,
-char *data);
-	This routine deletes an entry from the hash table.  The value being
-	deleted is returned.  NULL is returned if there is no such value in
-	the hash table.
-
-char *lh_retrieve(
-LHASH *lh,
-char *data);
-	If 'data' is in the hash table it is returned, else NULL is
-	returned.  The way these routines would normally be uses is that a
-	dummy structure would have key fields populated and then
-	ret=lh_retrieve(hash,&dummy);.  Ret would now be a pointer to a fully
-	populated structure.
-
-void lh_doall(
-LHASH *lh,
-void (*func)(char *a));
-	This function will, for every entry in the hash table, call function
-	'func' with the data item as parameters.
-	This function can be quite useful when used as follows.
-	void cleanup(STUFF *a)
-		{ STUFF_free(a); }
-	lh_doall(hash,cleanup);
-	lh_free(hash);
-	This can be used to free all the entries, lh_free() then
-	cleans up the 'buckets' that point to nothing.  Be careful
-	when doing this.  If you delete entries from the hash table,
-	in the call back function, the table may decrease in size,
-	moving item that you are
-	currently on down lower in the hash table.  This could cause
-	some entries to be skipped.  The best solution to this problem
-	is to set lh->down_load=0 before you start.  This will stop
-	the hash table ever being decreased in size.
-
-void lh_doall_arg(
-LHASH *lh;
-void(*func)(char *a,char *arg));
-char *arg;
-	This function is the same as lh_doall except that the function
-	called will be passed 'arg' as the second argument.
-	
-unsigned long lh_strhash(
-char *c);
-	This function is a demo string hashing function.  Since the LHASH
-	routines would normally be passed structures, this routine would
-	not normally be passed to lh_new(), rather it would be used in the
-	function passed to lh_new().
-
-The next three routines print out various statistics about the state of the
-passed hash table.  These numbers are all kept in the lhash structure.
-
-void lh_stats(
-LHASH *lh,
-FILE *out);
-	This function prints out statistics on the size of the hash table,
-	how many entries are in it, and the number and result of calls to
-	the routines in this library.
-
-void lh_node_stats(
-LHASH *lh,
-FILE *out);
-	For each 'bucket' in the hash table, the number of entries is
-	printed.
-	
-void lh_node_usage_stats(
-LHASH *lh,
-FILE *out);
-	This function prints out a short summary of the state of the hash
-	table.  It prints what I call the 'load' and the 'actual load'.
-	The load is the average number of data items per 'bucket' in the
-	hash table.  The 'actual load' is the average number of items per
-	'bucket', but only for buckets which contain entries.  So the
-	'actual load' is the average number of searches that will need to
-	find an item in the hash table, while the 'load' is the average number
-	that will be done to record a miss.
diff --git a/lib/libssl/src/doc/md2.doc b/lib/libssl/src/doc/md2.doc
deleted file mode 100644
index b106bc675d8..00000000000
--- a/lib/libssl/src/doc/md2.doc
+++ /dev/null
@@ -1,49 +0,0 @@
-The MD2 library.
-MD2 is a message digest algorithm that can be used to condense an arbitrary
-length message down to a 16 byte hash.  The functions all need to be passed
-a MD2_CTX which is used to hold the MD2 context during multiple MD2_Update()
-function calls.  The normal method of use for this library is as follows
-
-MD2_Init(...);
-MD2_Update(...);
-...
-MD2_Update(...);
-MD2_Final(...);
-
-This library requires the inclusion of 'md2.h'.
-
-The main negative about MD2 is that it is slow, especially when compared
-to MD5.
-
-The functions are as follows:
-
-void MD2_Init(
-MD2_CTX *c);
-	This function needs to be called to initiate a MD2_CTX structure for
-	use.
-	
-void MD2_Update(
-MD2_CTX *c;
-unsigned char *data;
-unsigned long len);
-	This updates the message digest context being generated with 'len'
-	bytes from the 'data' pointer.  The number of bytes can be any
-	length.
-
-void MD2_Final(
-unsigned char *md;
-MD2_CTX *c;
-	This function is called when a message digest of the data digested
-	with MD2_Update() is wanted.  The message digest is put in the 'md'
-	array and is MD2_DIGEST_LENGTH (16) bytes long.
-
-unsigned char *MD2(
-unsigned long n;
-unsigned char *d;
-unsigned char *md;
-	This function performs a MD2_Init(), followed by a MD2_Update()
-	followed by a MD2_Final() (using a local MD2_CTX).
-	The resulting digest is put into 'md' if it is not NULL.
-	Regardless of the value of 'md', the message
-	digest is returned from the function.  If 'md' was NULL, the message
-	digest returned is being stored in a static structure.
diff --git a/lib/libssl/src/doc/md5.doc b/lib/libssl/src/doc/md5.doc
deleted file mode 100644
index 519dbdc61a4..00000000000
--- a/lib/libssl/src/doc/md5.doc
+++ /dev/null
@@ -1,50 +0,0 @@
-The MD5 library.
-MD5 is a message digest algorithm that can be used to condense an arbitrary
-length message down to a 16 byte hash.  The functions all need to be passed
-a MD5_CTX which is used to hold the MD5 context during multiple MD5_Update()
-function calls.  This library also contains random number routines that are
-based on MD5
-
-The normal method of use for this library is as follows
-
-MD5_Init(...);
-MD5_Update(...);
-...
-MD5_Update(...);
-MD5_Final(...);
-
-This library requires the inclusion of 'md5.h'.
-
-The functions are as follows:
-
-void MD5_Init(
-MD5_CTX *c);
-	This function needs to be called to initiate a MD5_CTX structure for
-	use.
-	
-void MD5_Update(
-MD5_CTX *c;
-unsigned char *data;
-unsigned long len);
-	This updates the message digest context being generated with 'len'
-	bytes from the 'data' pointer.  The number of bytes can be any
-	length.
-
-void MD5_Final(
-unsigned char *md;
-MD5_CTX *c;
-	This function is called when a message digest of the data digested
-	with MD5_Update() is wanted.  The message digest is put in the 'md'
-	array and is MD5_DIGEST_LENGTH (16) bytes long.
-
-unsigned char *MD5(
-unsigned char *d;
-unsigned long n;
-unsigned char *md;
-	This function performs a MD5_Init(), followed by a MD5_Update()
-	followed by a MD5_Final() (using a local MD5_CTX).
-	The resulting digest is put into 'md' if it is not NULL.
-	Regardless of the value of 'md', the message
-	digest is returned from the function.  If 'md' was NULL, the message
-	digest returned is being stored in a static structure.
-
diff --git a/lib/libssl/src/doc/memory.doc b/lib/libssl/src/doc/memory.doc
deleted file mode 100644
index b9aa33ace0b..00000000000
--- a/lib/libssl/src/doc/memory.doc
+++ /dev/null
@@ -1,27 +0,0 @@
-In the interests of debugging SSLeay, there is an option to compile
-using some simple memory leak checking.
-
-All malloc(), free() and realloc() calls in SSLeay now go via
-Malloc(), Free() and Realloc() (except those in crypto/lhash).
-
-If CRYPTO_MDEBUG is defined, these calls are #defined to
-CRYPTO_malloc(), CRYPTO_free() and CRYPTO_realloc().
-If it is not defined, they are #defined to malloc(), free() and realloc().
-
-the CRYPTO_malloc() routines by default just call the underlying library
-functons.
-
-If CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) is called, memory leak detection is
-turned on.  CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) turns it off.
-
-When turned on, each Malloc() or Realloc() call is recored along with the file
-and line number from where the call was made.   (This is done using the
-lhash library which always uses normal system malloc(3) routines).
-
-void CRYPTO_mem_leaks(BIO *b);
-void CRYPTO_mem_leaks_fp(FILE *fp);
-These both print out the list of memory that has not been free()ed.
-This will probably be rather hard to read, but if you look for the 'top level'
-structure allocation, this will often give an idea as to what is not being
-free()ed.  I don't expect people to use this stuff normally.
-
diff --git a/lib/libssl/src/doc/ms3-ca.doc b/lib/libssl/src/doc/ms3-ca.doc
deleted file mode 100644
index f8350aadc2d..00000000000
--- a/lib/libssl/src/doc/ms3-ca.doc
+++ /dev/null
@@ -1,398 +0,0 @@
-Date: Mon, 9 Jun 97 08:00:33 +0200
-From: Holger.Reif@PrakInf.TU-Ilmenau.DE (Holger Reif)
-Subject: ms3-ca.doc
-Organization: TU Ilmenau, Fak. IA, FG Telematik
-Content-Length: 14575
-Status: RO
-X-Status: 
-
-Loading client certs into MSIE 3.01
-===================================
-
-This document conatains all the information necessary to succesfully set up 
-some scripts to issue client certs to Microsoft Internet Explorer. It 
-includes the required knowledge about the model MSIE uses for client 
-certification and includes complete sample scripts ready to play with. The 
-scripts were tested against a modified ca program of SSLeay 0.6.6 and should 
-work with the regular ca program that comes with version 0.8.0. I haven't 
-tested against MSIE 4.0
-
-You can use the information contained in this document in either way you 
-want. However if you feel it saved you a lot of time I ask you to be as fair 
-as to mention my name: Holger Reif <reif@prakinf.tu-ilmenau.de>.
-
-1.) The model used by MSIE
---------------------------
-
-The Internet Explorer doesn't come with a embedded engine for installing 
-client certs like Netscape's Navigator. It rather uses the CryptoAPI (CAPI) 
-defined by Microsoft. CAPI comes with WindowsNT 4.0 or is installed together 
-with Internet Explorer since 3.01. The advantage of this approach is a higher 
-flexibility because the certificates in the (per user) system open 
-certificate store may be used by other applications as well. The drawback 
-however is that you need to do a bit more work to get a client cert issued.
-
-CAPI defines functions which will handle basic cryptographic work, eg. 
-generating keys, encrypting some data, signing text or building a certificate 
-request. The procedure is as follows: A CAPI function generates you a key 
-pair and saves it into the certificate store. After that one builds a 
-Distinguished Name. Together with that key pair another CAPI function forms a 
-PKCS#10 request which you somehow need to submit to a CA. Finally the issued 
-cert is given to a yet another CAPI function which saves it into the 
-certificate store.
-
-The certificate store with the user's keys and certs is in the registry. You 
-will find it under HKEY_CURRENT_USER/Software/Microsoft/Cryptography/ (I 
-leave it to you as a little exercise to figure out what all the entries mean 
-;-). Note that the keys are protected only with the user's usual Windows 
-login password.
-
-2.) The practical usage
------------------------
-
-Unfortunatly since CAPI is a system API you can't access its functions from 
-HTML code directly. For this purpose Microsoft provides a wrapper called 
-certenr3.dll. This DLL accesses the CAPI functions and provides an interface 
-usable from Visual Basic Script. One needs to install that library on the 
-computer which wants to have client cert. The easiest way is to load it as an 
-ActiveX control (certenr3.dll is properly authenticode signed by MS ;-). If 
-you have ever enrolled e cert request at a CA you will have installed it.
-
-At time of writing certenr3.dll is contained in 
-http://www.microsoft.com/workshop/prog/security/csa/certenr3.exe. It comes 
-with an README file which explains the available functions. It is labeled 
-beta but every CA seems to use it anyway. The license.txt allows you the 
-usage for your own purposes (as far as I understood) and a somehow limited 
-distribution. 
-
-The two functions of main interest are GenerateKeyPair and AcceptCredentials. 
-For complete explanation of all possible parameters see the README file. Here 
-are only minimal required parameters and their values.
-
-GenerateKeyPair(sessionID, FASLE, szName, 0, "ClientAuth", TRUE, FALSE, 1)
-- sessionID is a (locally to that computer) unique string to correlate the 
-generated key pair with a cert installed later.
-- szName is the DN of the form "C=DE; S=Thueringen; L=Ilmenau; CN=Holger 
-Reif; 1.2.840.113549.1.9.1=reif@prakinf.tu-ilmenau.de". Note that S is the 
-abreviation for StateOrProvince. The recognized abreviation include CN, O, C, 
-OU, G, I, L, S, T. If the abreviation is unknown (eg. for PKCS#9 email addr) 
-you need to use the full object identifier. The starting point for searching 
-them could be crypto/objects.h since all OIDs know to SSLeay are listed 
-there.
-- note: the possible ninth parameter which should give a default name to the 
-certificate storage location doesn't seem to work. Changes to the constant 
-values in the call above doesn't seem to make sense. You can't generate 
-PKCS#10 extensions with that function.
-
-The result of GenerateKeyPair is the base64 encoded PKCS#10 request. However 
-it has a little strange format that SSLeay doesn't accept. (BTW I feel the 
-decision of rejecting that format as standard conforming.) It looks like 
-follows:
-	1st line with 76 chars
-	2nd line with 76 chars
-	...
-	(n-2)th line with 76 chars
-	(n-1)th line contains a multiple of 4 chars less then 76 (possible 
-empty)
-	(n)th line has zero or 4 chars (then with 1 or 2 equal signs - the 
-		original text's lenght wasn'T a multiple of 3) 
-	The line separator has two chars: 0x0d 0x0a
-
-AcceptCredentials(sessionID, credentials, 0, FALSE)
-- sessionID needs to be the same as while generating the key pair
-- credentials is the base64 encoded PKCS#7 object containing the cert. 
-
-CRL's and CA certs are not required simply just the client cert. (It seems to 
-me that both are not even checked somehow.) The only format of the base64 
-encoded object I succesfully used was all characters in a very long string 
-without line feeds or carriage returns. (Hey, it doesn't matter, only a 
-computer reads it!)
-
-The result should be S_OK. For error handling see the example that comes with 
-certenr3.dll.
-
-A note about ASN.1 character encodings. certenr3.dll seems to know only about 
-2 of them: UniversalString and PrintableString. First it is definitely wrong 
-for an email address which is IA5STRING (checked by ssleay's ca). Second 
-unfortunately MSIE (at least until version 3.02) can't handle UniversalString 
-correctly - they just blow up you cert store! Therefore ssleay's ca (starting 
-from version 0.8.0) tries to convert the encodings automatically to IA5STRING 
-or TeletexString. The beef is it will work only for the latin-1 (western) 
-charset. Microsoft still has to do abit of homework...
-
-3.) An example
---------------
-
-At least you need two steps: generating the key & request and then installing 
-the certificate. A real world CA would have some more steps involved, eg. 
-accepting some license. Note that both scripts shown below are just 
-experimental state without any warrenty!
-
-First how to generate a request. Note that we can't use a static page because 
-of the sessionID. I generate it from system time plus pid and hope it is 
-unique enough. Your are free to feed it through md5 to get more impressive 
-ID's ;-) Then the intended text is read in with sed which inserts the 
-sessionID. 
-
------BEGIN ms-enroll.cgi-----
-#!/bin/sh
-SESSION_ID=`date '+%y%m%d%H%M%S'`$$
-echo Content-type: text/html
-echo
-sed s/template_for_sessId/$SESSION_ID/ <<EOF
-<HTML><HEAD>
-<TITLE>Certificate Enrollment Test Page</TITLE>
-</HEAD><BODY>
-
-<OBJECT
-    classid="clsid:33BEC9E0-F78F-11cf-B782-00C04FD7BF43"
-    codebase=certenr3.dll
-    id=certHelper
-    >
-</OBJECT>
-
-<CENTER>
-<H2>enrollment for a personal cert</H2>
-<BR><HR WIDTH=50%><BR><P>
-<FORM NAME="MSIE_Enrollment" ACTION="ms-gencert.cgi" ENCTYPE=x-www-form-
-encoded METHOD=POST>
-<TABLE>
-    <TR><TD>Country</TD><TD><INPUT NAME="Country" VALUE=""></TD></TR>
-    <TR><TD>State</TD><TD><INPUT NAME="StateOrProvince" VALUE=""></TD></TR>
-    <TR><TD>Location</TD><TD><INPUT NAME="Location" VALUE=""></TD></TR>
-    <TR><TD>Organization</TD><TD><INPUT NAME="Organization" 
-VALUE=""></TD></TR>
-    <TR><TD>Organizational Unit</TD>
-        <TD><INPUT NAME="OrganizationalUnit" VALUE=""></TD></TR>
-    <TR><TD>Name</TD><TD><INPUT NAME="CommonName" VALUE=""></TD></TR>
-    <TR><TD>eMail Address</TD>
-        <TD><INPUT NAME="EmailAddress" VALUE=""></TD></TR>
-    <TR><TD></TD>
-        <TD><INPUT TYPE="BUTTON" NAME="submit" VALUE="Beantragen"></TD></TR>
-</TABLE>
-	<INPUT TYPE="hidden" NAME="SessionId" VALUE="template_for_sessId">
-	<INPUT TYPE="hidden" NAME="Request" VALUE="">
-</FORM>
-<BR><HR WIDTH=50%><BR><P>
-</CENTER>
-
-<SCRIPT LANGUAGE=VBS>
-    Dim DN
-
-    Sub Submit_OnClick
-	Dim TheForm
-	Set TheForm = Document.MSIE_Enrollment
-	sessionId	= TheForm.SessionId.value
-	reqHardware     = FALSE
-	C		= TheForm.Country.value
-	SP		= TheForm.StateOrProvince.value
-	L		= TheForm.Location.value
-	O		= TheForm.Organization.value
-	OU		= TheForm.OrganizationalUnit.value
-	CN              = TheForm.CommonName.value
-	Email		= TheForm.EmailAddress.value
-        szPurpose       = "ClientAuth"
-        doAcceptanceUINow   = FALSE
-        doOnline        = TRUE
-
-	DN = ""
-
-	Call Add_RDN("C", C)
-	Call Add_RDN("S", SP)
-	Call Add_RDN("L", L)
-	Call Add_RDN("O", O)
-	Call Add_RDN("OU", OU)
-	Call Add_RDN("CN", CN)
-	Call Add_RDN("1.2.840.113549.1.9.1", Email)
-		      ' rsadsi
-				     ' pkcs
-				       ' pkcs9
-					 ' eMailAddress
-        On Error Resume Next
-        sz10 = certHelper.GenerateKeyPair(sessionId, _
-                FALSE, DN, 0, ClientAuth, FASLE, TRUE, 1)_
-        theError = Err.Number
-        On Error Goto 0
-        if (sz10 = Empty OR theError <> 0) Then
-            sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & _
-                chr(10) & "Your credentials could not be generated."
-            result = MsgBox(sz, 0, "Credentials Enrollment")
-            Exit Sub
-	else 
-	    TheForm.Request.value = sz10
-	    TheForm.Submit
-        end if
-    End Sub
-
-    Sub Add_RDN(sn, value)
-	if (value <> "") then
-	    if (DN <> "") then
-		DN = DN & "; "
-	    end if
-	    DN = DN & sn & "=" & value
-	end if
-    End Sub
-</SCRIPT>
-</BODY>
-</HTML>
-EOF
------END ms-enroll.cgi-----
-
-Second, how to extract the request and feed the certificate back? We need to 
-"normalize" the base64 encoding of the PKCS#10 format which means 
-regenerating the lines and wrapping with BEGIN and END line. This is done by 
-gawk. The request is taken by ca the normal way. Then the cert needs to be 
-packed into a PKCS#7 structure (note: the use of a CRL is necessary for 
-crl2pkcs7 as of version 0.6.6. Starting with 0.8.0 it it might probably be 
-ommited). Finally we need to format the PKCS#7 object and generate the HTML 
-text. I use two templates to have a clearer script.
-
-1st note: postit2 is slightly modified from a program I found at ncsa's ftp 
-site. Grab it from http://www.easterngraphics.com/certs/IX9704/postit2.c. You 
-need utils.c from there too.
-
-2nd note: I'm note quite sure wether the gawk script really handles all 
-possible inputs for the request right! Today I don't use this construction 
-anymore myself.
-
-3d note: the cert must be of version 3! This could be done with the nsComment 
-line in ssleay.cnf...
-
-------BEGIN ms-gencert.cgi-----
-#!/bin/sh
-FILE="/tmp/"`date '+%y%m%d%H%M%S'-`$$
-rm -f "$FILE".*
-
-HOME=`pwd`; export HOME  # as ssleay.cnf insists on having such an env var
-cd /usr/local/ssl #where demoCA (as named in ssleay.conf) is located
-
-postit2 -s " " -i 0x0d > "$FILE".inp  # process the FORM vars
-
-SESSION_ID=`gawk '$1 == "SessionId" { print $2; exit }' "$FILE".inp`
-
-gawk \
-	'BEGIN { \
-		OFS = ""; \
-		print "-----BEGIN CERTIFICATE REQUEST-----"; \
-		req_seen=0 \
-	} \
-	$1 == "Request" { \
-		req_seen=1; \
-		if (length($2) == 72) print($2); \
-		lastline=$2; \
-		next; \
-	} \
-	{ \
-		if (req_seen == 1) { \
-			if (length($1) >= 72) print($1); \
-			else if (length(lastline) < 72) { \
-				req_seen=0; \
-				print (lastline,$1); \
-			} \
-		lastline=$1; \
-		} \
-	} \
-	END { \
-		print "-----END CERTIFICATE REQUEST-----"; \
-	}' > "$FILE".pem < "$FILE".inp 
-
-ssleay ca -batch -in "$FILE".pem -key passwd -out "$FILE".out
-ssleay crl2pkcs7 -certfile "$FILE".out -out "$FILE".pkcs7 -in demoCA/crl.pem
-
-sed s/template_for_sessId/$SESSION_ID/ <ms-enroll2a.html >"$FILE".cert
-/usr/local/bin/gawk \
-	'BEGIN	{ \
-		OFS = ""; \
-		dq = sprintf("%c",34); \
-	} \
-	$0 ~ "PKCS7" { next; } \
-	{ \
-		print dq$0dq" & _"; \
-	}' <"$FILE".pkcs7 >> "$FILE".cert
-cat  ms-enroll2b.html >>"$FILE".cert
-
-echo Content-type: text/html
-echo Content-length: `wc -c "$FILE".cert`
-echo
-cat "$FILE".cert
-rm -f "$FILE".*
------END ms-gencert.cgi-----
-
-----BEGIN ms-enroll2a.html----
-<HTML><HEAD><TITLE>Certificate Acceptance Test Page</TITLE></HEAD><BODY>
-
-<OBJECT
-    classid="clsid:33BEC9E0-F78F-11cf-B782-00C04FD7BF43"
-    codebase=certenr3.dll
-    id=certHelper
-    >
-</OBJECT>
-
-<CENTER>
-<H2>Your personal certificate</H2>
-<BR><HR WIDTH=50%><BR><P>
-Press the button!
-<P><INPUT TYPE=BUTTON VALUE="Nimm mich!" NAME="InstallCert">
-</CENTER>
-<BR><HR WIDTH=50%><BR>
-
-<SCRIPT LANGUAGE=VBS>
-    Sub InstallCert_OnClick
-
-	sessionId	= "template_for_sessId"
-credentials = "" & _
-----END ms-enroll2a.html----
-
-----BEGIN ms-enroll2b.html----
-""
-        On Error Resume Next
-        result = certHelper.AcceptCredentials(sessionId, credentials, 0, 
-FALSE)
-        if (IsEmpty(result)) Then
-           sz = "The error '" & Err.Number & "' occurred." & chr(13) & 
-chr(10) & "This Digital ID could not be registered."
-           msgOut = MsgBox(sz, 0, "Credentials Registration Error")
-           navigate "error.html"
-        else
-           sz = "Digital ID successfully registered."
-           msgOut = MsgBox(sz, 0, "Credentials Registration")
-           navigate "success.html"
-        end if
-	Exit Sub
-    End Sub
-</SCRIPT>
-</BODY>
-</HTML>
-----END ms-enroll2b.html----
-
-4.) What do do with the cert?
------------------------------
-
-The cert is visible (without restarting MSIE) under the following menu:
-View->Options->Security->Personal certs. You can examine it's contents at 
-least partially.
-
-To use it for client authentication you need to use SSL3.0 (fortunately 
-SSLeay supports it with 0.8.0). Furthermore MSIE is told to only supports a 
-kind of automatic selection of certs (I personally wasn't able to test it 
-myself). But there is a requirement that the issuer of the server cert and 
-the issuer of the client cert needs to be the same (according to a developer 
-from MS). Which means: you need may more then one cert to talk to all 
-servers...
-
-I'm sure we will get a bit more experience after ApacheSSL is available for 
-SSLeay 0.8.8.
-
-
-I hope you enjoyed reading and that in future questions on this topic will 
-rarely appear on ssl-users@moncom.com ;-)
-
-Ilmenau, 9th of June 1997
-Holger Reif <reif@prakinf.tu-ilmenau.de>
--- 
-read you later  -  Holger Reif
-----------------------------------------  Signaturprojekt Deutsche Einheit
-TU Ilmenau - Informatik - Telematik                      (Verdamp lang her)
-Holger.Reif@PrakInf.TU-Ilmenau.DE         Alt wie ein Baum werden, um ueber
-http://Remus.PrakInf.TU-Ilmenau.DE/Reif/  alle 7 Bruecken gehen zu koennen
-
diff --git a/lib/libssl/src/doc/ns-ca.doc b/lib/libssl/src/doc/ns-ca.doc
deleted file mode 100644
index 836883e1a0f..00000000000
--- a/lib/libssl/src/doc/ns-ca.doc
+++ /dev/null
@@ -1,154 +0,0 @@
-The following documentation was supplied by Jeff Barber, who provided the
-patch to the CA program to add this functionality.
-
-eric
---
-Jeff Barber                                Email: jeffb@issl.atl.hp.com
-
-Hewlett Packard                            Phone: (404) 648-9503
-Internet and System Security Lab           Fax:   (404) 648-9516
-
-                         oo
----------------------cut /\ here for ns-ca.doc ------------------------------
-
-This document briefly describes how to use SSLeay to implement a 
-certificate authority capable of dynamically serving up client
-certificates for version 3.0 beta 5 (and presumably later) versions of
-the Netscape Navigator.  Before describing how this is done, it's
-important to understand a little about how the browser implements its
-client certificate support.  This is documented in some detail in the
-URLs based at <URL:http://home.netscape.com/eng/security/certs.html>.
-Here's a brief overview:
-
--	The Navigator supports a new HTML tag "KEYGEN" which will cause
-	the browser to generate an RSA key pair when you submit a form
-	containing the tag.  The public key, along with an optional
-	challenge (supposedly provided for use in certificate revocation
-	but I don't use it) is signed, DER-encoded, base-64 encoded
-	and sent to the web server as the value of the variable
-	whose NAME is provided in the KEYGEN tag.  The private key is
-	stored by the browser in a local key database.
-
-	This "Signed Public Key And Challenge" (SPKAC) arrives formatted
-	into 64 character lines (which are of course URL-encoded when 
-	sent via HTTP -- i.e. spaces, newlines and most punctuatation are
-	encoded as "%HH" where HH is the hex equivalent of the ASCII code).
-	Note that the SPKAC does not contain the other usual attributes
-	of a certificate request, especially the subject name fields.
-	These must be otherwise encoded in the form for submission along
-	with the SPKAC.
-
--	Either immediately (in response to this form submission), or at
-	some later date (a real CA will probably verify your identity in
-	some way before issuing the certificate), a web server can send a
-	certificate based on the public key and other attributes back to
-	the browser by encoding it in DER (the binary form) and sending it
-	to the browser as MIME type:
-	"Content-type: application/x-x509-user-cert"
-
-	The browser uses the public key encoded in the certificate to
-	associate the certificate with the appropriate private key in
-	its local key database.  Now, the certificate is "installed".
-
--	When a server wants to require authentication based on client
-	certificates, it uses the right signals via the SSL protocol to
-	trigger the Navigator to ask you which certificate you want to
-	send.  Whether the certificate is accepted is dependent on CA
-	certificates and so forth installed in the server and is beyond
-	the scope of this document.
-
-
-Now, here's how the SSLeay package can be used to provide client 
-certficates:
-
--	You prepare a file for input to the SSLeay ca application.
-	The file contains a number of "name = value" pairs that identify
-	the subject.  The names here are the same subject name component
-	identifiers used in the CA section of the lib/ssleay.conf file,
-	such as "emailAddress", "commonName" "organizationName" and so
-	forth.  Both the long version and the short version (e.g. "Email",
-	"CN", "O") can be used.
-
-	One more name is supported: this one is "SPKAC".  Its value
-	is simply the value of the base-64 encoded SPKAC sent by the
-	browser (with all the newlines and other space charaters
-	removed -- and newline escapes are NOT supported).
-
-	[ As of SSLeay 0.6.4, multiple lines are supported.
-	  Put a \ at the end of each line and it will be joined with the
-	  previous line with the '\n' removed - eay ]
-	
-	Here's a sample input file:
-
-C = US
-SP = Georgia
-O = Some Organization, Inc.
-OU = Netscape Compatibility Group
-CN = John X. Doe
-Email = jxdoe@someorg.com
-SPKAC = MIG0MGAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAwmk6FMJ4uAVIYbcvIOx5+bDGTfvL8X5gE+R67ccMk6rCSGbVQz2cetyQtnI+VIs0NwdD6wjuSuVtVFbLoHonowIDAQABFgAwDQYJKoZIhvcNAQEEBQADQQBFZDUWFl6BJdomtN1Bi53mwijy1rRgJ4YirF15yBEDM3DjAQkKXHYOIX+qpz4KXKnl6EYxTnGSFL5wWt8X2iyx
-
--	You execute the ca command (either from a CGI program run out of
-	the web server, or as a later manual task) giving it the above
-	file as input.  For example, if the file were named /tmp/cert.req,
-	you'd run:
-	$SSLDIR/bin/ca -spkac /tmp/cert.req -out /tmp/cert
-
-	The output is in DER format (binary) if a -out argument is 
-	provided, as above; otherwise, it's in the PEM format (base-64
-	encoded DER).  Also, the "-batch" switch is implied by the
-	"-spkac" so you don't get asked whether to complete the signing
-	(probably it shouldn't work this way but I was only interested
-	in hacking together an online CA that could be used for issuing
-	test certificates).
-
-	The "-spkac" capability doesn't support multiple files (I think).
-
-	Any CHALLENGE provided in the SPKAC is simply ignored.
-
-	The interactions between the identification fields you provide
-	and those identified in your lib/ssleay.conf are the same as if
-	you did an ordinary "ca -in infile -out outfile" -- that is, if
-	something is marked as required in the ssleay.conf file and it
-	isn't found in the -spkac file, the certificate won't be issued.
-
--	Now, you pick up the output from /tmp/cert and pass it back to
-	the Navigator prepending the Content-type string described earlier.
-
--	In order to run the ca command out of a CGI program, you must
-	provide a password to decrypt the CA's private key.  You can
-	do this by using "echo MyKeyPassword | $SSLDIR/bin/ca ..."
-	I think there's a way to not encrypt the key file in the first
-	place, but I didn't see how to do that, so I made a small change
-	to the library that allows the password to be accepted from a pipe.
-	Either way is UTTERLY INSECURE and a real CA would never do that.
-
-	[ You can use the 'ssleay rsa' command to remove the password
-	  from the private key, or you can use the '-key' option to the
-	  ca command to specify the decryption key on the command line
-	  or use the -nodes option when generating the key.
-	  ca will try to clear the command line version of the password
-	  but for quite a few operating systems, this is not possible.
-	  - eric ]
-
-So, what do you have to do to make use of this stuff to create an online 
-demo CA capability with SSLeay?
-
-1	Create an HTML form for your users.  The form should contain
-	fields for all of the required or optional fields in ssleay.conf.
-	The form must contain a KEYGEN tag somewhere with at least a NAME
-	attribute.
-
-2	Create a CGI program to process the form input submitted by the
-	browser.  The CGI program must URL-decode the variables and create
-	the file described above, containing subject identification info
-	as well as the SPKAC block.  It should then run the the ca program
-	with the -spkac option.  If it works (check the exit status),
-	return the new certificate with the appropriate MIME type.  If not,
-	return the output of the ca command with MIME type "text/plain".
-
-3	Set up your web server to accept connections signed by your demo
-	CA.  This probably involves obtaining the PEM-encoded CA certificate
-	(ordinarily in $SSLDIR/CA/cacert.pem) and installing it into a
-	server database.  See your server manual for instructions.
-
diff --git a/lib/libssl/src/doc/obj.doc b/lib/libssl/src/doc/obj.doc
deleted file mode 100644
index bad347c9366..00000000000
--- a/lib/libssl/src/doc/obj.doc
+++ /dev/null
@@ -1,69 +0,0 @@
-The Object library.
-
-As part of my Crypto library, I found I required a method of identifying various
-objects.  These objects normally had 3 different values associated with
-them, a short text name, a long (or lower case) text name, and an
-ASN.1 Object Identifier (which is a sequence of numbers).
-This library contains a static list of objects and functions to lookup
-according to one type and to return the other types.
-
-To use these routines, 'Object.h' needs to be included.
-
-For each supported object, #define entries are defined as follows
-#define SN_Algorithm			"Algorithm"
-#define LN_algorithm			"algorithm"
-#define NID_algorithm			38
-#define OBJ_algorithm			1L,3L,14L,3L,2L
-
-SN_  stands for short name.
-LN_  stands for either long name or lowercase name.
-NID_ stands for Numeric ID.  I each object has a unique NID and this
-     should be used internally to identify objects.
-OBJ_ stands for ASN.1 Object Identifier or ASN1_OBJECT as defined in the
-     ASN1 routines.  These values are used in ASN1 encoding.
-
-The following functions are to be used to return pointers into a static
-definition of these types.  What this means is "don't try to free() any
-pointers returned from these functions.
-
-ASN1_OBJECT *OBJ_nid2obj(
-int n);
-	Return the ASN1_OBJECT that corresponds to a NID of n.
-	
-char *OBJ_nid2ln(
-int n);
-	Return the long/lower case name of the object represented by the
-	NID of n.
-	
-char *OBJ_nid2sn(
-int n);
-	Return the short name for the object represented by the NID of n.
-
-ASN1_OBJECT *OBJ_dup(
-ASN1_OBJECT *o);
-	Duplicate and return a new ASN1_OBJECT that is the same as the
-	passed parameter.
-	
-int OBJ_obj2nid(
-ASN1_OBJECT *o);
-	Given ASN1_OBJECT o, return the NID that corresponds.
-	
-int OBJ_ln2nid(
-char *s);
-	Given the long/lower case name 's', return the NID of the object.
-	
-int OBJ_sn2nid(
-char *s);
-	Given the short name 's', return the NID of the object.
-	
-char *OBJ_bsearch(
-char *key,
-char *base,
-int num,
-int size,
-int (*cmp)());
-	Since I have come across a few platforms that do not have the
-	bsearch() function, OBJ_bsearch is my version of that function.
-	Feel free to use this function, but you may as well just use the
-	normal system bsearch(3) if it is present.  This version also
-	has tolerance of being passed NULL pointers.
diff --git a/lib/libssl/src/doc/openssl.pod b/lib/libssl/src/doc/openssl.pod
new file mode 100644
index 00000000000..561f01e0ca8
--- /dev/null
+++ b/lib/libssl/src/doc/openssl.pod
@@ -0,0 +1,304 @@
+
+=pod
+
+=head1 NAME
+
+openssl - OpenSSL command line tool
+
+=head1 SYNOPSIS
+
+B<openssl>
+I<command>
+[ I<command_opts> ]
+[ I<command_args> ]
+
+=head1 DESCRIPTION
+
+OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL
+v2/v3) and Transport Layer Security (TLS v1) network protocols and related
+cryptography standards required by them.
+
+The B<openssl> program is a command line tool for using the various
+cryptography functions of OpenSSL's B<crypto> library from the shell. 
+It can be used for 
+
+ o  Creation of RSA, DH and DSA key parameters
+ o  Creation of X.509 certificates, CSRs and CRLs 
+ o  Calculation of Message Digests
+ o  Encryption and Decryption with Ciphers
+ o  SSL/TLS Client and Server Tests
+
+=head1 COMMAND SUMMARY
+
+The B<openssl> program provides a rich variety of commands (I<command> in the
+SYNOPSIS above), each of which often has a wealth of options and arguments
+(I<command_opts> and I<command_args> in the SYNOPSIS).
+
+=head2 STANDARD COMMANDS
+
+=over 10
+
+=item B<asn1parse> 
+
+Parse an ASN.1 sequence.
+
+=item B<ca>
+
+Certificate Authority (CA) Management.  
+
+=item B<ciphers>
+
+Cipher Suite Description Determination.
+
+=item B<crl>
+
+Certificate Revocation List (CRL) Management.
+
+=item B<crl2pkcs7>      
+
+CRL2 to PKCS#7 Conversion.
+
+=item B<dgst>
+
+Message Digest Calculation.
+
+=item B<dh>
+
+Diffie-Hellman Data Management.
+
+=item B<dsa>
+
+DSA Data Management.
+
+=item B<dsaparam>
+
+DSA Parameter Generation.
+
+=item B<enc>            
+
+Encoding with Ciphers.
+
+=item B<errstr>
+
+Error Number to Error String Conversion.
+
+=item B<gendh>
+
+Generation of Diffie-Hellman Parameters.
+
+=item B<gendsa>
+
+Generation of DSA Parameters.
+
+=item B<genrsa>
+
+Generation of RSA Parameters.
+
+=item B<pkcs7>
+
+PKCS#7 Data Management.
+
+=item B<req>
+
+X.509 Certificate Signing Request (CSR) Management.
+
+=item B<rsa>
+
+RSA Data Management.
+
+=item B<s_client>
+
+This implements a generic SSL/TLS client which can establish a transparent
+connection to a remote server speaking SSL/TLS. It's intended for testing
+purposes only and provides only rudimentary interface functionality but
+internally uses mostly all functionality of the OpenSSL B<ssl> library.
+
+=item B<s_server>
+
+This implements a generic SSL/TLS server which accepts connections from remote
+clients speaking SSL/TLS. It's intended for testing purposes only and provides
+only rudimentary interface functionality but internally uses mostly all
+functionality of the OpenSSL B<ssl> library.  It provides both an own command
+line oriented protocol for testing SSL functions and a simple HTTP response
+facility to emulate an SSL/TLS-aware webserver.
+
+=item B<s_time>        
+
+SSL Connection Timer.
+
+=item B<sess_id>
+
+SSL Session Data Management.
+
+=item B<speed>
+
+Algorithm Speed Measurement.
+
+=item B<verify>
+
+X.509 Certificate Verification.
+
+=item B<version>
+
+OpenSSL Version Information.
+
+=item B<x509>           
+
+X.509 Certificate Data Management.
+
+=back
+
+=head2 MESSAGE DIGEST COMMANDS
+
+=over 10
+
+=item B<md2>
+
+MD2 Digest
+
+=item B<md5>
+
+MD5 Digest
+
+=item B<mdc2>
+
+MDC2 Digest
+
+=item B<rmd160>
+
+RMD-160 Digest
+
+=item B<sha>            
+
+SHA Digest
+
+=item B<sha1>           
+
+SHA-1 Digest
+
+=back
+
+=head2 ENCODING AND CIPHER COMMANDS
+
+=over 10
+
+=item B<base64>
+
+Base64 Encoding
+
+=item B<bf bf-cbc bf-cfb bf-ecb bf-ofb>
+
+Blowfish Cipher
+
+=item B<cast cast-cbc>
+
+CAST Cipher
+
+=item B<cast5-cbc cast5-cfb cast5-ecb cast5-ofb>
+
+CAST5 Cipher
+
+=item B<des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ofb>
+
+DES Cipher
+
+=item B<des3 desx des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb>
+
+Triple-DES Cipher
+
+=item B<idea idea-cbc idea-cfb idea-ecb idea-ofb>
+
+IDEA Cipher
+
+=item B<rc2 rc2-cbc rc2-cfb rc2-ecb rc2-ofb>
+
+RC2 Cipher
+
+=item B<rc4>
+
+RC4 Cipher
+
+=item B<rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb>
+
+RC5 Cipher
+
+=back
+
+=head1 DETAILED COMMAND DESCRIPTION
+
+The following is a detailed description of every B<openssl> I<command>.
+
+=over 4
+
+=item B<openssl> B<s_client>
+[B<-connect> I<host>B<:>I<port>]
+[B<-verify> I<arg>]
+[B<-cert> I<arg>]
+[B<-key> I<arg>]
+[B<-CApath> I<arg>]
+[B<-CAfile> I<arg>]
+[B<-reconnect>]
+[B<-pause>]
+[B<-debug>]
+[B<-nbio_test>]
+[B<-state>]
+[B<-nbio>]
+[B<-quiet>]
+[B<-ssl2>]
+[B<-ssl3>]
+[B<-tls1>]
+[B<-no_ssl2>]
+[B<-no_ssl3>]
+[B<-no_tls1>]
+[B<-bugs>]
+[B<-cipher>]
+
+The B<s_client> command implements a generic SSL/TLS client which can
+establish a transparent connection to a remote I<host> and I<port> speaking
+SSL/TLS. 
+
+=item B<openssl> B<s_server>
+[B<-accept> I<port>]
+[B<-verify> I<arg>]
+[B<-Verify> I<arg>]
+[B<-cert> I<arg>]
+[B<-key> I<arg>]
+[B<-dcert> I<arg>]
+[B<-dkey> I<arg>]
+[B<-nbio>]
+[B<-nbio_test>]
+[B<-debug>]
+[B<-state>]
+[B<-CApath> I<arg>]
+[B<-CAfile> I<arg>]
+[B<-nocert>]
+[B<-cipher> I<arg>]
+[B<-quiet>]
+[B<-no_tmp_rsa>]
+[B<-ssl2>]
+[B<-ssl3>]
+[B<-tls1>]
+[B<-no_ssl2>]
+[B<-no_ssl3>]
+[B<-no_tls1>]
+[B<-bugs>]
+[B<-www>]
+[B<-WWW>]
+
+The B<s_server> command implements a generic SSL/TLS server which accepts
+connections from remote clients on I<port> speaking SSL/TLS.
+
+=back
+
+...
+
+=head1 SEE ALSO
+
+crypto(3), ssl(3)
+
+=head1 HISTORY
+
+The openssl(3) document appeared in OpenSSL 0.9.2
+
+=cut
+
diff --git a/lib/libssl/src/doc/openssl.txt b/lib/libssl/src/doc/openssl.txt
new file mode 100644
index 00000000000..91b85e5f14c
--- /dev/null
+++ b/lib/libssl/src/doc/openssl.txt
@@ -0,0 +1,1174 @@
+
+This is some preliminary documentation for OpenSSL.
+
+==============================================================================
+                            BUFFER Library
+==============================================================================
+
+The buffer library handles simple character arrays. Buffers are used for
+various purposes in the library, most notably memory BIOs.
+
+The library uses the BUF_MEM structure defined in buffer.h:
+
+typedef struct buf_mem_st
+{
+        int length;     /* current number of bytes */
+        char *data;
+        int max;        /* size of buffer */
+} BUF_MEM;
+
+'length' is the current size of the buffer in bytes, 'max' is the amount of
+memory allocated to the buffer. There are three functions which handle these
+and one "miscellaneous" function.
+
+BUF_MEM *BUF_MEM_new()
+
+This allocates a new buffer of zero size. Returns the buffer or NULL on error.
+
+void BUF_MEM_free(BUF_MEM *a)
+
+This frees up an already existing buffer. The data is zeroed before freeing
+up in case the buffer contains sensitive data.
+
+int BUF_MEM_grow(BUF_MEM *str, int len)
+
+This changes the size of an already existing buffer. It returns zero on error
+or the new size (i.e. 'len'). Any data already in the buffer is preserved if
+it increases in size.
+
+char * BUF_strdup(char *str)
+
+This is the previously mentioned strdup function: like the standard library
+strdup() it copies a null terminated string into a block of allocated memory
+and returns a pointer to the allocated block.
+
+Unlike the standard C library strdup() this function uses Malloc() and so
+should be used in preference to the standard library strdup() because it can
+be used for memory leak checking or replacing the malloc() function.
+
+The memory allocated from BUF_strdup() should be freed up using the Free()
+function.
+
+==============================================================================
+               OpenSSL X509V3 extension configuration
+==============================================================================
+
+OpenSSL X509V3 extension configuration: preliminary documentation.
+
+INTRODUCTION.
+
+For OpenSSL 0.9.2 the extension code has be considerably enhanced. It is now
+possible to add and print out common X509 V3 certificate and CRL extensions.
+
+BEGINNERS NOTE
+
+For most simple applications you don't need to know too much about extensions:
+the default openssl.cnf values will usually do sensible things.
+
+If you want to know more you can initially quickly look through the sections
+describing how the standard OpenSSL utilities display and add extensions and
+then the list of supported extensions.
+
+For more technical information about the meaning of extensions see:
+
+http://www.imc.org/ietf-pkix/
+http://home.netscape.com/eng/security/certs.html
+
+PRINTING EXTENSIONS.
+
+Extension values are automatically printed out for supported extensions.
+
+openssl x509 -in cert.pem -text
+openssl crl -in crl.pem -text
+
+will give information in the extension printout, for example:
+
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                73:FE:F7:59:A7:E1:26:84:44:D6:44:36:EE:79:1A:95:7C:B1:4B:15
+            X509v3 Authority Key Identifier: 
+                keyid:73:FE:F7:59:A7:E1:26:84:44:D6:44:36:EE:79:1A:95:7C:B1:4B:15, DirName:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/Email=email@1.address/Email=email@2.address, serial:00
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Subject Alternative Name: 
+                email:email@1.address, email:email@2.address
+
+CONFIGURATION FILES.
+
+The OpenSSL utilities 'ca' and 'req' can now have extension sections listing
+which certificate extensions to include. In each case a line:
+
+x509_extensions = extension_section
+
+indicates which section contains the extensions. In the case of 'req' the
+extension section is used when the -x509 option is present to create a
+self signed root certificate.
+
+The 'x509' utility also supports extensions when it signs a certificate.
+The -extfile option is used to set the configuration file containing the
+extensions. In this case a line with:
+
+extensions = extension_section
+
+in the nameless (default) section is used. If no such line is included then
+it uses the default section.
+
+You can also add extensions to CRLs: a line
+
+crl_extensions = crl_extension_section
+
+will include extensions when the -gencrl option is used with the 'ca' utility.
+You can add any extension to a CRL but of the supported extensions only
+issuerAltName and authorityKeyIdentifier make any real sense. Note: these are
+CRL extensions NOT CRL *entry* extensions which cannot currently be generated.
+CRL entry extensions can be displayed.
+
+NB. At this time Netscape Communicator rejects V2 CRLs: to get an old V1 CRL
+you should not include a crl_extensions line in the configuration file.
+
+As with all configuration files you can use the inbuilt environment expansion
+to allow the values to be passed in the environment. Therefore if you have
+several extension sections used for different purposes you can have a line:
+
+x509_extensions = $ENV::ENV_EXT
+
+and set the ENV_EXT environment variable before calling the relevant utility.
+
+EXTENSION SYNTAX.
+
+Extensions have the basic form:
+
+extension_name=[critical,] extension_options
+
+the use of the critical option makes the extension critical. Extreme caution
+should be made when using the critical flag. If an extension is marked
+as critical then any client that does not understand the extension should
+reject it as invalid. Some broken software will reject certificates which
+have *any* critical extensions (these violates PKIX but we have to live
+with it).
+
+There are three main types of extension: string extensions, multi-valued
+extensions, and raw extensions.
+
+String extensions simply have a string which contains either the value itself
+or how it is obtained.
+
+For example:
+
+nsComment="This is a Comment"
+
+Multi-valued extensions have a short form and a long form. The short form
+is a list of names and values:
+
+basicConstraints=critical,CA:true,pathlen:1
+
+The long form allows the values to be placed in a separate section:
+
+basicConstraints=critical,@bs_section
+
+[bs_section]
+
+CA=true
+pathlen=1
+
+Both forms are equivalent. However it should be noted that in some cases the
+same name can appear multiple times, for example,
+
+subjectAltName=email:steve@here,email:steve@there
+
+in this case an equivalent long form is:
+
+subjectAltName=@alt_section
+
+[alt_section]
+
+email.1=steve@here
+email.2=steve@there
+
+This is because the configuration file code cannot handle the same name
+occurring twice in the same extension.
+
+The syntax of raw extensions is governed by the extension code: it can
+for example contain data in multiple sections. The correct syntax to
+use is defined by the extension code itself: check out the certificate
+policies extension for an example.
+
+In addition it is also possible to use the word DER to include arbitrary
+data in any extension.
+
+1.2.3.4=critical,DER:01:02:03:04
+1.2.3.4=DER:01020304
+
+The value following DER is a hex dump of the DER encoding of the extension
+Any extension can be placed in this form to override the default behaviour.
+For example:
+
+basicConstraints=critical,DER:00:01:02:03
+
+WARNING: DER should be used with caution. It is possible to create totally
+invalid extensions unless care is taken.
+
+CURRENTLY SUPPORTED EXTENSIONS.
+
+If you aren't sure about extensions then they can be largely ignored: its only
+when you want to do things like restrict certificate usage when you need to
+worry about them. 
+
+The only extension that a beginner might want to look at is Basic Constraints.
+If in addition you want to try Netscape object signing the you should also
+look at Netscape Certificate Type.
+
+Literal String extensions.
+
+In each case the 'value' of the extension is placed directly in the
+extension. Currently supported extensions in this category are: nsBaseUrl,
+nsRevocationUrl, nsCaRevocationUrl, nsRenewalUrl, nsCaPolicyUrl,
+nsSslServerName and nsComment.
+
+For example:
+
+nsComment="This is a test comment"
+
+Bit Strings.
+
+Bit string extensions just consist of a list of supported bits, currently
+two extensions are in this category: PKIX keyUsage and the Netscape specific
+nsCertType.
+
+nsCertType (netscape certificate type) takes the flags: client, server, email,
+objsign, reserved, sslCA, emailCA, objCA.
+
+keyUsage (PKIX key usage) takes the flags: digitalSignature, nonRepudiation,
+keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign,
+encipherOnly, decipherOnly.
+
+For example:
+
+nsCertType=server
+
+keyUsage=digitalSignature, nonRepudiation
+
+Hints on Netscape Certificate Type.
+
+Other than Basic Constraints this is the only extension a beginner might
+want to use, if you want to try Netscape object signing, otherwise it can
+be ignored.
+
+If you want a certificate that can be used just for object signing then:
+
+nsCertType=objsign
+
+will do the job. If you want to use it as a normal end user and server
+certificate as well then
+
+nsCertType=objsign,email,server
+
+is more appropriate. You cannot use a self signed certificate for object
+signing (well Netscape signtool can but it cheats!) so you need to create
+a CA certificate and sign an end user certificate with it.
+
+Side note: If you want to conform to the Netscape specifications then you
+should really also set:
+
+nsCertType=objCA
+
+in the *CA* certificate for just an object signing CA and
+
+nsCertType=objCA,emailCA,sslCA
+
+for everything. Current Netscape software doesn't enforce this so it can
+be omitted.
+
+Basic Constraints.
+
+This is generally the only extension you need to worry about for simple
+applications. If you want your certificate to be usable as a CA certificate
+(in addition to an end user certificate) then you set this to:
+
+basicConstraints=CA:TRUE
+
+if you want to be certain the certificate cannot be used as a CA then do:
+
+basicConstraints=CA:FALSE
+
+The rest of this section describes more advanced usage.
+
+Basic constraints is a multi-valued extension that supports a CA and an
+optional pathlen option. The CA option takes the values true and false and
+pathlen takes an integer. Note if the CA option is false the pathlen option
+should be omitted. 
+
+The pathlen parameter indicates the maximum number of CAs that can appear
+below this one in a chain. So if you have a CA with a pathlen of zero it can
+only be used to sign end user certificates and not further CAs. This all
+assumes that the software correctly interprets this extension of course.
+
+Examples:
+
+basicConstraints=CA:TRUE
+basicConstraints=critical,CA:TRUE, pathlen:0
+
+NOTE: for a CA to be considered valid it must have the CA option set to
+TRUE. An end user certificate MUST NOT have the CA value set to true.
+According to PKIX recommendations it should exclude the extension entirely,
+however some software may require CA set to FALSE for end entity certificates.
+
+Subject Key Identifier.
+
+This is really a string extension and can take two possible values. Either
+a hex string giving details of the extension value to include or the word
+'hash' which then automatically follow PKIX guidelines in selecting and
+appropriate key identifier. The use of the hex string is strongly discouraged.
+
+Example: subjectKeyIdentifier=hash
+
+Authority Key Identifier.
+
+The authority key identifier extension permits two options. keyid and issuer:
+both can take the optional value "always".
+
+If the keyid option is present an attempt is made to copy the subject key
+identifier from the parent certificate. If the value "always" is present
+then an error is returned if the option fails.
+
+The issuer option copies the issuer and serial number from the issuer
+certificate. Normally this will only be done if the keyid option fails or
+is not included: the "always" flag will always include the value.
+
+Subject Alternative Name.
+
+The subject alternative name extension allows various literal values to be
+included in the configuration file. These include "email" (an email address)
+"URI" a uniform resource indicator, "DNS" (a DNS domain name), RID (a
+registered ID: OBJECT IDENTIFIER) and IP (and IP address).
+
+Also the email option include a special 'copy' value. This will automatically
+include and email addresses contained in the certificate subject name in
+the extension.
+
+Examples:
+
+subjectAltName=email:copy,email:my@other.address,URL:http://my.url.here/
+subjectAltName=email:my@other.address,RID:1.2.3.4
+
+Issuer Alternative Name.
+
+The issuer alternative name option supports all the literal options of
+subject alternative name. It does *not* support the email:copy option because
+that would not make sense. It does support an additional issuer:copy option
+that will copy all the subject alternative name values from the issuer 
+certificate (if possible).
+
+CRL distribution points.
+
+This is a multi-valued extension that supports all the literal options of
+subject alternative name. Of the few software packages that currently interpret
+this extension most only interpret the URI option.
+
+Currently each option will set a new DistributionPoint with the fullName
+field set to the given value.
+
+Other fields like cRLissuer and reasons cannot currently be set or displayed:
+at this time no examples were available that used these fields.
+
+If you see this extension with <UNSUPPORTED> when you attempt to print it out
+or it doesn't appear to display correctly then let me know, including the
+certificate (mail me at steve@openssl.org) .
+
+Examples:
+
+crlDistributionPoints=URI:http://www.myhost.com/myca.crl
+crlDistributionPoints=URI:http://www.my.com/my.crl,URI:http://www.oth.com/my.crl
+
+Certificate Policies.
+
+This is a RAW extension. It attempts to display the contents of this extension:
+unfortunately this extension is often improperly encoded.
+
+The certificate policies extension will rarely be used in practice: few
+software packages interpret it correctly or at all. IE5 does partially
+support this extension: but it needs the 'ia5org' option because it will
+only correctly support a broken encoding. Of the options below only the
+policy OID, explicitText and CPS options are displayed with IE5.
+
+All the fields of this extension can be set by using the appropriate syntax.
+
+If you follow the PKIX recommendations of not including any qualifiers and just
+using only one OID then you just include the value of that OID. Multiple OIDs
+can be set separated by commas, for example:
+
+certificatePolicies= 1.2.4.5, 1.1.3.4
+
+If you wish to include qualifiers then the policy OID and qualifiers need to
+be specified in a separate section: this is done by using the @section syntax
+instead of a literal OID value.
+
+The section referred to must include the policy OID using the name
+policyIdentifier, cPSuri qualifiers can be included using the syntax:
+
+CPS.nnn=value
+
+userNotice qualifiers can be set using the syntax:
+
+userNotice.nnn=@notice
+
+The value of the userNotice qualifier is specified in the relevant section.
+This section can include explicitText, organization and noticeNumbers
+options. explicitText and organization are text strings, noticeNumbers is a
+comma separated list of numbers. The organization and noticeNumbers options
+(if included) must BOTH be present. If you use the userNotice option with IE5
+then you need the 'ia5org' option at the top level to modify the encoding:
+otherwise it will not be interpreted properly.
+
+Example:
+
+certificatePolicies=ia5org,1.2.3.4,1.5.6.7.8,@polsect
+
+[polsect]
+
+policyIdentifier = 1.3.5.8
+CPS.1="http://my.host.name/"
+CPS.2="http://my.your.name/"
+userNotice.1=@notice
+
+[notice]
+
+explicitText="Explicit Text Here"
+organization="Organisation Name"
+noticeNumbers=1,2,3,4
+
+TECHNICAL NOTE: the ia5org option changes the type of the 'organization' field,
+according to PKIX it should be of type DisplayText but Verisign uses an 
+IA5STRING and IE5 needs this too.
+
+Display only extensions.
+
+Some extensions are only partially supported and currently are only displayed
+but cannot be set. These include private key usage period, CRL number, and
+CRL reason.
+
+==============================================================================
+		X509V3 Extension code: programmers guide
+==============================================================================
+
+The purpose of the extension code is twofold. It allows an extension to be
+created from a string or structure describing its contents and it prints out an
+extension in a human or machine readable form.
+
+1. Initialisation and cleanup.
+
+X509V3_add_standard_extensions();
+
+This function should be called before any other extension code. It adds support
+for some common PKIX and Netscape extensions. Additional custom extensions can
+be added as well (see later).
+
+void X509V3_EXT_cleanup(void);
+
+This function should be called last to cleanup the extension code. After this
+call no other extension calls should be made.
+
+2. Printing and parsing extensions.
+
+The simplest way to print out extensions is via the standard X509 printing
+routines: if you use the standard X509_print() function, the supported
+extensions will be printed out automatically.
+
+The following functions allow finer control over extension display:
+
+int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent);
+int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
+
+These two functions print out an individual extension to a BIO or FILE pointer.
+Currently the flag argument is unused and should be set to 0. The 'indent'
+argument is the number of spaces to indent each line.
+
+void *X509V3_EXT_d2i(X509_EXTENSION *ext);
+
+This function parses an extension and returns its internal structure. The
+precise structure you get back depends on the extension being parsed. If the
+extension if basicConstraints you will get back a pointer to a
+BASIC_CONSTRAINTS structure. Check out the source in crypto/x509v3 for more
+details about the structures returned. The returned structure should be freed
+after use using the relevant free function, BASIC_CONSTRAINTS_free() for 
+example.
+
+3. Generating extensions.
+
+An extension will typically be generated from a configuration file, or some
+other kind of configuration database.
+
+int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+								 X509 *cert);
+int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+								 X509_CRL *crl);
+
+These functions add all the extensions in the given section to the given
+certificate or CRL. They will normally be called just before the certificate
+or CRL is due to be signed. Both return 0 on error on non zero for success.
+
+In each case 'conf' is the LHASH pointer of the configuration file to use
+and 'section' is the section containing the extension details.
+
+See the 'context functions' section for a description of the ctx paramater.
+
+
+X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
+								 char *value);
+
+This function returns an extension based on a name and value pair, if the
+pair will not need to access other sections in a config file (or there is no
+config file) then the 'conf' parameter can be set to NULL.
+
+X509_EXTENSION *X509V3_EXT_conf_nid(char *conf, X509V3_CTX *ctx, int nid,
+								 char *value);
+
+This function creates an extension in the same way as X509V3_EXT_conf() but
+takes the NID of the extension rather than its name.
+
+For example to produce basicConstraints with the CA flag and a path length of
+10:
+
+x = X509V3_EXT_conf_nid(NULL, NULL, NID_basicConstraints, "CA:TRUE,pathlen:10");
+
+
+X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
+
+This function sets up an extension from its internal structure. The ext_nid
+parameter is the NID of the extension and 'crit' is the critical flag.
+
+4. Context functions.
+
+The following functions set and manipulate an extension context structure.
+The purpose of the extension context is to allow the extension code to
+access various structures relating to the "environment" of the certificate:
+for example the issuers certificate or the certificate request.
+
+void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
+                                 X509_REQ *req, X509_CRL *crl, int flags);
+
+This function sets up an X509V3_CTX structure with details of the certificate
+environment: specifically the issuers certificate, the subject certificate,
+the certificate request and the CRL: if these are not relevant or not
+available then they can be set to NULL. The 'flags' parameter should be set
+to zero.
+
+X509V3_set_ctx_test(ctx)
+
+This macro is used to set the 'ctx' structure to a 'test' value: this is to
+allow the syntax of an extension (or configuration file) to be tested.
+
+X509V3_set_ctx_nodb(ctx)
+
+This macro is used when no configuration database is present.
+
+void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
+
+This function is used to set the configuration database when it is an LHASH
+structure: typically a configuration file.
+
+The following functions are used to access a configuration database: they
+should only be used in RAW extensions.
+
+char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
+
+This function returns the value of the parameter "name" in "section", or NULL
+if there has been an error.
+
+void X509V3_string_free(X509V3_CTX *ctx, char *str);
+
+This function frees up the string returned by the above function.
+
+STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section);
+
+This function returns a whole section as a STACK_OF(CONF_VALUE) .
+
+void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
+
+This function frees up the STACK returned by the above function.
+
+Note: it is possible to use the extension code with a custom configuration
+database. To do this the "db_meth" element of the X509V3_CTX structure should
+be set to an X509V3_CTX_METHOD structure. This structure contains the following
+function pointers:
+
+char * (*get_string)(void *db, char *section, char *value);
+STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section);
+void (*free_string)(void *db, char * string);
+void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
+
+these will be called and passed the 'db' element in the X509V3_CTX structure
+to access the database. If a given function is not implemented or not required
+it can be set to NULL.
+
+5. String helper functions.
+
+There are several "i2s" and "s2i" functions that convert structures to and
+from ASCII strings. In all the "i2s" cases the returned string should be
+freed using Free() after use. Since some of these are part of other extension
+code they may take a 'method' parameter. Unless otherwise stated it can be
+safely set to NULL.
+
+char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct);
+
+This returns a hex string from an ASN1_OCTET_STRING.
+
+char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
+char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
+
+These return a string decimal representations of an ASN1_INTEGER and an
+ASN1_ENUMERATED type, respectively.
+
+ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
+                                                   X509V3_CTX *ctx, char *str);
+
+This converts an ASCII hex string to an ASN1_OCTET_STRING.
+
+ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);
+
+This converts a decimal ASCII string into an ASN1_INTEGER.
+
+6. Multi valued extension helper functions.
+
+The following functions can be used to manipulate STACKs of CONF_VALUE
+structures, as used by multi valued extensions.
+
+int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
+
+This function expects a boolean value in 'value' and sets 'asn1_bool' to
+it. That is it sets it to 0 for FALSE or 0xff for TRUE. The following
+strings are acceptable: "TRUE", "true", "Y", "y", "YES", "yes", "FALSE"
+"false", "N", "n", "NO" or "no".
+
+int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
+
+This accepts a decimal integer of arbitrary length and sets an ASN1_INTEGER.
+
+int X509V3_add_value(const char *name, const char *value,
+						STACK_OF(CONF_VALUE) **extlist);
+
+This simply adds a string name and value pair.
+
+int X509V3_add_value_uchar(const char *name, const unsigned char *value,
+                          			STACK_OF(CONF_VALUE) **extlist);
+
+The same as above but for an unsigned character value.
+
+int X509V3_add_value_bool(const char *name, int asn1_bool,
+						STACK_OF(CONF_VALUE) **extlist);
+
+This adds either "TRUE" or "FALSE" depending on the value of 'ans1_bool'
+
+int X509V3_add_value_bool_nf(char *name, int asn1_bool,
+						STACK_OF(CONF_VALUE) **extlist);
+
+This is the same as above except it adds nothing if asn1_bool is FALSE.
+
+int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
+						STACK_OF(CONF_VALUE) **extlist);
+
+This function adds the value of the ASN1_INTEGER in decimal form.
+
+7. Other helper functions.
+
+<to be added>
+
+ADDING CUSTOM EXTENSIONS.
+
+Currently there are three types of supported extensions. 
+
+String extensions are simple strings where the value is placed directly in the
+extensions, and the string returned is printed out.
+
+Multi value extensions are passed a STACK_OF(CONF_VALUE) name and value pairs
+or return a STACK_OF(CONF_VALUE).
+
+Raw extensions are just passed a BIO or a value and it is the extensions
+responsiblity to handle all the necessary printing.
+
+There are two ways to add an extension. One is simply as an alias to an already
+existing extension. An alias is an extension that is identical in ASN1 structure
+to an existing extension but has a different OBJECT IDENTIFIER. This can be
+done by calling:
+
+int X509V3_EXT_add_alias(int nid_to, int nid_from);
+
+'nid_to' is the new extension NID and 'nid_from' is the already existing
+extension NID.
+
+Alternatively an extension can be written from scratch. This involves writing
+the ASN1 code to encode and decode the extension and functions to print out and
+generate the extension from strings. The relevant functions are then placed in
+a X509V3_EXT_METHOD structure and int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
+called.
+
+The X509V3_EXT_METHOD structure is described below.
+
+strut {
+int ext_nid;
+int ext_flags;
+X509V3_EXT_NEW ext_new;
+X509V3_EXT_FREE ext_free;
+X509V3_EXT_D2I d2i;
+X509V3_EXT_I2D i2d;
+X509V3_EXT_I2S i2s;
+X509V3_EXT_S2I s2i;
+X509V3_EXT_I2V i2v;
+X509V3_EXT_V2I v2i;
+X509V3_EXT_R2I r2i;
+X509V3_EXT_I2R i2r;
+
+void *usr_data;
+};
+
+The elements have the following meanings.
+
+ext_nid		is the NID of the object identifier of the extension.
+
+ext_flags	is set of flags. Currently the only external flag is
+		X509V3_EXT_MULTILINE which means a multi valued extensions
+		should be printed on separate lines.
+
+usr_data	is an extension specific pointer to any relevant data. This
+		allows extensions to share identical code but have different
+		uses. An example of this is the bit string extension which uses
+		usr_data to contain a list of the bit names.
+
+All the remaining elements are function pointers.
+
+ext_new		is a pointer to a function that allocates memory for the
+		extension ASN1 structure: for example ASN1_OBJECT_new().
+
+ext_free	is a pointer to a function that free up memory of the extension
+		ASN1 structure: for example ASN1_OBJECT_free().
+
+d2i		is the standard ASN1 function that converts a DER buffer into
+		the internal ASN1 structure: for example d2i_ASN1_IA5STRING().
+
+i2d		is the standard ASN1 function that converts the internal
+		structure into the DER representation: for example
+		i2d_ASN1_IA5STRING().
+
+The remaining functions are depend on the type of extension. One i2X and
+one X2i should be set and the rest set to NULL. The types set do not need
+to match up, for example the extension could be set using the multi valued
+v2i function and printed out using the raw i2r.
+
+All functions have the X509V3_EXT_METHOD passed to them in the 'method'
+parameter and an X509V3_CTX structure. Extension code can then access the
+parent structure via the 'method' parameter to for example make use of the value
+of usr_data. If the code needs to use detail relating to the request it can
+use the 'ctx' parameter.
+
+A note should be given here about the 'flags' member of the 'ctx' parameter.
+If it has the value CTX_TEST then the configuration syntax is being checked
+and no actual certificate or CRL exists. Therefore any attempt in the config
+file to access such information should silently succeed. If the syntax is OK
+then it should simply return a (possibly bogus) extension, otherwise it
+should return NULL.
+
+char *i2s(struct v3_ext_method *method, void *ext);
+
+This function takes the internal structure in the ext parameter and returns
+a Malloc'ed string representing its value.
+
+void * s2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
+
+This function takes the string representation in the ext parameter and returns
+an allocated internal structure: ext_free() will be used on this internal
+structure after use.
+
+i2v and v2i handle a STACK_OF(CONF_VALUE):
+
+typedef struct
+{
+        char *section;
+        char *name;
+        char *value;
+} CONF_VALUE;
+
+Only the name and value members are currently used.
+
+STACK_OF(CONF_VALUE) * i2v(struct v3_ext_method *method, void *ext);
+
+This function is passed the internal structure in the ext parameter and
+returns a STACK of CONF_VALUE structures. The values of name, value,
+section and the structure itself will be freed up with Free after use.
+Several helper functions are available to add values to this STACK.
+
+void * v2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx,
+						STACK_OF(CONF_VALUE) *values);
+
+This function takes a STACK_OF(CONF_VALUE) structures and should set the
+values of the external structure. This typically uses the name element to
+determine which structure element to set and the value element to determine
+what to set it to. Several helper functions are available for this
+purpose (see above).
+
+int i2r(struct v3_ext_method *method, void *ext, BIO *out, int indent);
+
+This function is passed the internal extension structure in the ext parameter
+and sends out a human readable version of the extension to out. The 'indent'
+paremeter should be noted to determine the necessary amount of indentation
+needed on the output.
+
+void * r2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
+
+This is just passed the string representation of the extension. It is intended
+to be used for more elaborate extensions where the standard single and multi
+valued options are insufficient. They can use the 'ctx' parameter to parse the
+configuration database themselves. See the context functions section for details
+of how to do this.
+
+Note: although this type takes the same parameters as the "r2s" function there
+is a subtle difference. Whereas an "r2i" function can access a configuration
+database an "s2i" function MUST NOT. This is so the internal code can safely
+assume that an "s2i" function will work without a configuration database.
+
+==============================================================================
+                            PKCS#12 Library
+==============================================================================
+
+This section describes the internal PKCS#12 support. There are very few
+differences between the old external library and the new internal code at
+present. This may well change because the external library will not be updated
+much in future.
+
+This version now includes a couple of high level PKCS#12 functions which
+generally "do the right thing" and should make it much easier to handle PKCS#12
+structures.
+
+HIGH LEVEL FUNCTIONS.
+
+For most applications you only need concern yourself with the high level
+functions. They can parse and generate simple PKCS#12 files as produced by
+Netscape and MSIE or indeed any compliant PKCS#12 file containing a single
+private key and certificate pair.
+
+1. Initialisation and cleanup.
+
+No special initialisation is needed for the internal PKCS#12 library: the 
+standard SSLeay_add_all_algorithms() is sufficient. If you do not wish to
+add all algorithms (you should at least add SHA1 though) then you can manually
+initialise the PKCS#12 library with:
+
+PKCS12_PBE_add();
+
+The memory allocated by the PKCS#12 library is freed up when EVP_cleanup() is
+called or it can be directly freed with:
+
+EVP_PBE_cleanup();
+
+after this call (or EVP_cleanup() ) no more PKCS#12 library functions should
+be called.
+
+2. I/O functions.
+
+i2d_PKCS12_bio(bp, p12)
+
+This writes out a PKCS12 structure to a BIO.
+
+i2d_PKCS12_fp(fp, p12)
+
+This is the same but for a FILE pointer.
+
+d2i_PKCS12_bio(bp, p12)
+
+This reads in a PKCS12 structure from a BIO.
+
+d2i_PKCS12_fp(fp, p12)
+
+This is the same but for a FILE pointer.
+
+3. Parsing and creation functions.
+
+3.1 Parsing with PKCS12_parse().
+
+int PKCS12_parse(PKCS12 *p12, char *pass, EVP_PKEY **pkey, X509 **cert,
+								 STACK **ca);
+
+This function takes a PKCS12 structure and a password (ASCII, null terminated)
+and returns the private key, the corresponding certificate and any CA
+certificates. If any of these is not required it can be passed as a NULL.
+The 'ca' parameter should be either NULL, a pointer to NULL or a valid STACK
+structure. Typically to read in a PKCS#12 file you might do:
+
+p12 = d2i_PKCS12_fp(fp, NULL);
+PKCS12_parse(p12, password, &pkey, &cert, NULL); 	/* CAs not wanted */
+PKCS12_free(p12);
+
+3.2 PKCS#12 creation with PKCS12_create().
+
+PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
+			STACK *ca, int nid_key, int nid_cert, int iter,
+						 int mac_iter, int keytype);
+
+This function will create a PKCS12 structure from a given password, name,
+private key, certificate and optional STACK of CA certificates. The remaining
+5 parameters can be set to 0 and sensible defaults will be used.
+
+The parameters nid_key and nid_cert are the key and certificate encryption
+algorithms, iter is the encryption iteration count, mac_iter is the MAC
+iteration count and keytype is the type of private key. If you really want
+to know what these last 5 parameters do then read the low level section.
+
+Typically to create a PKCS#12 file the following could be used:
+
+p12 = PKCS12_create(pass, "My Certificate", pkey, cert, NULL, 0,0,0,0,0);
+i2d_PKCS12_fp(fp, p12);
+PKCS12_free(p12);
+
+LOW LEVEL FUNCTIONS.
+
+In some cases the high level functions do not provide the necessary
+functionality. For example if you want to generate or parse more complex
+PKCS#12 files. The sample pkcs12 application uses the low level functions
+to display details about the internal structure of a PKCS#12 file.
+
+Introduction.
+
+This is a brief description of how a PKCS#12 file is represented internally:
+some knowledge of PKCS#12 is assumed.
+
+A PKCS#12 object contains several levels.
+
+At the lowest level is a PKCS12_SAFEBAG. This can contain a certificate, a
+CRL, a private key, encrypted or unencrypted, a set of safebags (so the
+structure can be nested) or other secrets (not documented at present). 
+A safebag can optionally have attributes, currently these are: a unicode
+friendlyName (a Unicode string) or a localKeyID (a string of bytes).
+
+At the next level is an authSafe which is a set of safebags collected into
+a PKCS#7 ContentInfo. This can be just plain data, or encrypted itself.
+
+At the top level is the PKCS12 structure itself which contains a set of
+authSafes in an embedded PKCS#7 Contentinfo of type data. In addition it
+contains a MAC which is a kind of password protected digest to preserve
+integrity (so any unencrypted stuff below can't be tampered with).
+
+The reason for these levels is so various objects can be encrypted in various
+ways. For example you might want to encrypt a set of private keys with
+triple-DES and then include the related certificates either unencrypted or
+with lower encryption. Yes it's the dreaded crypto laws at work again which
+allow strong encryption on private keys and only weak encryption on other
+stuff.
+
+To build one of these things you turn all certificates and keys into safebags
+(with optional attributes). You collect the safebags into (one or more) STACKS
+and convert these into authsafes (encrypted or unencrypted).  The authsafes
+are collected into a STACK and added to a PKCS12 structure.  Finally a MAC
+inserted.
+
+Pulling one apart is basically the reverse process. The MAC is verified against
+the given password. The authsafes are extracted and each authsafe split into
+a set of safebags (possibly involving decryption). Finally the safebags are
+decomposed into the original keys and certificates and the attributes used to
+match up private key and certificate pairs.
+
+Anyway here are the functions that do the dirty work.
+
+1. Construction functions.
+
+1.1 Safebag functions.
+
+M_PKCS12_x5092certbag(x509)
+
+This macro takes an X509 structure and returns a certificate bag. The
+X509 structure can be freed up after calling this function.
+
+M_PKCS12_x509crl2certbag(crl)
+
+As above but for a CRL.
+
+PKCS8_PRIV_KEY_INFO *PKEY2PKCS8(EVP_PKEY *pkey)
+
+Take a private key and convert it into a PKCS#8 PrivateKeyInfo structure.
+Works for both RSA and DSA private keys. NB since the PKCS#8 PrivateKeyInfo
+structure contains a private key data in plain text form it should be free'd
+up as soon as it has been encrypted for security reasons (freeing up the
+structure zeros out the sensitive data). This can be done with
+PKCS8_PRIV_KEY_INFO_free().
+
+PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage)
+
+This sets the key type when a key is imported into MSIE or Outlook 98. Two
+values are currently supported: KEY_EX and KEY_SIG. KEY_EX is an exchange type
+key that can also be used for signing but its size is limited in the export
+versions of MS software to 512 bits, it is also the default. KEY_SIG is a
+signing only key but the keysize is unlimited (well 16K is supposed to work).
+If you are using the domestic version of MSIE then you can ignore this because
+KEY_EX is not limited and can be used for both.
+
+PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
+
+Convert a PKCS8 private key structure into a keybag. This routine embeds the
+p8 structure in the keybag so p8 should not be freed up or used after it is
+called.  The p8 structure will be freed up when the safebag is freed.
+
+PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8)
+
+Convert a PKCS#8 structure into a shrouded key bag (encrypted). p8 is not
+embedded and can be freed up after use.
+
+int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen)
+int PKCS12_add_friendlyname(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen)
+
+Add a local key id or a friendlyname to a safebag.
+
+1.2 Authsafe functions.
+
+PKCS7 *PKCS12_pack_p7data(STACK *sk)
+Take a stack of safebags and convert them into an unencrypted authsafe. The
+stack of safebags can be freed up after calling this function.
+
+PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, STACK *bags);
+
+As above but encrypted.
+
+1.3 PKCS12 functions.
+
+PKCS12 *PKCS12_init(int mode)
+
+Initialise a PKCS12 structure (currently mode should be NID_pkcs7_data).
+
+M_PKCS12_pack_authsafes(p12, safes)
+
+This macro takes a STACK of authsafes and adds them to a PKCS#12 structure.
+
+int PKCS12_set_mac(PKCS12 *p12, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, EVP_MD *md_type);
+
+Add a MAC to a PKCS12 structure. If EVP_MD is NULL use SHA-1, the spec suggests
+that SHA-1 should be used.
+
+2. Extraction Functions.
+
+2.1 Safebags.
+
+M_PKCS12_bag_type(bag)
+
+Return the type of "bag". Returns one of the following
+
+NID_keyBag
+NID_pkcs8ShroudedKeyBag			7
+NID_certBag				8
+NID_crlBag				9
+NID_secretBag				10
+NID_safeContentsBag			11
+
+M_PKCS12_cert_bag_type(bag)
+
+Returns type of certificate bag, following are understood.
+
+NID_x509Certificate			14
+NID_sdsiCertificate			15
+
+M_PKCS12_crl_bag_type(bag)
+
+Returns crl bag type, currently only NID_crlBag is recognised.
+
+M_PKCS12_certbag2x509(bag)
+
+This macro extracts an X509 certificate from a certificate bag.
+
+M_PKCS12_certbag2x509crl(bag)
+
+As above but for a CRL.
+
+EVP_PKEY * PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
+
+Extract a private key from a PKCS8 private key info structure.
+
+M_PKCS12_decrypt_skey(bag, pass, passlen) 
+
+Decrypt a shrouded key bag and return a PKCS8 private key info structure.
+Works with both RSA and DSA keys
+
+char *PKCS12_get_friendlyname(bag)
+
+Returns the friendlyName of a bag if present or NULL if none. The returned
+string is a null terminated ASCII string allocated with Malloc(). It should 
+thus be freed up with Free() after use.
+
+2.2 AuthSafe functions.
+
+M_PKCS12_unpack_p7data(p7)
+
+Extract a STACK of safe bags from a PKCS#7 data ContentInfo.
+
+#define M_PKCS12_unpack_p7encdata(p7, pass, passlen)
+
+As above but for an encrypted content info.
+
+2.3 PKCS12 functions.
+
+M_PKCS12_unpack_authsafes(p12)
+
+Extract a STACK of authsafes from a PKCS12 structure.
+
+M_PKCS12_mac_present(p12)
+
+Check to see if a MAC is present.
+
+int PKCS12_verify_mac(PKCS12 *p12, unsigned char *pass, int passlen)
+
+Verify a MAC on a PKCS12 structure. Returns an error if MAC not present.
+
+
+Notes.
+
+1. All the function return 0 or NULL on error.
+2. Encryption based functions take a common set of parameters. These are
+described below.
+
+pass, passlen
+ASCII password and length. The password on the MAC is called the "integrity
+password" the encryption password is called the "privacy password" in the
+PKCS#12 documentation. The passwords do not have to be the same. If -1 is
+passed for the length it is worked out by the function itself (currently
+this is sometimes done whatever is passed as the length but that may change).
+
+salt, saltlen
+A 'salt' if salt is NULL a random salt is used. If saltlen is also zero a
+default length is used.
+
+iter
+Iteration count. This is a measure of how many times an internal function is
+called to encrypt the data. The larger this value is the longer it takes, it
+makes dictionary attacks on passwords harder. NOTE: Some implementations do
+not support an iteration count on the MAC. If the password for the MAC and
+encryption is the same then there is no point in having a high iteration
+count for encryption if the MAC has no count. The MAC could be attacked
+and the password used for the main decryption.
+
+pbe_nid
+This is the NID of the password based encryption method used. The following are
+supported.
+NID_pbe_WithSHA1And128BitRC4
+NID_pbe_WithSHA1And40BitRC4
+NID_pbe_WithSHA1And3_Key_TripleDES_CBC
+NID_pbe_WithSHA1And2_Key_TripleDES_CBC
+NID_pbe_WithSHA1And128BitRC2_CBC
+NID_pbe_WithSHA1And40BitRC2_CBC
+
+Which you use depends on the implementation you are exporting to. "Export
+grade" (i.e. cryptographically challenged) products cannot support all
+algorithms. Typically you may be able to use any encryption on shrouded key
+bags but they must then be placed in an unencrypted authsafe. Other authsafes
+may only support 40bit encryption. Of course if you are using SSLeay
+throughout you can strongly encrypt everything and have high iteration counts
+on everything.
+
+3. For decryption routines only the password and length are needed.
+
+4. Unlike the external version the nid's of objects are the values of the
+constants: that is NID_certBag is the real nid, therefore there is no 
+PKCS12_obj_offset() function.  Note the object constants are not the same as
+those of the external version. If you use these constants then you will need
+to recompile your code.
+
+5. With the exception of PKCS12_MAKE_KEYBAG(), after calling any function or 
+macro of the form PKCS12_MAKE_SOMETHING(other) the "other" structure can be
+reused or freed up safely.
+
diff --git a/lib/libssl/src/doc/openssl_button.gif b/lib/libssl/src/doc/openssl_button.gif
new file mode 100644
index 00000000000..3d3c90c9f84
--- /dev/null
+++ b/lib/libssl/src/doc/openssl_button.gif
diff --git a/lib/libssl/src/doc/openssl_button.html b/lib/libssl/src/doc/openssl_button.html
new file mode 100644
index 00000000000..44c91bd3d06
--- /dev/null
+++ b/lib/libssl/src/doc/openssl_button.html
@@ -0,0 +1,7 @@
+
+<!-- the `Includes OpenSSL Cryptogaphy Software' button      -->
+<!-- freely usable by any application linked against OpenSSL -->
+<a   href="http://www.openssl.org/">
+<img src="openssl_button.gif" 
+     width=102 height=47 border=0></a>
+
diff --git a/lib/libssl/src/doc/rand.doc b/lib/libssl/src/doc/rand.doc
deleted file mode 100644
index da02a07f64f..00000000000
--- a/lib/libssl/src/doc/rand.doc
+++ /dev/null
@@ -1,141 +0,0 @@
-My Random number library.
-
-These routines can be used to generate pseudo random numbers and can be
-used to 'seed' the pseudo random number generator (RNG).  The RNG make no
-effort to reproduce the same random number stream with each execution.
-Various other routines in the SSLeay library 'seed' the RNG when suitable
-'random' input data is available.  Read the section at the end for details
-on the design of the RNG.
-
-void RAND_bytes(
-unsigned char *buf,
-int num);
-	This routine puts 'num' random bytes into 'buf'.  One should make
-	sure RAND_seed() has been called before using this routine.
-	
-void RAND_seed(
-unsigned char *buf,
-int num);
-	This routine adds more 'seed' data the RNG state.  'num' bytes
-	are added to the RNG state, they are taken from 'buf'.  This
-	routine can be called with sensitive data such as user entered
-	passwords.  This sensitive data is in no way recoverable from
-	the RAND library routines or state.  Try to pass as much data
-	from 'random' sources as possible into the RNG via this function.
-	Also strongly consider using the RAND_load_file() and
-	RAND_write_file() routines.
-
-void RAND_cleanup();
-	When a program has finished with the RAND library, if it so
-	desires, it can 'zero' all RNG state.
-	
-The following 3 routines are convenience routines that can be used to
-'save' and 'restore' data from/to the RNG and it's state.
-Since the more 'random' data that is feed as seed data the better, why not
-keep it around between executions of the program?  Of course the
-application should pass more 'random' data in via RAND_seed() and 
-make sure no-one can read the 'random' data file.
-	
-char *RAND_file_name(
-char *buf,
-int size);
-	This routine returns a 'default' name for the location of a 'rand'
-	file.  The 'rand' file should keep a sequence of random bytes used
-	to initialise the RNG.  The filename is put in 'buf'.  Buf is 'size'
-	bytes long.  Buf is returned if things go well, if they do not,
-	NULL is returned.  The 'rand' file name is generated in the
-	following way.  First, if there is a 'RANDFILE' environment
-	variable, it is returned.  Second, if there is a 'HOME' environment
-	variable, $HOME/.rand is returned.  Third, NULL is returned.  NULL
-	is also returned if a buf would overflow.
-
-int RAND_load_file(
-char *file,
-long number);
-	This function 'adds' the 'file' into the RNG state.  It does this by
-	doing a RAND_seed() on the value returned from a stat() system call
-	on the file and if 'number' is non-zero, upto 'number' bytes read
-	from the file.  The number of bytes passed to RAND_seed() is returned.
-
-int RAND_write_file(
-char *file),
-	RAND_write_file() writes N random bytes to the file 'file', where
-	N is the size of the internal RND state (currently 1k).
-	This is a suitable method of saving RNG state for reloading via
-	RAND_load_file().
-
-What follows is a description of this RNG and a description of the rational
-behind it's design.
-
-It should be noted that this RNG is intended to be used to generate
-'random' keys for various ciphers including generation of DH and RSA keys.  
-
-It should also be noted that I have just created a system that I am happy with.
-It may be overkill but that does not worry me.  I have not spent that much
-time on this algorithm so if there are glaring errors, please let me know.
-Speed has not been a consideration in the design of these routines.
-
-First up I will state the things I believe I need for a good RNG.
-1) A good hashing algorithm to mix things up and to convert the RNG 'state'
-   to random numbers.
-2) An initial source of random 'state'.
-3) The state should be very large.  If the RNG is being used to generate
-   4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum).
-   If your RNG state only has 128 bits, you are obviously limiting the
-   search space to 128 bits, not 2048.  I'm probably getting a little
-   carried away on this last point but it does indicate that it may not be
-   a bad idea to keep quite a lot of RNG state.  It should be easier to
-   break a cipher than guess the RNG seed data.
-4) Any RNG seed data should influence all subsequent random numbers
-   generated.  This implies that any random seed data entered will have
-   an influence on all subsequent random numbers generated.
-5) When using data to seed the RNG state, the data used should not be
-   extractable from the RNG state.  I believe this should be a
-   requirement because one possible source of 'secret' semi random
-   data would be a private key or a password.  This data must
-   not be disclosed by either subsequent random numbers or a
-   'core' dump left by a program crash.
-6) Given the same initial 'state', 2 systems should deviate in their RNG state
-   (and hence the random numbers generated) over time if at all possible.
-7) Given the random number output stream, it should not be possible to determine
-   the RNG state or the next random number.
-
-
-The algorithm is as follows.
-
-There is global state made up of a 1023 byte buffer (the 'state'), a
-working message digest ('md') and a counter ('count').
-
-Whenever seed data is added, it is inserted into the 'state' as
-follows.
-	The input is chopped up into units of 16 bytes (or less for
-	the last block).  Each of these blocks is run through the MD5
-	message digest.  The data passed to the MD5 digest is the
-	current 'md', the same number of bytes from the 'state'
-	(the location determined by in incremented looping index) as
-	the current 'block' and the new key data 'block'.  The result
-	of this is kept in 'md' and also xored into the 'state' at the
-	same locations that were used as input into the MD5.
-	I believe this system addresses points 1 (MD5), 3 (the 'state'),
-	4 (via the 'md'), 5 (by the use of MD5 and xor).
-
-When bytes are extracted from the RNG, the following process is used.
-For each group of 8 bytes (or less), we do the following,
-	Input into MD5, the top 8 bytes from 'md', the byte that are
-	to be overwritten by the random bytes and bytes from the
-	'state' (incrementing looping index).  From this digest output
-	(which is kept in 'md'), the top (upto) 8 bytes are
-	returned to the caller and the bottom (upto) 8 bytes are xored
-	into the 'state'.
-	Finally, after we have finished 'generation' random bytes for the
-	called, 'count' (which is incremented) and 'md' are fed into MD5 and
-	the results are kept in 'md'.
-	I believe the above addressed points 1 (use of MD5), 6 (by
-	hashing into the 'state' the 'old' data from the caller that
-	is about to be overwritten) and 7 (by not using the 8 bytes
-	given to the caller to update the 'state', but they are used
-	to update 'md').
-
-So of the points raised, only 2 is not addressed, but sources of
-random data will always be a problem.
-	
diff --git a/lib/libssl/src/doc/rc2.doc b/lib/libssl/src/doc/rc2.doc
deleted file mode 100644
index efab015bd15..00000000000
--- a/lib/libssl/src/doc/rc2.doc
+++ /dev/null
@@ -1,165 +0,0 @@
-The RC2 library.
-
-RC2 is a block cipher that operates on 64bit (8 byte) quantities.  It
-uses variable size key, but 128bit (16 byte) key would normally be considered
-good.  It can be used in all the modes that DES can be used.  This
-library implements the ecb, cbc, cfb64, ofb64 modes.
-
-I have implemented this library from an article posted to sci.crypt on
-11-Feb-1996.  I personally don't know how far to trust the RC2 cipher.
-While it is capable of having a key of any size, not much reseach has
-publically been done on it at this point in time (Apr-1996)
-since the cipher has only been public for a few months :-)
-It is of a similar speed to DES and IDEA, so unless it is required for
-meeting some standard (SSLv2, perhaps S/MIME), it would probably be advisable
-to stick to IDEA, or for the paranoid, Tripple DES.
-
-Mind you, having said all that, I should mention that I just read alot and
-implement ciphers, I'm a 'babe in the woods' when it comes to evaluating
-ciphers :-).
-
-For all calls that have an 'input' and 'output' variables, they can be the
-same.
-
-This library requires the inclusion of 'rc2.h'.
-
-All of the encryption functions take what is called an RC2_KEY as an 
-argument.  An RC2_KEY is an expanded form of the RC2 key.
-For all modes of the RC2 algorithm, the RC2_KEY used for
-decryption is the same one that was used for encryption.
-
-The define RC2_ENCRYPT is passed to specify encryption for the functions
-that require an encryption/decryption flag. RC2_DECRYPT is passed to
-specify decryption.
-
-Please note that any of the encryption modes specified in my DES library
-could be used with RC2.  I have only implemented ecb, cbc, cfb64 and
-ofb64 for the following reasons.
-- ecb is the basic RC2 encryption.
-- cbc is the normal 'chaining' form for block ciphers.
-- cfb64 can be used to encrypt single characters, therefore input and output
-  do not need to be a multiple of 8.
-- ofb64 is similar to cfb64 but is more like a stream cipher, not as
-  secure (not cipher feedback) but it does not have an encrypt/decrypt mode.
-- If you want triple RC2, thats 384 bits of key and you must be totally
-  obsessed with security.  Still, if you want it, it is simple enough to
-  copy the function from the DES library and change the des_encrypt to
-  RC2_encrypt; an exercise left for the paranoid reader :-).
-
-The functions are as follows:
-
-void RC2_set_key(
-RC2_KEY *ks;
-int len;
-unsigned char *key;
-int bits;
-        RC2_set_key converts an 'len' byte key into a RC2_KEY.
-        A 'ks' is an expanded form of the 'key' which is used to
-        perform actual encryption.  It can be regenerated from the RC2 key
-        so it only needs to be kept when encryption or decryption is about
-        to occur.  Don't save or pass around RC2_KEY's since they
-        are CPU architecture dependent, 'key's are not.  RC2 is an
-	interesting cipher in that it can be used with a variable length
-	key.  'len' is the length of 'key' to be used as the key.
-	A 'len' of 16 is recomended.  The 'bits' argument is an
-	interesting addition which I only found out about in Aug 96.
-	BSAFE uses this parameter to 'limit' the number of bits used
-	for the key.  To use the 'key' unmodified, set bits to 1024.
-	This is what old versions of my RC2 library did (SSLeay 0.6.3).
-	RSAs BSAFE library sets this parameter to be 128 if 128 bit
-	keys are being used.  So to be compatable with BSAFE, set it
-	to 128, if you don't want to reduce RC2's key length, leave it
-	at 1024.
-	
-void RC2_encrypt(
-unsigned long *data,
-RC2_KEY *key,
-int encrypt);
-	This is the RC2 encryption function that gets called by just about
-	every other RC2 routine in the library.  You should not use this
-	function except to implement 'modes' of RC2.  I say this because the
-	functions that call this routine do the conversion from 'char *' to
-	long, and this needs to be done to make sure 'non-aligned' memory
-	access do not occur.
-	Data is a pointer to 2 unsigned long's and key is the
-	RC2_KEY to use.  Encryption or decryption is indicated by 'encrypt'.
-	which can have the values RC2_ENCRYPT or RC2_DECRYPT.
-
-void RC2_ecb_encrypt(
-unsigned char *in,
-unsigned char *out,
-RC2_KEY *key,
-int encrypt);
-	This is the basic Electronic Code Book form of RC2 (in DES this
-	mode is called Electronic Code Book so I'm going to use the term
-	for rc2 as well.
-	Input is encrypted into output using the key represented by
-	key.  Depending on the encrypt, encryption or
-	decryption occurs.  Input is 8 bytes long and output is 8 bytes.
-	
-void RC2_cbc_encrypt(
-unsigned char *in,
-unsigned char *out,
-long length,
-RC2_KEY *ks,
-unsigned char *ivec,
-int encrypt);
-	This routine implements RC2 in Cipher Block Chaining mode.
-	Input, which should be a multiple of 8 bytes is encrypted
-	(or decrypted) to output which will also be a multiple of 8 bytes.
-	The number of bytes is in length (and from what I've said above,
-	should be a multiple of 8).  If length is not a multiple of 8, bad 
-	things will probably happen.  ivec is the initialisation vector.
-	This function updates iv after each call so that it can be passed to
-	the next call to RC2_cbc_encrypt().
-	
-void RC2_cfb64_encrypt(
-unsigned char *in,
-unsigned char *out,
-long length,
-RC2_KEY *schedule,
-unsigned char *ivec,
-int *num,
-int encrypt);
-	This is one of the more useful functions in this RC2 library, it
-	implements CFB mode of RC2 with 64bit feedback.
-	This allows you to encrypt an arbitrary number of bytes,
-	you do not require 8 byte padding.  Each call to this
-	routine will encrypt the input bytes to output and then update ivec
-	and num.  Num contains 'how far' we are though ivec.
-	'Encrypt' is used to indicate encryption or decryption.
-	CFB64 mode operates by using the cipher to generate a stream
-	of bytes which is used to encrypt the plain text.
-	The cipher text is then encrypted to generate the next 64 bits to
-	be xored (incrementally) with the next 64 bits of plain
-	text.  As can be seen from this, to encrypt or decrypt,
-	the same 'cipher stream' needs to be generated but the way the next
-	block of data is gathered for encryption is different for
-	encryption and decryption.
-	
-void RC2_ofb64_encrypt(
-unsigned char *in,
-unsigned char *out,
-long length,
-RC2_KEY *schedule,
-unsigned char *ivec,
-int *num);
-	This functions implements OFB mode of RC2 with 64bit feedback.
-	This allows you to encrypt an arbitrary number of bytes,
-	you do not require 8 byte padding.  Each call to this
-	routine will encrypt the input bytes to output and then update ivec
-	and num.  Num contains 'how far' we are though ivec.
-	This is in effect a stream cipher, there is no encryption or
-	decryption mode.
-	
-For reading passwords, I suggest using des_read_pw_string() from my DES library.
-To generate a password from a text string, I suggest using MD5 (or MD2) to
-produce a 16 byte message digest that can then be passed directly to
-RC2_set_key().
-
-=====
-For more information about the specific RC2 modes in this library
-(ecb, cbc, cfb and ofb), read the section entitled 'Modes of DES' from the
-documentation on my DES library.  What is said about DES is directly
-applicable for RC2.
-
diff --git a/lib/libssl/src/doc/rc4.doc b/lib/libssl/src/doc/rc4.doc
deleted file mode 100644
index 4b2897eb743..00000000000
--- a/lib/libssl/src/doc/rc4.doc
+++ /dev/null
@@ -1,44 +0,0 @@
-The RC4 library.
-RC4 is a stream cipher that operates on a byte stream.  It can be used with
-any length key but I would recommend normally using 16 bytes.
-
-This library requires the inclusion of 'rc4.h'.
-
-The RC4 encryption function takes what is called an RC4_KEY as an argument.
-The RC4_KEY is generated by the RC4_set_key function from the key bytes.
-
-RC4, being a stream cipher, does not have an encryption or decryption mode.
-It produces a stream of bytes that the input stream is xor'ed against and
-so decryption is just a case of 'encrypting' again with the same key.
-
-I have only put in one 'mode' for RC4 which is the normal one.  This means
-there is no initialisation vector and there is no feedback of the cipher
-text into the cipher.  This implies that you should not ever use the
-same key twice if you can help it.  If you do, you leave yourself open to
-known plain text attacks; if you know the plain text and
-corresponding cipher text in one message, all messages that used the same
-key can have the cipher text decoded for the corresponding positions in the
-cipher stream.
-
-The main positive feature of RC4 is that it is a very fast cipher; about 4
-times faster that DES.  This makes it ideally suited to protocols where the
-key is randomly chosen, like SSL.
-
-The functions are as follows:
-
-void RC4_set_key(
-RC4_KEY *key;
-int len;
-unsigned char *data);
-	This function initialises the RC4_KEY structure with the key passed
-	in 'data', which is 'len' bytes long.  The key data can be any
-	length but 16 bytes seems to be a good number.
-
-void RC4(
-RC4_KEY *key;
-unsigned long len;
-unsigned char *in;
-unsigned char *out);
-	Do the actual RC4 encryption/decryption.  Using the 'key', 'len'
-	bytes are transformed from 'in' to 'out'.  As mentioned above,
-	decryption is the operation as encryption.
diff --git a/lib/libssl/src/doc/readme b/lib/libssl/src/doc/readme
deleted file mode 100644
index 824d4fd0e26..00000000000
--- a/lib/libssl/src/doc/readme
+++ /dev/null
@@ -1,6 +0,0 @@
-This is the old 0.6.6 docuementation.  Most of the cipher stuff is still
-relevent but I'm working (very slowly) on new docuemtation.
-The current version can be found online at
-
-http://www.cryptsoft.com/ssleay/doc
-
diff --git a/lib/libssl/src/doc/ref.doc b/lib/libssl/src/doc/ref.doc
deleted file mode 100644
index 211559900de..00000000000
--- a/lib/libssl/src/doc/ref.doc
+++ /dev/null
@@ -1,48 +0,0 @@
-I have lots more references etc, and will update this list in the future,
-30 Aug 1996 - eay
-
-
-SSL	The SSL Protocol - from Netscapes.
-
-RC4	Newsgroups: sci.crypt
-	From: sterndark@netcom.com (David Sterndark)
-	Subject: RC4 Algorithm revealed.
-	Message-ID: <sternCvKL4B.Hyy@netcom.com>
-
-RC2	Newsgroups: sci.crypt
-	From: pgut01@cs.auckland.ac.nz (Peter Gutmann)
-	Subject: Specification for Ron Rivests Cipher No.2
-	Message-ID: <4fk39f$f70@net.auckland.ac.nz>
-
-MD2	RFC1319 The MD2 Message-Digest Algorithm
-MD5	RFC1321 The MD5 Message-Digest Algorithm
-
-X509 Certificates
-	RFC1421 Privacy Enhancement for Internet Electronic Mail: Part I
-	RFC1422 Privacy Enhancement for Internet Electronic Mail: Part II
-	RFC1423 Privacy Enhancement for Internet Electronic Mail: Part III
-	RFC1424 Privacy Enhancement for Internet Electronic Mail: Part IV
-
-RSA and various standard encoding
-	PKCS#1 RSA Encryption Standard
-	PKCS#5 Password-Based Encryption Standard
-	PKCS#7 Cryptographic Message Syntax Standard
-	A Layman's Guide to a Subset of ASN.1, BER, and DER
-	An Overview of the PKCS Standards
-	Some Examples of the PKCS Standards
-
-IDEA	Chapter 3 The Block Cipher IDEA
-
-RSA, prime number generation and bignum algorithms
-	Introduction To Algorithms,
-	Thomas Cormen, Charles Leiserson, Ronald Rivest,
-	Section 29 Arithmetic Circuits
-	Section 33 Number-Theoretic Algorithms
-
-Fast Private Key algorithm
-	Fast Decipherment Algorithm for RSA Public-Key Cryptosystem
-	J.-J. Quisquater and C. Couvreur, Electronics Letters,
-	14th October 1982, Vol. 18 No. 21
-
-Prime number generation and bignum algorithms.
-	PGP-2.3a
diff --git a/lib/libssl/src/doc/req.1 b/lib/libssl/src/doc/req.1
deleted file mode 100644
index 684fda580ef..00000000000
--- a/lib/libssl/src/doc/req.1
+++ /dev/null
@@ -1,137 +0,0 @@
-The 'req' command is used to manipulate and deal with pkcs#10
-certificate requests.
-
-It's default mode of operation is to load a certificate and then
-write it out again.
-
-By default the 'req' is read from stdin in 'PEM' format.
-The -inform option can be used to specify 'pem' format or 'der'
-format.  PEM format is the base64 encoding of the DER format.
-
-By default 'req' then writes the request back out. -outform can be used
-to indicate the desired output format, be it 'pem' or 'der'.
-
-To specify an input file, use the '-in' option and the '-out' option
-can be used to specify the output file.
-
-If you wish to perform a command and not output the certificate
-request afterwards, use the '-noout' option.
-
-When a certificate is loaded, it can be printed in a human readable
-ascii format via the '-text' option.
-
-To check that the signature on a certificate request is correct, use
-the '-verify' option to make sure that the private key contained in the
-certificate request corresponds to the signature.
-
-Besides the default mode, there is also the 'generate a certificate
-request' mode.  There are several flags that trigger this mode.
-
--new will generate a new RSA key (if required) and then prompts
-the user for details for the certificate request.
--newkey has an argument that is the number of bits to make the new
-key.  This function also triggers '-new'.
-
-The '-new' option can have a key to use specified instead of having to
-load one, '-key' is used to specify the file containg the key.
--keyform can be used to specify the format of the key.  Only
-'pem' and 'der' formats are supported, later, 'netscape' format may be added.
-
-Finally there is the '-x509' options which makes req output a self
-signed x509 certificate instead of a certificate request.
-
-Now as you may have noticed, there are lots of default options that
-cannot be specified via the command line.  They are held in a 'template'
-or 'configuration file'.  The -config option specifies which configuration
-file to use.  See conf.doc for details on the syntax of this file.
-
-The req command uses the 'req' section of the config file.
-
----
-# The following variables are defined.  For this example I will populate
-# the various values
-[ req ]
-default_bits	= 512		# default number of bits to use.
-default_keyfile	= testkey.pem	# Where to write the generated keyfile
-				# if not specified.
-distinguished_name= req_dn	# The section that contains the
-				# information about which 'object' we
-				# want to put in the DN.
-attributes	= req_attr	# The objects we want for the
-				# attributes field.
-encrypt_rsa_key	= no		# Should we encrypt newly generated
-				# keys.  I strongly recommend 'yes'.
-
-# The distinguished name section.  For the following entries, the
-# object names must exist in the SSLeay header file objects.h.  If they
-# do not, they will be silently ignored.  The entries have the following
-# format.
-# <object_name>		=> string to prompt with
-# <object_name>_default	=> default value for people
-# <object_name>_value	=> Automatically use this value for this field.
-# <object_name>_min	=> minimum number of characters for data (def. 0)
-# <object_name>_max	=> maximum number of characters for data (def. inf.)
-# All of these entries are optional except for the first one.
-[ req_dn ]
-countryName			= Country Name (2 letter code)
-countryName_default		= AU
-
-stateOrProvinceName		= State or Province Name (full name)
-stateOrProvinceName_default	= Queensland
-
-localityName			= Locality Name (eg, city)
-
-organizationName		= Organization Name (eg, company)
-organizationName_default	= Mincom Pty Ltd
-
-organizationalUnitName		= Organizational Unit Name (eg, section)
-organizationalUnitName_default	= MTR
-
-commonName			= Common Name (eg, YOUR name)
-commonName_max			= 64
-
-emailAddress			= Email Address
-emailAddress_max		= 40
-
-# The next section is the attributes section.  This is exactly the
-# same as for the previous section except that the resulting objects are
-# put in the attributes field. 
-[ req_attr ]
-challengePassword		= A challenge password
-challengePassword_min		= 4
-challengePassword_max		= 20
-
-unstructuredName		= An optional company name
-
-----
-Also note that the order that attributes appear in this file is the
-order they will be put into the distinguished name.
-
-Once this request has been generated, it can be sent to a CA for
-certifying.
-
-----
-A few quick examples....
-
-To generate a new request and a new key
-req -new
-
-To generate a new request and a 1058 bit key
-req -newkey 1058
-
-To generate a new request using a pre-existing key
-req -new -key key.pem
-
-To generate a self signed x509 certificate from a certificate
-request using a supplied key, and we want to see the text form of the
-output certificate (which we will put in the file selfSign.pem
-req -x509 -in req.pem -key key.pem -text -out selfSign.pem
-
-Verify that the signature is correct on a certificate request.
-req -verify -in req.pem
-
-Verify that the signature was made using a specified public key.
-req -verify -in req.pem -key key.pem
-
-Print the contents of a certificate request
-req -text -in req.pem
diff --git a/lib/libssl/src/doc/rsa.doc b/lib/libssl/src/doc/rsa.doc
deleted file mode 100644
index f260452bc6e..00000000000
--- a/lib/libssl/src/doc/rsa.doc
+++ /dev/null
@@ -1,135 +0,0 @@
-The RSA encryption and utility routines.
-
-The RSA routines are built on top of a big number library (the BN library).
-There are support routines in the X509 library for loading and manipulating
-the various objects in the RSA library.  When errors are returned, read
-about the ERR library for how to access the error codes.
-
-All RSA encryption is done according to the PKCS-1 standard which is
-compatible with PEM and RSAref.  This means that any values being encrypted
-must be less than the size of the modulus in bytes, minus 10, bytes long.
-
-This library uses RAND_bytes()() for it's random data, make sure to feed
-RAND_seed() with lots of interesting and varied data before using these
-routines.
-
-The RSA library has one specific data type, the RSA structure.
-It is composed of 8 BIGNUM variables (see the BN library for details) and
-can hold either a private RSA key or a public RSA key.
-Some RSA libraries have different structures for public and private keys, I
-don't.  For my libraries, a public key is determined by the fact that the
-RSA->d value is NULL.  These routines will operate on any size RSA keys.
-While I'm sure 4096 bit keys are very very secure, they take a lot longer
-to process that 1024 bit keys :-).
-
-The function in the RSA library are as follows.
-
-RSA *RSA_new();
-	This function creates a new RSA object.  The sub-fields of the RSA
-	type are also malloced so you should always use this routine to
-	create RSA variables.
-	
-void RSA_free(
-RSA *rsa);
-	This function 'frees' an RSA structure.  This routine should always
-	be used to free the RSA structure since it will also 'free' any
-	sub-fields of the RSA type that need freeing.
-	
-int RSA_size(
-RSA *rsa);	
-	This function returns the size of the RSA modulus in bytes.  Why do
-	I need this you may ask, well the reason is that when you encrypt
-	with RSA, the output string will be the size of the RSA modulus.
-	So the output for the RSA_encrypt and the input for the RSA_decrypt
-	routines need to be RSA_size() bytes long, because this is how many
-	bytes are expected.
-	
-For the following 4 RSA encryption routines, it should be noted that
-RSA_private_decrypt() should be used on the output from 
-RSA_public_encrypt() and RSA_public_decrypt() should be used on
-the output from RSA_private_encrypt().
-	
-int RSA_public_encrypt(
-int from_len;
-unsigned char *from	
-unsigned char *to	
-RSA *rsa);
-	This function implements RSA public encryption, the rsa variable
-	should be a public key (but can be a private key).  'from_len'
-	bytes taken from 'from' and encrypted and put into 'to'.  'to' needs
-	to be at least RSA_size(rsa) bytes long.  The number of bytes
-	written into 'to' is returned.  -1 is returned on an error.  The
-	operation performed is
-	to = from^rsa->e mod rsa->n.
-	
-int RSA_private_encrypt(
-int from_len;
-unsigned char *from	
-unsigned char *to	
-RSA *rsa);
-	This function implements RSA private encryption, the rsa variable
-	should be a private key.  'from_len' bytes taken from
-	'from' and encrypted and put into 'to'.  'to' needs
-	to be at least RSA_size(rsa) bytes long.  The number of bytes
-	written into 'to' is returned.  -1 is returned on an error.  The
-	operation performed is
-	to = from^rsa->d mod rsa->n.
-
-int RSA_public_decrypt(
-int from_len;
-unsigned char *from	
-unsigned char *to	
-RSA *rsa);
-	This function implements RSA public decryption, the rsa variable
-	should be a public key (but can be a private key).  'from_len'
-	bytes are taken from 'from' and decrypted.  The decrypted data is
-	put into 'to'.  The number of bytes encrypted is returned.  -1 is
-	returned to indicate an error. The operation performed is
-	to = from^rsa->e mod rsa->n.
-
-int RSA_private_decrypt(
-int from_len;
-unsigned char *from	
-unsigned char *to	
-RSA *rsa);
-	This function implements RSA private decryption, the rsa variable
-	should be a private key.  'from_len' bytes are taken
-	from 'from' and decrypted.  The decrypted data is
-	put into 'to'.  The number of bytes encrypted is returned.  -1 is
-	returned to indicate an error. The operation performed is
-	to = from^rsa->d mod rsa->n.
-
-int RSA_mod_exp(
-BIGNUM *n;
-BIGNUM *p;
-RSA *rsa);
-	Normally you will never use this routine.
-	This is really an internal function which is called by
-	RSA_private_encrypt() and RSA_private_decrypt().  It performs
-	n=n^p mod rsa->n except that it uses the 5 extra variables in the
-	RSA structure to make this more efficient.
-	
-RSA *RSA_generate_key(
-int bits;
-unsigned long e;
-void (*callback)();
-char *cb_arg;
-	This routine is used to generate RSA private keys.  It takes
-	quite a period of time to run and should only be used to
-	generate initial private keys that should then be stored
-	for later use.  The passed callback function 
-	will be called periodically so that feedback can be given
-	as to how this function is progressing.
-	'bits' is the length desired for the modulus, so it would be 1024
-	to generate a 1024 bit private key.
-	'e' is the value to use for the public exponent 'e'.  Traditionally
-	it is set to either 3 or 0x10001.
-	The callback function (if not NULL) is called in the following
-	situations.
-	when we have generated a suspected prime number to test,
-	callback(0,num1++,cb_arg).  When it passes a prime number test,
-	callback(1,num2++,cb_arg).  When it is rejected as one of
-	the 2 primes required due to gcd(prime,e value) != 0,
-	callback(2,num3++,cb_arg).  When finally accepted as one
-	of the 2 primes, callback(3,num4++,cb_arg).
-
diff --git a/lib/libssl/src/doc/rsaref.doc b/lib/libssl/src/doc/rsaref.doc
deleted file mode 100644
index 0505b76f762..00000000000
--- a/lib/libssl/src/doc/rsaref.doc
+++ /dev/null
@@ -1,35 +0,0 @@
-This package can be compiled to use the RSAref library.
-This library is not allowed outside of the USA but inside the USA it is
-claimed by RSA to be the only RSA public key library that can be used
-besides BSAFE..
-
-There are 2 files, rsaref/rsaref.c and rsaref/rsaref.h that contain the glue
-code to use RSAref.  These files were written by looking at the PGP
-source code and seeing which routines it used to access RSAref.
-I have also been sent by some-one a copy of the RSAref header file that
-contains the library error codes.
-
-[ Jun 1996 update - I have recently gotten hold of RSAref 2.0 from
-  South Africa and have been doing some performace tests. ]
-	
-They have now been tested against the recently announced RSAEURO
-library.
-
-There are 2 ways to use SSLeay and RSAref.  First, to build so that
-the programs must be linked with RSAref, add '-DRSAref' to CFLAG in the top
-level makefile and -lrsaref (or where ever you are keeping RSAref) to
-EX_LIBS.
-
-To build a makefile via util/mk1mf.pl to do this, use the 'rsaref' option.
-
-The second method is to build as per normal and link applications with
-the RSAglue library.  The correct library order would be
-cc -o cmd cmd.o -lssl -lRSAglue -lcrypto -lrsaref -ldes
-The RSAglue library is built in the rsa directory and is NOT
-automatically installed.
-
-Be warned that the RSAEURO library, that is claimed to be compatible
-with RSAref contains a different value for the maximum number of bits
-supported.  This changes structure sizes and so if you are using
-RSAEURO, change the value of RSAref_MAX_BITS in rsa/rsaref.h
-
diff --git a/lib/libssl/src/doc/s_mult.doc b/lib/libssl/src/doc/s_mult.doc
deleted file mode 100644
index 726085bc575..00000000000
--- a/lib/libssl/src/doc/s_mult.doc
+++ /dev/null
@@ -1,17 +0,0 @@
-s_mult is a test program I hacked up on a Sunday for testing non-blocking
-IO.  It has a select loop at it's centre that handles multiple readers
-and writers.
-
-Try the following command
-ssleay s_mult -echo -nbio -ssl -v
-echo - sends any sent text back to the sender
-nbio - turns on non-blocking IO
-ssl  - accept SSL connections, default is normal text
-v    - print lots
-	type Q<cr> to quit
-
-In another window, run the following
-ssleay s_client -pause </etc/termcap
-
-The pause option puts in a 1 second pause in each read(2)/write(2) call
-so the other end will have read()s fail.
diff --git a/lib/libssl/src/doc/session.doc b/lib/libssl/src/doc/session.doc
deleted file mode 100644
index ffccb0306e0..00000000000
--- a/lib/libssl/src/doc/session.doc
+++ /dev/null
@@ -1,297 +0,0 @@
-I have just checked over and re-worked the session stuff.
-The following brief example will ignore all setup information to do with
-authentication.
-
-Things operate as follows.
-
-The SSL environment has a 'context', a SSL_CTX structure.  This holds the
-cached SSL_SESSIONS (which can be reused) and the certificate lookup
-information.  Each SSL structure needs to be associated with a SSL_CTX.
-Normally only one SSL_CTX structure is needed per program.
-
-SSL_CTX *SSL_CTX_new(void ); 
-void    SSL_CTX_free(SSL_CTX *);
-These 2 functions create and destroy SSL_CTX structures
-
-The SSL_CTX has a session_cache_mode which is by default,
-in SSL_SESS_CACHE_SERVER mode.  What this means is that the library
-will automatically add new session-id's to the cache apon sucsessful
-SSL_accept() calls.
-If SSL_SESS_CACHE_CLIENT is set, then client certificates are also added
-to the cache.
-SSL_set_session_cache_mode(ctx,mode)  will set the 'mode' and
-SSL_get_session_cache_mode(ctx) will get the cache 'mode'.
-The modes can be
-SSL_SESS_CACHE_OFF	- no caching
-SSL_SESS_CACHE_CLIENT	- only SSL_connect()
-SSL_SESS_CACHE_SERVER	- only SSL_accept()
-SSL_SESS_NO_CACHE_BOTH	- Either SSL_accept() or SSL_connect().
-If SSL_SESS_CACHE_NO_AUTO_CLEAR is set, old timed out sessions are
-not automatically removed each 255, SSL_connect()s or SSL_accept()s.
-
-By default, apon every 255 successful SSL_connect() or SSL_accept()s,
-the cache is flush.  Please note that this could be expensive on
-a heavily loaded SSL server, in which case, turn this off and
-clear the cache of old entries 'manually' (with one of the functions
-listed below) every few hours.  Perhaps I should up this number, it is hard
-to say.  Remember, the '255' new calls is just a mechanims to get called
-every now and then, in theory at most 255 new session-id's will have been
-added but if 100 are added every minute, you would still have
-500 in the cache before any would start being flushed (assuming a 3 minute
-timeout)..
-
-int SSL_CTX_sess_hits(SSL_CTX *ctx);
-int SSL_CTX_sess_misses(SSL_CTX *ctx);
-int SSL_CTX_sess_timeouts(SSL_CTX *ctx);
-These 3 functions return statistics about the SSL_CTX.  These 3 are the
-number of session id reuses.  hits is the number of reuses, misses are the
-number of lookups that failed, and timeouts is the number of cached
-entries ignored because they had timeouted.
-
-ctx->new_session_cb is a function pointer to a function of type
-int new_session_callback(SSL *ssl,SSL_SESSION *new);
-This function, if set in the SSL_CTX structure is called whenever a new
-SSL_SESSION is added to the cache.  If the callback returns non-zero, it
-means that the application will have to do a SSL_SESSION_free()
-on the structure (this is
-to do with the cache keeping the reference counts correct, without the
-application needing to know about it.
-The 'active' parameter is the current SSL session for which this connection
-was created.
-
-void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,int (*cb)());
-to set the callback,
-int (*cb)() SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)
-to get the callback.
-
-If the 'get session' callback is set, when a session id is looked up and
-it is not in the session-id cache, this callback is called.  The callback is
-of the form
-SSL_SESSION *get_session_callback(unsigned char *sess_id,int sess_id_len,
-	int *copy);
-
-The get_session_callback is intended to return null if no session id is found.
-The reference count on the SSL_SESSION in incremented by the SSL library,
-if copy is 1.  Otherwise, the reference count is not modified.
-
-void SSL_CTX_sess_set_get_cb(ctx,cb) sets the callback and
-int (*cb)()SSL_CTX_sess_get_get_cb(ctx) returns the callback.
-
-These callbacks are basically indended to be used by processes to
-send their session-id's to other processes.  I currently have not implemented
-non-blocking semantics for these callbacks, it is upto the appication
-to make the callbacks effiecent if they require blocking (perhaps
-by 'saving' them and then 'posting them' when control returns from
-the SSL_accept().
-
-LHASH *SSL_CTX_sessions(SSL_CTX *ctx)
-This returns the session cache.  The lhash strucutre can be accessed for
-statistics about the cache.
-
-void lh_stats(LHASH *lh, FILE *out);
-void lh_node_stats(LHASH *lh, FILE *out);
-void lh_node_usage_stats(LHASH *lh, FILE *out);
-
-can be used to print details about it's activity and current state.
-You can also delve directly into the lhash structure for 14 different
-counters that are kept against the structure.  When I wrote the lhash library,
-I was interested in gathering statistics :-).
-Have a read of doc/lhash.doc in the SSLeay distribution area for more details
-on the lhash library.
-
-Now as mentioned ealier, when a SSL is created, it needs a SSL_CTX.
-SSL *   SSL_new(SSL_CTX *);
-
-This stores a session.  A session is secret information shared between 2
-SSL contexts.  It will only be created if both ends of the connection have
-authenticated their peer to their satisfaction.  It basically contains
-the information required to use a particular secret key cipher.
-
-To retrieve the SSL_CTX being used by a SSL,
-SSL_CTX *SSL_get_SSL_CTX(SSL *s);
-
-Now when a SSL session is established between to programs, the 'session'
-information that is cached in the SSL_CTX can me manipulated by the
-following functions.
-int SSL_set_session(SSL *s, SSL_SESSION *session);
-This will set the SSL_SESSION to use for the next SSL_connect().  If you use
-this function on an already 'open' established SSL connection, 'bad things
-will happen'.  This function is meaning-less when used on a ssl strucutre
-that is just about to be used in a SSL_accept() call since the
-SSL_accept() will either create a new session or retrieve one from the
-cache.
-
-SSL_SESSION *SSL_get_session(SSL *s);
-This will return the SSL_SESSION for the current SSL, NULL if there is
-no session associated with the SSL structure.
-
-The SSL sessions are kept in the SSL_CTX in a hash table, to remove a
-session
-void    SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);
-and to add one
-int    SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
-SSL_CTX_add_session() returns 1 if the session was already in the cache (so it
-was not added).
-Whenever a new session is created via SSL_connect()/SSL_accept(),
-they are automatically added to the cache, depending on the session_cache_mode
-settings.  SSL_set_session()
-does not add it to the cache.  Just call SSL_CTX_add_session() if you do want the
-session added.  For a 'client' this would not normally be the case.
-SSL_CTX_add_session() is not normally ever used, except for doing 'evil' things
-which the next 2 funtions help you do.
-
-int     i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);
-SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,unsigned char **pp,long length);
-These 2 functions are in the standard ASN1 library form and can be used to
-load and save to a byte format, the SSL_SESSION structure.
-With these functions, you can save and read these structures to a files or
-arbitary byte string.
-The PEM_write_SSL_SESSION(fp,x) and PEM_read_SSL_SESSION(fp,x,cb) will
-write to a file pointer in base64 encoding.
-
-What you can do with this, is pass session information between separate
-processes.  Please note, that you will probably also need to modify the
-timeout information on the SSL_SESSIONs.
-
-long SSL_get_time(SSL_SESSION *s)
-will return the 'time' that the session
-was loaded.  The timeout is relative to this time.  This information is
-saved when the SSL_SESSION is converted to binarary but it is stored
-in as a unix long, which is rather OS dependant, but easy to convert back.
-
-long SSL_set_time(SSL_SESSION *s,long t) will set the above mentioned time.
-The time value is just the value returned from time(3), and should really
-be defined by be to be time_t.
-
-long SSL_get_timeout(SSL_SESSION *s);
-long SSL_set_timeout(SSL_SESSION *s,long t);
-These 2 retrieve and set the timeout which is just a number of secconds
-from the 'SSL_get_time()' value.  When this time period has elapesed,
-the session will no longer be in the cache (well it will actually be removed
-the next time it is attempted to be retrieved, so you could 'bump'
-the timeout so it remains valid).
-The 'time' and 'timeout' are set on a session when it is created, not reset
-each time it is reused.  If you did wish to 'bump it', just after establishing
-a connection, do a
-SSL_set_time(ssl,time(NULL));
-
-You can also use
-SSL_CTX_set_timeout(SSL_CTX *ctx,unsigned long t) and
-SSL_CTX_get_timeout(SSL_CTX *ctx) to manipulate the default timeouts for
-all SSL connections created against a SSL_CTX.  If you set a timeout in
-an SSL_CTX, all new SSL's created will inherit the timeout.  It can be over
-written by the SSL_set_timeout(SSL *s,unsigned long t) function call.
-If you 'set' the timeout back to 0, the system default will be used.
-
-SSL_SESSION *SSL_SESSION_new();
-void SSL_SESSION_free(SSL_SESSION *ses);
-These 2 functions are used to create and dispose of SSL_SESSION functions.
-You should not ever normally need to use them unless you are using 
-i2d_SSL_SESSION() and/or d2i_SSL_SESSION().  If you 'load' a SSL_SESSION
-via d2i_SSL_SESSION(), you will need to SSL_SESSION_free() it.
-Both SSL_set_session() and SSL_CTX_add_session() will 'take copies' of the
-structure (via reference counts) when it is passed to them.
-
-SSL_CTX_flush_sessions(ctx,time);
-The first function will clear all sessions from the cache, which have expired
-relative to 'time' (which could just be time(NULL)).
-
-SSL_CTX_flush_sessions(ctx,0);
-This is a special case that clears everything.
-
-As a final comment, a 'session' is not enough to establish a new
-connection.  If a session has timed out, a certificate and private key
-need to have been associated with the SSL structure.
-SSL_copy_session_id(SSL *to,SSL *from); will copy not only the session
-strucutre but also the private key and certificate associated with
-'from'.
-
-EXAMPLES.
-
-So lets play at being a wierd SSL server.
-
-/* setup a context */
-ctx=SSL_CTX_new();
-
-/* Lets load some session from binary into the cache, why one would do
- * this is not toally clear, but passing between programs does make sense
- * Perhaps you are using 4096 bit keys and are happy to keep them
- * valid for a week, to avoid the RSA overhead of 15 seconds, I'm not toally
- * sure, perhaps this is a process called from an SSL inetd and this is being 
- * passed to the application. */
-session=d2i_SSL_SESSION(....)
-SSL_CTX_add_session(ctx,session);
-
-/* Lets even add a session from a file */
-session=PEM_read_SSL_SESSION(....)
-SSL_CTX_add_session(ctx,session);
-
-/* create a new SSL structure */
-ssl=SSL_new(ctx);
-
-/* At this point we want to be able to 'create' new session if
- * required, so we need a certificate and RSAkey. */
-SSL_use_RSAPrivateKey_file(ssl,...)
-SSL_use_certificate_file(ssl,...)
-
-/* Now since we are a server, it make little sence to load a session against
- * the ssl strucutre since a SSL_accept() will either create a new session or
- * grab an existing one from the cache. */
-
-/* grab a socket descriptor */
-fd=accept(...);
-
-/* associated it with the ssl strucutre */
-SSL_set_fd(ssl,fd);
-
-SSL_accept(ssl); /* 'do' SSL using out cert and RSA key */
-
-/* Lets print out the session details or lets save it to a file,
- * perhaps with a secret key cipher, so that we can pass it to the FBI
- * when they want to decode the session :-).  While we have RSA
- * this does not matter much but when I do SSLv3, this will allow a mechanism
- * for the server/client to record the information needed to decode
- * the traffic that went over the wire, even when using Diffie-Hellman */
-PEM_write_SSL_SESSION(SSL_get_session(ssl),stdout,....)
-
-Lets 'connect' back to the caller using the same session id.
-
-ssl2=SSL_new(ctx);
-fd2=connect(them);
-SSL_set_fd(ssl2,fd2);
-SSL_set_session(ssl2,SSL_get_session(ssl));
-SSL_connect(ssl2);
-
-/* what the hell, lets accept no more connections using this session */
-SSL_CTX_remove_session(SSL_get_SSL_CTX(ssl),SSL_get_session(ssl));
-
-/* we could have just as easily used ssl2 since they both are using the
- * same session.
- * You will note that both ssl and ssl2 are still using the session, and
- * the SSL_SESSION structure will be free()ed when both ssl and ssl2
- * finish using the session.  Also note that you could continue to initiate
- * connections using this session by doing SSL_get_session(ssl) to get the
- * existing session, but SSL_accept() will not be able to find it to
- * use for incoming connections.
- * Of corse, the session will timeout at the far end and it will no
- * longer be accepted after a while.  The time and timeout are ignored except
- * by SSL_accept(). */
-
-/* Since we have had our server running for 10 weeks, and memory is getting
- * short, perhaps we should clear the session cache to remove those
- * 100000 session entries that have expired.  Some may consider this
- * a memory leak :-) */
-
-SSL_CTX_flush_sessions(ctx,time(NULL));
-
-/* Ok, after a bit more time we wish to flush all sessions from the cache
- * so that all new connections will be authenticated and incure the
- * public key operation overhead */
-
-SSL_CTX_flush_sessions(ctx,0);
-
-/* As a final note, to copy everything to do with a SSL, use */
-SSL_copy_session_id(SSL *to,SSL *from);
-/* as this also copies the certificate and RSA key so new session can
- * be established using the same details */
-
diff --git a/lib/libssl/src/doc/sha.doc b/lib/libssl/src/doc/sha.doc
deleted file mode 100644
index 895fa182ed9..00000000000
--- a/lib/libssl/src/doc/sha.doc
+++ /dev/null
@@ -1,52 +0,0 @@
-The SHA (Secure Hash Algorithm) library.
-SHA is a message digest algorithm that can be used to condense an arbitrary
-length message down to a 20 byte hash.  The functions all need to be passed
-a SHA_CTX which is used to hold the SHA context during multiple SHA_Update()
-function calls.  The normal method of use for this library is as follows
-This library contains both SHA and SHA-1 digest algorithms.  SHA-1 is
-an update to SHA (which should really be called SHA-0 now) which
-tweaks the algorithm slightly.  The SHA-1 algorithm is used by simply
-using SHA1_Init(), SHA1_Update(), SHA1_Final() and SHA1() instead of the
-SHA*() calls
-
-SHA_Init(...);
-SHA_Update(...);
-...
-SHA_Update(...);
-SHA_Final(...);
-
-This library requires the inclusion of 'sha.h'.
-
-The functions are as follows:
-
-void SHA_Init(
-SHA_CTX *c);
-	This function needs to be called to initiate a SHA_CTX structure for
-	use.
-	
-void SHA_Update(
-SHA_CTX *c;
-unsigned char *data;
-unsigned long len);
-	This updates the message digest context being generated with 'len'
-	bytes from the 'data' pointer.  The number of bytes can be any
-	length.
-
-void SHA_Final(
-unsigned char *md;
-SHA_CTX *c;
-	This function is called when a message digest of the data digested
-	with SHA_Update() is wanted.  The message digest is put in the 'md'
-	array and is SHA_DIGEST_LENGTH (20) bytes long.
-
-unsigned char *SHA(
-unsigned char *d;
-unsigned long n;
-unsigned char *md;
-	This function performs a SHA_Init(), followed by a SHA_Update()
-	followed by a SHA_Final() (using a local SHA_CTX).
-	The resulting digest is put into 'md' if it is not NULL.
-	Regardless of the value of 'md', the message
-	digest is returned from the function.  If 'md' was NULL, the message
-	digest returned is being stored in a static structure.
-	
diff --git a/lib/libssl/src/doc/speed.doc b/lib/libssl/src/doc/speed.doc
deleted file mode 100644
index 11dfa85f08d..00000000000
--- a/lib/libssl/src/doc/speed.doc
+++ /dev/null
@@ -1,96 +0,0 @@
-To get an idea of the performance of this library, use
-ssleay speed
-
-perl util/sp-diff.pl file1 file2
-
-will print out the relative differences between the 2 files which are
-expected to be the output from the speed program.
-
-The performace of the library is very dependant on the Compiler
-quality and various flags used to build.
-
----
-
-These are some numbers I did comparing RSAref and SSLeay on a Pentium 100.
-[ These numbers are all out of date, as of SSL - 0.6.1 the RSA
-operations are about 2 times faster, so check the version number ]
-
-RSA performance.
-
-SSLeay 0.6.0
-Pentium 100, 32meg, Windows NT Workstation 3.51
-linux - gcc v 2.7.0 -O3 -fomit-frame-pointer -m486
-and
-Windows NT  - Windows NT 3.51 - Visual C++ 4.1   - 586 code + 32bit assember
-Windows 3.1 - Windows NT 3.51 - Visual C++ 1.52c - 286 code + 32bit assember
-NT Dos Shell- Windows NT 3.51 - Visual C++ 1.52c - 286 code + 16bit assember
-
-Times are how long it takes to do an RSA private key operation.
-
-	       512bits 1024bits
--------------------------------
-SSLeay NT dll	0.042s   0.202s see above
-SSLeay linux	0.046s   0.218s	Assember inner loops (normal build) 
-SSLeay linux	0.067s   0.380s Pure C code with BN_LLONG defined
-SSLeay W3.1 dll	0.108s 	 0.478s see above
-SSLeay linux	0.109s   0.713s C without BN_LLONG.
-RSAref2.0 linux	0.149s   0.936s
-SSLeay MS-DOS	0.197s   1.049s see above
-
-486DX66, 32meg, Windows NT Server 3.51
-	       512bits 1024bits
--------------------------------
-SSLeay NT dll   0.084s	 0.495s	<- SSLeay 0.6.3
-SSLeay NT dll   0.154s   0.882s
-SSLeay W3.1 dll 0.335s   1.538s
-SSLeay MS-DOS	0.490s   2.790s
-
-What I find cute is that I'm still faster than RSAref when using standard C,
-without using the 'long long' data type :-), %35 faster for 512bit and we
-scale up to 3.2 times faster for the 'default linux' build.  I should mention
-that people should 'try' to use either x86-lnx.s (elf), x86-lnxa.s or
-x86-sol.s for any x86 based unix they are building on.  The only problems
-with be with syntax but the performance gain is quite large, especially for
-servers.  The code is very simple, you just need to modify the 'header'.
-
-The message is, if you are stuck using RSAref, the RSA performance will be
-bad. Considering the code was compiled for a pentium, the 486DX66 number
-would indicate 'Use RSAref and turn you Pentium 100 into a 486DX66' :-). 
-[ As of verson 0.6.1, it would be correct to say 'turn you pentium 100
- into a 486DX33' :-) ]
-
-I won't tell people if the DLL's are using RSAref or my stuff if no-one
-asks :-).
-
-eric
-
-PS while I know I could speed things up further, I will probably not do
-   so due to the effort involved.  I did do some timings on the
-   SSLeay bignum format -> RSAref number format conversion that occurs
-   each time RSAref is used by SSLeay, and the numbers are trivial.
-   0.00012s a call for 512bit vs 0.149s for the time spent in the function.
-   0.00018s for 1024bit vs 0.938s.  Insignificant.
-   So the 'way to go', to support faster RSA libraries, if people are keen,
-   is to write 'glue' code in a similar way that I do for RSAref and send it
-   to me :-).
-   My base library still has the advantage of being able to operate on 
-   any size numbers, and is not that far from the performance from the
-   leaders in the field. (-%30?)
-   [ Well as of 0.6.1 I am now the leader in the filed on x86 (we at
-     least very close :-) ]
-
-   I suppose I should also mention some other numbers RSAref numbers, again
-   on my Pentium.
-		DES CBC		EDE-DES		MD5
-   RSAref linux	 830k/s		 302k/s		4390k/s
-   SSLeay linux  855k/s          319k/s        10025k/s
-   SSLeay NT	1158k/s		 410k/s	       10470k/s
-   SSLeay w31	 378k/s		 143k/s         2383k/s (fully 16bit)
-
-   Got to admit that Visual C++ 4.[01] is a damn fine compiler :-)
---
-Eric Young                  | BOOL is tri-state according to Bill Gates.
-AARNet: eay@cryptsoft.com   | RTFM Win32 GetMessage().
-
-
-
diff --git a/lib/libssl/src/doc/ssl-ciph.doc b/lib/libssl/src/doc/ssl-ciph.doc
deleted file mode 100644
index 33a7e41f0e3..00000000000
--- a/lib/libssl/src/doc/ssl-ciph.doc
+++ /dev/null
@@ -1,84 +0,0 @@
-This is a quick high level summery of how things work now.
-
-Each SSLv2 and SSLv3 cipher is composed of 4 major attributes plus a few extra
-minor ones.
-
-They are 'The key exchange algorithm', which is RSA for SSLv2 but can also
-be Diffle-Hellman for SSLv3.
-
-An 'Authenticion algorithm', which can be RSA, Diffle-Helman, DSS or
-none.
-
-The cipher
-
-The MAC digest.
-
-A cipher can also be an export cipher and is either an SSLv2 or a
-SSLv3 ciphers.
-
-To specify which ciphers to use, one can either specify all the ciphers,
-one at a time, or use 'aliases' to specify the preference and order for
-the ciphers.
-
-There are a large number of aliases, but the most importaint are
-kRSA, kDHr, kDHd and kEDH for key exchange types.
-
-aRSA, aDSS, aNULL and aDH for authentication
-DES, 3DES, RC4, RC2, IDEA and eNULL for ciphers
-MD5, SHA0 and SHA1 digests
-
-Now where this becomes interesting is that these can be put together to
-specify the order and ciphers you wish to use.
-
-To speed this up there are also aliases for certian groups of ciphers.
-The main ones are
-SSLv2	- all SSLv2 ciphers
-SSLv3	- all SSLv3 ciphers
-EXP	- all export ciphers
-LOW	- all low strngth ciphers (no export ciphers, normally single DES)
-MEDIUM	- 128 bit encryption
-HIGH	- Triple DES
-
-These aliases can be joined in a : separated list which specifies to
-add ciphers, move them to the current location and delete them.
-
-A simpler way to look at all of this is to use the 'ssleay ciphers -v' command.
-The default library cipher spec is
-!ADH:RC4+RSA:HIGH:MEDIUM:LOW:EXP:+SSLv2:+EXP
-which means, first, remove from consideration any ciphers that do not
-authenticate.  Next up, use ciphers using RC4 and RSA.  Next include the HIGH,
-MEDIUM and the LOW security ciphers.  Finish up by adding all the export
-ciphers on the end, then 'pull' all the SSLv2 and export ciphers to
-the end of the list.
-
-The results are
-$ ssleay ciphers -v '!ADH:RC4+RSA:HIGH:MEDIUM:LOW:EXP:+SSLv2:+EXP'
-
-RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1
-RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5 
-EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
-EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1
-DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1
-IDEA-CBC-MD5            SSLv3 Kx=RSA      Au=RSA  Enc=IDEA(128) Mac=SHA1
-EDH-RSA-DES-CBC-SHA     SSLv3 Kx=DH       Au=RSA  Enc=DES(56)   Mac=SHA1
-EDH-DSS-DES-CBC-SHA     SSLv3 Kx=DH       Au=DSS  Enc=DES(56)   Mac=SHA1
-DES-CBC-SHA             SSLv3 Kx=RSA      Au=RSA  Enc=DES(56)   Mac=SHA1
-DES-CBC3-MD5            SSLv2 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=MD5 
-DES-CBC-MD5             SSLv2 Kx=RSA      Au=RSA  Enc=DES(56)   Mac=MD5 
-IDEA-CBC-MD5            SSLv2 Kx=RSA      Au=RSA  Enc=IDEA(128) Mac=MD5 
-RC2-CBC-MD5             SSLv2 Kx=RSA      Au=RSA  Enc=RC2(128)  Mac=MD5 
-RC4-MD5                 SSLv2 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5 
-EXP-EDH-RSA-DES-CBC     SSLv3 Kx=DH(512)  Au=RSA  Enc=DES(40)   Mac=SHA1 export
-EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512)  Au=DSS  Enc=DES(40)   Mac=SHA1 export
-EXP-DES-CBC-SHA         SSLv3 Kx=RSA(512) Au=RSA  Enc=DES(40)   Mac=SHA1 export
-EXP-RC2-CBC-MD5         SSLv3 Kx=RSA(512) Au=RSA  Enc=RC2(40)   Mac=MD5  export
-EXP-RC4-MD5             SSLv3 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export
-EXP-RC2-CBC-MD5         SSLv2 Kx=RSA(512) Au=RSA  Enc=RC2(40)   Mac=MD5  export
-EXP-RC4-MD5             SSLv2 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export
-
-I would recoment people use the 'ssleay ciphers -v "text"'
-command to check what they are going to use.
-
-Anyway, I'm falling asleep here so I'll do some more tomorrow.
-
-eric
diff --git a/lib/libssl/src/doc/ssl.doc b/lib/libssl/src/doc/ssl.doc
deleted file mode 100644
index 1f89cd5db2c..00000000000
--- a/lib/libssl/src/doc/ssl.doc
+++ /dev/null
@@ -1,172 +0,0 @@
-SSL_CTX_sessions(SSL_CTX *ctx) - the session-id hash table.
-
-/* Session-id cache stats */
-SSL_CTX_sess_number
-SSL_CTX_sess_connect
-SSL_CTX_sess_connect_good
-SSL_CTX_sess_accept
-SSL_CTX_sess_accept_good
-SSL_CTX_sess_hits
-SSL_CTX_sess_cb_hits
-SSL_CTX_sess_misses
-SSL_CTX_sess_timeouts
-
-/* Session-id application notification callbacks */
-SSL_CTX_sess_set_new_cb
-SSL_CTX_sess_get_new_cb
-SSL_CTX_sess_set_get_cb
-SSL_CTX_sess_get_get_cb
-
-/* Session-id cache operation mode */
-SSL_CTX_set_session_cache_mode
-SSL_CTX_get_session_cache_mode
-
-/* Set default timeout values to use. */
-SSL_CTX_set_timeout
-SSL_CTX_get_timeout
-
-/* Global  SSL initalisation informational callback */
-SSL_CTX_set_info_callback
-SSL_CTX_get_info_callback
-SSL_set_info_callback
-SSL_get_info_callback
-
-/* If the SSL_accept/SSL_connect returned with -1, these indicate when
- * we should re-call *.
-SSL_want
-SSL_want_nothing
-SSL_want_read
-SSL_want_write
-SSL_want_x509_lookup
-
-/* Where we are in SSL initalisation, used in non-blocking, perhaps
- * have a look at ssl/bio_ssl.c */
-SSL_state
-SSL_is_init_finished
-SSL_in_init
-SSL_in_connect_init
-SSL_in_accept_init
-
-/* Used to set the 'inital' state so SSL_in_connect_init and SSL_in_accept_init
- * can be used to work out which function to call. */
-SSL_set_connect_state
-SSL_set_accept_state
-
-/* Where to look for certificates for authentication */
-SSL_set_default_verify_paths /* calles SSL_load_verify_locations */
-SSL_load_verify_locations
-
-/* get info from an established connection */
-SSL_get_session
-SSL_get_certificate
-SSL_get_SSL_CTX
-
-SSL_CTX_new
-SSL_CTX_free
-SSL_new
-SSL_clear
-SSL_free
-
-SSL_CTX_set_cipher_list
-SSL_get_cipher
-SSL_set_cipher_list
-SSL_get_cipher_list
-SSL_get_shared_ciphers
-
-SSL_accept
-SSL_connect
-SSL_read
-SSL_write
-
-SSL_debug
-
-SSL_get_read_ahead
-SSL_set_read_ahead
-SSL_set_verify
-
-SSL_pending
-
-SSL_set_fd
-SSL_set_rfd
-SSL_set_wfd
-SSL_set_bio
-SSL_get_fd
-SSL_get_rbio
-SSL_get_wbio
-
-SSL_use_RSAPrivateKey
-SSL_use_RSAPrivateKey_ASN1
-SSL_use_RSAPrivateKey_file
-SSL_use_PrivateKey
-SSL_use_PrivateKey_ASN1
-SSL_use_PrivateKey_file
-SSL_use_certificate
-SSL_use_certificate_ASN1
-SSL_use_certificate_file
-
-ERR_load_SSL_strings
-SSL_load_error_strings
-
-/* human readable version of the 'state' of the SSL connection. */
-SSL_state_string
-SSL_state_string_long
-/* These 2 report what kind of IO operation the library was trying to
- * perform last.  Probably not very usefull. */
-SSL_rstate_string
-SSL_rstate_string_long
-
-SSL_get_peer_certificate
-
-SSL_SESSION_new
-SSL_SESSION_print_fp
-SSL_SESSION_print
-SSL_SESSION_free
-i2d_SSL_SESSION
-d2i_SSL_SESSION
-
-SSL_get_time
-SSL_set_time
-SSL_get_timeout
-SSL_set_timeout
-SSL_copy_session_id
-SSL_set_session
-SSL_CTX_add_session
-SSL_CTX_remove_session
-SSL_CTX_flush_sessions
-
-BIO_f_ssl
-
-/* used to hold information as to why a certificate verification failed */
-SSL_set_verify_result
-SSL_get_verify_result
-
-/* can be used by the application to associate data with an SSL structure.
- * It needs to be 'free()ed' by the application */
-SSL_set_app_data
-SSL_get_app_data
-
-/* The following all set values that are kept in the SSL_CTX but
- * are used as the default values when an SSL session is created.
- * They are over writen by the relevent SSL_xxxx functions */
-
-/* SSL_set_verify */
-void SSL_CTX_set_default_verify
-
-/* This callback, if set, totaly overrides the normal SSLeay verification
- * functions and should return 1 on sucesss and 0 on failure */
-void SSL_CTX_set_cert_verify_callback
-
-/* The following are the same as the equivilent SSL_xxx functions.
- * Only one copy of this information is kept and if a particular
- * SSL structure has a local override, it is totally separate structure.
- */
-int SSL_CTX_use_RSAPrivateKey
-int SSL_CTX_use_RSAPrivateKey_ASN1
-int SSL_CTX_use_RSAPrivateKey_file
-int SSL_CTX_use_PrivateKey
-int SSL_CTX_use_PrivateKey_ASN1
-int SSL_CTX_use_PrivateKey_file
-int SSL_CTX_use_certificate
-int SSL_CTX_use_certificate_ASN1
-int SSL_CTX_use_certificate_file
-
diff --git a/lib/libssl/src/doc/ssl.pod b/lib/libssl/src/doc/ssl.pod
new file mode 100644
index 00000000000..46ee443f575
--- /dev/null
+++ b/lib/libssl/src/doc/ssl.pod
@@ -0,0 +1,633 @@
+
+=pod
+
+=head1 NAME
+
+SSL - OpenSSL SSL/TLS library
+
+=head1 SYNOPSIS
+
+=head1 DESCRIPTION
+
+The OpenSSL B<ssl> library implements the Secure Sockets Layer (SSL v2/v3) and
+Transport Layer Security (TLS v1) protocols. It provides a rich API which is
+documented here.
+
+=head1 HEADER FILES
+
+Currently the OpenSSL B<ssl> library provides the following C header files
+containing the prototypes for the data structures and and functions:
+
+=over 4
+
+=item B<ssl.h>
+
+That's the common header file for the SSL/TLS API.  Include it into your
+program to make the API of the B<ssl> library available. It internally
+includes both more private SSL headers and headers from the B<crypto> library.
+Whenever you need hard-core details on the internals of the SSL API, look
+inside this header file.
+
+=item B<ssl2.h>
+
+That's the sub header file dealing with the SSLv2 protocol only.
+I<Usually you don't have to include it explicitly because
+it's already included by ssl.h>.
+
+=item B<ssl3.h>
+
+That's the sub header file dealing with the SSLv3 protocol only.
+I<Usually you don't have to include it explicitly because
+it's already included by ssl.h>.
+
+=item B<ssl23.h>
+
+That's the sub header file dealing with the combined use of the SSLv2 and
+SSLv3 protocols.
+I<Usually you don't have to include it explicitly because
+it's already included by ssl.h>.
+
+=item B<tls1.h>
+
+That's the sub header file dealing with the TLSv1 protocol only.
+I<Usually you don't have to include it explicitly because
+it's already included by ssl.h>.
+
+=back
+
+=head1 DATA STRUCTURES
+
+Currently the OpenSSL B<ssl> library functions deals with the following data
+structures:
+
+=over 4
+
+=item B<SSL_METHOD> (SSL Method)
+
+That's a dispatch structure describing the internal B<ssl> library
+methods/functions which implement the various protocol versions (SSLv1, SSLv2
+and TLSv1). It's needed to create an B<SSL_CTX>.
+
+=item B<SSL_CIPHER> (SSL Cipher)
+
+This structure holds the algorithm information for a particular cipher which
+are a core part of the SSL/TLS protocol. The available ciphers are configured
+on a B<SSL_CTX> basis and the actually used ones are then part of the
+B<SSL_SESSION>.
+
+=item B<SSL_CTX> (SSL Context)
+
+That's the global context structure which is created by a server or client
+once per program life-time and which holds mainly default values for the
+B<SSL> structures which are later created for the connections.
+
+=item B<SSL_SESSION> (SSL Session)
+
+This is a structure containing the current SSL session details for a
+connection: B<SSL_CIPHER>s, client and server certificates, keys, etc.
+
+=item B<SSL> (SSL Connection)
+
+That's the main SSL/TLS structure which is created by a server or client per
+established connection. This actually is the core structure in the SSL API.
+Under run-time the application usually deals with this structure which has
+links to mostly all other structures.
+
+=back
+
+=head1 API FUNCTIONS
+
+Currently the OpenSSL B<ssl> library exports 214 API functions.
+They are documented in the following:
+
+=head2 DEALING WITH PROTOCOL METHODS
+
+Here we document the various API functions which deal with the SSL/TLS
+protocol methods defined in B<SSL_METHOD> structures.
+
+=over 4
+
+=item SSL_METHOD *B<SSLv2_client_method>(void);
+
+Constructor for the SSLv2 SSL_METHOD structure for a dedicated client.
+
+=item SSL_METHOD *B<SSLv2_server_method>(void);
+
+Constructor for the SSLv2 SSL_METHOD structure for a dedicated server.
+
+=item SSL_METHOD *B<SSLv2_method>(void);
+
+Constructor for the SSLv2 SSL_METHOD structure for combined client and server.
+
+=item SSL_METHOD *B<SSLv3_client_method>(void);
+
+Constructor for the SSLv3 SSL_METHOD structure for a dedicated client.
+
+=item SSL_METHOD *B<SSLv3_server_method>(void);
+
+Constructor for the SSLv3 SSL_METHOD structure for a dedicated server.
+
+=item SSL_METHOD *B<SSLv3_method>(void);
+
+Constructor for the SSLv3 SSL_METHOD structure for combined client and server.
+
+=item SSL_METHOD *B<TLSv1_client_method>(void);
+
+Constructor for the TLSv1 SSL_METHOD structure for a dedicated client.
+
+=item SSL_METHOD *B<TLSv1_server_method>(void);
+
+Constructor for the TLSv1 SSL_METHOD structure for a dedicated server.
+
+=item SSL_METHOD *B<TLSv1_method>(void);
+
+Constructor for the TLSv1 SSL_METHOD structure for combined client and server.
+
+=back
+
+=head2 DEALING WITH CIPHERS
+
+Here we document the various API functions which deal with the SSL/TLS
+ciphers defined in B<SSL_CIPHER> structures.
+
+=over 4
+
+=item char *B<SSL_CIPHER_description>(SSL_CIPHER *cipher, char *buf, int len);
+
+Write a string to I<buf> (with a maximum size of I<len>) containing a human
+readable description of I<cipher>. Returns I<buf>.
+
+=item int B<SSL_CIPHER_get_bits>(SSL_CIPHER *cipher, int *alg_bits);
+
+Determine the number of bits in I<cipher>. Because of export crippled ciphers
+there are two bits: The bits the algorithm supports in general (stored to
+I<alg_bits>) and the bits which are actually used (the return value).
+
+=item char *B<SSL_CIPHER_get_name>(SSL_CIPHER *cipher);
+
+Return the internal name of I<cipher> as a string. These are the various
+strings defined by the I<SSL2_TXT_xxx>, I<SSL3_TXT_xxx> and I<TLS1_TXT_xxx>
+definitions in the header files.
+
+=item char *B<SSL_CIPHER_get_version>(SSL_CIPHER *cipher);
+
+Returns a string like "C<TLSv1/SSLv3>" or "C<SSLv2>" which indicates the
+SSL/TLS protocol version to which I<cipher> belongs (i.e. where it was defined
+in the specification the first time).
+
+=back
+
+=head2 DEALING WITH PROTOCOL CONTEXTS
+
+Here we document the various API functions which deal with the SSL/TLS
+protocol context defined in the B<SSL_CTX> structure.
+
+=over 4
+
+=item int B<SSL_CTX_add_client_CA>(SSL_CTX *ctx, X509 *x);
+
+=item long B<SSL_CTX_add_extra_chain_cert>(SSL_CTX *ctx, X509 *x509);
+
+=item int B<SSL_CTX_add_session>(SSL_CTX *ctx, SSL_SESSION *c);
+
+=item int B<SSL_CTX_check_private_key>(SSL_CTX *ctx);
+
+=item long B<SSL_CTX_ctrl>(SSL_CTX *ctx, int cmd, long larg, char *parg);
+
+=item void B<SSL_CTX_flush_sessions>(SSL_CTX *s, long t);
+
+=item void B<SSL_CTX_free>(SSL_CTX *a);
+
+=item char *B<SSL_CTX_get_app_data>(SSL_CTX *ctx);
+
+=item X509_STORE *B<SSL_CTX_get_cert_store>(SSL_CTX *ctx);
+
+=item STACK *B<SSL_CTX_get_client_CA_list>(SSL_CTX *ctx);
+
+=item int (*B<SSL_CTX_get_client_cert_cb>(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+
+=item char *B<SSL_CTX_get_ex_data>(SSL_CTX *s, int idx);
+
+=item int B<SSL_CTX_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
+
+=item void (*B<SSL_CTX_get_info_callback>(SSL_CTX *ctx))(SSL *ssl, int cb, int ret);
+
+=item int B<SSL_CTX_get_quiet_shutdown>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_get_session_cache_mode>(SSL_CTX *ctx);
+
+=item long B<SSL_CTX_get_timeout>(SSL_CTX *ctx);
+
+=item int (*B<SSL_CTX_get_verify_callback>(SSL_CTX *ctx))(int ok, X509_STORE_CTX *ctx);
+
+=item int B<SSL_CTX_get_verify_mode>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_load_verify_locations>(SSL_CTX *ctx, char *CAfile, char *CApath);
+
+=item long B<SSL_CTX_need_tmp_RSA>(SSL_CTX *ctx);
+
+=item SSL_CTX *B<SSL_CTX_new>(SSL_METHOD *meth);
+
+=item int B<SSL_CTX_remove_session>(SSL_CTX *ctx, SSL_SESSION *c);
+
+=item int B<SSL_CTX_sess_accept>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_accept_good>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_accept_renegotiate>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_cache_full>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_cb_hits>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_connect>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_connect_good>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_connect_renegotiate>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_get_cache_size>(SSL_CTX *ctx);
+
+=item SSL_SESSION *(*B<SSL_CTX_sess_get_get_cb>(SSL_CTX *ctx))(SSL *ssl, unsigned char *data, int len, int *copy);
+
+=item int (*B<SSL_CTX_sess_get_new_cb>(SSL_CTX *ctx)(SSL *ssl, SSL_SESSION *sess);
+
+=item void (*B<SSL_CTX_sess_get_remove_cb>(SSL_CTX *ctx)(SSL_CTX *ctx, SSL_SESSION *sess);
+
+=item int B<SSL_CTX_sess_hits>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_misses>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_number>(SSL_CTX *ctx);
+
+=item void B<SSL_CTX_sess_set_cache_size>(SSL_CTX *ctx,t);
+
+=item void B<SSL_CTX_sess_set_get_cb>(SSL_CTX *ctx, SSL_SESSION *(*cb)(SSL *ssl, unsigned char *data, int len, int *copy));
+
+=item void B<SSL_CTX_sess_set_new_cb>(SSL_CTX *ctx, int (*cb)(SSL *ssl, SSL_SESSION *sess));
+
+=item void B<SSL_CTX_sess_set_remove_cb>(SSL_CTX *ctx, void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess));
+
+=item int B<SSL_CTX_sess_timeouts>(SSL_CTX *ctx);
+
+=item LHASH *B<SSL_CTX_sessions>(SSL_CTX *ctx);
+
+=item void B<SSL_CTX_set_app_data>(SSL_CTX *ctx, void *arg);
+
+=item void B<SSL_CTX_set_cert_store>(SSL_CTX *ctx, X509_STORE *cs);
+
+=item void B<SSL_CTX_set_cert_verify_cb>(SSL_CTX *ctx, int (*cb)(SSL_CTX *), char *arg)
+
+=item int B<SSL_CTX_set_cipher_list>(SSL_CTX *ctx, char *str);
+
+=item void B<SSL_CTX_set_client_CA_list>(SSL_CTX *ctx, STACK *list);
+
+=item void B<SSL_CTX_set_client_cert_cb>(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
+
+=item void B<SSL_CTX_set_default_passwd_cb>(SSL_CTX *ctx, int (*cb);(void))
+
+=item void B<SSL_CTX_set_default_read_ahead>(SSL_CTX *ctx, int m);
+
+=item int B<SSL_CTX_set_default_verify_paths>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_set_ex_data>(SSL_CTX *s, int idx, char *arg);
+
+=item void B<SSL_CTX_set_info_callback>(SSL_CTX *ctx, void (*cb)(SSL *ssl, int cb, int ret));
+
+=item void B<SSL_CTX_set_options>(SSL_CTX *ctx, unsigned long op);
+
+=item void B<SSL_CTX_set_quiet_shutdown>(SSL_CTX *ctx, int mode);
+
+=item void B<SSL_CTX_set_session_cache_mode>(SSL_CTX *ctx, int mode);
+
+=item int B<SSL_CTX_set_ssl_version>(SSL_CTX *ctx, SSL_METHOD *meth);
+
+=item void B<SSL_CTX_set_timeout>(SSL_CTX *ctx, long t);
+
+=item long B<SSL_CTX_set_tmp_dh>(SSL_CTX* ctx, DH *dh);
+
+=item long B<SSL_CTX_set_tmp_dh_callback>(SSL_CTX *ctx, DH *(*cb)(void));
+
+=item long B<SSL_CTX_set_tmp_rsa>(SSL_CTX *ctx, RSA *rsa);
+
+=item SSL_CTX_set_tmp_rsa_callback
+
+C<long B<SSL_CTX_set_tmp_rsa_callback>(SSL_CTX *B<ctx>, RSA *(*B<cb>)(SSL *B<ssl>, int B<export>, int B<keylength>));>
+
+Sets the callback which will be called when a temporary private key is
+required. The B<C<export>> flag will be set if the reason for needing
+a temp key is that an export ciphersuite is in use, in which case,
+B<C<keylength>> will contain the required keylength in bits. Generate a key of
+appropriate size (using ???) and return it.
+
+=item SSL_set_tmp_rsa_callback
+
+long B<SSL_set_tmp_rsa_callback>(SSL *ssl, RSA *(*cb)(SSL *ssl, int export, int keylength));
+
+The same as L<"SSL_CTX_set_tmp_rsa_callback">, except it operates on an SSL
+session instead of a context.
+
+=item void B<SSL_CTX_set_verify>(SSL_CTX *ctx, int mode, int (*cb);(void))
+
+=item int B<SSL_CTX_use_PrivateKey>(SSL_CTX *ctx, EVP_PKEY *pkey);
+
+=item int B<SSL_CTX_use_PrivateKey_ASN1>(int type, SSL_CTX *ctx, unsigned char *d, long len);
+
+=item int B<SSL_CTX_use_PrivateKey_file>(SSL_CTX *ctx, char *file, int type);
+
+=item int B<SSL_CTX_use_RSAPrivateKey>(SSL_CTX *ctx, RSA *rsa);
+
+=item int B<SSL_CTX_use_RSAPrivateKey_ASN1>(SSL_CTX *ctx, unsigned char *d, long len);
+
+=item int B<SSL_CTX_use_RSAPrivateKey_file>(SSL_CTX *ctx, char *file, int type);
+
+=item int B<SSL_CTX_use_certificate>(SSL_CTX *ctx, X509 *x);
+
+=item int B<SSL_CTX_use_certificate_ASN1>(SSL_CTX *ctx, int len, unsigned char *d);
+
+=item int B<SSL_CTX_use_certificate_file>(SSL_CTX *ctx, char *file, int type);
+
+=back
+
+=head2 DEALING WITH SESSIONS
+
+Here we document the various API functions which deal with the SSL/TLS
+sessions defined in the B<SSL_SESSION> structures.
+
+=over 4
+
+=item int B<SSL_SESSION_cmp>(SSL_SESSION *a, SSL_SESSION *b);
+
+=item void B<SSL_SESSION_free>(SSL_SESSION *ss);
+
+=item char *B<SSL_SESSION_get_app_data>(SSL_SESSION *s);
+
+=item char *B<SSL_SESSION_get_ex_data>(SSL_SESSION *s, int idx);
+
+=item int B<SSL_SESSION_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
+
+=item long B<SSL_SESSION_get_time>(SSL_SESSION *s);
+
+=item long B<SSL_SESSION_get_timeout>(SSL_SESSION *s);
+
+=item unsigned long B<SSL_SESSION_hash>(SSL_SESSION *a);
+
+=item SSL_SESSION *B<SSL_SESSION_new>(void);
+
+=item int B<SSL_SESSION_print>(BIO *bp, SSL_SESSION *x);
+
+=item int B<SSL_SESSION_print_fp>(FILE *fp, SSL_SESSION *x);
+
+=item void B<SSL_SESSION_set_app_data>(SSL_SESSION *s, char *a);
+
+=item int B<SSL_SESSION_set_ex_data>(SSL_SESSION *s, int idx, char *arg);
+
+=item long B<SSL_SESSION_set_time>(SSL_SESSION *s, long t);
+
+=item long B<SSL_SESSION_set_timeout>(SSL_SESSION *s, long t);
+
+=back
+
+=head2 DEALING WITH CONNECTIONS
+
+Here we document the various API functions which deal with the SSL/TLS
+connection defined in the B<SSL> structure.
+
+=over 4
+
+=item int B<SSL_accept>(SSL *ssl);
+
+=item int B<SSL_add_dir_cert_subjects_to_stack>(STACK *stack, const char *dir);
+
+=item int B<SSL_add_file_cert_subjects_to_stack>(STACK *stack, const char *file);
+
+=item int B<SSL_add_client_CA>(SSL *ssl, X509 *x);
+
+=item char *B<SSL_alert_desc_string>(int value);
+
+=item char *B<SSL_alert_desc_string_long>(int value);
+
+=item char *B<SSL_alert_type_string>(int value);
+
+=item char *B<SSL_alert_type_string_long>(int value);
+
+=item int B<SSL_check_private_key>(SSL *ssl);
+
+=item void B<SSL_clear>(SSL *ssl);
+
+=item long B<SSL_clear_num_renegotiations>(SSL *ssl);
+
+=item int B<SSL_connect>(SSL *ssl);
+
+=item void B<SSL_copy_session_id>(SSL *t, SSL *f);
+
+=item long B<SSL_ctrl>(SSL *ssl, int cmd, long larg, char *parg);
+
+=item int B<SSL_do_handshake>(SSL *ssl);
+
+=item SSL *B<SSL_dup>(SSL *ssl);
+
+=item STACK *B<SSL_dup_CA_list>(STACK *sk);
+
+=item void B<SSL_free>(SSL *ssl);
+
+=item SSL_CTX *B<SSL_get_SSL_CTX>(SSL *ssl);
+
+=item char *B<SSL_get_app_data>(SSL *ssl);
+
+=item X509 *B<SSL_get_certificate>(SSL *ssl);
+
+=item SSL_CIPHER *B<SSL_get_cipher>(SSL *ssl);
+
+=item int B<SSL_get_cipher_bits>(SSL *ssl, int *alg_bits);
+
+=item char *B<SSL_get_cipher_list>(SSL *ssl, int n);
+
+=item char *B<SSL_get_cipher_name>(SSL *ssl);
+
+=item char *B<SSL_get_cipher_version>(SSL *ssl);
+
+=item STACK *B<SSL_get_ciphers>(SSL *ssl);
+
+=item STACK *B<SSL_get_client_CA_list>(SSL *ssl);
+
+=item SSL_CIPHER *B<SSL_get_current_cipher>(SSL *ssl);
+
+=item long B<SSL_get_default_timeout>(SSL *ssl);
+
+=item int B<SSL_get_error>(SSL *ssl, int i);
+
+=item char *B<SSL_get_ex_data>(SSL *ssl, int idx);
+
+=item int B<SSL_get_ex_data_X509_STORE_CTX_idx>(void);
+
+=item int B<SSL_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
+
+=item int B<SSL_get_fd>(SSL *ssl);
+
+=item void (*B<SSL_get_info_callback>(SSL *ssl);)(void)
+
+=item STACK *B<SSL_get_peer_cert_chain>(SSL *ssl);
+
+=item X509 *B<SSL_get_peer_certificate>(SSL *ssl);
+
+=item EVP_PKEY *B<SSL_get_privatekey>(SSL *ssl);
+
+=item int B<SSL_get_quiet_shutdown>(SSL *ssl);
+
+=item BIO *B<SSL_get_rbio>(SSL *ssl);
+
+=item int B<SSL_get_read_ahead>(SSL *ssl);
+
+=item SSL_SESSION *B<SSL_get_session>(SSL *ssl);
+
+=item char *B<SSL_get_shared_ciphers>(SSL *ssl, char *buf, int len);
+
+=item int B<SSL_get_shutdown>(SSL *ssl);
+
+=item SSL_METHOD *B<SSL_get_ssl_method>(SSL *ssl);
+
+=item int B<SSL_get_state>(SSL *ssl);
+
+=item long B<SSL_get_time>(SSL *ssl);
+
+=item long B<SSL_get_timeout>(SSL *ssl);
+
+=item int (*B<SSL_get_verify_callback>(SSL *ssl);)(void)
+
+=item int B<SSL_get_verify_mode>(SSL *ssl);
+
+=item long B<SSL_get_verify_result>(SSL *ssl);
+
+=item char *B<SSL_get_version>(SSL *ssl);
+
+=item BIO *B<SSL_get_wbio>(SSL *ssl);
+
+=item int B<SSL_in_accept_init>(SSL *ssl);
+
+=item int B<SSL_in_before>(SSL *ssl);
+
+=item int B<SSL_in_connect_init>(SSL *ssl);
+
+=item int B<SSL_in_init>(SSL *ssl);
+
+=item int B<SSL_is_init_finished>(SSL *ssl);
+
+=item STACK *B<SSL_load_client_CA_file>(char *file);
+
+=item void B<SSL_load_error_strings>(void);
+
+=item SSL *B<SSL_new>(SSL_CTX *ctx);
+
+=item long B<SSL_num_renegotiations>(SSL *ssl);
+
+=item int B<SSL_peek>(SSL *ssl, char *buf, int num);
+
+=item int B<SSL_pending>(SSL *ssl);
+
+=item int B<SSL_read>(SSL *ssl, char *buf, int num);
+
+=item int B<SSL_renegotiate>(SSL *ssl);
+
+=item char *B<SSL_rstate_string>(SSL *ssl);
+
+=item char *B<SSL_rstate_string_long>(SSL *ssl);
+
+=item long B<SSL_session_reused>(SSL *ssl);
+
+=item void B<SSL_set_accept_state>(SSL *ssl);
+
+=item void B<SSL_set_app_data>(SSL *ssl, char *arg);
+
+=item void B<SSL_set_bio>(SSL *ssl, BIO *rbio, BIO *wbio);
+
+=item int B<SSL_set_cipher_list>(SSL *ssl, char *str);
+
+=item void B<SSL_set_client_CA_list>(SSL *ssl, STACK *list);
+
+=item void B<SSL_set_connect_state>(SSL *ssl);
+
+=item int B<SSL_set_ex_data>(SSL *ssl, int idx, char *arg);
+
+=item int B<SSL_set_fd>(SSL *ssl, int fd);
+
+=item void B<SSL_set_info_callback>(SSL *ssl, void (*cb);(void))
+
+=item void B<SSL_set_options>(SSL *ssl, unsigned long op);
+
+=item void B<SSL_set_quiet_shutdown>(SSL *ssl, int mode);
+
+=item void B<SSL_set_read_ahead>(SSL *ssl, int yes);
+
+=item int B<SSL_set_rfd>(SSL *ssl, int fd);
+
+=item int B<SSL_set_session>(SSL *ssl, SSL_SESSION *session);
+
+=item void B<SSL_set_shutdown>(SSL *ssl, int mode);
+
+=item int B<SSL_set_ssl_method>(SSL *ssl, SSL_METHOD *meth);
+
+=item void B<SSL_set_time>(SSL *ssl, long t);
+
+=item void B<SSL_set_timeout>(SSL *ssl, long t);
+
+=item void B<SSL_set_verify>(SSL *ssl, int mode, int (*callback);(void))
+
+=item void B<SSL_set_verify_result>(SSL *ssl, long arg);
+
+=item int B<SSL_set_wfd>(SSL *ssl, int fd);
+
+=item int B<SSL_shutdown>(SSL *ssl);
+
+=item int B<SSL_state>(SSL *ssl);
+
+=item char *B<SSL_state_string>(SSL *ssl);
+
+=item char *B<SSL_state_string_long>(SSL *ssl);
+
+=item long B<SSL_total_renegotiations>(SSL *ssl);
+
+=item int B<SSL_use_PrivateKey>(SSL *ssl, EVP_PKEY *pkey);
+
+=item int B<SSL_use_PrivateKey_ASN1>(int type, SSL *ssl, unsigned char *d, long len);
+
+=item int B<SSL_use_PrivateKey_file>(SSL *ssl, char *file, int type);
+
+=item int B<SSL_use_RSAPrivateKey>(SSL *ssl, RSA *rsa);
+
+=item int B<SSL_use_RSAPrivateKey_ASN1>(SSL *ssl, unsigned char *d, long len);
+
+=item int B<SSL_use_RSAPrivateKey_file>(SSL *ssl, char *file, int type);
+
+=item int B<SSL_use_certificate>(SSL *ssl, X509 *x);
+
+=item int B<SSL_use_certificate_ASN1>(SSL *ssl, int len, unsigned char *d);
+
+=item int B<SSL_use_certificate_file>(SSL *ssl, char *file, int type);
+
+=item int B<SSL_version>(SSL *ssl);
+
+=item int B<SSL_want>(SSL *ssl);
+
+=item int B<SSL_want_nothing>(SSL *ssl);
+
+=item int B<SSL_want_read>(SSL *ssl);
+
+=item int B<SSL_want_write>(SSL *ssl);
+
+=item int B<SSL_want_x509_lookup>(s);
+
+=item int B<SSL_write>(SSL *ssl, char *buf, int num);
+
+=back
+
+=head1 SEE ALSO
+
+openssl(1), crypto(3)
+
+=head1 HISTORY
+
+The ssl(3) document appeared in OpenSSL 0.9.2
+
+=cut
+
diff --git a/lib/libssl/src/doc/ssl_ctx.doc b/lib/libssl/src/doc/ssl_ctx.doc
deleted file mode 100644
index 508394e75f1..00000000000
--- a/lib/libssl/src/doc/ssl_ctx.doc
+++ /dev/null
@@ -1,68 +0,0 @@
-This is now a bit dated, quite a few of the SSL_ functions could be
-SSL_CTX_ functions.  I will update this in the future. 30 Aug 1996
-
-From eay@orb.mincom.oz.au Mon Dec 11 21:37:08 1995
-Received: by orb.mincom.oz.au id AA00696
-  (5.65c/IDA-1.4.4 for eay); Mon, 11 Dec 1995 11:37:08 +1000
-Date: Mon, 11 Dec 1995 11:37:08 +1000 (EST)
-From: Eric Young <eay@mincom.oz.au>
-X-Sender: eay@orb
-To: sameer <sameer@c2.org>
-Cc: Eric Young <eay@mincom.oz.au>
-Subject: Re: PEM_readX509 oesn't seem to be working
-In-Reply-To: <199512110102.RAA12521@infinity.c2.org>
-Message-Id: <Pine.SOL.3.91.951211112115.28608D-100000@orb>
-Mime-Version: 1.0
-Content-Type: TEXT/PLAIN; charset=US-ASCII
-Status: RO
-X-Status: 
-
-On Sun, 10 Dec 1995, sameer wrote:
-> 	OK, that's solved. I've found out that it is saying "no
-> certificate set" in SSL_accept because s->conn == NULL
-> so there is some place I need to initialize s->conn that I am
-> not initializing it.
-
-The full order of things for a server should be.
-
-ctx=SSL_CTX_new();
-
-/* The next line should not really be using ctx->cert but I'll leave it 
- * this way right now... I don't want a X509_ routine to know about an SSL
- * structure, there should be an SSL_load_verify_locations... hmm, I may 
- * add it tonight.
- */
-X509_load_verify_locations(ctx->cert,CAfile,CApath);
-
-/* Ok now for each new connection we do the following */
-con=SSL_new(ctx);
-SSL_set_fd(con,s);
-SSL_set_verify(con,verify,verify_callback);
-
-/* set the certificate and private key to use. */
-SSL_use_certificate_ASN1(con,X509_certificate);
-SSL_use_RSAPrivateKey_ASN1(con,RSA_private_key);
-
-SSL_accept(con);
-
-SSL_read(con)/SSL_write(con);
-
-There is a bit more than that but that is basically the structure.
-
-Create a context and specify where to lookup certificates.
-
-foreach connection
-	{
-	create a SSL structure
-	set the certificate and private key
-	do a SSL_accept
-	
-	we should now be ok
-	}
-
-eric
---
-Eric Young                  | Signature removed since it was generating
-AARNet: eay@mincom.oz.au    | more followups than the message contents :-)
-
-
diff --git a/lib/libssl/src/doc/ssleay.doc b/lib/libssl/src/doc/ssleay.doc
deleted file mode 100644
index a0e86aef7c1..00000000000
--- a/lib/libssl/src/doc/ssleay.doc
+++ /dev/null
@@ -1,213 +0,0 @@
-SSLeay: a cryptographic kitchen sink.
-
-1st December 1995
-Way back at the start of April 1995, I was looking for a mindless
-programming project.  A friend of mine (Tim Hudson) said "why don't you do SSL,
-it has DES encryption in it and I would not mind using it in a SSL telnet".
-While it was true I had written a DES library in previous years, litle
-did I know what an expansive task SSL would turn into.
-
-First of all, the SSL protocol contains DES encryption.  Well and good.  My
-DES library was fast and portable.  It also contained the RSA's RC4 stream
-cipher.  Again, not a problem, some-one had just posted to sci.crypt
-something that was claimed to be RC4.  It also contained IDEA, I had the
-specifications, not a problem to implement.  MD5, an RFC, trivial, at most
-I could spend a week or so trying to see if I could speed up the
-implementation.  All in all a nice set of ciphers.
-Then the first 'expantion of the scope', RSA public key
-encryption.  Since I did not knowing a thing about public key encryption
-or number theory, this appeared quite a daunting task.  Just writing a
-big number library would be problomatic in itself, let alone making it fast.
-At this point the scope of 'implementing SSL' expands eponentialy.
-First of all, the RSA private keys  were being kept in ASN.1 format.
-Thankfully the RSA PKCS series of documents explains this format.  So I now
-needed to be able to encode and decode arbitary ASN.1 objects.  The Public
-keys were embeded in X509 certificates.  Hmm... these are not only
-ASN.1 objects but they make up a heirachy of authentication.  To
-authenticate a X509 certificate one needs to retrieve it's issuers
-certificate etc etc.  Hmm..., so I also need to implement some kind
-of certificate management software.  I would also have to implement
-software to authenticate certificates.  At this point the support code made
-the SSL part of my library look quite small.
-Around this time, the first version of SSLeay was released.
-
-Ah, but here was the problem, I was not happy with the code so far.  As may
-have become obvious, I had been treating all of this as a learning
-exersize, so I have completely written the library myself.  As such, due
-to the way it had grown like a fungus, much of the library was not
-'elagent' or neat.  There were global and static variables all over the
-place, the SSL part did not even handle non-blocking IO.
-The Great rewrite began.
-
-As of this point in time, the 'Great rewrite' has almost finished.  So what
-follows is an approximate list of what is actually SSLeay 0.5.0
-
-/********* This needs to be updated for 0.6.0+ *************/
-
----
-The library contains the following routines.  Please note that most of these
-functions are not specfic for SSL or any other particular cipher
-implementation.  I have tried to make all the routines as general purpose
-as possible.  So you should not think of this library as an SSL
-implemtation, but rather as a library of cryptographic functions
-that also contains SSL.  I refer to each of these function groupings as
-libraries since they are often capable of functioning as independant
-libraries
-
-First up, the general ciphers and message digests supported by the library.
-
-MD2	rfc???, a standard 'by parts' interface to this algorithm.
-MD5	rfc???, the same type of interface as for the MD2 library except a
-	different algorithm.
-SHA	THe Secure Hash Algorithm.  Again the same type of interface as
-	MD2/MD5 except the digest is 20 bytes.
-SHA1	The 'revised' version of SHA.  Just about identical to SHA except
-	for one tweak of an inner loop.
-DES	This is my libdes library that has been floating around for the last
-	few years.  It has been enhanced for no other reason than completeness.
-	It now supports ecb, cbc, cfb, ofb, cfb64, ofb64 in normal mode and
-	triple DES modes of ecb, cbc, cfb64 and ofb64.  cfb64 and ofb64 are
-	functional interfaces to the 64 bit modes of cfb and ofb used in
-	such a way thay they function as single character interfaces.
-RC4	The RSA Inc. stream cipher.
-RC2	The RSA Inc. block cipher.
-IDEA	An implmentation of the IDEA cipher, the library supports ecb, cbc,
-	cfb64 and ofb64 modes of operation.
-
-Now all the above mentioned ciphers and digests libraries support high
-speed, minimal 'crap in the way' type interfaces.  For fastest and
-lowest level access, these routines should be used directly.
-
-Now there was also the matter of public key crypto systems.  These are
-based on large integer arithmatic.
-
-BN	This is my large integer library.  It supports all the normal
-	arithmentic operations.  It uses malloc extensivly and as such has
-	no limits of the size of the numbers being manipulated.  If you
-	wish to use 4000 bit RSA moduli, these routines will handle it.
-	This library also contains routines to 'generate' prime numbers and
-	to test for primality.  The RSA and DH libraries sit on top of this
-	library.  As of this point in time, I don't support SHA, but
-	when I do add it, it will just sit on top of the routines contained
-	in this library.
-RSA	This implements the RSA public key algorithm.  It also contains
-	routines that will generate a new private/public key pair.
-	All the RSA functions conform to the PKCS#1 standard.
-DH	This is an implementation of the
-	Diffie-Hellman protocol.  There are all the require routines for
-	the protocol, plus extra routines that can be used to generate a
-	strong prime for use with a specified generator.  While this last
-	routine is not generally required by applications implementing DH,
-	It is present for completeness and because I thing it is much
-	better to be able to 'generate' your own 'magic' numbers as oposed
-	to using numbers suplied by others.  I conform to the PKCS#3
-	standard where required.
-
-You may have noticed the preceeding section mentions the 'generation' of
-prime numbers.  Now this requries the use of 'random numbers'. 
-
-RAND	This psuedo-random number library is based on MD5 at it's core
-	and a large internal state (2k bytes).  Once you have entered enough
-	seed data into this random number algorithm I don't feel
-	you will ever need to worry about it generating predictable output.
-	Due to the way I am writing a portable library, I have left the
-	issue of how to get good initial random seed data upto the
-	application but I do have support routines for saving and loading a
-	persistant random number state for use between program runs.
-	
-Now to make all these ciphers easier to use, a higher level
-interface was required.  In this form, the same function would be used to
-encrypt 'by parts', via any one of the above mentioned ciphers.
-
-EVP	The Digital EnVeloPe library is quite large.  At it's core are
-	function to perform encryption and decryption by parts while using
-	an initial parameter to specify which of the 17 different ciphers
-	or 4 different message digests to use.  On top of these are implmented
-	the digital signature functions, sign, verify, seal and open.
-	Base64 encoding of binary data is also done in this library.
-
-PEM	rfc???? describe the format for Privacy Enhanced eMail.
-	As part of this standard, methods of encoding digital enveloped
-	data is an ascii format are defined.  As such, I use a form of these
-	to encode enveloped data.  While at this point in time full support
-	for PEM has not been built into the library, a minimal subset of
-	the secret key and Base64 encoding is present.  These reoutines are
-	mostly used to Ascii encode binary data with a 'type' associated
-	with it and perhaps details of private key encryption used to
-	encrypt the data.
-	
-PKCS7	This is another Digital Envelope encoding standard which uses ASN.1
-	to encode the data.  At this point in time, while there are some
-	routines to encode and decode this binary format, full support is
-	not present.
-	
-As Mentioned, above, there are several different ways to encode
-data structures.
-
-ASN1	This library is more a set of primatives used to encode the packing
-	and unpacking of data structures.  It is used by the X509
-	certificate standard and by the PKCS standards which are used by
-	this library.  It also contains routines for duplicating and signing
-	the structures asocisated with X509.
-	
-X509	The X509 library contains routines for packing and unpacking,
-	verifying and just about every thing else you would want to do with
-	X509 certificates.
-
-PKCS7	PKCS-7 is a standard for encoding digital envelope data
-	structures.  At this point in time the routines will load and save
-	DER forms of these structees.  They need to be re-worked to support
-	the BER form which is the normal way PKCS-7 is encoded.  If the
-	previous 2 sentances don't make much sense, don't worry, this
-	library is not used by this version of SSLeay anyway.
-
-OBJ	ASN.1 uses 'object identifiers' to identify objects.  A set of
-	functions were requred to translate from ASN.1 to an intenger, to a
-	character string.  This library provieds these translations
-	
-Now I mentioned an X509 library.  X509 specified a hieachy of certificates
-which needs to be traversed to authenticate particular certificates.
-
-METH	This library is used to push 'methods' of retrieving certificates
-	into the library.  There are some supplied 'methods' with SSLeay
-	but applications can add new methods if they so desire.
-	This library has not been finished and is not being used in this
-	version.
-	
-Now all the above are required for use in the initial point of this project.
-
-SSL	The SSL protocol.  This is a full implmentation of SSL v 2.  It
-	support both server and client authentication.  SSL v 3 support
-	will be added when the SSL v 3 specification is released in it's
-	final form.
-
-Now quite a few of the above mentioned libraries rely on a few 'complex'
-data structures.  For each of these I have a library.
-
-Lhash	This is a hash table library which is used extensivly.
-
-STACK	An implemetation of a Stack data structure.
-
-BUF	A simple character array structure that also support a function to
-	check that the array is greater that a certain size, if it is not,
-	it is realloced so that is it.
-	
-TXT_DB	A simple memory based text file data base.  The application can specify
-	unique indexes that will be enforced at update time.
-
-CONF	Most of the programs written for this library require a configuration
-	file.  Instead of letting programs constantly re-implment this
-	subsystem, the CONF library provides a consistant and flexable
-	interface to not only configuration files but also environment
-	variables.
-
-But what about when something goes wrong?
-The one advantage (and perhaps disadvantage) of all of these
-functions being in one library was the ability to implement a
-single error reporting system.
-	
-ERR	This library is used to report errors.  The error system records
-	library number, function number (in the library) and reason
-	number.  Multiple errors can be reported so that an 'error' trace
-	is created.  The errors can be printed in numeric or textual form.
-
diff --git a/lib/libssl/src/doc/ssleay.txt b/lib/libssl/src/doc/ssleay.txt
new file mode 100644
index 00000000000..094e28ce48d
--- /dev/null
+++ b/lib/libssl/src/doc/ssleay.txt
@@ -0,0 +1,7014 @@
+
+Bundle of old SSLeay documentation files [OBSOLETE!]
+
+==== readme ========================================================
+
+This is the old 0.6.6 docuementation.  Most of the cipher stuff is still
+relevent but I'm working (very slowly) on new docuemtation.
+The current version can be found online at
+
+http://www.cryptsoft.com/ssleay/doc
+
+==== API.doc ========================================================
+
+SSL - SSLv2/v3/v23 etc.
+
+BIO - methods and how they plug together
+
+MEM - memory allocation callback
+
+CRYPTO - locking for threads
+
+EVP - Ciphers/Digests/signatures
+
+RSA - methods
+
+X509 - certificate retrieval
+
+X509 - validation
+
+X509 - X509v3 extensions
+
+Objects - adding object identifiers
+
+ASN.1 - parsing
+
+PEM - parsing
+
+==== ssl/readme =====================================================
+
+22 Jun 1996
+This file belongs in ../apps, but I'll leave it here because it deals
+with SSL :-)  It is rather dated but it gives you an idea of how
+things work.
+===
+
+17 Jul 1995
+I have been changing things quite a bit and have not fully updated
+this file, so take what you read with a grain of salt
+eric
+===
+The s_client and s_server programs can be used to test SSL capable
+IP/port addresses and the verification of the X509 certificates in use
+by these services.  I strongly advise having a look at the code to get
+an idea of how to use the authentication under SSLeay.  Any feedback
+on changes and improvements would be greatly accepted.
+
+This file will probably be gibberish unless you have read
+rfc1421, rfc1422, rfc1423 and rfc1424 which describe PEM
+authentication.
+
+A Brief outline (and examples) how to use them to do so.
+
+NOTE:
+The environment variable SSL_CIPER is used to specify the prefered
+cipher to use, play around with setting it's value to combinations of
+RC4-MD5, EXP-RC4-MD5, CBC-DES-MD5, CBC3-DES-MD5, CFB-DES-NULL
+in a : separated list.
+
+This directory contains 3 X509 certificates which can be used by these programs.
+client.pem: a file containing a certificate and private key to be used
+	by s_client.
+server.pem :a file containing a certificate and private key to be used
+	by s_server.
+eay1024.pem:the certificate used to sign client.pem and server.pem.
+	This would be your CA's certificate.  There is also a link
+	from the file a8556381.0 to eay1024.PEM.  The value a8556381
+	is returned by 'x509 -hash -noout <eay1024.pem' and is the
+	value used by X509 verification routines to 'find' this
+	certificte when search a directory for it.
+	[the above is not true any more, the CA cert is 
+	 ../certs/testca.pem which is signed by ../certs/mincomca.pem]
+
+When testing the s_server, you may get
+bind: Address already in use
+errors.  These indicate the port is still being held by the unix
+kernel and you are going to have to wait for it to let go of it.  If
+this is the case, remember to use the port commands on the s_server and
+s_client to talk on an alternative port.
+
+=====
+s_client.
+This program can be used to connect to any IP/hostname:port that is
+talking SSL.  Once connected, it will attempt to authenticate the
+certificate it was passed and if everything works as expected, a 2
+directional channel will be open.  Any text typed will be sent to the
+other end.  type Q<cr> to exit.  Flags are as follows.
+-host arg	: Arg is the host or IP address to connect to.
+-port arg	: Arg is the port to connect to (https is 443).
+-verify arg	: Turn on authentication of the server certificate.
+		: Arg specifies the 'depth', this will covered below.
+-cert arg	: The optional certificate to use.  This certificate
+		: will be returned to the server if the server
+		: requests it for client authentication.
+-key arg	: The private key that matches the certificate
+		: specified by the -cert option.  If this is not
+		: specified (but -cert is), the -cert file will be
+		: searched for the Private key.  Both files are
+		: assumed to be in PEM format.
+-CApath arg	: When to look for certificates when 'verifying' the
+		: certificate from the server.
+-CAfile arg	: A file containing certificates to be used for
+		: 'verifying' the server certificate.
+-reconnect	: Once a connection has been made, drop it and
+		: reconnect with same session-id.  This is for testing :-).
+
+The '-verify n' parameter specifies not only to verify the servers
+certificate but to also only take notice of 'n' levels.  The best way
+to explain is to show via examples.
+Given
+s_server -cert server.PEM is running.
+
+s_client
+	CONNECTED
+	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
+	issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+	verify error:num=1:unable to get issuer certificate
+	verify return:1
+	CIPHER is CBC-DES-MD5
+What has happened is that the 'SSLeay demo server' certificate's
+issuer ('CA') could not be found but because verify is not on, we
+don't care and the connection has been made anyway.  It is now 'up'
+using CBC-DES-MD5 mode.  This is an unauthenticate secure channel.
+You may not be talking to the right person but the data going to them
+is encrypted.
+
+s_client -verify 0
+	CONNECTED
+	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
+	issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+	verify error:num=1:unable to get issuer certificate
+	verify return:1
+	CIPHER is CBC-DES-MD5
+We are 'verifying' but only to depth 0, so since the 'SSLeay demo server'
+certificate passed the date and checksum, we are happy to proceed.
+
+s_client -verify 1
+	CONNECTED
+	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
+	issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+	verify error:num=1:unable to get issuer certificate
+	verify return:0
+	ERROR
+	verify error:unable to get issuer certificate
+In this case we failed to make the connection because we could not
+authenticate the certificate because we could not find the
+'CA' certificate.
+
+s_client -verify 1 -CAfile eay1024.PEM
+	CONNECTED
+	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
+	verify return:1
+	depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+	verify return:1
+	CIPHER is CBC-DES-MD5
+We loaded the certificates from the file eay1024.PEM.  Everything
+checked out and so we made the connection.
+
+s_client -verify 1 -CApath .
+	CONNECTED
+	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
+	verify return:1
+	depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+	verify return:1
+	CIPHER is CBC-DES-MD5
+We looked in out local directory for issuer certificates and 'found'
+a8556381.0 and so everything is ok.
+
+It is worth noting that 'CA' is a self certified certificate.  If you
+are passed one of these, it will fail to 'verify' at depth 0 because
+we need to lookup the certifier of a certificate from some information
+that we trust and keep locally.
+
+SSL_CIPHER=CBC3-DES-MD5:RC4-MD5
+export SSL_CIPHER
+s_client -verify 10 -CApath . -reconnect
+	CONNECTED
+	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
+	verify return:1
+	depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+	verify return:1
+	drop the connection and reconnect with the same session id
+	CIPHER is CBC3-DES-MD5
+This has done a full connection and then re-estabished it with the
+same session id but a new socket.  No RSA stuff occures on the second
+connection.  Note that we said we would prefer to use CBC3-DES-MD5
+encryption and so, since the server supports it, we are.
+
+=====
+s_server
+This program accepts SSL connections on a specified port
+Once connected, it will estabish an SSL connection and optionaly
+attempt to authenticate the client.  A 2 directional channel will be
+open.  Any text typed will be sent to the other end.  Type Q<cr> to exit.
+Flags are as follows.
+-port arg	: Arg is the port to listen on.
+-verify arg	: Turn on authentication of the client if they have a
+		: certificate.  Arg specifies the 'depth'.
+-Verify arg	: Turn on authentication of the client. If they don't
+		: have a valid certificate, drop the connection.
+-cert arg	: The certificate to use.  This certificate
+		: will be passed to the client.  If it is not
+		: specified, it will default to server.PEM
+-key arg	: The private key that matches the certificate
+		: specified by the -cert option.  If this is not
+		: specified (but -cert is), the -cert file will be
+		: searched for the Private key.  Both files are
+		: assumed to be in PEM format.  Default is server.PEM
+-CApath arg	: When to look for certificates when 'verifying' the
+		: certificate from the client.
+-CAfile arg	: A file containing certificates to be used for
+		: 'verifying' the client certificate.
+
+For the following 'demo'  I will specify the s_server command and
+the s_client command and then list the output from the s_server.
+s_server
+s_client
+	CONNECTED
+	CIPHER is CBC-DES-MD5
+Everything up and running
+
+s_server -verify 0
+s_client  
+	CONNECTED
+	CIPHER is CBC-DES-MD5
+Ok since no certificate was returned and we don't care.
+
+s_server -verify 0
+./s_client -cert client.PEM
+	CONNECTED
+	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client
+	issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+	verify error:num=1:unable to get issuer certificate
+	verify return:1
+	CIPHER is CBC-DES-MD5
+Ok since we were only verifying to level 0
+
+s_server -verify 4
+s_client -cert client.PEM
+	CONNECTED
+	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client
+	issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+	verify error:num=1:unable to get issuer certificate
+	verify return:0
+	ERROR
+	verify error:unable to get issuer certificate
+Bad because we could not authenticate the returned certificate.
+
+s_server -verify 4 -CApath .
+s_client -cert client.PEM
+	CONNECTED
+	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client
+	verify return:1
+	depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+	verify return:1
+	CIPHER is CBC-DES-MD5
+Ok because we could authenticate the returned certificate :-).
+
+s_server -Verify 0 -CApath .
+s_client
+	CONNECTED
+	ERROR
+	SSL error:function is:REQUEST_CERTIFICATE
+		 :error is   :client end did not return a certificate
+Error because no certificate returned.
+
+s_server -Verify 4 -CApath .
+s_client -cert client.PEM
+	CONNECTED
+	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client
+	verify return:1
+	depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+	verify return:1
+	CIPHER is CBC-DES-MD5
+Full authentication of the client.
+
+So in summary to do full authentication of both ends
+s_server -Verify 9 -CApath .
+s_client -cert client.PEM -CApath . -verify 9
+From the server side
+	CONNECTED
+	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client
+	verify return:1
+	depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+	verify return:1
+	CIPHER is CBC-DES-MD5
+From the client side
+	CONNECTED
+	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
+	verify return:1
+	depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+	verify return:1
+	CIPHER is CBC-DES-MD5
+
+For general probing of the 'internet https' servers for the
+distribution area, run
+s_client -host www.netscape.com -port 443 -verify 4 -CApath ../rsa/hash
+Then enter
+GET /
+and you should be talking to the https server on that host.
+
+www.rsa.com was refusing to respond to connections on 443 when I was
+testing.
+
+have fun :-).
+
+eric
+
+==== a_verify.doc ========================================================
+
+From eay@mincom.com Fri Oct  4 18:29:06 1996
+Received: by orb.mincom.oz.au id AA29080
+  (5.65c/IDA-1.4.4 for eay); Fri, 4 Oct 1996 08:29:07 +1000
+Date: Fri, 4 Oct 1996 08:29:06 +1000 (EST)
+From: Eric Young <eay@mincom.oz.au>
+X-Sender: eay@orb
+To: wplatzer <wplatzer@iaik.tu-graz.ac.at>
+Cc: Eric Young <eay@mincom.oz.au>, SSL Mailing List <ssl-users@mincom.com>
+Subject: Re: Netscape's Public Key
+In-Reply-To: <19961003134837.NTM0049@iaik.tu-graz.ac.at>
+Message-Id: <Pine.SOL.3.91.961004081346.8018K-100000@orb>
+Mime-Version: 1.0
+Content-Type: TEXT/PLAIN; charset=US-ASCII
+Status: RO
+X-Status: 
+
+On Thu, 3 Oct 1996, wplatzer wrote:
+> I get Public Key from Netscape (Gold 3.0b4), but cannot do anything
+> with it... It looks like (asn1parse):
+> 
+> 0:d=0 hl=3 l=180 cons: SEQUENCE
+> 3:d=1 hl=2 l= 96 cons: SEQUENCE
+> 5:d=2 hl=2 l= 92 cons: SEQUENCE
+> 7:d=3 hl=2 l= 13 cons: SEQUENCE
+> 9:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption
+> 20:d=4 hl=2 l= 0 prim: NULL
+> 22:d=3 hl=2 l= 75 prim: BIT STRING
+> 99:d=2 hl=2 l= 0 prim: IA5STRING :
+> 101:d=1 hl=2 l= 13 cons: SEQUENCE
+> 103:d=2 hl=2 l= 9 prim: OBJECT :md5withRSAEncryption
+> 114:d=2 hl=2 l= 0 prim: NULL
+> 116:d=1 hl=2 l= 65 prim: BIT STRING
+> 
+> The first BIT STRING is the public key and the second BIT STRING is 
+> the signature.
+> But a public key consists of the public exponent and the modulus. Are 
+> both numbers in the first BIT STRING?
+> Is there a document simply describing this coding stuff (checking 
+> signature, get the public key, etc.)?
+
+Minimal in SSLeay.  If you want to see what the modulus and exponent are,
+try asn1parse -offset 25 -length 75 <key.pem
+asn1parse will currently stuff up on the 'length 75' part (fixed in next 
+release) but it will print the stuff.  If you are after more 
+documentation on ASN.1, have a look at www.rsa.com and get their PKCS 
+documents, most of my initial work on SSLeay was done using them.
+
+As for SSLeay,
+util/crypto.num and util/ssl.num are lists of all exported functions in 
+the library (but not macros :-(.
+
+The ones for extracting public keys from certificates and certificate 
+requests are EVP_PKEY *      X509_REQ_extract_key(X509_REQ *req);
+EVP_PKEY *      X509_extract_key(X509 *x509);
+
+To verify a signature on a signed ASN.1 object
+int X509_verify(X509 *a,EVP_PKEY *key);
+int X509_REQ_verify(X509_REQ *a,EVP_PKEY *key);
+int X509_CRL_verify(X509_CRL *a,EVP_PKEY *key);
+int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a,EVP_PKEY *key);
+
+I should mention that EVP_PKEY can be used to hold a public or a private key,
+since for  things like RSA and DSS, a public key is just a subset of what 
+is stored for the private key.
+
+To sign any of the above structures
+
+int X509_sign(X509 *a,EVP_PKEY *key,EVP_MD *md);
+int X509_REQ_sign(X509_REQ *a,EVP_PKEY *key,EVP_MD *md);
+int X509_CRL_sign(X509_CRL *a,EVP_PKEY *key,EVP_MD *md);
+int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *a,EVP_PKEY *key,EVP_MD *md);
+
+where md is the message digest to sign with.
+
+There are all defined in x509.h and all the _sign and _verify functions are
+actually macros to the ASN1_sign() and ASN1_verify() functions.
+These functions will put the correct algorithm identifiers in the correct 
+places in the structures.
+
+eric
+--
+Eric Young                  | BOOL is tri-state according to Bill Gates.
+AARNet: eay@mincom.oz.au    | RTFM Win32 GetMessage().
+
+==== x509 =======================================================
+
+X509_verify()
+X509_sign()
+
+X509_get_version()
+X509_get_serialNumber()
+X509_get_issuer()
+X509_get_subject()
+X509_get_notBefore()
+X509_get_notAfter()
+X509_get_pubkey()
+
+X509_set_version()
+X509_set_serialNumber()
+X509_set_issuer()
+X509_set_subject()
+X509_set_notBefore()
+X509_set_notAfter()
+X509_set_pubkey()
+
+X509_get_extensions()
+X509_set_extensions()
+
+X509_EXTENSIONS_clear()
+X509_EXTENSIONS_retrieve()
+X509_EXTENSIONS_add()
+X509_EXTENSIONS_delete()
+
+==== x509 attribute ================================================
+
+PKCS7
+	STACK of X509_ATTRIBUTES
+		ASN1_OBJECT
+		STACK of ASN1_TYPE
+
+So it is
+
+p7.xa[].obj
+p7.xa[].data[]
+
+get_obj_by_nid(STACK , nid)
+get_num_by_nid(STACK , nid)
+get_data_by_nid(STACK , nid, index)
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_new(void );
+void		X509_ATTRIBUTE_free(X509_ATTRIBUTE *a);
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **ex,
+			int nid, STACK *value);
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **ex,
+			int nid, STACK *value);
+
+int		X509_ATTRIBUTE_set_object(X509_ATTRIBUTE *ex,ASN1_OBJECT *obj);
+int		X509_ATTRIBUTE_add_data(X509_ATTRIBUTE *ex, int index,
+			ASN1_TYPE *value);
+
+ASN1_OBJECT *	X509_ATTRIBUTE_get_object(X509_ATTRIBUTE *ex);
+int 		X509_ATTRIBUTE_get_num(X509_ATTRIBUTE *ne);
+ASN1_TYPE *	X509_ATTRIBUTE_get_data(X509_ATTRIBUTE *ne,int index);
+
+ASN1_TYPE *	X509_ATTRIBUTE_get_data_by_NID(X509_ATTRIBUTE *ne,
+			ASN1_OBJECT *obj);
+
+X509_ATTRIBUTE *PKCS7_get_s_att_by_NID(PKCS7 *p7,int nid);
+X509_ATTRIBUTE *PKCS7_get_u_att_by_NID(PKCS7 *p7,int nid);
+
+==== x509 v3 ========================================================
+
+The 'new' system.
+
+The X509_EXTENSION_METHOD includes extensions and attributes and/or names. 
+Basically everthing that can be added to an X509 with an OID identifying it.
+
+It operates via 2 methods per object id.
+int a2i_XXX(X509 *x,char *str,int len);
+int i2a_XXX(BIO *bp,X509 *x);
+
+The a2i_XXX function will add the object with a value converted from the
+string into the X509.  Len can be -1 in which case the length is calculated
+via strlen(str).   Applications can always use direct knowledge to load and
+unload the relevent objects themselves.
+
+i2a_XXX will print to the passed BIO, a text representation of the
+relevet object.  Use a memory BIO if you want it printed to a buffer :-).
+
+X509_add_by_NID(X509 *x,int nid,char *str,int len);
+X509_add_by_OBJ(X509 *x,ASN1_OBJECT *obj,char *str,int len);
+
+X509_print_by_name(BIO *bp,X509 *x);
+X509_print_by_NID(BIO *bp,X509 *x);
+X509_print_by_OBJ(BIO *bp,X509 *x);
+
+==== verify ========================================================
+
+X509_verify_cert_chain(
+	CERT_STORE *cert_store,
+	STACK /* X509 */ *certs,
+	int *verify_result,
+	int (*verify_error_callback)()
+	char *argument_to_callback, /* SSL */
+
+app_verify_callback(
+	char *app_verify_arg, /* from SSL_CTX */
+	STACK /* X509 */ *certs,
+	int *verify_result,
+	int (*verify_error_callback)()
+	SSL *s,
+
+int X509_verify_cert(
+	CERT_STORE *cert_store,
+	X509 *x509,
+	int *verify_result,
+	int (*verify_error_callback)(),
+	char *arg,
+
+==== apps.doc ========================================================
+
+The applications
+
+Ok, where to begin....
+In the begining, when SSLeay was small (April 1995), there
+were but few applications, they did happily cohabit in
+the one bin directory.  Then over time, they did multiply and grow,
+and they started to look like microsoft software; 500k to print 'hello world'.
+A new approach was needed.  They were coalessed into one 'Monolithic'
+application, ssleay.  This one program is composed of many programs that
+can all be compiled independantly.
+
+ssleay has 3 modes of operation.
+1) If the ssleay binaray has the name of one of its component programs, it
+executes that program and then exits.  This can be achieve by using hard or
+symbolic links, or failing that, just renaming the binary.
+2) If the first argument to ssleay is the name of one of the component
+programs, that program runs that program and then exits.
+3) If there are no arguments, ssleay enters a 'command' mode.  Each line is
+interpreted as a program name plus arguments.  After each 'program' is run,
+ssleay returns to the comand line.
+
+dgst	- message digests
+enc	- encryption and base64 encoding
+
+ans1parse - 'pulls' appart ASN.1 encoded objects like certificates.
+
+dh	- Diffle-Hellman parameter manipulation.
+rsa	- RSA manipulations.
+crl	- Certificate revokion list manipulations
+x509	- X509 cert fiddles, including signing.
+pkcs7	- pkcs7 manipulation, only DER versions right now.
+
+genrsa	- generate an RSA private key.
+gendh	- Generate a set of Diffle-Hellman parameters.
+req	- Generate a PKCS#10 object, a certificate request.
+
+s_client - SSL client program
+s_server - SSL server program
+s_time	 - A SSL protocol timing program
+s_mult	 - Another SSL server, but it multiplexes
+	   connections.
+s_filter - under development
+
+errstr	- Convert SSLeay error numbers to strings.
+ca	- Sign certificate requests, and generate
+	  certificate revokion lists
+crl2pkcs7 - put a crl and certifcates into a pkcs7 object.
+speed	- Benchmark the ciphers.
+verify	- Check certificates
+hashdir - under development
+
+[ there a now a few more options, play with the program to see what they
+  are ]
+
+==== asn1.doc ========================================================
+
+The ASN.1 Routines.
+
+ASN.1 is a specification for how to encode structured 'data' in binary form.
+The approach I have take to the manipulation of structures and their encoding
+into ASN.1 is as follows.
+
+For each distinct structure there are 4 function of the following form
+TYPE *TYPE_new(void);
+void TYPE_free(TYPE *);
+TYPE *d2i_TYPE(TYPE **a,unsigned char **pp,long length);
+long i2d_TYPE(TYPE *a,unsigned char **pp); 	/* CHECK RETURN VALUE */
+
+where TYPE is the type of the 'object'.  The TYPE that have these functions
+can be in one of 2 forms, either the internal C malloc()ed data structure
+or in the DER (a variant of ASN.1 encoding) binary encoding which is just
+an array of unsigned bytes.  The 'i2d' functions converts from the internal
+form to the DER form and the 'd2i' functions convert from the DER form to
+the internal form.
+
+The 'new' function returns a malloc()ed version of the structure with all
+substructures either created or left as NULL pointers.  For 'optional'
+fields, they are normally left as NULL to indicate no value.  For variable
+size sub structures (often 'SET OF' or 'SEQUENCE OF' in ASN.1 syntax) the
+STACK data type is used to hold the values.  Have a read of stack.doc
+and have a look at the relevant header files to see what I mean.  If there
+is an error while malloc()ing the structure, NULL is returned.
+
+The 'free' function will free() all the sub components of a particular
+structure.  If any of those sub components have been 'removed', replace
+them with NULL pointers, the 'free' functions are tolerant of NULL fields.
+
+The 'd2i' function copies a binary representation into a C structure.  It
+operates as follows.  'a' is a pointer to a pointer to
+the structure to populate, 'pp' is a pointer to a pointer to where the DER
+byte string is located and 'length' is the length of the '*pp' data.
+If there are no errors, a pointer to the populated structure is returned.
+If there is an error, NULL is returned.  Errors can occur because of
+malloc() failures but normally they will be due to syntax errors in the DER
+encoded data being parsed. It is also an error if there was an
+attempt to read more that 'length' bytes from '*p'.  If
+everything works correctly, the value in '*p' is updated
+to point at the location just beyond where the DER
+structure was read from.  In this way, chained calls to 'd2i' type
+functions can be made, with the pointer into the 'data' array being
+'walked' along the input byte array.
+Depending on the value passed for 'a', different things will be done.  If
+'a' is NULL, a new structure will be malloc()ed and returned.  If '*a' is
+NULL, a new structure will be malloc()ed and put into '*a' and returned.
+If '*a' is not NULL, the structure in '*a' will be populated, or in the
+case of an error, free()ed and then returned.
+Having these semantics means that a structure
+can call a 'd2i' function to populate a field and if the field is currently
+NULL, the structure will be created.
+
+The 'i2d' function type is used to copy a C structure to a byte array.
+The parameter 'a' is the structure to convert and '*p' is where to put it.
+As for the 'd2i' type structure, 'p' is updated to point after the last
+byte written.  If p is NULL, no data is written.  The function also returns
+the number of bytes written.  Where this becomes useful is that if the
+function is called with a NULL 'p' value, the length is returned.  This can
+then be used to malloc() an array of bytes and then the same function can
+be recalled passing the malloced array to be written to. e.g.
+
+int len;
+unsigned char *bytes,*p;
+len=i2d_X509(x,NULL);	/* get the size of the ASN1 encoding of 'x' */
+if ((bytes=(unsigned char *)malloc(len)) == NULL)
+	goto err;
+p=bytes;
+i2d_X509(x,&p);
+
+Please note that a new variable, 'p' was passed to i2d_X509.  After the
+call to i2d_X509 p has been incremented by len bytes.
+
+Now the reason for this functional organisation is that it allows nested
+structures to be built up by calling these functions as required.  There
+are various macros used to help write the general 'i2d', 'd2i', 'new' and
+'free' functions.  They are discussed in another file and would only be
+used by some-one wanting to add new structures to the library.  As you
+might be able to guess, the process of writing ASN.1 files can be a bit CPU
+expensive for complex structures.  I'm willing to live with this since the
+simpler library code make my life easier and hopefully most programs using
+these routines will have their execution profiles dominated by cipher or
+message digest routines.
+What follows is a list of 'TYPE' values and the corresponding ASN.1
+structure and where it is used.
+
+TYPE			ASN.1
+ASN1_INTEGER		INTEGER
+ASN1_BIT_STRING		BIT STRING
+ASN1_OCTET_STRING	OCTET STRING
+ASN1_OBJECT		OBJECT IDENTIFIER
+ASN1_PRINTABLESTRING	PrintableString
+ASN1_T61STRING		T61String
+ASN1_IA5STRING		IA5String
+ASN1_UTCTIME		UTCTime
+ASN1_TYPE		Any of the above mentioned types plus SEQUENCE and SET
+
+Most of the above mentioned types are actualled stored in the
+ASN1_BIT_STRING type and macros are used to differentiate between them.
+The 3 types used are
+
+typedef struct asn1_object_st
+	{
+	/* both null if a dynamic ASN1_OBJECT, one is
+	 * defined if a 'static' ASN1_OBJECT */
+	char *sn,*ln;
+	int nid;
+	int length;
+	unsigned char *data;
+	} ASN1_OBJECT;
+This is used to store ASN1 OBJECTS.  Read 'objects.doc' for details ono
+routines to manipulate this structure.  'sn' and 'ln' are used to hold text
+strings that represent the object (short name and long or lower case name).
+These are used by the 'OBJ' library.  'nid' is a number used by the OBJ
+library to uniquely identify objects.  The ASN1 routines will populate the
+'length' and 'data' fields which will contain the bit string representing
+the object.
+
+typedef struct asn1_bit_string_st
+	{
+	int length;
+	int type;
+	unsigned char *data;
+	} ASN1_BIT_STRING;
+This structure is used to hold all the other base ASN1 types except for
+ASN1_UTCTIME (which is really just a 'char *').  Length is the number of
+bytes held in data and type is the ASN1 type of the object (there is a list
+in asn1.h).
+
+typedef struct asn1_type_st
+	{
+	int type;
+	union	{
+		char *ptr;
+		ASN1_INTEGER *		integer;
+		ASN1_BIT_STRING *	bit_string;
+		ASN1_OCTET_STRING *	octet_string;
+		ASN1_OBJECT *		object;
+		ASN1_PRINTABLESTRING *	printablestring;
+		ASN1_T61STRING *	t61string;
+		ASN1_IA5STRING *	ia5string;
+		ASN1_UTCTIME *		utctime;
+		ASN1_BIT_STRING *	set;
+		ASN1_BIT_STRING *	sequence;
+		} value;
+	} ASN1_TYPE;
+This structure is used in a few places when 'any' type of object can be
+expected.
+
+X509			Certificate
+X509_CINF		CertificateInfo
+X509_ALGOR		AlgorithmIdentifier
+X509_NAME		Name			
+X509_NAME_ENTRY		A single sub component of the name.
+X509_VAL		Validity
+X509_PUBKEY		SubjectPublicKeyInfo
+The above mentioned types are declared in x509.h. They are all quite
+straight forward except for the X509_NAME/X509_NAME_ENTRY pair.
+A X509_NAME is a STACK (see stack.doc) of X509_NAME_ENTRY's.
+typedef struct X509_name_entry_st
+	{
+	ASN1_OBJECT *object;
+	ASN1_BIT_STRING *value;
+	int set;
+	int size; 	/* temp variable */
+	} X509_NAME_ENTRY;
+The size is a temporary variable used by i2d_NAME and set is the set number
+for the particular NAME_ENTRY.  A X509_NAME is encoded as a sequence of
+sequence of sets.  Normally each set contains only a single item.
+Sometimes it contains more.  Normally throughout this library there will be
+only one item per set.  The set field contains the 'set' that this entry is
+a member of.  So if you have just created a X509_NAME structure and
+populated it with X509_NAME_ENTRYs, you should then traverse the X509_NAME
+(which is just a STACK) and set the 'set/' field to incrementing numbers.
+For more details on why this is done, read the ASN.1 spec for Distinguished
+Names.
+
+X509_REQ		CertificateRequest
+X509_REQ_INFO		CertificateRequestInfo
+These are used to hold certificate requests.
+
+X509_CRL		CertificateRevocationList
+These are used to hold a certificate revocation list
+
+RSAPrivateKey		PrivateKeyInfo
+RSAPublicKey		PublicKeyInfo
+Both these 'function groups' operate on 'RSA' structures (see rsa.doc).
+The difference is that the RSAPublicKey operations only manipulate the m
+and e fields in the RSA structure.
+
+DSAPrivateKey		DSS private key
+DSAPublicKey		DSS public key
+Both these 'function groups' operate on 'DSS' structures (see dsa.doc).
+The difference is that the RSAPublicKey operations only manipulate the 
+XXX fields in the DSA structure.
+
+DHparams		DHParameter
+This is used to hold the p and g value for The Diffie-Hellman operation.
+The function deal with the 'DH' strucure (see dh.doc).
+
+Now all of these function types can be used with several other functions to give
+quite useful set of general manipulation routines.  Normally one would
+not uses these functions directly but use them via macros. 
+
+char *ASN1_dup(int (*i2d)(),char *(*d2i)(),char *x);
+'x' is the input structure case to a 'char *', 'i2d' is the 'i2d_TYPE'
+function for the type that 'x' is and d2i is the 'd2i_TYPE' function for the
+type that 'x' is.  As is obvious from the parameters, this function
+duplicates the strucutre by transforming it into the DER form and then
+re-loading it into a new strucutre and returning the new strucutre.  This
+is obviously a bit cpu intensive but when faced with a complex dynamic
+structure this is the simplest programming approach.  There are macros for
+duplicating the major data types but is simple to add extras.
+
+char *ASN1_d2i_fp(char *(*new)(),char *(*d2i)(),FILE *fp,unsigned char **x);
+'x' is a pointer to a pointer of the 'desired type'.  new and d2i are the
+corresponding 'TYPE_new' and 'd2i_TYPE' functions for the type and 'fp' is
+an open file pointer to read from.  This function reads from 'fp' as much
+data as it can and then uses 'd2i' to parse the bytes to load and return
+the parsed strucutre in 'x' (if it was non-NULL) and to actually return the
+strucutre.  The behavior of 'x' is as per all the other d2i functions.
+
+char *ASN1_d2i_bio(char *(*new)(),char *(*d2i)(),BIO *fp,unsigned char **x);
+The 'BIO' is the new IO type being used in SSLeay (see bio.doc).  This
+function is the same as ASN1_d2i_fp() except for the BIO argument.
+ASN1_d2i_fp() actually calls this function.
+
+int ASN1_i2d_fp(int (*i2d)(),FILE *out,unsigned char *x);
+'x' is converted to bytes by 'i2d' and then written to 'out'.  ASN1_i2d_fp
+and ASN1_d2i_fp are not really symetric since ASN1_i2d_fp will read all
+available data from the file pointer before parsing a single item while
+ASN1_i2d_fp can be used to write a sequence of data objects.  To read a
+series of objects from a file I would sugest loading the file into a buffer
+and calling the relevent 'd2i' functions.
+
+char *ASN1_d2i_bio(char *(*new)(),char *(*d2i)(),BIO *fp,unsigned char **x);
+This function is the same as ASN1_i2d_fp() except for the BIO argument.
+ASN1_i2d_fp() actually calls this function.
+
+char *	PEM_ASN1_read(char *(*d2i)(),char *name,FILE *fp,char **x,int (*cb)());
+This function will read the next PEM encoded (base64) object of the same
+type as 'x' (loaded by the d2i function).  'name' is the name that is in
+the '-----BEGIN name-----' that designates the start of that object type.
+If the data is encrypted, 'cb' will be called to prompt for a password.  If
+it is NULL a default function will be used to prompt from the password.
+'x' is delt with as per the standard 'd2i' function interface.  This
+function can be used to read a series of objects from a file.  While any
+data type can be encrypted (see PEM_ASN1_write) only RSA private keys tend
+to be encrypted.
+
+char *	PEM_ASN1_read_bio(char *(*d2i)(),char *name,BIO *fp,
+	char **x,int (*cb)());
+Same as PEM_ASN1_read() except using a BIO.  This is called by
+PEM_ASN1_read().
+
+int	PEM_ASN1_write(int (*i2d)(),char *name,FILE *fp,char *x,EVP_CIPHER *enc,
+		unsigned char *kstr,int klen,int (*callback)());
+
+int	PEM_ASN1_write_bio(int (*i2d)(),char *name,BIO *fp,
+		char *x,EVP_CIPHER *enc,unsigned char *kstr,int klen,
+		int (*callback)());
+
+int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
+	ASN1_BIT_STRING *signature, char *data, RSA *rsa, EVP_MD *type);
+int ASN1_verify(int (*i2d)(), X509_ALGOR *algor1,
+	ASN1_BIT_STRING *signature,char *data, RSA *rsa);
+
+int ASN1_BIT_STRING_cmp(ASN1_BIT_STRING *a, ASN1_BIT_STRING *b);
+ASN1_BIT_STRING *ASN1_BIT_STRING_type_new(int type );
+
+int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
+void ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a);
+ASN1_UTCTIME *ASN1_UTCTIME_dup(ASN1_UTCTIME *a);
+
+ASN1_BIT_STRING *d2i_asn1_print_type(ASN1_BIT_STRING **a,unsigned char **pp,
+		long length,int type);
+
+int		i2d_ASN1_SET(STACK *a, unsigned char **pp,
+			int (*func)(), int ex_tag, int ex_class);
+STACK *		d2i_ASN1_SET(STACK **a, unsigned char **pp, long length,
+			char *(*func)(), int ex_tag, int ex_class);
+
+int i2a_ASN1_OBJECT(BIO *bp,ASN1_OBJECT *object);
+int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
+int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size);
+
+int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
+long ASN1_INTEGER_get(ASN1_INTEGER *a);
+ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai);
+BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai,BIGNUM *bn);
+
+/* given a string, return the correct type.  Max is the maximum number
+ * of bytes to parse.  It stops parsing when 'max' bytes have been
+ * processed or a '\0' is hit */
+int ASN1_PRINTABLE_type(unsigned char *s,int max);
+
+void ASN1_parse(BIO *fp,unsigned char *pp,long len);
+
+int i2d_ASN1_bytes(ASN1_BIT_STRING *a, unsigned char **pp, int tag, int class);
+ASN1_BIT_STRING *d2i_ASN1_bytes(ASN1_OCTET_STRING **a, unsigned char **pp,
+	long length, int Ptag, int Pclass);
+
+/* PARSING */
+int asn1_Finish(ASN1_CTX *c);
+
+/* SPECIALS */
+int ASN1_get_object(unsigned char **pp, long *plength, int *ptag,
+	int *pclass, long omax);
+int ASN1_check_infinite_end(unsigned char **p,long len);
+void ASN1_put_object(unsigned char **pp, int constructed, int length,
+	int tag, int class);
+int ASN1_object_size(int constructed, int length, int tag);
+
+X509 *	X509_get_cert(CERTIFICATE_CTX *ctx,X509_NAME * name,X509 *tmp_x509);
+int  	X509_add_cert(CERTIFICATE_CTX *ctx,X509 *);
+
+char *	X509_cert_verify_error_string(int n);
+int 	X509_add_cert_file(CERTIFICATE_CTX *c,char *file, int type);
+char *	X509_gmtime (char *s, long adj);
+int	X509_add_cert_dir (CERTIFICATE_CTX *c,char *dir, int type);
+int	X509_load_verify_locations (CERTIFICATE_CTX *ctx,
+		char *file_env, char *dir_env);
+int	X509_set_default_verify_paths(CERTIFICATE_CTX *cts);
+X509 *	X509_new_D2i_X509(int len, unsigned char *p);
+char *	X509_get_default_cert_area(void );
+char *	X509_get_default_cert_dir(void );
+char *	X509_get_default_cert_file(void );
+char *	X509_get_default_cert_dir_env(void );
+char *	X509_get_default_cert_file_env(void );
+char *	X509_get_default_private_dir(void );
+X509_REQ *X509_X509_TO_req(X509 *x, RSA *rsa);
+int	X509_cert_verify(CERTIFICATE_CTX *ctx,X509 *xs, int (*cb)()); 
+
+CERTIFICATE_CTX *CERTIFICATE_CTX_new();
+void CERTIFICATE_CTX_free(CERTIFICATE_CTX *c);
+
+void X509_NAME_print(BIO *fp, X509_NAME *name, int obase);
+int		X509_print_fp(FILE *fp,X509 *x);
+int		X509_print(BIO *fp,X509 *x);
+
+X509_INFO *	X509_INFO_new(void);
+void		X509_INFO_free(X509_INFO *a);
+
+char *		X509_NAME_oneline(X509_NAME *a);
+
+#define X509_verify(x,rsa)
+#define X509_REQ_verify(x,rsa)
+#define X509_CRL_verify(x,rsa)
+
+#define X509_sign(x,rsa,md)
+#define X509_REQ_sign(x,rsa,md)
+#define X509_CRL_sign(x,rsa,md)
+
+#define X509_dup(x509)
+#define d2i_X509_fp(fp,x509)
+#define i2d_X509_fp(fp,x509)
+#define d2i_X509_bio(bp,x509)
+#define i2d_X509_bio(bp,x509)
+
+#define X509_CRL_dup(crl)
+#define d2i_X509_CRL_fp(fp,crl)
+#define i2d_X509_CRL_fp(fp,crl)
+#define d2i_X509_CRL_bio(bp,crl)
+#define i2d_X509_CRL_bio(bp,crl)
+
+#define X509_REQ_dup(req)
+#define d2i_X509_REQ_fp(fp,req)
+#define i2d_X509_REQ_fp(fp,req)
+#define d2i_X509_REQ_bio(bp,req)
+#define i2d_X509_REQ_bio(bp,req)
+
+#define RSAPrivateKey_dup(rsa)
+#define d2i_RSAPrivateKey_fp(fp,rsa)
+#define i2d_RSAPrivateKey_fp(fp,rsa)
+#define d2i_RSAPrivateKey_bio(bp,rsa)
+#define i2d_RSAPrivateKey_bio(bp,rsa)
+
+#define X509_NAME_dup(xn)
+#define X509_NAME_ENTRY_dup(ne)
+
+void X509_REQ_print_fp(FILE *fp,X509_REQ *req);
+void X509_REQ_print(BIO *fp,X509_REQ *req);
+
+RSA *X509_REQ_extract_key(X509_REQ *req);
+RSA *X509_extract_key(X509 *x509);
+
+int		X509_issuer_and_serial_cmp(X509 *a, X509 *b);
+unsigned long	X509_issuer_and_serial_hash(X509 *a);
+
+X509_NAME *	X509_get_issuer_name(X509 *a);
+int		X509_issuer_name_cmp(X509 *a, X509 *b);
+unsigned long	X509_issuer_name_hash(X509 *a);
+
+X509_NAME *	X509_get_subject_name(X509 *a);
+int		X509_subject_name_cmp(X509 *a,X509 *b);
+unsigned long	X509_subject_name_hash(X509 *x);
+
+int		X509_NAME_cmp (X509_NAME *a, X509_NAME *b);
+unsigned long	X509_NAME_hash(X509_NAME *x);
+
+
+==== bio.doc ========================================================
+
+BIO Routines
+
+This documentation is rather sparse, you are probably best 
+off looking at the code for specific details.
+
+The BIO library is a IO abstraction that was originally 
+inspired by the need to have callbacks to perform IO to FILE 
+pointers when using Windows 3.1 DLLs.  There are two types 
+of BIO; a source/sink type and a filter type.
+The source/sink methods are as follows:
+-	BIO_s_mem()  memory buffer - a read/write byte array that
+	grows until memory runs out :-).
+-	BIO_s_file()  FILE pointer - A wrapper around the normal 
+	'FILE *' commands, good for use with stdin/stdout.
+-	BIO_s_fd()  File descriptor - A wrapper around file 
+	descriptors, often used with pipes.
+-	BIO_s_socket()  Socket - Used around sockets.  It is 
+	mostly in the Microsoft world that sockets are different 
+	from file descriptors and there are all those ugly winsock 
+	commands.
+-	BIO_s_null()  Null - read nothing and write nothing.; a 
+	useful endpoint for filter type BIO's specifically things 
+	like the message digest BIO.
+
+The filter types are
+-	BIO_f_buffer()  IO buffering - does output buffering into 
+	larger chunks and performs input buffering to allow gets() 
+	type functions.
+-	BIO_f_md()  Message digest - a transparent filter that can 
+	be asked to return a message digest for the data that has 
+	passed through it.
+-	BIO_f_cipher()  Encrypt or decrypt all data passing 
+	through the filter.
+-	BIO_f_base64()  Base64 decode on read and encode on write.
+-	BIO_f_ssl()  A filter that performs SSL encryption on the 
+	data sent through it.
+
+Base BIO functions.
+The BIO library has a set of base functions that are 
+implemented for each particular type.  Filter BIOs will 
+normally call the equivalent function on the source/sink BIO 
+that they are layered on top of after they have performed 
+some modification to the data stream.  Multiple filter BIOs 
+can be 'push' into a stack of modifers, so to read from a 
+file, unbase64 it, then decrypt it, a BIO_f_cipher, 
+BIO_f_base64 and a BIO_s_file would probably be used.  If a 
+sha-1 and md5 message digest needed to be generated, a stack 
+two BIO_f_md() BIOs and a BIO_s_null() BIO could be used.
+The base functions are
+-	BIO *BIO_new(BIO_METHOD *type); Create  a new BIO of  type 'type'.
+-	int BIO_free(BIO *a); Free a BIO structure.  Depending on 
+	the configuration, this will free the underlying data 
+	object for a source/sink BIO.
+-	int BIO_read(BIO *b, char *data, int len); Read upto 'len' 
+	bytes into 'data'. 
+-	int BIO_gets(BIO *bp,char *buf, int size); Depending on 
+	the BIO, this can either be a 'get special' or a get one 
+	line of data, as per fgets();
+-	int BIO_write(BIO *b, char *data, int len); Write 'len' 
+	bytes from 'data' to the 'b' BIO.
+-	int BIO_puts(BIO *bp,char *buf); Either a 'put special' or 
+	a write null terminated string as per fputs().
+-	long BIO_ctrl(BIO *bp,int cmd,long larg,char *parg);  A 
+	control function which is used to manipulate the BIO 
+	structure and modify it's state and or report on it.  This 
+	function is just about never used directly, rather it 
+	should be used in conjunction with BIO_METHOD specific 
+	macros.
+-	BIO *BIO_push(BIO *new_top, BIO *old); new_top is apped to the
+	top of the 'old' BIO list.  new_top should be a filter BIO.
+	All writes will go through 'new_top' first and last on read.
+	'old' is returned.
+-	BIO *BIO_pop(BIO *bio); the new topmost BIO is returned, NULL if
+	there are no more.
+
+If a particular low level BIO method is not supported 
+(normally BIO_gets()), -2 will be returned if that method is 
+called.  Otherwise the IO methods (read, write, gets, puts) 
+will return the number of bytes read or written, and 0 or -1 
+for error (or end of input).  For the -1 case, 
+BIO_should_retry(bio) can be called to determine if it was a 
+genuine error or a temporary problem.  -2 will also be 
+returned if the BIO has not been initalised yet, in all 
+cases, the correct error codes are set (accessible via the 
+ERR library).
+
+
+The following functions are convenience functions:
+-	int BIO_printf(BIO *bio, char * format, ..);  printf but 
+	to a BIO handle.
+-	long BIO_ctrl_int(BIO *bp,int cmd,long larg,int iarg); a 
+	convenience function to allow a different argument types 
+	to be passed to BIO_ctrl().
+-	int BIO_dump(BIO *b,char *bytes,int len); output 'len' 
+	bytes from 'bytes' in a hex dump debug format.
+-	long BIO_debug_callback(BIO *bio, int cmd, char *argp, int 
+	argi, long argl, long ret) - a default debug BIO callback, 
+	this is mentioned below.  To use this one normally has to 
+	use the BIO_set_callback_arg() function to assign an 
+	output BIO for the callback to use.
+-	BIO *BIO_find_type(BIO *bio,int type); when there is a 'stack'
+	of BIOs, this function scan the list and returns the first
+	that is of type 'type', as listed in buffer.h under BIO_TYPE_XXX.
+-	void BIO_free_all(BIO *bio); Free the bio and all other BIOs
+	in the list.  It walks the bio->next_bio list.
+
+
+
+Extra commands are normally implemented as macros calling BIO_ctrl().
+-	BIO_number_read(BIO *bio) - the number of bytes processed 
+	by BIO_read(bio,.).
+-	BIO_number_written(BIO *bio) - the number of bytes written 
+	by BIO_write(bio,.).
+-	BIO_reset(BIO *bio) - 'reset' the BIO.
+-	BIO_eof(BIO *bio) - non zero if we are at the current end 
+	of input.
+-	BIO_set_close(BIO *bio, int close_flag) - set the close flag.
+-	BIO_get_close(BIO *bio) - return the close flag.
+	BIO_pending(BIO *bio) - return the number of bytes waiting 
+	to be read (normally buffered internally).
+-	BIO_flush(BIO *bio) - output any data waiting to be output.
+-	BIO_should_retry(BIO *io) - after a BIO_read/BIO_write 
+	operation returns 0 or -1, a call to this function will 
+	return non zero if you should retry the call later (this 
+	is for non-blocking IO).
+-	BIO_should_read(BIO *io) - we should retry when data can 
+	be read.
+-	BIO_should_write(BIO *io) - we should retry when data can 
+	be written.
+-	BIO_method_name(BIO *io) - return a string for the method name.
+-	BIO_method_type(BIO *io) - return the unique ID of the BIO method.
+-	BIO_set_callback(BIO *io,  long (*callback)(BIO *io, int 
+	cmd, char *argp, int argi, long argl, long ret); - sets 
+	the debug callback.
+-	BIO_get_callback(BIO *io) - return the assigned function 
+	as mentioned above.
+-	BIO_set_callback_arg(BIO *io, char *arg)  - assign some 
+	data against the BIO.  This is normally used by the debug 
+	callback but could in reality be used for anything.  To 
+	get an idea of how all this works, have a look at the code 
+	in the default debug callback mentioned above.  The 
+	callback can modify the return values.
+
+Details of the BIO_METHOD structure.
+typedef struct bio_method_st
+        {
+	int type;
+	char *name;
+	int (*bwrite)();
+	int (*bread)();
+	int (*bputs)();
+	int (*bgets)();
+	long (*ctrl)();
+	int (*create)();
+	int (*destroy)();
+	} BIO_METHOD;
+
+The 'type' is the numeric type of the BIO, these are listed in buffer.h;
+'Name' is a textual representation of the BIO 'type'.
+The 7 function pointers point to the respective function 
+methods, some of which can be NULL if not implemented.
+The BIO structure
+typedef struct bio_st
+	{
+	BIO_METHOD *method;
+	long (*callback)(BIO * bio, int mode, char *argp, int 
+		argi, long argl, long ret);
+	char *cb_arg; /* first argument for the callback */
+	int init;
+	int shutdown;
+	int flags;      /* extra storage */
+	int num;
+	char *ptr;
+	struct bio_st *next_bio; /* used by filter BIOs */
+	int references;
+	unsigned long num_read;
+	unsigned long num_write;
+	} BIO;
+
+-	'Method' is the BIO method.
+-	'callback', when configured, is called before and after 
+	each BIO method is called for that particular BIO.  This 
+	is intended primarily for debugging and of informational feedback.
+-	'init' is 0 when the BIO can be used for operation.  
+	Often, after a BIO is created, a number of operations may 
+	need to be performed before it is available for use.  An 
+	example is for BIO_s_sock().  A socket needs to be 
+	assigned to the BIO before it can be used.
+-	'shutdown', this flag indicates if the underlying 
+	comunication primative being used should be closed/freed 
+	when the BIO is closed.
+-	'flags' is used to hold extra state.  It is primarily used 
+	to hold information about why a non-blocking operation 
+	failed and to record startup protocol information for the 
+	SSL BIO.
+-	'num' and 'ptr' are used to hold instance specific state 
+	like file descriptors or local data structures.
+-	'next_bio' is used by filter BIOs to hold the pointer of the
+	next BIO in the chain. written data is sent to this BIO and
+	data read is taken from it.
+-	'references' is used to indicate the number of pointers to 
+	this structure.  This needs to be '1' before a call to 
+	BIO_free() is made if the BIO_free() function is to 
+	actually free() the structure, otherwise the reference 
+	count is just decreased.  The actual BIO subsystem does 
+	not really use this functionality but it is useful when 
+	used in more advanced applicaion.
+-	num_read and num_write are the total number of bytes 
+	read/written via the 'read()' and 'write()' methods.
+
+BIO_ctrl operations.
+The following is the list of standard commands passed as the 
+second parameter to BIO_ctrl() and should be supported by 
+all BIO as best as possible.  Some are optional, some are 
+manditory, in any case, where is makes sense, a filter BIO 
+should pass such requests to underlying BIO's.
+-	BIO_CTRL_RESET	- Reset the BIO back to an initial state.
+-	BIO_CTRL_EOF	- return 0 if we are not at the end of input, 
+	non 0 if we are.
+-	BIO_CTRL_INFO	- BIO specific special command, normal
+	information return.
+-	BIO_CTRL_SET	- set IO specific parameter.
+-	BIO_CTRL_GET	- get IO specific parameter.
+-	BIO_CTRL_GET_CLOSE - Get the close on BIO_free() flag, one 
+	of BIO_CLOSE or BIO_NOCLOSE.
+-	BIO_CTRL_SET_CLOSE - Set the close on BIO_free() flag.
+-	BIO_CTRL_PENDING - Return the number of bytes available 
+	for instant reading
+-	BIO_CTRL_FLUSH	- Output pending data, return number of bytes output.
+-	BIO_CTRL_SHOULD_RETRY - After an IO error (-1 returned) 
+	should we 'retry' when IO is possible on the underlying IO object.
+-	BIO_CTRL_RETRY_TYPE - What kind of IO are we waiting on.
+
+The following command is a special BIO_s_file() specific option.
+-	BIO_CTRL_SET_FILENAME - specify a file to open for IO.
+
+The BIO_CTRL_RETRY_TYPE needs a little more explanation.  
+When performing non-blocking IO, or say reading on a memory 
+BIO, when no data is present (or cannot be written), 
+BIO_read() and/or BIO_write() will return -1.  
+BIO_should_retry(bio) will return true if this is due to an 
+IO condition rather than an actual error.  In the case of 
+BIO_s_mem(), a read when there is no data will return -1 and 
+a should retry when there is more 'read' data.
+The retry type is deduced from 2 macros
+BIO_should_read(bio) and BIO_should_write(bio).
+Now while it may appear obvious that a BIO_read() failure 
+should indicate that a retry should be performed when more 
+read data is available, this is often not true when using 
+things like an SSL BIO.  During the SSL protocol startup 
+multiple reads and writes are performed, triggered by any 
+SSL_read or SSL_write.
+So to write code that will transparently handle either a 
+socket or SSL BIO,
+	i=BIO_read(bio,..)
+	if (I == -1)
+		{
+		if (BIO_should_retry(bio))
+			{
+			if (BIO_should_read(bio))
+				{
+				/* call us again when BIO can be read */
+				}
+			if (BIO_should_write(bio))
+				{
+				/* call us again when BIO can be written */
+				}
+			}
+		}
+
+At this point in time only read and write conditions can be 
+used but in the future I can see the situation for other 
+conditions, specifically with SSL there could be a condition 
+of a X509 certificate lookup taking place and so the non-
+blocking BIO_read would require a retry when the certificate 
+lookup subsystem has finished it's lookup.  This is all 
+makes more sense and is easy to use in a event loop type 
+setup.
+When using the SSL BIO, either SSL_read() or SSL_write()s 
+can be called during the protocol startup and things will 
+still work correctly.
+The nice aspect of the use of the BIO_should_retry() macro 
+is that all the errno codes that indicate a non-fatal error 
+are encapsulated in one place.  The Windows specific error 
+codes and WSAGetLastError() calls are also hidden from the 
+application.
+
+Notes on each BIO method.
+Normally buffer.h is just required but depending on the 
+BIO_METHOD, ssl.h or evp.h will also be required.
+
+BIO_METHOD *BIO_s_mem(void);
+-	BIO_set_mem_buf(BIO *bio, BUF_MEM *bm, int close_flag) - 
+	set the underlying BUF_MEM structure for the BIO to use.
+-	BIO_get_mem_ptr(BIO *bio, char **pp) - if pp is not NULL, 
+	set it to point to the memory array and return the number 
+	of bytes available.
+A read/write BIO.  Any data written is appended to the 
+memory array and any read is read from the front.  This BIO 
+can be used for read/write at the same time. BIO_gets() is 
+supported in the fgets() sense.
+BIO_CTRL_INFO can be used to retrieve pointers to the memory 
+buffer and it's length.
+
+BIO_METHOD *BIO_s_file(void);
+-	BIO_set_fp(BIO *bio, FILE *fp, int close_flag) - set 'FILE *' to use.
+-	BIO_get_fp(BIO *bio, FILE **fp) - get the 'FILE *' in use.
+-	BIO_read_filename(BIO *bio, char *name) - read from file.
+-	BIO_write_filename(BIO *bio, char *name) - write to file.
+-	BIO_append_filename(BIO *bio, char *name) - append to file.
+This BIO sits over the normal system fread()/fgets() type 
+functions. Gets() is supported.  This BIO in theory could be 
+used for read and write but it is best to think of each BIO 
+of this type as either a read or a write BIO, not both.
+
+BIO_METHOD *BIO_s_socket(void);
+BIO_METHOD *BIO_s_fd(void);
+-	BIO_sock_should_retry(int i) - the underlying function 
+	used to determine if a call should be retried; the 
+	argument is the '0' or '-1' returned by the previous BIO 
+	operation.
+-	BIO_fd_should_retry(int i) - same as the 
+-	BIO_sock_should_retry() except that it is different internally.
+-	BIO_set_fd(BIO *bio, int fd, int close_flag) - set the 
+	file descriptor to use
+-	BIO_get_fd(BIO *bio, int *fd) - get the file descriptor.
+These two methods are very similar.  Gets() is not 
+supported, if you want this functionality, put a 
+BIO_f_buffer() onto it.  This BIO is bi-directional if the 
+underlying file descriptor is.  This is normally the case 
+for sockets but not the case for stdio descriptors.
+
+BIO_METHOD *BIO_s_null(void);
+Read and write as much data as you like, it all disappears 
+into this BIO.
+
+BIO_METHOD *BIO_f_buffer(void);
+-	BIO_get_buffer_num_lines(BIO *bio) - return the number of 
+	complete lines in the buffer.
+-	BIO_set_buffer_size(BIO *bio, long size) - set the size of 
+	the buffers.
+This type performs input and output buffering.  It performs 
+both at the same time.  The size of the buffer can be set 
+via the set buffer size option.  Data buffered for output is 
+only written when the buffer fills.
+
+BIO_METHOD *BIO_f_ssl(void);
+-	BIO_set_ssl(BIO *bio, SSL *ssl, int close_flag) - the SSL 
+	structure to use.
+-	BIO_get_ssl(BIO *bio, SSL **ssl) - get the SSL structure 
+	in use.
+The SSL bio is a little different from normal BIOs because 
+the underlying SSL structure is a little different.  A SSL 
+structure performs IO via a read and write BIO.  These can 
+be different and are normally set via the
+SSL_set_rbio()/SSL_set_wbio() calls.  The SSL_set_fd() calls 
+are just wrappers that create socket BIOs and then call 
+SSL_set_bio() where the read and write BIOs are the same.  
+The BIO_push() operation makes the SSLs IO BIOs the same, so 
+make sure the BIO pushed is capable of two directional 
+traffic.  If it is not, you will have to install the BIOs 
+via the more conventional SSL_set_bio() call.  BIO_pop() will retrieve
+the 'SSL read' BIO.
+
+BIO_METHOD *BIO_f_md(void);
+-	BIO_set_md(BIO *bio, EVP_MD *md) - set the message digest 
+	to use.
+-	BIO_get_md(BIO *bio, EVP_MD **mdp) - return the digest 
+	method in use in mdp, return 0 if not set yet.
+-	BIO_reset() reinitializes the digest (EVP_DigestInit()) 
+	and passes the reset to the underlying BIOs.
+All data read or written via BIO_read() or BIO_write() to 
+this BIO will be added to the calculated digest.  This 
+implies that this BIO is only one directional.  If read and 
+write operations are performed, two separate BIO_f_md() BIOs 
+are reuqired to generate digests on both the input and the 
+output.  BIO_gets(BIO *bio, char *md, int size) will place the 
+generated digest into 'md' and return the number of bytes.  
+The EVP_MAX_MD_SIZE should probably be used to size the 'md' 
+array.  Reading the digest will also reset it.
+
+BIO_METHOD *BIO_f_cipher(void);
+-	BIO_reset() reinitializes the cipher.
+-	BIO_flush() should be called when the last bytes have been 
+	output to flush the final block of block ciphers.
+-	BIO_get_cipher_status(BIO *b), when called after the last 
+	read from a cipher BIO, returns non-zero if the data 
+	decrypted correctly, otherwise, 0.
+-	BIO_set_cipher(BIO *b, EVP_CIPHER *c, unsigned char *key, 
+	unsigned char *iv, int encrypt)   This function is used to 
+	setup a cipher BIO.  The length of key and iv are 
+	specified by the choice of EVP_CIPHER.  Encrypt is 1 to 
+	encrypt and 0 to decrypt.
+
+BIO_METHOD *BIO_f_base64(void);
+-	BIO_flush() should be called when the last bytes have been output.
+This BIO base64 encodes when writing and base64 decodes when 
+reading.  It will scan the input until a suitable begin line 
+is found.  After reading data, BIO_reset() will reset the 
+BIO to start scanning again.  Do not mix reading and writing 
+on the same base64 BIO.  It is meant as a single stream BIO.
+
+Directions	type
+both		BIO_s_mem()
+one/both	BIO_s_file()
+both		BIO_s_fd()
+both		BIO_s_socket() 
+both		BIO_s_null()
+both		BIO_f_buffer()
+one		BIO_f_md()  
+one		BIO_f_cipher()  
+one		BIO_f_base64()  
+both		BIO_f_ssl()
+
+It is easy to mix one and two directional BIOs, all one has 
+to do is to keep two separate BIO pointers for reading and 
+writing and be careful about usage of underlying BIOs.  The 
+SSL bio by it's very nature has to be two directional but 
+the BIO_push() command will push the one BIO into the SSL 
+BIO for both reading and writing.
+
+The best example program to look at is apps/enc.c and/or perhaps apps/dgst.c.
+
+
+==== blowfish.doc ========================================================
+
+The Blowfish library.
+
+Blowfish is a block cipher that operates on 64bit (8 byte) quantities.  It
+uses variable size key, but 128bit (16 byte) key would normally be considered
+good.  It can be used in all the modes that DES can be used.  This
+library implements the ecb, cbc, cfb64, ofb64 modes.
+
+Blowfish is quite a bit faster that DES, and much faster than IDEA or
+RC2.  It is one of the faster block ciphers.
+
+For all calls that have an 'input' and 'output' variables, they can be the
+same.
+
+This library requires the inclusion of 'blowfish.h'.
+
+All of the encryption functions take what is called an BF_KEY as an 
+argument.  An BF_KEY is an expanded form of the Blowfish key.
+For all modes of the Blowfish algorithm, the BF_KEY used for
+decryption is the same one that was used for encryption.
+
+The define BF_ENCRYPT is passed to specify encryption for the functions
+that require an encryption/decryption flag. BF_DECRYPT is passed to
+specify decryption.
+
+Please note that any of the encryption modes specified in my DES library
+could be used with Blowfish.  I have only implemented ecb, cbc, cfb64 and
+ofb64 for the following reasons.
+- ecb is the basic Blowfish encryption.
+- cbc is the normal 'chaining' form for block ciphers.
+- cfb64 can be used to encrypt single characters, therefore input and output
+  do not need to be a multiple of 8.
+- ofb64 is similar to cfb64 but is more like a stream cipher, not as
+  secure (not cipher feedback) but it does not have an encrypt/decrypt mode.
+- If you want triple Blowfish, thats 384 bits of key and you must be totally
+  obsessed with security.  Still, if you want it, it is simple enough to
+  copy the function from the DES library and change the des_encrypt to
+  BF_encrypt; an exercise left for the paranoid reader :-).
+
+The functions are as follows:
+
+void BF_set_key(
+BF_KEY *ks;
+int len;
+unsigned char *key;
+        BF_set_key converts an 'len' byte key into a BF_KEY.
+        A 'ks' is an expanded form of the 'key' which is used to
+        perform actual encryption.  It can be regenerated from the Blowfish key
+        so it only needs to be kept when encryption or decryption is about
+        to occur.  Don't save or pass around BF_KEY's since they
+        are CPU architecture dependent, 'key's are not.  Blowfish is an
+	interesting cipher in that it can be used with a variable length
+	key.  'len' is the length of 'key' to be used as the key.
+	A 'len' of 16 is recomended by me, but blowfish can use upto
+	72 bytes.  As a warning, blowfish has a very very slow set_key
+	function, it actually runs BF_encrypt 521 times.
+	
+void BF_encrypt(unsigned long *data, BF_KEY *key);
+void BF_decrypt(unsigned long *data, BF_KEY *key);
+	These are the Blowfish encryption function that gets called by just
+	about every other Blowfish routine in the library.  You should not
+	use this function except to implement 'modes' of Blowfish.
+	I say this because the
+	functions that call this routine do the conversion from 'char *' to
+	long, and this needs to be done to make sure 'non-aligned' memory
+	access do not occur.
+	Data is a pointer to 2 unsigned long's and key is the
+	BF_KEY to use. 
+
+void BF_ecb_encrypt(
+unsigned char *in,
+unsigned char *out,
+BF_KEY *key,
+int encrypt);
+	This is the basic Electronic Code Book form of Blowfish (in DES this
+	mode is called Electronic Code Book so I'm going to use the term
+	for blowfish as well.
+	Input is encrypted into output using the key represented by
+	key.  Depending on the encrypt, encryption or
+	decryption occurs.  Input is 8 bytes long and output is 8 bytes.
+	
+void BF_cbc_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+BF_KEY *ks,
+unsigned char *ivec,
+int encrypt);
+	This routine implements Blowfish in Cipher Block Chaining mode.
+	Input, which should be a multiple of 8 bytes is encrypted
+	(or decrypted) to output which will also be a multiple of 8 bytes.
+	The number of bytes is in length (and from what I've said above,
+	should be a multiple of 8).  If length is not a multiple of 8, bad 
+	things will probably happen.  ivec is the initialisation vector.
+	This function updates iv after each call so that it can be passed to
+	the next call to BF_cbc_encrypt().
+	
+void BF_cfb64_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+BF_KEY *schedule,
+unsigned char *ivec,
+int *num,
+int encrypt);
+	This is one of the more useful functions in this Blowfish library, it
+	implements CFB mode of Blowfish with 64bit feedback.
+	This allows you to encrypt an arbitrary number of bytes,
+	you do not require 8 byte padding.  Each call to this
+	routine will encrypt the input bytes to output and then update ivec
+	and num.  Num contains 'how far' we are though ivec.
+	'Encrypt' is used to indicate encryption or decryption.
+	CFB64 mode operates by using the cipher to generate a stream
+	of bytes which is used to encrypt the plain text.
+	The cipher text is then encrypted to generate the next 64 bits to
+	be xored (incrementally) with the next 64 bits of plain
+	text.  As can be seen from this, to encrypt or decrypt,
+	the same 'cipher stream' needs to be generated but the way the next
+	block of data is gathered for encryption is different for
+	encryption and decryption.
+	
+void BF_ofb64_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+BF_KEY *schedule,
+unsigned char *ivec,
+int *num);
+	This functions implements OFB mode of Blowfish with 64bit feedback.
+	This allows you to encrypt an arbitrary number of bytes,
+	you do not require 8 byte padding.  Each call to this
+	routine will encrypt the input bytes to output and then update ivec
+	and num.  Num contains 'how far' we are though ivec.
+	This is in effect a stream cipher, there is no encryption or
+	decryption mode.
+	
+For reading passwords, I suggest using des_read_pw_string() from my DES library.
+To generate a password from a text string, I suggest using MD5 (or MD2) to
+produce a 16 byte message digest that can then be passed directly to
+BF_set_key().
+
+=====
+For more information about the specific Blowfish modes in this library
+(ecb, cbc, cfb and ofb), read the section entitled 'Modes of DES' from the
+documentation on my DES library.  What is said about DES is directly
+applicable for Blowfish.
+
+
+==== bn.doc ========================================================
+
+The Big Number library.
+
+#include "bn.h" when using this library.
+
+This big number library was written for use in implementing the RSA and DH
+public key encryption algorithms.  As such, features such as negative
+numbers have not been extensively tested but they should work as expected.
+This library uses dynamic memory allocation for storing its data structures
+and so there are no limit on the size of the numbers manipulated by these
+routines but there is always the requirement to check return codes from
+functions just in case a memory allocation error has occurred.
+
+The basic object in this library is a BIGNUM.  It is used to hold a single
+large integer.  This type should be considered opaque and fields should not
+be modified or accessed directly.
+typedef struct bignum_st
+	{
+	int top;	/* Index of last used d. */
+	BN_ULONG *d;	/* Pointer to an array of 'BITS2' bit chunks. */
+	int max;	/* Size of the d array. */
+	int neg;
+	} BIGNUM;
+The big number is stored in a malloced array of BN_ULONG's.  A BN_ULONG can
+be either 16, 32 or 64 bits in size, depending on the 'number of  bits'
+specified in bn.h. 
+The 'd' field is this array.  'max' is the size of the 'd' array that has
+been allocated.  'top' is the 'last' entry being used, so for a value of 4,
+bn.d[0]=4 and bn.top=1.  'neg' is 1 if the number is negative.
+When a BIGNUM is '0', the 'd' field can be NULL and top == 0.
+
+Various routines in this library require the use of 'temporary' BIGNUM
+variables during their execution.  Due to the use of dynamic memory
+allocation to create BIGNUMs being rather expensive when used in
+conjunction with repeated subroutine calls, the BN_CTX structure is
+used.  This structure contains BN_CTX BIGNUMs.  BN_CTX
+is the maximum number of temporary BIGNUMs any publicly exported 
+function will use.
+
+#define BN_CTX	12
+typedef struct bignum_ctx
+	{
+	int tos;			/* top of stack */
+	BIGNUM *bn[BN_CTX];	/* The variables */
+	} BN_CTX;
+
+The functions that follow have been grouped according to function.  Most
+arithmetic functions return a result in the first argument, sometimes this
+first argument can also be an input parameter, sometimes it cannot.  These
+restrictions are documented.
+
+extern BIGNUM *BN_value_one;
+There is one variable defined by this library, a BIGNUM which contains the
+number 1.  This variable is useful for use in comparisons and assignment.
+
+Get Size functions.
+
+int BN_num_bits(BIGNUM *a);
+	This function returns the size of 'a' in bits.
+	
+int BN_num_bytes(BIGNUM *a);
+	This function (macro) returns the size of 'a' in bytes.
+	For conversion of BIGNUMs to byte streams, this is the number of
+	bytes the output string will occupy.  If the output byte
+	format specifies that the 'top' bit indicates if the number is
+	signed, so an extra '0' byte is required if the top bit on a
+	positive number is being written, it is upto the application to
+	make this adjustment.  Like I said at the start, I don't
+	really support negative numbers :-).
+
+Creation/Destruction routines.
+
+BIGNUM *BN_new();
+	Return a new BIGNUM object.  The number initially has a value of 0.  If
+	there is an error, NULL is returned.
+	
+void	BN_free(BIGNUM *a);
+	Free()s a BIGNUM.
+	
+void	BN_clear(BIGNUM *a);
+	Sets 'a' to a value of 0 and also zeros all unused allocated
+	memory.  This function is used to clear a variable of 'sensitive'
+	data that was held in it.
+	
+void	BN_clear_free(BIGNUM *a);
+	This function zeros the memory used by 'a' and then free()'s it.
+	This function should be used to BN_free() BIGNUMS that have held
+	sensitive numeric values like RSA private key values.  Both this
+	function and BN_clear tend to only be used by RSA and DH routines.
+
+BN_CTX *BN_CTX_new(void);
+	Returns a new BN_CTX.  NULL on error.
+	
+void	BN_CTX_free(BN_CTX *c);
+	Free a BN_CTX structure.  The BIGNUMs in 'c' are BN_clear_free()ed.
+	
+BIGNUM *bn_expand(BIGNUM *b, int bits);
+	This is an internal function that should not normally be used.  It
+	ensures that 'b' has enough room for a 'bits' bit number.  It is
+	mostly used by the various BIGNUM routines.  If there is an error,
+	NULL is returned. if not, 'b' is returned.
+	
+BIGNUM *BN_copy(BIGNUM *to, BIGNUM *from);
+	The 'from' is copied into 'to'.  NULL is returned if there is an
+	error, otherwise 'to' is returned.
+
+BIGNUM *BN_dup(BIGNUM *a);
+	A new BIGNUM is created and returned containing the value of 'a'.
+	NULL is returned on error.
+
+Comparison and Test Functions.
+
+int BN_is_zero(BIGNUM *a)
+	Return 1 if 'a' is zero, else 0.
+
+int BN_is_one(a)
+	Return 1 is 'a' is one, else 0.
+
+int BN_is_word(a,w)
+	Return 1 if 'a' == w, else 0.  'w' is a BN_ULONG.
+
+int BN_cmp(BIGNUM *a, BIGNUM *b);
+	Return -1 if 'a' is less than 'b', 0 if 'a' and 'b' are the same
+	and 1 is 'a' is greater than 'b'.  This is a signed comparison.
+	
+int BN_ucmp(BIGNUM *a, BIGNUM *b);
+	This function is the same as BN_cmp except that the comparison
+	ignores the sign of the numbers.
+	
+Arithmetic Functions
+For all of these functions, 0 is returned if there is an error and 1 is
+returned for success.  The return value should always be checked.  eg.
+if (!BN_add(r,a,b)) goto err;
+Unless explicitly mentioned, the 'return' value can be one of the
+'parameters' to the function.
+
+int BN_add(BIGNUM *r, BIGNUM *a, BIGNUM *b);
+	Add 'a' and 'b' and return the result in 'r'.  This is r=a+b.
+	
+int BN_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b);
+	Subtract 'a' from 'b' and put the result in 'r'. This is r=a-b.
+	
+int BN_lshift(BIGNUM *r, BIGNUM *a, int n);
+	Shift 'a' left by 'n' bits.  This is r=a*(2^n).
+	
+int BN_lshift1(BIGNUM *r, BIGNUM *a);
+	Shift 'a' left by 1 bit.  This form is more efficient than
+	BN_lshift(r,a,1).  This is r=a*2.
+	
+int BN_rshift(BIGNUM *r, BIGNUM *a, int n);
+	Shift 'a' right by 'n' bits.  This is r=int(a/(2^n)).
+	
+int BN_rshift1(BIGNUM *r, BIGNUM *a);
+	Shift 'a' right by 1 bit.  This form is more efficient than
+	BN_rshift(r,a,1).  This is r=int(a/2).
+	
+int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b);
+	Multiply a by b and return the result in 'r'. 'r' must not be
+	either 'a' or 'b'.  It has to be a different BIGNUM.
+	This is r=a*b.
+
+int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
+	Multiply a by a and return the result in 'r'. 'r' must not be
+	'a'.  This function is alot faster than BN_mul(r,a,a).  This is r=a*a.
+
+int BN_div(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BIGNUM *d, BN_CTX *ctx);
+	Divide 'm' by 'd' and return the result in 'dv' and the remainder
+	in 'rem'.  Either of 'dv' or 'rem' can be NULL in which case that
+	value is not returned.  'ctx' needs to be passed as a source of
+	temporary BIGNUM variables.
+	This is dv=int(m/d), rem=m%d.
+	
+int BN_mod(BIGNUM *rem, BIGNUM *m, BIGNUM *d, BN_CTX *ctx);
+	Find the remainder of 'm' divided by 'd' and return it in 'rem'.
+	'ctx' holds the temporary BIGNUMs required by this function.
+	This function is more efficient than BN_div(NULL,rem,m,d,ctx);
+	This is rem=m%d.
+
+int BN_mod_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *m,BN_CTX *ctx);
+	Multiply 'a' by 'b' and return the remainder when divided by 'm'.
+	'ctx' holds the temporary BIGNUMs required by this function.
+	This is r=(a*b)%m.
+
+int BN_mod_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,BN_CTX *ctx);
+	Raise 'a' to the 'p' power and return the remainder when divided by
+	'm'.  'ctx' holds the temporary BIGNUMs required by this function.
+	This is r=(a^p)%m.
+
+int BN_reciprocal(BIGNUM *r, BIGNUM *m, BN_CTX *ctx);
+	Return the reciprocal of 'm'.  'ctx' holds the temporary variables
+	required.  This function returns -1 on error, otherwise it returns
+	the number of bits 'r' is shifted left to make 'r' into an integer.
+	This number of bits shifted is required in BN_mod_mul_reciprocal().
+	This is r=(1/m)<<(BN_num_bits(m)+1).
+	
+int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *x, BIGNUM *y, BIGNUM *m, 
+	BIGNUM *i, int nb, BN_CTX *ctx);
+	This function is used to perform an efficient BN_mod_mul()
+	operation.  If one is going to repeatedly perform BN_mod_mul() with
+	the same modulus is worth calculating the reciprocal of the modulus
+	and then using this function.  This operation uses the fact that
+	a/b == a*r where r is the reciprocal of b.  On modern computers
+	multiplication is very fast and big number division is very slow.
+	'x' is multiplied by 'y' and then divided by 'm' and the remainder
+	is returned.  'i' is the reciprocal of 'm' and 'nb' is the number
+	of bits as returned from BN_reciprocal().  Normal usage is as follows.
+	bn=BN_reciprocal(i,m);
+	for (...)
+		{ BN_mod_mul_reciprocal(r,x,y,m,i,bn,ctx); }
+	This is r=(x*y)%m.  Internally it is approximately
+	r=(x*y)-m*(x*y/m) or r=(x*y)-m*((x*y*i) >> bn)
+	This function is used in BN_mod_exp() and BN_is_prime().
+
+Assignment Operations
+
+int BN_one(BIGNUM *a)
+	Set 'a' to hold the value one.
+	This is a=1.
+	
+int BN_zero(BIGNUM *a)
+	Set 'a' to hold the value zero.
+	This is a=0.
+	
+int BN_set_word(BIGNUM *a, unsigned long w);
+	Set 'a' to hold the value of 'w'.  'w' is an unsigned long.
+	This is a=w.
+
+unsigned long BN_get_word(BIGNUM *a);
+	Returns 'a' in an unsigned long.  Not remarkably, often 'a' will
+	be biger than a word, in which case 0xffffffffL is returned.
+
+Word Operations
+These functions are much more efficient that the normal bignum arithmetic
+operations.
+
+BN_ULONG BN_mod_word(BIGNUM *a, unsigned long w);
+	Return the remainder of 'a' divided by 'w'.
+	This is return(a%w).
+	
+int BN_add_word(BIGNUM *a, unsigned long w);
+	Add 'w' to 'a'.  This function does not take the sign of 'a' into
+	account.  This is a+=w;
+	
+Bit operations.
+
+int BN_is_bit_set(BIGNUM *a, int n);
+	This function return 1 if bit 'n' is set in 'a' else 0.
+
+int BN_set_bit(BIGNUM *a, int n);
+	This function sets bit 'n' to 1 in 'a'. 
+	This is a&= ~(1<<n);
+
+int BN_clear_bit(BIGNUM *a, int n);
+	This function sets bit 'n' to zero in 'a'.  Return 0 if less
+	than 'n' bits in 'a' else 1.  This is a&= ~(1<<n);
+
+int BN_mask_bits(BIGNUM *a, int n);
+	Truncate 'a' to n bits long.  This is a&= ~((~0)<<n)
+
+Format conversion routines.
+
+BIGNUM *BN_bin2bn(unsigned char *s, int len,BIGNUM *ret);
+	This function converts 'len' bytes in 's' into a BIGNUM which
+	is put in 'ret'.  If ret is NULL, a new BIGNUM is created.
+	Either this new BIGNUM or ret is returned.  The number is
+	assumed to be in bigendian form in 's'.  By this I mean that
+	to 'ret' is created as follows for 'len' == 5.
+	ret = s[0]*2^32 + s[1]*2^24 + s[2]*2^16 + s[3]*2^8 + s[4];
+	This function cannot be used to convert negative numbers.  It
+	is always assumed the number is positive.  The application
+	needs to diddle the 'neg' field of th BIGNUM its self.
+	The better solution would be to save the numbers in ASN.1 format
+	since this is a defined standard for storing big numbers.
+	Look at the functions
+
+	ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai);
+	BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai,BIGNUM *bn);
+	int i2d_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);
+	ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,
+		long length;
+
+int BN_bn2bin(BIGNUM *a, unsigned char *to);
+	This function converts 'a' to a byte string which is put into
+	'to'.  The representation is big-endian in that the most
+	significant byte of 'a' is put into to[0].  This function
+	returns the number of bytes used to hold 'a'.  BN_num_bytes(a)
+	would return the same value and can be used to determine how
+	large 'to' needs to be.  If the number is negative, this
+	information is lost.  Since this library was written to
+	manipulate large positive integers, the inability to save and
+	restore them is not considered to be a problem by me :-).
+	As for BN_bin2bn(), look at the ASN.1 integer encoding funtions
+	for SSLeay.  They use BN_bin2bn() and BN_bn2bin() internally.
+	
+char *BN_bn2ascii(BIGNUM *a);
+	This function returns a malloc()ed string that contains the
+	ascii hexadecimal encoding of 'a'.  The number is in bigendian
+	format with a '-' in front if the number is negative.
+
+int BN_ascii2bn(BIGNUM **bn, char *a);
+	The inverse of BN_bn2ascii.  The function returns the number of
+	characters from 'a' were processed in generating a the bignum.
+	error is inticated by 0 being returned.  The number is a
+	hex digit string, optionally with a leading '-'.  If *bn
+	is null, a BIGNUM is created and returned via that variable.
+	
+int BN_print_fp(FILE *fp, BIGNUM *a);
+	'a' is printed to file pointer 'fp'.  It is in the same format
+	that is output from BN_bn2ascii().  0 is returned on error,
+	1 if things are ok.
+
+int BN_print(BIO *bp, BIGNUM *a);
+	Same as BN_print except that the output is done to the SSLeay libraries
+	BIO routines.  BN_print_fp() actually calls this function.
+
+Miscellaneous Routines.
+
+int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
+	This function returns in 'rnd' a random BIGNUM that is bits
+	long.  If bottom is 1, the number returned is odd.  If top is set,
+	the top 2 bits of the number are set.  This is useful because if
+	this is set, 2 'n; bit numbers multiplied together will return a 2n
+	bit number.  If top was not set, they could produce a 2n-1 bit
+	number.
+
+BIGNUM *BN_mod_inverse(BIGNUM *a, BIGNUM *n,BN_CTX *ctx);
+	This function create a new BIGNUM and returns it.  This number
+	is the inverse mod 'n' of 'a'.  By this it is meant that the
+	returned value 'r' satisfies (a*r)%n == 1.  This function is
+	used in the generation of RSA keys.  'ctx', as per usual,
+	is used to hold temporary variables that are required by the
+	function.  NULL is returned on error.
+
+int BN_gcd(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_CTX *ctx);
+	'r' has the greatest common divisor of 'a' and 'b'.  'ctx' is
+	used for temporary variables and 0 is returned on error.
+
+int BN_is_prime(BIGNUM *p,int nchecks,void (*callback)(),BN_CTX *ctx,
+	char *cb_arg);
+	This function is used to check if a BIGNUM ('p') is prime.
+	It performs this test by using the Miller-Rabin randomised
+	primality test.  This is a probalistic test that requires a
+	number of rounds to ensure the number is prime to a high
+	degree of probability.  Since this can take quite some time, a
+	callback function can be passed and it will be called each
+	time 'p' passes a round of the prime testing.  'callback' will
+	be called as follows, callback(1,n,cb_arg) where n is the number of
+	the round, just passed.  As per usual 'ctx' contains temporary
+	variables used.  If ctx is NULL, it does not matter, a local version
+	will be malloced.  This parameter is present to save some mallocing
+	inside the function but probably could be removed.
+	0 is returned on error.
+	'ncheck' is the number of Miller-Rabin tests to run.  It is
+	suggested to use the value 'BN_prime_checks' by default.
+
+BIGNUM *BN_generate_prime(
+int bits,
+int strong,
+BIGNUM *a,
+BIGNUM *rems,
+void (*callback)());
+char *cb_arg
+	This function is used to generate prime numbers.  It returns a
+	new BIGNUM that has a high probability of being a prime.
+	'bits' is the number of bits that
+	are to be in the prime.  If 'strong' is true, the returned prime
+	will also be a strong prime ((p-1)/2 is also prime).
+	While searching for the prime ('p'), we
+	can add the requirement that the prime fill the following
+	condition p%a == rem.  This can be used to help search for
+	primes with specific features, which is required when looking
+	for primes suitable for use with certain 'g' values in the
+	Diffie-Hellman key exchange algorithm.  If 'a' is NULL,
+	this condition is not checked.  If rem is NULL, rem is assumed
+	to be 1.  Since this search for a prime
+	can take quite some time, if callback is not NULL, it is called
+	in the following situations.
+	We have a suspected prime (from a quick sieve),
+	callback(0,sus_prime++,cb_arg). Each item to be passed to BN_is_prime().
+	callback(1,round++,cb_arg).  Each successful 'round' in BN_is_prime().
+	callback(2,round,cb_arg). For each successful BN_is_prime() test.
+
+Hints
+-----
+
+DSA wants 64*32 to use word mont mul, but RSA wants to use full.
+
+==== callback.doc ========================================================
+
+Callback functions used in SSLeay.
+
+--------------------------
+The BIO library.  
+
+Each BIO structure can have a callback defined against it.  This callback is
+called 2 times for each BIO 'function'.  It is passed 6 parameters.
+BIO_debug_callback() is an example callback which is defined in
+crypto/buffer/bio_cb.c and is used in apps/dgst.c  This is intended mostly
+for debuging or to notify the application of IO.
+
+long BIO_debug_callback(BIO *bio,int cmd,char *argp,int argi,long argl,
+	long ret);
+bio is the BIO being called, cmd is the type of BIO function being called.
+Look at the BIO_CB_* defines in buffer.h.  Argp and argi are the arguments
+passed to BIO_read(), BIO_write, BIO_gets(), BIO_puts().  In the case of
+BIO_ctrl(), argl is also defined.  The first time the callback is called,
+before the underlying function has been executed, 0 is passed as 'ret', and
+if the return code from the callback is not > 0, the call is aborted
+and the returned <= 0 value is returned.
+The second time the callback is called, the 'cmd' value also has
+BIO_CB_RETURN logically 'or'ed with it.  The 'ret' value is the value returned
+from the actuall function call and whatever the callback returns is returned
+from the BIO function.
+
+BIO_set_callback(b,cb) can be used to set the callback function
+(b is a BIO), and BIO_set_callback_arg(b,arg) can be used to
+set the cb_arg argument in the BIO strucutre.  This field is only intended
+to be used by application, primarily in the callback function since it is
+accessable since the BIO is passed.
+
+--------------------------
+The PEM library.
+
+The pem library only really uses one type of callback,
+static int def_callback(char *buf, int num, int verify);
+which is used to return a password string if required.
+'buf' is the buffer to put the string in.  'num' is the size of 'buf'
+and 'verify' is used to indicate that the password should be checked.
+This last flag is mostly used when reading a password for encryption.
+
+For all of these functions, a NULL callback will call the above mentioned
+default callback.  This default function does not work under Windows 3.1.
+For other machines, it will use an application defined prompt string
+(EVP_set_pw_prompt(), which defines a library wide prompt string)
+if defined, otherwise it will use it's own PEM password prompt.
+It will then call EVP_read_pw_string() to get a password from the console.
+If your application wishes to use nice fancy windows to retrieve passwords,
+replace this function.  The callback should return the number of bytes read
+into 'buf'.  If the number of bytes <= 0, it is considered an error.
+
+Functions that take this callback are listed below.  For the 'read' type
+functions, the callback will only be required if the PEM data is encrypted.
+
+For the Write functions, normally a password can be passed in 'kstr', of
+'klen' bytes which will be used if the 'enc' cipher is not NULL.  If
+'kstr' is NULL, the callback will be used to retrieve a password.
+
+int PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len,
+	int (*callback)());
+char *PEM_ASN1_read_bio(char *(*d2i)(),char *name,BIO *bp,char **x,int (*cb)());
+char *PEM_ASN1_read(char *(*d2i)(),char *name,FILE *fp,char **x,int (*cb)());
+int PEM_ASN1_write_bio(int (*i2d)(),char *name,BIO *bp,char *x,
+	EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)());
+int PEM_ASN1_write(int (*i2d)(),char *name,FILE *fp,char *x,
+	EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)());
+STACK *PEM_X509_INFO_read(FILE *fp, STACK *sk, int (*cb)());
+STACK *PEM_X509_INFO_read_bio(BIO *fp, STACK *sk, int (*cb)());
+
+#define	PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb)
+#define	PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb)
+#define	PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb)
+#define	PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb)
+#define	PEM_read_SSL_SESSION(fp,x,cb)
+#define	PEM_read_X509(fp,x,cb)
+#define	PEM_read_X509_REQ(fp,x,cb)
+#define	PEM_read_X509_CRL(fp,x,cb)
+#define	PEM_read_RSAPrivateKey(fp,x,cb)
+#define	PEM_read_DSAPrivateKey(fp,x,cb)
+#define	PEM_read_PrivateKey(fp,x,cb)
+#define	PEM_read_PKCS7(fp,x,cb)
+#define	PEM_read_DHparams(fp,x,cb)
+#define	PEM_read_bio_SSL_SESSION(bp,x,cb)
+#define	PEM_read_bio_X509(bp,x,cb)
+#define	PEM_read_bio_X509_REQ(bp,x,cb)
+#define	PEM_read_bio_X509_CRL(bp,x,cb)
+#define	PEM_read_bio_RSAPrivateKey(bp,x,cb)
+#define	PEM_read_bio_DSAPrivateKey(bp,x,cb)
+#define	PEM_read_bio_PrivateKey(bp,x,cb)
+#define	PEM_read_bio_PKCS7(bp,x,cb)
+#define	PEM_read_bio_DHparams(bp,x,cb)
+int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)());
+RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)());
+
+Now you will notice that macros like
+#define PEM_write_X509(fp,x) \
+                PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \
+		                        (char *)x, NULL,NULL,0,NULL)
+Don't do encryption normally.  If you want to PEM encrypt your X509 structure,
+either just call PEM_ASN1_write directly or just define you own
+macro variant.  As you can see, this macro just sets all encryption related
+parameters to NULL.
+
+
+--------------------------
+The SSL library.
+
+#define SSL_set_info_callback(ssl,cb)
+#define SSL_CTX_set_info_callback(ctx,cb)
+void callback(SSL *ssl,int location,int ret)
+This callback is called each time around the SSL_connect()/SSL_accept() 
+state machine.  So it will be called each time the SSL protocol progresses.
+It is mostly present for use when debugging.  When SSL_connect() or
+SSL_accept() return, the location flag is SSL_CB_ACCEPT_EXIT or
+SSL_CB_CONNECT_EXIT and 'ret' is the value about to be returned.
+Have a look at the SSL_CB_* defines in ssl.h.  If an info callback is defined
+against the SSL_CTX, it is called unless there is one set against the SSL.
+Have a look at
+void client_info_callback() in apps/s_client() for an example.
+
+Certificate verification.
+void SSL_set_verify(SSL *s, int mode, int (*callback) ());
+void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*callback)());
+This callback is used to help verify client and server X509 certificates.
+It is actually passed to X509_cert_verify(), along with the SSL structure
+so you have to read about X509_cert_verify() :-).  The SSL_CTX version is used
+if the SSL version is not defined.  X509_cert_verify() is the function used
+by the SSL part of the library to verify certificates.  This function is
+nearly always defined by the application.
+
+void SSL_CTX_set_cert_verify_cb(SSL_CTX *ctx, int (*cb)(),char *arg);
+int callback(char *arg,SSL *s,X509 *xs,STACK *cert_chain);
+This call is used to replace the SSLeay certificate verification code.
+The 'arg' is kept in the SSL_CTX and is passed to the callback.
+If the callback returns 0, the certificate is rejected, otherwise it
+is accepted.  The callback is replacing the X509_cert_verify() call.
+This feature is not often used, but if you wished to implement
+some totally different certificate authentication system, this 'hook' is
+vital.
+
+SSLeay keeps a cache of session-ids against each SSL_CTX.  These callbacks can
+be used to notify the application when a SSL_SESSION is added to the cache
+or to retrieve a SSL_SESSION that is not in the cache from the application.
+#define SSL_CTX_sess_set_get_cb(ctx,cb)
+SSL_SESSION *callback(SSL *s,char *session_id,int session_id_len,int *copy);
+If defined, this callback is called to return the SESSION_ID for the
+session-id in 'session_id', of 'session_id_len' bytes.  'copy' is set to 1
+if the server is to 'take a copy' of the SSL_SESSION structure.  It is 0
+if the SSL_SESSION is being 'passed in' so the SSLeay library is now
+responsible for 'free()ing' the structure.  Basically it is used to indicate
+if the reference count on the SSL_SESSION structure needs to be incremented.
+
+#define SSL_CTX_sess_set_new_cb(ctx,cb)
+int callback(SSL *s, SSL_SESSION *sess);
+When a new connection is established, if the SSL_SESSION is going to be added
+to the cache, this callback is called.  Return 1 if a 'copy' is required,
+otherwise, return 0.  This return value just causes the reference count
+to be incremented (on return of a 1), this means the application does
+not need to worry about incrementing the refernece count (and the
+locking that implies in a multi-threaded application).
+
+void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx,int (*cb)());
+This sets the SSL password reading function.
+It is mostly used for windowing applications
+and used by PEM_read_bio_X509() and PEM_read_bio_RSAPrivateKey()
+calls inside the SSL library.   The only reason this is present is because the
+calls to PEM_* functions is hidden in the SSLeay library so you have to
+pass in the callback some how.
+
+#define SSL_CTX_set_client_cert_cb(ctx,cb)
+int callback(SSL *s,X509 **x509, EVP_PKEY **pkey);
+Called when a client certificate is requested but there is not one set
+against the SSL_CTX or the SSL.  If the callback returns 1, x509 and
+pkey need to point to valid data.  The library will free these when
+required so if the application wants to keep these around, increment
+their reference counts.  If 0 is returned, no client cert is
+available.  If -1 is returned, it is assumed that the callback needs
+to be called again at a later point in time.  SSL_connect will return
+-1 and SSL_want_x509_lookup(ssl) returns true.  Remember that
+application data can be attached to an SSL structure via the
+SSL_set_app_data(SSL *ssl,char *data) call.
+
+--------------------------
+The X509 library.
+
+int X509_cert_verify(CERTIFICATE_CTX *ctx,X509 *xs, int (*cb)(),
+	int *error,char *arg,STACK *cert_chain);
+int verify_callback(int ok,X509 *xs,X509 *xi,int depth,int error,char *arg,
+	STACK *cert_chain);
+
+X509_cert_verify() is used to authenticate X509 certificates.  The 'ctx' holds
+the details of the various caches and files used to locate certificates.
+'xs' is the certificate to verify and 'cb' is the application callback (more
+detail later).  'error' will be set to the error code and 'arg' is passed
+to the 'cb' callback.  Look at the VERIFY_* defines in crypto/x509/x509.h
+
+When ever X509_cert_verify() makes a 'negative' decision about a
+certitificate, the callback is called.  If everything checks out, the
+callback is called with 'VERIFY_OK' or 'VERIFY_ROOT_OK' (for a self
+signed cert that is not the passed certificate).
+
+The callback is passed the X509_cert_verify opinion of the certificate 
+in 'ok', the certificate in 'xs', the issuer certificate in 'xi',
+the 'depth' of the certificate in the verification 'chain', the
+VERIFY_* code in 'error' and the argument passed to X509_cert_verify()
+in 'arg'. cert_chain is a list of extra certs to use if they are not
+in the cache.
+
+The callback can be used to look at the error reason, and then return 0
+for an 'error' or '1' for ok.  This will override the X509_cert_verify()
+opinion of the certificates validity.  Processing will continue depending on
+the return value.  If one just wishes to use the callback for informational
+reason, just return the 'ok' parameter.
+
+--------------------------
+The BN and DH library.
+
+BIGNUM *BN_generate_prime(int bits,int strong,BIGNUM *add,
+	BIGNUM *rem,void (*callback)(int,int));
+int BN_is_prime(BIGNUM *p,int nchecks,void (*callback)(int,int),
+
+Read doc/bn.doc for the description of these 2.
+
+DH *DH_generate_parameters(int prime_len,int generator,
+	void (*callback)(int,int));
+Read doc/bn.doc for the description of the callback, since it is just passed
+to BN_generate_prime(), except that it is also called as
+callback(3,0) by this function.
+
+--------------------------
+The CRYPTO library.
+
+void CRYPTO_set_locking_callback(void (*func)(int mode,int type,char *file,
+	int line));
+void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,
+	int type,char *file, int line));
+void CRYPTO_set_id_callback(unsigned long (*func)(void));
+
+Read threads.doc for info on these ones.
+
+
+==== cipher.doc ========================================================
+
+The Cipher subroutines.
+
+These routines require "evp.h" to be included.
+
+These functions are a higher level interface to the various cipher
+routines found in this library.  As such, they allow the same code to be
+used to encrypt and decrypt via different ciphers with only a change
+in an initial parameter.  These routines also provide buffering for block
+ciphers.
+
+These routines all take a pointer to the following structure to specify
+which cipher to use.  If you wish to use a new cipher with these routines,
+you would probably be best off looking an how an existing cipher is
+implemented and copying it.  At this point in time, I'm not going to go
+into many details.  This structure should be considered opaque
+
+typedef struct pem_cipher_st
+	{
+	int type;
+	int block_size;
+	int key_len;
+	int iv_len;
+	void (*enc_init)();	/* init for encryption */
+	void (*dec_init)();	/* init for decryption */
+	void (*do_cipher)();	/* encrypt data */
+	} EVP_CIPHER;
+	
+The type field is the object NID of the cipher type
+(read the section on Objects for an explanation of what a NID is).
+The cipher block_size is how many bytes need to be passed
+to the cipher at a time.  Key_len is the
+length of the key the cipher requires and iv_len is the length of the
+initialisation vector required.  enc_init is the function
+called to initialise the ciphers context for encryption and dec_init is the
+function to initialise for decryption (they need to be different, especially
+for the IDEA cipher).
+
+One reason for specifying the Cipher via a pointer to a structure
+is that if you only use des-cbc, only the des-cbc routines will
+be included when you link the program.  If you passed an integer
+that specified which cipher to use, the routine that mapped that
+integer to a set of cipher functions would cause all the ciphers
+to be link into the code.  This setup also allows new ciphers
+to be added by the application (with some restrictions).
+
+The thirteen ciphers currently defined in this library are
+
+EVP_CIPHER *EVP_des_ecb();     /* DES in ecb mode,     iv=0, block=8, key= 8 */
+EVP_CIPHER *EVP_des_ede();     /* DES in ecb ede mode, iv=0, block=8, key=16 */
+EVP_CIPHER *EVP_des_ede3();    /* DES in ecb ede mode, iv=0, block=8, key=24 */
+EVP_CIPHER *EVP_des_cfb();     /* DES in cfb mode,     iv=8, block=1, key= 8 */
+EVP_CIPHER *EVP_des_ede_cfb(); /* DES in ede cfb mode, iv=8, block=1, key=16 */
+EVP_CIPHER *EVP_des_ede3_cfb();/* DES in ede cfb mode, iv=8, block=1, key=24 */
+EVP_CIPHER *EVP_des_ofb();     /* DES in ofb mode,     iv=8, block=1, key= 8 */
+EVP_CIPHER *EVP_des_ede_ofb(); /* DES in ede ofb mode, iv=8, block=1, key=16 */
+EVP_CIPHER *EVP_des_ede3_ofb();/* DES in ede ofb mode, iv=8, block=1, key=24 */
+EVP_CIPHER *EVP_des_cbc();     /* DES in cbc mode,     iv=8, block=8, key= 8 */
+EVP_CIPHER *EVP_des_ede_cbc(); /* DES in cbc ede mode, iv=8, block=8, key=16 */
+EVP_CIPHER *EVP_des_ede3_cbc();/* DES in cbc ede mode, iv=8, block=8, key=24 */
+EVP_CIPHER *EVP_desx_cbc();    /* DES in desx cbc mode,iv=8, block=8, key=24 */
+EVP_CIPHER *EVP_rc4();         /* RC4,                 iv=0, block=1, key=16 */
+EVP_CIPHER *EVP_idea_ecb();    /* IDEA in ecb mode,    iv=0, block=8, key=16 */
+EVP_CIPHER *EVP_idea_cfb();    /* IDEA in cfb mode,    iv=8, block=1, key=16 */
+EVP_CIPHER *EVP_idea_ofb();    /* IDEA in ofb mode,    iv=8, block=1, key=16 */
+EVP_CIPHER *EVP_idea_cbc();    /* IDEA in cbc mode,    iv=8, block=8, key=16 */
+EVP_CIPHER *EVP_rc2_ecb();     /* RC2 in ecb mode,     iv=0, block=8, key=16 */
+EVP_CIPHER *EVP_rc2_cfb();     /* RC2 in cfb mode,     iv=8, block=1, key=16 */
+EVP_CIPHER *EVP_rc2_ofb();     /* RC2 in ofb mode,     iv=8, block=1, key=16 */
+EVP_CIPHER *EVP_rc2_cbc();     /* RC2 in cbc mode,     iv=8, block=8, key=16 */
+EVP_CIPHER *EVP_bf_ecb();      /* Blowfish in ecb mode,iv=0, block=8, key=16 */
+EVP_CIPHER *EVP_bf_cfb();      /* Blowfish in cfb mode,iv=8, block=1, key=16 */
+EVP_CIPHER *EVP_bf_ofb();      /* Blowfish in ofb mode,iv=8, block=1, key=16 */
+EVP_CIPHER *EVP_bf_cbc();      /* Blowfish in cbc mode,iv=8, block=8, key=16 */
+
+The meaning of the compound names is as follows.
+des	The base cipher is DES.
+idea	The base cipher is IDEA
+rc4	The base cipher is RC4-128
+rc2	The base cipher is RC2-128
+ecb	Electronic Code Book form of the cipher.
+cbc	Cipher Block Chaining form of the cipher.
+cfb	64 bit Cipher Feedback form of the cipher.
+ofb	64 bit Output Feedback form of the cipher.
+ede	The cipher is used in Encrypt, Decrypt, Encrypt mode.  The first
+	and last keys are the same.
+ede3	The cipher is used in Encrypt, Decrypt, Encrypt mode.
+
+All the Cipher routines take a EVP_CIPHER_CTX pointer as an argument.
+The state of the cipher is kept in this structure.
+
+typedef struct EVP_CIPHER_Ctx_st
+	{
+	EVP_CIPHER *cipher;
+	int encrypt;		/* encrypt or decrypt */
+	int buf_len;		/* number we have left */
+	unsigned char buf[8];
+	union	{
+		.... /* cipher specific stuff */
+		} c;
+	} EVP_CIPHER_CTX;
+
+Cipher is a pointer the the EVP_CIPHER for the current context.  The encrypt
+flag indicates encryption or decryption.  buf_len is the number of bytes
+currently being held in buf.
+The 'c' union holds the cipher specify context.
+
+The following functions are to be used.
+
+int EVP_read_pw_string(
+char *buf,
+int len,
+char *prompt,
+int verify,
+	This function is the same as des_read_pw_string() (des.doc).
+
+void EVP_set_pw_prompt(char *prompt);
+	This function sets the 'default' prompt to use to use in
+	EVP_read_pw_string when the prompt parameter is NULL.  If the
+	prompt parameter is NULL, this 'default prompt' feature is turned
+	off.  Be warned, this is a global variable so weird things
+	will happen if it is used under Win16 and care must be taken
+	with a multi-threaded version of the library.
+
+char *EVP_get_pw_prompt();
+	This returns a pointer to the default prompt string.  NULL
+	if it is not set.
+
+int EVP_BytesToKey(
+EVP_CIPHER *type,
+EVP_MD *md,
+unsigned char *salt,
+unsigned char *data,
+int datal,
+int count,
+unsigned char *key,
+unsigned char *iv);
+	This function is used to generate a key and an initialisation vector
+	for a specified cipher from a key string and a salt.  Type
+	specifies the cipher the 'key' is being generated for.  Md is the
+	message digest algorithm to use to generate the key and iv.  The salt
+	is an optional 8 byte object that is used to help seed the key
+	generator.
+	If the salt value is NULL, it is just not used.  Datal is the
+	number of bytes to use from 'data' in the key generation.  
+	This function returns the key size for the specified cipher, if
+	data is NULL, this value is returns and no other
+	computation is performed.  Count is
+	the number of times to loop around the key generator.  I would
+	suggest leaving it's value as 1.  Key and iv are the structures to
+	place the returning iv and key in.  If they are NULL, no value is
+	generated for that particular value.
+	The algorithm used is as follows
+	
+	/* M[] is an array of message digests
+	 * MD() is the message digest function */
+	M[0]=MD(data . salt);
+	for (i=1; i<count; i++) M[0]=MD(M[0]);
+
+	i=1
+	while (data still needed for key and iv)
+		{
+		M[i]=MD(M[i-1] . data . salt);
+		for (i=1; i<count; i++) M[i]=MD(M[i]);
+		i++;
+		}
+
+	If the salt is NULL, it is not used.
+	The digests are concatenated together.
+	M = M[0] . M[1] . M[2] .......
+
+	For key= 8, iv=8 => key=M[0.. 8], iv=M[ 9 .. 16].
+	For key=16, iv=0 => key=M[0..16].
+	For key=16, iv=8 => key=M[0..16], iv=M[17 .. 24].
+	For key=24, iv=8 => key=M[0..24], iv=M[25 .. 32].
+
+	This routine will produce DES-CBC keys and iv that are compatible
+	with the PKCS-5 standard when md2 or md5 are used.  If md5 is
+	used, the salt is NULL and count is 1, this routine will produce
+	the password to key mapping normally used with RC4.
+	I have attempted to logically extend the PKCS-5 standard to
+	generate keys and iv for ciphers that require more than 16 bytes,
+	if anyone knows what the correct standard is, please inform me.
+	When using sha or sha1, things are a bit different under this scheme,
+	since sha produces a 20 byte digest.  So for ciphers requiring
+	24 bits of data, 20 will come from the first MD and 4 will
+	come from the second.
+
+	I have considered having a separate function so this 'routine'
+	can be used without the requirement of passing a EVP_CIPHER *,
+	but I have decided to not bother.  If you wish to use the
+	function without official EVP_CIPHER structures, just declare
+	a local one and set the key_len and iv_len fields to the
+	length you desire.
+
+The following routines perform encryption and decryption 'by parts'.  By
+this I mean that there are groups of 3 routines.  An Init function that is
+used to specify a cipher and initialise data structures.  An Update routine
+that does encryption/decryption, one 'chunk' at a time.  And finally a
+'Final' function that finishes the encryption/decryption process.
+All these functions take a EVP_CIPHER pointer to specify which cipher to
+encrypt/decrypt with.  They also take a EVP_CIPHER_CTX object as an
+argument.  This structure is used to hold the state information associated
+with the operation in progress.
+
+void EVP_EncryptInit(
+EVP_CIPHER_CTX *ctx,
+EVP_CIPHER *type,
+unsigned char *key,
+unsigned char *iv);
+	This function initialise a EVP_CIPHER_CTX for encryption using the
+	cipher passed in the 'type' field.  The cipher is initialised to use
+	'key' as the key and 'iv' for the initialisation vector (if one is
+	required).  If the type, key or iv is NULL, the value currently in the
+	EVP_CIPHER_CTX is reused.  So to perform several decrypt
+	using the same cipher, key and iv, initialise with the cipher,
+	key and iv the first time and then for subsequent calls,
+	reuse 'ctx' but pass NULL for type, key and iv.  You must make sure
+	to pass a key that is large enough for a particular cipher.  I
+	would suggest using the EVP_BytesToKey() function.
+
+void EVP_EncryptUpdate(
+EVP_CIPHER_CTX *ctx,
+unsigned char *out,
+int *outl,
+unsigned char *in,
+int inl);
+	This function takes 'inl' bytes from 'in' and outputs bytes
+	encrypted by the cipher 'ctx' was initialised with into 'out'.  The
+	number of bytes written to 'out' is put into outl.  If a particular
+	cipher encrypts in blocks, less or more bytes than input may be
+	output.  Currently the largest block size used by supported ciphers
+	is 8 bytes, so 'out' should have room for 'inl+7' bytes.  Normally
+	EVP_EncryptInit() is called once, followed by lots and lots of
+	calls to EVP_EncryptUpdate, followed by a single EVP_EncryptFinal
+	call.
+
+void EVP_EncryptFinal(
+EVP_CIPHER_CTX *ctx,
+unsigned char *out,
+int *outl);
+	Because quite a large number of ciphers are block ciphers, there is
+	often an incomplete block to write out at the end of the
+	encryption.  EVP_EncryptFinal() performs processing on this last
+	block.  The last block in encoded in such a way that it is possible
+	to determine how many bytes in the last block are valid.  For 8 byte
+	block size ciphers, if only 5 bytes in the last block are valid, the
+	last three bytes will be filled with the value 3.  If only 2 were
+	valid, the other 6 would be filled with sixes.  If all 8 bytes are
+	valid, a extra 8 bytes are appended to the cipher stream containing
+	nothing but 8 eights.  These last bytes are output into 'out' and
+	the number of bytes written is put into 'outl'  These last bytes
+	are output into 'out' and the number of bytes written is put into
+	'outl'.  This form of block cipher finalisation is compatible with
+	PKCS-5.  Please remember that even if you are using ciphers like
+	RC4 that has no blocking and so the function will not write
+	anything into 'out', it would still be a good idea to pass a
+	variable for 'out' that can hold 8 bytes just in case the cipher is
+	changed some time in the future.  It should also be remembered
+	that the EVP_CIPHER_CTX contains the password and so when one has
+	finished encryption with a particular EVP_CIPHER_CTX, it is good
+	practice to zero the structure 
+	(ie. memset(ctx,0,sizeof(EVP_CIPHER_CTX)).
+	
+void EVP_DecryptInit(
+EVP_CIPHER_CTX *ctx,
+EVP_CIPHER *type,
+unsigned char *key,
+unsigned char *iv);
+	This function is basically the same as EVP_EncryptInit() accept that
+	is prepares the EVP_CIPHER_CTX for decryption.
+
+void EVP_DecryptUpdate(
+EVP_CIPHER_CTX *ctx,
+unsigned char *out,
+int *outl,
+unsigned char *in,
+int inl);
+	This function is basically the same as EVP_EncryptUpdate()
+	except that it performs decryption.  There is one
+	fundamental difference though.  'out' can not be the same as
+	'in' for any ciphers with a block size greater than 1 if more
+	than one call to EVP_DecryptUpdate() will be made.  This
+	is because this routine can hold a 'partial' block between
+	calls.  When a partial block is decrypted (due to more bytes
+	being passed via this function, they will be written to 'out'
+	overwriting the input bytes in 'in' that have not been read
+	yet.  From this it should also be noted that 'out' should
+	be at least one 'block size' larger than 'inl'.  This problem
+	only occurs on the second and subsequent call to
+	EVP_DecryptUpdate() when using a block cipher.
+
+int EVP_DecryptFinal(
+EVP_CIPHER_CTX *ctx,
+unsigned char *out,
+int *outl);
+	This function is different to EVP_EncryptFinal in that it 'removes'
+	any padding bytes appended when the data was encrypted.  Due to the
+	way in which 1 to 8 bytes may have been appended when encryption
+	using a block cipher, 'out' can end up with 0 to 7 bytes being put
+	into it.  When decoding the padding bytes, it is possible to detect
+	an incorrect decryption.  If the decryption appears to be wrong, 0
+	is returned.  If everything seems ok, 1 is returned.  For ciphers
+	with a block size of 1 (RC4), this function would normally not
+	return any bytes and would always return 1.  Just because this
+	function returns 1 does not mean the decryption was correct. It
+	would normally be wrong due to either the wrong key/iv or
+	corruption of the cipher data fed to EVP_DecryptUpdate().
+	As for EVP_EncryptFinal, it is a good idea to zero the
+	EVP_CIPHER_CTX after use since the structure contains the key used
+	to decrypt the data.
+	
+The following Cipher routines are convenience routines that call either
+EVP_EncryptXxx or EVP_DecryptXxx depending on weather the EVP_CIPHER_CTX
+was setup to encrypt or decrypt.  
+
+void EVP_CipherInit(
+EVP_CIPHER_CTX *ctx,
+EVP_CIPHER *type,
+unsigned char *key,
+unsigned char *iv,
+int enc);
+	This function take arguments that are the same as EVP_EncryptInit()
+	and EVP_DecryptInit() except for the extra 'enc' flag.  If 1, the
+	EVP_CIPHER_CTX is setup for encryption, if 0, decryption.
+
+void EVP_CipherUpdate(
+EVP_CIPHER_CTX *ctx,
+unsigned char *out,
+int *outl,
+unsigned char *in,
+int inl);
+	Again this function calls either EVP_EncryptUpdate() or
+	EVP_DecryptUpdate() depending on state in the 'ctx' structure.
+	As noted for EVP_DecryptUpdate(), when this routine is used
+	for decryption with block ciphers, 'out' should not be the
+	same as 'in'.
+
+int EVP_CipherFinal(
+EVP_CIPHER_CTX *ctx,
+unsigned char *outm,
+int *outl);
+	This routine call EVP_EncryptFinal() or EVP_DecryptFinal()
+	depending on the state information in 'ctx'.  1 is always returned
+	if the mode is encryption, otherwise the return value is the return
+	value of EVP_DecryptFinal().
+
+==== cipher.m ========================================================
+
+Date: Tue, 15 Oct 1996 08:16:14 +1000 (EST)
+From: Eric Young <eay@mincom.com>
+X-Sender: eay@orb
+To: Roland Haring <rharing@tandem.cl>
+Cc: ssl-users@mincom.com
+Subject: Re: Symmetric encryption with ssleay
+In-Reply-To: <m0vBpyq-00001aC@tandemnet.tandem.cl>
+Message-Id: <Pine.SOL.3.91.961015075623.11394A-100000@orb>
+Mime-Version: 1.0
+Content-Type: TEXT/PLAIN; charset=US-ASCII
+Sender: ssl-lists-owner@mincom.com
+Precedence: bulk
+Status: RO
+X-Status: 
+
+On Fri, 11 Oct 1996, Roland Haring wrote:
+> THE_POINT:
+> 	Would somebody be so kind to give me the minimum basic 
+> 	calls I need to do to libcrypto.a to get some text encrypted
+> 	and decrypted again? ...hopefully with code included to do
+> 	base64 encryption and decryption ... e.g. that sign-it.c code
+> 	posted some while ago was a big help :-) (please, do not point
+> 	me to apps/enc.c where I suspect my Heissenbug to be hidden :-)
+
+Ok, the base64 encoding stuff in 'enc.c' does the wrong thing sometimes 
+when the data is less than a line long (this is for decoding).  I'll dig 
+up the exact fix today and post it.  I am taking longer on 0.6.5 than I 
+intended so I'll just post this patch.
+
+The documentation to read is in
+doc/cipher.doc,
+doc/encode.doc (very sparse :-).
+and perhaps
+doc/digest.doc,
+
+The basic calls to encrypt with say triple DES are
+
+Given
+char key[EVP_MAX_KEY_LENGTH];
+char iv[EVP_MAX_IV_LENGTH];
+EVP_CIPHER_CTX ctx;
+unsigned char out[512+8];
+int outl;
+
+/* optional generation of key/iv data from text password using md5
+ * via an upward compatable verson of PKCS#5. */
+EVP_BytesToKey(EVP_des_ede3_cbc,EVP_md5,NULL,passwd,strlen(passwd),
+	key,iv);
+
+/* Initalise the EVP_CIPHER_CTX */
+EVP_EncryptInit(ctx,EVP_des_ede3_cbc,key,iv);
+
+while (....)
+	{
+	/* This is processing 512 bytes at a time, the bytes are being
+	 * copied into 'out', outl bytes are output.  'out' should not be the
+	 * same as 'in' for reasons mentioned in the documentation. */
+	EVP_EncryptUpdate(ctx,out,&outl,in,512);
+	}
+
+/* Output the last 'block'.  If the cipher is a block cipher, the last
+ * block is encoded in such a way so that a wrong decryption will normally be
+ * detected - again, one of the PKCS standards. */
+
+EVP_EncryptFinal(ctx,out,&outl);
+
+To decrypt, use the EVP_DecryptXXXXX functions except that EVP_DecryptFinal()
+will return 0 if the decryption fails (only detectable on block ciphers).
+
+You can also use
+EVP_CipherInit()
+EVP_CipherUpdate()
+EVP_CipherFinal()
+which does either encryption or decryption depending on an extra 
+parameter to EVP_CipherInit().
+
+
+To do the base64 encoding,
+EVP_EncodeInit()
+EVP_EncodeUpdate()
+EVP_EncodeFinal()
+
+EVP_DecodeInit()
+EVP_DecodeUpdate()
+EVP_DecodeFinal()
+
+where the encoding is quite simple, but the decoding can be a bit more 
+fun (due to dud input).
+
+EVP_DecodeUpdate() returns -1 for an error on an input line, 0 if the 
+'last line' was just processed, and 1 if more lines should be submitted.
+
+EVP_DecodeFinal() returns -1 for an error or 1 if things are ok.
+
+So the loop becomes
+EVP_DecodeInit(....)
+for (;;)
+	{
+	i=EVP_DecodeUpdate(....);
+	if (i < 0) goto err;
+
+	/* process the data */
+
+	if (i == 0) break;
+	}
+EVP_DecodeFinal(....);
+/* process the data */
+
+The problem in 'enc.c' is that I was stuff the processing up after the 
+EVP_DecodeFinal(...) when the for(..) loop was not being run (one line of 
+base64 data) and this was because 'enc.c' tries to scan over a file until
+it hits the first valid base64 encoded line.
+
+hope this helps a bit.
+eric
+--
+Eric Young                  | BOOL is tri-state according to Bill Gates.
+AARNet: eay@mincom.oz.au    | RTFM Win32 GetMessage().
+
+==== conf.doc ========================================================
+
+The CONF library.
+
+The CONF library is a simple set of routines that can be used to configure
+programs.  It is a superset of the genenv() function with some extra
+structure.
+
+The library consists of 5 functions.
+
+LHASH *CONF_load(LHASH *config,char *file);
+This function is called to load in a configuration file.  Multiple
+configuration files can be loaded, with each subsequent 'load' overwriting
+any already defined 'variables'.  If there is an error, NULL is returned.
+If config is NULL, a new LHASH structure is created and returned, otherwise
+the new data in the 'file' is loaded into the 'config' structure.
+
+void CONF_free(LHASH *config);
+This function free()s the data in config.
+
+char *CONF_get_string(LHASH *config,char *section,char *name);
+This function returns the string found in 'config' that corresponds to the
+'section' and 'name' specified.  Classes and the naming system used will be
+discussed later in this document.  If the variable is not defined, an NULL
+is returned.
+
+long CONF_get_long(LHASH *config,char *section, char *name);
+This function is the same as CONF_get_string() except that it converts the
+string to an long and returns it.  If variable is not a number or the
+variable does not exist, 0 is returned.  This is a little problematic but I
+don't know of a simple way around it.
+
+STACK *CONF_get_section(LHASH *config, char *section);
+This function returns a 'stack' of CONF_VALUE items that are all the
+items defined in a particular section.  DO NOT free() any of the
+variable returned.  They will disappear when CONF_free() is called.
+
+The 'lookup' model.
+The configuration file is divided into 'sections'.  Each section is started by
+a line of the form '[ section ]'.  All subsequent variable definitions are
+of this section.  A variable definition is a simple alpha-numeric name
+followed by an '=' and then the data.  A section or variable name can be
+described by a regular expression of the following form '[A-Za-z0-9_]+'.
+The value of the variable is the text after the '=' until the end of the
+line, stripped of leading and trailing white space.
+At this point I should mention that a '#' is a comment character, \ is the
+escape character, and all three types of quote can be used to stop any
+special interpretation of the data.
+Now when the data is being loaded, variable expansion can occur.  This is
+done by expanding any $NAME sequences into the value represented by the
+variable NAME.  If the variable is not in the current section, the different
+section can be specified by using the $SECTION::NAME form.  The ${NAME} form
+also works and is very useful for expanding variables inside strings.
+
+When a variable is looked up, there are 2 special section. 'default', which
+is the initial section, and 'ENV' which is the processes environment
+variables (accessed via getenv()).  When a variable is looked up, it is
+first 'matched' with it's section (if one was specified), if this fails, the
+'default' section is matched.
+If the 'lhash' variable passed was NULL, the environment is searched.
+
+Now why do we bother with sections?  So we can have multiple programs using
+the same configuration file, or multiple instances of the same program
+using different variables.  It also provides a nice mechanism to override
+the processes environment variables (eg ENV::HOME=/tmp).  If there is a
+program specific variable missing, we can have default values.
+Multiple configuration files can be loaded, with each new value clearing
+any predefined values.  A system config file can provide 'default' values,
+and application/usr specific files can provide overriding values.
+
+Examples
+
+# This is a simple example
+SSLEAY_HOME	= /usr/local/ssl
+ENV::PATH	= $SSLEAY_HOME/bin:$PATH	# override my path
+
+[X509]
+cert_dir	= $SSLEAY_HOME/certs	# /usr/local/ssl/certs
+
+[SSL]
+CIPHER		= DES-EDE-MD5:RC4-MD5
+USER_CERT	= $HOME/${USER}di'r 5'	# /home/eay/eaydir 5
+USER_CERT	= $HOME/\${USER}di\'r	# /home/eay/${USER}di'r
+USER_CERT	= "$HOME/${US"ER}di\'r	# $HOME/${USER}di'r
+
+TEST		= 1234\
+5678\
+9ab					# TEST=123456789ab
+TTT		= 1234\n\n		# TTT=1234<nl><nl>
+
+
+
+==== des.doc ========================================================
+
+The DES library.
+
+Please note that this library was originally written to operate with
+eBones, a version of Kerberos that had had encryption removed when it left
+the USA and then put back in.  As such there are some routines that I will
+advise not using but they are still in the library for historical reasons.
+For all calls that have an 'input' and 'output' variables, they can be the
+same.
+
+This library requires the inclusion of 'des.h'.
+
+All of the encryption functions take what is called a des_key_schedule as an 
+argument.  A des_key_schedule is an expanded form of the des key.
+A des_key is 8 bytes of odd parity, the type used to hold the key is a
+des_cblock.  A des_cblock is an array of 8 bytes, often in this library
+description I will refer to input bytes when the function specifies
+des_cblock's as input or output, this just means that the variable should
+be a multiple of 8 bytes.
+
+The define DES_ENCRYPT is passed to specify encryption, DES_DECRYPT to
+specify decryption.  The functions and global variable are as follows:
+
+int des_check_key;
+	DES keys are supposed to be odd parity.  If this variable is set to
+	a non-zero value, des_set_key() will check that the key has odd
+	parity and is not one of the known weak DES keys.  By default this
+	variable is turned off;
+	
+void des_set_odd_parity(
+des_cblock *key );
+	This function takes a DES key (8 bytes) and sets the parity to odd.
+	
+int des_is_weak_key(
+des_cblock *key );
+	This function returns a non-zero value if the DES key passed is a
+	weak, DES key.  If it is a weak key, don't use it, try a different
+	one.  If you are using 'random' keys, the chances of hitting a weak
+	key are 1/2^52 so it is probably not worth checking for them.
+	
+int des_set_key(
+des_cblock *key,
+des_key_schedule schedule);
+	Des_set_key converts an 8 byte DES key into a des_key_schedule.
+	A des_key_schedule is an expanded form of the key which is used to
+	perform actual encryption.  It can be regenerated from the DES key
+	so it only needs to be kept when encryption or decryption is about
+	to occur.  Don't save or pass around des_key_schedule's since they
+	are CPU architecture dependent, DES keys are not.  If des_check_key
+	is non zero, zero is returned if the key has the wrong parity or
+	the key is a weak key, else 1 is returned.
+	
+int des_key_sched(
+des_cblock *key,
+des_key_schedule schedule);
+	An alternative name for des_set_key().
+
+int des_rw_mode;		/* defaults to DES_PCBC_MODE */
+	This flag holds either DES_CBC_MODE or DES_PCBC_MODE (default).
+	This specifies the function to use in the enc_read() and enc_write()
+	functions.
+
+void des_encrypt(
+unsigned long *data,
+des_key_schedule ks,
+int enc);
+	This is the DES encryption function that gets called by just about
+	every other DES routine in the library.  You should not use this
+	function except to implement 'modes' of DES.  I say this because the
+	functions that call this routine do the conversion from 'char *' to
+	long, and this needs to be done to make sure 'non-aligned' memory
+	access do not occur.  The characters are loaded 'little endian',
+	have a look at my source code for more details on how I use this
+	function.
+	Data is a pointer to 2 unsigned long's and ks is the
+	des_key_schedule to use.  enc, is non zero specifies encryption,
+	zero if decryption.
+
+void des_encrypt2(
+unsigned long *data,
+des_key_schedule ks,
+int enc);
+	This functions is the same as des_encrypt() except that the DES
+	initial permutation (IP) and final permutation (FP) have been left
+	out.  As for des_encrypt(), you should not use this function.
+	It is used by the routines in my library that implement triple DES.
+	IP() des_encrypt2() des_encrypt2() des_encrypt2() FP() is the same
+	as des_encrypt() des_encrypt() des_encrypt() except faster :-).
+
+void des_ecb_encrypt(
+des_cblock *input,
+des_cblock *output,
+des_key_schedule ks,
+int enc);
+	This is the basic Electronic Code Book form of DES, the most basic
+	form.  Input is encrypted into output using the key represented by
+	ks.  If enc is non zero (DES_ENCRYPT), encryption occurs, otherwise
+	decryption occurs.  Input is 8 bytes long and output is 8 bytes.
+	(the des_cblock structure is 8 chars).
+	
+void des_ecb3_encrypt(
+des_cblock *input,
+des_cblock *output,
+des_key_schedule ks1,
+des_key_schedule ks2,
+des_key_schedule ks3,
+int enc);
+	This is the 3 key EDE mode of ECB DES.  What this means is that 
+	the 8 bytes of input is encrypted with ks1, decrypted with ks2 and
+	then encrypted again with ks3, before being put into output;
+	C=E(ks3,D(ks2,E(ks1,M))).  There is a macro, des_ecb2_encrypt()
+	that only takes 2 des_key_schedules that implements,
+	C=E(ks1,D(ks2,E(ks1,M))) in that the final encrypt is done with ks1.
+	
+void des_cbc_encrypt(
+des_cblock *input,
+des_cblock *output,
+long length,
+des_key_schedule ks,
+des_cblock *ivec,
+int enc);
+	This routine implements DES in Cipher Block Chaining mode.
+	Input, which should be a multiple of 8 bytes is encrypted
+	(or decrypted) to output which will also be a multiple of 8 bytes.
+	The number of bytes is in length (and from what I've said above,
+	should be a multiple of 8).  If length is not a multiple of 8, I'm
+	not being held responsible :-).  ivec is the initialisation vector.
+	This function does not modify this variable.  To correctly implement
+	cbc mode, you need to do one of 2 things; copy the last 8 bytes of
+	cipher text for use as the next ivec in your application,
+	or use des_ncbc_encrypt(). 
+	Only this routine has this problem with updating the ivec, all
+	other routines that are implementing cbc mode update ivec.
+	
+void des_ncbc_encrypt(
+des_cblock *input,
+des_cblock *output,
+long length,
+des_key_schedule sk,
+des_cblock *ivec,
+int enc);
+	For historical reasons, des_cbc_encrypt() did not update the
+	ivec with the value requires so that subsequent calls to
+	des_cbc_encrypt() would 'chain'.  This was needed so that the same
+	'length' values would not need to be used when decrypting.
+	des_ncbc_encrypt() does the right thing.  It is the same as
+	des_cbc_encrypt accept that ivec is updates with the correct value
+	to pass in subsequent calls to des_ncbc_encrypt().  I advise using
+	des_ncbc_encrypt() instead of des_cbc_encrypt();
+
+void des_xcbc_encrypt(
+des_cblock *input,
+des_cblock *output,
+long length,
+des_key_schedule sk,
+des_cblock *ivec,
+des_cblock *inw,
+des_cblock *outw,
+int enc);
+	This is RSA's DESX mode of DES.  It uses inw and outw to
+	'whiten' the encryption.  inw and outw are secret (unlike the iv)
+	and are as such, part of the key.  So the key is sort of 24 bytes.
+	This is much better than cbc des.
+	
+void des_3cbc_encrypt(
+des_cblock *input,
+des_cblock *output,
+long length,
+des_key_schedule sk1,
+des_key_schedule sk2,
+des_cblock *ivec1,
+des_cblock *ivec2,
+int enc);
+	This function is flawed, do not use it.  I have left it in the
+	library because it is used in my des(1) program and will function
+	correctly when used by des(1).  If I removed the function, people
+	could end up unable to decrypt files.
+	This routine implements outer triple cbc encryption using 2 ks and
+	2 ivec's.  Use des_ede2_cbc_encrypt() instead.
+	
+void des_ede3_cbc_encrypt(
+des_cblock *input,
+des_cblock *output, 
+long length,
+des_key_schedule ks1,
+des_key_schedule ks2, 
+des_key_schedule ks3, 
+des_cblock *ivec,
+int enc);
+	This function implements outer triple CBC DES encryption with 3
+	keys.  What this means is that each 'DES' operation
+	inside the cbc mode is really an C=E(ks3,D(ks2,E(ks1,M))).
+	Again, this is cbc mode so an ivec is requires.
+	This mode is used by SSL.
+	There is also a des_ede2_cbc_encrypt() that only uses 2
+	des_key_schedule's, the first being reused for the final
+	encryption.  C=E(ks1,D(ks2,E(ks1,M))).  This form of triple DES
+	is used by the RSAref library.
+	
+void des_pcbc_encrypt(
+des_cblock *input,
+des_cblock *output,
+long length,
+des_key_schedule ks,
+des_cblock *ivec,
+int enc);
+	This is Propagating Cipher Block Chaining mode of DES.  It is used
+	by Kerberos v4.  It's parameters are the same as des_ncbc_encrypt().
+	
+void des_cfb_encrypt(
+unsigned char *in,
+unsigned char *out,
+int numbits,
+long length,
+des_key_schedule ks,
+des_cblock *ivec,
+int enc);
+	Cipher Feedback Back mode of DES.  This implementation 'feeds back'
+	in numbit blocks.  The input (and output) is in multiples of numbits
+	bits.  numbits should to be a multiple of 8 bits.  Length is the
+	number of bytes input.  If numbits is not a multiple of 8 bits,
+	the extra bits in the bytes will be considered padding.  So if
+	numbits is 12, for each 2 input bytes, the 4 high bits of the
+	second byte will be ignored.  So to encode 72 bits when using
+	a numbits of 12 take 12 bytes.  To encode 72 bits when using
+	numbits of 9 will take 16 bytes.  To encode 80 bits when using
+	numbits of 16 will take 10 bytes. etc, etc.  This padding will
+	apply to both input and output.
+
+	
+void des_cfb64_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+des_key_schedule ks,
+des_cblock *ivec,
+int *num,
+int enc);
+	This is one of the more useful functions in this DES library, it
+	implements CFB mode of DES with 64bit feedback.  Why is this
+	useful you ask?  Because this routine will allow you to encrypt an
+	arbitrary number of bytes, no 8 byte padding.  Each call to this
+	routine will encrypt the input bytes to output and then update ivec
+	and num.  num contains 'how far' we are though ivec.  If this does
+	not make much sense, read more about cfb mode of DES :-).
+	
+void des_ede3_cfb64_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+des_key_schedule ks1,
+des_key_schedule ks2,
+des_key_schedule ks3,
+des_cblock *ivec,
+int *num,
+int enc);
+	Same as des_cfb64_encrypt() accept that the DES operation is
+	triple DES.  As usual, there is a macro for
+	des_ede2_cfb64_encrypt() which reuses ks1.
+
+void des_ofb_encrypt(
+unsigned char *in,
+unsigned char *out,
+int numbits,
+long length,
+des_key_schedule ks,
+des_cblock *ivec);
+	This is a implementation of Output Feed Back mode of DES.  It is
+	the same as des_cfb_encrypt() in that numbits is the size of the
+	units dealt with during input and output (in bits).
+	
+void des_ofb64_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+des_key_schedule ks,
+des_cblock *ivec,
+int *num);
+	The same as des_cfb64_encrypt() except that it is Output Feed Back
+	mode.
+
+void des_ede3_ofb64_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+des_key_schedule ks1,
+des_key_schedule ks2,
+des_key_schedule ks3,
+des_cblock *ivec,
+int *num);
+	Same as des_ofb64_encrypt() accept that the DES operation is
+	triple DES.  As usual, there is a macro for
+	des_ede2_ofb64_encrypt() which reuses ks1.
+
+int des_read_pw_string(
+char *buf,
+int length,
+char *prompt,
+int verify);
+	This routine is used to get a password from the terminal with echo
+	turned off.  Buf is where the string will end up and length is the
+	size of buf.  Prompt is a string presented to the 'user' and if
+	verify is set, the key is asked for twice and unless the 2 copies
+	match, an error is returned.  A return code of -1 indicates a
+	system error, 1 failure due to use interaction, and 0 is success.
+
+unsigned long des_cbc_cksum(
+des_cblock *input,
+des_cblock *output,
+long length,
+des_key_schedule ks,
+des_cblock *ivec);
+	This function produces an 8 byte checksum from input that it puts in
+	output and returns the last 4 bytes as a long.  The checksum is
+	generated via cbc mode of DES in which only the last 8 byes are
+	kept.  I would recommend not using this function but instead using
+	the EVP_Digest routines, or at least using MD5 or SHA.  This
+	function is used by Kerberos v4 so that is why it stays in the
+	library.
+	
+char *des_fcrypt(
+const char *buf,
+const char *salt
+char *ret);
+	This is my fast version of the unix crypt(3) function.  This version
+	takes only a small amount of space relative to other fast
+	crypt() implementations.  This is different to the normal crypt
+	in that the third parameter is the buffer that the return value
+	is written into.  It needs to be at least 14 bytes long.  This
+	function is thread safe, unlike the normal crypt.
+
+char *crypt(
+const char *buf,
+const char *salt);
+	This function calls des_fcrypt() with a static array passed as the
+	third parameter.  This emulates the normal non-thread safe semantics
+	of crypt(3).
+
+void des_string_to_key(
+char *str,
+des_cblock *key);
+	This function takes str and converts it into a DES key.  I would
+	recommend using MD5 instead and use the first 8 bytes of output.
+	When I wrote the first version of these routines back in 1990, MD5
+	did not exist but I feel these routines are still sound.  This
+	routines is compatible with the one in MIT's libdes.
+	
+void des_string_to_2keys(
+char *str,
+des_cblock *key1,
+des_cblock *key2);
+	This function takes str and converts it into 2 DES keys.
+	I would recommend using MD5 and using the 16 bytes as the 2 keys.
+	I have nothing against these 2 'string_to_key' routines, it's just
+	that if you say that your encryption key is generated by using the
+	16 bytes of an MD5 hash, every-one knows how you generated your
+	keys.
+
+int des_read_password(
+des_cblock *key,
+char *prompt,
+int verify);
+	This routine combines des_read_pw_string() with des_string_to_key().
+
+int des_read_2passwords(
+des_cblock *key1,
+des_cblock *key2,
+char *prompt,
+int verify);
+	This routine combines des_read_pw_string() with des_string_to_2key().
+
+void des_random_seed(
+des_cblock key);
+	This routine sets a starting point for des_random_key().
+	
+void des_random_key(
+des_cblock ret);
+	This function return a random key.  Make sure to 'seed' the random
+	number generator (with des_random_seed()) before using this function.
+	I personally now use a MD5 based random number system.
+
+int des_enc_read(
+int fd,
+char *buf,
+int len,
+des_key_schedule ks,
+des_cblock *iv);
+	This function will write to a file descriptor the encrypted data
+	from buf.  This data will be preceded by a 4 byte 'byte count' and
+	will be padded out to 8 bytes.  The encryption is either CBC of
+	PCBC depending on the value of des_rw_mode.  If it is DES_PCBC_MODE,
+	pcbc is used, if DES_CBC_MODE, cbc is used.  The default is to use
+	DES_PCBC_MODE.
+
+int des_enc_write(
+int fd,
+char *buf,
+int len,
+des_key_schedule ks,
+des_cblock *iv);
+	This routines read stuff written by des_enc_read() and decrypts it.
+	I have used these routines quite a lot but I don't believe they are
+	suitable for non-blocking io.  If you are after a full
+	authentication/encryption over networks, have a look at SSL instead.
+
+unsigned long des_quad_cksum(
+des_cblock *input,
+des_cblock *output,
+long length,
+int out_count,
+des_cblock *seed);
+	This is a function from Kerberos v4 that is not anything to do with
+	DES but was needed.  It is a cksum that is quicker to generate than
+	des_cbc_cksum();  I personally would use MD5 routines now.
+=====
+Modes of DES
+Quite a bit of the following information has been taken from
+	AS 2805.5.2
+	Australian Standard
+	Electronic funds transfer - Requirements for interfaces,
+	Part 5.2: Modes of operation for an n-bit block cipher algorithm
+	Appendix A
+
+There are several different modes in which DES can be used, they are
+as follows.
+
+Electronic Codebook Mode (ECB) (des_ecb_encrypt())
+- 64 bits are enciphered at a time.
+- The order of the blocks can be rearranged without detection.
+- The same plaintext block always produces the same ciphertext block
+  (for the same key) making it vulnerable to a 'dictionary attack'.
+- An error will only affect one ciphertext block.
+
+Cipher Block Chaining Mode (CBC) (des_cbc_encrypt())
+- a multiple of 64 bits are enciphered at a time.
+- The CBC mode produces the same ciphertext whenever the same
+  plaintext is encrypted using the same key and starting variable.
+- The chaining operation makes the ciphertext blocks dependent on the
+  current and all preceding plaintext blocks and therefore blocks can not
+  be rearranged.
+- The use of different starting variables prevents the same plaintext
+  enciphering to the same ciphertext.
+- An error will affect the current and the following ciphertext blocks.
+
+Cipher Feedback Mode (CFB) (des_cfb_encrypt())
+- a number of bits (j) <= 64 are enciphered at a time.
+- The CFB mode produces the same ciphertext whenever the same
+  plaintext is encrypted using the same key and starting variable.
+- The chaining operation makes the ciphertext variables dependent on the
+  current and all preceding variables and therefore j-bit variables are
+  chained together and can not be rearranged.
+- The use of different starting variables prevents the same plaintext
+  enciphering to the same ciphertext.
+- The strength of the CFB mode depends on the size of k (maximal if
+  j == k).  In my implementation this is always the case.
+- Selection of a small value for j will require more cycles through
+  the encipherment algorithm per unit of plaintext and thus cause
+  greater processing overheads.
+- Only multiples of j bits can be enciphered.
+- An error will affect the current and the following ciphertext variables.
+
+Output Feedback Mode (OFB) (des_ofb_encrypt())
+- a number of bits (j) <= 64 are enciphered at a time.
+- The OFB mode produces the same ciphertext whenever the same
+  plaintext enciphered using the same key and starting variable.  More
+  over, in the OFB mode the same key stream is produced when the same
+  key and start variable are used.  Consequently, for security reasons
+  a specific start variable should be used only once for a given key.
+- The absence of chaining makes the OFB more vulnerable to specific attacks.
+- The use of different start variables values prevents the same
+  plaintext enciphering to the same ciphertext, by producing different
+  key streams.
+- Selection of a small value for j will require more cycles through
+  the encipherment algorithm per unit of plaintext and thus cause
+  greater processing overheads.
+- Only multiples of j bits can be enciphered.
+- OFB mode of operation does not extend ciphertext errors in the
+  resultant plaintext output.  Every bit error in the ciphertext causes
+  only one bit to be in error in the deciphered plaintext.
+- OFB mode is not self-synchronising.  If the two operation of
+  encipherment and decipherment get out of synchronism, the system needs
+  to be re-initialised.
+- Each re-initialisation should use a value of the start variable
+ different from the start variable values used before with the same
+ key.  The reason for this is that an identical bit stream would be
+ produced each time from the same parameters.  This would be
+ susceptible to a ' known plaintext' attack.
+
+Triple ECB Mode (des_ecb3_encrypt())
+- Encrypt with key1, decrypt with key2 and encrypt with key3 again.
+- As for ECB encryption but increases the key length to 168 bits.
+  There are theoretic attacks that can be used that make the effective
+  key length 112 bits, but this attack also requires 2^56 blocks of
+  memory, not very likely, even for the NSA.
+- If both keys are the same it is equivalent to encrypting once with
+  just one key.
+- If the first and last key are the same, the key length is 112 bits.
+  There are attacks that could reduce the key space to 55 bit's but it
+  requires 2^56 blocks of memory.
+- If all 3 keys are the same, this is effectively the same as normal
+  ecb mode.
+
+Triple CBC Mode (des_ede3_cbc_encrypt())
+- Encrypt with key1, decrypt with key2 and then encrypt with key3.
+- As for CBC encryption but increases the key length to 168 bits with
+  the same restrictions as for triple ecb mode.
+
+==== digest.doc ========================================================
+
+
+The Message Digest subroutines.
+
+These routines require "evp.h" to be included.
+
+These functions are a higher level interface to the various message digest
+routines found in this library.  As such, they allow the same code to be
+used to digest via different algorithms with only a change in an initial
+parameter.  They are basically just a front-end to the MD2, MD5, SHA
+and SHA1
+routines.
+
+These routines all take a pointer to the following structure to specify
+which message digest algorithm to use.
+typedef struct evp_md_st
+	{
+	int type;
+	int pkey_type;
+	int md_size;
+	void (*init)();
+	void (*update)();
+	void (*final)();
+
+	int required_pkey_type; /*EVP_PKEY_xxx */
+	int (*sign)();
+	int (*verify)();
+	} EVP_MD;
+
+If additional message digest algorithms are to be supported, a structure of
+this type needs to be declared and populated and then the Digest routines
+can be used with that algorithm.  The type field is the object NID of the
+digest type (read the section on Objects for an explanation).  The pkey_type
+is the Object type to use when the a message digest is generated by there
+routines and then is to be signed with the pkey algorithm.  Md_size is
+the size of the message digest returned.  Init, update
+and final are the relevant functions to perform the message digest function
+by parts.  One reason for specifying the message digest to use via this
+mechanism is that if you only use md5, only the md5 routines will
+be included in you linked program.  If you passed an integer
+that specified which message digest to use, the routine that mapped that
+integer to a set of message digest functions would cause all the message
+digests functions to be link into the code.  This setup also allows new
+message digest functions to be added by the application.
+
+The six message digests defined in this library are
+
+EVP_MD *EVP_md2(void);	/* RSA sign/verify */
+EVP_MD *EVP_md5(void);	/* RSA sign/verify */
+EVP_MD *EVP_sha(void);	/* RSA sign/verify */
+EVP_MD *EVP_sha1(void);	/* RSA sign/verify */
+EVP_MD *EVP_dss(void);	/* DSA sign/verify */
+EVP_MD *EVP_dss1(void);	/* DSA sign/verify */
+
+All the message digest routines take a EVP_MD_CTX pointer as an argument.
+The state of the message digest is kept in this structure.
+
+typedef struct pem_md_ctx_st
+	{
+	EVP_MD *digest;
+	union	{
+		unsigned char base[4]; /* this is used in my library as a
+					* 'pointer' to all union elements
+					* structures. */
+		MD2_CTX md2;
+		MD5_CTX md5;
+		SHA_CTX sha;
+		} md;
+	} EVP_MD_CTX;
+
+The Digest functions are as follows.
+
+void EVP_DigestInit(
+EVP_MD_CTX *ctx,
+EVP_MD *type);
+	This function is used to initialise the EVP_MD_CTX.  The message
+	digest that will associated with 'ctx' is specified by 'type'.
+
+void EVP_DigestUpdate(
+EVP_MD_CTX *ctx,
+unsigned char *data,
+unsigned int cnt);
+	This function is used to pass more data to the message digest
+	function.  'cnt' bytes are digested from 'data'.
+
+void EVP_DigestFinal(
+EVP_MD_CTX *ctx,
+unsigned char *md,
+unsigned int *len);
+	This function finishes the digestion and puts the message digest
+	into 'md'.  The length of the message digest is put into len;
+	EVP_MAX_MD_SIZE is the size of the largest message digest that
+	can be returned from this function.  Len can be NULL if the
+	size of the digest is not required.
+	
+
+==== encode.doc ========================================================
+
+
+void    EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
+void    EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,
+		int *outl,unsigned char *in,int inl);
+void    EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl);
+int     EVP_EncodeBlock(unsigned char *t, unsigned char *f, int n);
+
+void    EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
+int     EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl,
+		unsigned char *in, int inl);
+int     EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned
+		char *out, int *outl);
+int     EVP_DecodeBlock(unsigned char *t, unsigned
+		char *f, int n);
+
+
+==== envelope.doc ========================================================
+
+The following routines are use to create 'digital' envelopes.
+By this I mean that they perform various 'higher' level cryptographic
+functions.  Have a read of 'cipher.doc' and 'digest.doc' since those
+routines are used by these functions.
+cipher.doc contains documentation about the cipher part of the
+envelope library and digest.doc contatins the description of the
+message digests supported.
+
+To 'sign' a document involves generating a message digest and then encrypting
+the digest with an private key.
+
+#define EVP_SignInit(a,b)		EVP_DigestInit(a,b)
+#define EVP_SignUpdate(a,b,c)		EVP_DigestUpdate(a,b,c)
+Due to the fact this operation is basically just an extended message
+digest, the first 2 functions are macro calls to Digest generating
+functions.
+
+int     EVP_SignFinal(
+EVP_MD_CTX *ctx,
+unsigned char *md,
+unsigned int *s,
+EVP_PKEY *pkey);
+	This finalisation function finishes the generation of the message
+digest and then encrypts the digest (with the correct message digest 
+object identifier) with the EVP_PKEY private key.  'ctx' is the message digest
+context.  'md' will end up containing the encrypted message digest.  This
+array needs to be EVP_PKEY_size(pkey) bytes long.  's' will actually
+contain the exact length.  'pkey' of course is the private key.  It is
+one of EVP_PKEY_RSA or EVP_PKEY_DSA type.
+If there is an error, 0 is returned, otherwise 1.
+		
+Verify is used to check an signed message digest.
+
+#define EVP_VerifyInit(a,b)		EVP_DigestInit(a,b)
+#define EVP_VerifyUpdate(a,b,c)		EVP_DigestUpdate(a,b,c)
+Since the first step is to generate a message digest, the first 2 functions
+are macros.
+
+int EVP_VerifyFinal(
+EVP_MD_CTX *ctx,
+unsigned char *md,
+unsigned int s,
+EVP_PKEY *pkey);
+	This function finishes the generation of the message digest and then
+compares it with the supplied encrypted message digest.  'md' contains the
+'s' bytes of encrypted message digest.  'pkey' is used to public key decrypt
+the digest.  It is then compared with the message digest just generated.
+If they match, 1 is returned else 0.
+
+int	EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek,
+		int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk);
+Must have at least one public key, error is 0.  I should also mention that
+the buffers pointed to by 'ek' need to be EVP_PKEY_size(pubk[n]) is size.
+
+#define EVP_SealUpdate(a,b,c,d,e)	EVP_EncryptUpdate(a,b,c,d,e)	
+void	EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl);
+
+
+int	EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek,
+		int ekl,unsigned char *iv,EVP_PKEY *priv);
+0 on failure
+
+#define EVP_OpenUpdate(a,b,c,d,e)	EVP_DecryptUpdate(a,b,c,d,e)
+
+int	EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+Decrypt final return code
+
+
+==== error.doc ========================================================
+
+The error routines.
+
+The 'error' system I've implemented is intended to server 2 purpose, to
+record the reason why a command failed and to record where in the libraries
+the failure occurred.  It is more or less setup to record a 'trace' of which
+library components were being traversed when the error occurred.
+
+When an error is recorded, it is done so a as single unsigned long which is
+composed of three parts.  The top byte is the 'library' number, the middle
+12 bytes is the function code, and the bottom 12 bits is the 'reason' code.
+
+Each 'library', or should a say, 'section' of the SSLeay library has a
+different unique 'library' error number.  Each function in the library has
+a number that is unique for that library.  Each 'library' also has a number
+for each 'error reason' that is only unique for that 'library'.
+
+Due to the way these error routines record a 'error trace', there is an
+array per thread that is used to store the error codes.
+The various functions in this library are used to access
+and manipulate this array.
+
+void ERR_put_error(int lib, int func,int reason);
+	This routine records an error in library 'lib', function 'func'
+and reason 'reason'.  As errors get 'put' into the buffer, they wrap
+around and overwrite old errors if too many are written.  It is assumed
+that the last errors are the most important.
+
+unsigned long ERR_get_error(void );
+	This function returns the last error added to the error buffer.
+In effect it is popping the value off the buffer so repeated calls will
+continue to return values until there are no more errors to return in which
+case 0 is returned.
+
+unsigned long ERR_peek_error(void );
+	This function returns the value of the last error added to the
+error buffer but does not 'pop' it from the buffer.
+
+void ERR_clear_error(void );
+	This function clears the error buffer, discarding all unread
+errors.
+
+While the above described error system obviously produces lots of different
+error number, a method for 'reporting' these errors in a human readable
+form is required.  To achieve this, each library has the option of
+'registering' error strings.
+
+typedef struct ERR_string_data_st
+	{
+	unsigned long error;
+	char *string;
+	} ERR_STRING_DATA;
+
+The 'ERR_STRING_DATA' contains an error code and the corresponding text
+string.  To add new function error strings for a library, the
+ERR_STRING_DATA needs to be 'registered' with the library.
+
+void ERR_load_strings(unsigned long lib,ERR_STRING_DATA *err);
+	This function 'registers' the array of ERR_STRING_DATA pointed to by
+'err' as error text strings for the error library 'lib'.
+
+void ERR_free_strings(void);
+	This function free()s all the loaded error strings.
+
+char *ERR_error_string(unsigned long error,char *buf);
+	This function returns a text string that is a human readable
+version of the error represented by 'error'.  Buff should be at least 120
+bytes long and if it is NULL, the return value is a pointer to a static
+variable that will contain the error string, otherwise 'buf' is returned.
+If there is not a text string registered for a particular error, a text
+string containing the error number is returned instead.
+
+void ERR_print_errors(BIO *bp);
+void ERR_print_errors_fp(FILE *fp);
+	This function is a convenience routine that prints the error string
+for each error until all errors have been accounted for.
+
+char *ERR_lib_error_string(unsigned long e);
+char *ERR_func_error_string(unsigned long e);
+char *ERR_reason_error_string(unsigned long e);
+The above three functions return the 3 different components strings for the
+error 'e'.  ERR_error_string() uses these functions.
+
+void ERR_load_ERR_strings(void );
+	This function 'registers' the error strings for the 'ERR' module.
+
+void ERR_load_crypto_strings(void );
+	This function 'register' the error strings for just about every
+library in the SSLeay package except for the SSL routines.  There is no
+need to ever register any error text strings and you will probably save in
+program size.  If on the other hand you do 'register' all errors, it is
+quite easy to determine why a particular routine failed.
+
+As a final footnote as to why the error system is designed as it is.
+1) I did not want a single 'global' error code.
+2) I wanted to know which subroutine a failure occurred in.
+3) For Windows NT etc, it should be simple to replace the 'key' routines
+   with code to pass error codes back to the application.
+4) I wanted the option of meaningful error text strings.
+
+Late breaking news - the changes to support threads.
+
+Each 'thread' has an 'ERR_STATE' state associated with it.
+ERR_STATE *ERR_get_state(void ) will return the 'state' for the calling
+thread/process.
+
+ERR_remove_state(unsigned long pid); will 'free()' this state.  If pid == 0
+the current 'thread/process' will have it's error state removed.
+If you do not remove the error state of a thread, this could be considered a
+form of memory leak, so just after 'reaping' a thread that has died,
+call ERR_remove_state(pid).
+
+Have a read of thread.doc for more details for what is required for
+multi-threading support.  All the other error routines will
+work correctly when using threads.
+
+
+==== idea.doc ========================================================
+
+The IDEA library.
+IDEA is a block cipher that operates on 64bit (8 byte) quantities.  It
+uses a 128bit (16 byte) key.  It can be used in all the modes that DES can
+be used.  This library implements the ecb, cbc, cfb64 and ofb64 modes.
+
+For all calls that have an 'input' and 'output' variables, they can be the
+same.
+
+This library requires the inclusion of 'idea.h'.
+
+All of the encryption functions take what is called an IDEA_KEY_SCHEDULE as an 
+argument.  An IDEA_KEY_SCHEDULE is an expanded form of the idea key.
+For all modes of the IDEA algorithm, the IDEA_KEY_SCHEDULE used for
+decryption is different to the one used for encryption.
+
+The define IDEA_ENCRYPT is passed to specify encryption for the functions
+that require an encryption/decryption flag. IDEA_DECRYPT is passed to
+specify decryption.  For some mode there is no encryption/decryption
+flag since this is determined by the IDEA_KEY_SCHEDULE.
+
+So to encrypt you would do the following
+idea_set_encrypt_key(key,encrypt_ks);
+idea_ecb_encrypt(...,encrypt_ks);
+idea_cbc_encrypt(....,encrypt_ks,...,IDEA_ENCRYPT);
+
+To Decrypt
+idea_set_encrypt_key(key,encrypt_ks);
+idea_set_decrypt_key(encrypt_ks,decrypt_ks);
+idea_ecb_encrypt(...,decrypt_ks);
+idea_cbc_encrypt(....,decrypt_ks,...,IDEA_DECRYPT);
+
+Please note that any of the encryption modes specified in my DES library
+could be used with IDEA.  I have only implemented ecb, cbc, cfb64 and
+ofb64 for the following reasons.
+- ecb is the basic IDEA encryption.
+- cbc is the normal 'chaining' form for block ciphers.
+- cfb64 can be used to encrypt single characters, therefore input and output
+  do not need to be a multiple of 8.
+- ofb64 is similar to cfb64 but is more like a stream cipher, not as
+  secure (not cipher feedback) but it does not have an encrypt/decrypt mode.
+- If you want triple IDEA, thats 384 bits of key and you must be totally
+  obsessed with security.  Still, if you want it, it is simple enough to
+  copy the function from the DES library and change the des_encrypt to
+  idea_encrypt; an exercise left for the paranoid reader :-).
+
+The functions are as follows:
+
+void idea_set_encrypt_key(
+unsigned char *key;
+IDEA_KEY_SCHEDULE *ks);
+	idea_set_encrypt_key converts a 16 byte IDEA key into an
+	IDEA_KEY_SCHEDULE.  The IDEA_KEY_SCHEDULE is an expanded form of
+	the key which can be used to perform IDEA encryption.
+	An IDEA_KEY_SCHEDULE is an expanded form of the key which is used to
+	perform actual encryption.  It can be regenerated from the IDEA key
+	so it only needs to be kept when encryption is about
+	to occur.  Don't save or pass around IDEA_KEY_SCHEDULE's since they
+	are CPU architecture dependent, IDEA keys are not.
+	
+void idea_set_decrypt_key(
+IDEA_KEY_SCHEDULE *encrypt_ks,
+IDEA_KEY_SCHEDULE *decrypt_ks);
+	This functions converts an encryption IDEA_KEY_SCHEDULE into a
+	decryption IDEA_KEY_SCHEDULE.  For all decryption, this conversion
+	of the key must be done.  In some modes of IDEA, an
+	encryption/decryption flag is also required, this is because these
+	functions involve block chaining and the way this is done changes
+	depending on which of encryption of decryption is being done.
+	Please note that there is no quick way to generate the decryption
+	key schedule other than generating the encryption key schedule and
+	then converting it.
+
+void idea_encrypt(
+unsigned long *data,
+IDEA_KEY_SCHEDULE *ks);
+	This is the IDEA encryption function that gets called by just about
+	every other IDEA routine in the library.  You should not use this
+	function except to implement 'modes' of IDEA.  I say this because the
+	functions that call this routine do the conversion from 'char *' to
+	long, and this needs to be done to make sure 'non-aligned' memory
+	access do not occur.
+	Data is a pointer to 2 unsigned long's and ks is the
+	IDEA_KEY_SCHEDULE to use.  Encryption or decryption depends on the
+	IDEA_KEY_SCHEDULE.
+
+void idea_ecb_encrypt(
+unsigned char *input,
+unsigned char *output,
+IDEA_KEY_SCHEDULE *ks);
+	This is the basic Electronic Code Book form of IDEA (in DES this
+	mode is called Electronic Code Book so I'm going to use the term
+	for idea as well :-).
+	Input is encrypted into output using the key represented by
+	ks.  Depending on the IDEA_KEY_SCHEDULE, encryption or
+	decryption occurs.  Input is 8 bytes long and output is 8 bytes.
+	
+void idea_cbc_encrypt(
+unsigned char *input,
+unsigned char *output,
+long length,
+IDEA_KEY_SCHEDULE *ks,
+unsigned char *ivec,
+int enc);
+	This routine implements IDEA in Cipher Block Chaining mode.
+	Input, which should be a multiple of 8 bytes is encrypted
+	(or decrypted) to output which will also be a multiple of 8 bytes.
+	The number of bytes is in length (and from what I've said above,
+	should be a multiple of 8).  If length is not a multiple of 8, bad 
+	things will probably happen.  ivec is the initialisation vector.
+	This function updates iv after each call so that it can be passed to
+	the next call to idea_cbc_encrypt().
+	
+void idea_cfb64_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+des_key_schedule ks,
+des_cblock *ivec,
+int *num,
+int enc);
+	This is one of the more useful functions in this IDEA library, it
+	implements CFB mode of IDEA with 64bit feedback.
+	This allows you to encrypt an arbitrary number of bytes,
+	you do not require 8 byte padding.  Each call to this
+	routine will encrypt the input bytes to output and then update ivec
+	and num.  Num contains 'how far' we are though ivec.
+	Enc is used to indicate encryption or decryption.
+	One very important thing to remember is that when decrypting, use
+	the encryption form of the key.
+	CFB64 mode operates by using the cipher to
+	generate a stream of bytes which is used to encrypt the plain text.
+	The cipher text is then encrypted to generate the next 64 bits to
+	be xored (incrementally) with the next 64 bits of plain
+	text.  As can be seen from this, to encrypt or decrypt,
+	the same 'cipher stream' needs to be generated but the way the next
+	block of data is gathered for encryption is different for
+	encryption and decryption.  What this means is that to encrypt
+	idea_set_encrypt_key(key,ks);
+	idea_cfb64_encrypt(...,ks,..,IDEA_ENCRYPT)
+	do decrypt
+	idea_set_encrypt_key(key,ks)
+	idea_cfb64_encrypt(...,ks,...,IDEA_DECRYPT)
+	Note: The same IDEA_KEY_SCHEDULE but different encryption flags.
+	For idea_cbc or idea_ecb, idea_set_decrypt_key() would need to be
+	used to generate the IDEA_KEY_SCHEDULE for decryption.
+	The reason I'm stressing this point is that I just wasted 3 hours
+	today trying to decrypt using this mode and the decryption form of
+	the key :-(.
+	
+void idea_ofb64_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+des_key_schedule ks,
+des_cblock *ivec,
+int *num);
+	This functions implements OFB mode of IDEA with 64bit feedback.
+	This allows you to encrypt an arbitrary number of bytes,
+	you do not require 8 byte padding.  Each call to this
+	routine will encrypt the input bytes to output and then update ivec
+	and num.  Num contains 'how far' we are though ivec.
+	This is in effect a stream cipher, there is no encryption or
+	decryption mode.  The same key and iv should be used to
+	encrypt and decrypt.
+	
+For reading passwords, I suggest using des_read_pw_string() from my DES library.
+To generate a password from a text string, I suggest using MD5 (or MD2) to
+produce a 16 byte message digest that can then be passed directly to
+idea_set_encrypt_key().
+
+=====
+For more information about the specific IDEA modes in this library
+(ecb, cbc, cfb and ofb), read the section entitled 'Modes of DES' from the
+documentation on my DES library.  What is said about DES is directly
+applicable for IDEA.
+
+
+==== legal.doc ========================================================
+
+From eay@mincom.com Thu Jun 27 00:25:45 1996
+Received: by orb.mincom.oz.au id AA15821
+  (5.65c/IDA-1.4.4 for eay); Wed, 26 Jun 1996 14:25:45 +1000
+Date: Wed, 26 Jun 1996 14:25:45 +1000 (EST)
+From: Eric Young <eay@mincom.oz.au>
+X-Sender: eay@orb
+To: Ken Toll <ktoll@ren.digitalage.com>
+Cc: Eric Young <eay@mincom.oz.au>, ssl-talk@netscape.com
+Subject: Re: Unidentified subject!
+In-Reply-To: <9606261950.ZM28943@ren.digitalage.com>
+Message-Id: <Pine.SOL.3.91.960626131156.28573K-100000@orb>
+Mime-Version: 1.0
+Content-Type: TEXT/PLAIN; charset=US-ASCII
+Status: O
+X-Status: 
+
+
+This is a little off topic but since SSLeay is a free implementation of
+the SSLv2 protocol, I feel it is worth responding on the topic of if it 
+is actually legal for Americans to use free cryptographic software.
+
+On Wed, 26 Jun 1996, Ken Toll wrote:
+> Is the U.S the only country that SSLeay cannot be used commercially 
+> (because of RSAref) or is that going to be an issue with every country 
+> that a client/server application (non-web browser/server) is deployed 
+> and sold?
+
+>From what I understand, the software patents that apply to algorithms 
+like RSA and DH only apply in the USA.  The IDEA algorithm I believe is 
+patened in europe (USA?), but considing how little it is used by other SSL 
+implementations, it quite easily be left out of the SSLeay build
+(this can be done with a compile flag).
+
+Actually if the RSA patent did apply outside the USA, it could be rather
+interesting since RSA is not alowed to let RSA toolkits outside of the USA
+[1], and since these are the only forms that they will alow the algorithm
+to be used in, it would mean that non-one outside of the USA could produce
+public key software which would be a very strong statment for
+international patent law to make :-).  This logic is a little flawed but
+it still points out some of the more interesting permutations of USA
+patent law and ITAR restrictions. 
+
+Inside the USA there is also the unresolved issue of RC4/RC2 which were
+made public on sci.crypt in Sep 1994 (RC4) and Feb 1996 (RC2).  I have
+copies of the origional postings if people are interested.  RSA I believe 
+claim that they were 'trade-secrets' and that some-one broke an NDA in 
+revealing them.  Other claim they reverse engineered the algorithms from 
+compiled binaries.  If the algorithms were reverse engineered, I belive 
+RSA had no legal leg to stand on.  If an NDA was broken, I don't know.
+Regardless, RSA, I belive, is willing to go to court over the issue so 
+licencing is probably the best idea, or at least talk to them.
+If there are people who actually know more about this, pease let me know, I 
+don't want to vilify or spread miss-information if I can help it.
+
+If you are not producing a web browser, it is easy to build SSLeay with
+RC2/RC4 removed. Since RC4 is the defacto standard cipher in 
+all web software (and it is damn fast) it is more or less required for 
+www use. For non www use of SSL, especially for an application where 
+interoperability with other vendors is not critical just leave it out.
+
+Removing IDEA, RC2 and RC4 would only leave DES and Triple DES but 
+they should be ok.  Considing that Triple DES can encrypt at rates of
+410k/sec on a pentium 100, and 940k/sec on a P6/200, this is quite 
+reasonable performance.  Single DES clocks in at 1160k/s and 2467k/s
+respectivly is actually quite fast for those not so paranoid (56 bit key).[1]
+
+> Is it possible to get a certificate for commercial use outside of the U.S.?
+yes.
+
+Thawte Consulting issues certificates (they are the people who sell the
+	Sioux httpd server and are based in South Africa)
+Verisign will issue certificates for Sioux (sold from South Africa), so this
+	proves that they will issue certificate for OS use if they are
+	happy with the quality of the software.
+
+(The above mentioned companies just the ones that I know for sure are issuing
+ certificates outside the USA).
+
+There is always the point that if you are using SSL for an intra net, 
+SSLeay provides programs that can be used so you can issue your own 
+certificates.  They need polishing but at least it is a good starting point.
+
+I am not doing anything outside Australian law by implementing these
+algorithms (to the best of my knowedge).  It is another example of how 
+the world legal system does not cope with the internet very well.
+
+I may start making shared libraries available (I have now got DLL's for 
+Windows).  This will mean that distributions into the usa could be 
+shipped with a version with a reduced cipher set and the versions outside 
+could use the DLL/shared library with all the ciphers (and without RSAref).
+
+This could be completly hidden from the application, so this would not 
+even require a re-linking.
+
+This is the reverse of what people were talking about doing to get around 
+USA export regulations :-)
+
+eric
+
+[1]:	The RSAref2.0 tookit is available on at least 3 ftp sites in Europe
+	and one in South Africa.
+
+[2]:	Since I always get questions when I post benchmark numbers :-),
+	DES performace figures are in 1000's of bytes per second in cbc 
+	mode using an 8192 byte buffer.  The pentium 100 was running Windows NT 
+	3.51 DLLs and the 686/200 was running NextStep.
+	I quote pentium 100 benchmarks because it is basically the
+	'entry level' computer that most people buy for personal use.
+	Windows 95 is the OS shipping on those boxes, so I'll give
+	NT numbers (the same Win32 runtime environment).  The 686
+	numbers are present as an indication of where we will be in a
+	few years.
+--
+Eric Young                  | BOOL is tri-state according to Bill Gates.
+AARNet: eay@mincom.oz.au    | RTFM Win32 GetMessage().
+
+
+
+==== lhash.doc ========================================================
+
+The LHASH library.
+
+I wrote this library in 1991 and have since forgotten why I called it lhash.
+It implements a hash table from an article I read at the
+time from 'Communications of the ACM'.  What makes this hash
+table different is that as the table fills, the hash table is
+increased (or decreased) in size via realloc().
+When a 'resize' is done, instead of all hashes being redistributed over
+twice as many 'buckets', one bucket is split.  So when an 'expand' is done,
+there is only a minimal cost to redistribute some values.  Subsequent
+inserts will cause more single 'bucket' redistributions but there will
+never be a sudden large cost due to redistributing all the 'buckets'.
+
+The state for a particular hash table is kept in the LHASH structure.
+The LHASH structure also records statistics about most aspects of accessing
+the hash table.  This is mostly a legacy of my writing this library for
+the reasons of implementing what looked like a nice algorithm rather than
+for a particular software product.
+
+Internal stuff you probably don't want to know about.
+The decision to increase or decrease the hash table size is made depending
+on the 'load' of the hash table.  The load is the number of items in the
+hash table divided by the size of the hash table.  The default values are
+as follows.  If (hash->up_load < load) => expand.
+if (hash->down_load > load) =>  contract.  The 'up_load' has a default value of
+1 and 'down_load' has a default value of 2.  These numbers can be modified
+by the application by just playing with the 'up_load' and 'down_load'
+variables.  The 'load' is kept in a form which is multiplied by 256.  So
+hash->up_load=8*256; will cause a load of 8 to be set.
+
+If you are interested in performance the field to watch is
+num_comp_calls.  The hash library keeps track of the 'hash' value for
+each item so when a lookup is done, the 'hashes' are compared, if
+there is a match, then a full compare is done, and
+hash->num_comp_calls is incremented.  If num_comp_calls is not equal
+to num_delete plus num_retrieve it means that your hash function is
+generating hashes that are the same for different values.  It is
+probably worth changing your hash function if this is the case because
+even if your hash table has 10 items in a 'bucked', it can be searched
+with 10 'unsigned long' compares and 10 linked list traverses.  This
+will be much less expensive that 10 calls to you compare function.
+
+LHASH *lh_new(
+unsigned long (*hash)(),
+int (*cmp)());
+	This function is used to create a new LHASH structure.  It is passed
+	function pointers that are used to store and retrieve values passed
+	into the hash table.  The 'hash'
+	function is a hashing function that will return a hashed value of
+	it's passed structure.  'cmp' is passed 2 parameters, it returns 0
+	is they are equal, otherwise, non zero.
+	If there are any problems (usually malloc failures), NULL is
+	returned, otherwise a new LHASH structure is returned.  The
+	hash value is normally truncated to a power of 2, so make sure
+	that your hash function returns well mixed low order bits.
+	
+void lh_free(
+LHASH *lh);
+	This function free()s a LHASH structure.  If there is malloced
+	data in the hash table, it will not be freed.  Consider using the
+	lh_doall function to deallocate any remaining entries in the hash
+	table.
+	
+char *lh_insert(
+LHASH *lh,
+char *data);
+	This function inserts the data pointed to by data into the lh hash
+	table.  If there is already and entry in the hash table entry, the
+	value being replaced is returned.  A NULL is returned if the new
+	entry does not clash with an entry already in the table (the normal
+	case) or on a malloc() failure (perhaps I should change this....).
+	The 'char *data' is exactly what is passed to the hash and
+	comparison functions specified in lh_new().
+	
+char *lh_delete(
+LHASH *lh,
+char *data);
+	This routine deletes an entry from the hash table.  The value being
+	deleted is returned.  NULL is returned if there is no such value in
+	the hash table.
+
+char *lh_retrieve(
+LHASH *lh,
+char *data);
+	If 'data' is in the hash table it is returned, else NULL is
+	returned.  The way these routines would normally be uses is that a
+	dummy structure would have key fields populated and then
+	ret=lh_retrieve(hash,&dummy);.  Ret would now be a pointer to a fully
+	populated structure.
+
+void lh_doall(
+LHASH *lh,
+void (*func)(char *a));
+	This function will, for every entry in the hash table, call function
+	'func' with the data item as parameters.
+	This function can be quite useful when used as follows.
+	void cleanup(STUFF *a)
+		{ STUFF_free(a); }
+	lh_doall(hash,cleanup);
+	lh_free(hash);
+	This can be used to free all the entries, lh_free() then
+	cleans up the 'buckets' that point to nothing.  Be careful
+	when doing this.  If you delete entries from the hash table,
+	in the call back function, the table may decrease in size,
+	moving item that you are
+	currently on down lower in the hash table.  This could cause
+	some entries to be skipped.  The best solution to this problem
+	is to set lh->down_load=0 before you start.  This will stop
+	the hash table ever being decreased in size.
+
+void lh_doall_arg(
+LHASH *lh;
+void(*func)(char *a,char *arg));
+char *arg;
+	This function is the same as lh_doall except that the function
+	called will be passed 'arg' as the second argument.
+	
+unsigned long lh_strhash(
+char *c);
+	This function is a demo string hashing function.  Since the LHASH
+	routines would normally be passed structures, this routine would
+	not normally be passed to lh_new(), rather it would be used in the
+	function passed to lh_new().
+
+The next three routines print out various statistics about the state of the
+passed hash table.  These numbers are all kept in the lhash structure.
+
+void lh_stats(
+LHASH *lh,
+FILE *out);
+	This function prints out statistics on the size of the hash table,
+	how many entries are in it, and the number and result of calls to
+	the routines in this library.
+
+void lh_node_stats(
+LHASH *lh,
+FILE *out);
+	For each 'bucket' in the hash table, the number of entries is
+	printed.
+	
+void lh_node_usage_stats(
+LHASH *lh,
+FILE *out);
+	This function prints out a short summary of the state of the hash
+	table.  It prints what I call the 'load' and the 'actual load'.
+	The load is the average number of data items per 'bucket' in the
+	hash table.  The 'actual load' is the average number of items per
+	'bucket', but only for buckets which contain entries.  So the
+	'actual load' is the average number of searches that will need to
+	find an item in the hash table, while the 'load' is the average number
+	that will be done to record a miss.
+
+==== md2.doc ========================================================
+
+The MD2 library.
+MD2 is a message digest algorithm that can be used to condense an arbitrary
+length message down to a 16 byte hash.  The functions all need to be passed
+a MD2_CTX which is used to hold the MD2 context during multiple MD2_Update()
+function calls.  The normal method of use for this library is as follows
+
+MD2_Init(...);
+MD2_Update(...);
+...
+MD2_Update(...);
+MD2_Final(...);
+
+This library requires the inclusion of 'md2.h'.
+
+The main negative about MD2 is that it is slow, especially when compared
+to MD5.
+
+The functions are as follows:
+
+void MD2_Init(
+MD2_CTX *c);
+	This function needs to be called to initiate a MD2_CTX structure for
+	use.
+	
+void MD2_Update(
+MD2_CTX *c;
+unsigned char *data;
+unsigned long len);
+	This updates the message digest context being generated with 'len'
+	bytes from the 'data' pointer.  The number of bytes can be any
+	length.
+
+void MD2_Final(
+unsigned char *md;
+MD2_CTX *c;
+	This function is called when a message digest of the data digested
+	with MD2_Update() is wanted.  The message digest is put in the 'md'
+	array and is MD2_DIGEST_LENGTH (16) bytes long.
+
+unsigned char *MD2(
+unsigned long n;
+unsigned char *d;
+unsigned char *md;
+	This function performs a MD2_Init(), followed by a MD2_Update()
+	followed by a MD2_Final() (using a local MD2_CTX).
+	The resulting digest is put into 'md' if it is not NULL.
+	Regardless of the value of 'md', the message
+	digest is returned from the function.  If 'md' was NULL, the message
+	digest returned is being stored in a static structure.
+
+==== md5.doc ========================================================
+
+The MD5 library.
+MD5 is a message digest algorithm that can be used to condense an arbitrary
+length message down to a 16 byte hash.  The functions all need to be passed
+a MD5_CTX which is used to hold the MD5 context during multiple MD5_Update()
+function calls.  This library also contains random number routines that are
+based on MD5
+
+The normal method of use for this library is as follows
+
+MD5_Init(...);
+MD5_Update(...);
+...
+MD5_Update(...);
+MD5_Final(...);
+
+This library requires the inclusion of 'md5.h'.
+
+The functions are as follows:
+
+void MD5_Init(
+MD5_CTX *c);
+	This function needs to be called to initiate a MD5_CTX structure for
+	use.
+	
+void MD5_Update(
+MD5_CTX *c;
+unsigned char *data;
+unsigned long len);
+	This updates the message digest context being generated with 'len'
+	bytes from the 'data' pointer.  The number of bytes can be any
+	length.
+
+void MD5_Final(
+unsigned char *md;
+MD5_CTX *c;
+	This function is called when a message digest of the data digested
+	with MD5_Update() is wanted.  The message digest is put in the 'md'
+	array and is MD5_DIGEST_LENGTH (16) bytes long.
+
+unsigned char *MD5(
+unsigned char *d;
+unsigned long n;
+unsigned char *md;
+	This function performs a MD5_Init(), followed by a MD5_Update()
+	followed by a MD5_Final() (using a local MD5_CTX).
+	The resulting digest is put into 'md' if it is not NULL.
+	Regardless of the value of 'md', the message
+	digest is returned from the function.  If 'md' was NULL, the message
+	digest returned is being stored in a static structure.
+
+
+==== memory.doc ========================================================
+
+In the interests of debugging SSLeay, there is an option to compile
+using some simple memory leak checking.
+
+All malloc(), free() and realloc() calls in SSLeay now go via
+Malloc(), Free() and Realloc() (except those in crypto/lhash).
+
+If CRYPTO_MDEBUG is defined, these calls are #defined to
+CRYPTO_malloc(), CRYPTO_free() and CRYPTO_realloc().
+If it is not defined, they are #defined to malloc(), free() and realloc().
+
+the CRYPTO_malloc() routines by default just call the underlying library
+functons.
+
+If CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) is called, memory leak detection is
+turned on.  CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) turns it off.
+
+When turned on, each Malloc() or Realloc() call is recored along with the file
+and line number from where the call was made.   (This is done using the
+lhash library which always uses normal system malloc(3) routines).
+
+void CRYPTO_mem_leaks(BIO *b);
+void CRYPTO_mem_leaks_fp(FILE *fp);
+These both print out the list of memory that has not been free()ed.
+This will probably be rather hard to read, but if you look for the 'top level'
+structure allocation, this will often give an idea as to what is not being
+free()ed.  I don't expect people to use this stuff normally.
+
+==== ca.1 ========================================================
+
+From eay@orb.mincom.oz.au Thu Dec 28 23:56:45 1995
+Received: by orb.mincom.oz.au id AA07374
+  (5.65c/IDA-1.4.4 for eay); Thu, 28 Dec 1995 13:56:45 +1000
+Date: Thu, 28 Dec 1995 13:56:45 +1000 (EST)
+From: Eric Young <eay@mincom.oz.au>
+X-Sender: eay@orb
+To: sameer <sameer@c2.org>
+Cc: ssleay@mincom.oz.au
+Subject: Re: 'ca'
+In-Reply-To: <199512230440.UAA23410@infinity.c2.org>
+Message-Id: <Pine.SOL.3.91.951228133525.7269A-100000@orb>
+Mime-Version: 1.0
+Content-Type: TEXT/PLAIN; charset=US-ASCII
+Status: RO
+X-Status: 
+
+On Fri, 22 Dec 1995, sameer wrote:
+> 	I could use documentation on 'ca'. Thanks.
+
+Very quickly.
+The ca program uses the ssleay.conf file for most of its configuration
+
+./ca -help
+
+ -verbose        - Talk alot while doing things
+ -config file    - A config file. If you don't want to use the
+		   default config file
+ -name arg       - The particular CA definition to use
+	In the config file, the section to use for parameters.  This lets 
+	multiple setups to be contained in the one file.  By default, the 
+	default_ca variable is looked up in the [ ca ] section.  So in the 
+	shipped ssleay.conf, the CA definition used is CA_default.  It could be 
+	any other name.
+ -gencrl days    - Generate a new CRL, days is when the next CRL is due
+	This will generate a new certificate revocion list.
+ -days arg       - number of days to certify the certificate for
+	When certifiying certificates, this is the number of days to use.
+ -md arg         - md to use, one of md2, md5, sha or sha1
+ -policy arg     - The CA 'policy' to support
+	I'll describe this later, but there are 2 policies definied in the 
+	shipped ssleay.conf
+ -keyfile arg    - PEM RSA private key file
+ -key arg        - key to decode the RSA private key if it is encrypted
+	since we need to keep the CA's RSA key encrypted
+ -cert           - The CA certificate
+ -in file        - The input PEM encoded certificate request(s)
+ -out file       - Where to put the output file(s)
+ -outdir dir     - Where to put output certificates
+	The -out options concatinates all the output certificied
+	certificates to one file, -outdir puts them in a directory,
+	named by serial number.
+ -infiles ....   - The last argument, requests to process
+	The certificate requests to process, -in is the same.
+
+Just about all the above have default values defined in ssleay.conf.
+
+The key variables in ssleay.conf are (for the pariticular '-name' being 
+used, in the default, it is CA_default).
+
+dir is where all the CA database stuff is kept.
+certs is where all the previously issued certificates are kept.
+The database is a simple text database containing the following tab separated 
+fields.
+status: a value of 'R' - revoked, 'E' -expired or 'V' valid.
+issued date:  When the certificate was certified.
+revoked date:  When it was revoked, blank if not revoked.
+serial number:  The certificate serial number.
+certificate:	Where the certificate is located.
+CN:	The name of the certificate.
+
+The demo file has quite a few made up values it it.  The last 2 were 
+added by the ca program and are acurate.
+The CA program does not update the 'certificate' file correctly right now.
+The serial field should be unique as should the CN/status combination.
+The ca program checks these at startup.  What still needs to be 
+wrtten is a program to 'regenerate' the data base file from the issued 
+certificate list (and a CRL list).
+
+Back to the CA_default variables.
+
+Most of the variables are commented.
+
+policy is the default policy.
+
+Ok for policies, they define the order and which fields must be present 
+in the certificate request and what gets filled in.
+
+So a value of
+countryName             = match
+means that the country name must match the CA certificate.
+organizationalUnitName  = optional
+The org.Unit,Name does not have to be present and
+commonName              = supplied
+commonName must be supplied in the certificate request.
+
+For the 'policy_match' polocy, the order of the attributes in the 
+generated certiticate would be
+countryName
+stateOrProvinceName
+organizationName
+organizationalUnitName
+commonName
+emailAddress
+
+Have a play, it sort of makes sense.  If you think about how the persona 
+requests operate, it is similar to the 'policy_match' policy and the
+'policy_anything' is similar to what versign is doing.
+
+I hope this helps a bit.  Some backend scripts are definitly needed to 
+update the database and to make certificate revocion easy.  All 
+certificates issued should also be kept forever (or until they expire?)
+
+hope this helps
+eric (who has to run off an buy some cheap knee pads for the caving in 4 
+days time :-)
+
+--
+Eric Young                  | Signature removed since it was generating
+AARNet: eay@mincom.oz.au    | more followups than the message contents :-)
+
+
+==== ms3-ca.doc ========================================================
+
+Date: Mon, 9 Jun 97 08:00:33 +0200
+From: Holger.Reif@PrakInf.TU-Ilmenau.DE (Holger Reif)
+Subject: ms3-ca.doc
+Organization: TU Ilmenau, Fak. IA, FG Telematik
+Content-Length: 14575
+Status: RO
+X-Status: 
+
+Loading client certs into MSIE 3.01
+===================================
+
+This document conatains all the information necessary to succesfully set up 
+some scripts to issue client certs to Microsoft Internet Explorer. It 
+includes the required knowledge about the model MSIE uses for client 
+certification and includes complete sample scripts ready to play with. The 
+scripts were tested against a modified ca program of SSLeay 0.6.6 and should 
+work with the regular ca program that comes with version 0.8.0. I haven't 
+tested against MSIE 4.0
+
+You can use the information contained in this document in either way you 
+want. However if you feel it saved you a lot of time I ask you to be as fair 
+as to mention my name: Holger Reif <reif@prakinf.tu-ilmenau.de>.
+
+1.) The model used by MSIE
+--------------------------
+
+The Internet Explorer doesn't come with a embedded engine for installing 
+client certs like Netscape's Navigator. It rather uses the CryptoAPI (CAPI) 
+defined by Microsoft. CAPI comes with WindowsNT 4.0 or is installed together 
+with Internet Explorer since 3.01. The advantage of this approach is a higher 
+flexibility because the certificates in the (per user) system open 
+certificate store may be used by other applications as well. The drawback 
+however is that you need to do a bit more work to get a client cert issued.
+
+CAPI defines functions which will handle basic cryptographic work, eg. 
+generating keys, encrypting some data, signing text or building a certificate 
+request. The procedure is as follows: A CAPI function generates you a key 
+pair and saves it into the certificate store. After that one builds a 
+Distinguished Name. Together with that key pair another CAPI function forms a 
+PKCS#10 request which you somehow need to submit to a CA. Finally the issued 
+cert is given to a yet another CAPI function which saves it into the 
+certificate store.
+
+The certificate store with the user's keys and certs is in the registry. You 
+will find it under HKEY_CURRENT_USER/Software/Microsoft/Cryptography/ (I 
+leave it to you as a little exercise to figure out what all the entries mean 
+;-). Note that the keys are protected only with the user's usual Windows 
+login password.
+
+2.) The practical usage
+-----------------------
+
+Unfortunatly since CAPI is a system API you can't access its functions from 
+HTML code directly. For this purpose Microsoft provides a wrapper called 
+certenr3.dll. This DLL accesses the CAPI functions and provides an interface 
+usable from Visual Basic Script. One needs to install that library on the 
+computer which wants to have client cert. The easiest way is to load it as an 
+ActiveX control (certenr3.dll is properly authenticode signed by MS ;-). If 
+you have ever enrolled e cert request at a CA you will have installed it.
+
+At time of writing certenr3.dll is contained in 
+http://www.microsoft.com/workshop/prog/security/csa/certenr3.exe. It comes 
+with an README file which explains the available functions. It is labeled 
+beta but every CA seems to use it anyway. The license.txt allows you the 
+usage for your own purposes (as far as I understood) and a somehow limited 
+distribution. 
+
+The two functions of main interest are GenerateKeyPair and AcceptCredentials. 
+For complete explanation of all possible parameters see the README file. Here 
+are only minimal required parameters and their values.
+
+GenerateKeyPair(sessionID, FASLE, szName, 0, "ClientAuth", TRUE, FALSE, 1)
+- sessionID is a (locally to that computer) unique string to correlate the 
+generated key pair with a cert installed later.
+- szName is the DN of the form "C=DE; S=Thueringen; L=Ilmenau; CN=Holger 
+Reif; 1.2.840.113549.1.9.1=reif@prakinf.tu-ilmenau.de". Note that S is the 
+abreviation for StateOrProvince. The recognized abreviation include CN, O, C, 
+OU, G, I, L, S, T. If the abreviation is unknown (eg. for PKCS#9 email addr) 
+you need to use the full object identifier. The starting point for searching 
+them could be crypto/objects.h since all OIDs know to SSLeay are listed 
+there.
+- note: the possible ninth parameter which should give a default name to the 
+certificate storage location doesn't seem to work. Changes to the constant 
+values in the call above doesn't seem to make sense. You can't generate 
+PKCS#10 extensions with that function.
+
+The result of GenerateKeyPair is the base64 encoded PKCS#10 request. However 
+it has a little strange format that SSLeay doesn't accept. (BTW I feel the 
+decision of rejecting that format as standard conforming.) It looks like 
+follows:
+	1st line with 76 chars
+	2nd line with 76 chars
+	...
+	(n-2)th line with 76 chars
+	(n-1)th line contains a multiple of 4 chars less then 76 (possible 
+empty)
+	(n)th line has zero or 4 chars (then with 1 or 2 equal signs - the 
+		original text's lenght wasn'T a multiple of 3) 
+	The line separator has two chars: 0x0d 0x0a
+
+AcceptCredentials(sessionID, credentials, 0, FALSE)
+- sessionID needs to be the same as while generating the key pair
+- credentials is the base64 encoded PKCS#7 object containing the cert. 
+
+CRL's and CA certs are not required simply just the client cert. (It seems to 
+me that both are not even checked somehow.) The only format of the base64 
+encoded object I succesfully used was all characters in a very long string 
+without line feeds or carriage returns. (Hey, it doesn't matter, only a 
+computer reads it!)
+
+The result should be S_OK. For error handling see the example that comes with 
+certenr3.dll.
+
+A note about ASN.1 character encodings. certenr3.dll seems to know only about 
+2 of them: UniversalString and PrintableString. First it is definitely wrong 
+for an email address which is IA5STRING (checked by ssleay's ca). Second 
+unfortunately MSIE (at least until version 3.02) can't handle UniversalString 
+correctly - they just blow up you cert store! Therefore ssleay's ca (starting 
+from version 0.8.0) tries to convert the encodings automatically to IA5STRING 
+or TeletexString. The beef is it will work only for the latin-1 (western) 
+charset. Microsoft still has to do abit of homework...
+
+3.) An example
+--------------
+
+At least you need two steps: generating the key & request and then installing 
+the certificate. A real world CA would have some more steps involved, eg. 
+accepting some license. Note that both scripts shown below are just 
+experimental state without any warrenty!
+
+First how to generate a request. Note that we can't use a static page because 
+of the sessionID. I generate it from system time plus pid and hope it is 
+unique enough. Your are free to feed it through md5 to get more impressive 
+ID's ;-) Then the intended text is read in with sed which inserts the 
+sessionID. 
+
+-----BEGIN ms-enroll.cgi-----
+#!/bin/sh
+SESSION_ID=`date '+%y%m%d%H%M%S'`$$
+echo Content-type: text/html
+echo
+sed s/template_for_sessId/$SESSION_ID/ <<EOF
+<HTML><HEAD>
+<TITLE>Certificate Enrollment Test Page</TITLE>
+</HEAD><BODY>
+
+<OBJECT
+    classid="clsid:33BEC9E0-F78F-11cf-B782-00C04FD7BF43"
+    codebase=certenr3.dll
+    id=certHelper
+    >
+</OBJECT>
+
+<CENTER>
+<H2>enrollment for a personal cert</H2>
+<BR><HR WIDTH=50%><BR><P>
+<FORM NAME="MSIE_Enrollment" ACTION="ms-gencert.cgi" ENCTYPE=x-www-form-
+encoded METHOD=POST>
+<TABLE>
+    <TR><TD>Country</TD><TD><INPUT NAME="Country" VALUE=""></TD></TR>
+    <TR><TD>State</TD><TD><INPUT NAME="StateOrProvince" VALUE=""></TD></TR>
+    <TR><TD>Location</TD><TD><INPUT NAME="Location" VALUE=""></TD></TR>
+    <TR><TD>Organization</TD><TD><INPUT NAME="Organization" 
+VALUE=""></TD></TR>
+    <TR><TD>Organizational Unit</TD>
+        <TD><INPUT NAME="OrganizationalUnit" VALUE=""></TD></TR>
+    <TR><TD>Name</TD><TD><INPUT NAME="CommonName" VALUE=""></TD></TR>
+    <TR><TD>eMail Address</TD>
+        <TD><INPUT NAME="EmailAddress" VALUE=""></TD></TR>
+    <TR><TD></TD>
+        <TD><INPUT TYPE="BUTTON" NAME="submit" VALUE="Beantragen"></TD></TR>
+</TABLE>
+	<INPUT TYPE="hidden" NAME="SessionId" VALUE="template_for_sessId">
+	<INPUT TYPE="hidden" NAME="Request" VALUE="">
+</FORM>
+<BR><HR WIDTH=50%><BR><P>
+</CENTER>
+
+<SCRIPT LANGUAGE=VBS>
+    Dim DN
+
+    Sub Submit_OnClick
+	Dim TheForm
+	Set TheForm = Document.MSIE_Enrollment
+	sessionId	= TheForm.SessionId.value
+	reqHardware     = FALSE
+	C		= TheForm.Country.value
+	SP		= TheForm.StateOrProvince.value
+	L		= TheForm.Location.value
+	O		= TheForm.Organization.value
+	OU		= TheForm.OrganizationalUnit.value
+	CN              = TheForm.CommonName.value
+	Email		= TheForm.EmailAddress.value
+        szPurpose       = "ClientAuth"
+        doAcceptanceUINow   = FALSE
+        doOnline        = TRUE
+
+	DN = ""
+
+	Call Add_RDN("C", C)
+	Call Add_RDN("S", SP)
+	Call Add_RDN("L", L)
+	Call Add_RDN("O", O)
+	Call Add_RDN("OU", OU)
+	Call Add_RDN("CN", CN)
+	Call Add_RDN("1.2.840.113549.1.9.1", Email)
+		      ' rsadsi
+				     ' pkcs
+				       ' pkcs9
+					 ' eMailAddress
+        On Error Resume Next
+        sz10 = certHelper.GenerateKeyPair(sessionId, _
+                FALSE, DN, 0, ClientAuth, FASLE, TRUE, 1)_
+        theError = Err.Number
+        On Error Goto 0
+        if (sz10 = Empty OR theError <> 0) Then
+            sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & _
+                chr(10) & "Your credentials could not be generated."
+            result = MsgBox(sz, 0, "Credentials Enrollment")
+            Exit Sub
+	else 
+	    TheForm.Request.value = sz10
+	    TheForm.Submit
+        end if
+    End Sub
+
+    Sub Add_RDN(sn, value)
+	if (value <> "") then
+	    if (DN <> "") then
+		DN = DN & "; "
+	    end if
+	    DN = DN & sn & "=" & value
+	end if
+    End Sub
+</SCRIPT>
+</BODY>
+</HTML>
+EOF
+-----END ms-enroll.cgi-----
+
+Second, how to extract the request and feed the certificate back? We need to 
+"normalize" the base64 encoding of the PKCS#10 format which means 
+regenerating the lines and wrapping with BEGIN and END line. This is done by 
+gawk. The request is taken by ca the normal way. Then the cert needs to be 
+packed into a PKCS#7 structure (note: the use of a CRL is necessary for 
+crl2pkcs7 as of version 0.6.6. Starting with 0.8.0 it it might probably be 
+ommited). Finally we need to format the PKCS#7 object and generate the HTML 
+text. I use two templates to have a clearer script.
+
+1st note: postit2 is slightly modified from a program I found at ncsa's ftp 
+site. Grab it from http://www.easterngraphics.com/certs/IX9704/postit2.c. You 
+need utils.c from there too.
+
+2nd note: I'm note quite sure wether the gawk script really handles all 
+possible inputs for the request right! Today I don't use this construction 
+anymore myself.
+
+3d note: the cert must be of version 3! This could be done with the nsComment 
+line in ssleay.cnf...
+
+------BEGIN ms-gencert.cgi-----
+#!/bin/sh
+FILE="/tmp/"`date '+%y%m%d%H%M%S'-`$$
+rm -f "$FILE".*
+
+HOME=`pwd`; export HOME  # as ssleay.cnf insists on having such an env var
+cd /usr/local/ssl #where demoCA (as named in ssleay.conf) is located
+
+postit2 -s " " -i 0x0d > "$FILE".inp  # process the FORM vars
+
+SESSION_ID=`gawk '$1 == "SessionId" { print $2; exit }' "$FILE".inp`
+
+gawk \
+	'BEGIN { \
+		OFS = ""; \
+		print "-----BEGIN CERTIFICATE REQUEST-----"; \
+		req_seen=0 \
+	} \
+	$1 == "Request" { \
+		req_seen=1; \
+		if (length($2) == 72) print($2); \
+		lastline=$2; \
+		next; \
+	} \
+	{ \
+		if (req_seen == 1) { \
+			if (length($1) >= 72) print($1); \
+			else if (length(lastline) < 72) { \
+				req_seen=0; \
+				print (lastline,$1); \
+			} \
+		lastline=$1; \
+		} \
+	} \
+	END { \
+		print "-----END CERTIFICATE REQUEST-----"; \
+	}' > "$FILE".pem < "$FILE".inp 
+
+ssleay ca -batch -in "$FILE".pem -key passwd -out "$FILE".out
+ssleay crl2pkcs7 -certfile "$FILE".out -out "$FILE".pkcs7 -in demoCA/crl.pem
+
+sed s/template_for_sessId/$SESSION_ID/ <ms-enroll2a.html >"$FILE".cert
+/usr/local/bin/gawk \
+	'BEGIN	{ \
+		OFS = ""; \
+		dq = sprintf("%c",34); \
+	} \
+	$0 ~ "PKCS7" { next; } \
+	{ \
+		print dq$0dq" & _"; \
+	}' <"$FILE".pkcs7 >> "$FILE".cert
+cat  ms-enroll2b.html >>"$FILE".cert
+
+echo Content-type: text/html
+echo Content-length: `wc -c "$FILE".cert`
+echo
+cat "$FILE".cert
+rm -f "$FILE".*
+-----END ms-gencert.cgi-----
+
+----BEGIN ms-enroll2a.html----
+<HTML><HEAD><TITLE>Certificate Acceptance Test Page</TITLE></HEAD><BODY>
+
+<OBJECT
+    classid="clsid:33BEC9E0-F78F-11cf-B782-00C04FD7BF43"
+    codebase=certenr3.dll
+    id=certHelper
+    >
+</OBJECT>
+
+<CENTER>
+<H2>Your personal certificate</H2>
+<BR><HR WIDTH=50%><BR><P>
+Press the button!
+<P><INPUT TYPE=BUTTON VALUE="Nimm mich!" NAME="InstallCert">
+</CENTER>
+<BR><HR WIDTH=50%><BR>
+
+<SCRIPT LANGUAGE=VBS>
+    Sub InstallCert_OnClick
+
+	sessionId	= "template_for_sessId"
+credentials = "" & _
+----END ms-enroll2a.html----
+
+----BEGIN ms-enroll2b.html----
+""
+        On Error Resume Next
+        result = certHelper.AcceptCredentials(sessionId, credentials, 0, 
+FALSE)
+        if (IsEmpty(result)) Then
+           sz = "The error '" & Err.Number & "' occurred." & chr(13) & 
+chr(10) & "This Digital ID could not be registered."
+           msgOut = MsgBox(sz, 0, "Credentials Registration Error")
+           navigate "error.html"
+        else
+           sz = "Digital ID successfully registered."
+           msgOut = MsgBox(sz, 0, "Credentials Registration")
+           navigate "success.html"
+        end if
+	Exit Sub
+    End Sub
+</SCRIPT>
+</BODY>
+</HTML>
+----END ms-enroll2b.html----
+
+4.) What do do with the cert?
+-----------------------------
+
+The cert is visible (without restarting MSIE) under the following menu:
+View->Options->Security->Personal certs. You can examine it's contents at 
+least partially.
+
+To use it for client authentication you need to use SSL3.0 (fortunately 
+SSLeay supports it with 0.8.0). Furthermore MSIE is told to only supports a 
+kind of automatic selection of certs (I personally wasn't able to test it 
+myself). But there is a requirement that the issuer of the server cert and 
+the issuer of the client cert needs to be the same (according to a developer 
+from MS). Which means: you need may more then one cert to talk to all 
+servers...
+
+I'm sure we will get a bit more experience after ApacheSSL is available for 
+SSLeay 0.8.8.
+
+
+I hope you enjoyed reading and that in future questions on this topic will 
+rarely appear on ssl-users@moncom.com ;-)
+
+Ilmenau, 9th of June 1997
+Holger Reif <reif@prakinf.tu-ilmenau.de>
+-- 
+read you later  -  Holger Reif
+----------------------------------------  Signaturprojekt Deutsche Einheit
+TU Ilmenau - Informatik - Telematik                      (Verdamp lang her)
+Holger.Reif@PrakInf.TU-Ilmenau.DE         Alt wie ein Baum werden, um ueber
+http://Remus.PrakInf.TU-Ilmenau.DE/Reif/  alle 7 Bruecken gehen zu koennen
+
+
+==== ns-ca.doc ========================================================
+
+The following documentation was supplied by Jeff Barber, who provided the
+patch to the CA program to add this functionality.
+
+eric
+--
+Jeff Barber                                Email: jeffb@issl.atl.hp.com
+
+Hewlett Packard                            Phone: (404) 648-9503
+Internet and System Security Lab           Fax:   (404) 648-9516
+
+                         oo
+---------------------cut /\ here for ns-ca.doc ------------------------------
+
+This document briefly describes how to use SSLeay to implement a 
+certificate authority capable of dynamically serving up client
+certificates for version 3.0 beta 5 (and presumably later) versions of
+the Netscape Navigator.  Before describing how this is done, it's
+important to understand a little about how the browser implements its
+client certificate support.  This is documented in some detail in the
+URLs based at <URL:http://home.netscape.com/eng/security/certs.html>.
+Here's a brief overview:
+
+-	The Navigator supports a new HTML tag "KEYGEN" which will cause
+	the browser to generate an RSA key pair when you submit a form
+	containing the tag.  The public key, along with an optional
+	challenge (supposedly provided for use in certificate revocation
+	but I don't use it) is signed, DER-encoded, base-64 encoded
+	and sent to the web server as the value of the variable
+	whose NAME is provided in the KEYGEN tag.  The private key is
+	stored by the browser in a local key database.
+
+	This "Signed Public Key And Challenge" (SPKAC) arrives formatted
+	into 64 character lines (which are of course URL-encoded when 
+	sent via HTTP -- i.e. spaces, newlines and most punctuatation are
+	encoded as "%HH" where HH is the hex equivalent of the ASCII code).
+	Note that the SPKAC does not contain the other usual attributes
+	of a certificate request, especially the subject name fields.
+	These must be otherwise encoded in the form for submission along
+	with the SPKAC.
+
+-	Either immediately (in response to this form submission), or at
+	some later date (a real CA will probably verify your identity in
+	some way before issuing the certificate), a web server can send a
+	certificate based on the public key and other attributes back to
+	the browser by encoding it in DER (the binary form) and sending it
+	to the browser as MIME type:
+	"Content-type: application/x-x509-user-cert"
+
+	The browser uses the public key encoded in the certificate to
+	associate the certificate with the appropriate private key in
+	its local key database.  Now, the certificate is "installed".
+
+-	When a server wants to require authentication based on client
+	certificates, it uses the right signals via the SSL protocol to
+	trigger the Navigator to ask you which certificate you want to
+	send.  Whether the certificate is accepted is dependent on CA
+	certificates and so forth installed in the server and is beyond
+	the scope of this document.
+
+
+Now, here's how the SSLeay package can be used to provide client 
+certficates:
+
+-	You prepare a file for input to the SSLeay ca application.
+	The file contains a number of "name = value" pairs that identify
+	the subject.  The names here are the same subject name component
+	identifiers used in the CA section of the lib/ssleay.conf file,
+	such as "emailAddress", "commonName" "organizationName" and so
+	forth.  Both the long version and the short version (e.g. "Email",
+	"CN", "O") can be used.
+
+	One more name is supported: this one is "SPKAC".  Its value
+	is simply the value of the base-64 encoded SPKAC sent by the
+	browser (with all the newlines and other space charaters
+	removed -- and newline escapes are NOT supported).
+
+	[ As of SSLeay 0.6.4, multiple lines are supported.
+	  Put a \ at the end of each line and it will be joined with the
+	  previous line with the '\n' removed - eay ]
+	
+	Here's a sample input file:
+
+C = US
+SP = Georgia
+O = Some Organization, Inc.
+OU = Netscape Compatibility Group
+CN = John X. Doe
+Email = jxdoe@someorg.com
+SPKAC = MIG0MGAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAwmk6FMJ4uAVIYbcvIOx5+bDGTfvL8X5gE+R67ccMk6rCSGbVQz2cetyQtnI+VIs0NwdD6wjuSuVtVFbLoHonowIDAQABFgAwDQYJKoZIhvcNAQEEBQADQQBFZDUWFl6BJdomtN1Bi53mwijy1rRgJ4YirF15yBEDM3DjAQkKXHYOIX+qpz4KXKnl6EYxTnGSFL5wWt8X2iyx
+
+-	You execute the ca command (either from a CGI program run out of
+	the web server, or as a later manual task) giving it the above
+	file as input.  For example, if the file were named /tmp/cert.req,
+	you'd run:
+	$SSLDIR/bin/ca -spkac /tmp/cert.req -out /tmp/cert
+
+	The output is in DER format (binary) if a -out argument is 
+	provided, as above; otherwise, it's in the PEM format (base-64
+	encoded DER).  Also, the "-batch" switch is implied by the
+	"-spkac" so you don't get asked whether to complete the signing
+	(probably it shouldn't work this way but I was only interested
+	in hacking together an online CA that could be used for issuing
+	test certificates).
+
+	The "-spkac" capability doesn't support multiple files (I think).
+
+	Any CHALLENGE provided in the SPKAC is simply ignored.
+
+	The interactions between the identification fields you provide
+	and those identified in your lib/ssleay.conf are the same as if
+	you did an ordinary "ca -in infile -out outfile" -- that is, if
+	something is marked as required in the ssleay.conf file and it
+	isn't found in the -spkac file, the certificate won't be issued.
+
+-	Now, you pick up the output from /tmp/cert and pass it back to
+	the Navigator prepending the Content-type string described earlier.
+
+-	In order to run the ca command out of a CGI program, you must
+	provide a password to decrypt the CA's private key.  You can
+	do this by using "echo MyKeyPassword | $SSLDIR/bin/ca ..."
+	I think there's a way to not encrypt the key file in the first
+	place, but I didn't see how to do that, so I made a small change
+	to the library that allows the password to be accepted from a pipe.
+	Either way is UTTERLY INSECURE and a real CA would never do that.
+
+	[ You can use the 'ssleay rsa' command to remove the password
+	  from the private key, or you can use the '-key' option to the
+	  ca command to specify the decryption key on the command line
+	  or use the -nodes option when generating the key.
+	  ca will try to clear the command line version of the password
+	  but for quite a few operating systems, this is not possible.
+	  - eric ]
+
+So, what do you have to do to make use of this stuff to create an online 
+demo CA capability with SSLeay?
+
+1	Create an HTML form for your users.  The form should contain
+	fields for all of the required or optional fields in ssleay.conf.
+	The form must contain a KEYGEN tag somewhere with at least a NAME
+	attribute.
+
+2	Create a CGI program to process the form input submitted by the
+	browser.  The CGI program must URL-decode the variables and create
+	the file described above, containing subject identification info
+	as well as the SPKAC block.  It should then run the the ca program
+	with the -spkac option.  If it works (check the exit status),
+	return the new certificate with the appropriate MIME type.  If not,
+	return the output of the ca command with MIME type "text/plain".
+
+3	Set up your web server to accept connections signed by your demo
+	CA.  This probably involves obtaining the PEM-encoded CA certificate
+	(ordinarily in $SSLDIR/CA/cacert.pem) and installing it into a
+	server database.  See your server manual for instructions.
+
+
+==== obj.doc ========================================================
+
+The Object library.
+
+As part of my Crypto library, I found I required a method of identifying various
+objects.  These objects normally had 3 different values associated with
+them, a short text name, a long (or lower case) text name, and an
+ASN.1 Object Identifier (which is a sequence of numbers).
+This library contains a static list of objects and functions to lookup
+according to one type and to return the other types.
+
+To use these routines, 'Object.h' needs to be included.
+
+For each supported object, #define entries are defined as follows
+#define SN_Algorithm			"Algorithm"
+#define LN_algorithm			"algorithm"
+#define NID_algorithm			38
+#define OBJ_algorithm			1L,3L,14L,3L,2L
+
+SN_  stands for short name.
+LN_  stands for either long name or lowercase name.
+NID_ stands for Numeric ID.  I each object has a unique NID and this
+     should be used internally to identify objects.
+OBJ_ stands for ASN.1 Object Identifier or ASN1_OBJECT as defined in the
+     ASN1 routines.  These values are used in ASN1 encoding.
+
+The following functions are to be used to return pointers into a static
+definition of these types.  What this means is "don't try to free() any
+pointers returned from these functions.
+
+ASN1_OBJECT *OBJ_nid2obj(
+int n);
+	Return the ASN1_OBJECT that corresponds to a NID of n.
+	
+char *OBJ_nid2ln(
+int n);
+	Return the long/lower case name of the object represented by the
+	NID of n.
+	
+char *OBJ_nid2sn(
+int n);
+	Return the short name for the object represented by the NID of n.
+
+ASN1_OBJECT *OBJ_dup(
+ASN1_OBJECT *o);
+	Duplicate and return a new ASN1_OBJECT that is the same as the
+	passed parameter.
+	
+int OBJ_obj2nid(
+ASN1_OBJECT *o);
+	Given ASN1_OBJECT o, return the NID that corresponds.
+	
+int OBJ_ln2nid(
+char *s);
+	Given the long/lower case name 's', return the NID of the object.
+	
+int OBJ_sn2nid(
+char *s);
+	Given the short name 's', return the NID of the object.
+	
+char *OBJ_bsearch(
+char *key,
+char *base,
+int num,
+int size,
+int (*cmp)());
+	Since I have come across a few platforms that do not have the
+	bsearch() function, OBJ_bsearch is my version of that function.
+	Feel free to use this function, but you may as well just use the
+	normal system bsearch(3) if it is present.  This version also
+	has tolerance of being passed NULL pointers.
+
+==== keys ===========================================================
+
+EVP_PKEY_DSA
+EVP_PKEY_DSA2
+EVP_PKEY_DSA3
+EVP_PKEY_DSA4
+
+EVP_PKEY_RSA
+EVP_PKEY_RSA2
+
+valid DSA pkey types
+	NID_dsa
+	NID_dsaWithSHA
+	NID_dsaWithSHA1
+	NID_dsaWithSHA1_2
+
+valid RSA pkey types
+	NID_rsaEncryption
+	NID_rsa
+
+NID_dsaWithSHA	NID_dsaWithSHA			DSA		SHA
+NID_dsa		NID_dsaWithSHA1			DSA		SHA1
+NID_md2		NID_md2WithRSAEncryption	RSA-pkcs1	MD2
+NID_md5		NID_md5WithRSAEncryption	RSA-pkcs1	MD5
+NID_mdc2	NID_mdc2WithRSA			RSA-none	MDC2
+NID_ripemd160	NID_ripemd160WithRSA		RSA-pkcs1	RIPEMD160
+NID_sha		NID_shaWithRSAEncryption	RSA-pkcs1	SHA
+NID_sha1	NID_sha1WithRSAEncryption	RSA-pkcs1	SHA1
+
+==== rand.doc ========================================================
+
+My Random number library.
+
+These routines can be used to generate pseudo random numbers and can be
+used to 'seed' the pseudo random number generator (RNG).  The RNG make no
+effort to reproduce the same random number stream with each execution.
+Various other routines in the SSLeay library 'seed' the RNG when suitable
+'random' input data is available.  Read the section at the end for details
+on the design of the RNG.
+
+void RAND_bytes(
+unsigned char *buf,
+int num);
+	This routine puts 'num' random bytes into 'buf'.  One should make
+	sure RAND_seed() has been called before using this routine.
+	
+void RAND_seed(
+unsigned char *buf,
+int num);
+	This routine adds more 'seed' data the RNG state.  'num' bytes
+	are added to the RNG state, they are taken from 'buf'.  This
+	routine can be called with sensitive data such as user entered
+	passwords.  This sensitive data is in no way recoverable from
+	the RAND library routines or state.  Try to pass as much data
+	from 'random' sources as possible into the RNG via this function.
+	Also strongly consider using the RAND_load_file() and
+	RAND_write_file() routines.
+
+void RAND_cleanup();
+	When a program has finished with the RAND library, if it so
+	desires, it can 'zero' all RNG state.
+	
+The following 3 routines are convenience routines that can be used to
+'save' and 'restore' data from/to the RNG and it's state.
+Since the more 'random' data that is feed as seed data the better, why not
+keep it around between executions of the program?  Of course the
+application should pass more 'random' data in via RAND_seed() and 
+make sure no-one can read the 'random' data file.
+	
+char *RAND_file_name(
+char *buf,
+int size);
+	This routine returns a 'default' name for the location of a 'rand'
+	file.  The 'rand' file should keep a sequence of random bytes used
+	to initialise the RNG.  The filename is put in 'buf'.  Buf is 'size'
+	bytes long.  Buf is returned if things go well, if they do not,
+	NULL is returned.  The 'rand' file name is generated in the
+	following way.  First, if there is a 'RANDFILE' environment
+	variable, it is returned.  Second, if there is a 'HOME' environment
+	variable, $HOME/.rand is returned.  Third, NULL is returned.  NULL
+	is also returned if a buf would overflow.
+
+int RAND_load_file(
+char *file,
+long number);
+	This function 'adds' the 'file' into the RNG state.  It does this by
+	doing a RAND_seed() on the value returned from a stat() system call
+	on the file and if 'number' is non-zero, upto 'number' bytes read
+	from the file.  The number of bytes passed to RAND_seed() is returned.
+
+int RAND_write_file(
+char *file),
+	RAND_write_file() writes N random bytes to the file 'file', where
+	N is the size of the internal RND state (currently 1k).
+	This is a suitable method of saving RNG state for reloading via
+	RAND_load_file().
+
+What follows is a description of this RNG and a description of the rational
+behind it's design.
+
+It should be noted that this RNG is intended to be used to generate
+'random' keys for various ciphers including generation of DH and RSA keys.  
+
+It should also be noted that I have just created a system that I am happy with.
+It may be overkill but that does not worry me.  I have not spent that much
+time on this algorithm so if there are glaring errors, please let me know.
+Speed has not been a consideration in the design of these routines.
+
+First up I will state the things I believe I need for a good RNG.
+1) A good hashing algorithm to mix things up and to convert the RNG 'state'
+   to random numbers.
+2) An initial source of random 'state'.
+3) The state should be very large.  If the RNG is being used to generate
+   4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum).
+   If your RNG state only has 128 bits, you are obviously limiting the
+   search space to 128 bits, not 2048.  I'm probably getting a little
+   carried away on this last point but it does indicate that it may not be
+   a bad idea to keep quite a lot of RNG state.  It should be easier to
+   break a cipher than guess the RNG seed data.
+4) Any RNG seed data should influence all subsequent random numbers
+   generated.  This implies that any random seed data entered will have
+   an influence on all subsequent random numbers generated.
+5) When using data to seed the RNG state, the data used should not be
+   extractable from the RNG state.  I believe this should be a
+   requirement because one possible source of 'secret' semi random
+   data would be a private key or a password.  This data must
+   not be disclosed by either subsequent random numbers or a
+   'core' dump left by a program crash.
+6) Given the same initial 'state', 2 systems should deviate in their RNG state
+   (and hence the random numbers generated) over time if at all possible.
+7) Given the random number output stream, it should not be possible to determine
+   the RNG state or the next random number.
+
+
+The algorithm is as follows.
+
+There is global state made up of a 1023 byte buffer (the 'state'), a
+working message digest ('md') and a counter ('count').
+
+Whenever seed data is added, it is inserted into the 'state' as
+follows.
+	The input is chopped up into units of 16 bytes (or less for
+	the last block).  Each of these blocks is run through the MD5
+	message digest.  The data passed to the MD5 digest is the
+	current 'md', the same number of bytes from the 'state'
+	(the location determined by in incremented looping index) as
+	the current 'block' and the new key data 'block'.  The result
+	of this is kept in 'md' and also xored into the 'state' at the
+	same locations that were used as input into the MD5.
+	I believe this system addresses points 1 (MD5), 3 (the 'state'),
+	4 (via the 'md'), 5 (by the use of MD5 and xor).
+
+When bytes are extracted from the RNG, the following process is used.
+For each group of 8 bytes (or less), we do the following,
+	Input into MD5, the top 8 bytes from 'md', the byte that are
+	to be overwritten by the random bytes and bytes from the
+	'state' (incrementing looping index).  From this digest output
+	(which is kept in 'md'), the top (upto) 8 bytes are
+	returned to the caller and the bottom (upto) 8 bytes are xored
+	into the 'state'.
+	Finally, after we have finished 'generation' random bytes for the
+	called, 'count' (which is incremented) and 'md' are fed into MD5 and
+	the results are kept in 'md'.
+	I believe the above addressed points 1 (use of MD5), 6 (by
+	hashing into the 'state' the 'old' data from the caller that
+	is about to be overwritten) and 7 (by not using the 8 bytes
+	given to the caller to update the 'state', but they are used
+	to update 'md').
+
+So of the points raised, only 2 is not addressed, but sources of
+random data will always be a problem.
+	
+
+==== rc2.doc ========================================================
+
+The RC2 library.
+
+RC2 is a block cipher that operates on 64bit (8 byte) quantities.  It
+uses variable size key, but 128bit (16 byte) key would normally be considered
+good.  It can be used in all the modes that DES can be used.  This
+library implements the ecb, cbc, cfb64, ofb64 modes.
+
+I have implemented this library from an article posted to sci.crypt on
+11-Feb-1996.  I personally don't know how far to trust the RC2 cipher.
+While it is capable of having a key of any size, not much reseach has
+publically been done on it at this point in time (Apr-1996)
+since the cipher has only been public for a few months :-)
+It is of a similar speed to DES and IDEA, so unless it is required for
+meeting some standard (SSLv2, perhaps S/MIME), it would probably be advisable
+to stick to IDEA, or for the paranoid, Tripple DES.
+
+Mind you, having said all that, I should mention that I just read alot and
+implement ciphers, I'm a 'babe in the woods' when it comes to evaluating
+ciphers :-).
+
+For all calls that have an 'input' and 'output' variables, they can be the
+same.
+
+This library requires the inclusion of 'rc2.h'.
+
+All of the encryption functions take what is called an RC2_KEY as an 
+argument.  An RC2_KEY is an expanded form of the RC2 key.
+For all modes of the RC2 algorithm, the RC2_KEY used for
+decryption is the same one that was used for encryption.
+
+The define RC2_ENCRYPT is passed to specify encryption for the functions
+that require an encryption/decryption flag. RC2_DECRYPT is passed to
+specify decryption.
+
+Please note that any of the encryption modes specified in my DES library
+could be used with RC2.  I have only implemented ecb, cbc, cfb64 and
+ofb64 for the following reasons.
+- ecb is the basic RC2 encryption.
+- cbc is the normal 'chaining' form for block ciphers.
+- cfb64 can be used to encrypt single characters, therefore input and output
+  do not need to be a multiple of 8.
+- ofb64 is similar to cfb64 but is more like a stream cipher, not as
+  secure (not cipher feedback) but it does not have an encrypt/decrypt mode.
+- If you want triple RC2, thats 384 bits of key and you must be totally
+  obsessed with security.  Still, if you want it, it is simple enough to
+  copy the function from the DES library and change the des_encrypt to
+  RC2_encrypt; an exercise left for the paranoid reader :-).
+
+The functions are as follows:
+
+void RC2_set_key(
+RC2_KEY *ks;
+int len;
+unsigned char *key;
+int bits;
+        RC2_set_key converts an 'len' byte key into a RC2_KEY.
+        A 'ks' is an expanded form of the 'key' which is used to
+        perform actual encryption.  It can be regenerated from the RC2 key
+        so it only needs to be kept when encryption or decryption is about
+        to occur.  Don't save or pass around RC2_KEY's since they
+        are CPU architecture dependent, 'key's are not.  RC2 is an
+	interesting cipher in that it can be used with a variable length
+	key.  'len' is the length of 'key' to be used as the key.
+	A 'len' of 16 is recomended.  The 'bits' argument is an
+	interesting addition which I only found out about in Aug 96.
+	BSAFE uses this parameter to 'limit' the number of bits used
+	for the key.  To use the 'key' unmodified, set bits to 1024.
+	This is what old versions of my RC2 library did (SSLeay 0.6.3).
+	RSAs BSAFE library sets this parameter to be 128 if 128 bit
+	keys are being used.  So to be compatable with BSAFE, set it
+	to 128, if you don't want to reduce RC2's key length, leave it
+	at 1024.
+	
+void RC2_encrypt(
+unsigned long *data,
+RC2_KEY *key,
+int encrypt);
+	This is the RC2 encryption function that gets called by just about
+	every other RC2 routine in the library.  You should not use this
+	function except to implement 'modes' of RC2.  I say this because the
+	functions that call this routine do the conversion from 'char *' to
+	long, and this needs to be done to make sure 'non-aligned' memory
+	access do not occur.
+	Data is a pointer to 2 unsigned long's and key is the
+	RC2_KEY to use.  Encryption or decryption is indicated by 'encrypt'.
+	which can have the values RC2_ENCRYPT or RC2_DECRYPT.
+
+void RC2_ecb_encrypt(
+unsigned char *in,
+unsigned char *out,
+RC2_KEY *key,
+int encrypt);
+	This is the basic Electronic Code Book form of RC2 (in DES this
+	mode is called Electronic Code Book so I'm going to use the term
+	for rc2 as well.
+	Input is encrypted into output using the key represented by
+	key.  Depending on the encrypt, encryption or
+	decryption occurs.  Input is 8 bytes long and output is 8 bytes.
+	
+void RC2_cbc_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+RC2_KEY *ks,
+unsigned char *ivec,
+int encrypt);
+	This routine implements RC2 in Cipher Block Chaining mode.
+	Input, which should be a multiple of 8 bytes is encrypted
+	(or decrypted) to output which will also be a multiple of 8 bytes.
+	The number of bytes is in length (and from what I've said above,
+	should be a multiple of 8).  If length is not a multiple of 8, bad 
+	things will probably happen.  ivec is the initialisation vector.
+	This function updates iv after each call so that it can be passed to
+	the next call to RC2_cbc_encrypt().
+	
+void RC2_cfb64_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+RC2_KEY *schedule,
+unsigned char *ivec,
+int *num,
+int encrypt);
+	This is one of the more useful functions in this RC2 library, it
+	implements CFB mode of RC2 with 64bit feedback.
+	This allows you to encrypt an arbitrary number of bytes,
+	you do not require 8 byte padding.  Each call to this
+	routine will encrypt the input bytes to output and then update ivec
+	and num.  Num contains 'how far' we are though ivec.
+	'Encrypt' is used to indicate encryption or decryption.
+	CFB64 mode operates by using the cipher to generate a stream
+	of bytes which is used to encrypt the plain text.
+	The cipher text is then encrypted to generate the next 64 bits to
+	be xored (incrementally) with the next 64 bits of plain
+	text.  As can be seen from this, to encrypt or decrypt,
+	the same 'cipher stream' needs to be generated but the way the next
+	block of data is gathered for encryption is different for
+	encryption and decryption.
+	
+void RC2_ofb64_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+RC2_KEY *schedule,
+unsigned char *ivec,
+int *num);
+	This functions implements OFB mode of RC2 with 64bit feedback.
+	This allows you to encrypt an arbitrary number of bytes,
+	you do not require 8 byte padding.  Each call to this
+	routine will encrypt the input bytes to output and then update ivec
+	and num.  Num contains 'how far' we are though ivec.
+	This is in effect a stream cipher, there is no encryption or
+	decryption mode.
+	
+For reading passwords, I suggest using des_read_pw_string() from my DES library.
+To generate a password from a text string, I suggest using MD5 (or MD2) to
+produce a 16 byte message digest that can then be passed directly to
+RC2_set_key().
+
+=====
+For more information about the specific RC2 modes in this library
+(ecb, cbc, cfb and ofb), read the section entitled 'Modes of DES' from the
+documentation on my DES library.  What is said about DES is directly
+applicable for RC2.
+
+
+==== rc4.doc ========================================================
+
+The RC4 library.
+RC4 is a stream cipher that operates on a byte stream.  It can be used with
+any length key but I would recommend normally using 16 bytes.
+
+This library requires the inclusion of 'rc4.h'.
+
+The RC4 encryption function takes what is called an RC4_KEY as an argument.
+The RC4_KEY is generated by the RC4_set_key function from the key bytes.
+
+RC4, being a stream cipher, does not have an encryption or decryption mode.
+It produces a stream of bytes that the input stream is xor'ed against and
+so decryption is just a case of 'encrypting' again with the same key.
+
+I have only put in one 'mode' for RC4 which is the normal one.  This means
+there is no initialisation vector and there is no feedback of the cipher
+text into the cipher.  This implies that you should not ever use the
+same key twice if you can help it.  If you do, you leave yourself open to
+known plain text attacks; if you know the plain text and
+corresponding cipher text in one message, all messages that used the same
+key can have the cipher text decoded for the corresponding positions in the
+cipher stream.
+
+The main positive feature of RC4 is that it is a very fast cipher; about 4
+times faster that DES.  This makes it ideally suited to protocols where the
+key is randomly chosen, like SSL.
+
+The functions are as follows:
+
+void RC4_set_key(
+RC4_KEY *key;
+int len;
+unsigned char *data);
+	This function initialises the RC4_KEY structure with the key passed
+	in 'data', which is 'len' bytes long.  The key data can be any
+	length but 16 bytes seems to be a good number.
+
+void RC4(
+RC4_KEY *key;
+unsigned long len;
+unsigned char *in;
+unsigned char *out);
+	Do the actual RC4 encryption/decryption.  Using the 'key', 'len'
+	bytes are transformed from 'in' to 'out'.  As mentioned above,
+	decryption is the operation as encryption.
+
+==== ref.doc ========================================================
+
+I have lots more references etc, and will update this list in the future,
+30 Aug 1996 - eay
+
+
+SSL	The SSL Protocol - from Netscapes.
+
+RC4	Newsgroups: sci.crypt
+	From: sterndark@netcom.com (David Sterndark)
+	Subject: RC4 Algorithm revealed.
+	Message-ID: <sternCvKL4B.Hyy@netcom.com>
+
+RC2	Newsgroups: sci.crypt
+	From: pgut01@cs.auckland.ac.nz (Peter Gutmann)
+	Subject: Specification for Ron Rivests Cipher No.2
+	Message-ID: <4fk39f$f70@net.auckland.ac.nz>
+
+MD2	RFC1319 The MD2 Message-Digest Algorithm
+MD5	RFC1321 The MD5 Message-Digest Algorithm
+
+X509 Certificates
+	RFC1421 Privacy Enhancement for Internet Electronic Mail: Part I
+	RFC1422 Privacy Enhancement for Internet Electronic Mail: Part II
+	RFC1423 Privacy Enhancement for Internet Electronic Mail: Part III
+	RFC1424 Privacy Enhancement for Internet Electronic Mail: Part IV
+
+RSA and various standard encoding
+	PKCS#1 RSA Encryption Standard
+	PKCS#5 Password-Based Encryption Standard
+	PKCS#7 Cryptographic Message Syntax Standard
+	A Layman's Guide to a Subset of ASN.1, BER, and DER
+	An Overview of the PKCS Standards
+	Some Examples of the PKCS Standards
+
+IDEA	Chapter 3 The Block Cipher IDEA
+
+RSA, prime number generation and bignum algorithms
+	Introduction To Algorithms,
+	Thomas Cormen, Charles Leiserson, Ronald Rivest,
+	Section 29 Arithmetic Circuits
+	Section 33 Number-Theoretic Algorithms
+
+Fast Private Key algorithm
+	Fast Decipherment Algorithm for RSA Public-Key Cryptosystem
+	J.-J. Quisquater and C. Couvreur, Electronics Letters,
+	14th October 1982, Vol. 18 No. 21
+
+Prime number generation and bignum algorithms.
+	PGP-2.3a
+
+==== rsa.doc ========================================================
+
+The RSA encryption and utility routines.
+
+The RSA routines are built on top of a big number library (the BN library).
+There are support routines in the X509 library for loading and manipulating
+the various objects in the RSA library.  When errors are returned, read
+about the ERR library for how to access the error codes.
+
+All RSA encryption is done according to the PKCS-1 standard which is
+compatible with PEM and RSAref.  This means that any values being encrypted
+must be less than the size of the modulus in bytes, minus 10, bytes long.
+
+This library uses RAND_bytes()() for it's random data, make sure to feed
+RAND_seed() with lots of interesting and varied data before using these
+routines.
+
+The RSA library has one specific data type, the RSA structure.
+It is composed of 8 BIGNUM variables (see the BN library for details) and
+can hold either a private RSA key or a public RSA key.
+Some RSA libraries have different structures for public and private keys, I
+don't.  For my libraries, a public key is determined by the fact that the
+RSA->d value is NULL.  These routines will operate on any size RSA keys.
+While I'm sure 4096 bit keys are very very secure, they take a lot longer
+to process that 1024 bit keys :-).
+
+The function in the RSA library are as follows.
+
+RSA *RSA_new();
+	This function creates a new RSA object.  The sub-fields of the RSA
+	type are also malloced so you should always use this routine to
+	create RSA variables.
+	
+void RSA_free(
+RSA *rsa);
+	This function 'frees' an RSA structure.  This routine should always
+	be used to free the RSA structure since it will also 'free' any
+	sub-fields of the RSA type that need freeing.
+	
+int RSA_size(
+RSA *rsa);	
+	This function returns the size of the RSA modulus in bytes.  Why do
+	I need this you may ask, well the reason is that when you encrypt
+	with RSA, the output string will be the size of the RSA modulus.
+	So the output for the RSA_encrypt and the input for the RSA_decrypt
+	routines need to be RSA_size() bytes long, because this is how many
+	bytes are expected.
+	
+For the following 4 RSA encryption routines, it should be noted that
+RSA_private_decrypt() should be used on the output from 
+RSA_public_encrypt() and RSA_public_decrypt() should be used on
+the output from RSA_private_encrypt().
+	
+int RSA_public_encrypt(
+int from_len;
+unsigned char *from	
+unsigned char *to	
+RSA *rsa);
+	This function implements RSA public encryption, the rsa variable
+	should be a public key (but can be a private key).  'from_len'
+	bytes taken from 'from' and encrypted and put into 'to'.  'to' needs
+	to be at least RSA_size(rsa) bytes long.  The number of bytes
+	written into 'to' is returned.  -1 is returned on an error.  The
+	operation performed is
+	to = from^rsa->e mod rsa->n.
+	
+int RSA_private_encrypt(
+int from_len;
+unsigned char *from	
+unsigned char *to	
+RSA *rsa);
+	This function implements RSA private encryption, the rsa variable
+	should be a private key.  'from_len' bytes taken from
+	'from' and encrypted and put into 'to'.  'to' needs
+	to be at least RSA_size(rsa) bytes long.  The number of bytes
+	written into 'to' is returned.  -1 is returned on an error.  The
+	operation performed is
+	to = from^rsa->d mod rsa->n.
+
+int RSA_public_decrypt(
+int from_len;
+unsigned char *from	
+unsigned char *to	
+RSA *rsa);
+	This function implements RSA public decryption, the rsa variable
+	should be a public key (but can be a private key).  'from_len'
+	bytes are taken from 'from' and decrypted.  The decrypted data is
+	put into 'to'.  The number of bytes encrypted is returned.  -1 is
+	returned to indicate an error. The operation performed is
+	to = from^rsa->e mod rsa->n.
+
+int RSA_private_decrypt(
+int from_len;
+unsigned char *from	
+unsigned char *to	
+RSA *rsa);
+	This function implements RSA private decryption, the rsa variable
+	should be a private key.  'from_len' bytes are taken
+	from 'from' and decrypted.  The decrypted data is
+	put into 'to'.  The number of bytes encrypted is returned.  -1 is
+	returned to indicate an error. The operation performed is
+	to = from^rsa->d mod rsa->n.
+
+int RSA_mod_exp(
+BIGNUM *n;
+BIGNUM *p;
+RSA *rsa);
+	Normally you will never use this routine.
+	This is really an internal function which is called by
+	RSA_private_encrypt() and RSA_private_decrypt().  It performs
+	n=n^p mod rsa->n except that it uses the 5 extra variables in the
+	RSA structure to make this more efficient.
+	
+RSA *RSA_generate_key(
+int bits;
+unsigned long e;
+void (*callback)();
+char *cb_arg;
+	This routine is used to generate RSA private keys.  It takes
+	quite a period of time to run and should only be used to
+	generate initial private keys that should then be stored
+	for later use.  The passed callback function 
+	will be called periodically so that feedback can be given
+	as to how this function is progressing.
+	'bits' is the length desired for the modulus, so it would be 1024
+	to generate a 1024 bit private key.
+	'e' is the value to use for the public exponent 'e'.  Traditionally
+	it is set to either 3 or 0x10001.
+	The callback function (if not NULL) is called in the following
+	situations.
+	when we have generated a suspected prime number to test,
+	callback(0,num1++,cb_arg).  When it passes a prime number test,
+	callback(1,num2++,cb_arg).  When it is rejected as one of
+	the 2 primes required due to gcd(prime,e value) != 0,
+	callback(2,num3++,cb_arg).  When finally accepted as one
+	of the 2 primes, callback(3,num4++,cb_arg).
+
+
+==== rsaref.doc ========================================================
+
+This package can be compiled to use the RSAref library.
+This library is not allowed outside of the USA but inside the USA it is
+claimed by RSA to be the only RSA public key library that can be used
+besides BSAFE..
+
+There are 2 files, rsaref/rsaref.c and rsaref/rsaref.h that contain the glue
+code to use RSAref.  These files were written by looking at the PGP
+source code and seeing which routines it used to access RSAref.
+I have also been sent by some-one a copy of the RSAref header file that
+contains the library error codes.
+
+[ Jun 1996 update - I have recently gotten hold of RSAref 2.0 from
+  South Africa and have been doing some performace tests. ]
+	
+They have now been tested against the recently announced RSAEURO
+library.
+
+There are 2 ways to use SSLeay and RSAref.  First, to build so that
+the programs must be linked with RSAref, add '-DRSAref' to CFLAG in the top
+level makefile and -lrsaref (or where ever you are keeping RSAref) to
+EX_LIBS.
+
+To build a makefile via util/mk1mf.pl to do this, use the 'rsaref' option.
+
+The second method is to build as per normal and link applications with
+the RSAglue library.  The correct library order would be
+cc -o cmd cmd.o -lssl -lRSAglue -lcrypto -lrsaref -ldes
+The RSAglue library is built in the rsa directory and is NOT
+automatically installed.
+
+Be warned that the RSAEURO library, that is claimed to be compatible
+with RSAref contains a different value for the maximum number of bits
+supported.  This changes structure sizes and so if you are using
+RSAEURO, change the value of RSAref_MAX_BITS in rsa/rsaref.h
+
+
+==== s_mult.doc ========================================================
+
+s_mult is a test program I hacked up on a Sunday for testing non-blocking
+IO.  It has a select loop at it's centre that handles multiple readers
+and writers.
+
+Try the following command
+ssleay s_mult -echo -nbio -ssl -v
+echo - sends any sent text back to the sender
+nbio - turns on non-blocking IO
+ssl  - accept SSL connections, default is normal text
+v    - print lots
+	type Q<cr> to quit
+
+In another window, run the following
+ssleay s_client -pause </etc/termcap
+
+The pause option puts in a 1 second pause in each read(2)/write(2) call
+so the other end will have read()s fail.
+
+==== session.doc ========================================================
+
+I have just checked over and re-worked the session stuff.
+The following brief example will ignore all setup information to do with
+authentication.
+
+Things operate as follows.
+
+The SSL environment has a 'context', a SSL_CTX structure.  This holds the
+cached SSL_SESSIONS (which can be reused) and the certificate lookup
+information.  Each SSL structure needs to be associated with a SSL_CTX.
+Normally only one SSL_CTX structure is needed per program.
+
+SSL_CTX *SSL_CTX_new(void ); 
+void    SSL_CTX_free(SSL_CTX *);
+These 2 functions create and destroy SSL_CTX structures
+
+The SSL_CTX has a session_cache_mode which is by default,
+in SSL_SESS_CACHE_SERVER mode.  What this means is that the library
+will automatically add new session-id's to the cache apon sucsessful
+SSL_accept() calls.
+If SSL_SESS_CACHE_CLIENT is set, then client certificates are also added
+to the cache.
+SSL_set_session_cache_mode(ctx,mode)  will set the 'mode' and
+SSL_get_session_cache_mode(ctx) will get the cache 'mode'.
+The modes can be
+SSL_SESS_CACHE_OFF	- no caching
+SSL_SESS_CACHE_CLIENT	- only SSL_connect()
+SSL_SESS_CACHE_SERVER	- only SSL_accept()
+SSL_SESS_NO_CACHE_BOTH	- Either SSL_accept() or SSL_connect().
+If SSL_SESS_CACHE_NO_AUTO_CLEAR is set, old timed out sessions are
+not automatically removed each 255, SSL_connect()s or SSL_accept()s.
+
+By default, apon every 255 successful SSL_connect() or SSL_accept()s,
+the cache is flush.  Please note that this could be expensive on
+a heavily loaded SSL server, in which case, turn this off and
+clear the cache of old entries 'manually' (with one of the functions
+listed below) every few hours.  Perhaps I should up this number, it is hard
+to say.  Remember, the '255' new calls is just a mechanims to get called
+every now and then, in theory at most 255 new session-id's will have been
+added but if 100 are added every minute, you would still have
+500 in the cache before any would start being flushed (assuming a 3 minute
+timeout)..
+
+int SSL_CTX_sess_hits(SSL_CTX *ctx);
+int SSL_CTX_sess_misses(SSL_CTX *ctx);
+int SSL_CTX_sess_timeouts(SSL_CTX *ctx);
+These 3 functions return statistics about the SSL_CTX.  These 3 are the
+number of session id reuses.  hits is the number of reuses, misses are the
+number of lookups that failed, and timeouts is the number of cached
+entries ignored because they had timeouted.
+
+ctx->new_session_cb is a function pointer to a function of type
+int new_session_callback(SSL *ssl,SSL_SESSION *new);
+This function, if set in the SSL_CTX structure is called whenever a new
+SSL_SESSION is added to the cache.  If the callback returns non-zero, it
+means that the application will have to do a SSL_SESSION_free()
+on the structure (this is
+to do with the cache keeping the reference counts correct, without the
+application needing to know about it.
+The 'active' parameter is the current SSL session for which this connection
+was created.
+
+void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,int (*cb)());
+to set the callback,
+int (*cb)() SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)
+to get the callback.
+
+If the 'get session' callback is set, when a session id is looked up and
+it is not in the session-id cache, this callback is called.  The callback is
+of the form
+SSL_SESSION *get_session_callback(unsigned char *sess_id,int sess_id_len,
+	int *copy);
+
+The get_session_callback is intended to return null if no session id is found.
+The reference count on the SSL_SESSION in incremented by the SSL library,
+if copy is 1.  Otherwise, the reference count is not modified.
+
+void SSL_CTX_sess_set_get_cb(ctx,cb) sets the callback and
+int (*cb)()SSL_CTX_sess_get_get_cb(ctx) returns the callback.
+
+These callbacks are basically indended to be used by processes to
+send their session-id's to other processes.  I currently have not implemented
+non-blocking semantics for these callbacks, it is upto the appication
+to make the callbacks effiecent if they require blocking (perhaps
+by 'saving' them and then 'posting them' when control returns from
+the SSL_accept().
+
+LHASH *SSL_CTX_sessions(SSL_CTX *ctx)
+This returns the session cache.  The lhash strucutre can be accessed for
+statistics about the cache.
+
+void lh_stats(LHASH *lh, FILE *out);
+void lh_node_stats(LHASH *lh, FILE *out);
+void lh_node_usage_stats(LHASH *lh, FILE *out);
+
+can be used to print details about it's activity and current state.
+You can also delve directly into the lhash structure for 14 different
+counters that are kept against the structure.  When I wrote the lhash library,
+I was interested in gathering statistics :-).
+Have a read of doc/lhash.doc in the SSLeay distribution area for more details
+on the lhash library.
+
+Now as mentioned ealier, when a SSL is created, it needs a SSL_CTX.
+SSL *   SSL_new(SSL_CTX *);
+
+This stores a session.  A session is secret information shared between 2
+SSL contexts.  It will only be created if both ends of the connection have
+authenticated their peer to their satisfaction.  It basically contains
+the information required to use a particular secret key cipher.
+
+To retrieve the SSL_CTX being used by a SSL,
+SSL_CTX *SSL_get_SSL_CTX(SSL *s);
+
+Now when a SSL session is established between to programs, the 'session'
+information that is cached in the SSL_CTX can me manipulated by the
+following functions.
+int SSL_set_session(SSL *s, SSL_SESSION *session);
+This will set the SSL_SESSION to use for the next SSL_connect().  If you use
+this function on an already 'open' established SSL connection, 'bad things
+will happen'.  This function is meaning-less when used on a ssl strucutre
+that is just about to be used in a SSL_accept() call since the
+SSL_accept() will either create a new session or retrieve one from the
+cache.
+
+SSL_SESSION *SSL_get_session(SSL *s);
+This will return the SSL_SESSION for the current SSL, NULL if there is
+no session associated with the SSL structure.
+
+The SSL sessions are kept in the SSL_CTX in a hash table, to remove a
+session
+void    SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);
+and to add one
+int    SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
+SSL_CTX_add_session() returns 1 if the session was already in the cache (so it
+was not added).
+Whenever a new session is created via SSL_connect()/SSL_accept(),
+they are automatically added to the cache, depending on the session_cache_mode
+settings.  SSL_set_session()
+does not add it to the cache.  Just call SSL_CTX_add_session() if you do want the
+session added.  For a 'client' this would not normally be the case.
+SSL_CTX_add_session() is not normally ever used, except for doing 'evil' things
+which the next 2 funtions help you do.
+
+int     i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);
+SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,unsigned char **pp,long length);
+These 2 functions are in the standard ASN1 library form and can be used to
+load and save to a byte format, the SSL_SESSION structure.
+With these functions, you can save and read these structures to a files or
+arbitary byte string.
+The PEM_write_SSL_SESSION(fp,x) and PEM_read_SSL_SESSION(fp,x,cb) will
+write to a file pointer in base64 encoding.
+
+What you can do with this, is pass session information between separate
+processes.  Please note, that you will probably also need to modify the
+timeout information on the SSL_SESSIONs.
+
+long SSL_get_time(SSL_SESSION *s)
+will return the 'time' that the session
+was loaded.  The timeout is relative to this time.  This information is
+saved when the SSL_SESSION is converted to binarary but it is stored
+in as a unix long, which is rather OS dependant, but easy to convert back.
+
+long SSL_set_time(SSL_SESSION *s,long t) will set the above mentioned time.
+The time value is just the value returned from time(3), and should really
+be defined by be to be time_t.
+
+long SSL_get_timeout(SSL_SESSION *s);
+long SSL_set_timeout(SSL_SESSION *s,long t);
+These 2 retrieve and set the timeout which is just a number of secconds
+from the 'SSL_get_time()' value.  When this time period has elapesed,
+the session will no longer be in the cache (well it will actually be removed
+the next time it is attempted to be retrieved, so you could 'bump'
+the timeout so it remains valid).
+The 'time' and 'timeout' are set on a session when it is created, not reset
+each time it is reused.  If you did wish to 'bump it', just after establishing
+a connection, do a
+SSL_set_time(ssl,time(NULL));
+
+You can also use
+SSL_CTX_set_timeout(SSL_CTX *ctx,unsigned long t) and
+SSL_CTX_get_timeout(SSL_CTX *ctx) to manipulate the default timeouts for
+all SSL connections created against a SSL_CTX.  If you set a timeout in
+an SSL_CTX, all new SSL's created will inherit the timeout.  It can be over
+written by the SSL_set_timeout(SSL *s,unsigned long t) function call.
+If you 'set' the timeout back to 0, the system default will be used.
+
+SSL_SESSION *SSL_SESSION_new();
+void SSL_SESSION_free(SSL_SESSION *ses);
+These 2 functions are used to create and dispose of SSL_SESSION functions.
+You should not ever normally need to use them unless you are using 
+i2d_SSL_SESSION() and/or d2i_SSL_SESSION().  If you 'load' a SSL_SESSION
+via d2i_SSL_SESSION(), you will need to SSL_SESSION_free() it.
+Both SSL_set_session() and SSL_CTX_add_session() will 'take copies' of the
+structure (via reference counts) when it is passed to them.
+
+SSL_CTX_flush_sessions(ctx,time);
+The first function will clear all sessions from the cache, which have expired
+relative to 'time' (which could just be time(NULL)).
+
+SSL_CTX_flush_sessions(ctx,0);
+This is a special case that clears everything.
+
+As a final comment, a 'session' is not enough to establish a new
+connection.  If a session has timed out, a certificate and private key
+need to have been associated with the SSL structure.
+SSL_copy_session_id(SSL *to,SSL *from); will copy not only the session
+strucutre but also the private key and certificate associated with
+'from'.
+
+EXAMPLES.
+
+So lets play at being a wierd SSL server.
+
+/* setup a context */
+ctx=SSL_CTX_new();
+
+/* Lets load some session from binary into the cache, why one would do
+ * this is not toally clear, but passing between programs does make sense
+ * Perhaps you are using 4096 bit keys and are happy to keep them
+ * valid for a week, to avoid the RSA overhead of 15 seconds, I'm not toally
+ * sure, perhaps this is a process called from an SSL inetd and this is being 
+ * passed to the application. */
+session=d2i_SSL_SESSION(....)
+SSL_CTX_add_session(ctx,session);
+
+/* Lets even add a session from a file */
+session=PEM_read_SSL_SESSION(....)
+SSL_CTX_add_session(ctx,session);
+
+/* create a new SSL structure */
+ssl=SSL_new(ctx);
+
+/* At this point we want to be able to 'create' new session if
+ * required, so we need a certificate and RSAkey. */
+SSL_use_RSAPrivateKey_file(ssl,...)
+SSL_use_certificate_file(ssl,...)
+
+/* Now since we are a server, it make little sence to load a session against
+ * the ssl strucutre since a SSL_accept() will either create a new session or
+ * grab an existing one from the cache. */
+
+/* grab a socket descriptor */
+fd=accept(...);
+
+/* associated it with the ssl strucutre */
+SSL_set_fd(ssl,fd);
+
+SSL_accept(ssl); /* 'do' SSL using out cert and RSA key */
+
+/* Lets print out the session details or lets save it to a file,
+ * perhaps with a secret key cipher, so that we can pass it to the FBI
+ * when they want to decode the session :-).  While we have RSA
+ * this does not matter much but when I do SSLv3, this will allow a mechanism
+ * for the server/client to record the information needed to decode
+ * the traffic that went over the wire, even when using Diffie-Hellman */
+PEM_write_SSL_SESSION(SSL_get_session(ssl),stdout,....)
+
+Lets 'connect' back to the caller using the same session id.
+
+ssl2=SSL_new(ctx);
+fd2=connect(them);
+SSL_set_fd(ssl2,fd2);
+SSL_set_session(ssl2,SSL_get_session(ssl));
+SSL_connect(ssl2);
+
+/* what the hell, lets accept no more connections using this session */
+SSL_CTX_remove_session(SSL_get_SSL_CTX(ssl),SSL_get_session(ssl));
+
+/* we could have just as easily used ssl2 since they both are using the
+ * same session.
+ * You will note that both ssl and ssl2 are still using the session, and
+ * the SSL_SESSION structure will be free()ed when both ssl and ssl2
+ * finish using the session.  Also note that you could continue to initiate
+ * connections using this session by doing SSL_get_session(ssl) to get the
+ * existing session, but SSL_accept() will not be able to find it to
+ * use for incoming connections.
+ * Of corse, the session will timeout at the far end and it will no
+ * longer be accepted after a while.  The time and timeout are ignored except
+ * by SSL_accept(). */
+
+/* Since we have had our server running for 10 weeks, and memory is getting
+ * short, perhaps we should clear the session cache to remove those
+ * 100000 session entries that have expired.  Some may consider this
+ * a memory leak :-) */
+
+SSL_CTX_flush_sessions(ctx,time(NULL));
+
+/* Ok, after a bit more time we wish to flush all sessions from the cache
+ * so that all new connections will be authenticated and incure the
+ * public key operation overhead */
+
+SSL_CTX_flush_sessions(ctx,0);
+
+/* As a final note, to copy everything to do with a SSL, use */
+SSL_copy_session_id(SSL *to,SSL *from);
+/* as this also copies the certificate and RSA key so new session can
+ * be established using the same details */
+
+
+==== sha.doc ========================================================
+
+The SHA (Secure Hash Algorithm) library.
+SHA is a message digest algorithm that can be used to condense an arbitrary
+length message down to a 20 byte hash.  The functions all need to be passed
+a SHA_CTX which is used to hold the SHA context during multiple SHA_Update()
+function calls.  The normal method of use for this library is as follows
+This library contains both SHA and SHA-1 digest algorithms.  SHA-1 is
+an update to SHA (which should really be called SHA-0 now) which
+tweaks the algorithm slightly.  The SHA-1 algorithm is used by simply
+using SHA1_Init(), SHA1_Update(), SHA1_Final() and SHA1() instead of the
+SHA*() calls
+
+SHA_Init(...);
+SHA_Update(...);
+...
+SHA_Update(...);
+SHA_Final(...);
+
+This library requires the inclusion of 'sha.h'.
+
+The functions are as follows:
+
+void SHA_Init(
+SHA_CTX *c);
+	This function needs to be called to initiate a SHA_CTX structure for
+	use.
+	
+void SHA_Update(
+SHA_CTX *c;
+unsigned char *data;
+unsigned long len);
+	This updates the message digest context being generated with 'len'
+	bytes from the 'data' pointer.  The number of bytes can be any
+	length.
+
+void SHA_Final(
+unsigned char *md;
+SHA_CTX *c;
+	This function is called when a message digest of the data digested
+	with SHA_Update() is wanted.  The message digest is put in the 'md'
+	array and is SHA_DIGEST_LENGTH (20) bytes long.
+
+unsigned char *SHA(
+unsigned char *d;
+unsigned long n;
+unsigned char *md;
+	This function performs a SHA_Init(), followed by a SHA_Update()
+	followed by a SHA_Final() (using a local SHA_CTX).
+	The resulting digest is put into 'md' if it is not NULL.
+	Regardless of the value of 'md', the message
+	digest is returned from the function.  If 'md' was NULL, the message
+	digest returned is being stored in a static structure.
+	
+
+==== speed.doc ========================================================
+
+To get an idea of the performance of this library, use
+ssleay speed
+
+perl util/sp-diff.pl file1 file2
+
+will print out the relative differences between the 2 files which are
+expected to be the output from the speed program.
+
+The performace of the library is very dependant on the Compiler
+quality and various flags used to build.
+
+---
+
+These are some numbers I did comparing RSAref and SSLeay on a Pentium 100.
+[ These numbers are all out of date, as of SSL - 0.6.1 the RSA
+operations are about 2 times faster, so check the version number ]
+
+RSA performance.
+
+SSLeay 0.6.0
+Pentium 100, 32meg, Windows NT Workstation 3.51
+linux - gcc v 2.7.0 -O3 -fomit-frame-pointer -m486
+and
+Windows NT  - Windows NT 3.51 - Visual C++ 4.1   - 586 code + 32bit assember
+Windows 3.1 - Windows NT 3.51 - Visual C++ 1.52c - 286 code + 32bit assember
+NT Dos Shell- Windows NT 3.51 - Visual C++ 1.52c - 286 code + 16bit assember
+
+Times are how long it takes to do an RSA private key operation.
+
+	       512bits 1024bits
+-------------------------------
+SSLeay NT dll	0.042s   0.202s see above
+SSLeay linux	0.046s   0.218s	Assember inner loops (normal build) 
+SSLeay linux	0.067s   0.380s Pure C code with BN_LLONG defined
+SSLeay W3.1 dll	0.108s 	 0.478s see above
+SSLeay linux	0.109s   0.713s C without BN_LLONG.
+RSAref2.0 linux	0.149s   0.936s
+SSLeay MS-DOS	0.197s   1.049s see above
+
+486DX66, 32meg, Windows NT Server 3.51
+	       512bits 1024bits
+-------------------------------
+SSLeay NT dll   0.084s	 0.495s	<- SSLeay 0.6.3
+SSLeay NT dll   0.154s   0.882s
+SSLeay W3.1 dll 0.335s   1.538s
+SSLeay MS-DOS	0.490s   2.790s
+
+What I find cute is that I'm still faster than RSAref when using standard C,
+without using the 'long long' data type :-), %35 faster for 512bit and we
+scale up to 3.2 times faster for the 'default linux' build.  I should mention
+that people should 'try' to use either x86-lnx.s (elf), x86-lnxa.s or
+x86-sol.s for any x86 based unix they are building on.  The only problems
+with be with syntax but the performance gain is quite large, especially for
+servers.  The code is very simple, you just need to modify the 'header'.
+
+The message is, if you are stuck using RSAref, the RSA performance will be
+bad. Considering the code was compiled for a pentium, the 486DX66 number
+would indicate 'Use RSAref and turn you Pentium 100 into a 486DX66' :-). 
+[ As of verson 0.6.1, it would be correct to say 'turn you pentium 100
+ into a 486DX33' :-) ]
+
+I won't tell people if the DLL's are using RSAref or my stuff if no-one
+asks :-).
+
+eric
+
+PS while I know I could speed things up further, I will probably not do
+   so due to the effort involved.  I did do some timings on the
+   SSLeay bignum format -> RSAref number format conversion that occurs
+   each time RSAref is used by SSLeay, and the numbers are trivial.
+   0.00012s a call for 512bit vs 0.149s for the time spent in the function.
+   0.00018s for 1024bit vs 0.938s.  Insignificant.
+   So the 'way to go', to support faster RSA libraries, if people are keen,
+   is to write 'glue' code in a similar way that I do for RSAref and send it
+   to me :-).
+   My base library still has the advantage of being able to operate on 
+   any size numbers, and is not that far from the performance from the
+   leaders in the field. (-%30?)
+   [ Well as of 0.6.1 I am now the leader in the filed on x86 (we at
+     least very close :-) ]
+
+   I suppose I should also mention some other numbers RSAref numbers, again
+   on my Pentium.
+		DES CBC		EDE-DES		MD5
+   RSAref linux	 830k/s		 302k/s		4390k/s
+   SSLeay linux  855k/s          319k/s        10025k/s
+   SSLeay NT	1158k/s		 410k/s	       10470k/s
+   SSLeay w31	 378k/s		 143k/s         2383k/s (fully 16bit)
+
+   Got to admit that Visual C++ 4.[01] is a damn fine compiler :-)
+--
+Eric Young                  | BOOL is tri-state according to Bill Gates.
+AARNet: eay@cryptsoft.com   | RTFM Win32 GetMessage().
+
+
+
+
+==== ssl-ciph.doc ========================================================
+
+This is a quick high level summery of how things work now.
+
+Each SSLv2 and SSLv3 cipher is composed of 4 major attributes plus a few extra
+minor ones.
+
+They are 'The key exchange algorithm', which is RSA for SSLv2 but can also
+be Diffle-Hellman for SSLv3.
+
+An 'Authenticion algorithm', which can be RSA, Diffle-Helman, DSS or
+none.
+
+The cipher
+
+The MAC digest.
+
+A cipher can also be an export cipher and is either an SSLv2 or a
+SSLv3 ciphers.
+
+To specify which ciphers to use, one can either specify all the ciphers,
+one at a time, or use 'aliases' to specify the preference and order for
+the ciphers.
+
+There are a large number of aliases, but the most importaint are
+kRSA, kDHr, kDHd and kEDH for key exchange types.
+
+aRSA, aDSS, aNULL and aDH for authentication
+DES, 3DES, RC4, RC2, IDEA and eNULL for ciphers
+MD5, SHA0 and SHA1 digests
+
+Now where this becomes interesting is that these can be put together to
+specify the order and ciphers you wish to use.
+
+To speed this up there are also aliases for certian groups of ciphers.
+The main ones are
+SSLv2	- all SSLv2 ciphers
+SSLv3	- all SSLv3 ciphers
+EXP	- all export ciphers
+LOW	- all low strngth ciphers (no export ciphers, normally single DES)
+MEDIUM	- 128 bit encryption
+HIGH	- Triple DES
+
+These aliases can be joined in a : separated list which specifies to
+add ciphers, move them to the current location and delete them.
+
+A simpler way to look at all of this is to use the 'ssleay ciphers -v' command.
+The default library cipher spec is
+!ADH:RC4+RSA:HIGH:MEDIUM:LOW:EXP:+SSLv2:+EXP
+which means, first, remove from consideration any ciphers that do not
+authenticate.  Next up, use ciphers using RC4 and RSA.  Next include the HIGH,
+MEDIUM and the LOW security ciphers.  Finish up by adding all the export
+ciphers on the end, then 'pull' all the SSLv2 and export ciphers to
+the end of the list.
+
+The results are
+$ ssleay ciphers -v '!ADH:RC4+RSA:HIGH:MEDIUM:LOW:EXP:+SSLv2:+EXP'
+
+RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1
+RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5 
+EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
+EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1
+DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1
+IDEA-CBC-MD5            SSLv3 Kx=RSA      Au=RSA  Enc=IDEA(128) Mac=SHA1
+EDH-RSA-DES-CBC-SHA     SSLv3 Kx=DH       Au=RSA  Enc=DES(56)   Mac=SHA1
+EDH-DSS-DES-CBC-SHA     SSLv3 Kx=DH       Au=DSS  Enc=DES(56)   Mac=SHA1
+DES-CBC-SHA             SSLv3 Kx=RSA      Au=RSA  Enc=DES(56)   Mac=SHA1
+DES-CBC3-MD5            SSLv2 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=MD5 
+DES-CBC-MD5             SSLv2 Kx=RSA      Au=RSA  Enc=DES(56)   Mac=MD5 
+IDEA-CBC-MD5            SSLv2 Kx=RSA      Au=RSA  Enc=IDEA(128) Mac=MD5 
+RC2-CBC-MD5             SSLv2 Kx=RSA      Au=RSA  Enc=RC2(128)  Mac=MD5 
+RC4-MD5                 SSLv2 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5 
+EXP-EDH-RSA-DES-CBC     SSLv3 Kx=DH(512)  Au=RSA  Enc=DES(40)   Mac=SHA1 export
+EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512)  Au=DSS  Enc=DES(40)   Mac=SHA1 export
+EXP-DES-CBC-SHA         SSLv3 Kx=RSA(512) Au=RSA  Enc=DES(40)   Mac=SHA1 export
+EXP-RC2-CBC-MD5         SSLv3 Kx=RSA(512) Au=RSA  Enc=RC2(40)   Mac=MD5  export
+EXP-RC4-MD5             SSLv3 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export
+EXP-RC2-CBC-MD5         SSLv2 Kx=RSA(512) Au=RSA  Enc=RC2(40)   Mac=MD5  export
+EXP-RC4-MD5             SSLv2 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export
+
+I would recoment people use the 'ssleay ciphers -v "text"'
+command to check what they are going to use.
+
+Anyway, I'm falling asleep here so I'll do some more tomorrow.
+
+eric
+
+==== ssl.doc ========================================================
+
+SSL_CTX_sessions(SSL_CTX *ctx) - the session-id hash table.
+
+/* Session-id cache stats */
+SSL_CTX_sess_number
+SSL_CTX_sess_connect
+SSL_CTX_sess_connect_good
+SSL_CTX_sess_accept
+SSL_CTX_sess_accept_good
+SSL_CTX_sess_hits
+SSL_CTX_sess_cb_hits
+SSL_CTX_sess_misses
+SSL_CTX_sess_timeouts
+
+/* Session-id application notification callbacks */
+SSL_CTX_sess_set_new_cb
+SSL_CTX_sess_get_new_cb
+SSL_CTX_sess_set_get_cb
+SSL_CTX_sess_get_get_cb
+
+/* Session-id cache operation mode */
+SSL_CTX_set_session_cache_mode
+SSL_CTX_get_session_cache_mode
+
+/* Set default timeout values to use. */
+SSL_CTX_set_timeout
+SSL_CTX_get_timeout
+
+/* Global  SSL initalisation informational callback */
+SSL_CTX_set_info_callback
+SSL_CTX_get_info_callback
+SSL_set_info_callback
+SSL_get_info_callback
+
+/* If the SSL_accept/SSL_connect returned with -1, these indicate when
+ * we should re-call *.
+SSL_want
+SSL_want_nothing
+SSL_want_read
+SSL_want_write
+SSL_want_x509_lookup
+
+/* Where we are in SSL initalisation, used in non-blocking, perhaps
+ * have a look at ssl/bio_ssl.c */
+SSL_state
+SSL_is_init_finished
+SSL_in_init
+SSL_in_connect_init
+SSL_in_accept_init
+
+/* Used to set the 'inital' state so SSL_in_connect_init and SSL_in_accept_init
+ * can be used to work out which function to call. */
+SSL_set_connect_state
+SSL_set_accept_state
+
+/* Where to look for certificates for authentication */
+SSL_set_default_verify_paths /* calles SSL_load_verify_locations */
+SSL_load_verify_locations
+
+/* get info from an established connection */
+SSL_get_session
+SSL_get_certificate
+SSL_get_SSL_CTX
+
+SSL_CTX_new
+SSL_CTX_free
+SSL_new
+SSL_clear
+SSL_free
+
+SSL_CTX_set_cipher_list
+SSL_get_cipher
+SSL_set_cipher_list
+SSL_get_cipher_list
+SSL_get_shared_ciphers
+
+SSL_accept
+SSL_connect
+SSL_read
+SSL_write
+
+SSL_debug
+
+SSL_get_read_ahead
+SSL_set_read_ahead
+SSL_set_verify
+
+SSL_pending
+
+SSL_set_fd
+SSL_set_rfd
+SSL_set_wfd
+SSL_set_bio
+SSL_get_fd
+SSL_get_rbio
+SSL_get_wbio
+
+SSL_use_RSAPrivateKey
+SSL_use_RSAPrivateKey_ASN1
+SSL_use_RSAPrivateKey_file
+SSL_use_PrivateKey
+SSL_use_PrivateKey_ASN1
+SSL_use_PrivateKey_file
+SSL_use_certificate
+SSL_use_certificate_ASN1
+SSL_use_certificate_file
+
+ERR_load_SSL_strings
+SSL_load_error_strings
+
+/* human readable version of the 'state' of the SSL connection. */
+SSL_state_string
+SSL_state_string_long
+/* These 2 report what kind of IO operation the library was trying to
+ * perform last.  Probably not very usefull. */
+SSL_rstate_string
+SSL_rstate_string_long
+
+SSL_get_peer_certificate
+
+SSL_SESSION_new
+SSL_SESSION_print_fp
+SSL_SESSION_print
+SSL_SESSION_free
+i2d_SSL_SESSION
+d2i_SSL_SESSION
+
+SSL_get_time
+SSL_set_time
+SSL_get_timeout
+SSL_set_timeout
+SSL_copy_session_id
+SSL_set_session
+SSL_CTX_add_session
+SSL_CTX_remove_session
+SSL_CTX_flush_sessions
+
+BIO_f_ssl
+
+/* used to hold information as to why a certificate verification failed */
+SSL_set_verify_result
+SSL_get_verify_result
+
+/* can be used by the application to associate data with an SSL structure.
+ * It needs to be 'free()ed' by the application */
+SSL_set_app_data
+SSL_get_app_data
+
+/* The following all set values that are kept in the SSL_CTX but
+ * are used as the default values when an SSL session is created.
+ * They are over writen by the relevent SSL_xxxx functions */
+
+/* SSL_set_verify */
+void SSL_CTX_set_default_verify
+
+/* This callback, if set, totaly overrides the normal SSLeay verification
+ * functions and should return 1 on sucesss and 0 on failure */
+void SSL_CTX_set_cert_verify_callback
+
+/* The following are the same as the equivilent SSL_xxx functions.
+ * Only one copy of this information is kept and if a particular
+ * SSL structure has a local override, it is totally separate structure.
+ */
+int SSL_CTX_use_RSAPrivateKey
+int SSL_CTX_use_RSAPrivateKey_ASN1
+int SSL_CTX_use_RSAPrivateKey_file
+int SSL_CTX_use_PrivateKey
+int SSL_CTX_use_PrivateKey_ASN1
+int SSL_CTX_use_PrivateKey_file
+int SSL_CTX_use_certificate
+int SSL_CTX_use_certificate_ASN1
+int SSL_CTX_use_certificate_file
+
+
+==== ssl_ctx.doc ========================================================
+
+This is now a bit dated, quite a few of the SSL_ functions could be
+SSL_CTX_ functions.  I will update this in the future. 30 Aug 1996
+
+From eay@orb.mincom.oz.au Mon Dec 11 21:37:08 1995
+Received: by orb.mincom.oz.au id AA00696
+  (5.65c/IDA-1.4.4 for eay); Mon, 11 Dec 1995 11:37:08 +1000
+Date: Mon, 11 Dec 1995 11:37:08 +1000 (EST)
+From: Eric Young <eay@mincom.oz.au>
+X-Sender: eay@orb
+To: sameer <sameer@c2.org>
+Cc: Eric Young <eay@mincom.oz.au>
+Subject: Re: PEM_readX509 oesn't seem to be working
+In-Reply-To: <199512110102.RAA12521@infinity.c2.org>
+Message-Id: <Pine.SOL.3.91.951211112115.28608D-100000@orb>
+Mime-Version: 1.0
+Content-Type: TEXT/PLAIN; charset=US-ASCII
+Status: RO
+X-Status: 
+
+On Sun, 10 Dec 1995, sameer wrote:
+> 	OK, that's solved. I've found out that it is saying "no
+> certificate set" in SSL_accept because s->conn == NULL
+> so there is some place I need to initialize s->conn that I am
+> not initializing it.
+
+The full order of things for a server should be.
+
+ctx=SSL_CTX_new();
+
+/* The next line should not really be using ctx->cert but I'll leave it 
+ * this way right now... I don't want a X509_ routine to know about an SSL
+ * structure, there should be an SSL_load_verify_locations... hmm, I may 
+ * add it tonight.
+ */
+X509_load_verify_locations(ctx->cert,CAfile,CApath);
+
+/* Ok now for each new connection we do the following */
+con=SSL_new(ctx);
+SSL_set_fd(con,s);
+SSL_set_verify(con,verify,verify_callback);
+
+/* set the certificate and private key to use. */
+SSL_use_certificate_ASN1(con,X509_certificate);
+SSL_use_RSAPrivateKey_ASN1(con,RSA_private_key);
+
+SSL_accept(con);
+
+SSL_read(con)/SSL_write(con);
+
+There is a bit more than that but that is basically the structure.
+
+Create a context and specify where to lookup certificates.
+
+foreach connection
+	{
+	create a SSL structure
+	set the certificate and private key
+	do a SSL_accept
+	
+	we should now be ok
+	}
+
+eric
+--
+Eric Young                  | Signature removed since it was generating
+AARNet: eay@mincom.oz.au    | more followups than the message contents :-)
+
+
+
+==== ssleay.doc ========================================================
+
+SSLeay: a cryptographic kitchen sink.
+
+1st December 1995
+Way back at the start of April 1995, I was looking for a mindless
+programming project.  A friend of mine (Tim Hudson) said "why don't you do SSL,
+it has DES encryption in it and I would not mind using it in a SSL telnet".
+While it was true I had written a DES library in previous years, litle
+did I know what an expansive task SSL would turn into.
+
+First of all, the SSL protocol contains DES encryption.  Well and good.  My
+DES library was fast and portable.  It also contained the RSA's RC4 stream
+cipher.  Again, not a problem, some-one had just posted to sci.crypt
+something that was claimed to be RC4.  It also contained IDEA, I had the
+specifications, not a problem to implement.  MD5, an RFC, trivial, at most
+I could spend a week or so trying to see if I could speed up the
+implementation.  All in all a nice set of ciphers.
+Then the first 'expantion of the scope', RSA public key
+encryption.  Since I did not knowing a thing about public key encryption
+or number theory, this appeared quite a daunting task.  Just writing a
+big number library would be problomatic in itself, let alone making it fast.
+At this point the scope of 'implementing SSL' expands eponentialy.
+First of all, the RSA private keys  were being kept in ASN.1 format.
+Thankfully the RSA PKCS series of documents explains this format.  So I now
+needed to be able to encode and decode arbitary ASN.1 objects.  The Public
+keys were embeded in X509 certificates.  Hmm... these are not only
+ASN.1 objects but they make up a heirachy of authentication.  To
+authenticate a X509 certificate one needs to retrieve it's issuers
+certificate etc etc.  Hmm..., so I also need to implement some kind
+of certificate management software.  I would also have to implement
+software to authenticate certificates.  At this point the support code made
+the SSL part of my library look quite small.
+Around this time, the first version of SSLeay was released.
+
+Ah, but here was the problem, I was not happy with the code so far.  As may
+have become obvious, I had been treating all of this as a learning
+exersize, so I have completely written the library myself.  As such, due
+to the way it had grown like a fungus, much of the library was not
+'elagent' or neat.  There were global and static variables all over the
+place, the SSL part did not even handle non-blocking IO.
+The Great rewrite began.
+
+As of this point in time, the 'Great rewrite' has almost finished.  So what
+follows is an approximate list of what is actually SSLeay 0.5.0
+
+/********* This needs to be updated for 0.6.0+ *************/
+
+---
+The library contains the following routines.  Please note that most of these
+functions are not specfic for SSL or any other particular cipher
+implementation.  I have tried to make all the routines as general purpose
+as possible.  So you should not think of this library as an SSL
+implemtation, but rather as a library of cryptographic functions
+that also contains SSL.  I refer to each of these function groupings as
+libraries since they are often capable of functioning as independant
+libraries
+
+First up, the general ciphers and message digests supported by the library.
+
+MD2	rfc???, a standard 'by parts' interface to this algorithm.
+MD5	rfc???, the same type of interface as for the MD2 library except a
+	different algorithm.
+SHA	THe Secure Hash Algorithm.  Again the same type of interface as
+	MD2/MD5 except the digest is 20 bytes.
+SHA1	The 'revised' version of SHA.  Just about identical to SHA except
+	for one tweak of an inner loop.
+DES	This is my libdes library that has been floating around for the last
+	few years.  It has been enhanced for no other reason than completeness.
+	It now supports ecb, cbc, cfb, ofb, cfb64, ofb64 in normal mode and
+	triple DES modes of ecb, cbc, cfb64 and ofb64.  cfb64 and ofb64 are
+	functional interfaces to the 64 bit modes of cfb and ofb used in
+	such a way thay they function as single character interfaces.
+RC4	The RSA Inc. stream cipher.
+RC2	The RSA Inc. block cipher.
+IDEA	An implmentation of the IDEA cipher, the library supports ecb, cbc,
+	cfb64 and ofb64 modes of operation.
+
+Now all the above mentioned ciphers and digests libraries support high
+speed, minimal 'crap in the way' type interfaces.  For fastest and
+lowest level access, these routines should be used directly.
+
+Now there was also the matter of public key crypto systems.  These are
+based on large integer arithmatic.
+
+BN	This is my large integer library.  It supports all the normal
+	arithmentic operations.  It uses malloc extensivly and as such has
+	no limits of the size of the numbers being manipulated.  If you
+	wish to use 4000 bit RSA moduli, these routines will handle it.
+	This library also contains routines to 'generate' prime numbers and
+	to test for primality.  The RSA and DH libraries sit on top of this
+	library.  As of this point in time, I don't support SHA, but
+	when I do add it, it will just sit on top of the routines contained
+	in this library.
+RSA	This implements the RSA public key algorithm.  It also contains
+	routines that will generate a new private/public key pair.
+	All the RSA functions conform to the PKCS#1 standard.
+DH	This is an implementation of the
+	Diffie-Hellman protocol.  There are all the require routines for
+	the protocol, plus extra routines that can be used to generate a
+	strong prime for use with a specified generator.  While this last
+	routine is not generally required by applications implementing DH,
+	It is present for completeness and because I thing it is much
+	better to be able to 'generate' your own 'magic' numbers as oposed
+	to using numbers suplied by others.  I conform to the PKCS#3
+	standard where required.
+
+You may have noticed the preceeding section mentions the 'generation' of
+prime numbers.  Now this requries the use of 'random numbers'. 
+
+RAND	This psuedo-random number library is based on MD5 at it's core
+	and a large internal state (2k bytes).  Once you have entered enough
+	seed data into this random number algorithm I don't feel
+	you will ever need to worry about it generating predictable output.
+	Due to the way I am writing a portable library, I have left the
+	issue of how to get good initial random seed data upto the
+	application but I do have support routines for saving and loading a
+	persistant random number state for use between program runs.
+	
+Now to make all these ciphers easier to use, a higher level
+interface was required.  In this form, the same function would be used to
+encrypt 'by parts', via any one of the above mentioned ciphers.
+
+EVP	The Digital EnVeloPe library is quite large.  At it's core are
+	function to perform encryption and decryption by parts while using
+	an initial parameter to specify which of the 17 different ciphers
+	or 4 different message digests to use.  On top of these are implmented
+	the digital signature functions, sign, verify, seal and open.
+	Base64 encoding of binary data is also done in this library.
+
+PEM	rfc???? describe the format for Privacy Enhanced eMail.
+	As part of this standard, methods of encoding digital enveloped
+	data is an ascii format are defined.  As such, I use a form of these
+	to encode enveloped data.  While at this point in time full support
+	for PEM has not been built into the library, a minimal subset of
+	the secret key and Base64 encoding is present.  These reoutines are
+	mostly used to Ascii encode binary data with a 'type' associated
+	with it and perhaps details of private key encryption used to
+	encrypt the data.
+	
+PKCS7	This is another Digital Envelope encoding standard which uses ASN.1
+	to encode the data.  At this point in time, while there are some
+	routines to encode and decode this binary format, full support is
+	not present.
+	
+As Mentioned, above, there are several different ways to encode
+data structures.
+
+ASN1	This library is more a set of primatives used to encode the packing
+	and unpacking of data structures.  It is used by the X509
+	certificate standard and by the PKCS standards which are used by
+	this library.  It also contains routines for duplicating and signing
+	the structures asocisated with X509.
+	
+X509	The X509 library contains routines for packing and unpacking,
+	verifying and just about every thing else you would want to do with
+	X509 certificates.
+
+PKCS7	PKCS-7 is a standard for encoding digital envelope data
+	structures.  At this point in time the routines will load and save
+	DER forms of these structees.  They need to be re-worked to support
+	the BER form which is the normal way PKCS-7 is encoded.  If the
+	previous 2 sentances don't make much sense, don't worry, this
+	library is not used by this version of SSLeay anyway.
+
+OBJ	ASN.1 uses 'object identifiers' to identify objects.  A set of
+	functions were requred to translate from ASN.1 to an intenger, to a
+	character string.  This library provieds these translations
+	
+Now I mentioned an X509 library.  X509 specified a hieachy of certificates
+which needs to be traversed to authenticate particular certificates.
+
+METH	This library is used to push 'methods' of retrieving certificates
+	into the library.  There are some supplied 'methods' with SSLeay
+	but applications can add new methods if they so desire.
+	This library has not been finished and is not being used in this
+	version.
+	
+Now all the above are required for use in the initial point of this project.
+
+SSL	The SSL protocol.  This is a full implmentation of SSL v 2.  It
+	support both server and client authentication.  SSL v 3 support
+	will be added when the SSL v 3 specification is released in it's
+	final form.
+
+Now quite a few of the above mentioned libraries rely on a few 'complex'
+data structures.  For each of these I have a library.
+
+Lhash	This is a hash table library which is used extensivly.
+
+STACK	An implemetation of a Stack data structure.
+
+BUF	A simple character array structure that also support a function to
+	check that the array is greater that a certain size, if it is not,
+	it is realloced so that is it.
+	
+TXT_DB	A simple memory based text file data base.  The application can specify
+	unique indexes that will be enforced at update time.
+
+CONF	Most of the programs written for this library require a configuration
+	file.  Instead of letting programs constantly re-implment this
+	subsystem, the CONF library provides a consistant and flexable
+	interface to not only configuration files but also environment
+	variables.
+
+But what about when something goes wrong?
+The one advantage (and perhaps disadvantage) of all of these
+functions being in one library was the ability to implement a
+single error reporting system.
+	
+ERR	This library is used to report errors.  The error system records
+	library number, function number (in the library) and reason
+	number.  Multiple errors can be reported so that an 'error' trace
+	is created.  The errors can be printed in numeric or textual form.
+
+
+==== ssluse.doc ========================================================
+
+We have an SSL_CTX which contains global information for lots of
+SSL connections.  The session-id cache and the certificate verificate cache.
+It also contains default values for use when certificates are used.
+
+SSL_CTX
+	default cipher list
+	session-id cache
+	certificate cache
+	default session-id timeout period
+	New session-id callback
+	Required session-id callback
+	session-id stats
+	Informational callback
+	Callback that is set, overrides the SSLeay X509 certificate
+	  verification
+	The default Certificate/Private Key pair
+	Default read ahead mode.
+	Default verify mode and verify callback.  These are not used
+	  if the over ride callback mentioned above is used.
+	
+Each SSL can have the following defined for it before a connection is made.
+
+Certificate
+Private key
+Ciphers to use
+Certificate verify mode and callback
+IO object to use in the comunication.
+Some 'read-ahead' mode information.
+A previous session-id to re-use.
+
+A connection is made by using SSL_connect or SSL_accept.
+When non-blocking IO is being used, there are functions that can be used
+to determin where and why the SSL_connect or SSL_accept did not complete.
+This information can be used to recall the functions when the 'error'
+condition has dissapeared.
+
+After the connection has been made, information can be retrived about the
+SSL session and the session-id values that have been decided apon.
+The 'peer' certificate can be retrieved.
+
+The session-id values include
+'start time'
+'timeout length'
+
+
+
+==== stack.doc ========================================================
+
+The stack data structure is used to store an ordered list of objects.
+It is basically misnamed to call it a stack but it can function that way
+and that is what I originally used it for.  Due to the way element
+pointers are kept in a malloc()ed array, the most efficient way to use this
+structure is to add and delete elements from the end via sk_pop() and
+sk_push().  If you wish to do 'lookups' sk_find() is quite efficient since
+it will sort the stack (if required) and then do a binary search to lookup 
+the requested item.  This sorting occurs automatically so just sk_push()
+elements on the stack and don't worry about the order.  Do remember that if
+you do a sk_find(), the order of the elements will change.
+
+You should never need to 'touch' this structure directly.
+typedef struct stack_st
+	{
+	unsigned int num;
+	char **data;
+	int sorted;
+
+	unsigned int num_alloc;
+	int (*comp)();
+	} STACK;
+
+'num' holds the number of elements in the stack, 'data' is the array of
+elements.  'sorted' is 1 is the list has been sorted, 0 if not.
+
+num_alloc is the number of 'nodes' allocated in 'data'.  When num becomes
+larger than num_alloc, data is realloced to a larger size.
+If 'comp' is set, it is a function that is used to compare 2 of the items
+in the stack.  The function should return -1, 0 or 1, depending on the
+ordering.
+
+#define sk_num(sk)	((sk)->num)
+#define sk_value(sk,n)	((sk)->data[n])
+
+These 2 macros should be used to access the number of elements in the
+'stack' and to access a pointer to one of the values.
+
+STACK *sk_new(int (*c)());
+	This creates a new stack.  If 'c', the comparison function, is not
+specified, the various functions that operate on a sorted 'stack' will not
+work (sk_find()).  NULL is returned on failure.
+
+void sk_free(STACK *);
+	This function free()'s a stack structure.  The elements in the
+stack will not be freed so one should 'pop' and free all elements from the
+stack before calling this function or call sk_pop_free() instead.
+
+void sk_pop_free(STACK *st; void (*func)());
+	This function calls 'func' for each element on the stack, passing
+the element as the argument.  sk_free() is then called to free the 'stack'
+structure.
+
+int sk_insert(STACK *sk,char *data,int where);
+	This function inserts 'data' into stack 'sk' at location 'where'.
+If 'where' is larger that the number of elements in the stack, the element
+is put at the end.  This function tends to be used by other 'stack'
+functions.  Returns 0 on failure, otherwise the number of elements in the
+new stack.
+
+char *sk_delete(STACK *st,int loc);
+	Remove the item a location 'loc' from the stack and returns it.
+Returns NULL if the 'loc' is out of range.
+
+char *sk_delete_ptr(STACK *st, char *p);
+	If the data item pointed to by 'p' is in the stack, it is deleted
+from the stack and returned.  NULL is returned if the element is not in the
+stack.
+
+int sk_find(STACK *st,char *data);
+	Returns the location that contains a value that is equal to 
+the 'data' item.  If the comparison function was not set, this function
+does a linear search.  This function actually qsort()s the stack if it is not
+in order and then uses bsearch() to do the initial search.  If the
+search fails,, -1 is returned.  For mutliple items with the same
+value, the index of the first in the array is returned.
+
+int sk_push(STACK *st,char *data);
+	Append 'data' to the stack.  0 is returned if there is a failure
+(due to a malloc failure), else 1.  This is 
+sk_insert(st,data,sk_num(st));
+
+int sk_unshift(STACK *st,char *data);
+	Prepend 'data' to the front (location 0) of the stack.  This is
+sk_insert(st,data,0);
+
+char *sk_shift(STACK *st);
+	Return and delete from the stack the first element in the stack.
+This is sk_delete(st,0);
+
+char *sk_pop(STACK *st);
+	Return and delete the last element on the stack.  This is
+sk_delete(st,sk_num(sk)-1);
+
+void sk_zero(STACK *st);
+	Removes all items from the stack.  It does not 'free'
+pointers but is a quick way to clear a 'stack of references'.
+
+==== threads.doc ========================================================
+
+How to compile SSLeay for multi-threading.
+
+Well basically it is quite simple, set the compiler flags and build.
+I have only really done much testing under Solaris and Windows NT.
+If you library supports localtime_r() and gmtime_r() add,
+-DTHREADS to the makefile parameters.  You can probably survive with out
+this define unless you are going to have multiple threads generating
+certificates at once.  It will not affect the SSL side of things.
+
+The approach I have taken to doing locking is to make the application provide
+callbacks to perform locking and so that the SSLeay library can distinguish
+between threads (for the error state).
+
+To have a look at an example program, 'cd mt; vi mttest.c'.
+To build under solaris, sh solaris.sh, for Windows NT or Windows 95,
+win32.bat
+
+This will build mttest which will fire up 10 threads that talk SSL
+to each other 10 times.
+To enable everything to work, the application needs to call
+
+CRYPTO_set_id_callback(id_function);
+CRYPTO_set_locking_callback(locking_function);
+
+before any multithreading is started.
+id_function does not need to be defined under Windows NT or 95, the
+correct function will be called if it is not.  Under unix, getpid()
+is call if the id_callback is not defined, for solaris this is wrong
+(since threads id's are not pid's) but under IRIX it is correct
+(threads are just processes sharing the data segement).
+
+The locking_callback is used to perform locking by the SSLeay library.
+eg.
+
+void solaris_locking_callback(mode,type,file,line)
+int mode;
+int type;
+char *file;
+int line;
+	{
+	if (mode & CRYPTO_LOCK)
+		mutex_lock(&(lock_cs[type]));
+	else
+		mutex_unlock(&(lock_cs[type]));
+	}
+
+Now in this case I have used mutexes instead of read/write locks, since they
+are faster and there are not many read locks in SSLeay, you may as well
+always use write locks.  file and line are __FILE__ and __LINE__ from
+the compile and can be usefull when debugging.
+
+Now as you can see, 'type' can be one of a range of values, these values are
+defined in crypto/crypto.h
+CRYPTO_get_lock_name(type) will return a text version of what the lock is.
+There are CRYPTO_NUM_LOCKS locks required, so under solaris, the setup
+for multi-threading can be
+
+static mutex_t lock_cs[CRYPTO_NUM_LOCKS];
+
+void thread_setup()
+	{
+	int i;
+
+	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+		mutex_init(&(lock_cs[i]),USYNC_THREAD,NULL);
+	CRYPTO_set_id_callback((unsigned long (*)())solaris_thread_id);
+	CRYPTO_set_locking_callback((void (*)())solaris_locking_callback);
+	}
+
+As a final note, under Windows NT or Windows 95, you have to be careful
+not to mix the various threaded, unthreaded and debug libraries.
+Normally if they are mixed incorrectly, mttest will crash just after printing
+out some usage statistics at the end.  This is because the
+different system libraries use different malloc routines and if
+data is malloc()ed inside crypt32.dll or ssl32.dll and then free()ed by a
+different library malloc, things get very confused.
+
+The default SSLeay DLL builds use /MD, so if you use this on your
+application, things will work as expected.  If you use /MDd,
+you will probably have to rebuild SSLeay using this flag.
+I should modify util/mk1mf.pl so it does all this correctly, but 
+this has not been done yet.
+
+One last warning.  Because locking overheads are actually quite large, the
+statistics collected against the SSL_CTX for successfull connections etc
+are not locked when updated.  This does make it possible for these
+values to be slightly lower than they should be, if you are
+running multithreaded on a multi-processor box, but this does not really
+matter much.
+
+
+==== txt_db.doc ========================================================
+
+TXT_DB, a simple text based in memory database.
+
+It holds rows of ascii data, for which the only special character is '\0'.
+The rows can be of an unlimited length.
+
+==== why.doc ========================================================
+
+This file is more of a note for other people who wish to understand why
+the build environment is the way it is :-).
+
+The include files 'depend' as follows.
+Each of 
+crypto/*/*.c includes crypto/cryptlib.h
+ssl/*.c include ssl/ssl_locl.h
+apps/*.c include apps/apps.h
+crypto/cryptlib.h, ssl/ssl_locl.h and apps/apps.h
+all include e_os.h which contains OS/environment specific information.
+If you need to add something todo with a particular environment,
+add it to this file.  It is worth remembering that quite a few libraries,
+like lhash, des, md, sha etc etc do not include crypto/cryptlib.h.  This
+is because these libraries should be 'independantly compilable' and so I
+try to keep them this way.
+e_os.h is not so much a part of SSLeay, as the placing in one spot all the
+evil OS dependant muck.
+
+I wanted to automate as many things as possible.  This includes
+error number generation.  A
+make errors
+will scan the source files for error codes, append them to the correct
+header files, and generate the functions to print the text version
+of the error numbers.  So don't even think about adding error numbers by
+hand, put them in the form
+XXXerr(XXXX_F_XXXX,YYYY_R_YYYY);
+on line and it will be automatically picked up my a make errors.
+
+In a similar vein, programs to be added into ssleay in the apps directory
+just need to have an entry added to E_EXE in makefile.ssl and
+everthing will work as expected.  Don't edit progs.h by hand.
+
+make links re-generates the symbolic links that are used.  The reason why
+I keep everything in its own directory, and don't put all the
+test programs and header files in 'test' and 'include' is because I want
+to keep the 'sub-libraries' independant.  I still 'pull' out
+indervidual libraries for use in specific projects where the code is
+required.  I have used the 'lhash' library in just about every software
+project I have worked on :-).
+
+make depend generates dependancies and
+make dclean removes them.
+
+You will notice that I use perl quite a bit when I could be using 'sed'.
+The reason I decided to do this was to just stick to one 'extra' program.
+For Windows NT, I have perl and no sed.
+
+The util/mk1mf.pl program can be used to generate a single makefile.
+I use this because makefiles under Microsoft are horrific.
+Each C compiler seems to have different linker formats, which have
+to be used because the retarted C compilers explode when you do
+cl -o file *.o.
+
+Now some would argue that I should just use the single makefile.  I don't
+like it during develoment for 2 reasons.  First, the actuall make
+command takes a long time.  For my current setup, if I'm in
+crypto/bn and I type make, only the crypto/bn directory gets rebuilt,
+which is nice when you are modifying prototypes in bn.h which
+half the SSLeay depends on.  The second is that to add a new souce file
+I just plonk it in at the required spot in the local makefile.  This
+then alows me to keep things local, I don't need to modify a 'global'
+tables (the make for unix, the make for NT, the make for w31...).
+When I am ripping apart a library structure, it is nice to only
+have to worry about one directory :-).
+
+Having said all this, for the hell of it I put together 2 files that
+#include all the souce code (generated by doing a ls */*.o after a build).
+crypto.c takes only 30 seconds to build under NT and 2 minutes under linux
+for my pentium100.  Much faster that the normal build :-).
+Again, the problem is that when using libraries, every program linked
+to libcrypto.a would suddenly get 330k of library when it may only need
+1k.  This technique does look like a nice way to do shared libraries though.
+
+Oh yes, as a final note, to 'build' a distribution, I just type
+make dist.
+This cleans and packages everything.  The directory needs to be called
+SSLeay since the make does a 'cd ..' and renames and tars things up.
+
+==== req.1 ========================================================
+
+The 'req' command is used to manipulate and deal with pkcs#10
+certificate requests.
+
+It's default mode of operation is to load a certificate and then
+write it out again.
+
+By default the 'req' is read from stdin in 'PEM' format.
+The -inform option can be used to specify 'pem' format or 'der'
+format.  PEM format is the base64 encoding of the DER format.
+
+By default 'req' then writes the request back out. -outform can be used
+to indicate the desired output format, be it 'pem' or 'der'.
+
+To specify an input file, use the '-in' option and the '-out' option
+can be used to specify the output file.
+
+If you wish to perform a command and not output the certificate
+request afterwards, use the '-noout' option.
+
+When a certificate is loaded, it can be printed in a human readable
+ascii format via the '-text' option.
+
+To check that the signature on a certificate request is correct, use
+the '-verify' option to make sure that the private key contained in the
+certificate request corresponds to the signature.
+
+Besides the default mode, there is also the 'generate a certificate
+request' mode.  There are several flags that trigger this mode.
+
+-new will generate a new RSA key (if required) and then prompts
+the user for details for the certificate request.
+-newkey has an argument that is the number of bits to make the new
+key.  This function also triggers '-new'.
+
+The '-new' option can have a key to use specified instead of having to
+load one, '-key' is used to specify the file containg the key.
+-keyform can be used to specify the format of the key.  Only
+'pem' and 'der' formats are supported, later, 'netscape' format may be added.
+
+Finally there is the '-x509' options which makes req output a self
+signed x509 certificate instead of a certificate request.
+
+Now as you may have noticed, there are lots of default options that
+cannot be specified via the command line.  They are held in a 'template'
+or 'configuration file'.  The -config option specifies which configuration
+file to use.  See conf.doc for details on the syntax of this file.
+
+The req command uses the 'req' section of the config file.
+
+---
+# The following variables are defined.  For this example I will populate
+# the various values
+[ req ]
+default_bits	= 512		# default number of bits to use.
+default_keyfile	= testkey.pem	# Where to write the generated keyfile
+				# if not specified.
+distinguished_name= req_dn	# The section that contains the
+				# information about which 'object' we
+				# want to put in the DN.
+attributes	= req_attr	# The objects we want for the
+				# attributes field.
+encrypt_rsa_key	= no		# Should we encrypt newly generated
+				# keys.  I strongly recommend 'yes'.
+
+# The distinguished name section.  For the following entries, the
+# object names must exist in the SSLeay header file objects.h.  If they
+# do not, they will be silently ignored.  The entries have the following
+# format.
+# <object_name>		=> string to prompt with
+# <object_name>_default	=> default value for people
+# <object_name>_value	=> Automatically use this value for this field.
+# <object_name>_min	=> minimum number of characters for data (def. 0)
+# <object_name>_max	=> maximum number of characters for data (def. inf.)
+# All of these entries are optional except for the first one.
+[ req_dn ]
+countryName			= Country Name (2 letter code)
+countryName_default		= AU
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= Queensland
+
+localityName			= Locality Name (eg, city)
+
+organizationName		= Organization Name (eg, company)
+organizationName_default	= Mincom Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+organizationalUnitName_default	= MTR
+
+commonName			= Common Name (eg, YOUR name)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_max		= 40
+
+# The next section is the attributes section.  This is exactly the
+# same as for the previous section except that the resulting objects are
+# put in the attributes field. 
+[ req_attr ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+----
+Also note that the order that attributes appear in this file is the
+order they will be put into the distinguished name.
+
+Once this request has been generated, it can be sent to a CA for
+certifying.
+
+----
+A few quick examples....
+
+To generate a new request and a new key
+req -new
+
+To generate a new request and a 1058 bit key
+req -newkey 1058
+
+To generate a new request using a pre-existing key
+req -new -key key.pem
+
+To generate a self signed x509 certificate from a certificate
+request using a supplied key, and we want to see the text form of the
+output certificate (which we will put in the file selfSign.pem
+req -x509 -in req.pem -key key.pem -text -out selfSign.pem
+
+Verify that the signature is correct on a certificate request.
+req -verify -in req.pem
+
+Verify that the signature was made using a specified public key.
+req -verify -in req.pem -key key.pem
+
+Print the contents of a certificate request
+req -text -in req.pem
+
+==== danger ========================================================
+
+If you specify a SSLv2 cipher, and the mode is SSLv23 and the server
+can talk SSLv3, it will claim there is no cipher since you should be
+using SSLv3.
+
+When tracing debug stuff, remember BIO_s_socket() is different to
+BIO_s_connect().
+
+BSD/OS assember is not working
+
diff --git a/lib/libssl/src/doc/ssluse.doc b/lib/libssl/src/doc/ssluse.doc
deleted file mode 100644
index 2e3a26cbf3c..00000000000
--- a/lib/libssl/src/doc/ssluse.doc
+++ /dev/null
@@ -1,45 +0,0 @@
-We have an SSL_CTX which contains global information for lots of
-SSL connections.  The session-id cache and the certificate verificate cache.
-It also contains default values for use when certificates are used.
-
-SSL_CTX
-	default cipher list
-	session-id cache
-	certificate cache
-	default session-id timeout period
-	New session-id callback
-	Required session-id callback
-	session-id stats
-	Informational callback
-	Callback that is set, overrides the SSLeay X509 certificate
-	  verification
-	The default Certificate/Private Key pair
-	Default read ahead mode.
-	Default verify mode and verify callback.  These are not used
-	  if the over ride callback mentioned above is used.
-	
-Each SSL can have the following defined for it before a connection is made.
-
-Certificate
-Private key
-Ciphers to use
-Certificate verify mode and callback
-IO object to use in the comunication.
-Some 'read-ahead' mode information.
-A previous session-id to re-use.
-
-A connection is made by using SSL_connect or SSL_accept.
-When non-blocking IO is being used, there are functions that can be used
-to determin where and why the SSL_connect or SSL_accept did not complete.
-This information can be used to recall the functions when the 'error'
-condition has dissapeared.
-
-After the connection has been made, information can be retrived about the
-SSL session and the session-id values that have been decided apon.
-The 'peer' certificate can be retrieved.
-
-The session-id values include
-'start time'
-'timeout length'
-
-
diff --git a/lib/libssl/src/doc/stack.doc b/lib/libssl/src/doc/stack.doc
deleted file mode 100644
index 7c20b1b664a..00000000000
--- a/lib/libssl/src/doc/stack.doc
+++ /dev/null
@@ -1,96 +0,0 @@
-The stack data structure is used to store an ordered list of objects.
-It is basically misnamed to call it a stack but it can function that way
-and that is what I originally used it for.  Due to the way element
-pointers are kept in a malloc()ed array, the most efficient way to use this
-structure is to add and delete elements from the end via sk_pop() and
-sk_push().  If you wish to do 'lookups' sk_find() is quite efficient since
-it will sort the stack (if required) and then do a binary search to lookup 
-the requested item.  This sorting occurs automatically so just sk_push()
-elements on the stack and don't worry about the order.  Do remember that if
-you do a sk_find(), the order of the elements will change.
-
-You should never need to 'touch' this structure directly.
-typedef struct stack_st
-	{
-	unsigned int num;
-	char **data;
-	int sorted;
-
-	unsigned int num_alloc;
-	int (*comp)();
-	} STACK;
-
-'num' holds the number of elements in the stack, 'data' is the array of
-elements.  'sorted' is 1 is the list has been sorted, 0 if not.
-
-num_alloc is the number of 'nodes' allocated in 'data'.  When num becomes
-larger than num_alloc, data is realloced to a larger size.
-If 'comp' is set, it is a function that is used to compare 2 of the items
-in the stack.  The function should return -1, 0 or 1, depending on the
-ordering.
-
-#define sk_num(sk)	((sk)->num)
-#define sk_value(sk,n)	((sk)->data[n])
-
-These 2 macros should be used to access the number of elements in the
-'stack' and to access a pointer to one of the values.
-
-STACK *sk_new(int (*c)());
-	This creates a new stack.  If 'c', the comparison function, is not
-specified, the various functions that operate on a sorted 'stack' will not
-work (sk_find()).  NULL is returned on failure.
-
-void sk_free(STACK *);
-	This function free()'s a stack structure.  The elements in the
-stack will not be freed so one should 'pop' and free all elements from the
-stack before calling this function or call sk_pop_free() instead.
-
-void sk_pop_free(STACK *st; void (*func)());
-	This function calls 'func' for each element on the stack, passing
-the element as the argument.  sk_free() is then called to free the 'stack'
-structure.
-
-int sk_insert(STACK *sk,char *data,int where);
-	This function inserts 'data' into stack 'sk' at location 'where'.
-If 'where' is larger that the number of elements in the stack, the element
-is put at the end.  This function tends to be used by other 'stack'
-functions.  Returns 0 on failure, otherwise the number of elements in the
-new stack.
-
-char *sk_delete(STACK *st,int loc);
-	Remove the item a location 'loc' from the stack and returns it.
-Returns NULL if the 'loc' is out of range.
-
-char *sk_delete_ptr(STACK *st, char *p);
-	If the data item pointed to by 'p' is in the stack, it is deleted
-from the stack and returned.  NULL is returned if the element is not in the
-stack.
-
-int sk_find(STACK *st,char *data);
-	Returns the location that contains a value that is equal to 
-the 'data' item.  If the comparison function was not set, this function
-does a linear search.  This function actually qsort()s the stack if it is not
-in order and then uses bsearch() to do the initial search.  If the
-search fails,, -1 is returned.  For mutliple items with the same
-value, the index of the first in the array is returned.
-
-int sk_push(STACK *st,char *data);
-	Append 'data' to the stack.  0 is returned if there is a failure
-(due to a malloc failure), else 1.  This is 
-sk_insert(st,data,sk_num(st));
-
-int sk_unshift(STACK *st,char *data);
-	Prepend 'data' to the front (location 0) of the stack.  This is
-sk_insert(st,data,0);
-
-char *sk_shift(STACK *st);
-	Return and delete from the stack the first element in the stack.
-This is sk_delete(st,0);
-
-char *sk_pop(STACK *st);
-	Return and delete the last element on the stack.  This is
-sk_delete(st,sk_num(sk)-1);
-
-void sk_zero(STACK *st);
-	Removes all items from the stack.  It does not 'free'
-pointers but is a quick way to clear a 'stack of references'.
diff --git a/lib/libssl/src/doc/threads.doc b/lib/libssl/src/doc/threads.doc
deleted file mode 100644
index 251061e8965..00000000000
--- a/lib/libssl/src/doc/threads.doc
+++ /dev/null
@@ -1,90 +0,0 @@
-How to compile SSLeay for multi-threading.
-
-Well basically it is quite simple, set the compiler flags and build.
-I have only really done much testing under Solaris and Windows NT.
-If you library supports localtime_r() and gmtime_r() add,
--DTHREADS to the makefile parameters.  You can probably survive with out
-this define unless you are going to have multiple threads generating
-certificates at once.  It will not affect the SSL side of things.
-
-The approach I have taken to doing locking is to make the application provide
-callbacks to perform locking and so that the SSLeay library can distinguish
-between threads (for the error state).
-
-To have a look at an example program, 'cd mt; vi mttest.c'.
-To build under solaris, sh solaris.sh, for Windows NT or Windows 95,
-win32.bat
-
-This will build mttest which will fire up 10 threads that talk SSL
-to each other 10 times.
-To enable everything to work, the application needs to call
-
-CRYPTO_set_id_callback(id_function);
-CRYPTO_set_locking_callback(locking_function);
-
-before any multithreading is started.
-id_function does not need to be defined under Windows NT or 95, the
-correct function will be called if it is not.  Under unix, getpid()
-is call if the id_callback is not defined, for solaris this is wrong
-(since threads id's are not pid's) but under IRIX it is correct
-(threads are just processes sharing the data segement).
-
-The locking_callback is used to perform locking by the SSLeay library.
-eg.
-
-void solaris_locking_callback(mode,type,file,line)
-int mode;
-int type;
-char *file;
-int line;
-	{
-	if (mode & CRYPTO_LOCK)
-		mutex_lock(&(lock_cs[type]));
-	else
-		mutex_unlock(&(lock_cs[type]));
-	}
-
-Now in this case I have used mutexes instead of read/write locks, since they
-are faster and there are not many read locks in SSLeay, you may as well
-always use write locks.  file and line are __FILE__ and __LINE__ from
-the compile and can be usefull when debugging.
-
-Now as you can see, 'type' can be one of a range of values, these values are
-defined in crypto/crypto.h
-CRYPTO_get_lock_name(type) will return a text version of what the lock is.
-There are CRYPTO_NUM_LOCKS locks required, so under solaris, the setup
-for multi-threading can be
-
-static mutex_t lock_cs[CRYPTO_NUM_LOCKS];
-
-void thread_setup()
-	{
-	int i;
-
-	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
-		mutex_init(&(lock_cs[i]),USYNC_THREAD,NULL);
-	CRYPTO_set_id_callback((unsigned long (*)())solaris_thread_id);
-	CRYPTO_set_locking_callback((void (*)())solaris_locking_callback);
-	}
-
-As a final note, under Windows NT or Windows 95, you have to be careful
-not to mix the various threaded, unthreaded and debug libraries.
-Normally if they are mixed incorrectly, mttest will crash just after printing
-out some usage statistics at the end.  This is because the
-different system libraries use different malloc routines and if
-data is malloc()ed inside crypt32.dll or ssl32.dll and then free()ed by a
-different library malloc, things get very confused.
-
-The default SSLeay DLL builds use /MD, so if you use this on your
-application, things will work as expected.  If you use /MDd,
-you will probably have to rebuild SSLeay using this flag.
-I should modify util/mk1mf.pl so it does all this correctly, but 
-this has not been done yet.
-
-One last warning.  Because locking overheads are actually quite large, the
-statistics collected against the SSL_CTX for successfull connections etc
-are not locked when updated.  This does make it possible for these
-values to be slightly lower than they should be, if you are
-running multithreaded on a multi-processor box, but this does not really
-matter much.
-
diff --git a/lib/libssl/src/doc/txt_db.doc b/lib/libssl/src/doc/txt_db.doc
deleted file mode 100644
index 3a5b0d50a15..00000000000
--- a/lib/libssl/src/doc/txt_db.doc
+++ /dev/null
@@ -1,4 +0,0 @@
-TXT_DB, a simple text based in memory database.
-
-It holds rows of ascii data, for which the only special character is '\0'.
-The rows can be of an unlimited length.
diff --git a/lib/libssl/src/doc/verify b/lib/libssl/src/doc/verify
deleted file mode 100644
index b78d96159da..00000000000
--- a/lib/libssl/src/doc/verify
+++ /dev/null
@@ -1,22 +0,0 @@
-X509_verify_cert_chain(
-	CERT_STORE *cert_store,
-	STACK /* X509 */ *certs,
-	int *verify_result,
-	int (*verify_error_callback)()
-	char *argument_to_callback, /* SSL */
-
-app_verify_callback(
-	char *app_verify_arg, /* from SSL_CTX */
-	STACK /* X509 */ *certs,
-	int *verify_result,
-	int (*verify_error_callback)()
-	SSL *s,
-
-int X509_verify_cert(
-	CERT_STORE *cert_store,
-	X509 *x509,
-	int *verify_result,
-	int (*verify_error_callback)(),
-	char *arg,
-
-
diff --git a/lib/libssl/src/doc/why.doc b/lib/libssl/src/doc/why.doc
deleted file mode 100644
index a1ac84bd27e..00000000000
--- a/lib/libssl/src/doc/why.doc
+++ /dev/null
@@ -1,79 +0,0 @@
-This file is more of a note for other people who wish to understand why
-the build environment is the way it is :-).
-
-The include files 'depend' as follows.
-Each of 
-crypto/*/*.c includes crypto/cryptlib.h
-ssl/*.c include ssl/ssl_locl.h
-apps/*.c include apps/apps.h
-crypto/cryptlib.h, ssl/ssl_locl.h and apps/apps.h
-all include e_os.h which contains OS/environment specific information.
-If you need to add something todo with a particular environment,
-add it to this file.  It is worth remembering that quite a few libraries,
-like lhash, des, md, sha etc etc do not include crypto/cryptlib.h.  This
-is because these libraries should be 'independantly compilable' and so I
-try to keep them this way.
-e_os.h is not so much a part of SSLeay, as the placing in one spot all the
-evil OS dependant muck.
-
-I wanted to automate as many things as possible.  This includes
-error number generation.  A
-make errors
-will scan the source files for error codes, append them to the correct
-header files, and generate the functions to print the text version
-of the error numbers.  So don't even think about adding error numbers by
-hand, put them in the form
-XXXerr(XXXX_F_XXXX,YYYY_R_YYYY);
-on line and it will be automatically picked up my a make errors.
-
-In a similar vein, programs to be added into ssleay in the apps directory
-just need to have an entry added to E_EXE in makefile.ssl and
-everthing will work as expected.  Don't edit progs.h by hand.
-
-make links re-generates the symbolic links that are used.  The reason why
-I keep everything in its own directory, and don't put all the
-test programs and header files in 'test' and 'include' is because I want
-to keep the 'sub-libraries' independant.  I still 'pull' out
-indervidual libraries for use in specific projects where the code is
-required.  I have used the 'lhash' library in just about every software
-project I have worked on :-).
-
-make depend generates dependancies and
-make dclean removes them.
-
-You will notice that I use perl quite a bit when I could be using 'sed'.
-The reason I decided to do this was to just stick to one 'extra' program.
-For Windows NT, I have perl and no sed.
-
-The util/mk1mf.pl program can be used to generate a single makefile.
-I use this because makefiles under Microsoft are horrific.
-Each C compiler seems to have different linker formats, which have
-to be used because the retarted C compilers explode when you do
-cl -o file *.o.
-
-Now some would argue that I should just use the single makefile.  I don't
-like it during develoment for 2 reasons.  First, the actuall make
-command takes a long time.  For my current setup, if I'm in
-crypto/bn and I type make, only the crypto/bn directory gets rebuilt,
-which is nice when you are modifying prototypes in bn.h which
-half the SSLeay depends on.  The second is that to add a new souce file
-I just plonk it in at the required spot in the local makefile.  This
-then alows me to keep things local, I don't need to modify a 'global'
-tables (the make for unix, the make for NT, the make for w31...).
-When I am ripping apart a library structure, it is nice to only
-have to worry about one directory :-).
-
-Having said all this, for the hell of it I put together 2 files that
-#include all the souce code (generated by doing a ls */*.o after a build).
-crypto.c takes only 30 seconds to build under NT and 2 minutes under linux
-for my pentium100.  Much faster that the normal build :-).
-Again, the problem is that when using libraries, every program linked
-to libcrypto.a would suddenly get 330k of library when it may only need
-1k.  This technique does look like a nice way to do shared libraries though.
-
-Oh yes, as a final note, to 'build' a distribution, I just type
-make dist.
-This cleans and packages everything.  The directory needs to be called
-SSLeay since the make does a 'cd ..' and renames and tars things up.
-
-
diff --git a/lib/libssl/src/e_os.h b/lib/libssl/src/e_os.h
index 3d142ec2ba5..58934d1be10 100644
--- a/lib/libssl/src/e_os.h
+++ b/lib/libssl/src/e_os.h
@@ -59,6 +59,13 @@
 #ifndef HEADER_E_OS_H
 #define HEADER_E_OS_H
 
+#include <openssl/opensslconf.h>
+
+#include <openssl/e_os2.h>
+/* <openssl/e_os2.h> contains what we can justify to make visible
+ * to the outside; this file e_os.h is not part of the exported
+ * interface. */
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -75,10 +82,6 @@ extern "C" {
 #define DEVRANDOM "/dev/urandom"
 #endif
 
-#if defined(NOCONST)
-#define const
-#endif
-
 /********************************************************************
  The Microsoft section
  ********************************************************************/
@@ -102,6 +105,9 @@ extern "C" {
 #ifdef WIN32
 #define get_last_sys_error()	GetLastError()
 #define clear_sys_error()	SetLastError(0)
+#if !defined(WINNT)
+#define WIN_CONSOLE_BUG
+#endif
 #else
 #define get_last_sys_error()	errno
 #define clear_sys_error()	errno=0
@@ -110,10 +116,16 @@ extern "C" {
 #ifdef WINDOWS
 #define get_last_socket_error()	WSAGetLastError()
 #define clear_socket_error()	WSASetLastError(0)
+#define readsocket(s,b,n)	recv((s),(b),(n),0)
+#define writesocket(s,b,n)	send((s),(b),(n),0)
+#define EADDRINUSE		WSAEADDRINUSE
 #else
 #define get_last_socket_error()	errno
 #define clear_socket_error()	errno=0
 #define ioctlsocket(a,b,c)	ioctl(a,b,c)
+#define closesocket(s)		close(s)
+#define readsocket(s,b,n)	read((s),(b),(n))
+#define writesocket(s,b,n)	write((s),(b),(n))
 #endif
 
 #ifdef WIN16
@@ -137,9 +149,13 @@ extern "C" {
 
 #ifndef S_IFMT
 #define S_IFMT	_S_IFMT
+
+#if !defined(WINNT)
+#define NO_SYSLOG
 #endif
+#define NO_DIRENT
 
-#define strncasecmp(a,b,c)	strnicmp((a),(b),(c))
+#endif
 
 #  ifdef WINDOWS
 #    include <windows.h>
@@ -151,6 +167,13 @@ extern "C" {
 #  include <io.h>
 #  include <fcntl.h>
 
+#if defined (__BORLANDC__)
+#define _setmode setmode
+#define _O_TEXT O_TEXT
+#define _O_BINARY O_BINARY
+#define _int64 __int64
+#endif
+
 #if defined(WIN16) && !defined(MONOLITH) && defined(SSLEAY) && defined(_WINEXITNOPERSIST)
 #  define EXIT(n) { if (n == 0) _wsetexit(_WINEXITNOPERSIST); return(n); }
 #else
@@ -166,32 +189,65 @@ extern "C" {
 #ifndef R_OK
 #  define R_OK	4
 #endif
-#  define SSLEAY_CONF	"ssleay.cnf"
+#  define OPENSSL_CONF	"openssl.cnf"
+#  define SSLEAY_CONF	OPENSSL_CONF
 #  define NUL_DEV	"nul"
 #  define RFILE		".rnd"
 
 #else /* The non-microsoft world world */
 
-#  ifdef VMS
-#    include <unixlib.h>
-#  else
-#    include <unistd.h>
+#  if defined(__VMS) && !defined(VMS)
+#  define VMS 1
 #  endif
 
-#  define SSLEAY_CONF	"ssleay.cnf"
-#  define RFILE		".rnd"
-#  define LIST_SEPARATOR_CHAR ':'
-#  ifndef MONOLITH
-#    define EXIT(n)		exit(n); return(n)
+#  ifdef VMS
+  /* some programs don't include stdlib, so exit() and others give implicit 
+     function warnings */
+#    include <stdlib.h>
+#    if defined(__DECC)
+#      include <unistd.h>
+#    else
+#      include <unixlib.h>
+#    endif
+#    define OPENSSL_CONF	"openssl.cnf"
+#    define SSLEAY_CONF		OPENSSL_CONF
+#    define RFILE		".rnd"
+#    define LIST_SEPARATOR_CHAR ','
+#    define NUL_DEV		"NLA0:"
+  /* We need to do this, because DEC C converts exit code 0 to 1, but not 1
+     to 0.  We will convert 1 to 3!  Also, add the inhibit message bit... */
+#    ifndef MONOLITH
+#      define EXIT(n)		do { int __VMS_EXIT = n; \
+                                     if (__VMS_EXIT == 1) __VMS_EXIT = 3; \
+                                     __VMS_EXIT |= 0x10000000; \
+				     exit(n); return(n); } while(0)
+#    else
+#      define EXIT(n)		do { int __VMS_EXIT = n; \
+                                     if (__VMS_EXIT == 1) __VMS_EXIT = 3; \
+                                     __VMS_EXIT |= 0x10000000; \
+				     return(n); } while(0)
+#    endif
 #  else
-#    define EXIT(n)		return(n)
+     /* !defined VMS */
+#    include OPENSSL_UNISTD
+
+#    define OPENSSL_CONF	"openssl.cnf"
+#    define SSLEAY_CONF		OPENSSL_CONF
+#    define RFILE		".rnd"
+#    define LIST_SEPARATOR_CHAR ':'
+#    define NUL_DEV		"/dev/null"
+#    ifndef MONOLITH
+#      define EXIT(n)		exit(n); return(n)
+#    else
+#      define EXIT(n)		return(n)
+#    endif
 #  endif
-#  define NUL_DEV		"/dev/null"
 
 #  define SSLeay_getpid()	getpid()
 
 #endif
 
+
 /*************/
 
 #ifdef USE_SOCKETS
@@ -215,16 +271,21 @@ extern HINSTANCE _hInstance;
 
 #  else
 
+#    include <sys/types.h>
 #    ifndef VMS
-      /* unix world */
-#      include <netdb.h>
-#      include <sys/types.h>
+#      include <sys/param.h>
+#    endif
+#    include <sys/time.h> /* Needed under linux for FD_XXX */
+
+#    include <netdb.h>
+#    if defined(VMS) && !defined(__DECC)
+#      include <socket.h>
+#      include <in.h>
+#    else
 #      include <sys/socket.h>
 #      ifdef FILIO_H
 #        include <sys/filio.h> /* Added for FIONBIO under unixware */
 #      endif
-#      include <sys/param.h>
-#      include <sys/time.h> /* Needed under linux for FD_XXX */
 #      include <netinet/in.h>
 #    endif
 
@@ -240,18 +301,28 @@ extern HINSTANCE _hInstance;
 #    if defined(sun)
 #      include <sys/filio.h>
 #    else
-#      include <sys/ioctl.h>
+#      ifndef VMS
+#        include <sys/ioctl.h>
+#      else
+	 /* ioctl is only in VMS > 7.0 and when socketshr is not used */
+#        if !defined(TCPIP_TYPE_SOCKETSHR) && defined(__VMS_VER) && (__VMS_VER > 70000000)
+#          include <sys/ioctl.h>
+#        endif
+#      endif
 #    endif
 
 #    ifdef VMS
 #      include <unixio.h>
+#      if defined(TCPIP_TYPE_SOCKETSHR)
+#        include <socketshr.h>
+#      endif
 #    endif
 
 #    define SSLeay_Read(a,b,c)     read((a),(b),(c))
 #    define SSLeay_Write(a,b,c)    write((a),(b),(c))
 #    define SHUTDOWN(fd)    { shutdown((fd),0); close((fd)); }
 #    define SHUTDOWN2(fd)   { shutdown((fd),2); close((fd)); }
-#    define INVALID_SOCKET	-1
+#    define INVALID_SOCKET	(-1)
 #  endif
 #endif
 
@@ -263,26 +334,6 @@ extern HINSTANCE _hInstance;
 
 /***********************************************/
 
-#ifndef NOPROTO
-#define P_CC_CC	const void *,const void *
-#define P_I_I		int,int 
-#define P_I_I_P		int,int,char *
-#define P_I_I_P_I	int,int,char *,int
-#define P_IP_I_I_P_I	int *,int,int,char *,int
-#define P_V		void 
-#else
-#define P_CC_CC
-#define P_I_I
-#define P_I_I_P
-#define P_IP_I_I_P_I
-#define P_I_I_P_I
-#define P_V
-#endif
-
-/* not used yet */
-#define	CS_BEGIN
-#define CS_END
-
 /* do we need to do this for getenv.
  * Just define getenv for use under windows */
 
@@ -300,6 +351,9 @@ extern HINSTANCE _hInstance;
 #ifdef sgi
 #define IRIX_CC_BUG	/* all version of IRIX I've tested (4.* 5.*) */
 #endif
+#ifdef SNI
+#define IRIX_CC_BUG	/* CDS++ up to V2.0Bsomething suffered from the same bug.*/
+#endif
 
 #ifdef NO_MD2
 #define MD2_Init MD2Init
diff --git a/lib/libssl/src/e_os2.h b/lib/libssl/src/e_os2.h
new file mode 100644
index 00000000000..bd97b921a8f
--- /dev/null
+++ b/lib/libssl/src/e_os2.h
@@ -0,0 +1,38 @@
+/* e_os2.h */
+
+#ifndef HEADER_E_OS2_H
+#define HEADER_E_OS2_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#include <openssl/opensslconf.h> /* OPENSSL_UNISTD */
+
+#ifdef MSDOS
+# define OPENSSL_UNISTD_IO <io.h>
+# define OPENSSL_DECLARE_EXIT extern void exit(int);
+#else
+# define OPENSSL_UNISTD_IO OPENSSL_UNISTD
+# define OPENSSL_DECLARE_EXIT /* declared in unistd.h */
+#endif
+
+/* Definitions of OPENSSL_GLOBAL and OPENSSL_EXTERN,
+   to define and declare certain global
+   symbols that, with some compilers under VMS, have to be defined and
+   declared explicitely with globaldef and globalref.  On other OS:es,
+   these macros are defined with something sensible. */
+
+#if defined(VMS) && !defined(__DECC)
+# define OPENSSL_EXTERN globalref
+# define OPENSSL_GLOBAL globaldef
+#else
+# define OPENSSL_EXTERN extern
+# define OPENSSL_GLOBAL
+#endif
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/lib/libssl/src/install.com b/lib/libssl/src/install.com
new file mode 100644
index 00000000000..16eac9aab2c
--- /dev/null
+++ b/lib/libssl/src/install.com
@@ -0,0 +1,88 @@
+$! INSTALL.COM -- Installs the files in a given directory tree
+$!
+$! Author: Richard Levitte <richard@levitte.org>
+$! Time of creation: 22-MAY-1998 10:13
+$!
+$! P1	root of the directory tree
+$!
+$	IF P1 .EQS. ""
+$	THEN
+$	    WRITE SYS$OUTPUT "First argument missing."
+$	    WRITE SYS$OUTPUT "Should be the directory where you want things installed."
+$	    EXIT
+$	ENDIF
+$
+$	ARCH = "AXP"
+$	IF F$GETSYI("CPU") .LT. 128 THEN ARCH = "VAX"
+$
+$	ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
+$	ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
+$	ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
+		   - ".][000000" - "[000000." - "][" - "[" - "]"
+$	ROOT = ROOT_DEV + "[" + ROOT_DIR
+$
+$	DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
+$	DEFINE/NOLOG WRK_SSLVLIB WRK_SSLROOT:[VAX_LIB]
+$	DEFINE/NOLOG WRK_SSLALIB WRK_SSLROOT:[ALPHA_LIB]
+$	DEFINE/NOLOG WRK_SSLLIB WRK_SSLROOT:[LIB]
+$	DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE]
+$	DEFINE/NOLOG WRK_SSLVEXE WRK_SSLROOT:[VAX_EXE]
+$	DEFINE/NOLOG WRK_SSLAEXE WRK_SSLROOT:[ALPHA_EXE]
+$	DEFINE/NOLOG WRK_SSLCERTS WRK_SSLROOT:[CERTS]
+$	DEFINE/NOLOG WRK_SSLPRIVATE WRK_SSLROOT:[PRIVATE]
+$
+$	IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLROOT:[000000]
+$	IF F$PARSE("WRK_SSLVEXE:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLVEXE:
+$	IF F$PARSE("WRK_SSLAEXE:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLAEXE:
+$	IF F$PARSE("WRK_SSLVLIB:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLVLIB:
+$	IF F$PARSE("WRK_SSLALIB:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLALIB:
+$	IF F$PARSE("WRK_SSLLIB:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLLIB:
+$	IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLINCLUDE:
+$	IF F$PARSE("WRK_SSLCERTS:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLCERTS:
+$	IF F$PARSE("WRK_SSLPRIVATE:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLPRIVATE:
+$	IF F$PARSE("WRK_SSLROOT:[VMS]") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLROOT:[VMS]
+$
+$	SDIRS := CRYPTO,SSL,RSAREF,APPS,VMS!,TEST,TOOLS
+$	EXHEADER := e_os.h,e_os2.h
+$
+$	COPY 'EXHEADER' WRK_SSLINCLUDE: /LOG
+$
+$	I = 0
+$ LOOP_SDIRS: 
+$	D = F$ELEMENT(I, ",", SDIRS)
+$	I = I + 1
+$	IF D .EQS. "," THEN GOTO LOOP_SDIRS_END
+$	WRITE SYS$OUTPUT "Installing ",D," files."
+$	SET DEFAULT [.'D']
+$	@INSTALL 'ROOT']
+$	SET DEFAULT [-]
+$	GOTO LOOP_SDIRS
+$ LOOP_SDIRS_END:
+$
+$	DEASSIGN WRK_SSLROOT
+$	DEASSIGN WRK_SSLVLIB
+$	DEASSIGN WRK_SSLALIB
+$	DEASSIGN WRK_SSLLIB
+$	DEASSIGN WRK_SSLINCLUDE
+$	DEASSIGN WRK_SSLVEXE
+$	DEASSIGN WRK_SSLAEXE
+$	DEASSIGN WRK_SSLCERTS
+$	DEASSIGN WRK_SSLPRIVATE
+$
+$	WRITE SYS$OUTPUT ""
+$	WRITE SYS$OUTPUT "	Installation done!"
+$	WRITE SYS$OUTPUT ""
+$	WRITE SYS$OUTPUT "	You might want to purge ",ROOT,"...]"
+$	WRITE SYS$OUTPUT ""
+$
+$	EXIT
diff --git a/lib/libssl/src/makefile.one b/lib/libssl/src/makefile.one
deleted file mode 100644
index b0931e0d6f4..00000000000
--- a/lib/libssl/src/makefile.one
+++ /dev/null
@@ -1,1781 +0,0 @@
-# This makefile has been automatically generated from the SSLeay distribution.
-# This single makefile will build the complete SSLeay distribution and
-# by default leave the 'intertesting' output files in ./out and the stuff
-# that needs deleting in ./tmp.
-# The file was generated by running 'make makefile.one', which
-# does a 'make files', which writes all the environment variables from all
-# the makefiles to the file call MINFO.  This file is used by
-# util/mk1mf.pl to generate makefile.one.
-# The 'makefile per directory' system suites me when developing this
-# library and also so I can 'distribute' indervidual library sections.
-# The one monster makefile better suits building in non-unix
-# environments.
-
-INSTALLTOP=/usr/local/ssl
-
-# Set your compiler options
-CC=cc
-CFLAG=-O -DTERMIO
-APP_CFLAG=
-LIB_CFLAG=
-SHLIB_CFLAG=
-APP_EX_OBJ=
-SHLIB_EX_OBJ=
-# add extra libraries to this define, for solaris -lsocket -lnsl would
-# be added
-EX_LIBS=
-
-# The SSLeay directory
-SRC_D=.
-
-LINK=${CC}
-LFLAGS=${CFLAGS}
-
-BN_MULW_OBJ=
-BN_MULW_SRC=
-DES_ENC_OBJ=
-DES_ENC_SRC=
-DES_CRYPT_OBJ=
-DES_CRYPT_SRC=
-BF_ENC_OBJ=
-BF_ENC_SRC=
-CAST_ENC_OBJ=
-CAST_ENC_SRC=
-RC4_ENC_OBJ=
-RC4_ENC_SRC=
-RC5_ENC_OBJ=
-RC5_ENC_SRC=
-MD5_ASM_OBJ=
-MD5_ASM_SRC=
-SHA1_ASM_OBJ=
-SHA1_ASM_SRC=
-RMD160_ASM_OBJ=
-RMD160_ASM_SRC=
-
-# The output directory for everything intersting
-OUT_D=out
-# The output directory for all the temporary muck
-TMP_D=tmp
-# The output directory for the header files
-INC_D=outinc
-
-CP=/bin/cp
-RM=/bin/rm -f
-RANLIB=$(SRC_D)/util/ranlib.sh
-MKDIR=mkdir
-MKLIB=ar r
-MLFLAGS=
-ASM=as
-
-######################################################
-# You should not need to touch anything below this point
-######################################################
-
-E_EXE=ssleay
-SSL=ssl
-CRYPTO=crypto
-RSAGLUE=RSAglue
-
-# BIN_D  - Binary output directory
-# TEST_D - Binary test file output directory
-# LIB_D  - library output directory
-BIN_D=$(OUT_D)
-TEST_D=$(OUT_D)
-LIB_D=$(OUT_D)
-
-# INCL_D - local library directory
-# OBJ_D  - temp object file directory
-OBJ_D=$(TMP_D)
-INCL_D=$(TMP_D)
-
-O_SSL=     $(LIB_D)/lib$(SSL).a
-O_CRYPTO=  $(LIB_D)/lib$(CRYPTO).a
-O_RSAGLUE= $(LIB_D)/lib$(RSAGLUE).a
-SO_SSL=    lib$(SSL)
-SO_CRYPTO= lib$(CRYPTO)
-L_SSL=     $(LIB_D)/$(SSL).a
-L_CRYPTO=  $(LIB_D)/$(CRYPTO).a
-
-L_LIBS= $(L_SSL) $(L_CRYPTO)
-#L_LIBS= $(O_SSL) $(O_RSAGLUE) -lrsaref $(O_CRYPTO)
-
-######################################################
-# Don't touch anything below this point
-######################################################
-
-INC=-I$(INC_D) -I$(INCL_D)
-APP_CFLAGS=$(INC) $(CFLAG) $(APP_CFLAG)
-LIB_CFLAGS=$(INC) $(CFLAG) $(LIB_CFLAG)
-SHLIB_CFLAGS=$(INC) $(CFLAG) $(LIB_CFLAG) $(SHLIB_CFLAG)
-LIBS_DEP=$(O_CRYPTO) $(O_RSAGLUE) $(O_SSL)
-
-#############################################
-HEADER=$(INCL_D)/cryptlib.h \
-	$(INCL_D)/date.h $(INCL_D)/md5_locl.h $(INCL_D)/sha_locl.h \
-	$(INCL_D)/rmd_locl.h $(INCL_D)/rmdconst.h $(INCL_D)/des_locl.h \
-	$(INCL_D)/rpc_des.h $(INCL_D)/podd.h $(INCL_D)/sk.h \
-	$(INCL_D)/spr.h $(INCL_D)/des_ver.h $(INCL_D)/rc2_locl.h \
-	$(INCL_D)/rc4_locl.h $(INCL_D)/rc5_locl.h $(INCL_D)/idea_lcl.h \
-	$(INCL_D)/bf_pi.h $(INCL_D)/bf_locl.h $(INCL_D)/cast_s.h \
-	$(INCL_D)/cast_lcl.h $(INCL_D)/bn_lcl.h $(INCL_D)/bn_prime.h \
-	$(INCL_D)/obj_dat.h $(INCL_D)/conf_lcl.h $(INCL_D)/ssl_locl.h \
-	$(INCL_D)/rsaref.h $(INCL_D)/apps.h $(INCL_D)/progs.h \
-	$(INCL_D)/s_apps.h $(INCL_D)/testdsa.h $(INCL_D)/testrsa.h
-
-EXHEADER=$(INC_D)/e_os.h \
-	$(INC_D)/crypto.h $(INC_D)/cryptall.h $(INC_D)/md2.h \
-	$(INC_D)/md5.h $(INC_D)/sha.h $(INC_D)/mdc2.h \
-	$(INC_D)/hmac.h $(INC_D)/ripemd.h $(INC_D)/des.h \
-	$(INC_D)/rc2.h $(INC_D)/rc4.h $(INC_D)/rc5.h \
-	$(INC_D)/idea.h $(INC_D)/blowfish.h $(INC_D)/cast.h \
-	$(INC_D)/bn.h $(INC_D)/rsa.h $(INC_D)/dsa.h \
-	$(INC_D)/dh.h $(INC_D)/buffer.h $(INC_D)/bio.h \
-	$(INC_D)/bss_file.c $(INC_D)/stack.h $(INC_D)/lhash.h \
-	$(INC_D)/rand.h $(INC_D)/err.h $(INC_D)/objects.h \
-	$(INC_D)/evp.h $(INC_D)/pem.h $(INC_D)/asn1.h \
-	$(INC_D)/asn1_mac.h $(INC_D)/x509.h $(INC_D)/x509_vfy.h \
-	$(INC_D)/conf.h $(INC_D)/txt_db.h $(INC_D)/pkcs7.h \
-	$(INC_D)/ssl.h $(INC_D)/ssl2.h $(INC_D)/ssl3.h \
-	$(INC_D)/ssl23.h $(INC_D)/tls1.h
-
-T_OBJ=$(OBJ_D)/md2test.o \
-	$(OBJ_D)/md5test.o $(OBJ_D)/shatest.o $(OBJ_D)/sha1test.o \
-	$(OBJ_D)/mdc2test.o $(OBJ_D)/hmactest.o $(OBJ_D)/rmdtest.o \
-	$(OBJ_D)/destest.o $(OBJ_D)/rc2test.o $(OBJ_D)/rc4test.o \
-	$(OBJ_D)/rc5test.o $(OBJ_D)/ideatest.o $(OBJ_D)/bftest.o \
-	$(OBJ_D)/casttest.o $(OBJ_D)/bntest.o $(OBJ_D)/exptest.o \
-	$(OBJ_D)/dsatest.o $(OBJ_D)/dhtest.o $(OBJ_D)/randtest.o \
-	$(OBJ_D)/ssltest.o
-
-E_OBJ=$(OBJ_D)/verify.o \
-	$(OBJ_D)/asn1pars.o $(OBJ_D)/req.o $(OBJ_D)/dgst.o \
-	$(OBJ_D)/dh.o $(OBJ_D)/enc.o $(OBJ_D)/gendh.o \
-	$(OBJ_D)/errstr.o $(OBJ_D)/ca.o $(OBJ_D)/pkcs7.o \
-	$(OBJ_D)/crl2p7.o $(OBJ_D)/crl.o $(OBJ_D)/rsa.o \
-	$(OBJ_D)/dsa.o $(OBJ_D)/dsaparam.o $(OBJ_D)/x509.o \
-	$(OBJ_D)/genrsa.o $(OBJ_D)/s_server.o $(OBJ_D)/s_client.o \
-	$(OBJ_D)/speed.o $(OBJ_D)/s_time.o $(OBJ_D)/apps.o \
-	$(OBJ_D)/s_cb.o $(OBJ_D)/s_socket.o $(OBJ_D)/version.o \
-	$(OBJ_D)/sess_id.o $(OBJ_D)/ciphers.o $(OBJ_D)/ssleay.o
-
-CRYPTOOBJ=$(OBJ_D)/cryptlib.o \
-	$(OBJ_D)/mem.o $(OBJ_D)/cversion.o $(OBJ_D)/ex_data.o \
-	$(OBJ_D)/cpt_err.o $(OBJ_D)/md2_dgst.o $(OBJ_D)/md2_one.o \
-	$(OBJ_D)/md5_dgst.o $(OBJ_D)/md5_one.o $(OBJ_D)/sha_dgst.o \
-	$(OBJ_D)/sha1dgst.o $(OBJ_D)/sha_one.o $(OBJ_D)/sha1_one.o \
-	$(OBJ_D)/mdc2dgst.o $(OBJ_D)/mdc2_one.o $(OBJ_D)/hmac.o \
-	$(OBJ_D)/rmd_dgst.o $(OBJ_D)/rmd_one.o $(OBJ_D)/set_key.o \
-	$(OBJ_D)/ecb_enc.o $(OBJ_D)/cbc_enc.o $(OBJ_D)/ecb3_enc.o \
-	$(OBJ_D)/cfb64enc.o $(OBJ_D)/cfb64ede.o $(OBJ_D)/cfb_enc.o \
-	$(OBJ_D)/ofb64ede.o $(OBJ_D)/enc_read.o $(OBJ_D)/enc_writ.o \
-	$(OBJ_D)/ofb64enc.o $(OBJ_D)/ofb_enc.o $(OBJ_D)/str2key.o \
-	$(OBJ_D)/pcbc_enc.o $(OBJ_D)/qud_cksm.o $(OBJ_D)/rand_key.o \
-	$(OBJ_D)/des_enc.o $(OBJ_D)/fcrypt_b.o $(OBJ_D)/read2pwd.o \
-	$(OBJ_D)/fcrypt.o $(OBJ_D)/xcbc_enc.o $(OBJ_D)/read_pwd.o \
-	$(OBJ_D)/rpc_enc.o $(OBJ_D)/cbc_cksm.o $(OBJ_D)/supp.o \
-	$(OBJ_D)/rc2_ecb.o $(OBJ_D)/rc2_skey.o $(OBJ_D)/rc2_cbc.o \
-	$(OBJ_D)/rc2cfb64.o $(OBJ_D)/rc2ofb64.o $(OBJ_D)/rc4_skey.o \
-	$(OBJ_D)/rc4_enc.o $(OBJ_D)/rc5_skey.o $(OBJ_D)/rc5_ecb.o \
-	$(OBJ_D)/rc5_enc.o $(OBJ_D)/rc5cfb64.o $(OBJ_D)/rc5ofb64.o \
-	$(OBJ_D)/i_cbc.o $(OBJ_D)/i_cfb64.o $(OBJ_D)/i_ofb64.o \
-	$(OBJ_D)/i_ecb.o $(OBJ_D)/i_skey.o $(OBJ_D)/bf_skey.o \
-	$(OBJ_D)/bf_ecb.o $(OBJ_D)/bf_enc.o $(OBJ_D)/bf_cfb64.o \
-	$(OBJ_D)/bf_ofb64.o $(OBJ_D)/c_skey.o $(OBJ_D)/c_ecb.o \
-	$(OBJ_D)/c_enc.o $(OBJ_D)/c_cfb64.o $(OBJ_D)/c_ofb64.o \
-	$(OBJ_D)/bn_add.o $(OBJ_D)/bn_div.o $(OBJ_D)/bn_exp.o \
-	$(OBJ_D)/bn_lib.o $(OBJ_D)/bn_mod.o $(OBJ_D)/bn_mul.o \
-	$(OBJ_D)/bn_print.o $(OBJ_D)/bn_rand.o $(OBJ_D)/bn_shift.o \
-	$(OBJ_D)/bn_sub.o $(OBJ_D)/bn_word.o $(OBJ_D)/bn_blind.o \
-	$(OBJ_D)/bn_gcd.o $(OBJ_D)/bn_prime.o $(OBJ_D)/bn_err.o \
-	$(OBJ_D)/bn_sqr.o $(OBJ_D)/bn_mulw.o $(OBJ_D)/bn_recp.o \
-	$(OBJ_D)/bn_mont.o $(OBJ_D)/bn_mpi.o $(OBJ_D)/rsa_eay.o \
-	$(OBJ_D)/rsa_gen.o $(OBJ_D)/rsa_lib.o $(OBJ_D)/rsa_sign.o \
-	$(OBJ_D)/rsa_saos.o $(OBJ_D)/rsa_err.o $(OBJ_D)/rsa_pk1.o \
-	$(OBJ_D)/rsa_ssl.o $(OBJ_D)/rsa_none.o $(OBJ_D)/dsa_gen.o \
-	$(OBJ_D)/dsa_key.o $(OBJ_D)/dsa_lib.o $(OBJ_D)/dsa_vrf.o \
-	$(OBJ_D)/dsa_sign.o $(OBJ_D)/dsa_err.o $(OBJ_D)/dh_gen.o \
-	$(OBJ_D)/dh_key.o $(OBJ_D)/dh_lib.o $(OBJ_D)/dh_check.o \
-	$(OBJ_D)/dh_err.o $(OBJ_D)/buffer.o $(OBJ_D)/buf_err.o \
-	$(OBJ_D)/bio_lib.o $(OBJ_D)/bio_cb.o $(OBJ_D)/bio_err.o \
-	$(OBJ_D)/bss_mem.o $(OBJ_D)/bss_null.o $(OBJ_D)/bss_fd.o \
-	$(OBJ_D)/bss_file.o $(OBJ_D)/bss_sock.o $(OBJ_D)/bss_conn.o \
-	$(OBJ_D)/bf_null.o $(OBJ_D)/bf_buff.o $(OBJ_D)/b_print.o \
-	$(OBJ_D)/b_dump.o $(OBJ_D)/b_sock.o $(OBJ_D)/bss_acpt.o \
-	$(OBJ_D)/bf_nbio.o $(OBJ_D)/stack.o $(OBJ_D)/lhash.o \
-	$(OBJ_D)/lh_stats.o $(OBJ_D)/md_rand.o $(OBJ_D)/randfile.o \
-	$(OBJ_D)/err.o $(OBJ_D)/err_all.o $(OBJ_D)/err_prn.o \
-	$(OBJ_D)/obj_dat.o $(OBJ_D)/obj_lib.o $(OBJ_D)/obj_err.o \
-	$(OBJ_D)/encode.o $(OBJ_D)/digest.o $(OBJ_D)/evp_enc.o \
-	$(OBJ_D)/evp_key.o $(OBJ_D)/e_ecb_d.o $(OBJ_D)/e_cbc_d.o \
-	$(OBJ_D)/e_cfb_d.o $(OBJ_D)/e_ofb_d.o $(OBJ_D)/e_ecb_i.o \
-	$(OBJ_D)/e_cbc_i.o $(OBJ_D)/e_cfb_i.o $(OBJ_D)/e_ofb_i.o \
-	$(OBJ_D)/e_ecb_3d.o $(OBJ_D)/e_cbc_3d.o $(OBJ_D)/e_rc4.o \
-	$(OBJ_D)/names.o $(OBJ_D)/e_cfb_3d.o $(OBJ_D)/e_ofb_3d.o \
-	$(OBJ_D)/e_xcbc_d.o $(OBJ_D)/e_ecb_r2.o $(OBJ_D)/e_cbc_r2.o \
-	$(OBJ_D)/e_cfb_r2.o $(OBJ_D)/e_ofb_r2.o $(OBJ_D)/e_ecb_bf.o \
-	$(OBJ_D)/e_cbc_bf.o $(OBJ_D)/e_cfb_bf.o $(OBJ_D)/e_ofb_bf.o \
-	$(OBJ_D)/e_ecb_c.o $(OBJ_D)/e_cbc_c.o $(OBJ_D)/e_cfb_c.o \
-	$(OBJ_D)/e_ofb_c.o $(OBJ_D)/e_ecb_r5.o $(OBJ_D)/e_cbc_r5.o \
-	$(OBJ_D)/e_cfb_r5.o $(OBJ_D)/e_ofb_r5.o $(OBJ_D)/m_null.o \
-	$(OBJ_D)/m_md2.o $(OBJ_D)/m_md5.o $(OBJ_D)/m_sha.o \
-	$(OBJ_D)/m_sha1.o $(OBJ_D)/m_dss.o $(OBJ_D)/m_dss1.o \
-	$(OBJ_D)/m_mdc2.o $(OBJ_D)/m_ripemd.o $(OBJ_D)/p_open.o \
-	$(OBJ_D)/p_seal.o $(OBJ_D)/p_sign.o $(OBJ_D)/p_verify.o \
-	$(OBJ_D)/p_lib.o $(OBJ_D)/p_enc.o $(OBJ_D)/p_dec.o \
-	$(OBJ_D)/bio_md.o $(OBJ_D)/bio_b64.o $(OBJ_D)/bio_enc.o \
-	$(OBJ_D)/evp_err.o $(OBJ_D)/e_null.o $(OBJ_D)/c_all.o \
-	$(OBJ_D)/evp_lib.o $(OBJ_D)/pem_sign.o $(OBJ_D)/pem_seal.o \
-	$(OBJ_D)/pem_info.o $(OBJ_D)/pem_lib.o $(OBJ_D)/pem_all.o \
-	$(OBJ_D)/pem_err.o $(OBJ_D)/a_object.o $(OBJ_D)/a_bitstr.o \
-	$(OBJ_D)/a_utctm.o $(OBJ_D)/a_int.o $(OBJ_D)/a_octet.o \
-	$(OBJ_D)/a_print.o $(OBJ_D)/a_type.o $(OBJ_D)/a_set.o \
-	$(OBJ_D)/a_dup.o $(OBJ_D)/a_d2i_fp.o $(OBJ_D)/a_i2d_fp.o \
-	$(OBJ_D)/a_sign.o $(OBJ_D)/a_digest.o $(OBJ_D)/a_verify.o \
-	$(OBJ_D)/x_algor.o $(OBJ_D)/x_val.o $(OBJ_D)/x_pubkey.o \
-	$(OBJ_D)/x_sig.o $(OBJ_D)/x_req.o $(OBJ_D)/x_attrib.o \
-	$(OBJ_D)/x_name.o $(OBJ_D)/x_cinf.o $(OBJ_D)/x_x509.o \
-	$(OBJ_D)/x_crl.o $(OBJ_D)/x_info.o $(OBJ_D)/x_spki.o \
-	$(OBJ_D)/d2i_r_pr.o $(OBJ_D)/i2d_r_pr.o $(OBJ_D)/d2i_r_pu.o \
-	$(OBJ_D)/i2d_r_pu.o $(OBJ_D)/d2i_s_pr.o $(OBJ_D)/i2d_s_pr.o \
-	$(OBJ_D)/d2i_s_pu.o $(OBJ_D)/i2d_s_pu.o $(OBJ_D)/d2i_pu.o \
-	$(OBJ_D)/d2i_pr.o $(OBJ_D)/i2d_pu.o $(OBJ_D)/i2d_pr.o \
-	$(OBJ_D)/t_req.o $(OBJ_D)/t_x509.o $(OBJ_D)/t_pkey.o \
-	$(OBJ_D)/p7_i_s.o $(OBJ_D)/p7_signi.o $(OBJ_D)/p7_signd.o \
-	$(OBJ_D)/p7_recip.o $(OBJ_D)/p7_enc_c.o $(OBJ_D)/p7_evp.o \
-	$(OBJ_D)/p7_dgst.o $(OBJ_D)/p7_s_e.o $(OBJ_D)/p7_enc.o \
-	$(OBJ_D)/p7_lib.o $(OBJ_D)/f_int.o $(OBJ_D)/f_string.o \
-	$(OBJ_D)/i2d_dhp.o $(OBJ_D)/i2d_dsap.o $(OBJ_D)/d2i_dhp.o \
-	$(OBJ_D)/d2i_dsap.o $(OBJ_D)/n_pkey.o $(OBJ_D)/a_hdr.o \
-	$(OBJ_D)/x_pkey.o $(OBJ_D)/a_bool.o $(OBJ_D)/x_exten.o \
-	$(OBJ_D)/asn1_par.o $(OBJ_D)/asn1_lib.o $(OBJ_D)/asn1_err.o \
-	$(OBJ_D)/a_meth.o $(OBJ_D)/a_bytes.o $(OBJ_D)/evp_asn1.o \
-	$(OBJ_D)/x509_def.o $(OBJ_D)/x509_d2.o $(OBJ_D)/x509_r2x.o \
-	$(OBJ_D)/x509_cmp.o $(OBJ_D)/x509_obj.o $(OBJ_D)/x509_req.o \
-	$(OBJ_D)/x509_vfy.o $(OBJ_D)/x509_set.o $(OBJ_D)/x509rset.o \
-	$(OBJ_D)/x509_err.o $(OBJ_D)/x509name.o $(OBJ_D)/x509_v3.o \
-	$(OBJ_D)/x509_ext.o $(OBJ_D)/x509pack.o $(OBJ_D)/x509type.o \
-	$(OBJ_D)/x509_lu.o $(OBJ_D)/x_all.o $(OBJ_D)/x509_txt.o \
-	$(OBJ_D)/by_file.o $(OBJ_D)/by_dir.o $(OBJ_D)/v3_net.o \
-	$(OBJ_D)/v3_x509.o $(OBJ_D)/conf.o $(OBJ_D)/conf_err.o \
-	$(OBJ_D)/txt_db.o $(OBJ_D)/pk7_lib.o $(OBJ_D)/pkcs7err.o \
-	$(OBJ_D)/pk7_doit.o
-
-SSLOBJ=$(OBJ_D)/s2_meth.o \
-	$(OBJ_D)/s2_srvr.o $(OBJ_D)/s2_clnt.o $(OBJ_D)/s2_lib.o \
-	$(OBJ_D)/s2_enc.o $(OBJ_D)/s2_pkt.o $(OBJ_D)/s3_meth.o \
-	$(OBJ_D)/s3_srvr.o $(OBJ_D)/s3_clnt.o $(OBJ_D)/s3_lib.o \
-	$(OBJ_D)/s3_enc.o $(OBJ_D)/s3_pkt.o $(OBJ_D)/s3_both.o \
-	$(OBJ_D)/s23_meth.o $(OBJ_D)/s23_srvr.o $(OBJ_D)/s23_clnt.o \
-	$(OBJ_D)/s23_lib.o $(OBJ_D)/s23_pkt.o $(OBJ_D)/t1_meth.o \
-	$(OBJ_D)/t1_srvr.o $(OBJ_D)/t1_clnt.o $(OBJ_D)/t1_lib.o \
-	$(OBJ_D)/t1_enc.o $(OBJ_D)/ssl_lib.o $(OBJ_D)/ssl_err2.o \
-	$(OBJ_D)/ssl_cert.o $(OBJ_D)/ssl_sess.o $(OBJ_D)/ssl_ciph.o \
-	$(OBJ_D)/ssl_stat.o $(OBJ_D)/ssl_rsa.o $(OBJ_D)/ssl_asn1.o \
-	$(OBJ_D)/ssl_txt.o $(OBJ_D)/ssl_algs.o $(OBJ_D)/bio_ssl.o \
-	$(OBJ_D)/ssl_err.o
-
-RSAGLUEOBJ=$(OBJ_D)/rsaref.o \
-	$(OBJ_D)/rsar_err.o
-
-T_EXE=$(TEST_D)/md2test \
-	$(TEST_D)/md5test $(TEST_D)/shatest $(TEST_D)/sha1test \
-	$(TEST_D)/mdc2test $(TEST_D)/hmactest $(TEST_D)/rmdtest \
-	$(TEST_D)/destest $(TEST_D)/rc2test $(TEST_D)/rc4test \
-	$(TEST_D)/rc5test $(TEST_D)/ideatest $(TEST_D)/bftest \
-	$(TEST_D)/casttest $(TEST_D)/bntest $(TEST_D)/exptest \
-	$(TEST_D)/dsatest $(TEST_D)/dhtest $(TEST_D)/randtest \
-	$(TEST_D)/ssltest
-
-###################################################################
-all: banner $(TMP_D) $(BIN_D) $(TEST_D) $(LIB_D) $(INC_D) headers lib exe
-
-banner:
-
-
-$(TMP_D):
-	$(MKDIR) $(TMP_D)
-
-$(BIN_D):
-	$(MKDIR) $(BIN_D)
-
-$(TEST_D):
-	$(MKDIR) $(TEST_D)
-
-$(LIB_D):
-	$(MKDIR) $(LIB_D)
-
-$(INC_D):
-	$(MKDIR) $(INC_D)
-
-headers: $(HEADER) $(EXHEADER)
-
-lib: $(LIBS_DEP)
-
-exe: $(T_EXE) $(BIN_D)/$(E_EXE)
-
-install:
-	$(MKDIR) $(INSTALLTOP)
-	$(MKDIR) $(INSTALLTOP)/bin
-	$(MKDIR) $(INSTALLTOP)/include
-	$(MKDIR) $(INSTALLTOP)/lib
-	$(CP) $(INC_D)/*.[ch] $(INSTALLTOP)/include
-	$(CP) $(BIN_D)/$(E_EXE) $(INSTALLTOP)/bin
-	$(CP) $(O_SSL) $(INSTALLTOP)/lib
-	$(CP) $(O_CRYPTO) $(INSTALLTOP)/lib
-
-clean:
-	$(RM) $(TMP_D)/*.*
-
-vclean:
-	$(RM) $(TMP_D)/*.*
-	$(RM) $(OUT_D)/*.*
-
-$(INCL_D)/cryptlib.h: $(SRC_D)/crypto/cryptlib.h
-	$(CP) $(SRC_D)/crypto/cryptlib.h $(INCL_D)/cryptlib.h
-
-$(INCL_D)/date.h: $(SRC_D)/crypto/date.h
-	$(CP) $(SRC_D)/crypto/date.h $(INCL_D)/date.h
-
-$(INCL_D)/md5_locl.h: $(SRC_D)/crypto/md5/md5_locl.h
-	$(CP) $(SRC_D)/crypto/md5/md5_locl.h $(INCL_D)/md5_locl.h
-
-$(INCL_D)/sha_locl.h: $(SRC_D)/crypto/sha/sha_locl.h
-	$(CP) $(SRC_D)/crypto/sha/sha_locl.h $(INCL_D)/sha_locl.h
-
-$(INCL_D)/rmd_locl.h: $(SRC_D)/crypto/ripemd/rmd_locl.h
-	$(CP) $(SRC_D)/crypto/ripemd/rmd_locl.h $(INCL_D)/rmd_locl.h
-
-$(INCL_D)/rmdconst.h: $(SRC_D)/crypto/ripemd/rmdconst.h
-	$(CP) $(SRC_D)/crypto/ripemd/rmdconst.h $(INCL_D)/rmdconst.h
-
-$(INCL_D)/des_locl.h: $(SRC_D)/crypto/des/des_locl.h
-	$(CP) $(SRC_D)/crypto/des/des_locl.h $(INCL_D)/des_locl.h
-
-$(INCL_D)/rpc_des.h: $(SRC_D)/crypto/des/rpc_des.h
-	$(CP) $(SRC_D)/crypto/des/rpc_des.h $(INCL_D)/rpc_des.h
-
-$(INCL_D)/podd.h: $(SRC_D)/crypto/des/podd.h
-	$(CP) $(SRC_D)/crypto/des/podd.h $(INCL_D)/podd.h
-
-$(INCL_D)/sk.h: $(SRC_D)/crypto/des/sk.h
-	$(CP) $(SRC_D)/crypto/des/sk.h $(INCL_D)/sk.h
-
-$(INCL_D)/spr.h: $(SRC_D)/crypto/des/spr.h
-	$(CP) $(SRC_D)/crypto/des/spr.h $(INCL_D)/spr.h
-
-$(INCL_D)/des_ver.h: $(SRC_D)/crypto/des/des_ver.h
-	$(CP) $(SRC_D)/crypto/des/des_ver.h $(INCL_D)/des_ver.h
-
-$(INCL_D)/rc2_locl.h: $(SRC_D)/crypto/rc2/rc2_locl.h
-	$(CP) $(SRC_D)/crypto/rc2/rc2_locl.h $(INCL_D)/rc2_locl.h
-
-$(INCL_D)/rc4_locl.h: $(SRC_D)/crypto/rc4/rc4_locl.h
-	$(CP) $(SRC_D)/crypto/rc4/rc4_locl.h $(INCL_D)/rc4_locl.h
-
-$(INCL_D)/rc5_locl.h: $(SRC_D)/crypto/rc5/rc5_locl.h
-	$(CP) $(SRC_D)/crypto/rc5/rc5_locl.h $(INCL_D)/rc5_locl.h
-
-$(INCL_D)/idea_lcl.h: $(SRC_D)/crypto/idea/idea_lcl.h
-	$(CP) $(SRC_D)/crypto/idea/idea_lcl.h $(INCL_D)/idea_lcl.h
-
-$(INCL_D)/bf_pi.h: $(SRC_D)/crypto/bf/bf_pi.h
-	$(CP) $(SRC_D)/crypto/bf/bf_pi.h $(INCL_D)/bf_pi.h
-
-$(INCL_D)/bf_locl.h: $(SRC_D)/crypto/bf/bf_locl.h
-	$(CP) $(SRC_D)/crypto/bf/bf_locl.h $(INCL_D)/bf_locl.h
-
-$(INCL_D)/cast_s.h: $(SRC_D)/crypto/cast/cast_s.h
-	$(CP) $(SRC_D)/crypto/cast/cast_s.h $(INCL_D)/cast_s.h
-
-$(INCL_D)/cast_lcl.h: $(SRC_D)/crypto/cast/cast_lcl.h
-	$(CP) $(SRC_D)/crypto/cast/cast_lcl.h $(INCL_D)/cast_lcl.h
-
-$(INCL_D)/bn_lcl.h: $(SRC_D)/crypto/bn/bn_lcl.h
-	$(CP) $(SRC_D)/crypto/bn/bn_lcl.h $(INCL_D)/bn_lcl.h
-
-$(INCL_D)/bn_prime.h: $(SRC_D)/crypto/bn/bn_prime.h
-	$(CP) $(SRC_D)/crypto/bn/bn_prime.h $(INCL_D)/bn_prime.h
-
-$(INCL_D)/obj_dat.h: $(SRC_D)/crypto/objects/obj_dat.h
-	$(CP) $(SRC_D)/crypto/objects/obj_dat.h $(INCL_D)/obj_dat.h
-
-$(INCL_D)/conf_lcl.h: $(SRC_D)/crypto/conf/conf_lcl.h
-	$(CP) $(SRC_D)/crypto/conf/conf_lcl.h $(INCL_D)/conf_lcl.h
-
-$(INCL_D)/ssl_locl.h: $(SRC_D)/ssl/ssl_locl.h
-	$(CP) $(SRC_D)/ssl/ssl_locl.h $(INCL_D)/ssl_locl.h
-
-$(INCL_D)/rsaref.h: $(SRC_D)/rsaref/rsaref.h
-	$(CP) $(SRC_D)/rsaref/rsaref.h $(INCL_D)/rsaref.h
-
-$(INCL_D)/apps.h: $(SRC_D)/apps/apps.h
-	$(CP) $(SRC_D)/apps/apps.h $(INCL_D)/apps.h
-
-$(INCL_D)/progs.h: $(SRC_D)/apps/progs.h
-	$(CP) $(SRC_D)/apps/progs.h $(INCL_D)/progs.h
-
-$(INCL_D)/s_apps.h: $(SRC_D)/apps/s_apps.h
-	$(CP) $(SRC_D)/apps/s_apps.h $(INCL_D)/s_apps.h
-
-$(INCL_D)/testdsa.h: $(SRC_D)/apps/testdsa.h
-	$(CP) $(SRC_D)/apps/testdsa.h $(INCL_D)/testdsa.h
-
-$(INCL_D)/testrsa.h: $(SRC_D)/apps/testrsa.h
-	$(CP) $(SRC_D)/apps/testrsa.h $(INCL_D)/testrsa.h
-
-$(INC_D)/e_os.h: $(SRC_D)/./e_os.h
-	$(CP) $(SRC_D)/./e_os.h $(INC_D)/e_os.h
-
-$(INC_D)/crypto.h: $(SRC_D)/crypto/crypto.h
-	$(CP) $(SRC_D)/crypto/crypto.h $(INC_D)/crypto.h
-
-$(INC_D)/cryptall.h: $(SRC_D)/crypto/cryptall.h
-	$(CP) $(SRC_D)/crypto/cryptall.h $(INC_D)/cryptall.h
-
-$(INC_D)/md2.h: $(SRC_D)/crypto/md2/md2.h
-	$(CP) $(SRC_D)/crypto/md2/md2.h $(INC_D)/md2.h
-
-$(INC_D)/md5.h: $(SRC_D)/crypto/md5/md5.h
-	$(CP) $(SRC_D)/crypto/md5/md5.h $(INC_D)/md5.h
-
-$(INC_D)/sha.h: $(SRC_D)/crypto/sha/sha.h
-	$(CP) $(SRC_D)/crypto/sha/sha.h $(INC_D)/sha.h
-
-$(INC_D)/mdc2.h: $(SRC_D)/crypto/mdc2/mdc2.h
-	$(CP) $(SRC_D)/crypto/mdc2/mdc2.h $(INC_D)/mdc2.h
-
-$(INC_D)/hmac.h: $(SRC_D)/crypto/hmac/hmac.h
-	$(CP) $(SRC_D)/crypto/hmac/hmac.h $(INC_D)/hmac.h
-
-$(INC_D)/ripemd.h: $(SRC_D)/crypto/ripemd/ripemd.h
-	$(CP) $(SRC_D)/crypto/ripemd/ripemd.h $(INC_D)/ripemd.h
-
-$(INC_D)/des.h: $(SRC_D)/crypto/des/des.h
-	$(CP) $(SRC_D)/crypto/des/des.h $(INC_D)/des.h
-
-$(INC_D)/rc2.h: $(SRC_D)/crypto/rc2/rc2.h
-	$(CP) $(SRC_D)/crypto/rc2/rc2.h $(INC_D)/rc2.h
-
-$(INC_D)/rc4.h: $(SRC_D)/crypto/rc4/rc4.h
-	$(CP) $(SRC_D)/crypto/rc4/rc4.h $(INC_D)/rc4.h
-
-$(INC_D)/rc5.h: $(SRC_D)/crypto/rc5/rc5.h
-	$(CP) $(SRC_D)/crypto/rc5/rc5.h $(INC_D)/rc5.h
-
-$(INC_D)/idea.h: $(SRC_D)/crypto/idea/idea.h
-	$(CP) $(SRC_D)/crypto/idea/idea.h $(INC_D)/idea.h
-
-$(INC_D)/blowfish.h: $(SRC_D)/crypto/bf/blowfish.h
-	$(CP) $(SRC_D)/crypto/bf/blowfish.h $(INC_D)/blowfish.h
-
-$(INC_D)/cast.h: $(SRC_D)/crypto/cast/cast.h
-	$(CP) $(SRC_D)/crypto/cast/cast.h $(INC_D)/cast.h
-
-$(INC_D)/bn.h: $(SRC_D)/crypto/bn/bn.h
-	$(CP) $(SRC_D)/crypto/bn/bn.h $(INC_D)/bn.h
-
-$(INC_D)/rsa.h: $(SRC_D)/crypto/rsa/rsa.h
-	$(CP) $(SRC_D)/crypto/rsa/rsa.h $(INC_D)/rsa.h
-
-$(INC_D)/dsa.h: $(SRC_D)/crypto/dsa/dsa.h
-	$(CP) $(SRC_D)/crypto/dsa/dsa.h $(INC_D)/dsa.h
-
-$(INC_D)/dh.h: $(SRC_D)/crypto/dh/dh.h
-	$(CP) $(SRC_D)/crypto/dh/dh.h $(INC_D)/dh.h
-
-$(INC_D)/buffer.h: $(SRC_D)/crypto/buffer/buffer.h
-	$(CP) $(SRC_D)/crypto/buffer/buffer.h $(INC_D)/buffer.h
-
-$(INC_D)/bio.h: $(SRC_D)/crypto/bio/bio.h
-	$(CP) $(SRC_D)/crypto/bio/bio.h $(INC_D)/bio.h
-
-$(INC_D)/bss_file.c: $(SRC_D)/crypto/bio/bss_file.c
-	$(CP) $(SRC_D)/crypto/bio/bss_file.c $(INC_D)/bss_file.c
-
-$(INC_D)/stack.h: $(SRC_D)/crypto/stack/stack.h
-	$(CP) $(SRC_D)/crypto/stack/stack.h $(INC_D)/stack.h
-
-$(INC_D)/lhash.h: $(SRC_D)/crypto/lhash/lhash.h
-	$(CP) $(SRC_D)/crypto/lhash/lhash.h $(INC_D)/lhash.h
-
-$(INC_D)/rand.h: $(SRC_D)/crypto/rand/rand.h
-	$(CP) $(SRC_D)/crypto/rand/rand.h $(INC_D)/rand.h
-
-$(INC_D)/err.h: $(SRC_D)/crypto/err/err.h
-	$(CP) $(SRC_D)/crypto/err/err.h $(INC_D)/err.h
-
-$(INC_D)/objects.h: $(SRC_D)/crypto/objects/objects.h
-	$(CP) $(SRC_D)/crypto/objects/objects.h $(INC_D)/objects.h
-
-$(INC_D)/evp.h: $(SRC_D)/crypto/evp/evp.h
-	$(CP) $(SRC_D)/crypto/evp/evp.h $(INC_D)/evp.h
-
-$(INC_D)/pem.h: $(SRC_D)/crypto/pem/pem.h
-	$(CP) $(SRC_D)/crypto/pem/pem.h $(INC_D)/pem.h
-
-$(INC_D)/asn1.h: $(SRC_D)/crypto/asn1/asn1.h
-	$(CP) $(SRC_D)/crypto/asn1/asn1.h $(INC_D)/asn1.h
-
-$(INC_D)/asn1_mac.h: $(SRC_D)/crypto/asn1/asn1_mac.h
-	$(CP) $(SRC_D)/crypto/asn1/asn1_mac.h $(INC_D)/asn1_mac.h
-
-$(INC_D)/x509.h: $(SRC_D)/crypto/x509/x509.h
-	$(CP) $(SRC_D)/crypto/x509/x509.h $(INC_D)/x509.h
-
-$(INC_D)/x509_vfy.h: $(SRC_D)/crypto/x509/x509_vfy.h
-	$(CP) $(SRC_D)/crypto/x509/x509_vfy.h $(INC_D)/x509_vfy.h
-
-$(INC_D)/conf.h: $(SRC_D)/crypto/conf/conf.h
-	$(CP) $(SRC_D)/crypto/conf/conf.h $(INC_D)/conf.h
-
-$(INC_D)/txt_db.h: $(SRC_D)/crypto/txt_db/txt_db.h
-	$(CP) $(SRC_D)/crypto/txt_db/txt_db.h $(INC_D)/txt_db.h
-
-$(INC_D)/pkcs7.h: $(SRC_D)/crypto/pkcs7/pkcs7.h
-	$(CP) $(SRC_D)/crypto/pkcs7/pkcs7.h $(INC_D)/pkcs7.h
-
-$(INC_D)/ssl.h: $(SRC_D)/ssl/ssl.h
-	$(CP) $(SRC_D)/ssl/ssl.h $(INC_D)/ssl.h
-
-$(INC_D)/ssl2.h: $(SRC_D)/ssl/ssl2.h
-	$(CP) $(SRC_D)/ssl/ssl2.h $(INC_D)/ssl2.h
-
-$(INC_D)/ssl3.h: $(SRC_D)/ssl/ssl3.h
-	$(CP) $(SRC_D)/ssl/ssl3.h $(INC_D)/ssl3.h
-
-$(INC_D)/ssl23.h: $(SRC_D)/ssl/ssl23.h
-	$(CP) $(SRC_D)/ssl/ssl23.h $(INC_D)/ssl23.h
-
-$(INC_D)/tls1.h: $(SRC_D)/ssl/tls1.h
-	$(CP) $(SRC_D)/ssl/tls1.h $(INC_D)/tls1.h
-
-$(OBJ_D)/md2test.o: $(SRC_D)/crypto/md2/md2test.c
-	$(CC) -o $(OBJ_D)/md2test.o $(APP_CFLAGS) -c $(SRC_D)/crypto/md2/md2test.c
-
-$(OBJ_D)/md5test.o: $(SRC_D)/crypto/md5/md5test.c
-	$(CC) -o $(OBJ_D)/md5test.o $(APP_CFLAGS) -c $(SRC_D)/crypto/md5/md5test.c
-
-$(OBJ_D)/shatest.o: $(SRC_D)/crypto/sha/shatest.c
-	$(CC) -o $(OBJ_D)/shatest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/sha/shatest.c
-
-$(OBJ_D)/sha1test.o: $(SRC_D)/crypto/sha/sha1test.c
-	$(CC) -o $(OBJ_D)/sha1test.o $(APP_CFLAGS) -c $(SRC_D)/crypto/sha/sha1test.c
-
-$(OBJ_D)/mdc2test.o: $(SRC_D)/crypto/mdc2/mdc2test.c
-	$(CC) -o $(OBJ_D)/mdc2test.o $(APP_CFLAGS) -c $(SRC_D)/crypto/mdc2/mdc2test.c
-
-$(OBJ_D)/hmactest.o: $(SRC_D)/crypto/hmac/hmactest.c
-	$(CC) -o $(OBJ_D)/hmactest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/hmac/hmactest.c
-
-$(OBJ_D)/rmdtest.o: $(SRC_D)/crypto/ripemd/rmdtest.c
-	$(CC) -o $(OBJ_D)/rmdtest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/ripemd/rmdtest.c
-
-$(OBJ_D)/destest.o: $(SRC_D)/crypto/des/destest.c
-	$(CC) -o $(OBJ_D)/destest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/des/destest.c
-
-$(OBJ_D)/rc2test.o: $(SRC_D)/crypto/rc2/rc2test.c
-	$(CC) -o $(OBJ_D)/rc2test.o $(APP_CFLAGS) -c $(SRC_D)/crypto/rc2/rc2test.c
-
-$(OBJ_D)/rc4test.o: $(SRC_D)/crypto/rc4/rc4test.c
-	$(CC) -o $(OBJ_D)/rc4test.o $(APP_CFLAGS) -c $(SRC_D)/crypto/rc4/rc4test.c
-
-$(OBJ_D)/rc5test.o: $(SRC_D)/crypto/rc5/rc5test.c
-	$(CC) -o $(OBJ_D)/rc5test.o $(APP_CFLAGS) -c $(SRC_D)/crypto/rc5/rc5test.c
-
-$(OBJ_D)/ideatest.o: $(SRC_D)/crypto/idea/ideatest.c
-	$(CC) -o $(OBJ_D)/ideatest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/idea/ideatest.c
-
-$(OBJ_D)/bftest.o: $(SRC_D)/crypto/bf/bftest.c
-	$(CC) -o $(OBJ_D)/bftest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/bf/bftest.c
-
-$(OBJ_D)/casttest.o: $(SRC_D)/crypto/cast/casttest.c
-	$(CC) -o $(OBJ_D)/casttest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/cast/casttest.c
-
-$(OBJ_D)/bntest.o: $(SRC_D)/crypto/bn/bntest.c
-	$(CC) -o $(OBJ_D)/bntest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/bn/bntest.c
-
-$(OBJ_D)/exptest.o: $(SRC_D)/crypto/bn/exptest.c
-	$(CC) -o $(OBJ_D)/exptest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/bn/exptest.c
-
-$(OBJ_D)/dsatest.o: $(SRC_D)/crypto/dsa/dsatest.c
-	$(CC) -o $(OBJ_D)/dsatest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/dsa/dsatest.c
-
-$(OBJ_D)/dhtest.o: $(SRC_D)/crypto/dh/dhtest.c
-	$(CC) -o $(OBJ_D)/dhtest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/dh/dhtest.c
-
-$(OBJ_D)/randtest.o: $(SRC_D)/crypto/rand/randtest.c
-	$(CC) -o $(OBJ_D)/randtest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/rand/randtest.c
-
-$(OBJ_D)/ssltest.o: $(SRC_D)/ssl/ssltest.c
-	$(CC) -o $(OBJ_D)/ssltest.o $(APP_CFLAGS) -c $(SRC_D)/ssl/ssltest.c
-
-$(OBJ_D)/verify.o: $(SRC_D)/apps/verify.c
-	$(CC) -o $(OBJ_D)/verify.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/verify.c
-
-$(OBJ_D)/asn1pars.o: $(SRC_D)/apps/asn1pars.c
-	$(CC) -o $(OBJ_D)/asn1pars.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/asn1pars.c
-
-$(OBJ_D)/req.o: $(SRC_D)/apps/req.c
-	$(CC) -o $(OBJ_D)/req.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/req.c
-
-$(OBJ_D)/dgst.o: $(SRC_D)/apps/dgst.c
-	$(CC) -o $(OBJ_D)/dgst.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/dgst.c
-
-$(OBJ_D)/dh.o: $(SRC_D)/apps/dh.c
-	$(CC) -o $(OBJ_D)/dh.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/dh.c
-
-$(OBJ_D)/enc.o: $(SRC_D)/apps/enc.c
-	$(CC) -o $(OBJ_D)/enc.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/enc.c
-
-$(OBJ_D)/gendh.o: $(SRC_D)/apps/gendh.c
-	$(CC) -o $(OBJ_D)/gendh.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/gendh.c
-
-$(OBJ_D)/errstr.o: $(SRC_D)/apps/errstr.c
-	$(CC) -o $(OBJ_D)/errstr.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/errstr.c
-
-$(OBJ_D)/ca.o: $(SRC_D)/apps/ca.c
-	$(CC) -o $(OBJ_D)/ca.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/ca.c
-
-$(OBJ_D)/pkcs7.o: $(SRC_D)/apps/pkcs7.c
-	$(CC) -o $(OBJ_D)/pkcs7.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/pkcs7.c
-
-$(OBJ_D)/crl2p7.o: $(SRC_D)/apps/crl2p7.c
-	$(CC) -o $(OBJ_D)/crl2p7.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/crl2p7.c
-
-$(OBJ_D)/crl.o: $(SRC_D)/apps/crl.c
-	$(CC) -o $(OBJ_D)/crl.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/crl.c
-
-$(OBJ_D)/rsa.o: $(SRC_D)/apps/rsa.c
-	$(CC) -o $(OBJ_D)/rsa.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/rsa.c
-
-$(OBJ_D)/dsa.o: $(SRC_D)/apps/dsa.c
-	$(CC) -o $(OBJ_D)/dsa.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/dsa.c
-
-$(OBJ_D)/dsaparam.o: $(SRC_D)/apps/dsaparam.c
-	$(CC) -o $(OBJ_D)/dsaparam.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/dsaparam.c
-
-$(OBJ_D)/x509.o: $(SRC_D)/apps/x509.c
-	$(CC) -o $(OBJ_D)/x509.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/x509.c
-
-$(OBJ_D)/genrsa.o: $(SRC_D)/apps/genrsa.c
-	$(CC) -o $(OBJ_D)/genrsa.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/genrsa.c
-
-$(OBJ_D)/s_server.o: $(SRC_D)/apps/s_server.c
-	$(CC) -o $(OBJ_D)/s_server.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/s_server.c
-
-$(OBJ_D)/s_client.o: $(SRC_D)/apps/s_client.c
-	$(CC) -o $(OBJ_D)/s_client.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/s_client.c
-
-$(OBJ_D)/speed.o: $(SRC_D)/apps/speed.c
-	$(CC) -o $(OBJ_D)/speed.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/speed.c
-
-$(OBJ_D)/s_time.o: $(SRC_D)/apps/s_time.c
-	$(CC) -o $(OBJ_D)/s_time.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/s_time.c
-
-$(OBJ_D)/apps.o: $(SRC_D)/apps/apps.c
-	$(CC) -o $(OBJ_D)/apps.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/apps.c
-
-$(OBJ_D)/s_cb.o: $(SRC_D)/apps/s_cb.c
-	$(CC) -o $(OBJ_D)/s_cb.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/s_cb.c
-
-$(OBJ_D)/s_socket.o: $(SRC_D)/apps/s_socket.c
-	$(CC) -o $(OBJ_D)/s_socket.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/s_socket.c
-
-$(OBJ_D)/version.o: $(SRC_D)/apps/version.c
-	$(CC) -o $(OBJ_D)/version.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/version.c
-
-$(OBJ_D)/sess_id.o: $(SRC_D)/apps/sess_id.c
-	$(CC) -o $(OBJ_D)/sess_id.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/sess_id.c
-
-$(OBJ_D)/ciphers.o: $(SRC_D)/apps/ciphers.c
-	$(CC) -o $(OBJ_D)/ciphers.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/ciphers.c
-
-$(OBJ_D)/ssleay.o: $(SRC_D)/apps/ssleay.c
-	$(CC) -o $(OBJ_D)/ssleay.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/ssleay.c
-
-$(OBJ_D)/cryptlib.o: $(SRC_D)/crypto/cryptlib.c
-	$(CC) -o $(OBJ_D)/cryptlib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/cryptlib.c
-
-$(OBJ_D)/mem.o: $(SRC_D)/crypto/mem.c
-	$(CC) -o $(OBJ_D)/mem.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/mem.c
-
-$(OBJ_D)/cversion.o: $(SRC_D)/crypto/cversion.c
-	$(CC) -o $(OBJ_D)/cversion.o  $(LIB_CFLAGS) -DCFLAGS="\"$(CC) $(CFLAG)\"" -c $(SRC_D)/crypto/cversion.c
-
-$(OBJ_D)/ex_data.o: $(SRC_D)/crypto/ex_data.c
-	$(CC) -o $(OBJ_D)/ex_data.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/ex_data.c
-
-$(OBJ_D)/cpt_err.o: $(SRC_D)/crypto/cpt_err.c
-	$(CC) -o $(OBJ_D)/cpt_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/cpt_err.c
-
-$(OBJ_D)/md2_dgst.o: $(SRC_D)/crypto/md2/md2_dgst.c
-	$(CC) -o $(OBJ_D)/md2_dgst.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/md2/md2_dgst.c
-
-$(OBJ_D)/md2_one.o: $(SRC_D)/crypto/md2/md2_one.c
-	$(CC) -o $(OBJ_D)/md2_one.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/md2/md2_one.c
-
-$(OBJ_D)/md5_dgst.o: $(SRC_D)/crypto/md5/md5_dgst.c
-	$(CC) -o $(OBJ_D)/md5_dgst.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/md5/md5_dgst.c
-
-$(OBJ_D)/md5_one.o: $(SRC_D)/crypto/md5/md5_one.c
-	$(CC) -o $(OBJ_D)/md5_one.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/md5/md5_one.c
-
-$(OBJ_D)/sha_dgst.o: $(SRC_D)/crypto/sha/sha_dgst.c
-	$(CC) -o $(OBJ_D)/sha_dgst.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/sha/sha_dgst.c
-
-$(OBJ_D)/sha1dgst.o: $(SRC_D)/crypto/sha/sha1dgst.c
-	$(CC) -o $(OBJ_D)/sha1dgst.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/sha/sha1dgst.c
-
-$(OBJ_D)/sha_one.o: $(SRC_D)/crypto/sha/sha_one.c
-	$(CC) -o $(OBJ_D)/sha_one.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/sha/sha_one.c
-
-$(OBJ_D)/sha1_one.o: $(SRC_D)/crypto/sha/sha1_one.c
-	$(CC) -o $(OBJ_D)/sha1_one.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/sha/sha1_one.c
-
-$(OBJ_D)/mdc2dgst.o: $(SRC_D)/crypto/mdc2/mdc2dgst.c
-	$(CC) -o $(OBJ_D)/mdc2dgst.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/mdc2/mdc2dgst.c
-
-$(OBJ_D)/mdc2_one.o: $(SRC_D)/crypto/mdc2/mdc2_one.c
-	$(CC) -o $(OBJ_D)/mdc2_one.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/mdc2/mdc2_one.c
-
-$(OBJ_D)/hmac.o: $(SRC_D)/crypto/hmac/hmac.c
-	$(CC) -o $(OBJ_D)/hmac.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/hmac/hmac.c
-
-$(OBJ_D)/rmd_dgst.o: $(SRC_D)/crypto/ripemd/rmd_dgst.c
-	$(CC) -o $(OBJ_D)/rmd_dgst.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/ripemd/rmd_dgst.c
-
-$(OBJ_D)/rmd_one.o: $(SRC_D)/crypto/ripemd/rmd_one.c
-	$(CC) -o $(OBJ_D)/rmd_one.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/ripemd/rmd_one.c
-
-$(OBJ_D)/set_key.o: $(SRC_D)/crypto/des/set_key.c
-	$(CC) -o $(OBJ_D)/set_key.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/set_key.c
-
-$(OBJ_D)/ecb_enc.o: $(SRC_D)/crypto/des/ecb_enc.c
-	$(CC) -o $(OBJ_D)/ecb_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/ecb_enc.c
-
-$(OBJ_D)/cbc_enc.o: $(SRC_D)/crypto/des/cbc_enc.c
-	$(CC) -o $(OBJ_D)/cbc_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/cbc_enc.c
-
-$(OBJ_D)/ecb3_enc.o: $(SRC_D)/crypto/des/ecb3_enc.c
-	$(CC) -o $(OBJ_D)/ecb3_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/ecb3_enc.c
-
-$(OBJ_D)/cfb64enc.o: $(SRC_D)/crypto/des/cfb64enc.c
-	$(CC) -o $(OBJ_D)/cfb64enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/cfb64enc.c
-
-$(OBJ_D)/cfb64ede.o: $(SRC_D)/crypto/des/cfb64ede.c
-	$(CC) -o $(OBJ_D)/cfb64ede.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/cfb64ede.c
-
-$(OBJ_D)/cfb_enc.o: $(SRC_D)/crypto/des/cfb_enc.c
-	$(CC) -o $(OBJ_D)/cfb_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/cfb_enc.c
-
-$(OBJ_D)/ofb64ede.o: $(SRC_D)/crypto/des/ofb64ede.c
-	$(CC) -o $(OBJ_D)/ofb64ede.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/ofb64ede.c
-
-$(OBJ_D)/enc_read.o: $(SRC_D)/crypto/des/enc_read.c
-	$(CC) -o $(OBJ_D)/enc_read.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/enc_read.c
-
-$(OBJ_D)/enc_writ.o: $(SRC_D)/crypto/des/enc_writ.c
-	$(CC) -o $(OBJ_D)/enc_writ.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/enc_writ.c
-
-$(OBJ_D)/ofb64enc.o: $(SRC_D)/crypto/des/ofb64enc.c
-	$(CC) -o $(OBJ_D)/ofb64enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/ofb64enc.c
-
-$(OBJ_D)/ofb_enc.o: $(SRC_D)/crypto/des/ofb_enc.c
-	$(CC) -o $(OBJ_D)/ofb_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/ofb_enc.c
-
-$(OBJ_D)/str2key.o: $(SRC_D)/crypto/des/str2key.c
-	$(CC) -o $(OBJ_D)/str2key.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/str2key.c
-
-$(OBJ_D)/pcbc_enc.o: $(SRC_D)/crypto/des/pcbc_enc.c
-	$(CC) -o $(OBJ_D)/pcbc_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/pcbc_enc.c
-
-$(OBJ_D)/qud_cksm.o: $(SRC_D)/crypto/des/qud_cksm.c
-	$(CC) -o $(OBJ_D)/qud_cksm.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/qud_cksm.c
-
-$(OBJ_D)/rand_key.o: $(SRC_D)/crypto/des/rand_key.c
-	$(CC) -o $(OBJ_D)/rand_key.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/rand_key.c
-
-$(OBJ_D)/des_enc.o: $(SRC_D)/crypto/des/des_enc.c
-	$(CC) -o $(OBJ_D)/des_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/des_enc.c
-
-$(OBJ_D)/fcrypt_b.o: $(SRC_D)/crypto/des/fcrypt_b.c
-	$(CC) -o $(OBJ_D)/fcrypt_b.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/fcrypt_b.c
-
-$(OBJ_D)/read2pwd.o: $(SRC_D)/crypto/des/read2pwd.c
-	$(CC) -o $(OBJ_D)/read2pwd.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/read2pwd.c
-
-$(OBJ_D)/fcrypt.o: $(SRC_D)/crypto/des/fcrypt.c
-	$(CC) -o $(OBJ_D)/fcrypt.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/fcrypt.c
-
-$(OBJ_D)/xcbc_enc.o: $(SRC_D)/crypto/des/xcbc_enc.c
-	$(CC) -o $(OBJ_D)/xcbc_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/xcbc_enc.c
-
-$(OBJ_D)/read_pwd.o: $(SRC_D)/crypto/des/read_pwd.c
-	$(CC) -o $(OBJ_D)/read_pwd.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/read_pwd.c
-
-$(OBJ_D)/rpc_enc.o: $(SRC_D)/crypto/des/rpc_enc.c
-	$(CC) -o $(OBJ_D)/rpc_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/rpc_enc.c
-
-$(OBJ_D)/cbc_cksm.o: $(SRC_D)/crypto/des/cbc_cksm.c
-	$(CC) -o $(OBJ_D)/cbc_cksm.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/cbc_cksm.c
-
-$(OBJ_D)/supp.o: $(SRC_D)/crypto/des/supp.c
-	$(CC) -o $(OBJ_D)/supp.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/supp.c
-
-$(OBJ_D)/rc2_ecb.o: $(SRC_D)/crypto/rc2/rc2_ecb.c
-	$(CC) -o $(OBJ_D)/rc2_ecb.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc2/rc2_ecb.c
-
-$(OBJ_D)/rc2_skey.o: $(SRC_D)/crypto/rc2/rc2_skey.c
-	$(CC) -o $(OBJ_D)/rc2_skey.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc2/rc2_skey.c
-
-$(OBJ_D)/rc2_cbc.o: $(SRC_D)/crypto/rc2/rc2_cbc.c
-	$(CC) -o $(OBJ_D)/rc2_cbc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc2/rc2_cbc.c
-
-$(OBJ_D)/rc2cfb64.o: $(SRC_D)/crypto/rc2/rc2cfb64.c
-	$(CC) -o $(OBJ_D)/rc2cfb64.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc2/rc2cfb64.c
-
-$(OBJ_D)/rc2ofb64.o: $(SRC_D)/crypto/rc2/rc2ofb64.c
-	$(CC) -o $(OBJ_D)/rc2ofb64.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc2/rc2ofb64.c
-
-$(OBJ_D)/rc4_skey.o: $(SRC_D)/crypto/rc4/rc4_skey.c
-	$(CC) -o $(OBJ_D)/rc4_skey.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc4/rc4_skey.c
-
-$(OBJ_D)/rc4_enc.o: $(SRC_D)/crypto/rc4/rc4_enc.c
-	$(CC) -o $(OBJ_D)/rc4_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc4/rc4_enc.c
-
-$(OBJ_D)/rc5_skey.o: $(SRC_D)/crypto/rc5/rc5_skey.c
-	$(CC) -o $(OBJ_D)/rc5_skey.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc5/rc5_skey.c
-
-$(OBJ_D)/rc5_ecb.o: $(SRC_D)/crypto/rc5/rc5_ecb.c
-	$(CC) -o $(OBJ_D)/rc5_ecb.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc5/rc5_ecb.c
-
-$(OBJ_D)/rc5_enc.o: $(SRC_D)/crypto/rc5/rc5_enc.c
-	$(CC) -o $(OBJ_D)/rc5_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc5/rc5_enc.c
-
-$(OBJ_D)/rc5cfb64.o: $(SRC_D)/crypto/rc5/rc5cfb64.c
-	$(CC) -o $(OBJ_D)/rc5cfb64.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc5/rc5cfb64.c
-
-$(OBJ_D)/rc5ofb64.o: $(SRC_D)/crypto/rc5/rc5ofb64.c
-	$(CC) -o $(OBJ_D)/rc5ofb64.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc5/rc5ofb64.c
-
-$(OBJ_D)/i_cbc.o: $(SRC_D)/crypto/idea/i_cbc.c
-	$(CC) -o $(OBJ_D)/i_cbc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/idea/i_cbc.c
-
-$(OBJ_D)/i_cfb64.o: $(SRC_D)/crypto/idea/i_cfb64.c
-	$(CC) -o $(OBJ_D)/i_cfb64.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/idea/i_cfb64.c
-
-$(OBJ_D)/i_ofb64.o: $(SRC_D)/crypto/idea/i_ofb64.c
-	$(CC) -o $(OBJ_D)/i_ofb64.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/idea/i_ofb64.c
-
-$(OBJ_D)/i_ecb.o: $(SRC_D)/crypto/idea/i_ecb.c
-	$(CC) -o $(OBJ_D)/i_ecb.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/idea/i_ecb.c
-
-$(OBJ_D)/i_skey.o: $(SRC_D)/crypto/idea/i_skey.c
-	$(CC) -o $(OBJ_D)/i_skey.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/idea/i_skey.c
-
-$(OBJ_D)/bf_skey.o: $(SRC_D)/crypto/bf/bf_skey.c
-	$(CC) -o $(OBJ_D)/bf_skey.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bf/bf_skey.c
-
-$(OBJ_D)/bf_ecb.o: $(SRC_D)/crypto/bf/bf_ecb.c
-	$(CC) -o $(OBJ_D)/bf_ecb.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bf/bf_ecb.c
-
-$(OBJ_D)/bf_enc.o: $(SRC_D)/crypto/bf/bf_enc.c
-	$(CC) -o $(OBJ_D)/bf_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bf/bf_enc.c
-
-$(OBJ_D)/bf_cfb64.o: $(SRC_D)/crypto/bf/bf_cfb64.c
-	$(CC) -o $(OBJ_D)/bf_cfb64.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bf/bf_cfb64.c
-
-$(OBJ_D)/bf_ofb64.o: $(SRC_D)/crypto/bf/bf_ofb64.c
-	$(CC) -o $(OBJ_D)/bf_ofb64.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bf/bf_ofb64.c
-
-$(OBJ_D)/c_skey.o: $(SRC_D)/crypto/cast/c_skey.c
-	$(CC) -o $(OBJ_D)/c_skey.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/cast/c_skey.c
-
-$(OBJ_D)/c_ecb.o: $(SRC_D)/crypto/cast/c_ecb.c
-	$(CC) -o $(OBJ_D)/c_ecb.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/cast/c_ecb.c
-
-$(OBJ_D)/c_enc.o: $(SRC_D)/crypto/cast/c_enc.c
-	$(CC) -o $(OBJ_D)/c_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/cast/c_enc.c
-
-$(OBJ_D)/c_cfb64.o: $(SRC_D)/crypto/cast/c_cfb64.c
-	$(CC) -o $(OBJ_D)/c_cfb64.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/cast/c_cfb64.c
-
-$(OBJ_D)/c_ofb64.o: $(SRC_D)/crypto/cast/c_ofb64.c
-	$(CC) -o $(OBJ_D)/c_ofb64.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/cast/c_ofb64.c
-
-$(OBJ_D)/bn_add.o: $(SRC_D)/crypto/bn/bn_add.c
-	$(CC) -o $(OBJ_D)/bn_add.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_add.c
-
-$(OBJ_D)/bn_div.o: $(SRC_D)/crypto/bn/bn_div.c
-	$(CC) -o $(OBJ_D)/bn_div.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_div.c
-
-$(OBJ_D)/bn_exp.o: $(SRC_D)/crypto/bn/bn_exp.c
-	$(CC) -o $(OBJ_D)/bn_exp.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_exp.c
-
-$(OBJ_D)/bn_lib.o: $(SRC_D)/crypto/bn/bn_lib.c
-	$(CC) -o $(OBJ_D)/bn_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_lib.c
-
-$(OBJ_D)/bn_mod.o: $(SRC_D)/crypto/bn/bn_mod.c
-	$(CC) -o $(OBJ_D)/bn_mod.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_mod.c
-
-$(OBJ_D)/bn_mul.o: $(SRC_D)/crypto/bn/bn_mul.c
-	$(CC) -o $(OBJ_D)/bn_mul.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_mul.c
-
-$(OBJ_D)/bn_print.o: $(SRC_D)/crypto/bn/bn_print.c
-	$(CC) -o $(OBJ_D)/bn_print.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_print.c
-
-$(OBJ_D)/bn_rand.o: $(SRC_D)/crypto/bn/bn_rand.c
-	$(CC) -o $(OBJ_D)/bn_rand.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_rand.c
-
-$(OBJ_D)/bn_shift.o: $(SRC_D)/crypto/bn/bn_shift.c
-	$(CC) -o $(OBJ_D)/bn_shift.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_shift.c
-
-$(OBJ_D)/bn_sub.o: $(SRC_D)/crypto/bn/bn_sub.c
-	$(CC) -o $(OBJ_D)/bn_sub.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_sub.c
-
-$(OBJ_D)/bn_word.o: $(SRC_D)/crypto/bn/bn_word.c
-	$(CC) -o $(OBJ_D)/bn_word.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_word.c
-
-$(OBJ_D)/bn_blind.o: $(SRC_D)/crypto/bn/bn_blind.c
-	$(CC) -o $(OBJ_D)/bn_blind.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_blind.c
-
-$(OBJ_D)/bn_gcd.o: $(SRC_D)/crypto/bn/bn_gcd.c
-	$(CC) -o $(OBJ_D)/bn_gcd.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_gcd.c
-
-$(OBJ_D)/bn_prime.o: $(SRC_D)/crypto/bn/bn_prime.c
-	$(CC) -o $(OBJ_D)/bn_prime.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_prime.c
-
-$(OBJ_D)/bn_err.o: $(SRC_D)/crypto/bn/bn_err.c
-	$(CC) -o $(OBJ_D)/bn_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_err.c
-
-$(OBJ_D)/bn_sqr.o: $(SRC_D)/crypto/bn/bn_sqr.c
-	$(CC) -o $(OBJ_D)/bn_sqr.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_sqr.c
-
-$(OBJ_D)/bn_mulw.o: $(SRC_D)/crypto/bn/bn_mulw.c
-	$(CC) -o $(OBJ_D)/bn_mulw.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_mulw.c
-
-$(OBJ_D)/bn_recp.o: $(SRC_D)/crypto/bn/bn_recp.c
-	$(CC) -o $(OBJ_D)/bn_recp.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_recp.c
-
-$(OBJ_D)/bn_mont.o: $(SRC_D)/crypto/bn/bn_mont.c
-	$(CC) -o $(OBJ_D)/bn_mont.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_mont.c
-
-$(OBJ_D)/bn_mpi.o: $(SRC_D)/crypto/bn/bn_mpi.c
-	$(CC) -o $(OBJ_D)/bn_mpi.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_mpi.c
-
-$(OBJ_D)/rsa_eay.o: $(SRC_D)/crypto/rsa/rsa_eay.c
-	$(CC) -o $(OBJ_D)/rsa_eay.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rsa/rsa_eay.c
-
-$(OBJ_D)/rsa_gen.o: $(SRC_D)/crypto/rsa/rsa_gen.c
-	$(CC) -o $(OBJ_D)/rsa_gen.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rsa/rsa_gen.c
-
-$(OBJ_D)/rsa_lib.o: $(SRC_D)/crypto/rsa/rsa_lib.c
-	$(CC) -o $(OBJ_D)/rsa_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rsa/rsa_lib.c
-
-$(OBJ_D)/rsa_sign.o: $(SRC_D)/crypto/rsa/rsa_sign.c
-	$(CC) -o $(OBJ_D)/rsa_sign.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rsa/rsa_sign.c
-
-$(OBJ_D)/rsa_saos.o: $(SRC_D)/crypto/rsa/rsa_saos.c
-	$(CC) -o $(OBJ_D)/rsa_saos.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rsa/rsa_saos.c
-
-$(OBJ_D)/rsa_err.o: $(SRC_D)/crypto/rsa/rsa_err.c
-	$(CC) -o $(OBJ_D)/rsa_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rsa/rsa_err.c
-
-$(OBJ_D)/rsa_pk1.o: $(SRC_D)/crypto/rsa/rsa_pk1.c
-	$(CC) -o $(OBJ_D)/rsa_pk1.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rsa/rsa_pk1.c
-
-$(OBJ_D)/rsa_ssl.o: $(SRC_D)/crypto/rsa/rsa_ssl.c
-	$(CC) -o $(OBJ_D)/rsa_ssl.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rsa/rsa_ssl.c
-
-$(OBJ_D)/rsa_none.o: $(SRC_D)/crypto/rsa/rsa_none.c
-	$(CC) -o $(OBJ_D)/rsa_none.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rsa/rsa_none.c
-
-$(OBJ_D)/dsa_gen.o: $(SRC_D)/crypto/dsa/dsa_gen.c
-	$(CC) -o $(OBJ_D)/dsa_gen.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/dsa/dsa_gen.c
-
-$(OBJ_D)/dsa_key.o: $(SRC_D)/crypto/dsa/dsa_key.c
-	$(CC) -o $(OBJ_D)/dsa_key.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/dsa/dsa_key.c
-
-$(OBJ_D)/dsa_lib.o: $(SRC_D)/crypto/dsa/dsa_lib.c
-	$(CC) -o $(OBJ_D)/dsa_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/dsa/dsa_lib.c
-
-$(OBJ_D)/dsa_vrf.o: $(SRC_D)/crypto/dsa/dsa_vrf.c
-	$(CC) -o $(OBJ_D)/dsa_vrf.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/dsa/dsa_vrf.c
-
-$(OBJ_D)/dsa_sign.o: $(SRC_D)/crypto/dsa/dsa_sign.c
-	$(CC) -o $(OBJ_D)/dsa_sign.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/dsa/dsa_sign.c
-
-$(OBJ_D)/dsa_err.o: $(SRC_D)/crypto/dsa/dsa_err.c
-	$(CC) -o $(OBJ_D)/dsa_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/dsa/dsa_err.c
-
-$(OBJ_D)/dh_gen.o: $(SRC_D)/crypto/dh/dh_gen.c
-	$(CC) -o $(OBJ_D)/dh_gen.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/dh/dh_gen.c
-
-$(OBJ_D)/dh_key.o: $(SRC_D)/crypto/dh/dh_key.c
-	$(CC) -o $(OBJ_D)/dh_key.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/dh/dh_key.c
-
-$(OBJ_D)/dh_lib.o: $(SRC_D)/crypto/dh/dh_lib.c
-	$(CC) -o $(OBJ_D)/dh_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/dh/dh_lib.c
-
-$(OBJ_D)/dh_check.o: $(SRC_D)/crypto/dh/dh_check.c
-	$(CC) -o $(OBJ_D)/dh_check.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/dh/dh_check.c
-
-$(OBJ_D)/dh_err.o: $(SRC_D)/crypto/dh/dh_err.c
-	$(CC) -o $(OBJ_D)/dh_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/dh/dh_err.c
-
-$(OBJ_D)/buffer.o: $(SRC_D)/crypto/buffer/buffer.c
-	$(CC) -o $(OBJ_D)/buffer.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/buffer/buffer.c
-
-$(OBJ_D)/buf_err.o: $(SRC_D)/crypto/buffer/buf_err.c
-	$(CC) -o $(OBJ_D)/buf_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/buffer/buf_err.c
-
-$(OBJ_D)/bio_lib.o: $(SRC_D)/crypto/bio/bio_lib.c
-	$(CC) -o $(OBJ_D)/bio_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bio_lib.c
-
-$(OBJ_D)/bio_cb.o: $(SRC_D)/crypto/bio/bio_cb.c
-	$(CC) -o $(OBJ_D)/bio_cb.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bio_cb.c
-
-$(OBJ_D)/bio_err.o: $(SRC_D)/crypto/bio/bio_err.c
-	$(CC) -o $(OBJ_D)/bio_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bio_err.c
-
-$(OBJ_D)/bss_mem.o: $(SRC_D)/crypto/bio/bss_mem.c
-	$(CC) -o $(OBJ_D)/bss_mem.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bss_mem.c
-
-$(OBJ_D)/bss_null.o: $(SRC_D)/crypto/bio/bss_null.c
-	$(CC) -o $(OBJ_D)/bss_null.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bss_null.c
-
-$(OBJ_D)/bss_fd.o: $(SRC_D)/crypto/bio/bss_fd.c
-	$(CC) -o $(OBJ_D)/bss_fd.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bss_fd.c
-
-$(OBJ_D)/bss_file.o: $(SRC_D)/crypto/bio/bss_file.c
-	$(CC) -o $(OBJ_D)/bss_file.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bss_file.c
-
-$(OBJ_D)/bss_sock.o: $(SRC_D)/crypto/bio/bss_sock.c
-	$(CC) -o $(OBJ_D)/bss_sock.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bss_sock.c
-
-$(OBJ_D)/bss_conn.o: $(SRC_D)/crypto/bio/bss_conn.c
-	$(CC) -o $(OBJ_D)/bss_conn.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bss_conn.c
-
-$(OBJ_D)/bf_null.o: $(SRC_D)/crypto/bio/bf_null.c
-	$(CC) -o $(OBJ_D)/bf_null.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bf_null.c
-
-$(OBJ_D)/bf_buff.o: $(SRC_D)/crypto/bio/bf_buff.c
-	$(CC) -o $(OBJ_D)/bf_buff.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bf_buff.c
-
-$(OBJ_D)/b_print.o: $(SRC_D)/crypto/bio/b_print.c
-	$(CC) -o $(OBJ_D)/b_print.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/b_print.c
-
-$(OBJ_D)/b_dump.o: $(SRC_D)/crypto/bio/b_dump.c
-	$(CC) -o $(OBJ_D)/b_dump.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/b_dump.c
-
-$(OBJ_D)/b_sock.o: $(SRC_D)/crypto/bio/b_sock.c
-	$(CC) -o $(OBJ_D)/b_sock.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/b_sock.c
-
-$(OBJ_D)/bss_acpt.o: $(SRC_D)/crypto/bio/bss_acpt.c
-	$(CC) -o $(OBJ_D)/bss_acpt.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bss_acpt.c
-
-$(OBJ_D)/bf_nbio.o: $(SRC_D)/crypto/bio/bf_nbio.c
-	$(CC) -o $(OBJ_D)/bf_nbio.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bf_nbio.c
-
-$(OBJ_D)/stack.o: $(SRC_D)/crypto/stack/stack.c
-	$(CC) -o $(OBJ_D)/stack.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/stack/stack.c
-
-$(OBJ_D)/lhash.o: $(SRC_D)/crypto/lhash/lhash.c
-	$(CC) -o $(OBJ_D)/lhash.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/lhash/lhash.c
-
-$(OBJ_D)/lh_stats.o: $(SRC_D)/crypto/lhash/lh_stats.c
-	$(CC) -o $(OBJ_D)/lh_stats.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/lhash/lh_stats.c
-
-$(OBJ_D)/md_rand.o: $(SRC_D)/crypto/rand/md_rand.c
-	$(CC) -o $(OBJ_D)/md_rand.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rand/md_rand.c
-
-$(OBJ_D)/randfile.o: $(SRC_D)/crypto/rand/randfile.c
-	$(CC) -o $(OBJ_D)/randfile.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rand/randfile.c
-
-$(OBJ_D)/err.o: $(SRC_D)/crypto/err/err.c
-	$(CC) -o $(OBJ_D)/err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/err/err.c
-
-$(OBJ_D)/err_all.o: $(SRC_D)/crypto/err/err_all.c
-	$(CC) -o $(OBJ_D)/err_all.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/err/err_all.c
-
-$(OBJ_D)/err_prn.o: $(SRC_D)/crypto/err/err_prn.c
-	$(CC) -o $(OBJ_D)/err_prn.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/err/err_prn.c
-
-$(OBJ_D)/obj_dat.o: $(SRC_D)/crypto/objects/obj_dat.c
-	$(CC) -o $(OBJ_D)/obj_dat.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/objects/obj_dat.c
-
-$(OBJ_D)/obj_lib.o: $(SRC_D)/crypto/objects/obj_lib.c
-	$(CC) -o $(OBJ_D)/obj_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/objects/obj_lib.c
-
-$(OBJ_D)/obj_err.o: $(SRC_D)/crypto/objects/obj_err.c
-	$(CC) -o $(OBJ_D)/obj_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/objects/obj_err.c
-
-$(OBJ_D)/encode.o: $(SRC_D)/crypto/evp/encode.c
-	$(CC) -o $(OBJ_D)/encode.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/encode.c
-
-$(OBJ_D)/digest.o: $(SRC_D)/crypto/evp/digest.c
-	$(CC) -o $(OBJ_D)/digest.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/digest.c
-
-$(OBJ_D)/evp_enc.o: $(SRC_D)/crypto/evp/evp_enc.c
-	$(CC) -o $(OBJ_D)/evp_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/evp_enc.c
-
-$(OBJ_D)/evp_key.o: $(SRC_D)/crypto/evp/evp_key.c
-	$(CC) -o $(OBJ_D)/evp_key.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/evp_key.c
-
-$(OBJ_D)/e_ecb_d.o: $(SRC_D)/crypto/evp/e_ecb_d.c
-	$(CC) -o $(OBJ_D)/e_ecb_d.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ecb_d.c
-
-$(OBJ_D)/e_cbc_d.o: $(SRC_D)/crypto/evp/e_cbc_d.c
-	$(CC) -o $(OBJ_D)/e_cbc_d.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cbc_d.c
-
-$(OBJ_D)/e_cfb_d.o: $(SRC_D)/crypto/evp/e_cfb_d.c
-	$(CC) -o $(OBJ_D)/e_cfb_d.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cfb_d.c
-
-$(OBJ_D)/e_ofb_d.o: $(SRC_D)/crypto/evp/e_ofb_d.c
-	$(CC) -o $(OBJ_D)/e_ofb_d.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ofb_d.c
-
-$(OBJ_D)/e_ecb_i.o: $(SRC_D)/crypto/evp/e_ecb_i.c
-	$(CC) -o $(OBJ_D)/e_ecb_i.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ecb_i.c
-
-$(OBJ_D)/e_cbc_i.o: $(SRC_D)/crypto/evp/e_cbc_i.c
-	$(CC) -o $(OBJ_D)/e_cbc_i.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cbc_i.c
-
-$(OBJ_D)/e_cfb_i.o: $(SRC_D)/crypto/evp/e_cfb_i.c
-	$(CC) -o $(OBJ_D)/e_cfb_i.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cfb_i.c
-
-$(OBJ_D)/e_ofb_i.o: $(SRC_D)/crypto/evp/e_ofb_i.c
-	$(CC) -o $(OBJ_D)/e_ofb_i.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ofb_i.c
-
-$(OBJ_D)/e_ecb_3d.o: $(SRC_D)/crypto/evp/e_ecb_3d.c
-	$(CC) -o $(OBJ_D)/e_ecb_3d.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ecb_3d.c
-
-$(OBJ_D)/e_cbc_3d.o: $(SRC_D)/crypto/evp/e_cbc_3d.c
-	$(CC) -o $(OBJ_D)/e_cbc_3d.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cbc_3d.c
-
-$(OBJ_D)/e_rc4.o: $(SRC_D)/crypto/evp/e_rc4.c
-	$(CC) -o $(OBJ_D)/e_rc4.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_rc4.c
-
-$(OBJ_D)/names.o: $(SRC_D)/crypto/evp/names.c
-	$(CC) -o $(OBJ_D)/names.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/names.c
-
-$(OBJ_D)/e_cfb_3d.o: $(SRC_D)/crypto/evp/e_cfb_3d.c
-	$(CC) -o $(OBJ_D)/e_cfb_3d.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cfb_3d.c
-
-$(OBJ_D)/e_ofb_3d.o: $(SRC_D)/crypto/evp/e_ofb_3d.c
-	$(CC) -o $(OBJ_D)/e_ofb_3d.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ofb_3d.c
-
-$(OBJ_D)/e_xcbc_d.o: $(SRC_D)/crypto/evp/e_xcbc_d.c
-	$(CC) -o $(OBJ_D)/e_xcbc_d.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_xcbc_d.c
-
-$(OBJ_D)/e_ecb_r2.o: $(SRC_D)/crypto/evp/e_ecb_r2.c
-	$(CC) -o $(OBJ_D)/e_ecb_r2.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ecb_r2.c
-
-$(OBJ_D)/e_cbc_r2.o: $(SRC_D)/crypto/evp/e_cbc_r2.c
-	$(CC) -o $(OBJ_D)/e_cbc_r2.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cbc_r2.c
-
-$(OBJ_D)/e_cfb_r2.o: $(SRC_D)/crypto/evp/e_cfb_r2.c
-	$(CC) -o $(OBJ_D)/e_cfb_r2.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cfb_r2.c
-
-$(OBJ_D)/e_ofb_r2.o: $(SRC_D)/crypto/evp/e_ofb_r2.c
-	$(CC) -o $(OBJ_D)/e_ofb_r2.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ofb_r2.c
-
-$(OBJ_D)/e_ecb_bf.o: $(SRC_D)/crypto/evp/e_ecb_bf.c
-	$(CC) -o $(OBJ_D)/e_ecb_bf.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ecb_bf.c
-
-$(OBJ_D)/e_cbc_bf.o: $(SRC_D)/crypto/evp/e_cbc_bf.c
-	$(CC) -o $(OBJ_D)/e_cbc_bf.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cbc_bf.c
-
-$(OBJ_D)/e_cfb_bf.o: $(SRC_D)/crypto/evp/e_cfb_bf.c
-	$(CC) -o $(OBJ_D)/e_cfb_bf.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cfb_bf.c
-
-$(OBJ_D)/e_ofb_bf.o: $(SRC_D)/crypto/evp/e_ofb_bf.c
-	$(CC) -o $(OBJ_D)/e_ofb_bf.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ofb_bf.c
-
-$(OBJ_D)/e_ecb_c.o: $(SRC_D)/crypto/evp/e_ecb_c.c
-	$(CC) -o $(OBJ_D)/e_ecb_c.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ecb_c.c
-
-$(OBJ_D)/e_cbc_c.o: $(SRC_D)/crypto/evp/e_cbc_c.c
-	$(CC) -o $(OBJ_D)/e_cbc_c.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cbc_c.c
-
-$(OBJ_D)/e_cfb_c.o: $(SRC_D)/crypto/evp/e_cfb_c.c
-	$(CC) -o $(OBJ_D)/e_cfb_c.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cfb_c.c
-
-$(OBJ_D)/e_ofb_c.o: $(SRC_D)/crypto/evp/e_ofb_c.c
-	$(CC) -o $(OBJ_D)/e_ofb_c.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ofb_c.c
-
-$(OBJ_D)/e_ecb_r5.o: $(SRC_D)/crypto/evp/e_ecb_r5.c
-	$(CC) -o $(OBJ_D)/e_ecb_r5.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ecb_r5.c
-
-$(OBJ_D)/e_cbc_r5.o: $(SRC_D)/crypto/evp/e_cbc_r5.c
-	$(CC) -o $(OBJ_D)/e_cbc_r5.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cbc_r5.c
-
-$(OBJ_D)/e_cfb_r5.o: $(SRC_D)/crypto/evp/e_cfb_r5.c
-	$(CC) -o $(OBJ_D)/e_cfb_r5.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cfb_r5.c
-
-$(OBJ_D)/e_ofb_r5.o: $(SRC_D)/crypto/evp/e_ofb_r5.c
-	$(CC) -o $(OBJ_D)/e_ofb_r5.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ofb_r5.c
-
-$(OBJ_D)/m_null.o: $(SRC_D)/crypto/evp/m_null.c
-	$(CC) -o $(OBJ_D)/m_null.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_null.c
-
-$(OBJ_D)/m_md2.o: $(SRC_D)/crypto/evp/m_md2.c
-	$(CC) -o $(OBJ_D)/m_md2.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_md2.c
-
-$(OBJ_D)/m_md5.o: $(SRC_D)/crypto/evp/m_md5.c
-	$(CC) -o $(OBJ_D)/m_md5.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_md5.c
-
-$(OBJ_D)/m_sha.o: $(SRC_D)/crypto/evp/m_sha.c
-	$(CC) -o $(OBJ_D)/m_sha.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_sha.c
-
-$(OBJ_D)/m_sha1.o: $(SRC_D)/crypto/evp/m_sha1.c
-	$(CC) -o $(OBJ_D)/m_sha1.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_sha1.c
-
-$(OBJ_D)/m_dss.o: $(SRC_D)/crypto/evp/m_dss.c
-	$(CC) -o $(OBJ_D)/m_dss.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_dss.c
-
-$(OBJ_D)/m_dss1.o: $(SRC_D)/crypto/evp/m_dss1.c
-	$(CC) -o $(OBJ_D)/m_dss1.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_dss1.c
-
-$(OBJ_D)/m_mdc2.o: $(SRC_D)/crypto/evp/m_mdc2.c
-	$(CC) -o $(OBJ_D)/m_mdc2.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_mdc2.c
-
-$(OBJ_D)/m_ripemd.o: $(SRC_D)/crypto/evp/m_ripemd.c
-	$(CC) -o $(OBJ_D)/m_ripemd.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_ripemd.c
-
-$(OBJ_D)/p_open.o: $(SRC_D)/crypto/evp/p_open.c
-	$(CC) -o $(OBJ_D)/p_open.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/p_open.c
-
-$(OBJ_D)/p_seal.o: $(SRC_D)/crypto/evp/p_seal.c
-	$(CC) -o $(OBJ_D)/p_seal.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/p_seal.c
-
-$(OBJ_D)/p_sign.o: $(SRC_D)/crypto/evp/p_sign.c
-	$(CC) -o $(OBJ_D)/p_sign.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/p_sign.c
-
-$(OBJ_D)/p_verify.o: $(SRC_D)/crypto/evp/p_verify.c
-	$(CC) -o $(OBJ_D)/p_verify.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/p_verify.c
-
-$(OBJ_D)/p_lib.o: $(SRC_D)/crypto/evp/p_lib.c
-	$(CC) -o $(OBJ_D)/p_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/p_lib.c
-
-$(OBJ_D)/p_enc.o: $(SRC_D)/crypto/evp/p_enc.c
-	$(CC) -o $(OBJ_D)/p_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/p_enc.c
-
-$(OBJ_D)/p_dec.o: $(SRC_D)/crypto/evp/p_dec.c
-	$(CC) -o $(OBJ_D)/p_dec.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/p_dec.c
-
-$(OBJ_D)/bio_md.o: $(SRC_D)/crypto/evp/bio_md.c
-	$(CC) -o $(OBJ_D)/bio_md.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/bio_md.c
-
-$(OBJ_D)/bio_b64.o: $(SRC_D)/crypto/evp/bio_b64.c
-	$(CC) -o $(OBJ_D)/bio_b64.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/bio_b64.c
-
-$(OBJ_D)/bio_enc.o: $(SRC_D)/crypto/evp/bio_enc.c
-	$(CC) -o $(OBJ_D)/bio_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/bio_enc.c
-
-$(OBJ_D)/evp_err.o: $(SRC_D)/crypto/evp/evp_err.c
-	$(CC) -o $(OBJ_D)/evp_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/evp_err.c
-
-$(OBJ_D)/e_null.o: $(SRC_D)/crypto/evp/e_null.c
-	$(CC) -o $(OBJ_D)/e_null.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_null.c
-
-$(OBJ_D)/c_all.o: $(SRC_D)/crypto/evp/c_all.c
-	$(CC) -o $(OBJ_D)/c_all.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/c_all.c
-
-$(OBJ_D)/evp_lib.o: $(SRC_D)/crypto/evp/evp_lib.c
-	$(CC) -o $(OBJ_D)/evp_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/evp_lib.c
-
-$(OBJ_D)/pem_sign.o: $(SRC_D)/crypto/pem/pem_sign.c
-	$(CC) -o $(OBJ_D)/pem_sign.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/pem/pem_sign.c
-
-$(OBJ_D)/pem_seal.o: $(SRC_D)/crypto/pem/pem_seal.c
-	$(CC) -o $(OBJ_D)/pem_seal.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/pem/pem_seal.c
-
-$(OBJ_D)/pem_info.o: $(SRC_D)/crypto/pem/pem_info.c
-	$(CC) -o $(OBJ_D)/pem_info.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/pem/pem_info.c
-
-$(OBJ_D)/pem_lib.o: $(SRC_D)/crypto/pem/pem_lib.c
-	$(CC) -o $(OBJ_D)/pem_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/pem/pem_lib.c
-
-$(OBJ_D)/pem_all.o: $(SRC_D)/crypto/pem/pem_all.c
-	$(CC) -o $(OBJ_D)/pem_all.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/pem/pem_all.c
-
-$(OBJ_D)/pem_err.o: $(SRC_D)/crypto/pem/pem_err.c
-	$(CC) -o $(OBJ_D)/pem_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/pem/pem_err.c
-
-$(OBJ_D)/a_object.o: $(SRC_D)/crypto/asn1/a_object.c
-	$(CC) -o $(OBJ_D)/a_object.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_object.c
-
-$(OBJ_D)/a_bitstr.o: $(SRC_D)/crypto/asn1/a_bitstr.c
-	$(CC) -o $(OBJ_D)/a_bitstr.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_bitstr.c
-
-$(OBJ_D)/a_utctm.o: $(SRC_D)/crypto/asn1/a_utctm.c
-	$(CC) -o $(OBJ_D)/a_utctm.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_utctm.c
-
-$(OBJ_D)/a_int.o: $(SRC_D)/crypto/asn1/a_int.c
-	$(CC) -o $(OBJ_D)/a_int.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_int.c
-
-$(OBJ_D)/a_octet.o: $(SRC_D)/crypto/asn1/a_octet.c
-	$(CC) -o $(OBJ_D)/a_octet.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_octet.c
-
-$(OBJ_D)/a_print.o: $(SRC_D)/crypto/asn1/a_print.c
-	$(CC) -o $(OBJ_D)/a_print.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_print.c
-
-$(OBJ_D)/a_type.o: $(SRC_D)/crypto/asn1/a_type.c
-	$(CC) -o $(OBJ_D)/a_type.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_type.c
-
-$(OBJ_D)/a_set.o: $(SRC_D)/crypto/asn1/a_set.c
-	$(CC) -o $(OBJ_D)/a_set.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_set.c
-
-$(OBJ_D)/a_dup.o: $(SRC_D)/crypto/asn1/a_dup.c
-	$(CC) -o $(OBJ_D)/a_dup.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_dup.c
-
-$(OBJ_D)/a_d2i_fp.o: $(SRC_D)/crypto/asn1/a_d2i_fp.c
-	$(CC) -o $(OBJ_D)/a_d2i_fp.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_d2i_fp.c
-
-$(OBJ_D)/a_i2d_fp.o: $(SRC_D)/crypto/asn1/a_i2d_fp.c
-	$(CC) -o $(OBJ_D)/a_i2d_fp.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_i2d_fp.c
-
-$(OBJ_D)/a_sign.o: $(SRC_D)/crypto/asn1/a_sign.c
-	$(CC) -o $(OBJ_D)/a_sign.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_sign.c
-
-$(OBJ_D)/a_digest.o: $(SRC_D)/crypto/asn1/a_digest.c
-	$(CC) -o $(OBJ_D)/a_digest.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_digest.c
-
-$(OBJ_D)/a_verify.o: $(SRC_D)/crypto/asn1/a_verify.c
-	$(CC) -o $(OBJ_D)/a_verify.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_verify.c
-
-$(OBJ_D)/x_algor.o: $(SRC_D)/crypto/asn1/x_algor.c
-	$(CC) -o $(OBJ_D)/x_algor.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_algor.c
-
-$(OBJ_D)/x_val.o: $(SRC_D)/crypto/asn1/x_val.c
-	$(CC) -o $(OBJ_D)/x_val.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_val.c
-
-$(OBJ_D)/x_pubkey.o: $(SRC_D)/crypto/asn1/x_pubkey.c
-	$(CC) -o $(OBJ_D)/x_pubkey.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_pubkey.c
-
-$(OBJ_D)/x_sig.o: $(SRC_D)/crypto/asn1/x_sig.c
-	$(CC) -o $(OBJ_D)/x_sig.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_sig.c
-
-$(OBJ_D)/x_req.o: $(SRC_D)/crypto/asn1/x_req.c
-	$(CC) -o $(OBJ_D)/x_req.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_req.c
-
-$(OBJ_D)/x_attrib.o: $(SRC_D)/crypto/asn1/x_attrib.c
-	$(CC) -o $(OBJ_D)/x_attrib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_attrib.c
-
-$(OBJ_D)/x_name.o: $(SRC_D)/crypto/asn1/x_name.c
-	$(CC) -o $(OBJ_D)/x_name.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_name.c
-
-$(OBJ_D)/x_cinf.o: $(SRC_D)/crypto/asn1/x_cinf.c
-	$(CC) -o $(OBJ_D)/x_cinf.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_cinf.c
-
-$(OBJ_D)/x_x509.o: $(SRC_D)/crypto/asn1/x_x509.c
-	$(CC) -o $(OBJ_D)/x_x509.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_x509.c
-
-$(OBJ_D)/x_crl.o: $(SRC_D)/crypto/asn1/x_crl.c
-	$(CC) -o $(OBJ_D)/x_crl.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_crl.c
-
-$(OBJ_D)/x_info.o: $(SRC_D)/crypto/asn1/x_info.c
-	$(CC) -o $(OBJ_D)/x_info.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_info.c
-
-$(OBJ_D)/x_spki.o: $(SRC_D)/crypto/asn1/x_spki.c
-	$(CC) -o $(OBJ_D)/x_spki.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_spki.c
-
-$(OBJ_D)/d2i_r_pr.o: $(SRC_D)/crypto/asn1/d2i_r_pr.c
-	$(CC) -o $(OBJ_D)/d2i_r_pr.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_r_pr.c
-
-$(OBJ_D)/i2d_r_pr.o: $(SRC_D)/crypto/asn1/i2d_r_pr.c
-	$(CC) -o $(OBJ_D)/i2d_r_pr.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_r_pr.c
-
-$(OBJ_D)/d2i_r_pu.o: $(SRC_D)/crypto/asn1/d2i_r_pu.c
-	$(CC) -o $(OBJ_D)/d2i_r_pu.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_r_pu.c
-
-$(OBJ_D)/i2d_r_pu.o: $(SRC_D)/crypto/asn1/i2d_r_pu.c
-	$(CC) -o $(OBJ_D)/i2d_r_pu.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_r_pu.c
-
-$(OBJ_D)/d2i_s_pr.o: $(SRC_D)/crypto/asn1/d2i_s_pr.c
-	$(CC) -o $(OBJ_D)/d2i_s_pr.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_s_pr.c
-
-$(OBJ_D)/i2d_s_pr.o: $(SRC_D)/crypto/asn1/i2d_s_pr.c
-	$(CC) -o $(OBJ_D)/i2d_s_pr.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_s_pr.c
-
-$(OBJ_D)/d2i_s_pu.o: $(SRC_D)/crypto/asn1/d2i_s_pu.c
-	$(CC) -o $(OBJ_D)/d2i_s_pu.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_s_pu.c
-
-$(OBJ_D)/i2d_s_pu.o: $(SRC_D)/crypto/asn1/i2d_s_pu.c
-	$(CC) -o $(OBJ_D)/i2d_s_pu.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_s_pu.c
-
-$(OBJ_D)/d2i_pu.o: $(SRC_D)/crypto/asn1/d2i_pu.c
-	$(CC) -o $(OBJ_D)/d2i_pu.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_pu.c
-
-$(OBJ_D)/d2i_pr.o: $(SRC_D)/crypto/asn1/d2i_pr.c
-	$(CC) -o $(OBJ_D)/d2i_pr.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_pr.c
-
-$(OBJ_D)/i2d_pu.o: $(SRC_D)/crypto/asn1/i2d_pu.c
-	$(CC) -o $(OBJ_D)/i2d_pu.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_pu.c
-
-$(OBJ_D)/i2d_pr.o: $(SRC_D)/crypto/asn1/i2d_pr.c
-	$(CC) -o $(OBJ_D)/i2d_pr.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_pr.c
-
-$(OBJ_D)/t_req.o: $(SRC_D)/crypto/asn1/t_req.c
-	$(CC) -o $(OBJ_D)/t_req.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/t_req.c
-
-$(OBJ_D)/t_x509.o: $(SRC_D)/crypto/asn1/t_x509.c
-	$(CC) -o $(OBJ_D)/t_x509.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/t_x509.c
-
-$(OBJ_D)/t_pkey.o: $(SRC_D)/crypto/asn1/t_pkey.c
-	$(CC) -o $(OBJ_D)/t_pkey.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/t_pkey.c
-
-$(OBJ_D)/p7_i_s.o: $(SRC_D)/crypto/asn1/p7_i_s.c
-	$(CC) -o $(OBJ_D)/p7_i_s.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_i_s.c
-
-$(OBJ_D)/p7_signi.o: $(SRC_D)/crypto/asn1/p7_signi.c
-	$(CC) -o $(OBJ_D)/p7_signi.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_signi.c
-
-$(OBJ_D)/p7_signd.o: $(SRC_D)/crypto/asn1/p7_signd.c
-	$(CC) -o $(OBJ_D)/p7_signd.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_signd.c
-
-$(OBJ_D)/p7_recip.o: $(SRC_D)/crypto/asn1/p7_recip.c
-	$(CC) -o $(OBJ_D)/p7_recip.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_recip.c
-
-$(OBJ_D)/p7_enc_c.o: $(SRC_D)/crypto/asn1/p7_enc_c.c
-	$(CC) -o $(OBJ_D)/p7_enc_c.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_enc_c.c
-
-$(OBJ_D)/p7_evp.o: $(SRC_D)/crypto/asn1/p7_evp.c
-	$(CC) -o $(OBJ_D)/p7_evp.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_evp.c
-
-$(OBJ_D)/p7_dgst.o: $(SRC_D)/crypto/asn1/p7_dgst.c
-	$(CC) -o $(OBJ_D)/p7_dgst.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_dgst.c
-
-$(OBJ_D)/p7_s_e.o: $(SRC_D)/crypto/asn1/p7_s_e.c
-	$(CC) -o $(OBJ_D)/p7_s_e.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_s_e.c
-
-$(OBJ_D)/p7_enc.o: $(SRC_D)/crypto/asn1/p7_enc.c
-	$(CC) -o $(OBJ_D)/p7_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_enc.c
-
-$(OBJ_D)/p7_lib.o: $(SRC_D)/crypto/asn1/p7_lib.c
-	$(CC) -o $(OBJ_D)/p7_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_lib.c
-
-$(OBJ_D)/f_int.o: $(SRC_D)/crypto/asn1/f_int.c
-	$(CC) -o $(OBJ_D)/f_int.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/f_int.c
-
-$(OBJ_D)/f_string.o: $(SRC_D)/crypto/asn1/f_string.c
-	$(CC) -o $(OBJ_D)/f_string.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/f_string.c
-
-$(OBJ_D)/i2d_dhp.o: $(SRC_D)/crypto/asn1/i2d_dhp.c
-	$(CC) -o $(OBJ_D)/i2d_dhp.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_dhp.c
-
-$(OBJ_D)/i2d_dsap.o: $(SRC_D)/crypto/asn1/i2d_dsap.c
-	$(CC) -o $(OBJ_D)/i2d_dsap.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_dsap.c
-
-$(OBJ_D)/d2i_dhp.o: $(SRC_D)/crypto/asn1/d2i_dhp.c
-	$(CC) -o $(OBJ_D)/d2i_dhp.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_dhp.c
-
-$(OBJ_D)/d2i_dsap.o: $(SRC_D)/crypto/asn1/d2i_dsap.c
-	$(CC) -o $(OBJ_D)/d2i_dsap.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_dsap.c
-
-$(OBJ_D)/n_pkey.o: $(SRC_D)/crypto/asn1/n_pkey.c
-	$(CC) -o $(OBJ_D)/n_pkey.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/n_pkey.c
-
-$(OBJ_D)/a_hdr.o: $(SRC_D)/crypto/asn1/a_hdr.c
-	$(CC) -o $(OBJ_D)/a_hdr.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_hdr.c
-
-$(OBJ_D)/x_pkey.o: $(SRC_D)/crypto/asn1/x_pkey.c
-	$(CC) -o $(OBJ_D)/x_pkey.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_pkey.c
-
-$(OBJ_D)/a_bool.o: $(SRC_D)/crypto/asn1/a_bool.c
-	$(CC) -o $(OBJ_D)/a_bool.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_bool.c
-
-$(OBJ_D)/x_exten.o: $(SRC_D)/crypto/asn1/x_exten.c
-	$(CC) -o $(OBJ_D)/x_exten.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_exten.c
-
-$(OBJ_D)/asn1_par.o: $(SRC_D)/crypto/asn1/asn1_par.c
-	$(CC) -o $(OBJ_D)/asn1_par.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/asn1_par.c
-
-$(OBJ_D)/asn1_lib.o: $(SRC_D)/crypto/asn1/asn1_lib.c
-	$(CC) -o $(OBJ_D)/asn1_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/asn1_lib.c
-
-$(OBJ_D)/asn1_err.o: $(SRC_D)/crypto/asn1/asn1_err.c
-	$(CC) -o $(OBJ_D)/asn1_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/asn1_err.c
-
-$(OBJ_D)/a_meth.o: $(SRC_D)/crypto/asn1/a_meth.c
-	$(CC) -o $(OBJ_D)/a_meth.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_meth.c
-
-$(OBJ_D)/a_bytes.o: $(SRC_D)/crypto/asn1/a_bytes.c
-	$(CC) -o $(OBJ_D)/a_bytes.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_bytes.c
-
-$(OBJ_D)/evp_asn1.o: $(SRC_D)/crypto/asn1/evp_asn1.c
-	$(CC) -o $(OBJ_D)/evp_asn1.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/evp_asn1.c
-
-$(OBJ_D)/x509_def.o: $(SRC_D)/crypto/x509/x509_def.c
-	$(CC) -o $(OBJ_D)/x509_def.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_def.c
-
-$(OBJ_D)/x509_d2.o: $(SRC_D)/crypto/x509/x509_d2.c
-	$(CC) -o $(OBJ_D)/x509_d2.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_d2.c
-
-$(OBJ_D)/x509_r2x.o: $(SRC_D)/crypto/x509/x509_r2x.c
-	$(CC) -o $(OBJ_D)/x509_r2x.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_r2x.c
-
-$(OBJ_D)/x509_cmp.o: $(SRC_D)/crypto/x509/x509_cmp.c
-	$(CC) -o $(OBJ_D)/x509_cmp.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_cmp.c
-
-$(OBJ_D)/x509_obj.o: $(SRC_D)/crypto/x509/x509_obj.c
-	$(CC) -o $(OBJ_D)/x509_obj.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_obj.c
-
-$(OBJ_D)/x509_req.o: $(SRC_D)/crypto/x509/x509_req.c
-	$(CC) -o $(OBJ_D)/x509_req.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_req.c
-
-$(OBJ_D)/x509_vfy.o: $(SRC_D)/crypto/x509/x509_vfy.c
-	$(CC) -o $(OBJ_D)/x509_vfy.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_vfy.c
-
-$(OBJ_D)/x509_set.o: $(SRC_D)/crypto/x509/x509_set.c
-	$(CC) -o $(OBJ_D)/x509_set.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_set.c
-
-$(OBJ_D)/x509rset.o: $(SRC_D)/crypto/x509/x509rset.c
-	$(CC) -o $(OBJ_D)/x509rset.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509rset.c
-
-$(OBJ_D)/x509_err.o: $(SRC_D)/crypto/x509/x509_err.c
-	$(CC) -o $(OBJ_D)/x509_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_err.c
-
-$(OBJ_D)/x509name.o: $(SRC_D)/crypto/x509/x509name.c
-	$(CC) -o $(OBJ_D)/x509name.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509name.c
-
-$(OBJ_D)/x509_v3.o: $(SRC_D)/crypto/x509/x509_v3.c
-	$(CC) -o $(OBJ_D)/x509_v3.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_v3.c
-
-$(OBJ_D)/x509_ext.o: $(SRC_D)/crypto/x509/x509_ext.c
-	$(CC) -o $(OBJ_D)/x509_ext.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_ext.c
-
-$(OBJ_D)/x509pack.o: $(SRC_D)/crypto/x509/x509pack.c
-	$(CC) -o $(OBJ_D)/x509pack.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509pack.c
-
-$(OBJ_D)/x509type.o: $(SRC_D)/crypto/x509/x509type.c
-	$(CC) -o $(OBJ_D)/x509type.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509type.c
-
-$(OBJ_D)/x509_lu.o: $(SRC_D)/crypto/x509/x509_lu.c
-	$(CC) -o $(OBJ_D)/x509_lu.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_lu.c
-
-$(OBJ_D)/x_all.o: $(SRC_D)/crypto/x509/x_all.c
-	$(CC) -o $(OBJ_D)/x_all.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x_all.c
-
-$(OBJ_D)/x509_txt.o: $(SRC_D)/crypto/x509/x509_txt.c
-	$(CC) -o $(OBJ_D)/x509_txt.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_txt.c
-
-$(OBJ_D)/by_file.o: $(SRC_D)/crypto/x509/by_file.c
-	$(CC) -o $(OBJ_D)/by_file.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/by_file.c
-
-$(OBJ_D)/by_dir.o: $(SRC_D)/crypto/x509/by_dir.c
-	$(CC) -o $(OBJ_D)/by_dir.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/by_dir.c
-
-$(OBJ_D)/v3_net.o: $(SRC_D)/crypto/x509/v3_net.c
-	$(CC) -o $(OBJ_D)/v3_net.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/v3_net.c
-
-$(OBJ_D)/v3_x509.o: $(SRC_D)/crypto/x509/v3_x509.c
-	$(CC) -o $(OBJ_D)/v3_x509.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/v3_x509.c
-
-$(OBJ_D)/conf.o: $(SRC_D)/crypto/conf/conf.c
-	$(CC) -o $(OBJ_D)/conf.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/conf/conf.c
-
-$(OBJ_D)/conf_err.o: $(SRC_D)/crypto/conf/conf_err.c
-	$(CC) -o $(OBJ_D)/conf_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/conf/conf_err.c
-
-$(OBJ_D)/txt_db.o: $(SRC_D)/crypto/txt_db/txt_db.c
-	$(CC) -o $(OBJ_D)/txt_db.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/txt_db/txt_db.c
-
-$(OBJ_D)/pk7_lib.o: $(SRC_D)/crypto/pkcs7/pk7_lib.c
-	$(CC) -o $(OBJ_D)/pk7_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/pkcs7/pk7_lib.c
-
-$(OBJ_D)/pkcs7err.o: $(SRC_D)/crypto/pkcs7/pkcs7err.c
-	$(CC) -o $(OBJ_D)/pkcs7err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/pkcs7/pkcs7err.c
-
-$(OBJ_D)/pk7_doit.o: $(SRC_D)/crypto/pkcs7/pk7_doit.c
-	$(CC) -o $(OBJ_D)/pk7_doit.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/pkcs7/pk7_doit.c
-
-$(OBJ_D)/s2_meth.o: $(SRC_D)/ssl/s2_meth.c
-	$(CC) -o $(OBJ_D)/s2_meth.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s2_meth.c
-
-$(OBJ_D)/s2_srvr.o: $(SRC_D)/ssl/s2_srvr.c
-	$(CC) -o $(OBJ_D)/s2_srvr.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s2_srvr.c
-
-$(OBJ_D)/s2_clnt.o: $(SRC_D)/ssl/s2_clnt.c
-	$(CC) -o $(OBJ_D)/s2_clnt.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s2_clnt.c
-
-$(OBJ_D)/s2_lib.o: $(SRC_D)/ssl/s2_lib.c
-	$(CC) -o $(OBJ_D)/s2_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s2_lib.c
-
-$(OBJ_D)/s2_enc.o: $(SRC_D)/ssl/s2_enc.c
-	$(CC) -o $(OBJ_D)/s2_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s2_enc.c
-
-$(OBJ_D)/s2_pkt.o: $(SRC_D)/ssl/s2_pkt.c
-	$(CC) -o $(OBJ_D)/s2_pkt.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s2_pkt.c
-
-$(OBJ_D)/s3_meth.o: $(SRC_D)/ssl/s3_meth.c
-	$(CC) -o $(OBJ_D)/s3_meth.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s3_meth.c
-
-$(OBJ_D)/s3_srvr.o: $(SRC_D)/ssl/s3_srvr.c
-	$(CC) -o $(OBJ_D)/s3_srvr.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s3_srvr.c
-
-$(OBJ_D)/s3_clnt.o: $(SRC_D)/ssl/s3_clnt.c
-	$(CC) -o $(OBJ_D)/s3_clnt.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s3_clnt.c
-
-$(OBJ_D)/s3_lib.o: $(SRC_D)/ssl/s3_lib.c
-	$(CC) -o $(OBJ_D)/s3_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s3_lib.c
-
-$(OBJ_D)/s3_enc.o: $(SRC_D)/ssl/s3_enc.c
-	$(CC) -o $(OBJ_D)/s3_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s3_enc.c
-
-$(OBJ_D)/s3_pkt.o: $(SRC_D)/ssl/s3_pkt.c
-	$(CC) -o $(OBJ_D)/s3_pkt.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s3_pkt.c
-
-$(OBJ_D)/s3_both.o: $(SRC_D)/ssl/s3_both.c
-	$(CC) -o $(OBJ_D)/s3_both.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s3_both.c
-
-$(OBJ_D)/s23_meth.o: $(SRC_D)/ssl/s23_meth.c
-	$(CC) -o $(OBJ_D)/s23_meth.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s23_meth.c
-
-$(OBJ_D)/s23_srvr.o: $(SRC_D)/ssl/s23_srvr.c
-	$(CC) -o $(OBJ_D)/s23_srvr.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s23_srvr.c
-
-$(OBJ_D)/s23_clnt.o: $(SRC_D)/ssl/s23_clnt.c
-	$(CC) -o $(OBJ_D)/s23_clnt.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s23_clnt.c
-
-$(OBJ_D)/s23_lib.o: $(SRC_D)/ssl/s23_lib.c
-	$(CC) -o $(OBJ_D)/s23_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s23_lib.c
-
-$(OBJ_D)/s23_pkt.o: $(SRC_D)/ssl/s23_pkt.c
-	$(CC) -o $(OBJ_D)/s23_pkt.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s23_pkt.c
-
-$(OBJ_D)/t1_meth.o: $(SRC_D)/ssl/t1_meth.c
-	$(CC) -o $(OBJ_D)/t1_meth.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/t1_meth.c
-
-$(OBJ_D)/t1_srvr.o: $(SRC_D)/ssl/t1_srvr.c
-	$(CC) -o $(OBJ_D)/t1_srvr.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/t1_srvr.c
-
-$(OBJ_D)/t1_clnt.o: $(SRC_D)/ssl/t1_clnt.c
-	$(CC) -o $(OBJ_D)/t1_clnt.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/t1_clnt.c
-
-$(OBJ_D)/t1_lib.o: $(SRC_D)/ssl/t1_lib.c
-	$(CC) -o $(OBJ_D)/t1_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/t1_lib.c
-
-$(OBJ_D)/t1_enc.o: $(SRC_D)/ssl/t1_enc.c
-	$(CC) -o $(OBJ_D)/t1_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/t1_enc.c
-
-$(OBJ_D)/ssl_lib.o: $(SRC_D)/ssl/ssl_lib.c
-	$(CC) -o $(OBJ_D)/ssl_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_lib.c
-
-$(OBJ_D)/ssl_err2.o: $(SRC_D)/ssl/ssl_err2.c
-	$(CC) -o $(OBJ_D)/ssl_err2.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_err2.c
-
-$(OBJ_D)/ssl_cert.o: $(SRC_D)/ssl/ssl_cert.c
-	$(CC) -o $(OBJ_D)/ssl_cert.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_cert.c
-
-$(OBJ_D)/ssl_sess.o: $(SRC_D)/ssl/ssl_sess.c
-	$(CC) -o $(OBJ_D)/ssl_sess.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_sess.c
-
-$(OBJ_D)/ssl_ciph.o: $(SRC_D)/ssl/ssl_ciph.c
-	$(CC) -o $(OBJ_D)/ssl_ciph.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_ciph.c
-
-$(OBJ_D)/ssl_stat.o: $(SRC_D)/ssl/ssl_stat.c
-	$(CC) -o $(OBJ_D)/ssl_stat.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_stat.c
-
-$(OBJ_D)/ssl_rsa.o: $(SRC_D)/ssl/ssl_rsa.c
-	$(CC) -o $(OBJ_D)/ssl_rsa.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_rsa.c
-
-$(OBJ_D)/ssl_asn1.o: $(SRC_D)/ssl/ssl_asn1.c
-	$(CC) -o $(OBJ_D)/ssl_asn1.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_asn1.c
-
-$(OBJ_D)/ssl_txt.o: $(SRC_D)/ssl/ssl_txt.c
-	$(CC) -o $(OBJ_D)/ssl_txt.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_txt.c
-
-$(OBJ_D)/ssl_algs.o: $(SRC_D)/ssl/ssl_algs.c
-	$(CC) -o $(OBJ_D)/ssl_algs.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_algs.c
-
-$(OBJ_D)/bio_ssl.o: $(SRC_D)/ssl/bio_ssl.c
-	$(CC) -o $(OBJ_D)/bio_ssl.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/bio_ssl.c
-
-$(OBJ_D)/ssl_err.o: $(SRC_D)/ssl/ssl_err.c
-	$(CC) -o $(OBJ_D)/ssl_err.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_err.c
-
-$(OBJ_D)/rsaref.o: $(SRC_D)/rsaref/rsaref.c
-	$(CC) -o $(OBJ_D)/rsaref.o  $(LIB_CFLAGS) -c $(SRC_D)/rsaref/rsaref.c
-
-$(OBJ_D)/rsar_err.o: $(SRC_D)/rsaref/rsar_err.c
-	$(CC) -o $(OBJ_D)/rsar_err.o  $(LIB_CFLAGS) -c $(SRC_D)/rsaref/rsar_err.c
-
-$(TEST_D)/md2test: $(OBJ_D)/md2test.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/md2test $(LFLAGS) $(OBJ_D)/md2test.o $(L_LIBS) $(EX_LIBS)
-
-$(TEST_D)/md5test: $(OBJ_D)/md5test.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/md5test $(LFLAGS) $(OBJ_D)/md5test.o $(L_LIBS) $(EX_LIBS)
-
-$(TEST_D)/shatest: $(OBJ_D)/shatest.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/shatest $(LFLAGS) $(OBJ_D)/shatest.o $(L_LIBS) $(EX_LIBS)
-
-$(TEST_D)/sha1test: $(OBJ_D)/sha1test.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/sha1test $(LFLAGS) $(OBJ_D)/sha1test.o $(L_LIBS) $(EX_LIBS)
-
-$(TEST_D)/mdc2test: $(OBJ_D)/mdc2test.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/mdc2test $(LFLAGS) $(OBJ_D)/mdc2test.o $(L_LIBS) $(EX_LIBS)
-
-$(TEST_D)/hmactest: $(OBJ_D)/hmactest.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/hmactest $(LFLAGS) $(OBJ_D)/hmactest.o $(L_LIBS) $(EX_LIBS)
-
-$(TEST_D)/rmdtest: $(OBJ_D)/rmdtest.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/rmdtest $(LFLAGS) $(OBJ_D)/rmdtest.o $(L_LIBS) $(EX_LIBS)
-
-$(TEST_D)/destest: $(OBJ_D)/destest.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/destest $(LFLAGS) $(OBJ_D)/destest.o $(L_LIBS) $(EX_LIBS)
-
-$(TEST_D)/rc2test: $(OBJ_D)/rc2test.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/rc2test $(LFLAGS) $(OBJ_D)/rc2test.o $(L_LIBS) $(EX_LIBS)
-
-$(TEST_D)/rc4test: $(OBJ_D)/rc4test.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/rc4test $(LFLAGS) $(OBJ_D)/rc4test.o $(L_LIBS) $(EX_LIBS)
-
-$(TEST_D)/rc5test: $(OBJ_D)/rc5test.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/rc5test $(LFLAGS) $(OBJ_D)/rc5test.o $(L_LIBS) $(EX_LIBS)
-
-$(TEST_D)/ideatest: $(OBJ_D)/ideatest.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/ideatest $(LFLAGS) $(OBJ_D)/ideatest.o $(L_LIBS) $(EX_LIBS)
-
-$(TEST_D)/bftest: $(OBJ_D)/bftest.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/bftest $(LFLAGS) $(OBJ_D)/bftest.o $(L_LIBS) $(EX_LIBS)
-
-$(TEST_D)/casttest: $(OBJ_D)/casttest.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/casttest $(LFLAGS) $(OBJ_D)/casttest.o $(L_LIBS) $(EX_LIBS)
-
-$(TEST_D)/bntest: $(OBJ_D)/bntest.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/bntest $(LFLAGS) $(OBJ_D)/bntest.o $(L_LIBS) $(EX_LIBS)
-
-$(TEST_D)/exptest: $(OBJ_D)/exptest.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/exptest $(LFLAGS) $(OBJ_D)/exptest.o $(L_LIBS) $(EX_LIBS)
-
-$(TEST_D)/dsatest: $(OBJ_D)/dsatest.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/dsatest $(LFLAGS) $(OBJ_D)/dsatest.o $(L_LIBS) $(EX_LIBS)
-
-$(TEST_D)/dhtest: $(OBJ_D)/dhtest.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/dhtest $(LFLAGS) $(OBJ_D)/dhtest.o $(L_LIBS) $(EX_LIBS)
-
-$(TEST_D)/randtest: $(OBJ_D)/randtest.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/randtest $(LFLAGS) $(OBJ_D)/randtest.o $(L_LIBS) $(EX_LIBS)
-
-$(TEST_D)/ssltest: $(OBJ_D)/ssltest.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/ssltest $(LFLAGS) $(OBJ_D)/ssltest.o $(L_LIBS) $(EX_LIBS)
-
-$(LIB_D)/$(O_SSL): $(SSLOBJ)
-	$(RM) $(LIB_D)/$(O_SSL)
-	$(MKLIB) $(LIB_D)/$(O_SSL) $(SSLOBJ)
-	$(RANLIB) $(LIB_D)/$(O_SSL)
-
-$(LIB_D)/$(O_RSAGLUE): $(RSAGLUEOBJ)
-	$(RM) $(LIB_D)/$(O_RSAGLUE)
-	$(MKLIB) $(LIB_D)/$(O_RSAGLUE) $(RSAGLUEOBJ)
-	$(RANLIB) $(LIB_D)/$(O_RSAGLUE)
-
-$(LIB_D)/$(O_CRYPTO): $(CRYPTOOBJ)
-	$(RM) $(LIB_D)/$(O_CRYPTO)
-	$(MKLIB) $(LIB_D)/$(O_CRYPTO) $(CRYPTOOBJ)
-	$(RANLIB) $(LIB_D)/$(O_CRYPTO)
-
-$(BIN_D)/$(E_EXE): $(E_OBJ) $(LIBS_DEP)
-	$(LINK) -o $(BIN_D)/$(E_EXE) $(LFLAGS) $(E_OBJ) $(L_LIBS) $(EX_LIBS)
-
diff --git a/lib/libssl/src/makevms.com b/lib/libssl/src/makevms.com
index 2f4792aa9ac..977f2cee427 100644
--- a/lib/libssl/src/makevms.com
+++ b/lib/libssl/src/makevms.com
@@ -1,65 +1,906 @@
 $!
-$! This procedure compiles the SSL sources into 2 libraries:
-$!	[.CRYPTO]CRYPTO-xxx.OLB		! crypto-graphics subroutines
-$!	[.SSL]SSL-xxx.OLB		! SSL protocol.
-$!
-$!  where 'xxx' specifies the machine achitecture: AXP or VAX
-$!
-$!  To perform 1 sub-option, specify P1 as one of:
-$!	INCLUDE CRYPTO SSL SSL_TASK
-$!
-$!  Requirements:
-$!	DECC 4.0   	(may work with other versions)
-$!	OpenVMS 6.1	(may work with other versions)
-$!
-$ original_default = f$environment("DEFAULT")
-$ proc = f$environment("PROCEDURE")
-$ proc_dir = f$parse("1.1;1",proc) - "1.1;1"
-$ set default 'proc_dir'
-$!
-$! Copy all include files to [.include]
-$!
-$ set noon
-$ if P1 .nes. "" then goto do_'p1'
-$ do_include
-$ write sys$output "Rebuilding [.include] directory..."
-$ delete [.include]*.h;*
-$ backup [.*...]*.h; includes.bck/save
-$ backup includes.bck/save [.include]
-$ delete includes.bck;
-$ if p1 .nes. "" then goto cleanup
-$!
-$! Build crypto lib.
-$!
-$ do_crypto:
-$ write sys$Output "Making CRYPTO library"
-$ set default [.crypto]
-$ @libvms
-$ set default [-]
-$ if p1 .nes. "" then goto cleanup
-$!
-$! Build SSL lib.
-$!
-$ do_ssl:
-$ write sys$output "Making SSL library"
-$ set default [.ssl]
-$ libname = "ssl-axp.olb"
-$ if f$getsyi("CPU") .lt. 128 then libname = "ssl-vax.olb"
-$ if f$search(libname) .eqs. "" then library/create/log 'libname'
-$ cc ssl.c/include=[-.include]/prefix=all
-$ library/replace 'libname' ssl.obj
-$ set default [-]
-$ if p1 .nes. "" then goto cleanup
-$!
-$ do_ssl_task:
-$ write sys$output "Building SSL_TASK.EXE, the DECnet-based SSL engine"
-$ set default [.ssl]
-$ libname = "ssl-axp.olb"
-$ if f$getsyi("CPU") .lt. 128 then libname = "ssl-vax.olb"
-$ cc ssl_task/include=[-.include]/prefix=all
-$ cryptolib = "[-.crypto]crypto-" + f$element(1,"-",libname)
-$ link ssl_task,'libname'/library,'cryptolib'/library
-$!
-$ cleanup:
-$ set default 'original_default'
-$ write sys$output "Done"
+$! MAKEVMS.COM
+$! Original Author:  UNKNOWN
+$! Rewritten By:  Robert Byer
+$!                Vice-President
+$!                A-Com Computing, Inc.
+$!                byer@mail.all-net.net
+$!
+$! Changes by Richard Levitte <richard@levitte.org>
+$!
+$! This procedure creates the SSL libraries of "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB"
+$! "[.xxx.EXE.SSL]LIBSSL.OLB" and if specified "[.xxx.EXE.RSAREF]LIBRSAGLUE.OLB".
+$! The "xxx" denotes the machine architecture of AXP or VAX.
+$!
+$! This procedures accepts two command line options listed below.
+$!
+$! Specify one of the following build options for P1.
+$!
+$!      ALL       Just build "everything".
+$!      BUILDINF  Just build the "[.CRYPTO]BUILDINF.H" file.
+$!      SOFTLINKS Just fix the Unix soft links.
+$!      RSAREF    Just build the "[.xxx.EXE.RSAREF]LIBRSAGLUE.OLB" library.
+$!      CRYPTO    Just build the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" library.
+$!      SSL       Just build the "[.xxx.EXE.SSL]LIBSSL.OLB" library.
+$!      SSL_TASK  Just build the "[.xxx.EXE.SSL]SSL_TASK.EXE" program.
+$!      TEST      Just build the "[.xxx.EXE.TEST]" test programs for OpenSSL.
+$!      APPS      Just build the "[.xxx.EXE.APPS]" application programs for OpenSSL.
+$!
+$!
+$! Specify RSAREF as P2 to compile using the RSAREF Library.
+$! If you specify NORSAREF, it will compile without using RSAREF.
+$! (If in the United States, You Must Compile Using RSAREF).
+$!
+$! Note: The RSAREF libraries are NOT INCLUDED and you have to
+$!       download it from "ftp://ftp.rsa.com/rsaref".  You have to
+$!       get the ".tar-Z" file as the ".zip" file dosen't have the
+$!       directory structure stored.  You have to extract the file
+$!       into the [.RSAREF] directory as that is where the scripts
+$!       will look for the files.
+$!
+$! Speficy DEBUG or NODEBUG as P3 to compile with or without debugging
+$! information.
+$!
+$! Specify which compiler at P4 to try to compile under.
+$!
+$!	  VAXC	 For VAX C.
+$!	  DECC	 For DEC C.
+$!	  GNUC	 For GNU C.
+$!	  LINK   To only link the programs from existing object files.
+$!               (not yet implemented)
+$!
+$! If you don't speficy a compiler, it will try to determine which
+$! "C" compiler to use.
+$!
+$!  P5, if defined, sets a TCP/IP library to use, through one of the following
+$!  keywords:
+$!
+$!	UCX		for UCX or UCX emulation
+$!	SOCKETSHR	for SOCKETSHR+NETLIB
+$!
+$! P6, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
+$!
+$!
+$! Check Which Architecture We Are Using.
+$!
+$ IF (F$GETSYI("CPU").GE.128)
+$ THEN
+$!
+$!  The Architecture Is AXP.
+$!
+$   ARCH := AXP
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  The Architecture Is VAX.
+$!
+$   ARCH := VAX
+$!
+$! End The Architecture Check.
+$!
+$ ENDIF
+$!
+$! Check To Make Sure We Have Valid Command Line Parameters.
+$!
+$ GOSUB CHECK_OPTIONS
+$!
+$! Check To See What We Are To Do.
+$!
+$ IF (BUILDALL.EQS."TRUE")
+$ THEN
+$!
+$!  Since Nothing Special Was Specified, Do Everything.
+$!  First, Fix The Unix Softlinks.
+$!
+$   GOSUB SOFTLINKS
+$!
+$!  Create The "BUILDINF.H" Include File.
+$!
+$   GOSUB BUILDINF
+$!
+$!  Check To See If We Are Going To Be Building The 
+$!  [.xxx.EXE.RSAREF]LIBRSAGLUE.OLB Library.
+$!
+$   IF (RSAREF.EQS."RSAREF")
+$   THEN
+$!
+$!    Build The [.xxx.EXE.RSAREF]LIBRSAGLUE.OLB Library.
+$!
+$     GOSUB RSAREF
+$!
+$!  End The RSAREF Check.
+$!
+$   ENDIF
+$!
+$!  Build The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library.
+$!
+$   GOSUB CRYPTO
+$!
+$!  Build The [.xxx.EXE.SSL]LIBSSL.OLB Library.
+$!
+$   GOSUB SSL
+$!
+$!  Build The [.xxx.EXE.SSL]SSL_TASK.EXE DECNet SSL Engine.
+$!
+$   GOSUB SSL_TASK
+$!
+$!  Build The [.xxx.EXE.TEST] OpenSSL Test Utilities.
+$!
+$   GOSUB TEST
+$!
+$!  Build The [.xxx.EXE.APPS] OpenSSL Application Utilities.
+$!
+$   GOSUB APPS
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!    Build Just What The User Wants Us To Build.
+$!
+$     GOSUB 'BUILDALL'
+$ ENDIF
+$!
+$! Time To EXIT.
+$!
+$ EXIT   
+$!
+$! Rebuild The "[.CRYPTO]BUILDINF.H" file.
+$!
+$ BUILDINF:
+$!
+$! Tell The User We Are Creating The [.CRYPTO]BUILDINF.H File.
+$!
+$ WRITE SYS$OUTPUT "Creating [.CRYPTO]BUILDINF.H Include File."
+$!
+$! Create The [.CRYPTO]BUILDINF.H File.
+$!
+$ OPEN/WRITE H_FILE SYS$DISK:[.CRYPTO]BUILDINF.H
+$!
+$! Get The Current Date & Time.
+$!
+$ TIME = F$TIME()
+$!
+$! Write The [.CRYPTO]BUILDINF.H File.
+$!
+$ WRITE H_FILE "#define CFLAGS """" /* Not filled in for now */"
+$ WRITE H_FILE "#define PLATFORM ""VMS"""
+$ WRITE H_FILE "#define DATE ""''TIME'"" "
+$!
+$! Close The [.CRYPTO]BUILDINF.H File.
+$!
+$ CLOSE H_FILE
+$!
+$! That's All, Time To RETURN.
+$!
+$ RETURN
+$!
+$! Copy a lot of files around.
+$!
+$ SOFTLINKS: 
+$!
+$! Tell The User We Are Partly Rebuilding The [.TEST] Directory.
+$!
+$ WRITE SYS$OUTPUT "Rebuilding The '[.APPS]MD5.C' And '[.APPS]RMD160.C' Files."
+$!
+$ DELETE SYS$DISK:[.APPS]MD5.C;*,RMD160.C;*
+$!
+$! Copy MD5.C from [.CRYPTO.MD5] into [.APPS]
+$!
+$ COPY SYS$DISK:[.CRYPTO.MD5]MD5.C SYS$DISK:[.APPS]
+$!
+$! Copy RMD160.C from [.CRYPTO.RIPEMD] into [.APPS]
+$!
+$ COPY SYS$DISK:[.CRYPTO.RIPEMD]RMD160.C SYS$DISK:[.APPS]
+$!
+$! Tell The User We Are Partly Rebuilding The [.TEST] Directory.
+$!
+$ WRITE SYS$OUTPUT "Rebuilding The '[.TEST]*.C' Files."
+$!
+$! First, We Have To "Rebuild" The "[.TEST]" Directory, So Delete
+$! All The "C" Files That Are Currently There Now.
+$!
+$ DELETE SYS$DISK:[.TEST]*.C;*
+$!
+$! Copy all the *TEST.C files from [.CRYPTO...] into [.TEST]
+$!
+$ COPY SYS$DISK:[.CRYPTO.*]%*TEST.C SYS$DISK:[.TEST]
+$!
+$! Copy all the *TEST.C files from [.SSL...] into [.TEST]
+$!
+$ COPY SYS$DISK:[.SSL]%*TEST.C SYS$DISK:[.TEST]
+$!
+$! Tell The User We Are Rebuilding The [.INCLUDE.OPENSSL] Directory.
+$!
+$ WRITE SYS$OUTPUT "Rebuilding The '[.INCLUDE.OPENSSL]' Directory."
+$!
+$! First, make sure the directory exists
+$!
+$ IF F$PARSE("SYS$DISK:[.INCLUDE.OPENSSL]") .EQS. "" THEN -
+     CREATE/DIRECTORY SYS$DISK:[.INCLUDE.OPENSSL]
+$!
+$! Copy All The ".H" Files From The Main Directory.
+$!
+$ EXHEADER := e_os.h,e_os2.h
+$ COPY 'EXHEADER' SYS$DISK:[.INCLUDE.OPENSSL]
+$!
+$! Copy All The ".H" Files From The [.CRYPTO] Directory Tree.
+$!
+$ SDIRS := ,MD2,MD5,SHA,MDC2,HMAC,RIPEMD,-
+   DES,RC2,RC4,RC5,IDEA,BF,CAST,-
+   BN,RSA,DSA,DH,-
+   BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,-
+   EVP,ASN1,PEM,X509,X509V3,-
+   CONF,TXT_DB,PKCS7,PKCS12,COMP
+$ EXHEADER_ := crypto.h,tmdiff.h,opensslv.h,opensslconf.h,ebcdic.h
+$ EXHEADER_MD2 := md2.h
+$ EXHEADER_MD5 := md5.h
+$ EXHEADER_SHA := sha.h
+$ EXHEADER_MDC2 := mdc2.h
+$ EXHEADER_HMAC := hmac.h
+$ EXHEADER_RIPEMD := ripemd.h
+$ EXHEADER_DES := des.h
+$ EXHEADER_RC2 := rc2.h
+$ EXHEADER_RC4 := rc4.h
+$ EXHEADER_RC5 := rc5.h
+$ EXHEADER_IDEA := idea.h
+$ EXHEADER_BF := blowfish.h
+$ EXHEADER_CAST := cast.h
+$ EXHEADER_BN := bn.h
+$ EXHEADER_RSA := rsa.h
+$ EXHEADER_DSA := dsa.h
+$ EXHEADER_DH := dh.h
+$ EXHEADER_BUFFER := buffer.h
+$ EXHEADER_BIO := bio.h
+$ EXHEADER_STACK := stack.h,safestack.h
+$ EXHEADER_LHASH := lhash.h
+$ EXHEADER_RAND := rand.h
+$ EXHEADER_ERR := err.h
+$ EXHEADER_OBJECTS := objects.h
+$ EXHEADER_EVP := evp.h
+$ EXHEADER_ASN1 := asn1.h,asn1_mac.h
+$ EXHEADER_PEM := pem.h,pem2.h
+$ EXHEADER_X509 := x509.h,x509_vfy.h
+$ EXHEADER_X509V3 := x509v3.h
+$ EXHEADER_CONF := conf.h
+$ EXHEADER_TXT_DB := txt_db.h
+$ EXHEADER_PKCS7 := pkcs7.h
+$ EXHEADER_PKCS12 := pkcs12.h
+$ EXHEADER_COMP := comp.h
+$
+$ I = 0
+$ LOOP_SDIRS: 
+$ D = F$EDIT(F$ELEMENT(I, ",", SDIRS),"TRIM")
+$ I = I + 1
+$ IF D .EQS. "," THEN GOTO LOOP_SDIRS_END
+$ tmp = EXHEADER_'D'
+$ IF D .EQS. ""
+$ THEN
+$   COPY [.CRYPTO]'tmp' SYS$DISK:[.INCLUDE.OPENSSL] /LOG
+$ ELSE
+$   COPY [.CRYPTO.'D']'tmp' SYS$DISK:[.INCLUDE.OPENSSL] /LOG
+$ ENDIF
+$ GOTO LOOP_SDIRS
+$ LOOP_SDIRS_END:
+$!
+$! Copy All The ".H" Files From The [.RSAREF] Directory.
+$!
+$ EXHEADER := rsaref.h
+$ COPY SYS$DISK:[.RSAREF]'EXHEADER' SYS$DISK:[.INCLUDE.OPENSSL]
+$!
+$! Copy All The ".H" Files From The [.SSL] Directory.
+$!
+$ EXHEADER := ssl.h,ssl2.h,ssl3.h,ssl23.h,tls1.h
+$ COPY SYS$DISK:[.SSL]'EXHEADER' SYS$DISK:[.INCLUDE.OPENSSL]
+$!
+$! Copy All The ".H" Files From The [.VMS] Directory.
+$!
+$ EXHEADER := vms_idhacks.h
+$ COPY SYS$DISK:[.VMS]'EXHEADER' SYS$DISK:[.INCLUDE.OPENSSL]
+$!
+$! Purge all doubles
+$!
+$ PURGE SYS$DISK:[.INCLUDE.OPENSSL]*.H
+$!
+$! That's All, Time To RETURN.
+$!
+$ RETURN
+$!
+$! Build The "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" Library.
+$!
+$ CRYPTO:
+$!
+$! Tell The User What We Are Doing.
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "Building The [.",ARCH,".EXE.CRYPTO]LIBCRYPTO.OLB Library."
+$!
+$! Go To The [.CRYPTO] Directory.
+$!
+$ SET DEFAULT SYS$DISK:[.CRYPTO]
+$!
+$! Build The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library.
+$!  
+$ @CRYPTO-LIB 'RSAREF' 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN'
+$!
+$! Go Back To The Main Directory.
+$!
+$ SET DEFAULT [-]
+$!
+$! Time To RETURN.
+$!
+$ RETURN
+$!
+$! Build The [.xxx.EXE.RSAREF]LIBRSAGLUE Library.
+$!
+$ RSAREF:
+$!
+$! Tell The User What We Are Doing.
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "Building The [.",ARCH,".EXE.RSAREF]LIBRSAGLUE.OLB Library."
+$!
+$! Go To The [.RSAREF] Directory.
+$!
+$ SET DEFAULT SYS$DISK:[.RSAREF]
+$!
+$! Build The [.xxx.EXE.RSAREF]LIBRSAGLUE.OLB Library.
+$!
+$ @RSAREF-LIB LIBRARY 'DEBUGGER' "''COMPILER'" 'ISSEVEN'
+$!
+$! Go Back To The Main Directory.
+$!
+$ SET DEFAULT [-]
+$!
+$! Time To Return.
+$!
+$ RETURN
+$!
+$! Build The "[.xxx.EXE.SSL]LIBSSL.OLB" Library.
+$!
+$ SSL:
+$!
+$! Tell The User What We Are Doing.
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "Building The [.",ARCH,".EXE.SSL]LIBSSL.OLB Library."
+$!
+$! Go To The [.SSL] Directory.
+$!
+$ SET DEFAULT SYS$DISK:[.SSL]
+$!
+$! Build The [.xxx.EXE.SSL]LIBSSL.OLB Library.
+$!
+$ @SSL-LIB LIBRARY 'RSAREF' 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN'
+$!
+$! Go Back To The Main Directory.
+$!
+$ SET DEFAULT [-]
+$!
+$! Time To Return.
+$!
+$ RETURN
+$!
+$! Build The "[.xxx.EXE.SSL]SSL_TASK.EXE" Program.
+$!
+$ SSL_TASK:
+$!
+$! Tell The User What We Are Doing.
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "Building DECNet Based SSL Engine, [.",ARCH,".EXE.SSL]SSL_TASK.EXE"
+$!
+$! Go To The [.SSL] Directory.
+$!
+$ SET DEFAULT SYS$DISK:[.SSL]
+$!
+$! Build The [.xxx.EXE.SSL]SSL_TASK.EXE
+$!
+$ @SSL-LIB SSL_TASK 'RSAREF' 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN'
+$!
+$! Go Back To The Main Directory.
+$!
+$ SET DEFAULT [-]
+$!
+$! That's All, Time To RETURN.
+$!
+$ RETURN
+$!
+$! Build The OpenSSL Test Programs.
+$!
+$ TEST:
+$!
+$! Tell The User What We Are Doing.
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "Building The OpenSSL [.",ARCH,".EXE.TEST] Test Utilities."
+$!
+$! Go To The [.TEST] Directory.
+$!
+$ SET DEFAULT SYS$DISK:[.TEST]
+$!
+$! Build The Test Programs.
+$!
+$ @MAKETESTS 'RSAREF' 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN'
+$!
+$! Go Back To The Main Directory.
+$!
+$ SET DEFAULT [-]
+$!
+$! That's All, Time To RETURN.
+$!
+$ RETURN
+$!
+$! Build The OpenSSL Application Programs.
+$!
+$ APPS:
+$!
+$! Tell The User What We Are Doing.
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "Building OpenSSL [.",ARCH,".EXE.APPS] Applications."
+$!
+$! Go To The [.APPS] Directory.
+$!
+$ SET DEFAULT SYS$DISK:[.APPS]
+$!
+$! Build The Application Programs.
+$!
+$ @MAKEAPPS 'RSAREF' 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN'
+$!
+$! Go Back To The Main Directory.
+$!
+$ SET DEFAULT [-]
+$!
+$! That's All, Time To RETURN.
+$!
+$ RETURN
+$!
+$! Check The User's Options.
+$!
+$ CHECK_OPTIONS:
+$!
+$! Check To See If P1 Is Blank.
+$!
+$ IF (P1.EQS."ALL")
+$ THEN
+$!
+$!   P1 Is ALL, So Build Everything.
+$!
+$    BUILDALL = "TRUE"
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  Else, Check To See If P1 Has A Valid Arguement.
+$!
+$   IF (P1.EQS."BUILDINF").OR.(P1.EQS."SOFTLINKS").OR.(P1.EQS."CRYPTO") -
+       .OR.(P1.EQS."SSL").OR.(P1.EQS."RSAREF").OR.(P1.EQS."SSL_TASK") -
+       .OR.(P1.EQS."TEST").OR.(P1.EQS."APPS")
+$   THEN
+$!
+$!    A Valid Arguement.
+$!
+$     BUILDALL = P1
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Tell The User We Don't Know What They Want.
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ",P1," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "    ALL      :  Just Build Everything."
+$     WRITE SYS$OUTPUT "    BUILDINF :  Just build the [.CRYPTO]BUILDINF.H file."
+$     WRITE SYS$OUTPUT "    SOFTLINKS:  Just Fix The Unix soft links."
+$     WRITE SYS$OUTPUT "    RSAREF   :  To Build Just The [.xxx.EXE.RSAREF]LIBRSAGLUE.OLB Library."
+$     WRITE SYS$OUTPUT "    CRYPTO   :  To Build Just The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library."
+$     WRITE SYS$OUTPUT "    SSL      :  To Build Just The [.xxx.EXE.SSL]LIBSSL.OLB Library."
+$     WRITE SYS$OUTPUT "    SSL_TASK :  To Build Just The [.xxx.EXE.SSL]SSL_TASK.EXE Program."
+$     WRITE SYS$OUTPUT "    TEST     :  To Build Just The OpenSSL Test Programs."
+$     WRITE SYS$OUTPUT "    APPS     :  To Build Just The OpenSSL Application Programs."
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT " Where 'xxx' Stands For:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "        AXP  :  Alpha Architecture."
+$     WRITE SYS$OUTPUT "        VAX  :  VAX Architecture."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$!
+$!  End The Valid Argument Check.
+$!
+$   ENDIF
+$!
+$! End The P1 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If P2 Is Blank.
+$!
+$ IF (P2.EQS."NORSAREF")
+$ THEN
+$!
+$!   P2 Is NORSAREF, So Compile Without RSAREF.
+$!
+$    RSAREF = "NORSAREF"
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  Check To See If We Are To Compile Using The RSAREF Library.
+$!
+$   IF (P2.EQS."RSAREF")
+$   THEN
+$!
+$!    Compile With RSAREF Library.
+$!
+$     RSAREF = "RSAREF"
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Tell The User Entered An Invalid Option..
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ",P2," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "    RSAREF   :  To Compile With The RSAREF Library."
+$     WRITE SYS$OUTPUT "    NORSAREF :  To Compile With The Regular RSA Library."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$!
+$!  End The Valid Arguemnt Check.
+$!
+$   ENDIF
+$!
+$! End The P2 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If P3 Is Blank.
+$!
+$ IF (P3.EQS."NODEBUG")
+$ THEN
+$!
+$!   P3 Is NODEBUG, So Compile Without Debugger Information.
+$!
+$    DEBUGGER = "NODEBUG"
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  Check To See If We Are To Compile With Debugger Information.
+$!
+$   IF (P3.EQS."DEBUG")
+$   THEN
+$!
+$!    Compile With Debugger Information.
+$!
+$     DEBUGGER = "DEBUG"
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Tell The User Entered An Invalid Option..
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ",P3," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "    DEBUG    :  Compile With The Debugger Information."
+$     WRITE SYS$OUTPUT "    NODEBUG  :  Compile Without The Debugger Information."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$!
+$!  End The Valid Arguement Check.
+$!
+$   ENDIF
+$!
+$! End The P3 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If P4 Is Blank.
+$!
+$ IF (P4.EQS."")
+$ THEN
+$!
+$!  O.K., The User Didn't Specify A Compiler, Let's Try To
+$!  Find Out Which One To Use.
+$!
+$!  Check To See If We Have GNU C.
+$!
+$   IF (F$TRNLNM("GNU_CC").NES."")
+$   THEN
+$!
+$!    Looks Like GNUC, Set To Use GNUC.
+$!
+$     COMPILER = "GNUC"
+$!
+$!    Tell The User We Are Using GNUC.
+$!
+$     WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
+$!
+$!  End The GNU C Compiler Check.
+$!
+$   ENDIF
+$!
+$!  Check To See If We Have VAXC Or DECC.
+$!
+$   IF (F$GETSYI("CPU").GE.128).OR.(F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC")
+$   THEN 
+$!
+$!    Looks Like DECC, Set To Use DECC.
+$!
+$     COMPILER = "DECC"
+$!
+$!    Tell The User We Are Using DECC.
+$!
+$     WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Looks Like VAXC, Set To Use VAXC.
+$!
+$     COMPILER = "VAXC"
+$!
+$!    Tell The User We Are Using VAX C.
+$!
+$     WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
+$!
+$!  End The DECC & VAXC Compiler Check.
+$!
+$   ENDIF
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  Check To See If The User Entered A Valid Paramter.
+$!
+$   IF (P4.EQS."VAXC").OR.(P4.EQS."DECC").OR.(P4.EQS."GNUC")!.OR.(P4.EQS."LINK")
+$   THEN
+$!
+$!    Check To See If The User Wanted To Just LINK.
+$!
+$     IF (P4.EQS."LINK")
+$     THEN
+$!
+$!      Looks Like LINK-only
+$!
+$       COMPILER = "LINK"
+$!
+$!      Tell The User We Are Only Linking.
+$!
+$       WRITE SYS$OUTPUT "LINK Only.  This actually NOT YET SUPPORTED!"
+$!
+$!    End LINK Check.
+$!
+$     ENDIF
+$!
+$!    Check To See If The User Wanted DECC.
+$!
+$     IF (P4.EQS."DECC")
+$     THEN
+$!
+$!      Looks Like DECC, Set To Use DECC.
+$!
+$       COMPILER = "DECC"
+$!
+$!      Tell The User We Are Using DECC.
+$!
+$       WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
+$!
+$!    End DECC Check.
+$!
+$     ENDIF
+$!
+$!    Check To See If We Are To Use VAXC.
+$!
+$     IF (P4.EQS."VAXC")
+$     THEN
+$!
+$!      Looks Like VAXC, Set To Use VAXC.
+$!
+$       COMPILER = "VAXC"
+$!
+$!      Tell The User We Are Using VAX C.
+$!
+$       WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
+$!
+$!    End VAXC Check
+$!
+$     ENDIF
+$!
+$!    Check To See If We Are To Use GNU C.
+$!
+$     IF (P4.EQS."GNUC")
+$     THEN
+$!
+$!      Looks Like GNUC, Set To Use GNUC.
+$!
+$       COMPILER = "GNUC"
+$!
+$!      Tell The User We Are Using GNUC.
+$!
+$       WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
+$!
+$!    End The GNU C Check.
+$!
+$     ENDIF
+$!
+$!  Else The User Entered An Invalid Arguement.
+$!
+$   ELSE
+$!
+$!    Tell The User We Don't Know What They Want.
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ",P4," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "    VAXC  :  To Compile With VAX C."
+$     WRITE SYS$OUTPUT "    DECC  :  To Compile With DEC C."
+$     WRITE SYS$OUTPUT "    GNUC  :  To Compile With GNU C."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$!
+$!  End The Valid Arguement Check.
+$!
+$   ENDIF
+$!
+$! End The P4 Check.
+$!
+$ ENDIF
+$!
+$! Time to check the contents of P5, and to make sure we get the correct library.
+$!
+$ IF P5.EQS."SOCKETSHR" .OR. P5.EQS."MULTINET" .OR. P5.EQS."UCX"
+$ THEN
+$!
+$!  Check to see if SOCKETSHR was chosen
+$!
+$   IF P5.EQS."SOCKETSHR"
+$   THEN
+$!
+$!    Set the library to use SOCKETSHR
+$!
+$     TCPIP_LIB = "[-.VMS]SOCKETSHR_SHR.OPT/OPT"
+$!
+$!    Tell the user
+$!
+$     WRITE SYS$OUTPUT "Using SOCKETSHR for TCP/IP"
+$!
+$!    Done with SOCKETSHR
+$!
+$   ENDIF
+$!
+$!  Check to see if MULTINET was chosen
+$!
+$   IF P5.EQS."MULTINET"
+$   THEN
+$!
+$!    Set the library to use UCX emulation.
+$!
+$     P5 = "UCX"
+$!
+$!    Tell the user
+$!
+$     WRITE SYS$OUTPUT "Using MultiNet via UCX emulation for TCP/IP"
+$!
+$!    Done with MULTINET
+$!
+$   ENDIF
+$!
+$!  Check to see if UCX was chosen
+$!
+$   IF P5.EQS."UCX"
+$   THEN
+$!
+$!    Set the library to use UCX.
+$!
+$     TCPIP_LIB = "[-.VMS]UCX_SHR_DECC.OPT/OPT"
+$!
+$!    Tell the user
+$!
+$     WRITE SYS$OUTPUT "Using UCX or an emulation thereof for TCP/IP"
+$!
+$!    Done with UCX
+$!
+$   ENDIF
+$!
+$!  Set the TCPIP_TYPE symbol
+$!
+$   TCPIP_TYPE = P5
+$!
+$!  Print info
+$!
+$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
+$!
+$!  Else The User Entered An Invalid Arguement.
+$!
+$ ELSE
+$   IF P5 .NES. ""
+$   THEN
+$!
+$!    Tell The User We Don't Know What They Want.
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ",P5," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "    SOCKETSHR  :  To link with SOCKETSHR TCP/IP library."
+$     WRITE SYS$OUTPUT "    UCX        :  To link with UCX TCP/IP library."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$   ELSE
+$!
+$!    Set the TCPIP_TYPE symbol
+$!
+$     TCPIP_TYPE = P5
+$   ENDIF
+$!
+$!  Done with TCP/IP libraries
+$!
+$ ENDIF
+$!
+$! Special Threads For OpenVMS v7.1 Or Later
+$!
+$! Written By:  Richard Levitte
+$!              richard@levitte.org
+$!
+$!
+$! Check To See If We Have A Option For P6.
+$!
+$ IF (P6.EQS."")
+$ THEN
+$!
+$!  Get The Version Of VMS We Are Using.
+$!
+$   ISSEVEN :=
+$   TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION")))
+$   TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))
+$!
+$!  Check To See If The VMS Version Is v7.1 Or Later.
+$!
+$   IF (TMP.GE.71)
+$   THEN
+$!
+$!    We Have OpenVMS v7.1 Or Later, So Use The Special Threads.
+$!
+$     ISSEVEN := ,PTHREAD_USE_D4
+$!
+$!  End The VMS Version Check.
+$!
+$   ENDIF
+$!
+$! End The P6 Check.
+$!
+$ ENDIF
+$!
+$!  Time To RETURN...
+$!
+$ RETURN
diff --git a/lib/libssl/src/ms/.rnd b/lib/libssl/src/ms/.rnd
index 03072abc1ff..0566b46dfe6 100644
--- a/lib/libssl/src/ms/.rnd
+++ b/lib/libssl/src/ms/.rnd
diff --git a/lib/libssl/src/ms/32all.bat b/lib/libssl/src/ms/32all.bat
index 088c942887a..d1f014c4e0f 100644
--- a/lib/libssl/src/ms/32all.bat
+++ b/lib/libssl/src/ms/32all.bat
@@ -1,4 +1,4 @@
-set OPTS=no_asm
+set OPTS=no-asm
 
 perl Configure VC-WIN32
 perl util\mk1mf.pl %OPTS% debug VC-WIN32 >d32.mak
diff --git a/lib/libssl/src/ms/bcb4.bat b/lib/libssl/src/ms/bcb4.bat
new file mode 100644
index 00000000000..71a670e7942
--- /dev/null
+++ b/lib/libssl/src/ms/bcb4.bat
@@ -0,0 +1,6 @@
+perl Configure BC-32
+perl util\mkfiles.pl > MINFO
+
+@rem create make file
+perl util\mk1mf.pl no-asm BC-NT > bcb.mak
+
diff --git a/lib/libssl/src/ms/certCA.srl b/lib/libssl/src/ms/certCA.srl
index d6b24041cf0..2cfaa3ba204 100644
--- a/lib/libssl/src/ms/certCA.srl
+++ b/lib/libssl/src/ms/certCA.srl
@@ -1 +1 @@
-19
+1D
diff --git a/lib/libssl/src/ms/certCA.ss b/lib/libssl/src/ms/certCA.ss
index 6bfccc7c48a..b48c657ae08 100644
--- a/lib/libssl/src/ms/certCA.ss
+++ b/lib/libssl/src/ms/certCA.ss
@@ -1,10 +1,10 @@
 -----BEGIN CERTIFICATE-----
 MIIBXDCCAQYCAQAwDQYJKoZIhvcNAQEEBQAwOTELMAkGA1UEBhMCQVUxFzAVBgNV
-BAoTDkRvZGd5IEJyb3RoZXJzMREwDwYDVQQDEwhEb2RneSBDQTAeFw05NzExMjgw
-MDA3MzBaFw05NzEyMjgwMDA3MzBaMDkxCzAJBgNVBAYTAkFVMRcwFQYDVQQKEw5E
+BAoTDkRvZGd5IEJyb3RoZXJzMREwDwYDVQQDEwhEb2RneSBDQTAeFw05ODA3MjEw
+NjUwMTZaFw05ODA4MjAwNjUwMTZaMDkxCzAJBgNVBAYTAkFVMRcwFQYDVQQKEw5E
 b2RneSBCcm90aGVyczERMA8GA1UEAxMIRG9kZ3kgQ0EwXDANBgkqhkiG9w0BAQEF
-AANLADBIAkEAwOKExbdfKLemEMGOKeBgqI3abJE9yzf3WhrPcQLRAyM85YPxk0DQ
-YWwhEh9i2BxGWYAZ7Krv1EqdsViCQBGuBQIDAQABMA0GCSqGSIb3DQEBBAUAA0EA
-VXYhZ1FnfBFIjHiYV8PD4uQuVJLhNa2q3cSWX1HTHfbrAPa/lMSUWuWcYwD3lBeb
-D69W77B0LqAfVajBQwbXkQ==
+AANLADBIAkEA0DQLenM/ncK6CwSEJhOO1WfZUPUEi4pvos9fHW459jh3rRDADgi3
+fiCYxoRVSQhvB47kDZ3ViNg5yrDhy7F9ywIDAQABMA0GCSqGSIb3DQEBBAUAA0EA
+S564l3SBxJ+QcIXthGGDyP5zkxTf/1fHfelW9LNgu6lZTdy9Dlp/NecPekzRmZEM
+WiGXGkKNeuo8PsnGJHP9Qg==
 -----END CERTIFICATE-----
diff --git a/lib/libssl/src/ms/certU.ss b/lib/libssl/src/ms/certU.ss
index 6a0302ed1db..095ea143301 100644
--- a/lib/libssl/src/ms/certU.ss
+++ b/lib/libssl/src/ms/certU.ss
@@ -1,10 +1,10 @@
 -----BEGIN CERTIFICATE-----
-MIIBcTCCARsCARgwDQYJKoZIhvcNAQEEBQAwOTELMAkGA1UEBhMCQVUxFzAVBgNV
-BAoTDkRvZGd5IEJyb3RoZXJzMREwDwYDVQQDEwhEb2RneSBDQTAeFw05NzExMjgw
-MDA3MzRaFw05NzEyMjgwMDA3MzRaME4xCzAJBgNVBAYTAkFVMRcwFQYDVQQKEw5E
+MIIBcTCCARsCARwwDQYJKoZIhvcNAQEEBQAwOTELMAkGA1UEBhMCQVUxFzAVBgNV
+BAoTDkRvZGd5IEJyb3RoZXJzMREwDwYDVQQDEwhEb2RneSBDQTAeFw05ODA3MjEw
+NjUwMjdaFw05ODA4MjAwNjUwMjdaME4xCzAJBgNVBAYTAkFVMRcwFQYDVQQKEw5E
 b2RneSBCcm90aGVyczESMBAGA1UEAxMJQnJvdGhlciAxMRIwEAYDVQQDEwlCcm90
-aGVyIDIwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAyfgRHCZvlyq9yiQisWmetnpb
-DZMhZB+HjuxQxp3gEpI7P8q5Z5tXIU5+OFAfIRkRdMGa/UK+NVg7AJ6UYyIR3wID
-AQABMA0GCSqGSIb3DQEBBAUAA0EAgH3htGAw6tMcZYANofqYr96RhjnxzCGZkUq3
-SH9thHUBywcXQo6BUpGxUXFExW4NA2f49OWQxf8kYrVAXHcCsA==
+aGVyIDIwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA0e4qorOr/zuLB9NvRaXhJVaI
+HaGGasa7eMAjVPitWAXkN+DxXiGH1CnMgQraKiYzsEVP15xtxkevEvK5jJpOwwID
+AQABMA0GCSqGSIb3DQEBBAUAA0EAZhcPV+SWwaszFuDTYc6fUurcV9OeXUqoxSQy
+MnLZPTyWubHbbkUr9fUfdf7Cc7dFqGzag05VHkNQUS9VjMzjIQ==
 -----END CERTIFICATE-----
diff --git a/lib/libssl/src/ms/cmp.pl b/lib/libssl/src/ms/cmp.pl
index c6bfcae6c53..95b257fe4ca 100644
--- a/lib/libssl/src/ms/cmp.pl
+++ b/lib/libssl/src/ms/cmp.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 
 ($#ARGV == 1) || die "usage: cmp.pl <file1> <file2>\n";
 
diff --git a/lib/libssl/src/ms/do_masm.bat b/lib/libssl/src/ms/do_masm.bat
new file mode 100644
index 00000000000..5b64fecdb00
--- /dev/null
+++ b/lib/libssl/src/ms/do_masm.bat
@@ -0,0 +1,68 @@
+@echo off
+echo Generating x86 for MASM assember
+
+echo Bignum
+cd crypto\bn\asm
+perl x86.pl win32 > bn-win32.asm
+cd ..\..\..
+
+echo DES
+cd crypto\des\asm
+perl des-586.pl win32 > d-win32.asm
+cd ..\..\..
+
+echo "crypt(3)"
+
+cd crypto\des\asm
+perl crypt586.pl win32 > y-win32.asm
+cd ..\..\..
+
+echo Blowfish
+
+cd crypto\bf\asm
+perl bf-586.pl win32 > b-win32.asm
+cd ..\..\..
+
+echo CAST5
+cd crypto\cast\asm
+perl cast-586.pl win32 > c-win32.asm
+cd ..\..\..
+
+echo RC4
+cd crypto\rc4\asm
+perl rc4-586.pl win32 > r4-win32.asm
+cd ..\..\..
+
+echo MD5
+cd crypto\md5\asm
+perl md5-586.pl win32 > m5-win32.asm
+cd ..\..\..
+
+echo SHA1
+cd crypto\sha\asm
+perl sha1-586.pl win32 > s1-win32.asm
+cd ..\..\..
+
+echo RIPEMD160
+cd crypto\ripemd\asm
+perl rmd-586.pl win32 > rm-win32.asm
+cd ..\..\..
+
+echo RC5\32
+cd crypto\rc5\asm
+perl rc5-586.pl win32 > r5-win32.asm
+cd ..\..\..
+
+echo on
+
+perl util\mkfiles.pl >MINFO
+rem perl util\mk1mf.pl VC-MSDOS no-sock >ms\msdos.mak
+rem perl util\mk1mf.pl VC-W31-32 >ms\w31.mak
+perl util\mk1mf.pl dll VC-W31-32 >ms\w31dll.mak
+perl util\mk1mf.pl VC-WIN32 >ms\nt.mak
+perl util\mk1mf.pl dll VC-WIN32 >ms\ntdll.mak
+
+perl util\mkdef.pl 16 libeay > ms\libeay16.def
+perl util\mkdef.pl 32 libeay > ms\libeay32.def
+perl util\mkdef.pl 16 ssleay > ms\ssleay16.def
+perl util\mkdef.pl 32 ssleay > ms\ssleay32.def
diff --git a/lib/libssl/src/ms/do_ms.bat b/lib/libssl/src/ms/do_ms.bat
index 673d706a1ad..5cbc6f7d5f8 100644
--- a/lib/libssl/src/ms/do_ms.bat
+++ b/lib/libssl/src/ms/do_ms.bat
@@ -1,11 +1,12 @@
-
-rem perl util\mk1mf.pl VC-MSDOS no-sock >ms\msdos.mak
-rem perl util\mk1mf.pl VC-W31-32 >ms\w31.mak
-perl util\mk1mf.pl VC-W31-32 dll >ms\w31dll.mak
-rem perl util\mk1mf.pl VC-WIN32 >ms\nt.mak
-perl util\mk1mf.pl VC-WIN32 dll >ms\ntdll.mak
-
-perl util\mkdef.pl 16 libeay > ms\libeay16.def
-perl util\mkdef.pl 32 libeay > ms\libeay32.def
-perl util\mkdef.pl 16 ssleay > ms\ssleay16.def
-perl util\mkdef.pl 32 ssleay > ms\ssleay32.def
+
+perl util\mkfiles.pl >MINFO
+rem perl util\mk1mf.pl VC-MSDOS no-sock >ms\msdos.mak
+rem perl util\mk1mf.pl VC-W31-32 >ms\w31.mak
+perl util\mk1mf.pl dll VC-W31-32 >ms\w31dll.mak
+perl util\mk1mf.pl no-asm VC-WIN32 >ms\nt.mak
+perl util\mk1mf.pl dll no-asm VC-WIN32 >ms\ntdll.mak
+
+perl util\mkdef.pl 16 libeay > ms\libeay16.def
+perl util\mkdef.pl 32 libeay > ms\libeay32.def
+perl util\mkdef.pl 16 ssleay > ms\ssleay16.def
+perl util\mkdef.pl 32 ssleay > ms\ssleay32.def
diff --git a/lib/libssl/src/ms/do_nasm.bat b/lib/libssl/src/ms/do_nasm.bat
new file mode 100644
index 00000000000..8859c154572
--- /dev/null
+++ b/lib/libssl/src/ms/do_nasm.bat
@@ -0,0 +1,69 @@
+
+@echo off
+echo Generating x86 for NASM assember
+
+echo Bignum
+cd crypto\bn\asm
+perl x86.pl win32n > bn-win32.asm
+cd ..\..\..
+
+echo DES
+cd crypto\des\asm
+perl des-586.pl win32n > d-win32.asm
+cd ..\..\..
+
+echo "crypt(3)"
+
+cd crypto\des\asm
+perl crypt586.pl win32n > y-win32.asm
+cd ..\..\..
+
+echo Blowfish
+
+cd crypto\bf\asm
+perl bf-586.pl win32n > b-win32.asm
+cd ..\..\..
+
+echo CAST5
+cd crypto\cast\asm
+perl cast-586.pl win32n > c-win32.asm
+cd ..\..\..
+
+echo RC4
+cd crypto\rc4\asm
+perl rc4-586.pl win32n > r4-win32.asm
+cd ..\..\..
+
+echo MD5
+cd crypto\md5\asm
+perl md5-586.pl win32n > m5-win32.asm
+cd ..\..\..
+
+echo SHA1
+cd crypto\sha\asm
+perl sha1-586.pl win32n > s1-win32.asm
+cd ..\..\..
+
+echo RIPEMD160
+cd crypto\ripemd\asm
+perl rmd-586.pl win32n > rm-win32.asm
+cd ..\..\..
+
+echo RC5\32
+cd crypto\rc5\asm
+perl rc5-586.pl win32n > r5-win32.asm
+cd ..\..\..
+
+echo on
+
+perl util\mkfiles.pl >MINFO
+rem perl util\mk1mf.pl VC-MSDOS no-sock >ms\msdos.mak
+rem perl util\mk1mf.pl VC-W31-32 >ms\w31.mak
+perl util\mk1mf.pl dll VC-W31-32 >ms\w31dll.mak
+perl util\mk1mf.pl nasm VC-WIN32 >ms\nt.mak
+perl util\mk1mf.pl dll nasm VC-WIN32 >ms\ntdll.mak
+
+perl util\mkdef.pl 16 libeay > ms\libeay16.def
+perl util\mkdef.pl 32 libeay > ms\libeay32.def
+perl util\mkdef.pl 16 ssleay > ms\ssleay16.def
+perl util\mkdef.pl 32 ssleay > ms\ssleay32.def
diff --git a/lib/libssl/src/ms/do_nt.bat b/lib/libssl/src/ms/do_nt.bat
new file mode 100644
index 00000000000..9c06c27caac
--- /dev/null
+++ b/lib/libssl/src/ms/do_nt.bat
@@ -0,0 +1,7 @@
+
+perl util\mkfiles.pl >MINFO
+perl util\mk1mf.pl no-asm VC-NT >ms\nt.mak
+perl util\mk1mf.pl dll no-asm VC-NT >ms\ntdll.mak
+
+perl util\mkdef.pl libeay NT > ms\libeay32.def
+perl util\mkdef.pl ssleay NT > ms\ssleay32.def
diff --git a/lib/libssl/src/ms/keyCA.ss b/lib/libssl/src/ms/keyCA.ss
index 9ed3e7dc460..933c2cd6ed9 100644
--- a/lib/libssl/src/ms/keyCA.ss
+++ b/lib/libssl/src/ms/keyCA.ss
@@ -1,9 +1,9 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIBOwIBAAJBAMDihMW3Xyi3phDBjingYKiN2myRPcs391oaz3EC0QMjPOWD8ZNA
-0GFsIRIfYtgcRlmAGeyq79RKnbFYgkARrgUCAwEAAQJAGEWo/ZRoth/+Fse0kxJ4
-N126acURKJx/VOhgyFDZanJxxwhaXRRkZZfXgFP5StY2lAOrcuMnsDjc8XYNrvcE
-wQIhAOXcIp0eZfoPAAuhoQ2bd94dg8QX+8Hv38oJBUuduTs1AiEA1tHvlMrRC1dp
-mPUWooFaRFfadFvCMJy5ouGQ24bKMZECIB1YiHbEvcI6DghuHzCsi5Yo8HyljzfI
-VyrlEe8AePiNAiEAv6Hxpnsy9noZAlEIyxi3TKZOg2Rjm/gDhfDQx3S7pHECIQDC
-R6w+uHZzVJ50/kNh3mJow2W2+Rffkk2hcM4r5Sf4Vg==
+MIIBOwIBAAJBANA0C3pzP53CugsEhCYTjtVn2VD1BIuKb6LPXx1uOfY4d60QwA4I
+t34gmMaEVUkIbweO5A2d1YjYOcqw4cuxfcsCAwEAAQJAOT9WOKEfyN0WEpl3TJDs
+ITmgw2XbjhLOh1HFsW3xegWlaOuhL/wGamz7n7zzL/RQF3JP/VvpGk2F8VD9JhwT
+wQIhAPmqM3fLttBoCQuwQRdIPfB7Ps3THqx6N8AJ04z3I1ejAiEA1XyDd7bLpWrw
+/oA8CmR4b/KCGfvRwAL/Qej/rQliw7kCIQCYRzSvO8ScpuflhjKdZcXJuRJcbgnG
+f6Ejc5rh3xdiawIhALMmLdzEFNjXiSzIx5mg/kBTLUJIw5dx7GqO8B9xBORhAiA5
+oTN/hgvvrkkmRsHQpNBmzAEGBzhMEEq9lD6ZWrTSRg==
 -----END RSA PRIVATE KEY-----
diff --git a/lib/libssl/src/ms/keyU.ss b/lib/libssl/src/ms/keyU.ss
index ab62876195b..05d356e7a50 100644
--- a/lib/libssl/src/ms/keyU.ss
+++ b/lib/libssl/src/ms/keyU.ss
@@ -1,9 +1,9 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIBOgIBAAJBAMn4ERwmb5cqvcokIrFpnrZ6Ww2TIWQfh47sUMad4BKSOz/KuWeb
-VyFOfjhQHyEZEXTBmv1CvjVYOwCelGMiEd8CAwEAAQJAEu/4orwT4Ie4bfi/bAUs
-RY3pdbdi/SFbs5IC7OymsvbqO/J5/6lTLKX/CFUvXjbpd922jfNMQzdalOfZ7R+K
-aQIhAP9DOq6eFRbNqzxxDadOOSLFEcWBZwzIX12zoPgxarPDAiEAyo1tF3zbU93G
-WQ1yjlhXYm07VdoZV0CUI6dKkB0ok7UCIEmiQhZHAbxfPcskrZSaiv7NrE+2AVz9
-nAzymTefQbFzAiAFCODmTY8yFXghrIjlauK5Kpfn+WTZ21wTSsw6qs7gZQIhAK2l
-vwdD73PZSW928dZ9VoV7Dh7Klflf6J+xrJIibP7z
+MIIBPAIBAAJBANHuKqKzq/87iwfTb0Wl4SVWiB2hhmrGu3jAI1T4rVgF5Dfg8V4h
+h9QpzIEK2iomM7BFT9ecbcZHrxLyuYyaTsMCAwEAAQJBAIxtM6n4ZCJscxj+D13Y
+k13Fn3Gqvd6pJ3ijlj7dxh6tRBBQ3W9qmQflyvEc81giI2XtbVYBOEJKtJ1cWWZm
+gAkCIQDpEoOuc4KCI5ti6aMJvtxlXWNHbkXCxtbeIjH4+FnH9QIhAOaU3XVeWWOK
+PnnO87KniDjHQqWLnooivDGRK+FUKeDXAiEA2MjEvFVqFVvDIsxHPkBNROcI+Z6i
+ulkx76kErBtrfqUCIHN5uBLQZmngUPuFtiwRlLoCqJDphENfs+oK7vPQx4xPAiEA
+hnY2Ulrpld83IG6bUs95Loc8Fk81hez5YwmhsFEXVtk=
 -----END RSA PRIVATE KEY-----
diff --git a/lib/libssl/src/ms/libeay16.def b/lib/libssl/src/ms/libeay16.def
deleted file mode 100644
index 65bbad629e1..00000000000
--- a/lib/libssl/src/ms/libeay16.def
+++ /dev/null
@@ -1,987 +0,0 @@
-;
-; Definition file for the DDL version of the LIBEAY16 library from SSLeay
-;
-
-LIBRARY         LIBEAY16
-
-DESCRIPTION     'SSLeay LIBEAY16 - eay@cryptsoft.com'
-
-CODE            PRELOAD MOVEABLE
-DATA            PRELOAD MOVEABLE SINGLE
-
-EXETYPE		WINDOWS
-
-HEAPSIZE	4096
-STACKSIZE	8192
-
-EXPORTS
-    _SSLeay                             @1
-    _SSLeay_add_all_algorithms          @508
-    _SSLeay_add_all_ciphers             @509
-    _SSLeay_add_all_digests             @510
-    _SSLeay_version                     @2
-    _ASN1_BIT_STRING_asn1_meth          @3
-    _ASN1_BIT_STRING_get_bit            @1060
-    _ASN1_BIT_STRING_set_bit            @1061
-    _ASN1_HEADER_free                   @4
-    _ASN1_HEADER_new                    @5
-    _ASN1_IA5STRING_asn1_meth           @6
-    _ASN1_INTEGER_get                   @7
-    _ASN1_INTEGER_set                   @8
-    _ASN1_INTEGER_to_BN                 @9
-    _ASN1_OBJECT_create                 @10
-    _ASN1_OBJECT_free                   @11
-    _ASN1_OBJECT_new                    @12
-    _ASN1_PRINTABLE_type                @13
-    _ASN1_STRING_cmp                    @14
-    _ASN1_STRING_dup                    @15
-    _ASN1_STRING_free                   @16
-    _ASN1_STRING_new                    @17
-    _ASN1_STRING_print                  @18
-    _ASN1_STRING_set                    @19
-    _ASN1_STRING_type_new               @20
-    _ASN1_TYPE_free                     @21
-    _ASN1_TYPE_get                      @916
-    _ASN1_TYPE_get_int_octetstring      @1076
-    _ASN1_TYPE_get_octetstring          @1077
-    _ASN1_TYPE_new                      @22
-    _ASN1_TYPE_set                      @917
-    _ASN1_TYPE_set_int_octetstring      @1078
-    _ASN1_TYPE_set_octetstring          @1079
-    _ASN1_UNIVERSALSTRING_to_string     @23
-    _ASN1_UTCTIME_check                 @24
-    _ASN1_UTCTIME_print                 @25
-    _ASN1_UTCTIME_set                   @26
-    _ASN1_UTCTIME_set_string            @1080
-    _ASN1_check_infinite_end            @27
-    _ASN1_d2i_bio                       @28
-    _ASN1_digest                        @30
-    _ASN1_dup                           @31
-    _ASN1_get_object                    @32
-    _ASN1_i2d_bio                       @33
-    _ASN1_object_size                   @35
-    _ASN1_parse                         @36
-    _ASN1_put_object                    @37
-    _ASN1_sign                          @38
-    _ASN1_verify                        @39
-    _BF_cbc_encrypt                     @40
-    _BF_cfb64_encrypt                   @41
-    _BF_decrypt                         @987
-    _BF_ecb_encrypt                     @42
-    _BF_encrypt                         @43
-    _BF_ofb64_encrypt                   @44
-    _BF_options                         @45
-    _BF_set_key                         @46
-    _BIO_accept                         @51
-    _BIO_copy_next_retry                @955
-    _BIO_ctrl                           @52
-    _BIO_debug_callback                 @54
-    _BIO_dump                           @55
-    _BIO_dup_chain                      @56
-    _BIO_f_base64                       @57
-    _BIO_f_buffer                       @58
-    _BIO_f_cipher                       @59
-    _BIO_f_md                           @60
-    _BIO_f_nbio_test                    @915
-    _BIO_f_null                         @61
-    _BIO_fd_non_fatal_error             @63
-    _BIO_fd_should_retry                @64
-    _BIO_find_type                      @65
-    _BIO_free                           @66
-    _BIO_free_all                       @67
-    _BIO_get_accept_socket              @69
-    _BIO_get_host_ip                    @71
-    _BIO_get_port                       @72
-    _BIO_get_retry_BIO                  @73
-    _BIO_get_retry_reason               @74
-    _BIO_gethostbyname                  @75
-    _BIO_gets                           @76
-    _BIO_ghbn_ctrl                      @1003
-    _BIO_int_ctrl                       @53
-    _BIO_new                            @78
-    _BIO_new_accept                     @79
-    _BIO_new_connect                    @80
-    _BIO_new_fd                         @81
-    _BIO_new_socket                     @84
-    _BIO_pop                            @85
-    _BIO_printf                         @86
-    _BIO_ptr_ctrl                       @969
-    _BIO_push                           @87
-    _BIO_puts                           @88
-    _BIO_read                           @89
-    _BIO_s_accept                       @90
-    _BIO_s_connect                      @91
-    _BIO_s_fd                           @92
-    _BIO_s_mem                          @95
-    _BIO_s_null                         @96
-    _BIO_s_socket                       @98
-    _BIO_set                            @100
-    _BIO_set_cipher                     @101
-    _BIO_set_tcp_ndelay                 @102
-    _BIO_sock_cleanup                   @103
-    _BIO_sock_error                     @104
-    _BIO_sock_init                      @105
-    _BIO_sock_non_fatal_error           @106
-    _BIO_sock_should_retry              @107
-    _BIO_socket_ioctl                   @108
-    _BIO_write                          @109
-    _BN_BLINDING_convert                @973
-    _BN_BLINDING_free                   @981
-    _BN_BLINDING_invert                 @974
-    _BN_BLINDING_new                    @980
-    _BN_BLINDING_update                 @975
-    _BN_CTX_free                        @110
-    _BN_CTX_new                         @111
-    _BN_MONT_CTX_free                   @112
-    _BN_MONT_CTX_new                    @113
-    _BN_MONT_CTX_set                    @114
-    _BN_add                             @115
-    _BN_add_word                        @116
-    _BN_bin2bn                          @118
-    _BN_bn2bin                          @120
-    _BN_bn2dec                          @1002
-    _BN_bn2hex                          @119
-    _BN_bn2mpi                          @1058
-    _BN_clear                           @121
-    _BN_clear_bit                       @122
-    _BN_clear_free                      @123
-    _BN_cmp                             @124
-    _BN_copy                            @125
-    _BN_dec2bn                          @1001
-    _BN_div                             @126
-    _BN_div_word                        @127
-    _BN_dup                             @128
-    _BN_exp                             @998
-    _BN_free                            @129
-    _BN_from_montgomery                 @130
-    _BN_gcd                             @131
-    _BN_generate_prime                  @132
-    _BN_get_word                        @133
-    _BN_hex2bn                          @117
-    _BN_is_bit_set                      @134
-    _BN_is_prime                        @135
-    _BN_lshift                          @136
-    _BN_lshift1                         @137
-    _BN_mask_bits                       @138
-    _BN_mod                             @139
-    _BN_mod_exp                         @140
-    _BN_mod_exp_mont                    @141
-    _BN_mod_exp_recp                    @142
-    _BN_mod_exp_simple                  @143
-    _BN_mod_inverse                     @144
-    _BN_mod_mul                         @145
-    _BN_mod_mul_montgomery              @146
-    _BN_mod_mul_reciprocal              @147
-    _BN_mod_word                        @148
-    _BN_mpi2bn                          @1059
-    _BN_mul                             @149
-    _BN_mul_word                        @999
-    _BN_new                             @150
-    _BN_num_bits                        @151
-    _BN_num_bits_word                   @152
-    _BN_options                         @153
-    _BN_print                           @154
-    _BN_rand                            @156
-    _BN_reciprocal                      @157
-    _BN_rshift                          @158
-    _BN_rshift1                         @159
-    _BN_set_bit                         @160
-    _BN_set_word                        @161
-    _BN_sqr                             @162
-    _BN_sub                             @163
-    _BN_sub_word                        @1000
-    _BN_to_ASN1_INTEGER                 @164
-    _BN_ucmp                            @165
-    _BN_value_one                       @166
-    _BUF_MEM_free                       @167
-    _BUF_MEM_grow                       @168
-    _BUF_MEM_new                        @169
-    _BUF_strdup                         @170
-    _CAST_cbc_encrypt                   @992
-    _CAST_cfb64_encrypt                 @993
-    _CAST_decrypt                       @990
-    _CAST_ecb_encrypt                   @991
-    _CAST_encrypt                       @989
-    _CAST_ofb64_encrypt                 @994
-    _CAST_set_key                       @988
-    _CONF_free                          @171
-    _CONF_get_number                    @172
-    _CONF_get_section                   @173
-    _CONF_get_string                    @174
-    _CONF_load                          @175
-    _CRYPTO_add_lock                    @176
-    _CRYPTO_dbg_free                    @177
-    _CRYPTO_dbg_malloc                  @178
-    _CRYPTO_dbg_realloc                 @179
-    _CRYPTO_dbg_remalloc                @180
-    _CRYPTO_dup_ex_data                 @1025
-    _CRYPTO_free                        @181
-    _CRYPTO_free_ex_data                @1004
-    _CRYPTO_get_add_lock_callback       @182
-    _CRYPTO_get_ex_data                 @1005
-    _CRYPTO_get_ex_new_index            @1041
-    _CRYPTO_get_id_callback             @183
-    _CRYPTO_get_lock_name               @184
-    _CRYPTO_get_locking_callback        @185
-    _CRYPTO_get_mem_functions           @186
-    _CRYPTO_get_new_lockid              @1026
-    _CRYPTO_lock                        @187
-    _CRYPTO_malloc                      @188
-    _CRYPTO_mem_ctrl                    @189
-    _CRYPTO_mem_leaks                   @190
-    _CRYPTO_mem_leaks_cb                @191
-    _CRYPTO_new_ex_data                 @1027
-    _CRYPTO_realloc                     @193
-    _CRYPTO_remalloc                    @194
-    _CRYPTO_set_add_lock_callback       @195
-    _CRYPTO_set_ex_data                 @1007
-    _CRYPTO_set_id_callback             @196
-    _CRYPTO_set_locking_callback        @197
-    _CRYPTO_set_mem_functions           @198
-    _CRYPTO_thread_id                   @199
-    _DH_check                           @200
-    _DH_compute_key                     @201
-    _DH_free                            @202
-    _DH_generate_key                    @203
-    _DH_generate_parameters             @204
-    _DH_new                             @205
-    _DH_size                            @206
-    _DHparams_print                     @207
-    _DSA_free                           @209
-    _DSA_generate_key                   @210
-    _DSA_generate_parameters            @211
-    _DSA_is_prime                       @212
-    _DSA_new                            @213
-    _DSA_print                          @214
-    _DSA_sign                           @216
-    _DSA_sign_setup                     @217
-    _DSA_size                           @218
-    _DSA_verify                         @219
-    _DSAparams_print                    @220
-    _ERR_add_error_data                 @1081
-    _ERR_clear_error                    @222
-    _ERR_error_string                   @223
-    _ERR_free_strings                   @224
-    _ERR_func_error_string              @225
-    _ERR_get_err_state_table            @226
-    _ERR_get_error                      @227
-    _ERR_get_error_line                 @228
-    _ERR_get_next_error_library         @966
-    _ERR_get_state                      @229
-    _ERR_get_string_table               @230
-    _ERR_lib_error_string               @231
-    _ERR_load_ASN1_strings              @232
-    _ERR_load_BIO_strings               @233
-    _ERR_load_BN_strings                @234
-    _ERR_load_BUF_strings               @235
-    _ERR_load_CONF_strings              @236
-    _ERR_load_CRYPTOlib_strings         @1009
-    _ERR_load_DH_strings                @237
-    _ERR_load_DSA_strings               @238
-    _ERR_load_ERR_strings               @239
-    _ERR_load_EVP_strings               @240
-    _ERR_load_OBJ_strings               @241
-    _ERR_load_PEM_strings               @242
-    _ERR_load_PKCS7_strings             @919
-    _ERR_load_RSA_strings               @244
-    _ERR_load_X509_strings              @245
-    _ERR_load_crypto_strings            @246
-    _ERR_load_strings                   @247
-    _ERR_peek_error                     @248
-    _ERR_peek_error_line                @249
-    _ERR_print_errors                   @250
-    _ERR_put_error                      @252
-    _ERR_reason_error_string            @253
-    _ERR_remove_state                   @254
-    _ERR_set_error_data                 @1082
-    _EVP_BytesToKey                     @255
-    _EVP_CIPHER_CTX_cleanup             @256
-    _EVP_CIPHER_CTX_init                @961
-    _EVP_CIPHER_asn1_to_param           @1083
-    _EVP_CIPHER_get_asn1_iv             @1085
-    _EVP_CIPHER_param_to_asn1           @1084
-    _EVP_CIPHER_set_asn1_iv             @1086
-    _EVP_CipherFinal                    @257
-    _EVP_CipherInit                     @258
-    _EVP_CipherUpdate                   @259
-    _EVP_DecodeBlock                    @260
-    _EVP_DecodeFinal                    @261
-    _EVP_DecodeInit                     @262
-    _EVP_DecodeUpdate                   @263
-    _EVP_DecryptFinal                   @264
-    _EVP_DecryptInit                    @265
-    _EVP_DecryptUpdate                  @266
-    _EVP_DigestFinal                    @267
-    _EVP_DigestInit                     @268
-    _EVP_DigestUpdate                   @269
-    _EVP_EncodeBlock                    @270
-    _EVP_EncodeFinal                    @271
-    _EVP_EncodeInit                     @272
-    _EVP_EncodeUpdate                   @273
-    _EVP_EncryptFinal                   @274
-    _EVP_EncryptInit                    @275
-    _EVP_EncryptUpdate                  @276
-    _EVP_OpenFinal                      @277
-    _EVP_OpenInit                       @278
-    _EVP_PKEY_assign                    @279
-    _EVP_PKEY_bits                      @1010
-    _EVP_PKEY_cmp_parameters            @967
-    _EVP_PKEY_copy_parameters           @280
-    _EVP_PKEY_decrypt                   @1070
-    _EVP_PKEY_encrypt                   @1071
-    _EVP_PKEY_free                      @281
-    _EVP_PKEY_missing_parameters        @282
-    _EVP_PKEY_new                       @283
-    _EVP_PKEY_save_parameters           @284
-    _EVP_PKEY_size                      @285
-    _EVP_PKEY_type                      @286
-    _EVP_SealFinal                      @287
-    _EVP_SealInit                       @288
-    _EVP_SignFinal                      @289
-    _EVP_VerifyFinal                    @290
-    _EVP_add_alias                      @291
-    _EVP_add_cipher                     @292
-    _EVP_add_digest                     @293
-    _EVP_bf_cbc                         @294
-    _EVP_bf_cfb                         @295
-    _EVP_bf_ecb                         @296
-    _EVP_bf_ofb                         @297
-    _EVP_cast5_cbc                      @983
-    _EVP_cast5_cfb                      @984
-    _EVP_cast5_ecb                      @985
-    _EVP_cast5_ofb                      @986
-    _EVP_cleanup                        @298
-    _EVP_delete_alias                   @941
-    _EVP_des_cbc                        @299
-    _EVP_des_cfb                        @300
-    _EVP_des_ecb                        @301
-    _EVP_des_ede                        @302
-    _EVP_des_ede3                       @303
-    _EVP_des_ede3_cbc                   @304
-    _EVP_des_ede3_cfb                   @305
-    _EVP_des_ede3_ofb                   @306
-    _EVP_des_ede_cbc                    @307
-    _EVP_des_ede_cfb                    @308
-    _EVP_des_ede_ofb                    @309
-    _EVP_des_ofb                        @310
-    _EVP_desx_cbc                       @311
-    _EVP_dss                            @312
-    _EVP_dss1                           @313
-    _EVP_enc_null                       @314
-    _EVP_get_cipherbyname               @315
-    _EVP_get_digestbyname               @316
-    _EVP_get_pw_prompt                  @317
-    _EVP_idea_cbc                       @318
-    _EVP_idea_cfb                       @319
-    _EVP_idea_ecb                       @320
-    _EVP_idea_ofb                       @321
-    _EVP_md2                            @322
-    _EVP_md5                            @323
-    _EVP_md_null                        @324
-    _EVP_mdc2                           @942
-    _EVP_rc2_40_cbc                     @959
-    _EVP_rc2_cbc                        @325
-    _EVP_rc2_cfb                        @326
-    _EVP_rc2_ecb                        @327
-    _EVP_rc2_ofb                        @328
-    _EVP_rc4                            @329
-    _EVP_rc4_40                         @960
-    _EVP_rc5_32_12_16_cbc               @1087
-    _EVP_rc5_32_12_16_cfb               @1088
-    _EVP_rc5_32_12_16_ecb               @1089
-    _EVP_rc5_32_12_16_ofb               @1090
-    _EVP_read_pw_string                 @330
-    _EVP_set_pw_prompt                  @331
-    _EVP_sha                            @332
-    _EVP_sha1                           @333
-    _HMAC                               @962
-    _HMAC_Final                         @965
-    _HMAC_Init                          @963
-    _HMAC_Update                        @964
-    _HMAC_cleanup                       @968
-    _MD2                                @334
-    _MD2_Final                          @335
-    _MD2_Init                           @336
-    _MD2_Update                         @337
-    _MD2_options                        @338
-    _MD5                                @339
-    _MD5_Final                          @340
-    _MD5_Init                           @341
-    _MD5_Transform                      @1011
-    _MD5_Update                         @342
-    _MDC2                               @343
-    _MDC2_Final                         @344
-    _MDC2_Init                          @345
-    _MDC2_Update                        @346
-    _NETSCAPE_SPKAC_free                @347
-    _NETSCAPE_SPKAC_new                 @348
-    _NETSCAPE_SPKI_free                 @349
-    _NETSCAPE_SPKI_new                  @350
-    _NETSCAPE_SPKI_sign                 @351
-    _NETSCAPE_SPKI_verify               @352
-    _OBJ_add_object                     @353
-    _OBJ_bsearch                        @354
-    _OBJ_cleanup                        @355
-    _OBJ_cmp                            @356
-    _OBJ_create                         @357
-    _OBJ_create_objects                 @997
-    _OBJ_dup                            @358
-    _OBJ_ln2nid                         @359
-    _OBJ_new_nid                        @360
-    _OBJ_nid2ln                         @361
-    _OBJ_nid2obj                        @362
-    _OBJ_nid2sn                         @363
-    _OBJ_obj2nid                        @364
-    _OBJ_sn2nid                         @365
-    _OBJ_txt2nid                        @366
-    _PEM_ASN1_read_bio                  @368
-    _PEM_ASN1_write_bio                 @370
-    _PEM_SealFinal                      @371
-    _PEM_SealInit                       @372
-    _PEM_SealUpdate                     @373
-    _PEM_SignFinal                      @374
-    _PEM_X509_INFO_read_bio             @378
-    _PEM_X509_INFO_write_bio            @379
-    _PEM_dek_info                       @380
-    _PEM_do_header                      @381
-    _PEM_get_EVP_CIPHER_INFO            @382
-    _PEM_proc_type                      @383
-    _PEM_read_bio                       @394
-    _PEM_read_bio_DHparams              @395
-    _PEM_read_bio_DSAPrivateKey         @396
-    _PEM_read_bio_DSAparams             @397
-    _PEM_read_bio_PKCS7                 @398
-    _PEM_read_bio_PrivateKey            @399
-    _PEM_read_bio_RSAPrivateKey         @400
-    _PEM_read_bio_RSAPublicKey          @943
-    _PEM_read_bio_X509                  @401
-    _PEM_read_bio_X509_CRL              @402
-    _PEM_read_bio_X509_REQ              @403
-    _PEM_write_bio                      @414
-    _PEM_write_bio_DHparams             @415
-    _PEM_write_bio_DSAPrivateKey        @416
-    _PEM_write_bio_DSAparams            @417
-    _PEM_write_bio_PKCS7                @418
-    _PEM_write_bio_PrivateKey           @419
-    _PEM_write_bio_RSAPrivateKey        @420
-    _PEM_write_bio_RSAPublicKey         @944
-    _PEM_write_bio_X509                 @421
-    _PEM_write_bio_X509_CRL             @422
-    _PEM_write_bio_X509_REQ             @423
-    _PKCS7_DIGEST_free                  @424
-    _PKCS7_DIGEST_new                   @425
-    _PKCS7_ENCRYPT_free                 @426
-    _PKCS7_ENCRYPT_new                  @427
-    _PKCS7_ENC_CONTENT_free             @428
-    _PKCS7_ENC_CONTENT_new              @429
-    _PKCS7_ENVELOPE_free                @430
-    _PKCS7_ENVELOPE_new                 @431
-    _PKCS7_ISSUER_AND_SERIAL_digest     @432
-    _PKCS7_ISSUER_AND_SERIAL_free       @433
-    _PKCS7_ISSUER_AND_SERIAL_new        @434
-    _PKCS7_RECIP_INFO_free              @435
-    _PKCS7_RECIP_INFO_new               @436
-    _PKCS7_RECIP_INFO_set               @1072
-    _PKCS7_SIGNED_free                  @437
-    _PKCS7_SIGNED_new                   @438
-    _PKCS7_SIGNER_INFO_free             @439
-    _PKCS7_SIGNER_INFO_new              @440
-    _PKCS7_SIGNER_INFO_set              @930
-    _PKCS7_SIGN_ENVELOPE_free           @441
-    _PKCS7_SIGN_ENVELOPE_new            @442
-    _PKCS7_add_certificate              @932
-    _PKCS7_add_crl                      @933
-    _PKCS7_add_recipient                @1073
-    _PKCS7_add_recipient_info           @1074
-    _PKCS7_add_signature                @938
-    _PKCS7_add_signer                   @931
-    _PKCS7_cert_from_signer_info        @939
-    _PKCS7_content_free                 @918
-    _PKCS7_content_new                  @934
-    _PKCS7_ctrl                         @927
-    _PKCS7_dataInit                     @937
-    _PKCS7_dataSign                     @935
-    _PKCS7_dataVerify                   @936
-    _PKCS7_dup                          @443
-    _PKCS7_free                         @444
-    _PKCS7_get_signer_info              @940
-    _PKCS7_new                          @445
-    _PKCS7_set_cipher                   @1075
-    _PKCS7_set_content                  @929
-    _PKCS7_set_type                     @928
-    _RAND_bytes                         @464
-    _RAND_cleanup                       @465
-    _RAND_file_name                     @466
-    _RAND_load_file                     @467
-    _RAND_screen                        @468
-    _RAND_seed                          @469
-    _RAND_write_file                    @470
-    _RC2_cbc_encrypt                    @471
-    _RC2_cfb64_encrypt                  @472
-    _RC2_decrypt                        @995
-    _RC2_ecb_encrypt                    @473
-    _RC2_encrypt                        @474
-    _RC2_ofb64_encrypt                  @475
-    _RC2_set_key                        @476
-    _RC4                                @477
-    _RC4_options                        @478
-    _RC4_set_key                        @479
-    _RC5_32_cbc_encrypt                 @1051
-    _RC5_32_cfb64_encrypt               @1052
-    _RC5_32_decrypt                     @1050
-    _RC5_32_ecb_encrypt                 @1048
-    _RC5_32_encrypt                     @1049
-    _RC5_32_ofb64_encrypt               @1053
-    _RC5_32_set_key                     @1047
-    _RIPEMD160                          @1045
-    _RIPEMD160_Final                    @1044
-    _RIPEMD160_Init                     @1042
-    _RIPEMD160_Transform                @1046
-    _RIPEMD160_Update                   @1043
-    _RSAPrivateKey_asn1_meth            @480
-    _RSAPrivateKey_dup                  @481
-    _RSAPublicKey_dup                   @482
-    _RSA_PKCS1_SSLeay                   @483
-    _RSA_blinding_off                   @978
-    _RSA_blinding_on                    @977
-    _RSA_flags                          @956
-    _RSA_free                           @484
-    _RSA_generate_key                   @485
-    _RSA_get_ex_data                    @1029
-    _RSA_get_ex_new_index               @1030
-    _RSA_new                            @486
-    _RSA_new_method                     @487
-    _RSA_padding_add_PKCS1_type_1       @1031
-    _RSA_padding_add_PKCS1_type_2       @1032
-    _RSA_padding_add_SSLv23             @1033
-    _RSA_padding_add_none               @1034
-    _RSA_padding_check_PKCS1_type_1     @1035
-    _RSA_padding_check_PKCS1_type_2     @1036
-    _RSA_padding_check_SSLv23           @1037
-    _RSA_padding_check_none             @1038
-    _RSA_print                          @488
-    _RSA_private_decrypt                @490
-    _RSA_private_encrypt                @491
-    _RSA_public_decrypt                 @492
-    _RSA_public_encrypt                 @493
-    _RSA_set_default_method             @494
-    _RSA_set_ex_data                    @1028
-    _RSA_sign                           @495
-    _RSA_sign_ASN1_OCTET_STRING         @496
-    _RSA_size                           @497
-    _RSA_verify                         @498
-    _RSA_verify_ASN1_OCTET_STRING       @499
-    _SHA                                @500
-    _SHA1                               @501
-    _SHA1_Final                         @502
-    _SHA1_Init                          @503
-    _SHA1_Transform                     @1012
-    _SHA1_Update                        @504
-    _SHA_Final                          @505
-    _SHA_Init                           @506
-    _SHA_Transform                      @1013
-    _SHA_Update                         @507
-    _TXT_DB_create_index                @511
-    _TXT_DB_free                        @512
-    _TXT_DB_get_by_index                @513
-    _TXT_DB_insert                      @514
-    _TXT_DB_read                        @515
-    _TXT_DB_write                       @516
-    _X509_ALGOR_free                    @517
-    _X509_ALGOR_new                     @518
-    _X509_ATTRIBUTE_free                @519
-    _X509_ATTRIBUTE_new                 @520
-    _X509_CINF_free                     @521
-    _X509_CINF_new                      @522
-    _X509_CRL_INFO_free                 @523
-    _X509_CRL_INFO_new                  @524
-    _X509_CRL_add_ext                   @525
-    _X509_CRL_cmp                       @526
-    _X509_CRL_delete_ext                @527
-    _X509_CRL_dup                       @528
-    _X509_CRL_free                      @529
-    _X509_CRL_get_ext                   @530
-    _X509_CRL_get_ext_by_NID            @531
-    _X509_CRL_get_ext_by_OBJ            @532
-    _X509_CRL_get_ext_by_critical       @533
-    _X509_CRL_get_ext_count             @534
-    _X509_CRL_new                       @535
-    _X509_CRL_sign                      @536
-    _X509_CRL_verify                    @537
-    _X509_EXTENSION_create_by_NID       @538
-    _X509_EXTENSION_create_by_OBJ       @539
-    _X509_EXTENSION_dup                 @540
-    _X509_EXTENSION_free                @541
-    _X509_EXTENSION_get_critical        @542
-    _X509_EXTENSION_get_data            @543
-    _X509_EXTENSION_get_object          @544
-    _X509_EXTENSION_new                 @545
-    _X509_EXTENSION_set_critical        @546
-    _X509_EXTENSION_set_data            @547
-    _X509_EXTENSION_set_object          @548
-    _X509_INFO_free                     @549
-    _X509_INFO_new                      @550
-    _X509_LOOKUP_by_alias               @551
-    _X509_LOOKUP_by_fingerprint         @552
-    _X509_LOOKUP_by_issuer_serial       @553
-    _X509_LOOKUP_by_subject             @554
-    _X509_LOOKUP_ctrl                   @555
-    _X509_LOOKUP_file                   @556
-    _X509_LOOKUP_free                   @557
-    _X509_LOOKUP_hash_dir               @558
-    _X509_LOOKUP_init                   @559
-    _X509_LOOKUP_new                    @560
-    _X509_LOOKUP_shutdown               @561
-    _X509_NAME_ENTRY_create_by_NID      @562
-    _X509_NAME_ENTRY_create_by_OBJ      @563
-    _X509_NAME_ENTRY_dup                @564
-    _X509_NAME_ENTRY_free               @565
-    _X509_NAME_ENTRY_get_data           @566
-    _X509_NAME_ENTRY_get_object         @567
-    _X509_NAME_ENTRY_new                @568
-    _X509_NAME_ENTRY_set_data           @569
-    _X509_NAME_ENTRY_set_object         @570
-    _X509_NAME_add_entry                @571
-    _X509_NAME_cmp                      @572
-    _X509_NAME_delete_entry             @573
-    _X509_NAME_digest                   @574
-    _X509_NAME_dup                      @575
-    _X509_NAME_entry_count              @576
-    _X509_NAME_free                     @577
-    _X509_NAME_get_entry                @578
-    _X509_NAME_get_index_by_NID         @579
-    _X509_NAME_get_index_by_OBJ         @580
-    _X509_NAME_get_text_by_NID          @581
-    _X509_NAME_get_text_by_OBJ          @582
-    _X509_NAME_hash                     @583
-    _X509_NAME_new                      @584
-    _X509_NAME_oneline                  @585
-    _X509_NAME_print                    @586
-    _X509_NAME_set                      @587
-    _X509_OBJECT_free_contents          @588
-    _X509_OBJECT_retrive_by_subject     @589
-    _X509_OBJECT_up_ref_count           @590
-    _X509_PKEY_free                     @591
-    _X509_PKEY_new                      @592
-    _X509_PUBKEY_free                   @593
-    _X509_PUBKEY_get                    @594
-    _X509_PUBKEY_new                    @595
-    _X509_PUBKEY_set                    @596
-    _X509_REQ_INFO_free                 @597
-    _X509_REQ_INFO_new                  @598
-    _X509_REQ_dup                       @599
-    _X509_REQ_free                      @600
-    _X509_REQ_get_pubkey                @601
-    _X509_REQ_new                       @602
-    _X509_REQ_print                     @603
-    _X509_REQ_set_pubkey                @605
-    _X509_REQ_set_subject_name          @606
-    _X509_REQ_set_version               @607
-    _X509_REQ_sign                      @608
-    _X509_REQ_to_X509                   @609
-    _X509_REQ_verify                    @610
-    _X509_REVOKED_add_ext               @611
-    _X509_REVOKED_delete_ext            @612
-    _X509_REVOKED_free                  @613
-    _X509_REVOKED_get_ext               @614
-    _X509_REVOKED_get_ext_by_NID        @615
-    _X509_REVOKED_get_ext_by_OBJ        @616
-    _X509_REVOKED_get_ext_by_critical   @617
-    _X509_REVOKED_get_ext_count         @618
-    _X509_REVOKED_new                   @619
-    _X509_SIG_free                      @620
-    _X509_SIG_new                       @621
-    _X509_STORE_CTX_cleanup             @622
-    _X509_STORE_CTX_get_chain           @1014
-    _X509_STORE_CTX_get_current_cert    @1015
-    _X509_STORE_CTX_get_error           @1016
-    _X509_STORE_CTX_get_error_depth     @1017
-    _X509_STORE_CTX_get_ex_data         @1018
-    _X509_STORE_CTX_init                @623
-    _X509_STORE_CTX_set_cert            @1020
-    _X509_STORE_CTX_set_chain           @1021
-    _X509_STORE_CTX_set_error           @1022
-    _X509_STORE_CTX_set_ex_data         @1023
-    _X509_STORE_add_cert                @624
-    _X509_STORE_add_crl                 @957
-    _X509_STORE_add_lookup              @625
-    _X509_STORE_free                    @626
-    _X509_STORE_get_by_subject          @627
-    _X509_STORE_load_locations          @628
-    _X509_STORE_new                     @629
-    _X509_STORE_set_default_paths       @630
-    _X509_VAL_free                      @631
-    _X509_VAL_new                       @632
-    _X509_add_ext                       @633
-    _X509_asn1_meth                     @634
-    _X509_certificate_type              @635
-    _X509_check_private_key             @636
-    _X509_cmp_current_time              @637
-    _X509_delete_ext                    @638
-    _X509_digest                        @639
-    _X509_dup                           @640
-    _X509_find_by_issuer_and_serial     @920
-    _X509_find_by_subject               @921
-    _X509_free                          @641
-    _X509_get_default_cert_area         @642
-    _X509_get_default_cert_dir          @643
-    _X509_get_default_cert_dir_env      @644
-    _X509_get_default_cert_file         @645
-    _X509_get_default_cert_file_env     @646
-    _X509_get_default_private_dir       @647
-    _X509_get_ext                       @648
-    _X509_get_ext_by_NID                @649
-    _X509_get_ext_by_OBJ                @650
-    _X509_get_ext_by_critical           @651
-    _X509_get_ext_count                 @652
-    _X509_get_issuer_name               @653
-    _X509_get_pubkey                    @654
-    _X509_get_pubkey_parameters         @655
-    _X509_get_serialNumber              @656
-    _X509_get_subject_name              @657
-    _X509_gmtime_adj                    @658
-    _X509_issuer_and_serial_cmp         @659
-    _X509_issuer_and_serial_hash        @660
-    _X509_issuer_name_cmp               @661
-    _X509_issuer_name_hash              @662
-    _X509_load_cert_file                @663
-    _X509_load_crl_file                 @958
-    _X509_new                           @664
-    _X509_print                         @665
-    _X509_set_issuer_name               @667
-    _X509_set_notAfter                  @668
-    _X509_set_notBefore                 @669
-    _X509_set_pubkey                    @670
-    _X509_set_serialNumber              @671
-    _X509_set_subject_name              @672
-    _X509_set_version                   @673
-    _X509_sign                          @674
-    _X509_subject_name_cmp              @675
-    _X509_subject_name_hash             @676
-    _X509_to_X509_REQ                   @677
-    _X509_verify                        @678
-    _X509_verify_cert                   @679
-    _X509_verify_cert_error_string      @680
-    _X509v3_add_ext                     @681
-    _X509v3_add_extension               @682
-    _X509v3_add_netscape_extensions     @683
-    _X509v3_add_standard_extensions     @684
-    _X509v3_cleanup_extensions          @685
-    _X509v3_data_type_by_NID            @686
-    _X509v3_data_type_by_OBJ            @687
-    _X509v3_delete_ext                  @688
-    _X509v3_get_ext                     @689
-    _X509v3_get_ext_by_NID              @690
-    _X509v3_get_ext_by_OBJ              @691
-    _X509v3_get_ext_by_critical         @692
-    _X509v3_get_ext_count               @693
-    _X509v3_pack_string                 @694
-    _X509v3_pack_type_by_NID            @695
-    _X509v3_pack_type_by_OBJ            @696
-    _X509v3_unpack_string               @697
-    _a2d_ASN1_OBJECT                    @699
-    _a2i_ASN1_INTEGER                   @700
-    _a2i_ASN1_STRING                    @701
-    _asn1_Finish                        @702
-    _asn1_GetSequence                   @703
-    _asn1_add_error                     @1091
-    _bn_add_words                       @1039
-    _bn_div64                           @704
-    _bn_expand2                         @705
-    _bn_mul_add_words                   @706
-    _bn_mul_words                       @707
-    _bn_qadd                            @708
-    _bn_qsub                            @709
-    _bn_sqr_words                       @710
-    _crypt                              @711
-    _d2i_ASN1_BIT_STRING                @712
-    _d2i_ASN1_BOOLEAN                   @713
-    _d2i_ASN1_HEADER                    @714
-    _d2i_ASN1_IA5STRING                 @715
-    _d2i_ASN1_INTEGER                   @716
-    _d2i_ASN1_OBJECT                    @717
-    _d2i_ASN1_OCTET_STRING              @718
-    _d2i_ASN1_PRINTABLE                 @719
-    _d2i_ASN1_PRINTABLESTRING           @720
-    _d2i_ASN1_SET                       @721
-    _d2i_ASN1_T61STRING                 @722
-    _d2i_ASN1_TYPE                      @723
-    _d2i_ASN1_UTCTIME                   @724
-    _d2i_ASN1_bytes                     @725
-    _d2i_ASN1_type_bytes                @726
-    _d2i_DHparams                       @727
-    _d2i_DSAPrivateKey                  @728
-    _d2i_DSAPrivateKey_bio              @729
-    _d2i_DSAPublicKey                   @731
-    _d2i_DSAparams                      @732
-    _d2i_NETSCAPE_SPKAC                 @733
-    _d2i_NETSCAPE_SPKI                  @734
-    _d2i_Netscape_RSA                   @735
-    _d2i_Netscape_RSA_2                 @1040
-    _d2i_PKCS7                          @736
-    _d2i_PKCS7_DIGEST                   @737
-    _d2i_PKCS7_ENCRYPT                  @738
-    _d2i_PKCS7_ENC_CONTENT              @739
-    _d2i_PKCS7_ENVELOPE                 @740
-    _d2i_PKCS7_ISSUER_AND_SERIAL        @741
-    _d2i_PKCS7_RECIP_INFO               @742
-    _d2i_PKCS7_SIGNED                   @743
-    _d2i_PKCS7_SIGNER_INFO              @744
-    _d2i_PKCS7_SIGN_ENVELOPE            @745
-    _d2i_PKCS7_bio                      @746
-    _d2i_PrivateKey                     @748
-    _d2i_PublicKey                      @749
-    _d2i_RSAPrivateKey                  @750
-    _d2i_RSAPrivateKey_bio              @751
-    _d2i_RSAPublicKey                   @753
-    _d2i_RSAPublicKey_bio               @945
-    _d2i_X509                           @754
-    _d2i_X509_ALGOR                     @755
-    _d2i_X509_ATTRIBUTE                 @756
-    _d2i_X509_CINF                      @757
-    _d2i_X509_CRL                       @758
-    _d2i_X509_CRL_INFO                  @759
-    _d2i_X509_CRL_bio                   @760
-    _d2i_X509_EXTENSION                 @762
-    _d2i_X509_NAME                      @763
-    _d2i_X509_NAME_ENTRY                @764
-    _d2i_X509_PKEY                      @765
-    _d2i_X509_PUBKEY                    @766
-    _d2i_X509_REQ                       @767
-    _d2i_X509_REQ_INFO                  @768
-    _d2i_X509_REQ_bio                   @769
-    _d2i_X509_REVOKED                   @771
-    _d2i_X509_SIG                       @772
-    _d2i_X509_VAL                       @773
-    _d2i_X509_bio                       @774
-    _des_cbc_cksum                      @777
-    _des_cbc_encrypt                    @778
-    _des_cblock_print_file              @779
-    _des_cfb64_encrypt                  @780
-    _des_cfb_encrypt                    @781
-    _des_decrypt3                       @782
-    _des_ecb3_encrypt                   @783
-    _des_ecb_encrypt                    @784
-    _des_ede3_cbc_encrypt               @785
-    _des_ede3_cfb64_encrypt             @786
-    _des_ede3_ofb64_encrypt             @787
-    _des_enc_read                       @788
-    _des_enc_write                      @789
-    _des_encrypt                        @790
-    _des_encrypt2                       @791
-    _des_encrypt3                       @792
-    _des_fcrypt                         @793
-    _des_is_weak_key                    @794
-    _des_key_sched                      @795
-    _des_ncbc_encrypt                   @796
-    _des_ofb64_encrypt                  @797
-    _des_ofb_encrypt                    @798
-    _des_options                        @799
-    _des_pcbc_encrypt                   @800
-    _des_quad_cksum                     @801
-    _des_random_key                     @802
-    _des_random_seed                    @803
-    _des_read_2passwords                @804
-    _des_read_password                  @805
-    _des_read_pw                        @806
-    _des_read_pw_string                 @807
-    _des_set_key                        @808
-    _des_set_odd_parity                 @809
-    _des_string_to_2keys                @810
-    _des_string_to_key                  @811
-    _des_xcbc_encrypt                   @812
-    _des_xwhite_in2out                  @813
-    _i2a_ASN1_INTEGER                   @815
-    _i2a_ASN1_OBJECT                    @816
-    _i2a_ASN1_STRING                    @817
-    _i2d_ASN1_BIT_STRING                @818
-    _i2d_ASN1_BOOLEAN                   @819
-    _i2d_ASN1_HEADER                    @820
-    _i2d_ASN1_IA5STRING                 @821
-    _i2d_ASN1_INTEGER                   @822
-    _i2d_ASN1_OBJECT                    @823
-    _i2d_ASN1_OCTET_STRING              @824
-    _i2d_ASN1_PRINTABLE                 @825
-    _i2d_ASN1_SET                       @826
-    _i2d_ASN1_TYPE                      @827
-    _i2d_ASN1_UTCTIME                   @828
-    _i2d_ASN1_bytes                     @829
-    _i2d_DHparams                       @830
-    _i2d_DSAPrivateKey                  @831
-    _i2d_DSAPrivateKey_bio              @832
-    _i2d_DSAPublicKey                   @834
-    _i2d_DSAparams                      @835
-    _i2d_NETSCAPE_SPKAC                 @836
-    _i2d_NETSCAPE_SPKI                  @837
-    _i2d_Netscape_RSA                   @838
-    _i2d_PKCS7                          @839
-    _i2d_PKCS7_DIGEST                   @840
-    _i2d_PKCS7_ENCRYPT                  @841
-    _i2d_PKCS7_ENC_CONTENT              @842
-    _i2d_PKCS7_ENVELOPE                 @843
-    _i2d_PKCS7_ISSUER_AND_SERIAL        @844
-    _i2d_PKCS7_RECIP_INFO               @845
-    _i2d_PKCS7_SIGNED                   @846
-    _i2d_PKCS7_SIGNER_INFO              @847
-    _i2d_PKCS7_SIGN_ENVELOPE            @848
-    _i2d_PKCS7_bio                      @849
-    _i2d_PrivateKey                     @851
-    _i2d_PublicKey                      @852
-    _i2d_RSAPrivateKey                  @853
-    _i2d_RSAPrivateKey_bio              @854
-    _i2d_RSAPublicKey                   @856
-    _i2d_RSAPublicKey_bio               @946
-    _i2d_X509                           @857
-    _i2d_X509_ALGOR                     @858
-    _i2d_X509_ATTRIBUTE                 @859
-    _i2d_X509_CINF                      @860
-    _i2d_X509_CRL                       @861
-    _i2d_X509_CRL_INFO                  @862
-    _i2d_X509_CRL_bio                   @863
-    _i2d_X509_EXTENSION                 @865
-    _i2d_X509_NAME                      @866
-    _i2d_X509_NAME_ENTRY                @867
-    _i2d_X509_PKEY                      @868
-    _i2d_X509_PUBKEY                    @869
-    _i2d_X509_REQ                       @870
-    _i2d_X509_REQ_INFO                  @871
-    _i2d_X509_REQ_bio                   @872
-    _i2d_X509_REVOKED                   @874
-    _i2d_X509_SIG                       @875
-    _i2d_X509_VAL                       @876
-    _i2d_X509_bio                       @877
-    _i2t_ASN1_OBJECT                    @979
-    _idea_cbc_encrypt                   @879
-    _idea_cfb64_encrypt                 @880
-    _idea_ecb_encrypt                   @881
-    _idea_encrypt                       @882
-    _idea_ofb64_encrypt                 @883
-    _idea_options                       @884
-    _idea_set_decrypt_key               @885
-    _idea_set_encrypt_key               @886
-    _lh_delete                          @887
-    _lh_doall                           @888
-    _lh_doall_arg                       @889
-    _lh_free                            @890
-    _lh_insert                          @891
-    _lh_new                             @892
-    _lh_node_stats_bio                  @894
-    _lh_node_usage_stats_bio            @896
-    _lh_retrieve                        @897
-    _lh_stats_bio                       @899
-    _lh_strhash                         @900
-    _sk_delete                          @901
-    _sk_delete_ptr                      @902
-    _sk_dup                             @903
-    _sk_find                            @904
-    _sk_free                            @905
-    _sk_insert                          @906
-    _sk_new                             @907
-    _sk_pop                             @908
-    _sk_pop_free                        @909
-    _sk_push                            @910
-    _sk_set_cmp_func                    @911
-    _sk_shift                           @912
-    _sk_unshift                         @913
-    _sk_zero                            @914
-
diff --git a/lib/libssl/src/ms/libeay32.def b/lib/libssl/src/ms/libeay32.def
deleted file mode 100644
index 196c52216eb..00000000000
--- a/lib/libssl/src/ms/libeay32.def
+++ /dev/null
@@ -1,1035 +0,0 @@
-;
-; Definition file for the DDL version of the LIBEAY32 library from SSLeay
-;
-
-LIBRARY         LIBEAY32
-
-DESCRIPTION     'SSLeay LIBEAY32 - eay@cryptsoft.com'
-
-EXPORTS
-    SSLeay                             @1
-    SSLeay_add_all_algorithms          @508
-    SSLeay_add_all_ciphers             @509
-    SSLeay_add_all_digests             @510
-    SSLeay_version                     @2
-    ASN1_BIT_STRING_asn1_meth          @3
-    ASN1_BIT_STRING_get_bit            @1060
-    ASN1_BIT_STRING_set_bit            @1061
-    ASN1_HEADER_free                   @4
-    ASN1_HEADER_new                    @5
-    ASN1_IA5STRING_asn1_meth           @6
-    ASN1_INTEGER_get                   @7
-    ASN1_INTEGER_set                   @8
-    ASN1_INTEGER_to_BN                 @9
-    ASN1_OBJECT_create                 @10
-    ASN1_OBJECT_free                   @11
-    ASN1_OBJECT_new                    @12
-    ASN1_PRINTABLE_type                @13
-    ASN1_STRING_cmp                    @14
-    ASN1_STRING_dup                    @15
-    ASN1_STRING_free                   @16
-    ASN1_STRING_new                    @17
-    ASN1_STRING_print                  @18
-    ASN1_STRING_set                    @19
-    ASN1_STRING_type_new               @20
-    ASN1_TYPE_free                     @21
-    ASN1_TYPE_get                      @916
-    ASN1_TYPE_get_int_octetstring      @1076
-    ASN1_TYPE_get_octetstring          @1077
-    ASN1_TYPE_new                      @22
-    ASN1_TYPE_set                      @917
-    ASN1_TYPE_set_int_octetstring      @1078
-    ASN1_TYPE_set_octetstring          @1079
-    ASN1_UNIVERSALSTRING_to_string     @23
-    ASN1_UTCTIME_check                 @24
-    ASN1_UTCTIME_print                 @25
-    ASN1_UTCTIME_set                   @26
-    ASN1_UTCTIME_set_string            @1080
-    ASN1_check_infinite_end            @27
-    ASN1_d2i_bio                       @28
-    ASN1_d2i_fp                        @29
-    ASN1_digest                        @30
-    ASN1_dup                           @31
-    ASN1_get_object                    @32
-    ASN1_i2d_bio                       @33
-    ASN1_i2d_fp                        @34
-    ASN1_object_size                   @35
-    ASN1_parse                         @36
-    ASN1_put_object                    @37
-    ASN1_sign                          @38
-    ASN1_verify                        @39
-    BF_cbc_encrypt                     @40
-    BF_cfb64_encrypt                   @41
-    BF_decrypt                         @987
-    BF_ecb_encrypt                     @42
-    BF_encrypt                         @43
-    BF_ofb64_encrypt                   @44
-    BF_options                         @45
-    BF_set_key                         @46
-    BIO_accept                         @51
-    BIO_copy_next_retry                @955
-    BIO_ctrl                           @52
-    BIO_debug_callback                 @54
-    BIO_dump                           @55
-    BIO_dup_chain                      @56
-    BIO_f_base64                       @57
-    BIO_f_buffer                       @58
-    BIO_f_cipher                       @59
-    BIO_f_md                           @60
-    BIO_f_nbio_test                    @915
-    BIO_f_null                         @61
-    BIO_fd_non_fatal_error             @63
-    BIO_fd_should_retry                @64
-    BIO_find_type                      @65
-    BIO_free                           @66
-    BIO_free_all                       @67
-    BIO_get_accept_socket              @69
-    BIO_get_host_ip                    @71
-    BIO_get_port                       @72
-    BIO_get_retry_BIO                  @73
-    BIO_get_retry_reason               @74
-    BIO_gethostbyname                  @75
-    BIO_gets                           @76
-    BIO_ghbn_ctrl                      @1003
-    BIO_int_ctrl                       @53
-    BIO_new                            @78
-    BIO_new_accept                     @79
-    BIO_new_connect                    @80
-    BIO_new_fd                         @81
-    BIO_new_file                       @82
-    BIO_new_fp                         @83
-    BIO_new_socket                     @84
-    BIO_pop                            @85
-    BIO_printf                         @86
-    BIO_ptr_ctrl                       @969
-    BIO_push                           @87
-    BIO_puts                           @88
-    BIO_read                           @89
-    BIO_s_accept                       @90
-    BIO_s_connect                      @91
-    BIO_s_fd                           @92
-    BIO_s_file                         @93
-    BIO_s_mem                          @95
-    BIO_s_null                         @96
-    BIO_s_socket                       @98
-    BIO_set                            @100
-    BIO_set_cipher                     @101
-    BIO_set_tcp_ndelay                 @102
-    BIO_sock_cleanup                   @103
-    BIO_sock_error                     @104
-    BIO_sock_init                      @105
-    BIO_sock_non_fatal_error           @106
-    BIO_sock_should_retry              @107
-    BIO_socket_ioctl                   @108
-    BIO_write                          @109
-    BN_BLINDING_convert                @973
-    BN_BLINDING_free                   @981
-    BN_BLINDING_invert                 @974
-    BN_BLINDING_new                    @980
-    BN_BLINDING_update                 @975
-    BN_CTX_free                        @110
-    BN_CTX_new                         @111
-    BN_MONT_CTX_free                   @112
-    BN_MONT_CTX_new                    @113
-    BN_MONT_CTX_set                    @114
-    BN_add                             @115
-    BN_add_word                        @116
-    BN_bin2bn                          @118
-    BN_bn2bin                          @120
-    BN_bn2dec                          @1002
-    BN_bn2hex                          @119
-    BN_bn2mpi                          @1058
-    BN_clear                           @121
-    BN_clear_bit                       @122
-    BN_clear_free                      @123
-    BN_cmp                             @124
-    BN_copy                            @125
-    BN_dec2bn                          @1001
-    BN_div                             @126
-    BN_div_word                        @127
-    BN_dup                             @128
-    BN_exp                             @998
-    BN_free                            @129
-    BN_from_montgomery                 @130
-    BN_gcd                             @131
-    BN_generate_prime                  @132
-    BN_get_word                        @133
-    BN_hex2bn                          @117
-    BN_is_bit_set                      @134
-    BN_is_prime                        @135
-    BN_lshift                          @136
-    BN_lshift1                         @137
-    BN_mask_bits                       @138
-    BN_mod                             @139
-    BN_mod_exp                         @140
-    BN_mod_exp_mont                    @141
-    BN_mod_exp_recp                    @142
-    BN_mod_exp_simple                  @143
-    BN_mod_inverse                     @144
-    BN_mod_mul                         @145
-    BN_mod_mul_montgomery              @146
-    BN_mod_mul_reciprocal              @147
-    BN_mod_word                        @148
-    BN_mpi2bn                          @1059
-    BN_mul                             @149
-    BN_mul_word                        @999
-    BN_new                             @150
-    BN_num_bits                        @151
-    BN_num_bits_word                   @152
-    BN_options                         @153
-    BN_print                           @154
-    BN_print_fp                        @155
-    BN_rand                            @156
-    BN_reciprocal                      @157
-    BN_rshift                          @158
-    BN_rshift1                         @159
-    BN_set_bit                         @160
-    BN_set_word                        @161
-    BN_sqr                             @162
-    BN_sub                             @163
-    BN_sub_word                        @1000
-    BN_to_ASN1_INTEGER                 @164
-    BN_ucmp                            @165
-    BN_value_one                       @166
-    BUF_MEM_free                       @167
-    BUF_MEM_grow                       @168
-    BUF_MEM_new                        @169
-    BUF_strdup                         @170
-    CAST_cbc_encrypt                   @992
-    CAST_cfb64_encrypt                 @993
-    CAST_decrypt                       @990
-    CAST_ecb_encrypt                   @991
-    CAST_encrypt                       @989
-    CAST_ofb64_encrypt                 @994
-    CAST_set_key                       @988
-    CONF_free                          @171
-    CONF_get_number                    @172
-    CONF_get_section                   @173
-    CONF_get_string                    @174
-    CONF_load                          @175
-    CRYPTO_add_lock                    @176
-    CRYPTO_dbg_free                    @177
-    CRYPTO_dbg_malloc                  @178
-    CRYPTO_dbg_realloc                 @179
-    CRYPTO_dbg_remalloc                @180
-    CRYPTO_dup_ex_data                 @1025
-    CRYPTO_free                        @181
-    CRYPTO_free_ex_data                @1004
-    CRYPTO_get_add_lock_callback       @182
-    CRYPTO_get_ex_data                 @1005
-    CRYPTO_get_ex_new_index            @1041
-    CRYPTO_get_id_callback             @183
-    CRYPTO_get_lock_name               @184
-    CRYPTO_get_locking_callback        @185
-    CRYPTO_get_mem_functions           @186
-    CRYPTO_get_new_lockid              @1026
-    CRYPTO_lock                        @187
-    CRYPTO_malloc                      @188
-    CRYPTO_mem_ctrl                    @189
-    CRYPTO_mem_leaks                   @190
-    CRYPTO_mem_leaks_cb                @191
-    CRYPTO_mem_leaks_fp                @192
-    CRYPTO_new_ex_data                 @1027
-    CRYPTO_realloc                     @193
-    CRYPTO_remalloc                    @194
-    CRYPTO_set_add_lock_callback       @195
-    CRYPTO_set_ex_data                 @1007
-    CRYPTO_set_id_callback             @196
-    CRYPTO_set_locking_callback        @197
-    CRYPTO_set_mem_functions           @198
-    CRYPTO_thread_id                   @199
-    DH_check                           @200
-    DH_compute_key                     @201
-    DH_free                            @202
-    DH_generate_key                    @203
-    DH_generate_parameters             @204
-    DH_new                             @205
-    DH_size                            @206
-    DHparams_print                     @207
-    DHparams_print_fp                  @208
-    DSA_free                           @209
-    DSA_generate_key                   @210
-    DSA_generate_parameters            @211
-    DSA_is_prime                       @212
-    DSA_new                            @213
-    DSA_print                          @214
-    DSA_print_fp                       @215
-    DSA_sign                           @216
-    DSA_sign_setup                     @217
-    DSA_size                           @218
-    DSA_verify                         @219
-    DSAparams_print                    @220
-    DSAparams_print_fp                 @221
-    ERR_add_error_data                 @1081
-    ERR_clear_error                    @222
-    ERR_error_string                   @223
-    ERR_free_strings                   @224
-    ERR_func_error_string              @225
-    ERR_get_err_state_table            @226
-    ERR_get_error                      @227
-    ERR_get_error_line                 @228
-    ERR_get_next_error_library         @966
-    ERR_get_state                      @229
-    ERR_get_string_table               @230
-    ERR_lib_error_string               @231
-    ERR_load_ASN1_strings              @232
-    ERR_load_BIO_strings               @233
-    ERR_load_BN_strings                @234
-    ERR_load_BUF_strings               @235
-    ERR_load_CONF_strings              @236
-    ERR_load_CRYPTO_strings            @1009
-    ERR_load_DH_strings                @237
-    ERR_load_DSA_strings               @238
-    ERR_load_ERR_strings               @239
-    ERR_load_EVP_strings               @240
-    ERR_load_OBJ_strings               @241
-    ERR_load_PEM_strings               @242
-    ERR_load_PKCS7_strings             @919
-    ERR_load_RSA_strings               @244
-    ERR_load_X509_strings              @245
-    ERR_load_crypto_strings            @246
-    ERR_load_strings                   @247
-    ERR_peek_error                     @248
-    ERR_peek_error_line                @249
-    ERR_print_errors                   @250
-    ERR_print_errors_fp                @251
-    ERR_put_error                      @252
-    ERR_reason_error_string            @253
-    ERR_remove_state                   @254
-    ERR_set_error_data                 @1082
-    EVP_BytesToKey                     @255
-    EVP_CIPHER_CTX_cleanup             @256
-    EVP_CIPHER_CTX_init                @961
-    EVP_CIPHER_asn1_to_param           @1083
-    EVP_CIPHER_get_asn1_iv             @1085
-    EVP_CIPHER_param_to_asn1           @1084
-    EVP_CIPHER_set_asn1_iv             @1086
-    EVP_CipherFinal                    @257
-    EVP_CipherInit                     @258
-    EVP_CipherUpdate                   @259
-    EVP_DecodeBlock                    @260
-    EVP_DecodeFinal                    @261
-    EVP_DecodeInit                     @262
-    EVP_DecodeUpdate                   @263
-    EVP_DecryptFinal                   @264
-    EVP_DecryptInit                    @265
-    EVP_DecryptUpdate                  @266
-    EVP_DigestFinal                    @267
-    EVP_DigestInit                     @268
-    EVP_DigestUpdate                   @269
-    EVP_EncodeBlock                    @270
-    EVP_EncodeFinal                    @271
-    EVP_EncodeInit                     @272
-    EVP_EncodeUpdate                   @273
-    EVP_EncryptFinal                   @274
-    EVP_EncryptInit                    @275
-    EVP_EncryptUpdate                  @276
-    EVP_OpenFinal                      @277
-    EVP_OpenInit                       @278
-    EVP_PKEY_assign                    @279
-    EVP_PKEY_bits                      @1010
-    EVP_PKEY_cmp_parameters            @967
-    EVP_PKEY_copy_parameters           @280
-    EVP_PKEY_decrypt                   @1070
-    EVP_PKEY_encrypt                   @1071
-    EVP_PKEY_free                      @281
-    EVP_PKEY_missing_parameters        @282
-    EVP_PKEY_new                       @283
-    EVP_PKEY_save_parameters           @284
-    EVP_PKEY_size                      @285
-    EVP_PKEY_type                      @286
-    EVP_SealFinal                      @287
-    EVP_SealInit                       @288
-    EVP_SignFinal                      @289
-    EVP_VerifyFinal                    @290
-    EVP_add_alias                      @291
-    EVP_add_cipher                     @292
-    EVP_add_digest                     @293
-    EVP_bf_cbc                         @294
-    EVP_bf_cfb                         @295
-    EVP_bf_ecb                         @296
-    EVP_bf_ofb                         @297
-    EVP_cast5_cbc                      @983
-    EVP_cast5_cfb                      @984
-    EVP_cast5_ecb                      @985
-    EVP_cast5_ofb                      @986
-    EVP_cleanup                        @298
-    EVP_delete_alias                   @941
-    EVP_des_cbc                        @299
-    EVP_des_cfb                        @300
-    EVP_des_ecb                        @301
-    EVP_des_ede                        @302
-    EVP_des_ede3                       @303
-    EVP_des_ede3_cbc                   @304
-    EVP_des_ede3_cfb                   @305
-    EVP_des_ede3_ofb                   @306
-    EVP_des_ede_cbc                    @307
-    EVP_des_ede_cfb                    @308
-    EVP_des_ede_ofb                    @309
-    EVP_des_ofb                        @310
-    EVP_desx_cbc                       @311
-    EVP_dss                            @312
-    EVP_dss1                           @313
-    EVP_enc_null                       @314
-    EVP_get_cipherbyname               @315
-    EVP_get_digestbyname               @316
-    EVP_get_pw_prompt                  @317
-    EVP_idea_cbc                       @318
-    EVP_idea_cfb                       @319
-    EVP_idea_ecb                       @320
-    EVP_idea_ofb                       @321
-    EVP_md2                            @322
-    EVP_md5                            @323
-    EVP_md_null                        @324
-    EVP_mdc2                           @942
-    EVP_rc2_40_cbc                     @959
-    EVP_rc2_cbc                        @325
-    EVP_rc2_cfb                        @326
-    EVP_rc2_ecb                        @327
-    EVP_rc2_ofb                        @328
-    EVP_rc4                            @329
-    EVP_rc4_40                         @960
-    EVP_rc5_32_12_16_cbc               @1087
-    EVP_rc5_32_12_16_cfb               @1088
-    EVP_rc5_32_12_16_ecb               @1089
-    EVP_rc5_32_12_16_ofb               @1090
-    EVP_read_pw_string                 @330
-    EVP_set_pw_prompt                  @331
-    EVP_sha                            @332
-    EVP_sha1                           @333
-    HMAC                               @962
-    HMAC_Final                         @965
-    HMAC_Init                          @963
-    HMAC_Update                        @964
-    HMAC_cleanup                       @968
-    MD2                                @334
-    MD2_Final                          @335
-    MD2_Init                           @336
-    MD2_Update                         @337
-    MD2_options                        @338
-    MD5                                @339
-    MD5_Final                          @340
-    MD5_Init                           @341
-    MD5_Transform                      @1011
-    MD5_Update                         @342
-    MDC2                               @343
-    MDC2_Final                         @344
-    MDC2_Init                          @345
-    MDC2_Update                        @346
-    NETSCAPE_SPKAC_free                @347
-    NETSCAPE_SPKAC_new                 @348
-    NETSCAPE_SPKI_free                 @349
-    NETSCAPE_SPKI_new                  @350
-    NETSCAPE_SPKI_sign                 @351
-    NETSCAPE_SPKI_verify               @352
-    OBJ_add_object                     @353
-    OBJ_bsearch                        @354
-    OBJ_cleanup                        @355
-    OBJ_cmp                            @356
-    OBJ_create                         @357
-    OBJ_create_objects                 @997
-    OBJ_dup                            @358
-    OBJ_ln2nid                         @359
-    OBJ_new_nid                        @360
-    OBJ_nid2ln                         @361
-    OBJ_nid2obj                        @362
-    OBJ_nid2sn                         @363
-    OBJ_obj2nid                        @364
-    OBJ_sn2nid                         @365
-    OBJ_txt2nid                        @366
-    PEM_ASN1_read                      @367
-    PEM_ASN1_read_bio                  @368
-    PEM_ASN1_write                     @369
-    PEM_ASN1_write_bio                 @370
-    PEM_SealFinal                      @371
-    PEM_SealInit                       @372
-    PEM_SealUpdate                     @373
-    PEM_SignFinal                      @374
-    PEM_X509_INFO_read                 @377
-    PEM_X509_INFO_read_bio             @378
-    PEM_X509_INFO_write_bio            @379
-    PEM_dek_info                       @380
-    PEM_do_header                      @381
-    PEM_get_EVP_CIPHER_INFO            @382
-    PEM_proc_type                      @383
-    PEM_read                           @384
-    PEM_read_DHparams                  @385
-    PEM_read_DSAPrivateKey             @386
-    PEM_read_DSAparams                 @387
-    PEM_read_PKCS7                     @388
-    PEM_read_PrivateKey                @389
-    PEM_read_RSAPrivateKey             @390
-    PEM_read_RSAPublicKey              @947
-    PEM_read_X509                      @391
-    PEM_read_X509_CRL                  @392
-    PEM_read_X509_REQ                  @393
-    PEM_read_bio                       @394
-    PEM_read_bio_DHparams              @395
-    PEM_read_bio_DSAPrivateKey         @396
-    PEM_read_bio_DSAparams             @397
-    PEM_read_bio_PKCS7                 @398
-    PEM_read_bio_PrivateKey            @399
-    PEM_read_bio_RSAPrivateKey         @400
-    PEM_read_bio_RSAPublicKey          @943
-    PEM_read_bio_X509                  @401
-    PEM_read_bio_X509_CRL              @402
-    PEM_read_bio_X509_REQ              @403
-    PEM_write                          @404
-    PEM_write_DHparams                 @405
-    PEM_write_DSAPrivateKey            @406
-    PEM_write_DSAparams                @407
-    PEM_write_PKCS7                    @408
-    PEM_write_PrivateKey               @409
-    PEM_write_RSAPrivateKey            @410
-    PEM_write_RSAPublicKey             @949
-    PEM_write_X509                     @411
-    PEM_write_X509_CRL                 @412
-    PEM_write_X509_REQ                 @413
-    PEM_write_bio                      @414
-    PEM_write_bio_DHparams             @415
-    PEM_write_bio_DSAPrivateKey        @416
-    PEM_write_bio_DSAparams            @417
-    PEM_write_bio_PKCS7                @418
-    PEM_write_bio_PrivateKey           @419
-    PEM_write_bio_RSAPrivateKey        @420
-    PEM_write_bio_RSAPublicKey         @944
-    PEM_write_bio_X509                 @421
-    PEM_write_bio_X509_CRL             @422
-    PEM_write_bio_X509_REQ             @423
-    PKCS7_DIGEST_free                  @424
-    PKCS7_DIGEST_new                   @425
-    PKCS7_ENCRYPT_free                 @426
-    PKCS7_ENCRYPT_new                  @427
-    PKCS7_ENC_CONTENT_free             @428
-    PKCS7_ENC_CONTENT_new              @429
-    PKCS7_ENVELOPE_free                @430
-    PKCS7_ENVELOPE_new                 @431
-    PKCS7_ISSUER_AND_SERIAL_digest     @432
-    PKCS7_ISSUER_AND_SERIAL_free       @433
-    PKCS7_ISSUER_AND_SERIAL_new        @434
-    PKCS7_RECIP_INFO_free              @435
-    PKCS7_RECIP_INFO_new               @436
-    PKCS7_RECIP_INFO_set               @1072
-    PKCS7_SIGNED_free                  @437
-    PKCS7_SIGNED_new                   @438
-    PKCS7_SIGNER_INFO_free             @439
-    PKCS7_SIGNER_INFO_new              @440
-    PKCS7_SIGNER_INFO_set              @930
-    PKCS7_SIGN_ENVELOPE_free           @441
-    PKCS7_SIGN_ENVELOPE_new            @442
-    PKCS7_add_certificate              @932
-    PKCS7_add_crl                      @933
-    PKCS7_add_recipient                @1073
-    PKCS7_add_recipient_info           @1074
-    PKCS7_add_signature                @938
-    PKCS7_add_signer                   @931
-    PKCS7_cert_from_signer_info        @939
-    PKCS7_content_free                 @918
-    PKCS7_content_new                  @934
-    PKCS7_ctrl                         @927
-    PKCS7_dataInit                     @937
-    PKCS7_dataSign                     @935
-    PKCS7_dataVerify                   @936
-    PKCS7_dup                          @443
-    PKCS7_free                         @444
-    PKCS7_get_signer_info              @940
-    PKCS7_new                          @445
-    PKCS7_set_cipher                   @1075
-    PKCS7_set_content                  @929
-    PKCS7_set_type                     @928
-    RAND_bytes                         @464
-    RAND_cleanup                       @465
-    RAND_file_name                     @466
-    RAND_load_file                     @467
-    RAND_screen                        @468
-    RAND_seed                          @469
-    RAND_write_file                    @470
-    RC2_cbc_encrypt                    @471
-    RC2_cfb64_encrypt                  @472
-    RC2_decrypt                        @995
-    RC2_ecb_encrypt                    @473
-    RC2_encrypt                        @474
-    RC2_ofb64_encrypt                  @475
-    RC2_set_key                        @476
-    RC4                                @477
-    RC4_options                        @478
-    RC4_set_key                        @479
-    RC5_32_cbc_encrypt                 @1051
-    RC5_32_cfb64_encrypt               @1052
-    RC5_32_decrypt                     @1050
-    RC5_32_ecb_encrypt                 @1048
-    RC5_32_encrypt                     @1049
-    RC5_32_ofb64_encrypt               @1053
-    RC5_32_set_key                     @1047
-    RIPEMD160                          @1045
-    RIPEMD160_Final                    @1044
-    RIPEMD160_Init                     @1042
-    RIPEMD160_Transform                @1046
-    RIPEMD160_Update                   @1043
-    RSAPrivateKey_asn1_meth            @480
-    RSAPrivateKey_dup                  @481
-    RSAPublicKey_dup                   @482
-    RSA_PKCS1_SSLeay                   @483
-    RSA_blinding_off                   @978
-    RSA_blinding_on                    @977
-    RSA_flags                          @956
-    RSA_free                           @484
-    RSA_generate_key                   @485
-    RSA_get_ex_data                    @1029
-    RSA_get_ex_new_index               @1030
-    RSA_new                            @486
-    RSA_new_method                     @487
-    RSA_padding_add_PKCS1_type_1       @1031
-    RSA_padding_add_PKCS1_type_2       @1032
-    RSA_padding_add_SSLv23             @1033
-    RSA_padding_add_none               @1034
-    RSA_padding_check_PKCS1_type_1     @1035
-    RSA_padding_check_PKCS1_type_2     @1036
-    RSA_padding_check_SSLv23           @1037
-    RSA_padding_check_none             @1038
-    RSA_print                          @488
-    RSA_print_fp                       @489
-    RSA_private_decrypt                @490
-    RSA_private_encrypt                @491
-    RSA_public_decrypt                 @492
-    RSA_public_encrypt                 @493
-    RSA_set_default_method             @494
-    RSA_set_ex_data                    @1028
-    RSA_sign                           @495
-    RSA_sign_ASN1_OCTET_STRING         @496
-    RSA_size                           @497
-    RSA_verify                         @498
-    RSA_verify_ASN1_OCTET_STRING       @499
-    SHA                                @500
-    SHA1                               @501
-    SHA1_Final                         @502
-    SHA1_Init                          @503
-    SHA1_Transform                     @1012
-    SHA1_Update                        @504
-    SHA_Final                          @505
-    SHA_Init                           @506
-    SHA_Transform                      @1013
-    SHA_Update                         @507
-    TXT_DB_create_index                @511
-    TXT_DB_free                        @512
-    TXT_DB_get_by_index                @513
-    TXT_DB_insert                      @514
-    TXT_DB_read                        @515
-    TXT_DB_write                       @516
-    X509_ALGOR_free                    @517
-    X509_ALGOR_new                     @518
-    X509_ATTRIBUTE_free                @519
-    X509_ATTRIBUTE_new                 @520
-    X509_CINF_free                     @521
-    X509_CINF_new                      @522
-    X509_CRL_INFO_free                 @523
-    X509_CRL_INFO_new                  @524
-    X509_CRL_add_ext                   @525
-    X509_CRL_cmp                       @526
-    X509_CRL_delete_ext                @527
-    X509_CRL_dup                       @528
-    X509_CRL_free                      @529
-    X509_CRL_get_ext                   @530
-    X509_CRL_get_ext_by_NID            @531
-    X509_CRL_get_ext_by_OBJ            @532
-    X509_CRL_get_ext_by_critical       @533
-    X509_CRL_get_ext_count             @534
-    X509_CRL_new                       @535
-    X509_CRL_sign                      @536
-    X509_CRL_verify                    @537
-    X509_EXTENSION_create_by_NID       @538
-    X509_EXTENSION_create_by_OBJ       @539
-    X509_EXTENSION_dup                 @540
-    X509_EXTENSION_free                @541
-    X509_EXTENSION_get_critical        @542
-    X509_EXTENSION_get_data            @543
-    X509_EXTENSION_get_object          @544
-    X509_EXTENSION_new                 @545
-    X509_EXTENSION_set_critical        @546
-    X509_EXTENSION_set_data            @547
-    X509_EXTENSION_set_object          @548
-    X509_INFO_free                     @549
-    X509_INFO_new                      @550
-    X509_LOOKUP_by_alias               @551
-    X509_LOOKUP_by_fingerprint         @552
-    X509_LOOKUP_by_issuer_serial       @553
-    X509_LOOKUP_by_subject             @554
-    X509_LOOKUP_ctrl                   @555
-    X509_LOOKUP_file                   @556
-    X509_LOOKUP_free                   @557
-    X509_LOOKUP_hash_dir               @558
-    X509_LOOKUP_init                   @559
-    X509_LOOKUP_new                    @560
-    X509_LOOKUP_shutdown               @561
-    X509_NAME_ENTRY_create_by_NID      @562
-    X509_NAME_ENTRY_create_by_OBJ      @563
-    X509_NAME_ENTRY_dup                @564
-    X509_NAME_ENTRY_free               @565
-    X509_NAME_ENTRY_get_data           @566
-    X509_NAME_ENTRY_get_object         @567
-    X509_NAME_ENTRY_new                @568
-    X509_NAME_ENTRY_set_data           @569
-    X509_NAME_ENTRY_set_object         @570
-    X509_NAME_add_entry                @571
-    X509_NAME_cmp                      @572
-    X509_NAME_delete_entry             @573
-    X509_NAME_digest                   @574
-    X509_NAME_dup                      @575
-    X509_NAME_entry_count              @576
-    X509_NAME_free                     @577
-    X509_NAME_get_entry                @578
-    X509_NAME_get_index_by_NID         @579
-    X509_NAME_get_index_by_OBJ         @580
-    X509_NAME_get_text_by_NID          @581
-    X509_NAME_get_text_by_OBJ          @582
-    X509_NAME_hash                     @583
-    X509_NAME_new                      @584
-    X509_NAME_oneline                  @585
-    X509_NAME_print                    @586
-    X509_NAME_set                      @587
-    X509_OBJECT_free_contents          @588
-    X509_OBJECT_retrive_by_subject     @589
-    X509_OBJECT_up_ref_count           @590
-    X509_PKEY_free                     @591
-    X509_PKEY_new                      @592
-    X509_PUBKEY_free                   @593
-    X509_PUBKEY_get                    @594
-    X509_PUBKEY_new                    @595
-    X509_PUBKEY_set                    @596
-    X509_REQ_INFO_free                 @597
-    X509_REQ_INFO_new                  @598
-    X509_REQ_dup                       @599
-    X509_REQ_free                      @600
-    X509_REQ_get_pubkey                @601
-    X509_REQ_new                       @602
-    X509_REQ_print                     @603
-    X509_REQ_print_fp                  @604
-    X509_REQ_set_pubkey                @605
-    X509_REQ_set_subject_name          @606
-    X509_REQ_set_version               @607
-    X509_REQ_sign                      @608
-    X509_REQ_to_X509                   @609
-    X509_REQ_verify                    @610
-    X509_REVOKED_add_ext               @611
-    X509_REVOKED_delete_ext            @612
-    X509_REVOKED_free                  @613
-    X509_REVOKED_get_ext               @614
-    X509_REVOKED_get_ext_by_NID        @615
-    X509_REVOKED_get_ext_by_OBJ        @616
-    X509_REVOKED_get_ext_by_critical   @617
-    X509_REVOKED_get_ext_count         @618
-    X509_REVOKED_new                   @619
-    X509_SIG_free                      @620
-    X509_SIG_new                       @621
-    X509_STORE_CTX_cleanup             @622
-    X509_STORE_CTX_get_chain           @1014
-    X509_STORE_CTX_get_current_cert    @1015
-    X509_STORE_CTX_get_error           @1016
-    X509_STORE_CTX_get_error_depth     @1017
-    X509_STORE_CTX_get_ex_data         @1018
-    X509_STORE_CTX_init                @623
-    X509_STORE_CTX_set_cert            @1020
-    X509_STORE_CTX_set_chain           @1021
-    X509_STORE_CTX_set_error           @1022
-    X509_STORE_CTX_set_ex_data         @1023
-    X509_STORE_add_cert                @624
-    X509_STORE_add_crl                 @957
-    X509_STORE_add_lookup              @625
-    X509_STORE_free                    @626
-    X509_STORE_get_by_subject          @627
-    X509_STORE_load_locations          @628
-    X509_STORE_new                     @629
-    X509_STORE_set_default_paths       @630
-    X509_VAL_free                      @631
-    X509_VAL_new                       @632
-    X509_add_ext                       @633
-    X509_asn1_meth                     @634
-    X509_certificate_type              @635
-    X509_check_private_key             @636
-    X509_cmp_current_time              @637
-    X509_delete_ext                    @638
-    X509_digest                        @639
-    X509_dup                           @640
-    X509_find_by_issuer_and_serial     @920
-    X509_find_by_subject               @921
-    X509_free                          @641
-    X509_get_default_cert_area         @642
-    X509_get_default_cert_dir          @643
-    X509_get_default_cert_dir_env      @644
-    X509_get_default_cert_file         @645
-    X509_get_default_cert_file_env     @646
-    X509_get_default_private_dir       @647
-    X509_get_ext                       @648
-    X509_get_ext_by_NID                @649
-    X509_get_ext_by_OBJ                @650
-    X509_get_ext_by_critical           @651
-    X509_get_ext_count                 @652
-    X509_get_issuer_name               @653
-    X509_get_pubkey                    @654
-    X509_get_pubkey_parameters         @655
-    X509_get_serialNumber              @656
-    X509_get_subject_name              @657
-    X509_gmtime_adj                    @658
-    X509_issuer_and_serial_cmp         @659
-    X509_issuer_and_serial_hash        @660
-    X509_issuer_name_cmp               @661
-    X509_issuer_name_hash              @662
-    X509_load_cert_file                @663
-    X509_load_crl_file                 @958
-    X509_new                           @664
-    X509_print                         @665
-    X509_print_fp                      @666
-    X509_set_issuer_name               @667
-    X509_set_notAfter                  @668
-    X509_set_notBefore                 @669
-    X509_set_pubkey                    @670
-    X509_set_serialNumber              @671
-    X509_set_subject_name              @672
-    X509_set_version                   @673
-    X509_sign                          @674
-    X509_subject_name_cmp              @675
-    X509_subject_name_hash             @676
-    X509_to_X509_REQ                   @677
-    X509_verify                        @678
-    X509_verify_cert                   @679
-    X509_verify_cert_error_string      @680
-    X509v3_add_ext                     @681
-    X509v3_add_extension               @682
-    X509v3_add_netscape_extensions     @683
-    X509v3_add_standard_extensions     @684
-    X509v3_cleanup_extensions          @685
-    X509v3_data_type_by_NID            @686
-    X509v3_data_type_by_OBJ            @687
-    X509v3_delete_ext                  @688
-    X509v3_get_ext                     @689
-    X509v3_get_ext_by_NID              @690
-    X509v3_get_ext_by_OBJ              @691
-    X509v3_get_ext_by_critical         @692
-    X509v3_get_ext_count               @693
-    X509v3_pack_string                 @694
-    X509v3_pack_type_by_NID            @695
-    X509v3_pack_type_by_OBJ            @696
-    X509v3_unpack_string               @697
-    a2d_ASN1_OBJECT                    @699
-    a2i_ASN1_INTEGER                   @700
-    a2i_ASN1_STRING                    @701
-    asn1_Finish                        @702
-    asn1_GetSequence                   @703
-    asn1_add_error                     @1091
-    bn_add_words                       @1039
-    bn_div64                           @704
-    bn_expand2                         @705
-    bn_mul_add_words                   @706
-    bn_mul_words                       @707
-    bn_qadd                            @708
-    bn_qsub                            @709
-    bn_sqr_words                       @710
-    crypt                              @711
-    d2i_ASN1_BIT_STRING                @712
-    d2i_ASN1_BOOLEAN                   @713
-    d2i_ASN1_HEADER                    @714
-    d2i_ASN1_IA5STRING                 @715
-    d2i_ASN1_INTEGER                   @716
-    d2i_ASN1_OBJECT                    @717
-    d2i_ASN1_OCTET_STRING              @718
-    d2i_ASN1_PRINTABLE                 @719
-    d2i_ASN1_PRINTABLESTRING           @720
-    d2i_ASN1_SET                       @721
-    d2i_ASN1_T61STRING                 @722
-    d2i_ASN1_TYPE                      @723
-    d2i_ASN1_UTCTIME                   @724
-    d2i_ASN1_bytes                     @725
-    d2i_ASN1_type_bytes                @726
-    d2i_DHparams                       @727
-    d2i_DSAPrivateKey                  @728
-    d2i_DSAPrivateKey_bio              @729
-    d2i_DSAPrivateKey_fp               @730
-    d2i_DSAPublicKey                   @731
-    d2i_DSAparams                      @732
-    d2i_NETSCAPE_SPKAC                 @733
-    d2i_NETSCAPE_SPKI                  @734
-    d2i_Netscape_RSA                   @735
-    d2i_Netscape_RSA_2                 @1040
-    d2i_PKCS7                          @736
-    d2i_PKCS7_DIGEST                   @737
-    d2i_PKCS7_ENCRYPT                  @738
-    d2i_PKCS7_ENC_CONTENT              @739
-    d2i_PKCS7_ENVELOPE                 @740
-    d2i_PKCS7_ISSUER_AND_SERIAL        @741
-    d2i_PKCS7_RECIP_INFO               @742
-    d2i_PKCS7_SIGNED                   @743
-    d2i_PKCS7_SIGNER_INFO              @744
-    d2i_PKCS7_SIGN_ENVELOPE            @745
-    d2i_PKCS7_bio                      @746
-    d2i_PKCS7_fp                       @747
-    d2i_PrivateKey                     @748
-    d2i_PublicKey                      @749
-    d2i_RSAPrivateKey                  @750
-    d2i_RSAPrivateKey_bio              @751
-    d2i_RSAPrivateKey_fp               @752
-    d2i_RSAPublicKey                   @753
-    d2i_RSAPublicKey_bio               @945
-    d2i_RSAPublicKey_fp                @952
-    d2i_X509                           @754
-    d2i_X509_ALGOR                     @755
-    d2i_X509_ATTRIBUTE                 @756
-    d2i_X509_CINF                      @757
-    d2i_X509_CRL                       @758
-    d2i_X509_CRL_INFO                  @759
-    d2i_X509_CRL_bio                   @760
-    d2i_X509_CRL_fp                    @761
-    d2i_X509_EXTENSION                 @762
-    d2i_X509_NAME                      @763
-    d2i_X509_NAME_ENTRY                @764
-    d2i_X509_PKEY                      @765
-    d2i_X509_PUBKEY                    @766
-    d2i_X509_REQ                       @767
-    d2i_X509_REQ_INFO                  @768
-    d2i_X509_REQ_bio                   @769
-    d2i_X509_REQ_fp                    @770
-    d2i_X509_REVOKED                   @771
-    d2i_X509_SIG                       @772
-    d2i_X509_VAL                       @773
-    d2i_X509_bio                       @774
-    d2i_X509_fp                        @775
-    des_cbc_cksum                      @777
-    des_cbc_encrypt                    @778
-    des_cblock_print_file              @779
-    des_cfb64_encrypt                  @780
-    des_cfb_encrypt                    @781
-    des_decrypt3                       @782
-    des_ecb3_encrypt                   @783
-    des_ecb_encrypt                    @784
-    des_ede3_cbc_encrypt               @785
-    des_ede3_cfb64_encrypt             @786
-    des_ede3_ofb64_encrypt             @787
-    des_enc_read                       @788
-    des_enc_write                      @789
-    des_encrypt                        @790
-    des_encrypt2                       @791
-    des_encrypt3                       @792
-    des_fcrypt                         @793
-    des_is_weak_key                    @794
-    des_key_sched                      @795
-    des_ncbc_encrypt                   @796
-    des_ofb64_encrypt                  @797
-    des_ofb_encrypt                    @798
-    des_options                        @799
-    des_pcbc_encrypt                   @800
-    des_quad_cksum                     @801
-    des_random_key                     @802
-    des_random_seed                    @803
-    des_read_2passwords                @804
-    des_read_password                  @805
-    des_read_pw                        @806
-    des_read_pw_string                 @807
-    des_set_key                        @808
-    des_set_odd_parity                 @809
-    des_string_to_2keys                @810
-    des_string_to_key                  @811
-    des_xcbc_encrypt                   @812
-    des_xwhite_in2out                  @813
-    i2a_ASN1_INTEGER                   @815
-    i2a_ASN1_OBJECT                    @816
-    i2a_ASN1_STRING                    @817
-    i2d_ASN1_BIT_STRING                @818
-    i2d_ASN1_BOOLEAN                   @819
-    i2d_ASN1_HEADER                    @820
-    i2d_ASN1_IA5STRING                 @821
-    i2d_ASN1_INTEGER                   @822
-    i2d_ASN1_OBJECT                    @823
-    i2d_ASN1_OCTET_STRING              @824
-    i2d_ASN1_PRINTABLE                 @825
-    i2d_ASN1_SET                       @826
-    i2d_ASN1_TYPE                      @827
-    i2d_ASN1_UTCTIME                   @828
-    i2d_ASN1_bytes                     @829
-    i2d_DHparams                       @830
-    i2d_DSAPrivateKey                  @831
-    i2d_DSAPrivateKey_bio              @832
-    i2d_DSAPrivateKey_fp               @833
-    i2d_DSAPublicKey                   @834
-    i2d_DSAparams                      @835
-    i2d_NETSCAPE_SPKAC                 @836
-    i2d_NETSCAPE_SPKI                  @837
-    i2d_Netscape_RSA                   @838
-    i2d_PKCS7                          @839
-    i2d_PKCS7_DIGEST                   @840
-    i2d_PKCS7_ENCRYPT                  @841
-    i2d_PKCS7_ENC_CONTENT              @842
-    i2d_PKCS7_ENVELOPE                 @843
-    i2d_PKCS7_ISSUER_AND_SERIAL        @844
-    i2d_PKCS7_RECIP_INFO               @845
-    i2d_PKCS7_SIGNED                   @846
-    i2d_PKCS7_SIGNER_INFO              @847
-    i2d_PKCS7_SIGN_ENVELOPE            @848
-    i2d_PKCS7_bio                      @849
-    i2d_PKCS7_fp                       @850
-    i2d_PrivateKey                     @851
-    i2d_PublicKey                      @852
-    i2d_RSAPrivateKey                  @853
-    i2d_RSAPrivateKey_bio              @854
-    i2d_RSAPrivateKey_fp               @855
-    i2d_RSAPublicKey                   @856
-    i2d_RSAPublicKey_bio               @946
-    i2d_RSAPublicKey_fp                @954
-    i2d_X509                           @857
-    i2d_X509_ALGOR                     @858
-    i2d_X509_ATTRIBUTE                 @859
-    i2d_X509_CINF                      @860
-    i2d_X509_CRL                       @861
-    i2d_X509_CRL_INFO                  @862
-    i2d_X509_CRL_bio                   @863
-    i2d_X509_CRL_fp                    @864
-    i2d_X509_EXTENSION                 @865
-    i2d_X509_NAME                      @866
-    i2d_X509_NAME_ENTRY                @867
-    i2d_X509_PKEY                      @868
-    i2d_X509_PUBKEY                    @869
-    i2d_X509_REQ                       @870
-    i2d_X509_REQ_INFO                  @871
-    i2d_X509_REQ_bio                   @872
-    i2d_X509_REQ_fp                    @873
-    i2d_X509_REVOKED                   @874
-    i2d_X509_SIG                       @875
-    i2d_X509_VAL                       @876
-    i2d_X509_bio                       @877
-    i2d_X509_fp                        @878
-    i2t_ASN1_OBJECT                    @979
-    idea_cbc_encrypt                   @879
-    idea_cfb64_encrypt                 @880
-    idea_ecb_encrypt                   @881
-    idea_encrypt                       @882
-    idea_ofb64_encrypt                 @883
-    idea_options                       @884
-    idea_set_decrypt_key               @885
-    idea_set_encrypt_key               @886
-    lh_delete                          @887
-    lh_doall                           @888
-    lh_doall_arg                       @889
-    lh_free                            @890
-    lh_insert                          @891
-    lh_new                             @892
-    lh_node_stats                      @893
-    lh_node_stats_bio                  @894
-    lh_node_usage_stats                @895
-    lh_node_usage_stats_bio            @896
-    lh_retrieve                        @897
-    lh_stats                           @898
-    lh_stats_bio                       @899
-    lh_strhash                         @900
-    sk_delete                          @901
-    sk_delete_ptr                      @902
-    sk_dup                             @903
-    sk_find                            @904
-    sk_free                            @905
-    sk_insert                          @906
-    sk_new                             @907
-    sk_pop                             @908
-    sk_pop_free                        @909
-    sk_push                            @910
-    sk_set_cmp_func                    @911
-    sk_shift                           @912
-    sk_unshift                         @913
-    sk_zero                            @914
-
diff --git a/lib/libssl/src/ms/mw.bat b/lib/libssl/src/ms/mw.bat
new file mode 100644
index 00000000000..dc37913b71d
--- /dev/null
+++ b/lib/libssl/src/ms/mw.bat
@@ -0,0 +1,31 @@
+@rem OpenSSL with Mingw32
+@rem --------------------
+
+@rem Makefile
+perl util\mkfiles.pl >MINFO
+perl util\mk1mf.pl Mingw32 >ms\mingw32.mak
+perl util\mk1mf.pl Mingw32-files >ms\mingw32f.mak
+@rem DLL definition files
+perl util\mkdef.pl 32 libeay >ms\libeay32.def
+if errorlevel 1 goto end
+perl util\mkdef.pl 32 ssleay >ms\ssleay32.def
+if errorlevel 1 goto end
+
+@rem Create files -- this can be skipped if using the GNU file utilities
+make -f ms/mingw32f.mak
+echo You can ignore the error messages above
+
+@rem Build the libraries
+make -f ms/mingw32.mak
+if errorlevel 1 goto end
+
+@rem Generate the DLLs and input libraries
+dllwrap --dllname libeay32.dll --output-lib out/libeay32.a --def ms/libeay32.def out/libcrypto.a -lwsock32 -lgdi32
+if errorlevel 1 goto end
+dllwrap --dllname libssl32.dll --output-lib out/libssl32.a --def ms/ssleay32.def out/libssl.a out/libeay32.a
+if errorlevel 1 goto end
+
+echo Done compiling OpenSSL
+
+:end
+
diff --git a/lib/libssl/src/ms/ntdll.mak b/lib/libssl/src/ms/ntdll.mak
deleted file mode 100644
index 044cd909bc6..00000000000
--- a/lib/libssl/src/ms/ntdll.mak
+++ /dev/null
@@ -1,1853 +0,0 @@
-# This makefile has been automatically generated from the SSLeay distribution.
-# This single makefile will build the complete SSLeay distribution and
-# by default leave the 'intertesting' output files in .\out and the stuff
-# that needs deleting in .\tmp.
-# The file was generated by running 'make makefile.one', which
-# does a 'make files', which writes all the environment variables from all
-# the makefiles to the file call MINFO.  This file is used by
-# util\mk1mf.pl to generate makefile.one.
-# The 'makefile per directory' system suites me when developing this
-# library and also so I can 'distribute' indervidual library sections.
-# The one monster makefile better suits building in non-unix
-# environments.
-
-INSTALLTOP=\usr\local\ssl
-
-# Set your compiler options
-CC=cl
-CFLAG= /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM
-APP_CFLAG=
-LIB_CFLAG= /GD -D_WINDLL -D_DLL
-SHLIB_CFLAG=
-APP_EX_OBJ=setargv.obj
-SHLIB_EX_OBJ=
-# add extra libraries to this define, for solaris -lsocket -lnsl would
-# be added
-EX_LIBS=wsock32.lib user32.lib gdi32.lib
-
-# The SSLeay directory
-SRC_D=.
-
-LINK=link
-LFLAGS=/nologo /subsystem:console /machine:I386 /opt:ref
-
-BN_MULW_OBJ=crypto\bn\asm\bn-win32.obj
-BN_MULW_SRC=crypto\bn\asm\bn-win32.asm
-DES_ENC_OBJ=crypto\des\asm\d-win32.obj crypto\des\asm\y-win32.obj
-DES_ENC_SRC=crypto\des\asm\d-win32.asm crypto\des\asm\y-win32.asm
-DES_CRYPT_OBJ=
-DES_CRYPT_SRC=
-BF_ENC_OBJ=crypto\bf\asm\b-win32.obj
-BF_ENC_SRC=crypto\bf\asm\b-win32.asm
-CAST_ENC_OBJ=crypto\cast\asm\c-win32.obj
-CAST_ENC_SRC=crypto\cast\asm\c-win32.asm
-RC4_ENC_OBJ=crypto\rc4\asm\r4-win32.obj
-RC4_ENC_SRC=crypto\rc4\asm\r4-win32.asm
-RC5_ENC_OBJ=crypto\rc5\asm\r5-win32.obj
-RC5_ENC_SRC=crypto\rc5\asm\r5-win32.asm
-MD5_ASM_OBJ=crypto\md5\asm\m5-win32.obj
-MD5_ASM_SRC=crypto\md5\asm\m5-win32.asm
-SHA1_ASM_OBJ=crypto\sha\asm\s1-win32.obj
-SHA1_ASM_SRC=crypto\sha\asm\s1-win32.asm
-RMD160_ASM_OBJ=crypto\ripemd\asm\rm-win32.obj
-RMD160_ASM_SRC=crypto\ripemd\asm\rm-win32.asm
-
-# The output directory for everything intersting
-OUT_D=out32dll
-# The output directory for all the temporary muck
-TMP_D=tmp32dll
-# The output directory for the header files
-INC_D=inc32
-
-CP=copy
-RM=del
-RANLIB=
-MKDIR=mkdir
-MKLIB=lib
-MLFLAGS= /nologo /subsystem:console /machine:I386 /opt:ref /dll
-ASM=ml /Cp /coff /c /Cx
-
-######################################################
-# You should not need to touch anything below this point
-######################################################
-
-E_EXE=ssleay
-SSL=ssleay32
-CRYPTO=libeay32
-RSAGLUE=RSAglue
-
-# BIN_D  - Binary output directory
-# TEST_D - Binary test file output directory
-# LIB_D  - library output directory
-BIN_D=$(OUT_D)
-TEST_D=$(OUT_D)
-LIB_D=$(OUT_D)
-
-# INCL_D - local library directory
-# OBJ_D  - temp object file directory
-OBJ_D=$(TMP_D)
-INCL_D=$(TMP_D)
-
-O_SSL=     $(LIB_D)\$(SSL).dll
-O_CRYPTO=  $(LIB_D)\$(CRYPTO).dll
-O_RSAGLUE= $(LIB_D)\$(RSAGLUE).lib
-SO_SSL=    $(SSL)
-SO_CRYPTO= $(CRYPTO)
-L_SSL=     $(LIB_D)\$(SSL).lib
-L_CRYPTO=  $(LIB_D)\$(CRYPTO).lib
-
-L_LIBS= $(L_SSL) $(L_CRYPTO)
-#L_LIBS= $(O_SSL) $(O_RSAGLUE) -lrsaref $(O_CRYPTO)
-
-######################################################
-# Don't touch anything below this point
-######################################################
-
-INC=-I$(INC_D) -I$(INCL_D)
-APP_CFLAGS=$(INC) $(CFLAG) $(APP_CFLAG)
-LIB_CFLAGS=$(INC) $(CFLAG) $(LIB_CFLAG)
-SHLIB_CFLAGS=$(INC) $(CFLAG) $(LIB_CFLAG) $(SHLIB_CFLAG)
-LIBS_DEP=$(O_CRYPTO) $(O_RSAGLUE) $(O_SSL)
-
-#############################################
-HEADER=$(INCL_D)\cryptlib.h \
-	$(INCL_D)\date.h $(INCL_D)\md5_locl.h $(INCL_D)\sha_locl.h \
-	$(INCL_D)\rmd_locl.h $(INCL_D)\rmdconst.h $(INCL_D)\des_locl.h \
-	$(INCL_D)\rpc_des.h $(INCL_D)\podd.h $(INCL_D)\sk.h \
-	$(INCL_D)\spr.h $(INCL_D)\des_ver.h $(INCL_D)\rc2_locl.h \
-	$(INCL_D)\rc4_locl.h $(INCL_D)\rc5_locl.h $(INCL_D)\idea_lcl.h \
-	$(INCL_D)\bf_pi.h $(INCL_D)\bf_locl.h $(INCL_D)\cast_s.h \
-	$(INCL_D)\cast_lcl.h $(INCL_D)\bn_lcl.h $(INCL_D)\bn_prime.h \
-	$(INCL_D)\obj_dat.h $(INCL_D)\conf_lcl.h $(INCL_D)\ssl_locl.h \
-	$(INCL_D)\rsaref.h $(INCL_D)\apps.h $(INCL_D)\progs.h \
-	$(INCL_D)\s_apps.h $(INCL_D)\testdsa.h $(INCL_D)\testrsa.h
-
-EXHEADER=$(INC_D)\e_os.h \
-	$(INC_D)\crypto.h $(INC_D)\cryptall.h $(INC_D)\md2.h \
-	$(INC_D)\md5.h $(INC_D)\sha.h $(INC_D)\mdc2.h \
-	$(INC_D)\hmac.h $(INC_D)\ripemd.h $(INC_D)\des.h \
-	$(INC_D)\rc2.h $(INC_D)\rc4.h $(INC_D)\rc5.h \
-	$(INC_D)\idea.h $(INC_D)\blowfish.h $(INC_D)\cast.h \
-	$(INC_D)\bn.h $(INC_D)\rsa.h $(INC_D)\dsa.h \
-	$(INC_D)\dh.h $(INC_D)\buffer.h $(INC_D)\bio.h \
-	$(INC_D)\bss_file.c $(INC_D)\stack.h $(INC_D)\lhash.h \
-	$(INC_D)\rand.h $(INC_D)\err.h $(INC_D)\objects.h \
-	$(INC_D)\evp.h $(INC_D)\pem.h $(INC_D)\asn1.h \
-	$(INC_D)\asn1_mac.h $(INC_D)\x509.h $(INC_D)\x509_vfy.h \
-	$(INC_D)\conf.h $(INC_D)\txt_db.h $(INC_D)\pkcs7.h \
-	$(INC_D)\ssl.h $(INC_D)\ssl2.h $(INC_D)\ssl3.h \
-	$(INC_D)\ssl23.h $(INC_D)\tls1.h
-
-T_OBJ=$(OBJ_D)\md2test.obj \
-	$(OBJ_D)\md5test.obj $(OBJ_D)\shatest.obj $(OBJ_D)\sha1test.obj \
-	$(OBJ_D)\mdc2test.obj $(OBJ_D)\hmactest.obj $(OBJ_D)\rmdtest.obj \
-	$(OBJ_D)\destest.obj $(OBJ_D)\rc2test.obj $(OBJ_D)\rc4test.obj \
-	$(OBJ_D)\rc5test.obj $(OBJ_D)\ideatest.obj $(OBJ_D)\bftest.obj \
-	$(OBJ_D)\casttest.obj $(OBJ_D)\bntest.obj $(OBJ_D)\exptest.obj \
-	$(OBJ_D)\dsatest.obj $(OBJ_D)\dhtest.obj $(OBJ_D)\randtest.obj \
-	$(OBJ_D)\ssltest.obj
-
-E_OBJ=$(OBJ_D)\verify.obj \
-	$(OBJ_D)\asn1pars.obj $(OBJ_D)\req.obj $(OBJ_D)\dgst.obj \
-	$(OBJ_D)\dh.obj $(OBJ_D)\enc.obj $(OBJ_D)\gendh.obj \
-	$(OBJ_D)\errstr.obj $(OBJ_D)\ca.obj $(OBJ_D)\pkcs7.obj \
-	$(OBJ_D)\crl2p7.obj $(OBJ_D)\crl.obj $(OBJ_D)\rsa.obj \
-	$(OBJ_D)\dsa.obj $(OBJ_D)\dsaparam.obj $(OBJ_D)\x509.obj \
-	$(OBJ_D)\genrsa.obj $(OBJ_D)\s_server.obj $(OBJ_D)\s_client.obj \
-	$(OBJ_D)\speed.obj $(OBJ_D)\s_time.obj $(OBJ_D)\apps.obj \
-	$(OBJ_D)\s_cb.obj $(OBJ_D)\s_socket.obj $(OBJ_D)\version.obj \
-	$(OBJ_D)\sess_id.obj $(OBJ_D)\ciphers.obj $(OBJ_D)\ssleay.obj
-
-CRYPTOOBJ=$(OBJ_D)\cryptlib.obj \
-	$(OBJ_D)\mem.obj $(OBJ_D)\cversion.obj $(OBJ_D)\ex_data.obj \
-	$(OBJ_D)\cpt_err.obj $(OBJ_D)\md2_dgst.obj $(OBJ_D)\md2_one.obj \
-	$(OBJ_D)\md5_dgst.obj $(MD5_ASM_OBJ) $(OBJ_D)\md5_one.obj \
-	$(OBJ_D)\sha_dgst.obj $(OBJ_D)\sha1dgst.obj $(SHA1_ASM_OBJ) \
-	$(OBJ_D)\sha_one.obj $(OBJ_D)\sha1_one.obj $(OBJ_D)\mdc2dgst.obj \
-	$(OBJ_D)\mdc2_one.obj $(OBJ_D)\hmac.obj $(OBJ_D)\rmd_dgst.obj \
-	$(RMD160_ASM_OBJ) $(OBJ_D)\rmd_one.obj $(OBJ_D)\set_key.obj \
-	$(OBJ_D)\ecb_enc.obj $(OBJ_D)\cbc_enc.obj $(OBJ_D)\ecb3_enc.obj \
-	$(OBJ_D)\cfb64enc.obj $(OBJ_D)\cfb64ede.obj $(OBJ_D)\cfb_enc.obj \
-	$(OBJ_D)\ofb64ede.obj $(OBJ_D)\enc_read.obj $(OBJ_D)\enc_writ.obj \
-	$(OBJ_D)\ofb64enc.obj $(OBJ_D)\ofb_enc.obj $(OBJ_D)\str2key.obj \
-	$(OBJ_D)\pcbc_enc.obj $(OBJ_D)\qud_cksm.obj $(OBJ_D)\rand_key.obj \
-	$(DES_ENC_OBJ) $(OBJ_D)\read2pwd.obj $(OBJ_D)\fcrypt.obj \
-	$(OBJ_D)\xcbc_enc.obj $(OBJ_D)\read_pwd.obj $(OBJ_D)\rpc_enc.obj \
-	$(OBJ_D)\cbc_cksm.obj $(OBJ_D)\supp.obj $(OBJ_D)\rc2_ecb.obj \
-	$(OBJ_D)\rc2_skey.obj $(OBJ_D)\rc2_cbc.obj $(OBJ_D)\rc2cfb64.obj \
-	$(OBJ_D)\rc2ofb64.obj $(OBJ_D)\rc4_skey.obj $(RC4_ENC_OBJ) \
-	$(OBJ_D)\rc5_skey.obj $(OBJ_D)\rc5_ecb.obj $(RC5_ENC_OBJ) \
-	$(OBJ_D)\rc5cfb64.obj $(OBJ_D)\rc5ofb64.obj $(OBJ_D)\i_cbc.obj \
-	$(OBJ_D)\i_cfb64.obj $(OBJ_D)\i_ofb64.obj $(OBJ_D)\i_ecb.obj \
-	$(OBJ_D)\i_skey.obj $(OBJ_D)\bf_skey.obj $(OBJ_D)\bf_ecb.obj \
-	$(BF_ENC_OBJ) $(OBJ_D)\bf_cfb64.obj $(OBJ_D)\bf_ofb64.obj \
-	$(OBJ_D)\c_skey.obj $(OBJ_D)\c_ecb.obj $(CAST_ENC_OBJ) \
-	$(OBJ_D)\c_cfb64.obj $(OBJ_D)\c_ofb64.obj $(OBJ_D)\bn_add.obj \
-	$(OBJ_D)\bn_div.obj $(OBJ_D)\bn_exp.obj $(OBJ_D)\bn_lib.obj \
-	$(OBJ_D)\bn_mod.obj $(OBJ_D)\bn_mul.obj $(OBJ_D)\bn_print.obj \
-	$(OBJ_D)\bn_rand.obj $(OBJ_D)\bn_shift.obj $(OBJ_D)\bn_sub.obj \
-	$(OBJ_D)\bn_word.obj $(OBJ_D)\bn_blind.obj $(OBJ_D)\bn_gcd.obj \
-	$(OBJ_D)\bn_prime.obj $(OBJ_D)\bn_err.obj $(OBJ_D)\bn_sqr.obj \
-	$(BN_MULW_OBJ) $(OBJ_D)\bn_recp.obj $(OBJ_D)\bn_mont.obj \
-	$(OBJ_D)\bn_mpi.obj $(OBJ_D)\rsa_eay.obj $(OBJ_D)\rsa_gen.obj \
-	$(OBJ_D)\rsa_lib.obj $(OBJ_D)\rsa_sign.obj $(OBJ_D)\rsa_saos.obj \
-	$(OBJ_D)\rsa_err.obj $(OBJ_D)\rsa_pk1.obj $(OBJ_D)\rsa_ssl.obj \
-	$(OBJ_D)\rsa_none.obj $(OBJ_D)\dsa_gen.obj $(OBJ_D)\dsa_key.obj \
-	$(OBJ_D)\dsa_lib.obj $(OBJ_D)\dsa_vrf.obj $(OBJ_D)\dsa_sign.obj \
-	$(OBJ_D)\dsa_err.obj $(OBJ_D)\dh_gen.obj $(OBJ_D)\dh_key.obj \
-	$(OBJ_D)\dh_lib.obj $(OBJ_D)\dh_check.obj $(OBJ_D)\dh_err.obj \
-	$(OBJ_D)\buffer.obj $(OBJ_D)\buf_err.obj $(OBJ_D)\bio_lib.obj \
-	$(OBJ_D)\bio_cb.obj $(OBJ_D)\bio_err.obj $(OBJ_D)\bss_mem.obj \
-	$(OBJ_D)\bss_null.obj $(OBJ_D)\bss_fd.obj $(OBJ_D)\bss_file.obj \
-	$(OBJ_D)\bss_sock.obj $(OBJ_D)\bss_conn.obj $(OBJ_D)\bf_null.obj \
-	$(OBJ_D)\bf_buff.obj $(OBJ_D)\b_print.obj $(OBJ_D)\b_dump.obj \
-	$(OBJ_D)\b_sock.obj $(OBJ_D)\bss_acpt.obj $(OBJ_D)\bf_nbio.obj \
-	$(OBJ_D)\stack.obj $(OBJ_D)\lhash.obj $(OBJ_D)\lh_stats.obj \
-	$(OBJ_D)\md_rand.obj $(OBJ_D)\randfile.obj $(OBJ_D)\err.obj \
-	$(OBJ_D)\err_all.obj $(OBJ_D)\err_prn.obj $(OBJ_D)\obj_dat.obj \
-	$(OBJ_D)\obj_lib.obj $(OBJ_D)\obj_err.obj $(OBJ_D)\encode.obj \
-	$(OBJ_D)\digest.obj $(OBJ_D)\evp_enc.obj $(OBJ_D)\evp_key.obj \
-	$(OBJ_D)\e_ecb_d.obj $(OBJ_D)\e_cbc_d.obj $(OBJ_D)\e_cfb_d.obj \
-	$(OBJ_D)\e_ofb_d.obj $(OBJ_D)\e_ecb_i.obj $(OBJ_D)\e_cbc_i.obj \
-	$(OBJ_D)\e_cfb_i.obj $(OBJ_D)\e_ofb_i.obj $(OBJ_D)\e_ecb_3d.obj \
-	$(OBJ_D)\e_cbc_3d.obj $(OBJ_D)\e_rc4.obj $(OBJ_D)\names.obj \
-	$(OBJ_D)\e_cfb_3d.obj $(OBJ_D)\e_ofb_3d.obj $(OBJ_D)\e_xcbc_d.obj \
-	$(OBJ_D)\e_ecb_r2.obj $(OBJ_D)\e_cbc_r2.obj $(OBJ_D)\e_cfb_r2.obj \
-	$(OBJ_D)\e_ofb_r2.obj $(OBJ_D)\e_ecb_bf.obj $(OBJ_D)\e_cbc_bf.obj \
-	$(OBJ_D)\e_cfb_bf.obj $(OBJ_D)\e_ofb_bf.obj $(OBJ_D)\e_ecb_c.obj \
-	$(OBJ_D)\e_cbc_c.obj $(OBJ_D)\e_cfb_c.obj $(OBJ_D)\e_ofb_c.obj \
-	$(OBJ_D)\e_ecb_r5.obj $(OBJ_D)\e_cbc_r5.obj $(OBJ_D)\e_cfb_r5.obj \
-	$(OBJ_D)\e_ofb_r5.obj $(OBJ_D)\m_null.obj $(OBJ_D)\m_md2.obj \
-	$(OBJ_D)\m_md5.obj $(OBJ_D)\m_sha.obj $(OBJ_D)\m_sha1.obj \
-	$(OBJ_D)\m_dss.obj $(OBJ_D)\m_dss1.obj $(OBJ_D)\m_mdc2.obj \
-	$(OBJ_D)\m_ripemd.obj $(OBJ_D)\p_open.obj $(OBJ_D)\p_seal.obj \
-	$(OBJ_D)\p_sign.obj $(OBJ_D)\p_verify.obj $(OBJ_D)\p_lib.obj \
-	$(OBJ_D)\p_enc.obj $(OBJ_D)\p_dec.obj $(OBJ_D)\bio_md.obj \
-	$(OBJ_D)\bio_b64.obj $(OBJ_D)\bio_enc.obj $(OBJ_D)\evp_err.obj \
-	$(OBJ_D)\e_null.obj $(OBJ_D)\c_all.obj $(OBJ_D)\evp_lib.obj \
-	$(OBJ_D)\pem_sign.obj $(OBJ_D)\pem_seal.obj $(OBJ_D)\pem_info.obj \
-	$(OBJ_D)\pem_lib.obj $(OBJ_D)\pem_all.obj $(OBJ_D)\pem_err.obj \
-	$(OBJ_D)\a_object.obj $(OBJ_D)\a_bitstr.obj $(OBJ_D)\a_utctm.obj \
-	$(OBJ_D)\a_int.obj $(OBJ_D)\a_octet.obj $(OBJ_D)\a_print.obj \
-	$(OBJ_D)\a_type.obj $(OBJ_D)\a_set.obj $(OBJ_D)\a_dup.obj \
-	$(OBJ_D)\a_d2i_fp.obj $(OBJ_D)\a_i2d_fp.obj $(OBJ_D)\a_sign.obj \
-	$(OBJ_D)\a_digest.obj $(OBJ_D)\a_verify.obj $(OBJ_D)\x_algor.obj \
-	$(OBJ_D)\x_val.obj $(OBJ_D)\x_pubkey.obj $(OBJ_D)\x_sig.obj \
-	$(OBJ_D)\x_req.obj $(OBJ_D)\x_attrib.obj $(OBJ_D)\x_name.obj \
-	$(OBJ_D)\x_cinf.obj $(OBJ_D)\x_x509.obj $(OBJ_D)\x_crl.obj \
-	$(OBJ_D)\x_info.obj $(OBJ_D)\x_spki.obj $(OBJ_D)\d2i_r_pr.obj \
-	$(OBJ_D)\i2d_r_pr.obj $(OBJ_D)\d2i_r_pu.obj $(OBJ_D)\i2d_r_pu.obj \
-	$(OBJ_D)\d2i_s_pr.obj $(OBJ_D)\i2d_s_pr.obj $(OBJ_D)\d2i_s_pu.obj \
-	$(OBJ_D)\i2d_s_pu.obj $(OBJ_D)\d2i_pu.obj $(OBJ_D)\d2i_pr.obj \
-	$(OBJ_D)\i2d_pu.obj $(OBJ_D)\i2d_pr.obj $(OBJ_D)\t_req.obj \
-	$(OBJ_D)\t_x509.obj $(OBJ_D)\t_pkey.obj $(OBJ_D)\p7_i_s.obj \
-	$(OBJ_D)\p7_signi.obj $(OBJ_D)\p7_signd.obj $(OBJ_D)\p7_recip.obj \
-	$(OBJ_D)\p7_enc_c.obj $(OBJ_D)\p7_evp.obj $(OBJ_D)\p7_dgst.obj \
-	$(OBJ_D)\p7_s_e.obj $(OBJ_D)\p7_enc.obj $(OBJ_D)\p7_lib.obj \
-	$(OBJ_D)\f_int.obj $(OBJ_D)\f_string.obj $(OBJ_D)\i2d_dhp.obj \
-	$(OBJ_D)\i2d_dsap.obj $(OBJ_D)\d2i_dhp.obj $(OBJ_D)\d2i_dsap.obj \
-	$(OBJ_D)\n_pkey.obj $(OBJ_D)\a_hdr.obj $(OBJ_D)\x_pkey.obj \
-	$(OBJ_D)\a_bool.obj $(OBJ_D)\x_exten.obj $(OBJ_D)\asn1_par.obj \
-	$(OBJ_D)\asn1_lib.obj $(OBJ_D)\asn1_err.obj $(OBJ_D)\a_meth.obj \
-	$(OBJ_D)\a_bytes.obj $(OBJ_D)\evp_asn1.obj $(OBJ_D)\x509_def.obj \
-	$(OBJ_D)\x509_d2.obj $(OBJ_D)\x509_r2x.obj $(OBJ_D)\x509_cmp.obj \
-	$(OBJ_D)\x509_obj.obj $(OBJ_D)\x509_req.obj $(OBJ_D)\x509_vfy.obj \
-	$(OBJ_D)\x509_set.obj $(OBJ_D)\x509rset.obj $(OBJ_D)\x509_err.obj \
-	$(OBJ_D)\x509name.obj $(OBJ_D)\x509_v3.obj $(OBJ_D)\x509_ext.obj \
-	$(OBJ_D)\x509pack.obj $(OBJ_D)\x509type.obj $(OBJ_D)\x509_lu.obj \
-	$(OBJ_D)\x_all.obj $(OBJ_D)\x509_txt.obj $(OBJ_D)\by_file.obj \
-	$(OBJ_D)\by_dir.obj $(OBJ_D)\v3_net.obj $(OBJ_D)\v3_x509.obj \
-	$(OBJ_D)\conf.obj $(OBJ_D)\conf_err.obj $(OBJ_D)\txt_db.obj \
-	$(OBJ_D)\pk7_lib.obj $(OBJ_D)\pkcs7err.obj $(OBJ_D)\pk7_doit.obj
-
-SSLOBJ=$(OBJ_D)\s2_meth.obj \
-	$(OBJ_D)\s2_srvr.obj $(OBJ_D)\s2_clnt.obj $(OBJ_D)\s2_lib.obj \
-	$(OBJ_D)\s2_enc.obj $(OBJ_D)\s2_pkt.obj $(OBJ_D)\s3_meth.obj \
-	$(OBJ_D)\s3_srvr.obj $(OBJ_D)\s3_clnt.obj $(OBJ_D)\s3_lib.obj \
-	$(OBJ_D)\s3_enc.obj $(OBJ_D)\s3_pkt.obj $(OBJ_D)\s3_both.obj \
-	$(OBJ_D)\s23_meth.obj $(OBJ_D)\s23_srvr.obj $(OBJ_D)\s23_clnt.obj \
-	$(OBJ_D)\s23_lib.obj $(OBJ_D)\s23_pkt.obj $(OBJ_D)\t1_meth.obj \
-	$(OBJ_D)\t1_srvr.obj $(OBJ_D)\t1_clnt.obj $(OBJ_D)\t1_lib.obj \
-	$(OBJ_D)\t1_enc.obj $(OBJ_D)\ssl_lib.obj $(OBJ_D)\ssl_err2.obj \
-	$(OBJ_D)\ssl_cert.obj $(OBJ_D)\ssl_sess.obj $(OBJ_D)\ssl_ciph.obj \
-	$(OBJ_D)\ssl_stat.obj $(OBJ_D)\ssl_rsa.obj $(OBJ_D)\ssl_asn1.obj \
-	$(OBJ_D)\ssl_txt.obj $(OBJ_D)\ssl_algs.obj $(OBJ_D)\bio_ssl.obj \
-	$(OBJ_D)\ssl_err.obj
-
-RSAGLUEOBJ=$(OBJ_D)\rsaref.obj \
-	$(OBJ_D)\rsar_err.obj
-
-T_EXE=$(TEST_D)\md2test.exe \
-	$(TEST_D)\md5test.exe $(TEST_D)\shatest.exe $(TEST_D)\sha1test.exe \
-	$(TEST_D)\mdc2test.exe $(TEST_D)\hmactest.exe $(TEST_D)\rmdtest.exe \
-	$(TEST_D)\destest.exe $(TEST_D)\rc2test.exe $(TEST_D)\rc4test.exe \
-	$(TEST_D)\rc5test.exe $(TEST_D)\ideatest.exe $(TEST_D)\bftest.exe \
-	$(TEST_D)\casttest.exe $(TEST_D)\bntest.exe $(TEST_D)\exptest.exe \
-	$(TEST_D)\dsatest.exe $(TEST_D)\dhtest.exe $(TEST_D)\randtest.exe \
-	$(TEST_D)\ssltest.exe
-
-###################################################################
-all: banner $(TMP_D) $(BIN_D) $(TEST_D) $(LIB_D) $(INC_D) headers lib exe
-
-banner:
-
-
-$(TMP_D):
-	$(MKDIR) $(TMP_D)
-
-$(BIN_D):
-	$(MKDIR) $(BIN_D)
-
-$(TEST_D):
-	$(MKDIR) $(TEST_D)
-
-$(LIB_D):
-	$(MKDIR) $(LIB_D)
-
-$(INC_D):
-	$(MKDIR) $(INC_D)
-
-headers: $(HEADER) $(EXHEADER)
-
-lib: $(LIBS_DEP)
-
-exe: $(T_EXE) $(BIN_D)\$(E_EXE).exe
-
-install:
-	$(MKDIR) $(INSTALLTOP)
-	$(MKDIR) $(INSTALLTOP)\bin
-	$(MKDIR) $(INSTALLTOP)\include
-	$(MKDIR) $(INSTALLTOP)\lib
-	$(CP) $(INC_D)\*.[ch] $(INSTALLTOP)\include
-	$(CP) $(BIN_D)\$(E_EXE).exe $(INSTALLTOP)\bin
-	$(CP) $(O_SSL) $(INSTALLTOP)\lib
-	$(CP) $(O_CRYPTO) $(INSTALLTOP)\lib
-
-clean:
-	$(RM) $(TMP_D)\*.*
-
-vclean:
-	$(RM) $(TMP_D)\*.*
-	$(RM) $(OUT_D)\*.*
-
-$(INCL_D)\cryptlib.h: $(SRC_D)\crypto\cryptlib.h
-	$(CP) $(SRC_D)\crypto\cryptlib.h $(INCL_D)\cryptlib.h
-
-$(INCL_D)\date.h: $(SRC_D)\crypto\date.h
-	$(CP) $(SRC_D)\crypto\date.h $(INCL_D)\date.h
-
-$(INCL_D)\md5_locl.h: $(SRC_D)\crypto\md5\md5_locl.h
-	$(CP) $(SRC_D)\crypto\md5\md5_locl.h $(INCL_D)\md5_locl.h
-
-$(INCL_D)\sha_locl.h: $(SRC_D)\crypto\sha\sha_locl.h
-	$(CP) $(SRC_D)\crypto\sha\sha_locl.h $(INCL_D)\sha_locl.h
-
-$(INCL_D)\rmd_locl.h: $(SRC_D)\crypto\ripemd\rmd_locl.h
-	$(CP) $(SRC_D)\crypto\ripemd\rmd_locl.h $(INCL_D)\rmd_locl.h
-
-$(INCL_D)\rmdconst.h: $(SRC_D)\crypto\ripemd\rmdconst.h
-	$(CP) $(SRC_D)\crypto\ripemd\rmdconst.h $(INCL_D)\rmdconst.h
-
-$(INCL_D)\des_locl.h: $(SRC_D)\crypto\des\des_locl.h
-	$(CP) $(SRC_D)\crypto\des\des_locl.h $(INCL_D)\des_locl.h
-
-$(INCL_D)\rpc_des.h: $(SRC_D)\crypto\des\rpc_des.h
-	$(CP) $(SRC_D)\crypto\des\rpc_des.h $(INCL_D)\rpc_des.h
-
-$(INCL_D)\podd.h: $(SRC_D)\crypto\des\podd.h
-	$(CP) $(SRC_D)\crypto\des\podd.h $(INCL_D)\podd.h
-
-$(INCL_D)\sk.h: $(SRC_D)\crypto\des\sk.h
-	$(CP) $(SRC_D)\crypto\des\sk.h $(INCL_D)\sk.h
-
-$(INCL_D)\spr.h: $(SRC_D)\crypto\des\spr.h
-	$(CP) $(SRC_D)\crypto\des\spr.h $(INCL_D)\spr.h
-
-$(INCL_D)\des_ver.h: $(SRC_D)\crypto\des\des_ver.h
-	$(CP) $(SRC_D)\crypto\des\des_ver.h $(INCL_D)\des_ver.h
-
-$(INCL_D)\rc2_locl.h: $(SRC_D)\crypto\rc2\rc2_locl.h
-	$(CP) $(SRC_D)\crypto\rc2\rc2_locl.h $(INCL_D)\rc2_locl.h
-
-$(INCL_D)\rc4_locl.h: $(SRC_D)\crypto\rc4\rc4_locl.h
-	$(CP) $(SRC_D)\crypto\rc4\rc4_locl.h $(INCL_D)\rc4_locl.h
-
-$(INCL_D)\rc5_locl.h: $(SRC_D)\crypto\rc5\rc5_locl.h
-	$(CP) $(SRC_D)\crypto\rc5\rc5_locl.h $(INCL_D)\rc5_locl.h
-
-$(INCL_D)\idea_lcl.h: $(SRC_D)\crypto\idea\idea_lcl.h
-	$(CP) $(SRC_D)\crypto\idea\idea_lcl.h $(INCL_D)\idea_lcl.h
-
-$(INCL_D)\bf_pi.h: $(SRC_D)\crypto\bf\bf_pi.h
-	$(CP) $(SRC_D)\crypto\bf\bf_pi.h $(INCL_D)\bf_pi.h
-
-$(INCL_D)\bf_locl.h: $(SRC_D)\crypto\bf\bf_locl.h
-	$(CP) $(SRC_D)\crypto\bf\bf_locl.h $(INCL_D)\bf_locl.h
-
-$(INCL_D)\cast_s.h: $(SRC_D)\crypto\cast\cast_s.h
-	$(CP) $(SRC_D)\crypto\cast\cast_s.h $(INCL_D)\cast_s.h
-
-$(INCL_D)\cast_lcl.h: $(SRC_D)\crypto\cast\cast_lcl.h
-	$(CP) $(SRC_D)\crypto\cast\cast_lcl.h $(INCL_D)\cast_lcl.h
-
-$(INCL_D)\bn_lcl.h: $(SRC_D)\crypto\bn\bn_lcl.h
-	$(CP) $(SRC_D)\crypto\bn\bn_lcl.h $(INCL_D)\bn_lcl.h
-
-$(INCL_D)\bn_prime.h: $(SRC_D)\crypto\bn\bn_prime.h
-	$(CP) $(SRC_D)\crypto\bn\bn_prime.h $(INCL_D)\bn_prime.h
-
-$(INCL_D)\obj_dat.h: $(SRC_D)\crypto\objects\obj_dat.h
-	$(CP) $(SRC_D)\crypto\objects\obj_dat.h $(INCL_D)\obj_dat.h
-
-$(INCL_D)\conf_lcl.h: $(SRC_D)\crypto\conf\conf_lcl.h
-	$(CP) $(SRC_D)\crypto\conf\conf_lcl.h $(INCL_D)\conf_lcl.h
-
-$(INCL_D)\ssl_locl.h: $(SRC_D)\ssl\ssl_locl.h
-	$(CP) $(SRC_D)\ssl\ssl_locl.h $(INCL_D)\ssl_locl.h
-
-$(INCL_D)\rsaref.h: $(SRC_D)\rsaref\rsaref.h
-	$(CP) $(SRC_D)\rsaref\rsaref.h $(INCL_D)\rsaref.h
-
-$(INCL_D)\apps.h: $(SRC_D)\apps\apps.h
-	$(CP) $(SRC_D)\apps\apps.h $(INCL_D)\apps.h
-
-$(INCL_D)\progs.h: $(SRC_D)\apps\progs.h
-	$(CP) $(SRC_D)\apps\progs.h $(INCL_D)\progs.h
-
-$(INCL_D)\s_apps.h: $(SRC_D)\apps\s_apps.h
-	$(CP) $(SRC_D)\apps\s_apps.h $(INCL_D)\s_apps.h
-
-$(INCL_D)\testdsa.h: $(SRC_D)\apps\testdsa.h
-	$(CP) $(SRC_D)\apps\testdsa.h $(INCL_D)\testdsa.h
-
-$(INCL_D)\testrsa.h: $(SRC_D)\apps\testrsa.h
-	$(CP) $(SRC_D)\apps\testrsa.h $(INCL_D)\testrsa.h
-
-$(INC_D)\e_os.h: $(SRC_D)\.\e_os.h
-	$(CP) $(SRC_D)\.\e_os.h $(INC_D)\e_os.h
-
-$(INC_D)\crypto.h: $(SRC_D)\crypto\crypto.h
-	$(CP) $(SRC_D)\crypto\crypto.h $(INC_D)\crypto.h
-
-$(INC_D)\cryptall.h: $(SRC_D)\crypto\cryptall.h
-	$(CP) $(SRC_D)\crypto\cryptall.h $(INC_D)\cryptall.h
-
-$(INC_D)\md2.h: $(SRC_D)\crypto\md2\md2.h
-	$(CP) $(SRC_D)\crypto\md2\md2.h $(INC_D)\md2.h
-
-$(INC_D)\md5.h: $(SRC_D)\crypto\md5\md5.h
-	$(CP) $(SRC_D)\crypto\md5\md5.h $(INC_D)\md5.h
-
-$(INC_D)\sha.h: $(SRC_D)\crypto\sha\sha.h
-	$(CP) $(SRC_D)\crypto\sha\sha.h $(INC_D)\sha.h
-
-$(INC_D)\mdc2.h: $(SRC_D)\crypto\mdc2\mdc2.h
-	$(CP) $(SRC_D)\crypto\mdc2\mdc2.h $(INC_D)\mdc2.h
-
-$(INC_D)\hmac.h: $(SRC_D)\crypto\hmac\hmac.h
-	$(CP) $(SRC_D)\crypto\hmac\hmac.h $(INC_D)\hmac.h
-
-$(INC_D)\ripemd.h: $(SRC_D)\crypto\ripemd\ripemd.h
-	$(CP) $(SRC_D)\crypto\ripemd\ripemd.h $(INC_D)\ripemd.h
-
-$(INC_D)\des.h: $(SRC_D)\crypto\des\des.h
-	$(CP) $(SRC_D)\crypto\des\des.h $(INC_D)\des.h
-
-$(INC_D)\rc2.h: $(SRC_D)\crypto\rc2\rc2.h
-	$(CP) $(SRC_D)\crypto\rc2\rc2.h $(INC_D)\rc2.h
-
-$(INC_D)\rc4.h: $(SRC_D)\crypto\rc4\rc4.h
-	$(CP) $(SRC_D)\crypto\rc4\rc4.h $(INC_D)\rc4.h
-
-$(INC_D)\rc5.h: $(SRC_D)\crypto\rc5\rc5.h
-	$(CP) $(SRC_D)\crypto\rc5\rc5.h $(INC_D)\rc5.h
-
-$(INC_D)\idea.h: $(SRC_D)\crypto\idea\idea.h
-	$(CP) $(SRC_D)\crypto\idea\idea.h $(INC_D)\idea.h
-
-$(INC_D)\blowfish.h: $(SRC_D)\crypto\bf\blowfish.h
-	$(CP) $(SRC_D)\crypto\bf\blowfish.h $(INC_D)\blowfish.h
-
-$(INC_D)\cast.h: $(SRC_D)\crypto\cast\cast.h
-	$(CP) $(SRC_D)\crypto\cast\cast.h $(INC_D)\cast.h
-
-$(INC_D)\bn.h: $(SRC_D)\crypto\bn\bn.h
-	$(CP) $(SRC_D)\crypto\bn\bn.h $(INC_D)\bn.h
-
-$(INC_D)\rsa.h: $(SRC_D)\crypto\rsa\rsa.h
-	$(CP) $(SRC_D)\crypto\rsa\rsa.h $(INC_D)\rsa.h
-
-$(INC_D)\dsa.h: $(SRC_D)\crypto\dsa\dsa.h
-	$(CP) $(SRC_D)\crypto\dsa\dsa.h $(INC_D)\dsa.h
-
-$(INC_D)\dh.h: $(SRC_D)\crypto\dh\dh.h
-	$(CP) $(SRC_D)\crypto\dh\dh.h $(INC_D)\dh.h
-
-$(INC_D)\buffer.h: $(SRC_D)\crypto\buffer\buffer.h
-	$(CP) $(SRC_D)\crypto\buffer\buffer.h $(INC_D)\buffer.h
-
-$(INC_D)\bio.h: $(SRC_D)\crypto\bio\bio.h
-	$(CP) $(SRC_D)\crypto\bio\bio.h $(INC_D)\bio.h
-
-$(INC_D)\bss_file.c: $(SRC_D)\crypto\bio\bss_file.c
-	$(CP) $(SRC_D)\crypto\bio\bss_file.c $(INC_D)\bss_file.c
-
-$(INC_D)\stack.h: $(SRC_D)\crypto\stack\stack.h
-	$(CP) $(SRC_D)\crypto\stack\stack.h $(INC_D)\stack.h
-
-$(INC_D)\lhash.h: $(SRC_D)\crypto\lhash\lhash.h
-	$(CP) $(SRC_D)\crypto\lhash\lhash.h $(INC_D)\lhash.h
-
-$(INC_D)\rand.h: $(SRC_D)\crypto\rand\rand.h
-	$(CP) $(SRC_D)\crypto\rand\rand.h $(INC_D)\rand.h
-
-$(INC_D)\err.h: $(SRC_D)\crypto\err\err.h
-	$(CP) $(SRC_D)\crypto\err\err.h $(INC_D)\err.h
-
-$(INC_D)\objects.h: $(SRC_D)\crypto\objects\objects.h
-	$(CP) $(SRC_D)\crypto\objects\objects.h $(INC_D)\objects.h
-
-$(INC_D)\evp.h: $(SRC_D)\crypto\evp\evp.h
-	$(CP) $(SRC_D)\crypto\evp\evp.h $(INC_D)\evp.h
-
-$(INC_D)\pem.h: $(SRC_D)\crypto\pem\pem.h
-	$(CP) $(SRC_D)\crypto\pem\pem.h $(INC_D)\pem.h
-
-$(INC_D)\asn1.h: $(SRC_D)\crypto\asn1\asn1.h
-	$(CP) $(SRC_D)\crypto\asn1\asn1.h $(INC_D)\asn1.h
-
-$(INC_D)\asn1_mac.h: $(SRC_D)\crypto\asn1\asn1_mac.h
-	$(CP) $(SRC_D)\crypto\asn1\asn1_mac.h $(INC_D)\asn1_mac.h
-
-$(INC_D)\x509.h: $(SRC_D)\crypto\x509\x509.h
-	$(CP) $(SRC_D)\crypto\x509\x509.h $(INC_D)\x509.h
-
-$(INC_D)\x509_vfy.h: $(SRC_D)\crypto\x509\x509_vfy.h
-	$(CP) $(SRC_D)\crypto\x509\x509_vfy.h $(INC_D)\x509_vfy.h
-
-$(INC_D)\conf.h: $(SRC_D)\crypto\conf\conf.h
-	$(CP) $(SRC_D)\crypto\conf\conf.h $(INC_D)\conf.h
-
-$(INC_D)\txt_db.h: $(SRC_D)\crypto\txt_db\txt_db.h
-	$(CP) $(SRC_D)\crypto\txt_db\txt_db.h $(INC_D)\txt_db.h
-
-$(INC_D)\pkcs7.h: $(SRC_D)\crypto\pkcs7\pkcs7.h
-	$(CP) $(SRC_D)\crypto\pkcs7\pkcs7.h $(INC_D)\pkcs7.h
-
-$(INC_D)\ssl.h: $(SRC_D)\ssl\ssl.h
-	$(CP) $(SRC_D)\ssl\ssl.h $(INC_D)\ssl.h
-
-$(INC_D)\ssl2.h: $(SRC_D)\ssl\ssl2.h
-	$(CP) $(SRC_D)\ssl\ssl2.h $(INC_D)\ssl2.h
-
-$(INC_D)\ssl3.h: $(SRC_D)\ssl\ssl3.h
-	$(CP) $(SRC_D)\ssl\ssl3.h $(INC_D)\ssl3.h
-
-$(INC_D)\ssl23.h: $(SRC_D)\ssl\ssl23.h
-	$(CP) $(SRC_D)\ssl\ssl23.h $(INC_D)\ssl23.h
-
-$(INC_D)\tls1.h: $(SRC_D)\ssl\tls1.h
-	$(CP) $(SRC_D)\ssl\tls1.h $(INC_D)\tls1.h
-
-$(OBJ_D)\md2test.obj: $(SRC_D)\crypto\md2\md2test.c
-	$(CC) /Fo$(OBJ_D)\md2test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\md2\md2test.c
-
-$(OBJ_D)\md5test.obj: $(SRC_D)\crypto\md5\md5test.c
-	$(CC) /Fo$(OBJ_D)\md5test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\md5\md5test.c
-
-$(OBJ_D)\shatest.obj: $(SRC_D)\crypto\sha\shatest.c
-	$(CC) /Fo$(OBJ_D)\shatest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\sha\shatest.c
-
-$(OBJ_D)\sha1test.obj: $(SRC_D)\crypto\sha\sha1test.c
-	$(CC) /Fo$(OBJ_D)\sha1test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\sha\sha1test.c
-
-$(OBJ_D)\mdc2test.obj: $(SRC_D)\crypto\mdc2\mdc2test.c
-	$(CC) /Fo$(OBJ_D)\mdc2test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\mdc2\mdc2test.c
-
-$(OBJ_D)\hmactest.obj: $(SRC_D)\crypto\hmac\hmactest.c
-	$(CC) /Fo$(OBJ_D)\hmactest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\hmac\hmactest.c
-
-$(OBJ_D)\rmdtest.obj: $(SRC_D)\crypto\ripemd\rmdtest.c
-	$(CC) /Fo$(OBJ_D)\rmdtest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\ripemd\rmdtest.c
-
-$(OBJ_D)\destest.obj: $(SRC_D)\crypto\des\destest.c
-	$(CC) /Fo$(OBJ_D)\destest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\des\destest.c
-
-$(OBJ_D)\rc2test.obj: $(SRC_D)\crypto\rc2\rc2test.c
-	$(CC) /Fo$(OBJ_D)\rc2test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2test.c
-
-$(OBJ_D)\rc4test.obj: $(SRC_D)\crypto\rc4\rc4test.c
-	$(CC) /Fo$(OBJ_D)\rc4test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\rc4\rc4test.c
-
-$(OBJ_D)\rc5test.obj: $(SRC_D)\crypto\rc5\rc5test.c
-	$(CC) /Fo$(OBJ_D)\rc5test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\rc5\rc5test.c
-
-$(OBJ_D)\ideatest.obj: $(SRC_D)\crypto\idea\ideatest.c
-	$(CC) /Fo$(OBJ_D)\ideatest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\idea\ideatest.c
-
-$(OBJ_D)\bftest.obj: $(SRC_D)\crypto\bf\bftest.c
-	$(CC) /Fo$(OBJ_D)\bftest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\bf\bftest.c
-
-$(OBJ_D)\casttest.obj: $(SRC_D)\crypto\cast\casttest.c
-	$(CC) /Fo$(OBJ_D)\casttest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\cast\casttest.c
-
-$(OBJ_D)\bntest.obj: $(SRC_D)\crypto\bn\bntest.c
-	$(CC) /Fo$(OBJ_D)\bntest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\bn\bntest.c
-
-$(OBJ_D)\exptest.obj: $(SRC_D)\crypto\bn\exptest.c
-	$(CC) /Fo$(OBJ_D)\exptest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\bn\exptest.c
-
-$(OBJ_D)\dsatest.obj: $(SRC_D)\crypto\dsa\dsatest.c
-	$(CC) /Fo$(OBJ_D)\dsatest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\dsa\dsatest.c
-
-$(OBJ_D)\dhtest.obj: $(SRC_D)\crypto\dh\dhtest.c
-	$(CC) /Fo$(OBJ_D)\dhtest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\dh\dhtest.c
-
-$(OBJ_D)\randtest.obj: $(SRC_D)\crypto\rand\randtest.c
-	$(CC) /Fo$(OBJ_D)\randtest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\rand\randtest.c
-
-$(OBJ_D)\ssltest.obj: $(SRC_D)\ssl\ssltest.c
-	$(CC) /Fo$(OBJ_D)\ssltest.obj $(APP_CFLAGS) -c $(SRC_D)\ssl\ssltest.c
-
-$(OBJ_D)\verify.obj: $(SRC_D)\apps\verify.c
-	$(CC) /Fo$(OBJ_D)\verify.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\verify.c
-
-$(OBJ_D)\asn1pars.obj: $(SRC_D)\apps\asn1pars.c
-	$(CC) /Fo$(OBJ_D)\asn1pars.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\asn1pars.c
-
-$(OBJ_D)\req.obj: $(SRC_D)\apps\req.c
-	$(CC) /Fo$(OBJ_D)\req.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\req.c
-
-$(OBJ_D)\dgst.obj: $(SRC_D)\apps\dgst.c
-	$(CC) /Fo$(OBJ_D)\dgst.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\dgst.c
-
-$(OBJ_D)\dh.obj: $(SRC_D)\apps\dh.c
-	$(CC) /Fo$(OBJ_D)\dh.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\dh.c
-
-$(OBJ_D)\enc.obj: $(SRC_D)\apps\enc.c
-	$(CC) /Fo$(OBJ_D)\enc.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\enc.c
-
-$(OBJ_D)\gendh.obj: $(SRC_D)\apps\gendh.c
-	$(CC) /Fo$(OBJ_D)\gendh.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\gendh.c
-
-$(OBJ_D)\errstr.obj: $(SRC_D)\apps\errstr.c
-	$(CC) /Fo$(OBJ_D)\errstr.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\errstr.c
-
-$(OBJ_D)\ca.obj: $(SRC_D)\apps\ca.c
-	$(CC) /Fo$(OBJ_D)\ca.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\ca.c
-
-$(OBJ_D)\pkcs7.obj: $(SRC_D)\apps\pkcs7.c
-	$(CC) /Fo$(OBJ_D)\pkcs7.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\pkcs7.c
-
-$(OBJ_D)\crl2p7.obj: $(SRC_D)\apps\crl2p7.c
-	$(CC) /Fo$(OBJ_D)\crl2p7.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\crl2p7.c
-
-$(OBJ_D)\crl.obj: $(SRC_D)\apps\crl.c
-	$(CC) /Fo$(OBJ_D)\crl.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\crl.c
-
-$(OBJ_D)\rsa.obj: $(SRC_D)\apps\rsa.c
-	$(CC) /Fo$(OBJ_D)\rsa.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\rsa.c
-
-$(OBJ_D)\dsa.obj: $(SRC_D)\apps\dsa.c
-	$(CC) /Fo$(OBJ_D)\dsa.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\dsa.c
-
-$(OBJ_D)\dsaparam.obj: $(SRC_D)\apps\dsaparam.c
-	$(CC) /Fo$(OBJ_D)\dsaparam.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\dsaparam.c
-
-$(OBJ_D)\x509.obj: $(SRC_D)\apps\x509.c
-	$(CC) /Fo$(OBJ_D)\x509.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\x509.c
-
-$(OBJ_D)\genrsa.obj: $(SRC_D)\apps\genrsa.c
-	$(CC) /Fo$(OBJ_D)\genrsa.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\genrsa.c
-
-$(OBJ_D)\s_server.obj: $(SRC_D)\apps\s_server.c
-	$(CC) /Fo$(OBJ_D)\s_server.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\s_server.c
-
-$(OBJ_D)\s_client.obj: $(SRC_D)\apps\s_client.c
-	$(CC) /Fo$(OBJ_D)\s_client.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\s_client.c
-
-$(OBJ_D)\speed.obj: $(SRC_D)\apps\speed.c
-	$(CC) /Fo$(OBJ_D)\speed.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\speed.c
-
-$(OBJ_D)\s_time.obj: $(SRC_D)\apps\s_time.c
-	$(CC) /Fo$(OBJ_D)\s_time.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\s_time.c
-
-$(OBJ_D)\apps.obj: $(SRC_D)\apps\apps.c
-	$(CC) /Fo$(OBJ_D)\apps.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\apps.c
-
-$(OBJ_D)\s_cb.obj: $(SRC_D)\apps\s_cb.c
-	$(CC) /Fo$(OBJ_D)\s_cb.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\s_cb.c
-
-$(OBJ_D)\s_socket.obj: $(SRC_D)\apps\s_socket.c
-	$(CC) /Fo$(OBJ_D)\s_socket.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\s_socket.c
-
-$(OBJ_D)\version.obj: $(SRC_D)\apps\version.c
-	$(CC) /Fo$(OBJ_D)\version.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\version.c
-
-$(OBJ_D)\sess_id.obj: $(SRC_D)\apps\sess_id.c
-	$(CC) /Fo$(OBJ_D)\sess_id.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\sess_id.c
-
-$(OBJ_D)\ciphers.obj: $(SRC_D)\apps\ciphers.c
-	$(CC) /Fo$(OBJ_D)\ciphers.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\ciphers.c
-
-$(OBJ_D)\ssleay.obj: $(SRC_D)\apps\ssleay.c
-	$(CC) /Fo$(OBJ_D)\ssleay.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\ssleay.c
-
-crypto\bn\asm\bn-win32.obj: crypto\bn\asm\bn-win32.asm
-	$(ASM) /Focrypto\bn\asm\bn-win32.obj $(SRC_D)\crypto\bn\asm\bn-win32.asm
-
-crypto\des\asm\d-win32.obj: crypto\des\asm\d-win32.asm
-	$(ASM) /Focrypto\des\asm\d-win32.obj $(SRC_D)\crypto\des\asm\d-win32.asm
-
-crypto\des\asm\y-win32.obj: crypto\des\asm\y-win32.asm
-	$(ASM) /Focrypto\des\asm\y-win32.obj $(SRC_D)\crypto\des\asm\y-win32.asm
-
-crypto\bf\asm\b-win32.obj: crypto\bf\asm\b-win32.asm
-	$(ASM) /Focrypto\bf\asm\b-win32.obj $(SRC_D)\crypto\bf\asm\b-win32.asm
-
-crypto\cast\asm\c-win32.obj: crypto\cast\asm\c-win32.asm
-	$(ASM) /Focrypto\cast\asm\c-win32.obj $(SRC_D)\crypto\cast\asm\c-win32.asm
-
-crypto\rc4\asm\r4-win32.obj: crypto\rc4\asm\r4-win32.asm
-	$(ASM) /Focrypto\rc4\asm\r4-win32.obj $(SRC_D)\crypto\rc4\asm\r4-win32.asm
-
-crypto\rc5\asm\r5-win32.obj: crypto\rc5\asm\r5-win32.asm
-	$(ASM) /Focrypto\rc5\asm\r5-win32.obj $(SRC_D)\crypto\rc5\asm\r5-win32.asm
-
-crypto\md5\asm\m5-win32.obj: crypto\md5\asm\m5-win32.asm
-	$(ASM) /Focrypto\md5\asm\m5-win32.obj $(SRC_D)\crypto\md5\asm\m5-win32.asm
-
-crypto\sha\asm\s1-win32.obj: crypto\sha\asm\s1-win32.asm
-	$(ASM) /Focrypto\sha\asm\s1-win32.obj $(SRC_D)\crypto\sha\asm\s1-win32.asm
-
-crypto\ripemd\asm\rm-win32.obj: crypto\ripemd\asm\rm-win32.asm
-	$(ASM) /Focrypto\ripemd\asm\rm-win32.obj $(SRC_D)\crypto\ripemd\asm\rm-win32.asm
-
-$(OBJ_D)\cryptlib.obj: $(SRC_D)\crypto\cryptlib.c
-	$(CC) /Fo$(OBJ_D)\cryptlib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cryptlib.c
-
-$(OBJ_D)\mem.obj: $(SRC_D)\crypto\mem.c
-	$(CC) /Fo$(OBJ_D)\mem.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\mem.c
-
-$(OBJ_D)\cversion.obj: $(SRC_D)\crypto\cversion.c
-	$(CC) /Fo$(OBJ_D)\cversion.obj  $(SHLIB_CFLAGS) -DCFLAGS="\"$(CC) $(CFLAG)\"" -c $(SRC_D)\crypto\cversion.c
-
-$(OBJ_D)\ex_data.obj: $(SRC_D)\crypto\ex_data.c
-	$(CC) /Fo$(OBJ_D)\ex_data.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\ex_data.c
-
-$(OBJ_D)\cpt_err.obj: $(SRC_D)\crypto\cpt_err.c
-	$(CC) /Fo$(OBJ_D)\cpt_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cpt_err.c
-
-$(OBJ_D)\md2_dgst.obj: $(SRC_D)\crypto\md2\md2_dgst.c
-	$(CC) /Fo$(OBJ_D)\md2_dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\md2\md2_dgst.c
-
-$(OBJ_D)\md2_one.obj: $(SRC_D)\crypto\md2\md2_one.c
-	$(CC) /Fo$(OBJ_D)\md2_one.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\md2\md2_one.c
-
-$(OBJ_D)\md5_dgst.obj: $(SRC_D)\crypto\md5\md5_dgst.c
-	$(CC) /Fo$(OBJ_D)\md5_dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\md5\md5_dgst.c
-
-$(OBJ_D)\md5_one.obj: $(SRC_D)\crypto\md5\md5_one.c
-	$(CC) /Fo$(OBJ_D)\md5_one.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\md5\md5_one.c
-
-$(OBJ_D)\sha_dgst.obj: $(SRC_D)\crypto\sha\sha_dgst.c
-	$(CC) /Fo$(OBJ_D)\sha_dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha_dgst.c
-
-$(OBJ_D)\sha1dgst.obj: $(SRC_D)\crypto\sha\sha1dgst.c
-	$(CC) /Fo$(OBJ_D)\sha1dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha1dgst.c
-
-$(OBJ_D)\sha_one.obj: $(SRC_D)\crypto\sha\sha_one.c
-	$(CC) /Fo$(OBJ_D)\sha_one.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha_one.c
-
-$(OBJ_D)\sha1_one.obj: $(SRC_D)\crypto\sha\sha1_one.c
-	$(CC) /Fo$(OBJ_D)\sha1_one.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha1_one.c
-
-$(OBJ_D)\mdc2dgst.obj: $(SRC_D)\crypto\mdc2\mdc2dgst.c
-	$(CC) /Fo$(OBJ_D)\mdc2dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\mdc2\mdc2dgst.c
-
-$(OBJ_D)\mdc2_one.obj: $(SRC_D)\crypto\mdc2\mdc2_one.c
-	$(CC) /Fo$(OBJ_D)\mdc2_one.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\mdc2\mdc2_one.c
-
-$(OBJ_D)\hmac.obj: $(SRC_D)\crypto\hmac\hmac.c
-	$(CC) /Fo$(OBJ_D)\hmac.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\hmac\hmac.c
-
-$(OBJ_D)\rmd_dgst.obj: $(SRC_D)\crypto\ripemd\rmd_dgst.c
-	$(CC) /Fo$(OBJ_D)\rmd_dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\ripemd\rmd_dgst.c
-
-$(OBJ_D)\rmd_one.obj: $(SRC_D)\crypto\ripemd\rmd_one.c
-	$(CC) /Fo$(OBJ_D)\rmd_one.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\ripemd\rmd_one.c
-
-$(OBJ_D)\set_key.obj: $(SRC_D)\crypto\des\set_key.c
-	$(CC) /Fo$(OBJ_D)\set_key.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\set_key.c
-
-$(OBJ_D)\ecb_enc.obj: $(SRC_D)\crypto\des\ecb_enc.c
-	$(CC) /Fo$(OBJ_D)\ecb_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\ecb_enc.c
-
-$(OBJ_D)\cbc_enc.obj: $(SRC_D)\crypto\des\cbc_enc.c
-	$(CC) /Fo$(OBJ_D)\cbc_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\cbc_enc.c
-
-$(OBJ_D)\ecb3_enc.obj: $(SRC_D)\crypto\des\ecb3_enc.c
-	$(CC) /Fo$(OBJ_D)\ecb3_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\ecb3_enc.c
-
-$(OBJ_D)\cfb64enc.obj: $(SRC_D)\crypto\des\cfb64enc.c
-	$(CC) /Fo$(OBJ_D)\cfb64enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\cfb64enc.c
-
-$(OBJ_D)\cfb64ede.obj: $(SRC_D)\crypto\des\cfb64ede.c
-	$(CC) /Fo$(OBJ_D)\cfb64ede.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\cfb64ede.c
-
-$(OBJ_D)\cfb_enc.obj: $(SRC_D)\crypto\des\cfb_enc.c
-	$(CC) /Fo$(OBJ_D)\cfb_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\cfb_enc.c
-
-$(OBJ_D)\ofb64ede.obj: $(SRC_D)\crypto\des\ofb64ede.c
-	$(CC) /Fo$(OBJ_D)\ofb64ede.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\ofb64ede.c
-
-$(OBJ_D)\enc_read.obj: $(SRC_D)\crypto\des\enc_read.c
-	$(CC) /Fo$(OBJ_D)\enc_read.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\enc_read.c
-
-$(OBJ_D)\enc_writ.obj: $(SRC_D)\crypto\des\enc_writ.c
-	$(CC) /Fo$(OBJ_D)\enc_writ.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\enc_writ.c
-
-$(OBJ_D)\ofb64enc.obj: $(SRC_D)\crypto\des\ofb64enc.c
-	$(CC) /Fo$(OBJ_D)\ofb64enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\ofb64enc.c
-
-$(OBJ_D)\ofb_enc.obj: $(SRC_D)\crypto\des\ofb_enc.c
-	$(CC) /Fo$(OBJ_D)\ofb_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\ofb_enc.c
-
-$(OBJ_D)\str2key.obj: $(SRC_D)\crypto\des\str2key.c
-	$(CC) /Fo$(OBJ_D)\str2key.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\str2key.c
-
-$(OBJ_D)\pcbc_enc.obj: $(SRC_D)\crypto\des\pcbc_enc.c
-	$(CC) /Fo$(OBJ_D)\pcbc_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\pcbc_enc.c
-
-$(OBJ_D)\qud_cksm.obj: $(SRC_D)\crypto\des\qud_cksm.c
-	$(CC) /Fo$(OBJ_D)\qud_cksm.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\qud_cksm.c
-
-$(OBJ_D)\rand_key.obj: $(SRC_D)\crypto\des\rand_key.c
-	$(CC) /Fo$(OBJ_D)\rand_key.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\rand_key.c
-
-$(OBJ_D)\des_enc.obj: $(SRC_D)\crypto\des\des_enc.c
-	$(CC) /Fo$(OBJ_D)\des_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\des_enc.c
-
-$(OBJ_D)\fcrypt_b.obj: $(SRC_D)\crypto\des\fcrypt_b.c
-	$(CC) /Fo$(OBJ_D)\fcrypt_b.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\fcrypt_b.c
-
-$(OBJ_D)\read2pwd.obj: $(SRC_D)\crypto\des\read2pwd.c
-	$(CC) /Fo$(OBJ_D)\read2pwd.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\read2pwd.c
-
-$(OBJ_D)\fcrypt.obj: $(SRC_D)\crypto\des\fcrypt.c
-	$(CC) /Fo$(OBJ_D)\fcrypt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\fcrypt.c
-
-$(OBJ_D)\xcbc_enc.obj: $(SRC_D)\crypto\des\xcbc_enc.c
-	$(CC) /Fo$(OBJ_D)\xcbc_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\xcbc_enc.c
-
-$(OBJ_D)\read_pwd.obj: $(SRC_D)\crypto\des\read_pwd.c
-	$(CC) /Fo$(OBJ_D)\read_pwd.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\read_pwd.c
-
-$(OBJ_D)\rpc_enc.obj: $(SRC_D)\crypto\des\rpc_enc.c
-	$(CC) /Fo$(OBJ_D)\rpc_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\rpc_enc.c
-
-$(OBJ_D)\cbc_cksm.obj: $(SRC_D)\crypto\des\cbc_cksm.c
-	$(CC) /Fo$(OBJ_D)\cbc_cksm.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\cbc_cksm.c
-
-$(OBJ_D)\supp.obj: $(SRC_D)\crypto\des\supp.c
-	$(CC) /Fo$(OBJ_D)\supp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\supp.c
-
-$(OBJ_D)\rc2_ecb.obj: $(SRC_D)\crypto\rc2\rc2_ecb.c
-	$(CC) /Fo$(OBJ_D)\rc2_ecb.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2_ecb.c
-
-$(OBJ_D)\rc2_skey.obj: $(SRC_D)\crypto\rc2\rc2_skey.c
-	$(CC) /Fo$(OBJ_D)\rc2_skey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2_skey.c
-
-$(OBJ_D)\rc2_cbc.obj: $(SRC_D)\crypto\rc2\rc2_cbc.c
-	$(CC) /Fo$(OBJ_D)\rc2_cbc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2_cbc.c
-
-$(OBJ_D)\rc2cfb64.obj: $(SRC_D)\crypto\rc2\rc2cfb64.c
-	$(CC) /Fo$(OBJ_D)\rc2cfb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2cfb64.c
-
-$(OBJ_D)\rc2ofb64.obj: $(SRC_D)\crypto\rc2\rc2ofb64.c
-	$(CC) /Fo$(OBJ_D)\rc2ofb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2ofb64.c
-
-$(OBJ_D)\rc4_skey.obj: $(SRC_D)\crypto\rc4\rc4_skey.c
-	$(CC) /Fo$(OBJ_D)\rc4_skey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc4\rc4_skey.c
-
-$(OBJ_D)\rc4_enc.obj: $(SRC_D)\crypto\rc4\rc4_enc.c
-	$(CC) /Fo$(OBJ_D)\rc4_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc4\rc4_enc.c
-
-$(OBJ_D)\rc5_skey.obj: $(SRC_D)\crypto\rc5\rc5_skey.c
-	$(CC) /Fo$(OBJ_D)\rc5_skey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc5\rc5_skey.c
-
-$(OBJ_D)\rc5_ecb.obj: $(SRC_D)\crypto\rc5\rc5_ecb.c
-	$(CC) /Fo$(OBJ_D)\rc5_ecb.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc5\rc5_ecb.c
-
-$(OBJ_D)\rc5_enc.obj: $(SRC_D)\crypto\rc5\rc5_enc.c
-	$(CC) /Fo$(OBJ_D)\rc5_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc5\rc5_enc.c
-
-$(OBJ_D)\rc5cfb64.obj: $(SRC_D)\crypto\rc5\rc5cfb64.c
-	$(CC) /Fo$(OBJ_D)\rc5cfb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc5\rc5cfb64.c
-
-$(OBJ_D)\rc5ofb64.obj: $(SRC_D)\crypto\rc5\rc5ofb64.c
-	$(CC) /Fo$(OBJ_D)\rc5ofb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc5\rc5ofb64.c
-
-$(OBJ_D)\i_cbc.obj: $(SRC_D)\crypto\idea\i_cbc.c
-	$(CC) /Fo$(OBJ_D)\i_cbc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_cbc.c
-
-$(OBJ_D)\i_cfb64.obj: $(SRC_D)\crypto\idea\i_cfb64.c
-	$(CC) /Fo$(OBJ_D)\i_cfb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_cfb64.c
-
-$(OBJ_D)\i_ofb64.obj: $(SRC_D)\crypto\idea\i_ofb64.c
-	$(CC) /Fo$(OBJ_D)\i_ofb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_ofb64.c
-
-$(OBJ_D)\i_ecb.obj: $(SRC_D)\crypto\idea\i_ecb.c
-	$(CC) /Fo$(OBJ_D)\i_ecb.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_ecb.c
-
-$(OBJ_D)\i_skey.obj: $(SRC_D)\crypto\idea\i_skey.c
-	$(CC) /Fo$(OBJ_D)\i_skey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_skey.c
-
-$(OBJ_D)\bf_skey.obj: $(SRC_D)\crypto\bf\bf_skey.c
-	$(CC) /Fo$(OBJ_D)\bf_skey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_skey.c
-
-$(OBJ_D)\bf_ecb.obj: $(SRC_D)\crypto\bf\bf_ecb.c
-	$(CC) /Fo$(OBJ_D)\bf_ecb.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_ecb.c
-
-$(OBJ_D)\bf_enc.obj: $(SRC_D)\crypto\bf\bf_enc.c
-	$(CC) /Fo$(OBJ_D)\bf_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_enc.c
-
-$(OBJ_D)\bf_cfb64.obj: $(SRC_D)\crypto\bf\bf_cfb64.c
-	$(CC) /Fo$(OBJ_D)\bf_cfb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_cfb64.c
-
-$(OBJ_D)\bf_ofb64.obj: $(SRC_D)\crypto\bf\bf_ofb64.c
-	$(CC) /Fo$(OBJ_D)\bf_ofb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_ofb64.c
-
-$(OBJ_D)\c_skey.obj: $(SRC_D)\crypto\cast\c_skey.c
-	$(CC) /Fo$(OBJ_D)\c_skey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cast\c_skey.c
-
-$(OBJ_D)\c_ecb.obj: $(SRC_D)\crypto\cast\c_ecb.c
-	$(CC) /Fo$(OBJ_D)\c_ecb.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cast\c_ecb.c
-
-$(OBJ_D)\c_enc.obj: $(SRC_D)\crypto\cast\c_enc.c
-	$(CC) /Fo$(OBJ_D)\c_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cast\c_enc.c
-
-$(OBJ_D)\c_cfb64.obj: $(SRC_D)\crypto\cast\c_cfb64.c
-	$(CC) /Fo$(OBJ_D)\c_cfb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cast\c_cfb64.c
-
-$(OBJ_D)\c_ofb64.obj: $(SRC_D)\crypto\cast\c_ofb64.c
-	$(CC) /Fo$(OBJ_D)\c_ofb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cast\c_ofb64.c
-
-$(OBJ_D)\bn_add.obj: $(SRC_D)\crypto\bn\bn_add.c
-	$(CC) /Fo$(OBJ_D)\bn_add.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_add.c
-
-$(OBJ_D)\bn_div.obj: $(SRC_D)\crypto\bn\bn_div.c
-	$(CC) /Fo$(OBJ_D)\bn_div.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_div.c
-
-$(OBJ_D)\bn_exp.obj: $(SRC_D)\crypto\bn\bn_exp.c
-	$(CC) /Fo$(OBJ_D)\bn_exp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_exp.c
-
-$(OBJ_D)\bn_lib.obj: $(SRC_D)\crypto\bn\bn_lib.c
-	$(CC) /Fo$(OBJ_D)\bn_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_lib.c
-
-$(OBJ_D)\bn_mod.obj: $(SRC_D)\crypto\bn\bn_mod.c
-	$(CC) /Fo$(OBJ_D)\bn_mod.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mod.c
-
-$(OBJ_D)\bn_mul.obj: $(SRC_D)\crypto\bn\bn_mul.c
-	$(CC) /Fo$(OBJ_D)\bn_mul.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mul.c
-
-$(OBJ_D)\bn_print.obj: $(SRC_D)\crypto\bn\bn_print.c
-	$(CC) /Fo$(OBJ_D)\bn_print.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_print.c
-
-$(OBJ_D)\bn_rand.obj: $(SRC_D)\crypto\bn\bn_rand.c
-	$(CC) /Fo$(OBJ_D)\bn_rand.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_rand.c
-
-$(OBJ_D)\bn_shift.obj: $(SRC_D)\crypto\bn\bn_shift.c
-	$(CC) /Fo$(OBJ_D)\bn_shift.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_shift.c
-
-$(OBJ_D)\bn_sub.obj: $(SRC_D)\crypto\bn\bn_sub.c
-	$(CC) /Fo$(OBJ_D)\bn_sub.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_sub.c
-
-$(OBJ_D)\bn_word.obj: $(SRC_D)\crypto\bn\bn_word.c
-	$(CC) /Fo$(OBJ_D)\bn_word.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_word.c
-
-$(OBJ_D)\bn_blind.obj: $(SRC_D)\crypto\bn\bn_blind.c
-	$(CC) /Fo$(OBJ_D)\bn_blind.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_blind.c
-
-$(OBJ_D)\bn_gcd.obj: $(SRC_D)\crypto\bn\bn_gcd.c
-	$(CC) /Fo$(OBJ_D)\bn_gcd.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_gcd.c
-
-$(OBJ_D)\bn_prime.obj: $(SRC_D)\crypto\bn\bn_prime.c
-	$(CC) /Fo$(OBJ_D)\bn_prime.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_prime.c
-
-$(OBJ_D)\bn_err.obj: $(SRC_D)\crypto\bn\bn_err.c
-	$(CC) /Fo$(OBJ_D)\bn_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_err.c
-
-$(OBJ_D)\bn_sqr.obj: $(SRC_D)\crypto\bn\bn_sqr.c
-	$(CC) /Fo$(OBJ_D)\bn_sqr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_sqr.c
-
-$(OBJ_D)\bn_mulw.obj: $(SRC_D)\crypto\bn\bn_mulw.c
-	$(CC) /Fo$(OBJ_D)\bn_mulw.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mulw.c
-
-$(OBJ_D)\bn_recp.obj: $(SRC_D)\crypto\bn\bn_recp.c
-	$(CC) /Fo$(OBJ_D)\bn_recp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_recp.c
-
-$(OBJ_D)\bn_mont.obj: $(SRC_D)\crypto\bn\bn_mont.c
-	$(CC) /Fo$(OBJ_D)\bn_mont.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mont.c
-
-$(OBJ_D)\bn_mpi.obj: $(SRC_D)\crypto\bn\bn_mpi.c
-	$(CC) /Fo$(OBJ_D)\bn_mpi.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mpi.c
-
-$(OBJ_D)\rsa_eay.obj: $(SRC_D)\crypto\rsa\rsa_eay.c
-	$(CC) /Fo$(OBJ_D)\rsa_eay.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_eay.c
-
-$(OBJ_D)\rsa_gen.obj: $(SRC_D)\crypto\rsa\rsa_gen.c
-	$(CC) /Fo$(OBJ_D)\rsa_gen.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_gen.c
-
-$(OBJ_D)\rsa_lib.obj: $(SRC_D)\crypto\rsa\rsa_lib.c
-	$(CC) /Fo$(OBJ_D)\rsa_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_lib.c
-
-$(OBJ_D)\rsa_sign.obj: $(SRC_D)\crypto\rsa\rsa_sign.c
-	$(CC) /Fo$(OBJ_D)\rsa_sign.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_sign.c
-
-$(OBJ_D)\rsa_saos.obj: $(SRC_D)\crypto\rsa\rsa_saos.c
-	$(CC) /Fo$(OBJ_D)\rsa_saos.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_saos.c
-
-$(OBJ_D)\rsa_err.obj: $(SRC_D)\crypto\rsa\rsa_err.c
-	$(CC) /Fo$(OBJ_D)\rsa_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_err.c
-
-$(OBJ_D)\rsa_pk1.obj: $(SRC_D)\crypto\rsa\rsa_pk1.c
-	$(CC) /Fo$(OBJ_D)\rsa_pk1.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_pk1.c
-
-$(OBJ_D)\rsa_ssl.obj: $(SRC_D)\crypto\rsa\rsa_ssl.c
-	$(CC) /Fo$(OBJ_D)\rsa_ssl.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_ssl.c
-
-$(OBJ_D)\rsa_none.obj: $(SRC_D)\crypto\rsa\rsa_none.c
-	$(CC) /Fo$(OBJ_D)\rsa_none.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_none.c
-
-$(OBJ_D)\dsa_gen.obj: $(SRC_D)\crypto\dsa\dsa_gen.c
-	$(CC) /Fo$(OBJ_D)\dsa_gen.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_gen.c
-
-$(OBJ_D)\dsa_key.obj: $(SRC_D)\crypto\dsa\dsa_key.c
-	$(CC) /Fo$(OBJ_D)\dsa_key.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_key.c
-
-$(OBJ_D)\dsa_lib.obj: $(SRC_D)\crypto\dsa\dsa_lib.c
-	$(CC) /Fo$(OBJ_D)\dsa_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_lib.c
-
-$(OBJ_D)\dsa_vrf.obj: $(SRC_D)\crypto\dsa\dsa_vrf.c
-	$(CC) /Fo$(OBJ_D)\dsa_vrf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_vrf.c
-
-$(OBJ_D)\dsa_sign.obj: $(SRC_D)\crypto\dsa\dsa_sign.c
-	$(CC) /Fo$(OBJ_D)\dsa_sign.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_sign.c
-
-$(OBJ_D)\dsa_err.obj: $(SRC_D)\crypto\dsa\dsa_err.c
-	$(CC) /Fo$(OBJ_D)\dsa_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_err.c
-
-$(OBJ_D)\dh_gen.obj: $(SRC_D)\crypto\dh\dh_gen.c
-	$(CC) /Fo$(OBJ_D)\dh_gen.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_gen.c
-
-$(OBJ_D)\dh_key.obj: $(SRC_D)\crypto\dh\dh_key.c
-	$(CC) /Fo$(OBJ_D)\dh_key.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_key.c
-
-$(OBJ_D)\dh_lib.obj: $(SRC_D)\crypto\dh\dh_lib.c
-	$(CC) /Fo$(OBJ_D)\dh_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_lib.c
-
-$(OBJ_D)\dh_check.obj: $(SRC_D)\crypto\dh\dh_check.c
-	$(CC) /Fo$(OBJ_D)\dh_check.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_check.c
-
-$(OBJ_D)\dh_err.obj: $(SRC_D)\crypto\dh\dh_err.c
-	$(CC) /Fo$(OBJ_D)\dh_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_err.c
-
-$(OBJ_D)\buffer.obj: $(SRC_D)\crypto\buffer\buffer.c
-	$(CC) /Fo$(OBJ_D)\buffer.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\buffer\buffer.c
-
-$(OBJ_D)\buf_err.obj: $(SRC_D)\crypto\buffer\buf_err.c
-	$(CC) /Fo$(OBJ_D)\buf_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\buffer\buf_err.c
-
-$(OBJ_D)\bio_lib.obj: $(SRC_D)\crypto\bio\bio_lib.c
-	$(CC) /Fo$(OBJ_D)\bio_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bio_lib.c
-
-$(OBJ_D)\bio_cb.obj: $(SRC_D)\crypto\bio\bio_cb.c
-	$(CC) /Fo$(OBJ_D)\bio_cb.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bio_cb.c
-
-$(OBJ_D)\bio_err.obj: $(SRC_D)\crypto\bio\bio_err.c
-	$(CC) /Fo$(OBJ_D)\bio_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bio_err.c
-
-$(OBJ_D)\bss_mem.obj: $(SRC_D)\crypto\bio\bss_mem.c
-	$(CC) /Fo$(OBJ_D)\bss_mem.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_mem.c
-
-$(OBJ_D)\bss_null.obj: $(SRC_D)\crypto\bio\bss_null.c
-	$(CC) /Fo$(OBJ_D)\bss_null.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_null.c
-
-$(OBJ_D)\bss_fd.obj: $(SRC_D)\crypto\bio\bss_fd.c
-	$(CC) /Fo$(OBJ_D)\bss_fd.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_fd.c
-
-$(OBJ_D)\bss_file.obj: $(SRC_D)\crypto\bio\bss_file.c
-	$(CC) /Fo$(OBJ_D)\bss_file.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_file.c
-
-$(OBJ_D)\bss_sock.obj: $(SRC_D)\crypto\bio\bss_sock.c
-	$(CC) /Fo$(OBJ_D)\bss_sock.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_sock.c
-
-$(OBJ_D)\bss_conn.obj: $(SRC_D)\crypto\bio\bss_conn.c
-	$(CC) /Fo$(OBJ_D)\bss_conn.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_conn.c
-
-$(OBJ_D)\bf_null.obj: $(SRC_D)\crypto\bio\bf_null.c
-	$(CC) /Fo$(OBJ_D)\bf_null.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bf_null.c
-
-$(OBJ_D)\bf_buff.obj: $(SRC_D)\crypto\bio\bf_buff.c
-	$(CC) /Fo$(OBJ_D)\bf_buff.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bf_buff.c
-
-$(OBJ_D)\b_print.obj: $(SRC_D)\crypto\bio\b_print.c
-	$(CC) /Fo$(OBJ_D)\b_print.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\b_print.c
-
-$(OBJ_D)\b_dump.obj: $(SRC_D)\crypto\bio\b_dump.c
-	$(CC) /Fo$(OBJ_D)\b_dump.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\b_dump.c
-
-$(OBJ_D)\b_sock.obj: $(SRC_D)\crypto\bio\b_sock.c
-	$(CC) /Fo$(OBJ_D)\b_sock.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\b_sock.c
-
-$(OBJ_D)\bss_acpt.obj: $(SRC_D)\crypto\bio\bss_acpt.c
-	$(CC) /Fo$(OBJ_D)\bss_acpt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_acpt.c
-
-$(OBJ_D)\bf_nbio.obj: $(SRC_D)\crypto\bio\bf_nbio.c
-	$(CC) /Fo$(OBJ_D)\bf_nbio.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bf_nbio.c
-
-$(OBJ_D)\stack.obj: $(SRC_D)\crypto\stack\stack.c
-	$(CC) /Fo$(OBJ_D)\stack.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\stack\stack.c
-
-$(OBJ_D)\lhash.obj: $(SRC_D)\crypto\lhash\lhash.c
-	$(CC) /Fo$(OBJ_D)\lhash.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\lhash\lhash.c
-
-$(OBJ_D)\lh_stats.obj: $(SRC_D)\crypto\lhash\lh_stats.c
-	$(CC) /Fo$(OBJ_D)\lh_stats.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\lhash\lh_stats.c
-
-$(OBJ_D)\md_rand.obj: $(SRC_D)\crypto\rand\md_rand.c
-	$(CC) /Fo$(OBJ_D)\md_rand.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rand\md_rand.c
-
-$(OBJ_D)\randfile.obj: $(SRC_D)\crypto\rand\randfile.c
-	$(CC) /Fo$(OBJ_D)\randfile.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rand\randfile.c
-
-$(OBJ_D)\err.obj: $(SRC_D)\crypto\err\err.c
-	$(CC) /Fo$(OBJ_D)\err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\err\err.c
-
-$(OBJ_D)\err_all.obj: $(SRC_D)\crypto\err\err_all.c
-	$(CC) /Fo$(OBJ_D)\err_all.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\err\err_all.c
-
-$(OBJ_D)\err_prn.obj: $(SRC_D)\crypto\err\err_prn.c
-	$(CC) /Fo$(OBJ_D)\err_prn.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\err\err_prn.c
-
-$(OBJ_D)\obj_dat.obj: $(SRC_D)\crypto\objects\obj_dat.c
-	$(CC) /Fo$(OBJ_D)\obj_dat.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\objects\obj_dat.c
-
-$(OBJ_D)\obj_lib.obj: $(SRC_D)\crypto\objects\obj_lib.c
-	$(CC) /Fo$(OBJ_D)\obj_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\objects\obj_lib.c
-
-$(OBJ_D)\obj_err.obj: $(SRC_D)\crypto\objects\obj_err.c
-	$(CC) /Fo$(OBJ_D)\obj_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\objects\obj_err.c
-
-$(OBJ_D)\encode.obj: $(SRC_D)\crypto\evp\encode.c
-	$(CC) /Fo$(OBJ_D)\encode.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\encode.c
-
-$(OBJ_D)\digest.obj: $(SRC_D)\crypto\evp\digest.c
-	$(CC) /Fo$(OBJ_D)\digest.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\digest.c
-
-$(OBJ_D)\evp_enc.obj: $(SRC_D)\crypto\evp\evp_enc.c
-	$(CC) /Fo$(OBJ_D)\evp_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\evp_enc.c
-
-$(OBJ_D)\evp_key.obj: $(SRC_D)\crypto\evp\evp_key.c
-	$(CC) /Fo$(OBJ_D)\evp_key.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\evp_key.c
-
-$(OBJ_D)\e_ecb_d.obj: $(SRC_D)\crypto\evp\e_ecb_d.c
-	$(CC) /Fo$(OBJ_D)\e_ecb_d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_d.c
-
-$(OBJ_D)\e_cbc_d.obj: $(SRC_D)\crypto\evp\e_cbc_d.c
-	$(CC) /Fo$(OBJ_D)\e_cbc_d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_d.c
-
-$(OBJ_D)\e_cfb_d.obj: $(SRC_D)\crypto\evp\e_cfb_d.c
-	$(CC) /Fo$(OBJ_D)\e_cfb_d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_d.c
-
-$(OBJ_D)\e_ofb_d.obj: $(SRC_D)\crypto\evp\e_ofb_d.c
-	$(CC) /Fo$(OBJ_D)\e_ofb_d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_d.c
-
-$(OBJ_D)\e_ecb_i.obj: $(SRC_D)\crypto\evp\e_ecb_i.c
-	$(CC) /Fo$(OBJ_D)\e_ecb_i.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_i.c
-
-$(OBJ_D)\e_cbc_i.obj: $(SRC_D)\crypto\evp\e_cbc_i.c
-	$(CC) /Fo$(OBJ_D)\e_cbc_i.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_i.c
-
-$(OBJ_D)\e_cfb_i.obj: $(SRC_D)\crypto\evp\e_cfb_i.c
-	$(CC) /Fo$(OBJ_D)\e_cfb_i.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_i.c
-
-$(OBJ_D)\e_ofb_i.obj: $(SRC_D)\crypto\evp\e_ofb_i.c
-	$(CC) /Fo$(OBJ_D)\e_ofb_i.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_i.c
-
-$(OBJ_D)\e_ecb_3d.obj: $(SRC_D)\crypto\evp\e_ecb_3d.c
-	$(CC) /Fo$(OBJ_D)\e_ecb_3d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_3d.c
-
-$(OBJ_D)\e_cbc_3d.obj: $(SRC_D)\crypto\evp\e_cbc_3d.c
-	$(CC) /Fo$(OBJ_D)\e_cbc_3d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_3d.c
-
-$(OBJ_D)\e_rc4.obj: $(SRC_D)\crypto\evp\e_rc4.c
-	$(CC) /Fo$(OBJ_D)\e_rc4.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_rc4.c
-
-$(OBJ_D)\names.obj: $(SRC_D)\crypto\evp\names.c
-	$(CC) /Fo$(OBJ_D)\names.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\names.c
-
-$(OBJ_D)\e_cfb_3d.obj: $(SRC_D)\crypto\evp\e_cfb_3d.c
-	$(CC) /Fo$(OBJ_D)\e_cfb_3d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_3d.c
-
-$(OBJ_D)\e_ofb_3d.obj: $(SRC_D)\crypto\evp\e_ofb_3d.c
-	$(CC) /Fo$(OBJ_D)\e_ofb_3d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_3d.c
-
-$(OBJ_D)\e_xcbc_d.obj: $(SRC_D)\crypto\evp\e_xcbc_d.c
-	$(CC) /Fo$(OBJ_D)\e_xcbc_d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_xcbc_d.c
-
-$(OBJ_D)\e_ecb_r2.obj: $(SRC_D)\crypto\evp\e_ecb_r2.c
-	$(CC) /Fo$(OBJ_D)\e_ecb_r2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_r2.c
-
-$(OBJ_D)\e_cbc_r2.obj: $(SRC_D)\crypto\evp\e_cbc_r2.c
-	$(CC) /Fo$(OBJ_D)\e_cbc_r2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_r2.c
-
-$(OBJ_D)\e_cfb_r2.obj: $(SRC_D)\crypto\evp\e_cfb_r2.c
-	$(CC) /Fo$(OBJ_D)\e_cfb_r2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_r2.c
-
-$(OBJ_D)\e_ofb_r2.obj: $(SRC_D)\crypto\evp\e_ofb_r2.c
-	$(CC) /Fo$(OBJ_D)\e_ofb_r2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_r2.c
-
-$(OBJ_D)\e_ecb_bf.obj: $(SRC_D)\crypto\evp\e_ecb_bf.c
-	$(CC) /Fo$(OBJ_D)\e_ecb_bf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_bf.c
-
-$(OBJ_D)\e_cbc_bf.obj: $(SRC_D)\crypto\evp\e_cbc_bf.c
-	$(CC) /Fo$(OBJ_D)\e_cbc_bf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_bf.c
-
-$(OBJ_D)\e_cfb_bf.obj: $(SRC_D)\crypto\evp\e_cfb_bf.c
-	$(CC) /Fo$(OBJ_D)\e_cfb_bf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_bf.c
-
-$(OBJ_D)\e_ofb_bf.obj: $(SRC_D)\crypto\evp\e_ofb_bf.c
-	$(CC) /Fo$(OBJ_D)\e_ofb_bf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_bf.c
-
-$(OBJ_D)\e_ecb_c.obj: $(SRC_D)\crypto\evp\e_ecb_c.c
-	$(CC) /Fo$(OBJ_D)\e_ecb_c.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_c.c
-
-$(OBJ_D)\e_cbc_c.obj: $(SRC_D)\crypto\evp\e_cbc_c.c
-	$(CC) /Fo$(OBJ_D)\e_cbc_c.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_c.c
-
-$(OBJ_D)\e_cfb_c.obj: $(SRC_D)\crypto\evp\e_cfb_c.c
-	$(CC) /Fo$(OBJ_D)\e_cfb_c.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_c.c
-
-$(OBJ_D)\e_ofb_c.obj: $(SRC_D)\crypto\evp\e_ofb_c.c
-	$(CC) /Fo$(OBJ_D)\e_ofb_c.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_c.c
-
-$(OBJ_D)\e_ecb_r5.obj: $(SRC_D)\crypto\evp\e_ecb_r5.c
-	$(CC) /Fo$(OBJ_D)\e_ecb_r5.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_r5.c
-
-$(OBJ_D)\e_cbc_r5.obj: $(SRC_D)\crypto\evp\e_cbc_r5.c
-	$(CC) /Fo$(OBJ_D)\e_cbc_r5.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_r5.c
-
-$(OBJ_D)\e_cfb_r5.obj: $(SRC_D)\crypto\evp\e_cfb_r5.c
-	$(CC) /Fo$(OBJ_D)\e_cfb_r5.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_r5.c
-
-$(OBJ_D)\e_ofb_r5.obj: $(SRC_D)\crypto\evp\e_ofb_r5.c
-	$(CC) /Fo$(OBJ_D)\e_ofb_r5.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_r5.c
-
-$(OBJ_D)\m_null.obj: $(SRC_D)\crypto\evp\m_null.c
-	$(CC) /Fo$(OBJ_D)\m_null.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_null.c
-
-$(OBJ_D)\m_md2.obj: $(SRC_D)\crypto\evp\m_md2.c
-	$(CC) /Fo$(OBJ_D)\m_md2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_md2.c
-
-$(OBJ_D)\m_md5.obj: $(SRC_D)\crypto\evp\m_md5.c
-	$(CC) /Fo$(OBJ_D)\m_md5.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_md5.c
-
-$(OBJ_D)\m_sha.obj: $(SRC_D)\crypto\evp\m_sha.c
-	$(CC) /Fo$(OBJ_D)\m_sha.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_sha.c
-
-$(OBJ_D)\m_sha1.obj: $(SRC_D)\crypto\evp\m_sha1.c
-	$(CC) /Fo$(OBJ_D)\m_sha1.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_sha1.c
-
-$(OBJ_D)\m_dss.obj: $(SRC_D)\crypto\evp\m_dss.c
-	$(CC) /Fo$(OBJ_D)\m_dss.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_dss.c
-
-$(OBJ_D)\m_dss1.obj: $(SRC_D)\crypto\evp\m_dss1.c
-	$(CC) /Fo$(OBJ_D)\m_dss1.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_dss1.c
-
-$(OBJ_D)\m_mdc2.obj: $(SRC_D)\crypto\evp\m_mdc2.c
-	$(CC) /Fo$(OBJ_D)\m_mdc2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_mdc2.c
-
-$(OBJ_D)\m_ripemd.obj: $(SRC_D)\crypto\evp\m_ripemd.c
-	$(CC) /Fo$(OBJ_D)\m_ripemd.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_ripemd.c
-
-$(OBJ_D)\p_open.obj: $(SRC_D)\crypto\evp\p_open.c
-	$(CC) /Fo$(OBJ_D)\p_open.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_open.c
-
-$(OBJ_D)\p_seal.obj: $(SRC_D)\crypto\evp\p_seal.c
-	$(CC) /Fo$(OBJ_D)\p_seal.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_seal.c
-
-$(OBJ_D)\p_sign.obj: $(SRC_D)\crypto\evp\p_sign.c
-	$(CC) /Fo$(OBJ_D)\p_sign.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_sign.c
-
-$(OBJ_D)\p_verify.obj: $(SRC_D)\crypto\evp\p_verify.c
-	$(CC) /Fo$(OBJ_D)\p_verify.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_verify.c
-
-$(OBJ_D)\p_lib.obj: $(SRC_D)\crypto\evp\p_lib.c
-	$(CC) /Fo$(OBJ_D)\p_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_lib.c
-
-$(OBJ_D)\p_enc.obj: $(SRC_D)\crypto\evp\p_enc.c
-	$(CC) /Fo$(OBJ_D)\p_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_enc.c
-
-$(OBJ_D)\p_dec.obj: $(SRC_D)\crypto\evp\p_dec.c
-	$(CC) /Fo$(OBJ_D)\p_dec.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_dec.c
-
-$(OBJ_D)\bio_md.obj: $(SRC_D)\crypto\evp\bio_md.c
-	$(CC) /Fo$(OBJ_D)\bio_md.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\bio_md.c
-
-$(OBJ_D)\bio_b64.obj: $(SRC_D)\crypto\evp\bio_b64.c
-	$(CC) /Fo$(OBJ_D)\bio_b64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\bio_b64.c
-
-$(OBJ_D)\bio_enc.obj: $(SRC_D)\crypto\evp\bio_enc.c
-	$(CC) /Fo$(OBJ_D)\bio_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\bio_enc.c
-
-$(OBJ_D)\evp_err.obj: $(SRC_D)\crypto\evp\evp_err.c
-	$(CC) /Fo$(OBJ_D)\evp_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\evp_err.c
-
-$(OBJ_D)\e_null.obj: $(SRC_D)\crypto\evp\e_null.c
-	$(CC) /Fo$(OBJ_D)\e_null.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_null.c
-
-$(OBJ_D)\c_all.obj: $(SRC_D)\crypto\evp\c_all.c
-	$(CC) /Fo$(OBJ_D)\c_all.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\c_all.c
-
-$(OBJ_D)\evp_lib.obj: $(SRC_D)\crypto\evp\evp_lib.c
-	$(CC) /Fo$(OBJ_D)\evp_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\evp_lib.c
-
-$(OBJ_D)\pem_sign.obj: $(SRC_D)\crypto\pem\pem_sign.c
-	$(CC) /Fo$(OBJ_D)\pem_sign.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_sign.c
-
-$(OBJ_D)\pem_seal.obj: $(SRC_D)\crypto\pem\pem_seal.c
-	$(CC) /Fo$(OBJ_D)\pem_seal.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_seal.c
-
-$(OBJ_D)\pem_info.obj: $(SRC_D)\crypto\pem\pem_info.c
-	$(CC) /Fo$(OBJ_D)\pem_info.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_info.c
-
-$(OBJ_D)\pem_lib.obj: $(SRC_D)\crypto\pem\pem_lib.c
-	$(CC) /Fo$(OBJ_D)\pem_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_lib.c
-
-$(OBJ_D)\pem_all.obj: $(SRC_D)\crypto\pem\pem_all.c
-	$(CC) /Fo$(OBJ_D)\pem_all.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_all.c
-
-$(OBJ_D)\pem_err.obj: $(SRC_D)\crypto\pem\pem_err.c
-	$(CC) /Fo$(OBJ_D)\pem_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_err.c
-
-$(OBJ_D)\a_object.obj: $(SRC_D)\crypto\asn1\a_object.c
-	$(CC) /Fo$(OBJ_D)\a_object.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_object.c
-
-$(OBJ_D)\a_bitstr.obj: $(SRC_D)\crypto\asn1\a_bitstr.c
-	$(CC) /Fo$(OBJ_D)\a_bitstr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_bitstr.c
-
-$(OBJ_D)\a_utctm.obj: $(SRC_D)\crypto\asn1\a_utctm.c
-	$(CC) /Fo$(OBJ_D)\a_utctm.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_utctm.c
-
-$(OBJ_D)\a_int.obj: $(SRC_D)\crypto\asn1\a_int.c
-	$(CC) /Fo$(OBJ_D)\a_int.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_int.c
-
-$(OBJ_D)\a_octet.obj: $(SRC_D)\crypto\asn1\a_octet.c
-	$(CC) /Fo$(OBJ_D)\a_octet.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_octet.c
-
-$(OBJ_D)\a_print.obj: $(SRC_D)\crypto\asn1\a_print.c
-	$(CC) /Fo$(OBJ_D)\a_print.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_print.c
-
-$(OBJ_D)\a_type.obj: $(SRC_D)\crypto\asn1\a_type.c
-	$(CC) /Fo$(OBJ_D)\a_type.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_type.c
-
-$(OBJ_D)\a_set.obj: $(SRC_D)\crypto\asn1\a_set.c
-	$(CC) /Fo$(OBJ_D)\a_set.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_set.c
-
-$(OBJ_D)\a_dup.obj: $(SRC_D)\crypto\asn1\a_dup.c
-	$(CC) /Fo$(OBJ_D)\a_dup.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_dup.c
-
-$(OBJ_D)\a_d2i_fp.obj: $(SRC_D)\crypto\asn1\a_d2i_fp.c
-	$(CC) /Fo$(OBJ_D)\a_d2i_fp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_d2i_fp.c
-
-$(OBJ_D)\a_i2d_fp.obj: $(SRC_D)\crypto\asn1\a_i2d_fp.c
-	$(CC) /Fo$(OBJ_D)\a_i2d_fp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_i2d_fp.c
-
-$(OBJ_D)\a_sign.obj: $(SRC_D)\crypto\asn1\a_sign.c
-	$(CC) /Fo$(OBJ_D)\a_sign.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_sign.c
-
-$(OBJ_D)\a_digest.obj: $(SRC_D)\crypto\asn1\a_digest.c
-	$(CC) /Fo$(OBJ_D)\a_digest.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_digest.c
-
-$(OBJ_D)\a_verify.obj: $(SRC_D)\crypto\asn1\a_verify.c
-	$(CC) /Fo$(OBJ_D)\a_verify.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_verify.c
-
-$(OBJ_D)\x_algor.obj: $(SRC_D)\crypto\asn1\x_algor.c
-	$(CC) /Fo$(OBJ_D)\x_algor.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_algor.c
-
-$(OBJ_D)\x_val.obj: $(SRC_D)\crypto\asn1\x_val.c
-	$(CC) /Fo$(OBJ_D)\x_val.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_val.c
-
-$(OBJ_D)\x_pubkey.obj: $(SRC_D)\crypto\asn1\x_pubkey.c
-	$(CC) /Fo$(OBJ_D)\x_pubkey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_pubkey.c
-
-$(OBJ_D)\x_sig.obj: $(SRC_D)\crypto\asn1\x_sig.c
-	$(CC) /Fo$(OBJ_D)\x_sig.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_sig.c
-
-$(OBJ_D)\x_req.obj: $(SRC_D)\crypto\asn1\x_req.c
-	$(CC) /Fo$(OBJ_D)\x_req.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_req.c
-
-$(OBJ_D)\x_attrib.obj: $(SRC_D)\crypto\asn1\x_attrib.c
-	$(CC) /Fo$(OBJ_D)\x_attrib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_attrib.c
-
-$(OBJ_D)\x_name.obj: $(SRC_D)\crypto\asn1\x_name.c
-	$(CC) /Fo$(OBJ_D)\x_name.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_name.c
-
-$(OBJ_D)\x_cinf.obj: $(SRC_D)\crypto\asn1\x_cinf.c
-	$(CC) /Fo$(OBJ_D)\x_cinf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_cinf.c
-
-$(OBJ_D)\x_x509.obj: $(SRC_D)\crypto\asn1\x_x509.c
-	$(CC) /Fo$(OBJ_D)\x_x509.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_x509.c
-
-$(OBJ_D)\x_crl.obj: $(SRC_D)\crypto\asn1\x_crl.c
-	$(CC) /Fo$(OBJ_D)\x_crl.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_crl.c
-
-$(OBJ_D)\x_info.obj: $(SRC_D)\crypto\asn1\x_info.c
-	$(CC) /Fo$(OBJ_D)\x_info.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_info.c
-
-$(OBJ_D)\x_spki.obj: $(SRC_D)\crypto\asn1\x_spki.c
-	$(CC) /Fo$(OBJ_D)\x_spki.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_spki.c
-
-$(OBJ_D)\d2i_r_pr.obj: $(SRC_D)\crypto\asn1\d2i_r_pr.c
-	$(CC) /Fo$(OBJ_D)\d2i_r_pr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_r_pr.c
-
-$(OBJ_D)\i2d_r_pr.obj: $(SRC_D)\crypto\asn1\i2d_r_pr.c
-	$(CC) /Fo$(OBJ_D)\i2d_r_pr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_r_pr.c
-
-$(OBJ_D)\d2i_r_pu.obj: $(SRC_D)\crypto\asn1\d2i_r_pu.c
-	$(CC) /Fo$(OBJ_D)\d2i_r_pu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_r_pu.c
-
-$(OBJ_D)\i2d_r_pu.obj: $(SRC_D)\crypto\asn1\i2d_r_pu.c
-	$(CC) /Fo$(OBJ_D)\i2d_r_pu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_r_pu.c
-
-$(OBJ_D)\d2i_s_pr.obj: $(SRC_D)\crypto\asn1\d2i_s_pr.c
-	$(CC) /Fo$(OBJ_D)\d2i_s_pr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_s_pr.c
-
-$(OBJ_D)\i2d_s_pr.obj: $(SRC_D)\crypto\asn1\i2d_s_pr.c
-	$(CC) /Fo$(OBJ_D)\i2d_s_pr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_s_pr.c
-
-$(OBJ_D)\d2i_s_pu.obj: $(SRC_D)\crypto\asn1\d2i_s_pu.c
-	$(CC) /Fo$(OBJ_D)\d2i_s_pu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_s_pu.c
-
-$(OBJ_D)\i2d_s_pu.obj: $(SRC_D)\crypto\asn1\i2d_s_pu.c
-	$(CC) /Fo$(OBJ_D)\i2d_s_pu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_s_pu.c
-
-$(OBJ_D)\d2i_pu.obj: $(SRC_D)\crypto\asn1\d2i_pu.c
-	$(CC) /Fo$(OBJ_D)\d2i_pu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_pu.c
-
-$(OBJ_D)\d2i_pr.obj: $(SRC_D)\crypto\asn1\d2i_pr.c
-	$(CC) /Fo$(OBJ_D)\d2i_pr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_pr.c
-
-$(OBJ_D)\i2d_pu.obj: $(SRC_D)\crypto\asn1\i2d_pu.c
-	$(CC) /Fo$(OBJ_D)\i2d_pu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_pu.c
-
-$(OBJ_D)\i2d_pr.obj: $(SRC_D)\crypto\asn1\i2d_pr.c
-	$(CC) /Fo$(OBJ_D)\i2d_pr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_pr.c
-
-$(OBJ_D)\t_req.obj: $(SRC_D)\crypto\asn1\t_req.c
-	$(CC) /Fo$(OBJ_D)\t_req.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\t_req.c
-
-$(OBJ_D)\t_x509.obj: $(SRC_D)\crypto\asn1\t_x509.c
-	$(CC) /Fo$(OBJ_D)\t_x509.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\t_x509.c
-
-$(OBJ_D)\t_pkey.obj: $(SRC_D)\crypto\asn1\t_pkey.c
-	$(CC) /Fo$(OBJ_D)\t_pkey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\t_pkey.c
-
-$(OBJ_D)\p7_i_s.obj: $(SRC_D)\crypto\asn1\p7_i_s.c
-	$(CC) /Fo$(OBJ_D)\p7_i_s.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_i_s.c
-
-$(OBJ_D)\p7_signi.obj: $(SRC_D)\crypto\asn1\p7_signi.c
-	$(CC) /Fo$(OBJ_D)\p7_signi.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_signi.c
-
-$(OBJ_D)\p7_signd.obj: $(SRC_D)\crypto\asn1\p7_signd.c
-	$(CC) /Fo$(OBJ_D)\p7_signd.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_signd.c
-
-$(OBJ_D)\p7_recip.obj: $(SRC_D)\crypto\asn1\p7_recip.c
-	$(CC) /Fo$(OBJ_D)\p7_recip.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_recip.c
-
-$(OBJ_D)\p7_enc_c.obj: $(SRC_D)\crypto\asn1\p7_enc_c.c
-	$(CC) /Fo$(OBJ_D)\p7_enc_c.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_enc_c.c
-
-$(OBJ_D)\p7_evp.obj: $(SRC_D)\crypto\asn1\p7_evp.c
-	$(CC) /Fo$(OBJ_D)\p7_evp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_evp.c
-
-$(OBJ_D)\p7_dgst.obj: $(SRC_D)\crypto\asn1\p7_dgst.c
-	$(CC) /Fo$(OBJ_D)\p7_dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_dgst.c
-
-$(OBJ_D)\p7_s_e.obj: $(SRC_D)\crypto\asn1\p7_s_e.c
-	$(CC) /Fo$(OBJ_D)\p7_s_e.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_s_e.c
-
-$(OBJ_D)\p7_enc.obj: $(SRC_D)\crypto\asn1\p7_enc.c
-	$(CC) /Fo$(OBJ_D)\p7_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_enc.c
-
-$(OBJ_D)\p7_lib.obj: $(SRC_D)\crypto\asn1\p7_lib.c
-	$(CC) /Fo$(OBJ_D)\p7_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_lib.c
-
-$(OBJ_D)\f_int.obj: $(SRC_D)\crypto\asn1\f_int.c
-	$(CC) /Fo$(OBJ_D)\f_int.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\f_int.c
-
-$(OBJ_D)\f_string.obj: $(SRC_D)\crypto\asn1\f_string.c
-	$(CC) /Fo$(OBJ_D)\f_string.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\f_string.c
-
-$(OBJ_D)\i2d_dhp.obj: $(SRC_D)\crypto\asn1\i2d_dhp.c
-	$(CC) /Fo$(OBJ_D)\i2d_dhp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_dhp.c
-
-$(OBJ_D)\i2d_dsap.obj: $(SRC_D)\crypto\asn1\i2d_dsap.c
-	$(CC) /Fo$(OBJ_D)\i2d_dsap.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_dsap.c
-
-$(OBJ_D)\d2i_dhp.obj: $(SRC_D)\crypto\asn1\d2i_dhp.c
-	$(CC) /Fo$(OBJ_D)\d2i_dhp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_dhp.c
-
-$(OBJ_D)\d2i_dsap.obj: $(SRC_D)\crypto\asn1\d2i_dsap.c
-	$(CC) /Fo$(OBJ_D)\d2i_dsap.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_dsap.c
-
-$(OBJ_D)\n_pkey.obj: $(SRC_D)\crypto\asn1\n_pkey.c
-	$(CC) /Fo$(OBJ_D)\n_pkey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\n_pkey.c
-
-$(OBJ_D)\a_hdr.obj: $(SRC_D)\crypto\asn1\a_hdr.c
-	$(CC) /Fo$(OBJ_D)\a_hdr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_hdr.c
-
-$(OBJ_D)\x_pkey.obj: $(SRC_D)\crypto\asn1\x_pkey.c
-	$(CC) /Fo$(OBJ_D)\x_pkey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_pkey.c
-
-$(OBJ_D)\a_bool.obj: $(SRC_D)\crypto\asn1\a_bool.c
-	$(CC) /Fo$(OBJ_D)\a_bool.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_bool.c
-
-$(OBJ_D)\x_exten.obj: $(SRC_D)\crypto\asn1\x_exten.c
-	$(CC) /Fo$(OBJ_D)\x_exten.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_exten.c
-
-$(OBJ_D)\asn1_par.obj: $(SRC_D)\crypto\asn1\asn1_par.c
-	$(CC) /Fo$(OBJ_D)\asn1_par.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\asn1_par.c
-
-$(OBJ_D)\asn1_lib.obj: $(SRC_D)\crypto\asn1\asn1_lib.c
-	$(CC) /Fo$(OBJ_D)\asn1_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\asn1_lib.c
-
-$(OBJ_D)\asn1_err.obj: $(SRC_D)\crypto\asn1\asn1_err.c
-	$(CC) /Fo$(OBJ_D)\asn1_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\asn1_err.c
-
-$(OBJ_D)\a_meth.obj: $(SRC_D)\crypto\asn1\a_meth.c
-	$(CC) /Fo$(OBJ_D)\a_meth.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_meth.c
-
-$(OBJ_D)\a_bytes.obj: $(SRC_D)\crypto\asn1\a_bytes.c
-	$(CC) /Fo$(OBJ_D)\a_bytes.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_bytes.c
-
-$(OBJ_D)\evp_asn1.obj: $(SRC_D)\crypto\asn1\evp_asn1.c
-	$(CC) /Fo$(OBJ_D)\evp_asn1.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\evp_asn1.c
-
-$(OBJ_D)\x509_def.obj: $(SRC_D)\crypto\x509\x509_def.c
-	$(CC) /Fo$(OBJ_D)\x509_def.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_def.c
-
-$(OBJ_D)\x509_d2.obj: $(SRC_D)\crypto\x509\x509_d2.c
-	$(CC) /Fo$(OBJ_D)\x509_d2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_d2.c
-
-$(OBJ_D)\x509_r2x.obj: $(SRC_D)\crypto\x509\x509_r2x.c
-	$(CC) /Fo$(OBJ_D)\x509_r2x.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_r2x.c
-
-$(OBJ_D)\x509_cmp.obj: $(SRC_D)\crypto\x509\x509_cmp.c
-	$(CC) /Fo$(OBJ_D)\x509_cmp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_cmp.c
-
-$(OBJ_D)\x509_obj.obj: $(SRC_D)\crypto\x509\x509_obj.c
-	$(CC) /Fo$(OBJ_D)\x509_obj.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_obj.c
-
-$(OBJ_D)\x509_req.obj: $(SRC_D)\crypto\x509\x509_req.c
-	$(CC) /Fo$(OBJ_D)\x509_req.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_req.c
-
-$(OBJ_D)\x509_vfy.obj: $(SRC_D)\crypto\x509\x509_vfy.c
-	$(CC) /Fo$(OBJ_D)\x509_vfy.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_vfy.c
-
-$(OBJ_D)\x509_set.obj: $(SRC_D)\crypto\x509\x509_set.c
-	$(CC) /Fo$(OBJ_D)\x509_set.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_set.c
-
-$(OBJ_D)\x509rset.obj: $(SRC_D)\crypto\x509\x509rset.c
-	$(CC) /Fo$(OBJ_D)\x509rset.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509rset.c
-
-$(OBJ_D)\x509_err.obj: $(SRC_D)\crypto\x509\x509_err.c
-	$(CC) /Fo$(OBJ_D)\x509_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_err.c
-
-$(OBJ_D)\x509name.obj: $(SRC_D)\crypto\x509\x509name.c
-	$(CC) /Fo$(OBJ_D)\x509name.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509name.c
-
-$(OBJ_D)\x509_v3.obj: $(SRC_D)\crypto\x509\x509_v3.c
-	$(CC) /Fo$(OBJ_D)\x509_v3.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_v3.c
-
-$(OBJ_D)\x509_ext.obj: $(SRC_D)\crypto\x509\x509_ext.c
-	$(CC) /Fo$(OBJ_D)\x509_ext.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_ext.c
-
-$(OBJ_D)\x509pack.obj: $(SRC_D)\crypto\x509\x509pack.c
-	$(CC) /Fo$(OBJ_D)\x509pack.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509pack.c
-
-$(OBJ_D)\x509type.obj: $(SRC_D)\crypto\x509\x509type.c
-	$(CC) /Fo$(OBJ_D)\x509type.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509type.c
-
-$(OBJ_D)\x509_lu.obj: $(SRC_D)\crypto\x509\x509_lu.c
-	$(CC) /Fo$(OBJ_D)\x509_lu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_lu.c
-
-$(OBJ_D)\x_all.obj: $(SRC_D)\crypto\x509\x_all.c
-	$(CC) /Fo$(OBJ_D)\x_all.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x_all.c
-
-$(OBJ_D)\x509_txt.obj: $(SRC_D)\crypto\x509\x509_txt.c
-	$(CC) /Fo$(OBJ_D)\x509_txt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_txt.c
-
-$(OBJ_D)\by_file.obj: $(SRC_D)\crypto\x509\by_file.c
-	$(CC) /Fo$(OBJ_D)\by_file.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\by_file.c
-
-$(OBJ_D)\by_dir.obj: $(SRC_D)\crypto\x509\by_dir.c
-	$(CC) /Fo$(OBJ_D)\by_dir.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\by_dir.c
-
-$(OBJ_D)\v3_net.obj: $(SRC_D)\crypto\x509\v3_net.c
-	$(CC) /Fo$(OBJ_D)\v3_net.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\v3_net.c
-
-$(OBJ_D)\v3_x509.obj: $(SRC_D)\crypto\x509\v3_x509.c
-	$(CC) /Fo$(OBJ_D)\v3_x509.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\v3_x509.c
-
-$(OBJ_D)\conf.obj: $(SRC_D)\crypto\conf\conf.c
-	$(CC) /Fo$(OBJ_D)\conf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\conf\conf.c
-
-$(OBJ_D)\conf_err.obj: $(SRC_D)\crypto\conf\conf_err.c
-	$(CC) /Fo$(OBJ_D)\conf_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\conf\conf_err.c
-
-$(OBJ_D)\txt_db.obj: $(SRC_D)\crypto\txt_db\txt_db.c
-	$(CC) /Fo$(OBJ_D)\txt_db.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\txt_db\txt_db.c
-
-$(OBJ_D)\pk7_lib.obj: $(SRC_D)\crypto\pkcs7\pk7_lib.c
-	$(CC) /Fo$(OBJ_D)\pk7_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pkcs7\pk7_lib.c
-
-$(OBJ_D)\pkcs7err.obj: $(SRC_D)\crypto\pkcs7\pkcs7err.c
-	$(CC) /Fo$(OBJ_D)\pkcs7err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pkcs7\pkcs7err.c
-
-$(OBJ_D)\pk7_doit.obj: $(SRC_D)\crypto\pkcs7\pk7_doit.c
-	$(CC) /Fo$(OBJ_D)\pk7_doit.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pkcs7\pk7_doit.c
-
-$(OBJ_D)\s2_meth.obj: $(SRC_D)\ssl\s2_meth.c
-	$(CC) /Fo$(OBJ_D)\s2_meth.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s2_meth.c
-
-$(OBJ_D)\s2_srvr.obj: $(SRC_D)\ssl\s2_srvr.c
-	$(CC) /Fo$(OBJ_D)\s2_srvr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s2_srvr.c
-
-$(OBJ_D)\s2_clnt.obj: $(SRC_D)\ssl\s2_clnt.c
-	$(CC) /Fo$(OBJ_D)\s2_clnt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s2_clnt.c
-
-$(OBJ_D)\s2_lib.obj: $(SRC_D)\ssl\s2_lib.c
-	$(CC) /Fo$(OBJ_D)\s2_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s2_lib.c
-
-$(OBJ_D)\s2_enc.obj: $(SRC_D)\ssl\s2_enc.c
-	$(CC) /Fo$(OBJ_D)\s2_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s2_enc.c
-
-$(OBJ_D)\s2_pkt.obj: $(SRC_D)\ssl\s2_pkt.c
-	$(CC) /Fo$(OBJ_D)\s2_pkt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s2_pkt.c
-
-$(OBJ_D)\s3_meth.obj: $(SRC_D)\ssl\s3_meth.c
-	$(CC) /Fo$(OBJ_D)\s3_meth.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_meth.c
-
-$(OBJ_D)\s3_srvr.obj: $(SRC_D)\ssl\s3_srvr.c
-	$(CC) /Fo$(OBJ_D)\s3_srvr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_srvr.c
-
-$(OBJ_D)\s3_clnt.obj: $(SRC_D)\ssl\s3_clnt.c
-	$(CC) /Fo$(OBJ_D)\s3_clnt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_clnt.c
-
-$(OBJ_D)\s3_lib.obj: $(SRC_D)\ssl\s3_lib.c
-	$(CC) /Fo$(OBJ_D)\s3_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_lib.c
-
-$(OBJ_D)\s3_enc.obj: $(SRC_D)\ssl\s3_enc.c
-	$(CC) /Fo$(OBJ_D)\s3_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_enc.c
-
-$(OBJ_D)\s3_pkt.obj: $(SRC_D)\ssl\s3_pkt.c
-	$(CC) /Fo$(OBJ_D)\s3_pkt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_pkt.c
-
-$(OBJ_D)\s3_both.obj: $(SRC_D)\ssl\s3_both.c
-	$(CC) /Fo$(OBJ_D)\s3_both.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_both.c
-
-$(OBJ_D)\s23_meth.obj: $(SRC_D)\ssl\s23_meth.c
-	$(CC) /Fo$(OBJ_D)\s23_meth.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s23_meth.c
-
-$(OBJ_D)\s23_srvr.obj: $(SRC_D)\ssl\s23_srvr.c
-	$(CC) /Fo$(OBJ_D)\s23_srvr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s23_srvr.c
-
-$(OBJ_D)\s23_clnt.obj: $(SRC_D)\ssl\s23_clnt.c
-	$(CC) /Fo$(OBJ_D)\s23_clnt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s23_clnt.c
-
-$(OBJ_D)\s23_lib.obj: $(SRC_D)\ssl\s23_lib.c
-	$(CC) /Fo$(OBJ_D)\s23_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s23_lib.c
-
-$(OBJ_D)\s23_pkt.obj: $(SRC_D)\ssl\s23_pkt.c
-	$(CC) /Fo$(OBJ_D)\s23_pkt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s23_pkt.c
-
-$(OBJ_D)\t1_meth.obj: $(SRC_D)\ssl\t1_meth.c
-	$(CC) /Fo$(OBJ_D)\t1_meth.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\t1_meth.c
-
-$(OBJ_D)\t1_srvr.obj: $(SRC_D)\ssl\t1_srvr.c
-	$(CC) /Fo$(OBJ_D)\t1_srvr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\t1_srvr.c
-
-$(OBJ_D)\t1_clnt.obj: $(SRC_D)\ssl\t1_clnt.c
-	$(CC) /Fo$(OBJ_D)\t1_clnt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\t1_clnt.c
-
-$(OBJ_D)\t1_lib.obj: $(SRC_D)\ssl\t1_lib.c
-	$(CC) /Fo$(OBJ_D)\t1_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\t1_lib.c
-
-$(OBJ_D)\t1_enc.obj: $(SRC_D)\ssl\t1_enc.c
-	$(CC) /Fo$(OBJ_D)\t1_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\t1_enc.c
-
-$(OBJ_D)\ssl_lib.obj: $(SRC_D)\ssl\ssl_lib.c
-	$(CC) /Fo$(OBJ_D)\ssl_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_lib.c
-
-$(OBJ_D)\ssl_err2.obj: $(SRC_D)\ssl\ssl_err2.c
-	$(CC) /Fo$(OBJ_D)\ssl_err2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_err2.c
-
-$(OBJ_D)\ssl_cert.obj: $(SRC_D)\ssl\ssl_cert.c
-	$(CC) /Fo$(OBJ_D)\ssl_cert.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_cert.c
-
-$(OBJ_D)\ssl_sess.obj: $(SRC_D)\ssl\ssl_sess.c
-	$(CC) /Fo$(OBJ_D)\ssl_sess.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_sess.c
-
-$(OBJ_D)\ssl_ciph.obj: $(SRC_D)\ssl\ssl_ciph.c
-	$(CC) /Fo$(OBJ_D)\ssl_ciph.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_ciph.c
-
-$(OBJ_D)\ssl_stat.obj: $(SRC_D)\ssl\ssl_stat.c
-	$(CC) /Fo$(OBJ_D)\ssl_stat.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_stat.c
-
-$(OBJ_D)\ssl_rsa.obj: $(SRC_D)\ssl\ssl_rsa.c
-	$(CC) /Fo$(OBJ_D)\ssl_rsa.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_rsa.c
-
-$(OBJ_D)\ssl_asn1.obj: $(SRC_D)\ssl\ssl_asn1.c
-	$(CC) /Fo$(OBJ_D)\ssl_asn1.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_asn1.c
-
-$(OBJ_D)\ssl_txt.obj: $(SRC_D)\ssl\ssl_txt.c
-	$(CC) /Fo$(OBJ_D)\ssl_txt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_txt.c
-
-$(OBJ_D)\ssl_algs.obj: $(SRC_D)\ssl\ssl_algs.c
-	$(CC) /Fo$(OBJ_D)\ssl_algs.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_algs.c
-
-$(OBJ_D)\bio_ssl.obj: $(SRC_D)\ssl\bio_ssl.c
-	$(CC) /Fo$(OBJ_D)\bio_ssl.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\bio_ssl.c
-
-$(OBJ_D)\ssl_err.obj: $(SRC_D)\ssl\ssl_err.c
-	$(CC) /Fo$(OBJ_D)\ssl_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_err.c
-
-$(OBJ_D)\rsaref.obj: $(SRC_D)\rsaref\rsaref.c
-	$(CC) /Fo$(OBJ_D)\rsaref.obj  $(LIB_CFLAGS) -c $(SRC_D)\rsaref\rsaref.c
-
-$(OBJ_D)\rsar_err.obj: $(SRC_D)\rsaref\rsar_err.c
-	$(CC) /Fo$(OBJ_D)\rsar_err.obj  $(LIB_CFLAGS) -c $(SRC_D)\rsaref\rsar_err.c
-
-$(TEST_D)\md2test.exe: $(OBJ_D)\md2test.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\md2test.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\md2test.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(TEST_D)\md5test.exe: $(OBJ_D)\md5test.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\md5test.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\md5test.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(TEST_D)\shatest.exe: $(OBJ_D)\shatest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\shatest.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\shatest.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(TEST_D)\sha1test.exe: $(OBJ_D)\sha1test.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\sha1test.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\sha1test.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(TEST_D)\mdc2test.exe: $(OBJ_D)\mdc2test.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\mdc2test.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\mdc2test.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(TEST_D)\hmactest.exe: $(OBJ_D)\hmactest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\hmactest.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\hmactest.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(TEST_D)\rmdtest.exe: $(OBJ_D)\rmdtest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\rmdtest.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\rmdtest.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(TEST_D)\destest.exe: $(OBJ_D)\destest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\destest.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\destest.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(TEST_D)\rc2test.exe: $(OBJ_D)\rc2test.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\rc2test.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\rc2test.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(TEST_D)\rc4test.exe: $(OBJ_D)\rc4test.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\rc4test.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\rc4test.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(TEST_D)\rc5test.exe: $(OBJ_D)\rc5test.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\rc5test.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\rc5test.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(TEST_D)\ideatest.exe: $(OBJ_D)\ideatest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\ideatest.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\ideatest.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(TEST_D)\bftest.exe: $(OBJ_D)\bftest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\bftest.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\bftest.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(TEST_D)\casttest.exe: $(OBJ_D)\casttest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\casttest.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\casttest.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(TEST_D)\bntest.exe: $(OBJ_D)\bntest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\bntest.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\bntest.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(TEST_D)\exptest.exe: $(OBJ_D)\exptest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\exptest.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\exptest.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(TEST_D)\dsatest.exe: $(OBJ_D)\dsatest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\dsatest.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\dsatest.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(TEST_D)\dhtest.exe: $(OBJ_D)\dhtest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\dhtest.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\dhtest.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(TEST_D)\randtest.exe: $(OBJ_D)\randtest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\randtest.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\randtest.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(TEST_D)\ssltest.exe: $(OBJ_D)\ssltest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\ssltest.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\ssltest.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(O_SSL): $(SSLOBJ)
-	$(LINK) $(MLFLAGS) /out:$(O_SSL) /def:ms/SSLEAY32.def @<<
-  $(SHLIB_EX_OBJ) $(SSLOBJ)  $(L_CRYPTO) wsock32.lib gdi32.lib
-<<
-
-$(O_RSAGLUE): $(RSAGLUEOBJ)
-	$(MKLIB) /out:$(O_RSAGLUE) @<<
-  $(RSAGLUEOBJ)
-<<
-
-$(O_CRYPTO): $(CRYPTOOBJ)
-	$(LINK) $(MLFLAGS) /out:$(O_CRYPTO) /def:ms/LIBEAY32.def @<<
-  $(SHLIB_EX_OBJ) $(CRYPTOOBJ)  wsock32.lib gdi32.lib
-<<
-
-$(BIN_D)\$(E_EXE).exe: $(E_OBJ) $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(BIN_D)\$(E_EXE).exe @<<
-  $(APP_EX_OBJ) $(E_OBJ) $(L_LIBS) $(EX_LIBS)
-<<
-
diff --git a/lib/libssl/src/ms/req2CA.ss b/lib/libssl/src/ms/req2CA.ss
index 6a3dd4e2d03..d061fb2a075 100644
--- a/lib/libssl/src/ms/req2CA.ss
+++ b/lib/libssl/src/ms/req2CA.ss
@@ -6,24 +6,24 @@ Certificate Request:
             Public Key Algorithm: rsaEncryption
             RSA Public Key: (512 bit)
                 Modulus (512 bit):
-                    00:c0:e2:84:c5:b7:5f:28:b7:a6:10:c1:8e:29:e0:
-                    60:a8:8d:da:6c:91:3d:cb:37:f7:5a:1a:cf:71:02:
-                    d1:03:23:3c:e5:83:f1:93:40:d0:61:6c:21:12:1f:
-                    62:d8:1c:46:59:80:19:ec:aa:ef:d4:4a:9d:b1:58:
-                    82:40:11:ae:05
+                    00:d0:34:0b:7a:73:3f:9d:c2:ba:0b:04:84:26:13:
+                    8e:d5:67:d9:50:f5:04:8b:8a:6f:a2:cf:5f:1d:6e:
+                    39:f6:38:77:ad:10:c0:0e:08:b7:7e:20:98:c6:84:
+                    55:49:08:6f:07:8e:e4:0d:9d:d5:88:d8:39:ca:b0:
+                    e1:cb:b1:7d:cb
                 Exponent: 65537 (0x10001)
         Attributes:
             a0:00
     Signature Algorithm: md5WithRSAEncryption
-        12:14:96:c0:0e:ea:5a:08:6f:13:fd:72:84:6a:26:33:29:f9:
-        52:39:4c:fc:ec:da:0d:83:39:2e:27:17:9b:f8:46:03:b5:dd:
-        52:a6:dd:3a:50:8e:73:4f:87:94:59:31:1d:5a:54:24:96:4d:
-        d4:57:95:4c:ca:4c:dc:0b:b8:5f
+        8d:15:e6:8e:49:0f:07:fb:e0:72:ad:f0:04:9a:c8:5d:e7:1b:
+        ed:99:c9:c3:3c:f5:8e:4d:a1:5e:e1:40:75:2c:24:f0:c6:dd:
+        10:87:35:26:1d:cc:79:3f:a2:c6:a0:04:c8:52:78:ed:26:32:
+        d3:1b:a7:cd:5e:8c:55:92:dd:88
 -----BEGIN CERTIFICATE REQUEST-----
 MIHzMIGeAgEAMDkxCzAJBgNVBAYTAkFVMRcwFQYDVQQKEw5Eb2RneSBCcm90aGVy
-czERMA8GA1UEAxMIRG9kZ3kgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAwOKE
-xbdfKLemEMGOKeBgqI3abJE9yzf3WhrPcQLRAyM85YPxk0DQYWwhEh9i2BxGWYAZ
-7Krv1EqdsViCQBGuBQIDAQABoAAwDQYJKoZIhvcNAQEEBQADQQASFJbADupaCG8T
-/XKEaiYzKflSOUz87NoNgzkuJxeb+EYDtd1Spt06UI5zT4eUWTEdWlQklk3UV5VM
-ykzcC7hf
+czERMA8GA1UEAxMIRG9kZ3kgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA0DQL
+enM/ncK6CwSEJhOO1WfZUPUEi4pvos9fHW459jh3rRDADgi3fiCYxoRVSQhvB47k
+DZ3ViNg5yrDhy7F9ywIDAQABoAAwDQYJKoZIhvcNAQEEBQADQQCNFeaOSQ8H++By
+rfAEmshd5xvtmcnDPPWOTaFe4UB1LCTwxt0QhzUmHcx5P6LGoATIUnjtJjLTG6fN
+XoxVkt2I
 -----END CERTIFICATE REQUEST-----
diff --git a/lib/libssl/src/ms/reqCA.ss b/lib/libssl/src/ms/reqCA.ss
index be8ca974d0c..1f7138cadcc 100644
--- a/lib/libssl/src/ms/reqCA.ss
+++ b/lib/libssl/src/ms/reqCA.ss
@@ -1,8 +1,8 @@
 -----BEGIN CERTIFICATE REQUEST-----
 MIHzMIGeAgEAMDkxCzAJBgNVBAYTAkFVMRcwFQYDVQQKEw5Eb2RneSBCcm90aGVy
-czERMA8GA1UEAxMIRG9kZ3kgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAwOKE
-xbdfKLemEMGOKeBgqI3abJE9yzf3WhrPcQLRAyM85YPxk0DQYWwhEh9i2BxGWYAZ
-7Krv1EqdsViCQBGuBQIDAQABoAAwDQYJKoZIhvcNAQEFBQADQQDAvyCzrfhnLH8V
-tldPhV9imEi8Dh8vjRYIIb4AlIq25ku8NJyTHi3zOwvH2iiTUx4oxOV9/++UbU+l
-dmT7y1IS
+czERMA8GA1UEAxMIRG9kZ3kgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA0DQL
+enM/ncK6CwSEJhOO1WfZUPUEi4pvos9fHW459jh3rRDADgi3fiCYxoRVSQhvB47k
+DZ3ViNg5yrDhy7F9ywIDAQABoAAwDQYJKoZIhvcNAQEFBQADQQA5DZSZgDXs8flG
+GZf4SGr8QpqkxSu9bZOYp/ySuz1khj7aupBrvZBmqZcZx4ZjAUN7UQpMWu2gyfKa
+mAiiLPFN
 -----END CERTIFICATE REQUEST-----
diff --git a/lib/libssl/src/ms/reqU.ss b/lib/libssl/src/ms/reqU.ss
index 9223897196c..91cce5966de 100644
--- a/lib/libssl/src/ms/reqU.ss
+++ b/lib/libssl/src/ms/reqU.ss
@@ -1,8 +1,8 @@
 -----BEGIN CERTIFICATE REQUEST-----
 MIIBCDCBswIBADBOMQswCQYDVQQGEwJBVTEXMBUGA1UEChMORG9kZ3kgQnJvdGhl
 cnMxEjAQBgNVBAMTCUJyb3RoZXIgMTESMBAGA1UEAxMJQnJvdGhlciAyMFwwDQYJ
-KoZIhvcNAQEBBQADSwAwSAJBAMn4ERwmb5cqvcokIrFpnrZ6Ww2TIWQfh47sUMad
-4BKSOz/KuWebVyFOfjhQHyEZEXTBmv1CvjVYOwCelGMiEd8CAwEAAaAAMA0GCSqG
-SIb3DQEBAgUAA0EAbE4cboaJY3vKmskyPC1cS5Jn4WjFOjaUCNI5MjeTNTZ6AE4o
-h6Sx4PeQomjMA1gRGrHCz+5IyVBcgskY5IYLCw==
+KoZIhvcNAQEBBQADSwAwSAJBANHuKqKzq/87iwfTb0Wl4SVWiB2hhmrGu3jAI1T4
+rVgF5Dfg8V4hh9QpzIEK2iomM7BFT9ecbcZHrxLyuYyaTsMCAwEAAaAAMA0GCSqG
+SIb3DQEBAgUAA0EAhB0p6LbiVq+XshLo5sBQN0rsROC1OgWrdS6ZUmMaigOKK069
+r1o+dGwbM5VCYGTZf0PW9OtGuArGct0laL5h4w==
 -----END CERTIFICATE REQUEST-----
diff --git a/lib/libssl/src/ms/ssleay16.def b/lib/libssl/src/ms/ssleay16.def
deleted file mode 100644
index 2c616443082..00000000000
--- a/lib/libssl/src/ms/ssleay16.def
+++ /dev/null
@@ -1,171 +0,0 @@
-;
-; Definition file for the DDL version of the SSLEAY16 library from SSLeay
-;
-
-LIBRARY         SSLEAY16
-
-DESCRIPTION     'SSLeay SSLEAY16 - eay@cryptsoft.com'
-
-CODE            PRELOAD MOVEABLE
-DATA            PRELOAD MOVEABLE SINGLE
-
-EXETYPE		WINDOWS
-
-HEAPSIZE	4096
-STACKSIZE	8192
-
-EXPORTS
-    _SSLeay_add_ssl_algorithms          @109
-    _BIO_f_ssl                          @121
-    _BIO_new_buffer_ssl_connect         @173
-    _BIO_new_ssl                        @122
-    _BIO_new_ssl_connect                @174
-    _BIO_ssl_copy_session_id            @124
-    _BIO_ssl_shutdown                   @131
-    _ERR_load_SSL_strings               @1
-    _SSL_CIPHER_description             @2
-    _SSL_CIPHER_get_bits                @128
-    _SSL_CIPHER_get_name                @130
-    _SSL_CIPHER_get_version             @129
-    _SSL_CTX_add_client_CA              @3
-    _SSL_CTX_add_session                @4
-    _SSL_CTX_check_private_key          @5
-    _SSL_CTX_ctrl                       @6
-    _SSL_CTX_flush_sessions             @7
-    _SSL_CTX_free                       @8
-    _SSL_CTX_get_client_CA_list         @9
-    _SSL_CTX_get_ex_data                @138
-    _SSL_CTX_get_ex_new_index           @167
-    _SSL_CTX_get_quiet_shutdown         @140
-    _SSL_CTX_get_verify_callback        @10
-    _SSL_CTX_get_verify_mode            @11
-    _SSL_CTX_load_verify_locations      @141
-    _SSL_CTX_new                        @12
-    _SSL_CTX_remove_session             @13
-    _SSL_CTX_set_cert_verify_cb         @14
-    _SSL_CTX_set_cipher_list            @15
-    _SSL_CTX_set_client_CA_list         @16
-    _SSL_CTX_set_default_passwd_cb      @17
-    _SSL_CTX_set_default_verify_paths   @142
-    _SSL_CTX_set_ex_data                @143
-    _SSL_CTX_set_quiet_shutdown         @145
-    _SSL_CTX_set_ssl_version            @19
-    _SSL_CTX_set_verify                 @21
-    _SSL_CTX_use_PrivateKey             @22
-    _SSL_CTX_use_PrivateKey_ASN1        @23
-    _SSL_CTX_use_PrivateKey_file        @24
-    _SSL_CTX_use_RSAPrivateKey          @25
-    _SSL_CTX_use_RSAPrivateKey_ASN1     @26
-    _SSL_CTX_use_RSAPrivateKey_file     @27
-    _SSL_CTX_use_certificate            @28
-    _SSL_CTX_use_certificate_ASN1       @29
-    _SSL_CTX_use_certificate_file       @30
-    _SSL_SESSION_cmp                    @132
-    _SSL_SESSION_free                   @31
-    _SSL_SESSION_get_ex_data            @146
-    _SSL_SESSION_get_ex_new_index       @168
-    _SSL_SESSION_get_time               @134
-    _SSL_SESSION_get_timeout            @136
-    _SSL_SESSION_hash                   @133
-    _SSL_SESSION_new                    @32
-    _SSL_SESSION_print                  @33
-    _SSL_SESSION_set_ex_data            @148
-    _SSL_SESSION_set_time               @135
-    _SSL_SESSION_set_timeout            @137
-    _SSL_accept                         @35
-    _SSL_add_client_CA                  @36
-    _SSL_alert_desc_string              @37
-    _SSL_alert_desc_string_long         @38
-    _SSL_alert_type_string              @39
-    _SSL_alert_type_string_long         @40
-    _SSL_check_private_key              @41
-    _SSL_clear                          @42
-    _SSL_connect                        @43
-    _SSL_copy_session_id                @44
-    _SSL_ctrl                           @45
-    _SSL_do_handshake                   @125
-    _SSL_dup                            @46
-    _SSL_dup_CA_list                    @47
-    _SSL_free                           @48
-    _SSL_get_SSL_CTX                    @150
-    _SSL_get_certificate                @49
-    _SSL_get_cipher_list                @52
-    _SSL_get_ciphers                    @55
-    _SSL_get_client_CA_list             @56
-    _SSL_get_current_cipher             @127
-    _SSL_get_default_timeout            @57
-    _SSL_get_error                      @58
-    _SSL_get_ex_data                    @151
-    _SSL_get_ex_new_index               @169
-    _SSL_get_fd                         @59
-    _SSL_get_info_callback              @165
-    _SSL_get_peer_cert_chain            @60
-    _SSL_get_peer_certificate           @61
-    _SSL_get_privatekey                 @126
-    _SSL_get_quiet_shutdown             @153
-    _SSL_get_rbio                       @63
-    _SSL_get_read_ahead                 @64
-    _SSL_get_session                    @154
-    _SSL_get_shared_ciphers             @65
-    _SSL_get_shutdown                   @155
-    _SSL_get_ssl_method                 @66
-    _SSL_get_verify_mode                @70
-    _SSL_get_verify_result              @157
-    _SSL_get_version                    @71
-    _SSL_get_wbio                       @72
-    _SSL_load_client_CA_file            @73
-    _SSL_load_error_strings             @74
-    _SSL_new                            @75
-    _SSL_peek                           @76
-    _SSL_pending                        @77
-    _SSL_read                           @78
-    _SSL_renegotiate                    @79
-    _SSL_rstate_string                  @80
-    _SSL_rstate_string_long             @81
-    _SSL_set_accept_state               @82
-    _SSL_set_bio                        @83
-    _SSL_set_cipher_list                @84
-    _SSL_set_client_CA_list             @85
-    _SSL_set_connect_state              @86
-    _SSL_set_ex_data                    @158
-    _SSL_set_fd                         @87
-    _SSL_set_info_callback              @160
-    _SSL_set_quiet_shutdown             @161
-    _SSL_set_read_ahead                 @88
-    _SSL_set_rfd                        @89
-    _SSL_set_session                    @90
-    _SSL_set_shutdown                   @162
-    _SSL_set_ssl_method                 @91
-    _SSL_set_verify                     @94
-    _SSL_set_verify_result              @163
-    _SSL_set_wfd                        @95
-    _SSL_shutdown                       @96
-    _SSL_state                          @166
-    _SSL_state_string                   @97
-    _SSL_state_string_long              @98
-    _SSL_use_PrivateKey                 @99
-    _SSL_use_PrivateKey_ASN1            @100
-    _SSL_use_PrivateKey_file            @101
-    _SSL_use_RSAPrivateKey              @102
-    _SSL_use_RSAPrivateKey_ASN1         @103
-    _SSL_use_RSAPrivateKey_file         @104
-    _SSL_use_certificate                @105
-    _SSL_use_certificate_ASN1           @106
-    _SSL_use_certificate_file           @107
-    _SSL_version                        @164
-    _SSL_write                          @108
-    _SSLv23_client_method               @110
-    _SSLv23_method                      @111
-    _SSLv23_server_method               @112
-    _SSLv2_client_method                @113
-    _SSLv2_method                       @114
-    _SSLv2_server_method                @115
-    _SSLv3_client_method                @116
-    _SSLv3_method                       @117
-    _SSLv3_server_method                @118
-    _TLSv1_client_method                @172
-    _TLSv1_method                       @170
-    _TLSv1_server_method                @171
-    _d2i_SSL_SESSION                    @119
-    _i2d_SSL_SESSION                    @120
-
diff --git a/lib/libssl/src/ms/ssleay32.def b/lib/libssl/src/ms/ssleay32.def
deleted file mode 100644
index aa823b80696..00000000000
--- a/lib/libssl/src/ms/ssleay32.def
+++ /dev/null
@@ -1,164 +0,0 @@
-;
-; Definition file for the DDL version of the SSLEAY32 library from SSLeay
-;
-
-LIBRARY         SSLEAY32
-
-DESCRIPTION     'SSLeay SSLEAY32 - eay@cryptsoft.com'
-
-EXPORTS
-    SSLeay_add_ssl_algorithms          @109
-    BIO_f_ssl                          @121
-    BIO_new_buffer_ssl_connect         @173
-    BIO_new_ssl                        @122
-    BIO_new_ssl_connect                @174
-    BIO_ssl_copy_session_id            @124
-    BIO_ssl_shutdown                   @131
-    ERR_load_SSL_strings               @1
-    SSL_CIPHER_description             @2
-    SSL_CIPHER_get_bits                @128
-    SSL_CIPHER_get_name                @130
-    SSL_CIPHER_get_version             @129
-    SSL_CTX_add_client_CA              @3
-    SSL_CTX_add_session                @4
-    SSL_CTX_check_private_key          @5
-    SSL_CTX_ctrl                       @6
-    SSL_CTX_flush_sessions             @7
-    SSL_CTX_free                       @8
-    SSL_CTX_get_client_CA_list         @9
-    SSL_CTX_get_ex_data                @138
-    SSL_CTX_get_ex_new_index           @167
-    SSL_CTX_get_quiet_shutdown         @140
-    SSL_CTX_get_verify_callback        @10
-    SSL_CTX_get_verify_mode            @11
-    SSL_CTX_load_verify_locations      @141
-    SSL_CTX_new                        @12
-    SSL_CTX_remove_session             @13
-    SSL_CTX_set_cert_verify_cb         @14
-    SSL_CTX_set_cipher_list            @15
-    SSL_CTX_set_client_CA_list         @16
-    SSL_CTX_set_default_passwd_cb      @17
-    SSL_CTX_set_default_verify_paths   @142
-    SSL_CTX_set_ex_data                @143
-    SSL_CTX_set_quiet_shutdown         @145
-    SSL_CTX_set_ssl_version            @19
-    SSL_CTX_set_verify                 @21
-    SSL_CTX_use_PrivateKey             @22
-    SSL_CTX_use_PrivateKey_ASN1        @23
-    SSL_CTX_use_PrivateKey_file        @24
-    SSL_CTX_use_RSAPrivateKey          @25
-    SSL_CTX_use_RSAPrivateKey_ASN1     @26
-    SSL_CTX_use_RSAPrivateKey_file     @27
-    SSL_CTX_use_certificate            @28
-    SSL_CTX_use_certificate_ASN1       @29
-    SSL_CTX_use_certificate_file       @30
-    SSL_SESSION_cmp                    @132
-    SSL_SESSION_free                   @31
-    SSL_SESSION_get_ex_data            @146
-    SSL_SESSION_get_ex_new_index       @168
-    SSL_SESSION_get_time               @134
-    SSL_SESSION_get_timeout            @136
-    SSL_SESSION_hash                   @133
-    SSL_SESSION_new                    @32
-    SSL_SESSION_print                  @33
-    SSL_SESSION_print_fp               @34
-    SSL_SESSION_set_ex_data            @148
-    SSL_SESSION_set_time               @135
-    SSL_SESSION_set_timeout            @137
-    SSL_accept                         @35
-    SSL_add_client_CA                  @36
-    SSL_alert_desc_string              @37
-    SSL_alert_desc_string_long         @38
-    SSL_alert_type_string              @39
-    SSL_alert_type_string_long         @40
-    SSL_check_private_key              @41
-    SSL_clear                          @42
-    SSL_connect                        @43
-    SSL_copy_session_id                @44
-    SSL_ctrl                           @45
-    SSL_do_handshake                   @125
-    SSL_dup                            @46
-    SSL_dup_CA_list                    @47
-    SSL_free                           @48
-    SSL_get_SSL_CTX                    @150
-    SSL_get_certificate                @49
-    SSL_get_cipher_list                @52
-    SSL_get_ciphers                    @55
-    SSL_get_client_CA_list             @56
-    SSL_get_current_cipher             @127
-    SSL_get_default_timeout            @57
-    SSL_get_error                      @58
-    SSL_get_ex_data                    @151
-    SSL_get_ex_new_index               @169
-    SSL_get_fd                         @59
-    SSL_get_info_callback              @165
-    SSL_get_peer_cert_chain            @60
-    SSL_get_peer_certificate           @61
-    SSL_get_privatekey                 @126
-    SSL_get_quiet_shutdown             @153
-    SSL_get_rbio                       @63
-    SSL_get_read_ahead                 @64
-    SSL_get_session                    @154
-    SSL_get_shared_ciphers             @65
-    SSL_get_shutdown                   @155
-    SSL_get_ssl_method                 @66
-    SSL_get_verify_mode                @70
-    SSL_get_verify_result              @157
-    SSL_get_version                    @71
-    SSL_get_wbio                       @72
-    SSL_load_client_CA_file            @73
-    SSL_load_error_strings             @74
-    SSL_new                            @75
-    SSL_peek                           @76
-    SSL_pending                        @77
-    SSL_read                           @78
-    SSL_renegotiate                    @79
-    SSL_rstate_string                  @80
-    SSL_rstate_string_long             @81
-    SSL_set_accept_state               @82
-    SSL_set_bio                        @83
-    SSL_set_cipher_list                @84
-    SSL_set_client_CA_list             @85
-    SSL_set_connect_state              @86
-    SSL_set_ex_data                    @158
-    SSL_set_fd                         @87
-    SSL_set_info_callback              @160
-    SSL_set_quiet_shutdown             @161
-    SSL_set_read_ahead                 @88
-    SSL_set_rfd                        @89
-    SSL_set_session                    @90
-    SSL_set_shutdown                   @162
-    SSL_set_ssl_method                 @91
-    SSL_set_verify                     @94
-    SSL_set_verify_result              @163
-    SSL_set_wfd                        @95
-    SSL_shutdown                       @96
-    SSL_state                          @166
-    SSL_state_string                   @97
-    SSL_state_string_long              @98
-    SSL_use_PrivateKey                 @99
-    SSL_use_PrivateKey_ASN1            @100
-    SSL_use_PrivateKey_file            @101
-    SSL_use_RSAPrivateKey              @102
-    SSL_use_RSAPrivateKey_ASN1         @103
-    SSL_use_RSAPrivateKey_file         @104
-    SSL_use_certificate                @105
-    SSL_use_certificate_ASN1           @106
-    SSL_use_certificate_file           @107
-    SSL_version                        @164
-    SSL_write                          @108
-    SSLv23_client_method               @110
-    SSLv23_method                      @111
-    SSLv23_server_method               @112
-    SSLv2_client_method                @113
-    SSLv2_method                       @114
-    SSLv2_server_method                @115
-    SSLv3_client_method                @116
-    SSLv3_method                       @117
-    SSLv3_server_method                @118
-    TLSv1_client_method                @172
-    TLSv1_method                       @170
-    TLSv1_server_method                @171
-    d2i_SSL_SESSION                    @119
-    i2d_SSL_SESSION                    @120
-
diff --git a/lib/libssl/src/ms/tenc.bat b/lib/libssl/src/ms/tenc.bat
index a4fa7f3652c..466fdfccbfb 100644
--- a/lib/libssl/src/ms/tenc.bat
+++ b/lib/libssl/src/ms/tenc.bat
@@ -1,14 +1,14 @@
-rem called by testenc
-
-echo test %1 %2 %3 %4 %5 %6 
-%ssleay% %1 %2 %3 %4 %5 %6 -e -bufsize 113 -k test -in %input% -out %tmp1%
-%ssleay% %1 %2 %3 %4 %5 %6 -d -bufsize 157 -k test -in %tmp1% -out %out1%
-%cmp% %input% %out1%
-if errorlevel 1 goto err
-
-echo test base64 %1 %2 %3 %4 %5 %6 
-%ssleay% %1 %2 %3 %4 %5 %6 -a -e -bufsize 113 -k test -in %input% -out %tmp1%
-%ssleay% %1 %2 %3 %4 %5 %6 -a -d -bufsize 157 -k test -in %tmp1% -out %out1%
-%cmp% %input% %out1%
-
-:err
+rem called by testenc
+
+echo test %1 %2 %3 %4 %5 %6 
+%ssleay% %1 %2 %3 %4 %5 %6 -e -bufsize 113 -k test -in %input% -out %tmp1%
+%ssleay% %1 %2 %3 %4 %5 %6 -d -bufsize 157 -k test -in %tmp1% -out %out1%
+%cmp% %input% %out1%
+if errorlevel 1 goto err
+
+echo test base64 %1 %2 %3 %4 %5 %6 
+%ssleay% %1 %2 %3 %4 %5 %6 -a -e -bufsize 113 -k test -in %input% -out %tmp1%
+%ssleay% %1 %2 %3 %4 %5 %6 -a -d -bufsize 157 -k test -in %tmp1% -out %out1%
+%cmp% %input% %out1%
+
+:err
diff --git a/lib/libssl/src/ms/test.bat b/lib/libssl/src/ms/test.bat
index cffaf465245..a40f7478d7a 100644
--- a/lib/libssl/src/ms/test.bat
+++ b/lib/libssl/src/ms/test.bat
@@ -1,134 +1,189 @@
-@echo=off
-
-set test=..\ms
-
-rem run this from inside the bin directory
-
-echo destest
-destest
-if errorlevel 1 goto done
-
-echo ideatest
-ideatest
-if errorlevel 1 goto done
-
-echo bftest
-bftest
-if errorlevel 1 goto done
-
-echo shatest
-shatest
-if errorlevel 1 goto done
-
-echo sha1test
-sha1test
-if errorlevel 1 goto done
-
-echo md5test
-md5test
-if errorlevel 1 goto done
-
-echo md2test
-md2test
-if errorlevel 1 goto done
-
-echo mdc2test
-mdc2test
-if errorlevel 1 goto done
-
-echo rc2test
-rc2test
-if errorlevel 1 goto done
-
-echo rc4test
-rc4test
-if errorlevel 1 goto done
-
-echo randtest
-randtest
-if errorlevel 1 goto done
-
-echo dhtest
-dhtest
-if errorlevel 1 goto done
-
-echo exptest
-exptest
-if errorlevel 1 goto done
-
-echo dsatest
-dsatest
-if errorlevel 1 goto done
-
-echo testenc
-call %test%\testenc ssleay
-if errorlevel 1 goto done
-
-echo testpem
-call %test%\testpem ssleay
-if errorlevel 1 goto done
-
-echo verify
-copy ..\certs\*.pem cert.tmp >nul
-ssleay verify -CAfile cert.tmp ..\certs\*.pem
-
-echo testss
-call %test%\testss ssleay
-if errorlevel 1 goto done
-
-echo test sslv2
-ssltest -ssl2
-if errorlevel 1 goto done
-
-echo test sslv2 with server authentication
-ssltest -ssl2 -server_auth -CAfile cert.tmp
-if errorlevel 1 goto done
-
-echo test sslv2 with client authentication 
-ssltest -ssl2 -client_auth -CAfile cert.tmp
-if errorlevel 1 goto done
-
-echo test sslv2 with both client and server authentication
-ssltest -ssl2 -server_auth -client_auth -CAfile cert.tmp
-if errorlevel 1 goto done
-
-echo test sslv3
-ssltest -ssl3
-if errorlevel 1 goto done
-
-echo test sslv3 with server authentication
-ssltest -ssl3 -server_auth -CAfile cert.tmp
-if errorlevel 1 goto done
-
-echo test sslv3 with client authentication 
-ssltest -ssl3 -client_auth -CAfile cert.tmp
-if errorlevel 1 goto done
-
-echo test sslv3 with both client and server authentication
-ssltest -ssl3 -server_auth -client_auth -CAfile cert.tmp
-if errorlevel 1 goto done
-
-echo test sslv2/sslv3
-ssltest
-if errorlevel 1 goto done
-
-echo test sslv2/sslv3 with server authentication
-ssltest -server_auth -CAfile cert.tmp
-if errorlevel 1 goto done
-
-echo test sslv2/sslv3 with client authentication 
-ssltest -client_auth -CAfile cert.tmp
-if errorlevel 1 goto done
-
-echo test sslv2/sslv3 with both client and server authentication
-ssltest -server_auth -client_auth -CAfile cert.tmp
-if errorlevel 1 goto done
-
-
-del cert.tmp
-
-echo passed all tests
-goto end
-:done
-echo problems.....
-:end
+@echo=off
+
+set test=..\ms
+set opath=%PATH%
+PATH=..\ms;%PATH%
+set OPENSSL_CONF=..\apps\openssl.cnf
+
+rem run this from inside the bin directory
+
+echo rsa_oaep_test
+rsa_oaep_test
+if errorlevel 1 goto done
+
+echo destest
+destest
+if errorlevel 1 goto done
+
+echo ideatest
+ideatest
+if errorlevel 1 goto done
+
+echo bftest
+bftest
+if errorlevel 1 goto done
+
+echo shatest
+shatest
+if errorlevel 1 goto done
+
+echo sha1test
+sha1test
+if errorlevel 1 goto done
+
+echo md5test
+md5test
+if errorlevel 1 goto done
+
+echo md2test
+md2test
+if errorlevel 1 goto done
+
+echo mdc2test
+mdc2test
+if errorlevel 1 goto done
+
+echo rc2test
+rc2test
+if errorlevel 1 goto done
+
+echo rc4test
+rc4test
+if errorlevel 1 goto done
+
+echo randtest
+randtest
+if errorlevel 1 goto done
+
+echo dhtest
+dhtest
+if errorlevel 1 goto done
+
+echo exptest
+exptest
+if errorlevel 1 goto done
+
+echo dsatest
+dsatest
+if errorlevel 1 goto done
+
+echo testenc
+call %test%\testenc openssl
+if errorlevel 1 goto done
+
+echo testpem
+call %test%\testpem openssl
+if errorlevel 1 goto done
+
+echo verify
+copy ..\certs\*.pem cert.tmp >nul
+openssl verify -CAfile cert.tmp ..\certs\*.pem
+
+echo testss
+call %test%\testss openssl
+if errorlevel 1 goto done
+
+echo test sslv2
+ssltest -ssl2
+if errorlevel 1 goto done
+
+echo test sslv2 with server authentication
+ssltest -ssl2 -server_auth -CAfile cert.tmp
+if errorlevel 1 goto done
+
+echo test sslv2 with client authentication
+ssltest -ssl2 -client_auth -CAfile cert.tmp
+if errorlevel 1 goto done
+
+echo test sslv2 with both client and server authentication
+ssltest -ssl2 -server_auth -client_auth -CAfile cert.tmp
+if errorlevel 1 goto done
+
+echo test sslv3
+ssltest -ssl3
+if errorlevel 1 goto done
+
+echo test sslv3 with server authentication
+ssltest -ssl3 -server_auth -CAfile cert.tmp
+if errorlevel 1 goto done
+
+echo test sslv3 with client authentication
+ssltest -ssl3 -client_auth -CAfile cert.tmp
+if errorlevel 1 goto done
+
+echo test sslv3 with both client and server authentication
+ssltest -ssl3 -server_auth -client_auth -CAfile cert.tmp
+if errorlevel 1 goto done
+
+echo test sslv2/sslv3
+ssltest
+if errorlevel 1 goto done
+
+echo test sslv2/sslv3 with server authentication
+ssltest -server_auth -CAfile cert.tmp
+if errorlevel 1 goto done
+
+echo test sslv2/sslv3 with client authentication
+ssltest -client_auth -CAfile cert.tmp
+if errorlevel 1 goto done
+
+echo test sslv2/sslv3 with both client and server authentication
+ssltest -server_auth -client_auth -CAfile cert.tmp
+if errorlevel 1 goto done
+
+echo test sslv2 via BIO pair
+ssltest -bio_pair -ssl2
+if errorlevel 1 goto done
+
+echo test sslv2 with server authentication via BIO pair
+ssltest -bio_pair -ssl2 -server_auth -CAfile cert.tmp
+if errorlevel 1 goto done
+
+echo test sslv2 with client authentication via BIO pair
+ssltest -bio_pair -ssl2 -client_auth -CAfile cert.tmp
+if errorlevel 1 goto done
+
+echo test sslv2 with both client and server authentication via BIO pair
+ssltest -bio_pair -ssl2 -server_auth -client_auth -CAfile cert.tmp
+if errorlevel 1 goto done
+
+echo test sslv3 via BIO pair
+ssltest -bio_pair -ssl3
+if errorlevel 1 goto done
+
+echo test sslv3 with server authentication via BIO pair
+ssltest -bio_pair -ssl3 -server_auth -CAfile cert.tmp
+if errorlevel 1 goto done
+
+echo test sslv3 with client authentication  via BIO pair
+ssltest -bio_pair -ssl3 -client_auth -CAfile cert.tmp
+if errorlevel 1 goto done
+
+echo test sslv3 with both client and server authentication via BIO pair
+ssltest -bio_pair -ssl3 -server_auth -client_auth -CAfile cert.tmp
+if errorlevel 1 goto done
+
+echo test sslv2/sslv3 via BIO pair
+ssltest
+if errorlevel 1 goto done
+
+echo test sslv2/sslv3 with server authentication
+ssltest -bio_pair -server_auth -CAfile cert.tmp
+if errorlevel 1 goto done
+
+echo test sslv2/sslv3 with client authentication via BIO pair
+ssltest -bio_pair -client_auth -CAfile cert.tmp
+if errorlevel 1 goto done
+
+echo test sslv2/sslv3 with both client and server authentication via BIO pair
+ssltest -bio_pair -server_auth -client_auth -CAfile cert.tmp
+if errorlevel 1 goto done
+
+del cert.tmp
+
+echo passed all tests
+goto end
+:done
+echo problems.....
+:end
+PATH=%opath%
diff --git a/lib/libssl/src/ms/testenc.bat b/lib/libssl/src/ms/testenc.bat
index 2c73bb7d1c4..e8917eeee25 100644
--- a/lib/libssl/src/ms/testenc.bat
+++ b/lib/libssl/src/ms/testenc.bat
@@ -1,93 +1,94 @@
-echo=off
-
-echo start testenc
-path=..\ms;%path%
-set ssleay=%1%
-set input=..\ms\testenc.bat
-set tmp1=..\ms\cipher.out
-set out1=..\ms\clear.out
-set cmp=perl ..\ms\cmp.pl
-
-call tenc.bat enc
-if errorlevel 1 goto err
-
-call tenc.bat rc4
-if errorlevel 1 goto err
-
-call tenc.bat des-cfb
-if errorlevel 1 goto err
-
-call tenc.bat des-ede-cfb
-if errorlevel 1 goto err
-
-call tenc.bat des-ede3-cfb
-if errorlevel 1 goto err
-
-call tenc.bat des-ofb
-if errorlevel 1 goto err
-
-call tenc.bat des-ede-ofb
-if errorlevel 1 goto err
-
-call tenc.bat des-ede3-ofb
-if errorlevel 1 goto err
-
-call tenc.bat des-ecb
-if errorlevel 1 goto err
-
-call tenc.bat des-ede
-if errorlevel 1 goto err
-
-call tenc.bat des-ede3
-if errorlevel 1 goto err
-
-call tenc.bat des-cbc
-if errorlevel 1 goto err
-
-call tenc.bat des-ede-cbc
-if errorlevel 1 goto err
-
-call tenc.bat des-ede3-cbc
-if errorlevel 1 goto err
-
-call tenc.bat idea-ecb
-if errorlevel 1 goto err
-
-call tenc.bat idea-cfb
-if errorlevel 1 goto err
-
-call tenc.bat idea-ofb
-if errorlevel 1 goto err
-
-call tenc.bat idea-cbc
-if errorlevel 1 goto err
-
-call tenc.bat rc2-ecb
-if errorlevel 1 goto err
-
-call tenc.bat rc2-cfb
-if errorlevel 1 goto err
-
-call tenc.bat rc2-ofb
-if errorlevel 1 goto err
-
-call tenc.bat rc2-cbc
-if errorlevel 1 goto err
-
-call tenc.bat bf-ecb
-if errorlevel 1 goto err
-
-call tenc.bat bf-cfb
-if errorlevel 1 goto err
-
-call tenc.bat bf-ofb
-if errorlevel 1 goto err
-
-call tenc.bat bf-cbc
-if errorlevel 1 goto err
-
-echo OK
-del %out1%
-del %tmp1%
-:err
-
+
+echo start testenc
+echo=off
+path=..\ms;%path%
+set ssleay=%1%
+set input=..\ms\testenc.bat
+set tmp1=..\ms\cipher.out
+set out1=..\ms\clear.out
+set cmp=perl ..\ms\cmp.pl
+
+cd
+call tenc.bat enc
+if errorlevel 1 goto err
+
+call tenc.bat rc4
+if errorlevel 1 goto err
+
+call tenc.bat des-cfb
+if errorlevel 1 goto err
+
+call tenc.bat des-ede-cfb
+if errorlevel 1 goto err
+
+call tenc.bat des-ede3-cfb
+if errorlevel 1 goto err
+
+call tenc.bat des-ofb
+if errorlevel 1 goto err
+
+call tenc.bat des-ede-ofb
+if errorlevel 1 goto err
+
+call tenc.bat des-ede3-ofb
+if errorlevel 1 goto err
+
+call tenc.bat des-ecb
+if errorlevel 1 goto err
+
+call tenc.bat des-ede
+if errorlevel 1 goto err
+
+call tenc.bat des-ede3
+if errorlevel 1 goto err
+
+call tenc.bat des-cbc
+if errorlevel 1 goto err
+
+call tenc.bat des-ede-cbc
+if errorlevel 1 goto err
+
+call tenc.bat des-ede3-cbc
+if errorlevel 1 goto err
+
+call tenc.bat idea-ecb
+if errorlevel 1 goto err
+
+call tenc.bat idea-cfb
+if errorlevel 1 goto err
+
+call tenc.bat idea-ofb
+if errorlevel 1 goto err
+
+call tenc.bat idea-cbc
+if errorlevel 1 goto err
+
+call tenc.bat rc2-ecb
+if errorlevel 1 goto err
+
+call tenc.bat rc2-cfb
+if errorlevel 1 goto err
+
+call tenc.bat rc2-ofb
+if errorlevel 1 goto err
+
+call tenc.bat rc2-cbc
+if errorlevel 1 goto err
+
+call tenc.bat bf-ecb
+if errorlevel 1 goto err
+
+call tenc.bat bf-cfb
+if errorlevel 1 goto err
+
+call tenc.bat bf-ofb
+if errorlevel 1 goto err
+
+call tenc.bat bf-cbc
+if errorlevel 1 goto err
+
+echo OK
+del %out1%
+del %tmp1%
+:err
+
diff --git a/lib/libssl/src/ms/testpem.bat b/lib/libssl/src/ms/testpem.bat
index 8f6cdd4d04d..81e566b69b2 100644
--- a/lib/libssl/src/ms/testpem.bat
+++ b/lib/libssl/src/ms/testpem.bat
@@ -1,36 +1,32 @@
-echo=off
-set ssleay=%1%
-set tmp1=pem.out
-set cmp=perl ..\ms\cmp.pl
-
-call tpem.bat crl ..\test\testcrl.pem
-if errorlevel 1 goto err
-
-call tpem.bat pkcs7 ..\test\testp7.pem
-if errorlevel 1 goto err
-
-call tpem.bat req ..\test\testreq.pem
-if errorlevel 1 goto err
-
-call tpem.bat req ..\test\testreq2.pem
-if errorlevel 1 goto err
-
-call tpem.bat rsa ..\test\testrsa.pem
-if errorlevel 1 goto err
-
-call tpem.bat x509 ..\test\testx509.pem
-if errorlevel 1 goto err
-
-call tpem.bat x509 ..\test\v3-cert1.pem
-if errorlevel 1 goto err
-
-call tpem.bat x509 ..\test\v3-cert1.pem
-if errorlevel 1 goto err
-
-call tpem.bat sess_id ..\test\testsid.pem
-if errorlevel 1 goto err
-
-echo OK
-del %tmp1%
-:err
-
+echo=off
+set ssleay=%1%
+set tmp1=pem.out
+set cmp=fc.exe
+
+call tpem.bat crl ..\test\testcrl.pem
+if errorlevel 1 goto err
+
+call tpem.bat pkcs7 ..\test\testp7.pem
+if errorlevel 1 goto err
+
+call tpem.bat req ..\test\testreq2.pem
+if errorlevel 1 goto err
+
+call tpem.bat rsa ..\test\testrsa.pem
+if errorlevel 1 goto err
+
+call tpem.bat x509 ..\test\testx509.pem
+if errorlevel 1 goto err
+
+call tpem.bat x509 ..\test\v3-cert1.pem
+if errorlevel 1 goto err
+
+call tpem.bat x509 ..\test\v3-cert1.pem
+if errorlevel 1 goto err
+
+call tpem.bat sess_id ..\test\testsid.pem
+if errorlevel 1 goto err
+
+echo OK
+del %tmp1%
+:err
diff --git a/lib/libssl/src/ms/testss.bat b/lib/libssl/src/ms/testss.bat
index 9a3bf428ced..36863a5017f 100644
--- a/lib/libssl/src/ms/testss.bat
+++ b/lib/libssl/src/ms/testss.bat
@@ -1,98 +1,98 @@
-echo=off
-
-rem set ssleay=..\out\ssleay
-set ssleay=%1
-
-set reqcmd=%ssleay% req
-set x509cmd=%ssleay% x509
-set verifycmd=%ssleay% verify
-
-set CAkey=keyCA.ss
-set CAcert=certCA.ss
-set CAserial=certCA.srl
-set CAreq=reqCA.ss
-set CAconf=..\test\CAss.cnf
-set CAreq2=req2CA.ss	
-
-set Uconf=..\test\Uss.cnf
-set Ukey=keyU.ss
-set Ureq=reqU.ss
-set Ucert=certU.ss
-
-echo make a certificate request using 'req'
-%reqcmd% -config %CAconf% -out %CAreq% -keyout %CAkey% -new
-if errorlevel 1 goto err_req
-
-echo convert the certificate request into a self signed certificate using 'x509'
-%x509cmd% -CAcreateserial -in %CAreq% -days 30 -req -out %CAcert% -signkey %CAkey% >err.ss
-if errorlevel 1 goto err_x509
-
-echo --
-echo convert a certificate into a certificate request using 'x509'
-%x509cmd% -in %CAcert% -x509toreq -signkey %CAkey% -out %CAreq2% >err.ss
-if errorlevel 1 goto err_x509_2
-
-%reqcmd% -verify -in %CAreq% -noout
-if errorlevel 1 goto err_verify_1
-
-%reqcmd% -verify -in %CAreq2% -noout
-if errorlevel 1 goto err_verify_2
-
-%verifycmd% -CAfile %CAcert% %CAcert%
-if errorlevel 1 goto err_verify_3
-
-echo --
-echo make another certificate request using 'req'
-%reqcmd% -config %Uconf% -out %Ureq% -keyout %Ukey% -new >err.ss
-if errorlevel 1 goto err_req_gen
-
-echo --
-echo sign certificate request with the just created CA via 'x509'
-%x509cmd% -CAcreateserial -in %Ureq% -days 30 -req -out %Ucert% -CA %CAcert% -CAkey %CAkey% -CAserial %CAserial%
-if errorlevel 1 goto err_x509_sign
-
-%verifycmd% -CAfile %CAcert% %Ucert%
-echo --
-echo Certificate details
-%x509cmd% -subject -issuer -startdate -enddate -noout -in %Ucert%
-
-echo Everything appeared to work
-echo --
-echo The generated CA certificate is %CAcert%
-echo The generated CA private key is %CAkey%
-echo The current CA signing serial number is in %CAserial%
-
-echo The generated user certificate is %Ucert%
-echo The generated user private key is %Ukey%
-echo --
-
-del err.ss
-
-goto end
-
-:err_req
-echo error using 'req' to generate a certificate request
-goto end
-:err_x509
-echo error using 'x509' to self sign a certificate request
-goto end
-:err_x509_2
-echo error using 'x509' convert a certificate to a certificate request
-goto end
-:err_verify_1
-echo first generated request is invalid
-goto end
-:err_verify_2
-echo second generated request is invalid
-goto end
-:err_verify_3
-echo first generated cert is invalid
-goto end
-:err_req_gen
-echo error using 'req' to generate a certificate request
-goto end
-:err_x509_sign
-echo error using 'x509' to sign a certificate request
-goto end
-
-:end
+echo=on
+
+rem set ssleay=..\out\ssleay
+set ssleay=%1
+
+set reqcmd=%ssleay% req
+set x509cmd=%ssleay% x509
+set verifycmd=%ssleay% verify
+
+set CAkey=keyCA.ss
+set CAcert=certCA.ss
+set CAserial=certCA.srl
+set CAreq=reqCA.ss
+set CAconf=..\test\CAss.cnf
+set CAreq2=req2CA.ss	
+
+set Uconf=..\test\Uss.cnf
+set Ukey=keyU.ss
+set Ureq=reqU.ss
+set Ucert=certU.ss
+
+echo make a certificate request using 'req'
+%reqcmd% -config %CAconf% -out %CAreq% -keyout %CAkey% -new
+if errorlevel 1 goto e_req
+
+echo convert the certificate request into a self signed certificate using 'x509'
+%x509cmd% -CAcreateserial -in %CAreq% -days 30 -req -out %CAcert% -signkey %CAkey% >err.ss
+if errorlevel 1 goto e_x509
+
+echo --
+echo convert a certificate into a certificate request using 'x509'
+%x509cmd% -in %CAcert% -x509toreq -signkey %CAkey% -out %CAreq2% >err.ss
+if errorlevel 1 goto e_x509_2
+
+%reqcmd% -verify -in %CAreq% -noout
+if errorlevel 1 goto e_vrfy_1
+
+%reqcmd% -verify -in %CAreq2% -noout
+if errorlevel 1 goto e_vrfy_2
+
+%verifycmd% -CAfile %CAcert% %CAcert%
+if errorlevel 1 goto e_vrfy_3
+
+echo --
+echo make another certificate request using 'req'
+%reqcmd% -config %Uconf% -out %Ureq% -keyout %Ukey% -new >err.ss
+if errorlevel 1 goto e_req_gen
+
+echo --
+echo sign certificate request with the just created CA via 'x509'
+%x509cmd% -CAcreateserial -in %Ureq% -days 30 -req -out %Ucert% -CA %CAcert% -CAkey %CAkey% -CAserial %CAserial%
+if errorlevel 1 goto e_x_sign
+
+%verifycmd% -CAfile %CAcert% %Ucert%
+echo --
+echo Certificate details
+%x509cmd% -subject -issuer -startdate -enddate -noout -in %Ucert%
+
+echo Everything appeared to work
+echo --
+echo The generated CA certificate is %CAcert%
+echo The generated CA private key is %CAkey%
+echo The current CA signing serial number is in %CAserial%
+
+echo The generated user certificate is %Ucert%
+echo The generated user private key is %Ukey%
+echo --
+
+del err.ss
+
+goto end
+
+:e_req
+echo error using 'req' to generate a certificate request
+goto end
+:e_x509
+echo error using 'x509' to self sign a certificate request
+goto end
+:e_x509_2
+echo error using 'x509' convert a certificate to a certificate request
+goto end
+:e_vrfy_1
+echo first generated request is invalid
+goto end
+:e_vrfy_2
+echo second generated request is invalid
+goto end
+:e_vrfy_3
+echo first generated cert is invalid
+goto end
+:e_req_gen
+echo error using 'req' to generate a certificate request
+goto end
+:e_x_sign
+echo error using 'x509' to sign a certificate request
+goto end
+
+:end
diff --git a/lib/libssl/src/ms/tpem.bat b/lib/libssl/src/ms/tpem.bat
index cd01792e9f0..7fc7a83279a 100644
--- a/lib/libssl/src/ms/tpem.bat
+++ b/lib/libssl/src/ms/tpem.bat
@@ -1,6 +1,6 @@
-rem called by testpem
-
-echo test %1 %2
-%ssleay% %1 -in %2 -out %tmp1%
-%cmp% %2 %tmp1%
-
+rem called by testpem
+
+echo test %1 %2
+%ssleay% %1 -in %2 -out %tmp1%
+%cmp% %2 %tmp1%
+
diff --git a/lib/libssl/src/ms/w31dll.mak b/lib/libssl/src/ms/w31dll.mak
deleted file mode 100644
index 6821d826040..00000000000
--- a/lib/libssl/src/ms/w31dll.mak
+++ /dev/null
@@ -1,2295 +0,0 @@
-# This makefile has been automatically generated from the SSLeay distribution.
-# This single makefile will build the complete SSLeay distribution and
-# by default leave the 'intertesting' output files in .\out and the stuff
-# that needs deleting in .\tmp.
-# The file was generated by running 'make makefile.one', which
-# does a 'make files', which writes all the environment variables from all
-# the makefiles to the file call MINFO.  This file is used by
-# util\mk1mf.pl to generate makefile.one.
-# The 'makefile per directory' system suites me when developing this
-# library and also so I can 'distribute' indervidual library sections.
-# The one monster makefile better suits building in non-unix
-# environments.
-
-INSTALLTOP=\usr\local\ssl
-
-# Set your compiler options
-CC=cl
-CFLAG=/ALw /Gx- /Gt256 /Gf /G2 /f- /Ocgnotb2 /W3 /WX -DL_ENDIAN /nologo -DWINDOWS -DWIN16
-APP_CFLAG=/Gw /FPi87
-LIB_CFLAG=/Gw -D_WINDLL -D_DLL
-SHLIB_CFLAG=
-APP_EX_OBJ=setargv.obj
-SHLIB_EX_OBJ=
-# add extra libraries to this define, for solaris -lsocket -lnsl would
-# be added
-EX_LIBS=oldnames llibcewq libw winsock
-
-# The SSLeay directory
-SRC_D=.
-
-LINK=link
-LFLAGS= /FARCALL /NOLOGO /NOD /SEG:1024 /ONERROR:NOEXE /NOE /PACKC:60000 /PACKD:60000 /STACK:20000 /ALIGN:256
-
-BN_MULW_OBJ=crypto\bn\asm\x86w32.obj
-BN_MULW_SRC=crypto\bn\asm\x86w32.asm
-DES_ENC_OBJ=
-DES_ENC_SRC=
-DES_CRYPT_OBJ=
-DES_CRYPT_SRC=
-BF_ENC_OBJ=
-BF_ENC_SRC=
-CAST_ENC_OBJ=
-CAST_ENC_SRC=
-RC4_ENC_OBJ=
-RC4_ENC_SRC=
-RC5_ENC_OBJ=
-RC5_ENC_SRC=
-MD5_ASM_OBJ=
-MD5_ASM_SRC=
-SHA1_ASM_OBJ=
-SHA1_ASM_SRC=
-RMD160_ASM_OBJ=
-RMD160_ASM_SRC=
-
-# The output directory for everything intersting
-OUT_D=out16dll
-# The output directory for all the temporary muck
-TMP_D=tmp16dll
-# The output directory for the header files
-INC_D=inc16
-
-CP=copy
-RM=del
-RANLIB=
-MKDIR=mkdir
-MKLIB=lib /PAGESIZE:1024
-MLFLAGS= /FARCALL /NOLOGO /NOD /SEG:1024 /ONERROR:NOEXE /NOE /PACKC:60000 /PACKD:60000
-ASM=ml /Cp /c /Cx
-
-######################################################
-# You should not need to touch anything below this point
-######################################################
-
-E_EXE=ssleay
-SSL=ssleay16
-CRYPTO=libeay16
-RSAGLUE=RSAglue
-
-# BIN_D  - Binary output directory
-# TEST_D - Binary test file output directory
-# LIB_D  - library output directory
-BIN_D=$(OUT_D)
-TEST_D=$(OUT_D)
-LIB_D=$(OUT_D)
-
-# INCL_D - local library directory
-# OBJ_D  - temp object file directory
-OBJ_D=$(TMP_D)
-INCL_D=$(TMP_D)
-
-O_SSL=     $(LIB_D)\$(SSL).dll
-O_CRYPTO=  $(LIB_D)\$(CRYPTO).dll
-O_RSAGLUE= $(LIB_D)\$(RSAGLUE).lib
-SO_SSL=    $(SSL)
-SO_CRYPTO= $(CRYPTO)
-L_SSL=     $(LIB_D)\$(SSL).lib
-L_CRYPTO=  $(LIB_D)\$(CRYPTO).lib
-
-L_LIBS= $(L_SSL) $(L_CRYPTO)
-#L_LIBS= $(O_SSL) $(O_RSAGLUE) -lrsaref $(O_CRYPTO)
-
-######################################################
-# Don't touch anything below this point
-######################################################
-
-INC=-I$(INC_D) -I$(INCL_D)
-APP_CFLAGS=$(INC) $(CFLAG) $(APP_CFLAG)
-LIB_CFLAGS=$(INC) $(CFLAG) $(LIB_CFLAG)
-SHLIB_CFLAGS=$(INC) $(CFLAG) $(LIB_CFLAG) $(SHLIB_CFLAG)
-LIBS_DEP=$(O_CRYPTO) $(O_RSAGLUE) $(O_SSL)
-
-#############################################
-HEADER=$(INCL_D)\cryptlib.h \
-	$(INCL_D)\date.h $(INCL_D)\md5_locl.h $(INCL_D)\sha_locl.h \
-	$(INCL_D)\rmd_locl.h $(INCL_D)\rmdconst.h $(INCL_D)\des_locl.h \
-	$(INCL_D)\rpc_des.h $(INCL_D)\podd.h $(INCL_D)\sk.h \
-	$(INCL_D)\spr.h $(INCL_D)\des_ver.h $(INCL_D)\rc2_locl.h \
-	$(INCL_D)\rc4_locl.h $(INCL_D)\rc5_locl.h $(INCL_D)\idea_lcl.h \
-	$(INCL_D)\bf_pi.h $(INCL_D)\bf_locl.h $(INCL_D)\cast_s.h \
-	$(INCL_D)\cast_lcl.h $(INCL_D)\bn_lcl.h $(INCL_D)\bn_prime.h \
-	$(INCL_D)\obj_dat.h $(INCL_D)\conf_lcl.h $(INCL_D)\ssl_locl.h \
-	$(INCL_D)\rsaref.h $(INCL_D)\apps.h $(INCL_D)\progs.h \
-	$(INCL_D)\s_apps.h $(INCL_D)\testdsa.h $(INCL_D)\testrsa.h
-
-EXHEADER=$(INC_D)\e_os.h \
-	$(INC_D)\crypto.h $(INC_D)\cryptall.h $(INC_D)\md2.h \
-	$(INC_D)\md5.h $(INC_D)\sha.h $(INC_D)\mdc2.h \
-	$(INC_D)\hmac.h $(INC_D)\ripemd.h $(INC_D)\des.h \
-	$(INC_D)\rc2.h $(INC_D)\rc4.h $(INC_D)\rc5.h \
-	$(INC_D)\idea.h $(INC_D)\blowfish.h $(INC_D)\cast.h \
-	$(INC_D)\bn.h $(INC_D)\rsa.h $(INC_D)\dsa.h \
-	$(INC_D)\dh.h $(INC_D)\buffer.h $(INC_D)\bio.h \
-	$(INC_D)\bss_file.c $(INC_D)\stack.h $(INC_D)\lhash.h \
-	$(INC_D)\rand.h $(INC_D)\err.h $(INC_D)\objects.h \
-	$(INC_D)\evp.h $(INC_D)\pem.h $(INC_D)\asn1.h \
-	$(INC_D)\asn1_mac.h $(INC_D)\x509.h $(INC_D)\x509_vfy.h \
-	$(INC_D)\conf.h $(INC_D)\txt_db.h $(INC_D)\pkcs7.h \
-	$(INC_D)\ssl.h $(INC_D)\ssl2.h $(INC_D)\ssl3.h \
-	$(INC_D)\ssl23.h $(INC_D)\tls1.h
-
-T_OBJ=$(OBJ_D)\md2test.obj \
-	$(OBJ_D)\md5test.obj $(OBJ_D)\shatest.obj $(OBJ_D)\sha1test.obj \
-	$(OBJ_D)\mdc2test.obj $(OBJ_D)\hmactest.obj $(OBJ_D)\rmdtest.obj \
-	$(OBJ_D)\destest.obj $(OBJ_D)\rc2test.obj $(OBJ_D)\rc4test.obj \
-	$(OBJ_D)\rc5test.obj $(OBJ_D)\ideatest.obj $(OBJ_D)\bftest.obj \
-	$(OBJ_D)\casttest.obj $(OBJ_D)\bntest.obj $(OBJ_D)\exptest.obj \
-	$(OBJ_D)\dsatest.obj $(OBJ_D)\dhtest.obj $(OBJ_D)\randtest.obj \
-	$(OBJ_D)\ssltest.obj
-
-E_OBJ=$(OBJ_D)\verify.obj \
-	$(OBJ_D)\asn1pars.obj $(OBJ_D)\req.obj $(OBJ_D)\dgst.obj \
-	$(OBJ_D)\dh.obj $(OBJ_D)\enc.obj $(OBJ_D)\gendh.obj \
-	$(OBJ_D)\errstr.obj $(OBJ_D)\ca.obj $(OBJ_D)\pkcs7.obj \
-	$(OBJ_D)\crl2p7.obj $(OBJ_D)\crl.obj $(OBJ_D)\rsa.obj \
-	$(OBJ_D)\dsa.obj $(OBJ_D)\dsaparam.obj $(OBJ_D)\x509.obj \
-	$(OBJ_D)\genrsa.obj $(OBJ_D)\s_server.obj $(OBJ_D)\s_client.obj \
-	$(OBJ_D)\speed.obj $(OBJ_D)\s_time.obj $(OBJ_D)\apps.obj \
-	$(OBJ_D)\s_cb.obj $(OBJ_D)\s_socket.obj $(OBJ_D)\version.obj \
-	$(OBJ_D)\sess_id.obj $(OBJ_D)\ciphers.obj $(OBJ_D)\ssleay.obj
-
-CRYPTOOBJ=$(OBJ_D)\cryptlib.obj \
-	$(OBJ_D)\mem.obj $(OBJ_D)\cversion.obj $(OBJ_D)\ex_data.obj \
-	$(OBJ_D)\cpt_err.obj $(OBJ_D)\md2_dgst.obj $(OBJ_D)\md2_one.obj \
-	$(OBJ_D)\md5_dgst.obj $(OBJ_D)\md5_one.obj $(OBJ_D)\sha_dgst.obj \
-	$(OBJ_D)\sha1dgst.obj $(OBJ_D)\sha_one.obj $(OBJ_D)\sha1_one.obj \
-	$(OBJ_D)\mdc2dgst.obj $(OBJ_D)\mdc2_one.obj $(OBJ_D)\hmac.obj \
-	$(OBJ_D)\rmd_dgst.obj $(OBJ_D)\rmd_one.obj $(OBJ_D)\set_key.obj \
-	$(OBJ_D)\ecb_enc.obj $(OBJ_D)\cbc_enc.obj $(OBJ_D)\ecb3_enc.obj \
-	$(OBJ_D)\cfb64enc.obj $(OBJ_D)\cfb64ede.obj $(OBJ_D)\cfb_enc.obj \
-	$(OBJ_D)\ofb64ede.obj $(OBJ_D)\enc_read.obj $(OBJ_D)\enc_writ.obj \
-	$(OBJ_D)\ofb64enc.obj $(OBJ_D)\ofb_enc.obj $(OBJ_D)\str2key.obj \
-	$(OBJ_D)\pcbc_enc.obj $(OBJ_D)\qud_cksm.obj $(OBJ_D)\rand_key.obj \
-	$(OBJ_D)\des_enc.obj $(OBJ_D)\fcrypt_b.obj $(OBJ_D)\read2pwd.obj \
-	$(OBJ_D)\fcrypt.obj $(OBJ_D)\xcbc_enc.obj $(OBJ_D)\read_pwd.obj \
-	$(OBJ_D)\rpc_enc.obj $(OBJ_D)\cbc_cksm.obj $(OBJ_D)\supp.obj \
-	$(OBJ_D)\rc2_ecb.obj $(OBJ_D)\rc2_skey.obj $(OBJ_D)\rc2_cbc.obj \
-	$(OBJ_D)\rc2cfb64.obj $(OBJ_D)\rc2ofb64.obj $(OBJ_D)\rc4_skey.obj \
-	$(OBJ_D)\rc4_enc.obj $(OBJ_D)\rc5_skey.obj $(OBJ_D)\rc5_ecb.obj \
-	$(OBJ_D)\rc5_enc.obj $(OBJ_D)\rc5cfb64.obj $(OBJ_D)\rc5ofb64.obj \
-	$(OBJ_D)\i_cbc.obj $(OBJ_D)\i_cfb64.obj $(OBJ_D)\i_ofb64.obj \
-	$(OBJ_D)\i_ecb.obj $(OBJ_D)\i_skey.obj $(OBJ_D)\bf_skey.obj \
-	$(OBJ_D)\bf_ecb.obj $(OBJ_D)\bf_enc.obj $(OBJ_D)\bf_cfb64.obj \
-	$(OBJ_D)\bf_ofb64.obj $(OBJ_D)\c_skey.obj $(OBJ_D)\c_ecb.obj \
-	$(OBJ_D)\c_enc.obj $(OBJ_D)\c_cfb64.obj $(OBJ_D)\c_ofb64.obj \
-	$(OBJ_D)\bn_add.obj $(OBJ_D)\bn_div.obj $(OBJ_D)\bn_exp.obj \
-	$(OBJ_D)\bn_lib.obj $(OBJ_D)\bn_mod.obj $(OBJ_D)\bn_mul.obj \
-	$(OBJ_D)\bn_print.obj $(OBJ_D)\bn_rand.obj $(OBJ_D)\bn_shift.obj \
-	$(OBJ_D)\bn_sub.obj $(OBJ_D)\bn_word.obj $(OBJ_D)\bn_blind.obj \
-	$(OBJ_D)\bn_gcd.obj $(OBJ_D)\bn_prime.obj $(OBJ_D)\bn_err.obj \
-	$(OBJ_D)\bn_sqr.obj $(BN_MULW_OBJ) $(OBJ_D)\bn_recp.obj \
-	$(OBJ_D)\bn_mont.obj $(OBJ_D)\bn_mpi.obj $(OBJ_D)\rsa_eay.obj \
-	$(OBJ_D)\rsa_gen.obj $(OBJ_D)\rsa_lib.obj $(OBJ_D)\rsa_sign.obj \
-	$(OBJ_D)\rsa_saos.obj $(OBJ_D)\rsa_err.obj $(OBJ_D)\rsa_pk1.obj \
-	$(OBJ_D)\rsa_ssl.obj $(OBJ_D)\rsa_none.obj $(OBJ_D)\dsa_gen.obj \
-	$(OBJ_D)\dsa_key.obj $(OBJ_D)\dsa_lib.obj $(OBJ_D)\dsa_vrf.obj \
-	$(OBJ_D)\dsa_sign.obj $(OBJ_D)\dsa_err.obj $(OBJ_D)\dh_gen.obj \
-	$(OBJ_D)\dh_key.obj $(OBJ_D)\dh_lib.obj $(OBJ_D)\dh_check.obj \
-	$(OBJ_D)\dh_err.obj $(OBJ_D)\buffer.obj $(OBJ_D)\buf_err.obj \
-	$(OBJ_D)\bio_lib.obj $(OBJ_D)\bio_cb.obj $(OBJ_D)\bio_err.obj \
-	$(OBJ_D)\bss_mem.obj $(OBJ_D)\bss_null.obj $(OBJ_D)\bss_fd.obj \
-	$(OBJ_D)\bss_file.obj $(OBJ_D)\bss_sock.obj $(OBJ_D)\bss_conn.obj \
-	$(OBJ_D)\bf_null.obj $(OBJ_D)\bf_buff.obj $(OBJ_D)\b_print.obj \
-	$(OBJ_D)\b_dump.obj $(OBJ_D)\b_sock.obj $(OBJ_D)\bss_acpt.obj \
-	$(OBJ_D)\bf_nbio.obj $(OBJ_D)\stack.obj $(OBJ_D)\lhash.obj \
-	$(OBJ_D)\lh_stats.obj $(OBJ_D)\md_rand.obj $(OBJ_D)\randfile.obj \
-	$(OBJ_D)\err.obj $(OBJ_D)\err_all.obj $(OBJ_D)\err_prn.obj \
-	$(OBJ_D)\obj_dat.obj $(OBJ_D)\obj_lib.obj $(OBJ_D)\obj_err.obj \
-	$(OBJ_D)\encode.obj $(OBJ_D)\digest.obj $(OBJ_D)\evp_enc.obj \
-	$(OBJ_D)\evp_key.obj $(OBJ_D)\e_ecb_d.obj $(OBJ_D)\e_cbc_d.obj \
-	$(OBJ_D)\e_cfb_d.obj $(OBJ_D)\e_ofb_d.obj $(OBJ_D)\e_ecb_i.obj \
-	$(OBJ_D)\e_cbc_i.obj $(OBJ_D)\e_cfb_i.obj $(OBJ_D)\e_ofb_i.obj \
-	$(OBJ_D)\e_ecb_3d.obj $(OBJ_D)\e_cbc_3d.obj $(OBJ_D)\e_rc4.obj \
-	$(OBJ_D)\names.obj $(OBJ_D)\e_cfb_3d.obj $(OBJ_D)\e_ofb_3d.obj \
-	$(OBJ_D)\e_xcbc_d.obj $(OBJ_D)\e_ecb_r2.obj $(OBJ_D)\e_cbc_r2.obj \
-	$(OBJ_D)\e_cfb_r2.obj $(OBJ_D)\e_ofb_r2.obj $(OBJ_D)\e_ecb_bf.obj \
-	$(OBJ_D)\e_cbc_bf.obj $(OBJ_D)\e_cfb_bf.obj $(OBJ_D)\e_ofb_bf.obj \
-	$(OBJ_D)\e_ecb_c.obj $(OBJ_D)\e_cbc_c.obj $(OBJ_D)\e_cfb_c.obj \
-	$(OBJ_D)\e_ofb_c.obj $(OBJ_D)\e_ecb_r5.obj $(OBJ_D)\e_cbc_r5.obj \
-	$(OBJ_D)\e_cfb_r5.obj $(OBJ_D)\e_ofb_r5.obj $(OBJ_D)\m_null.obj \
-	$(OBJ_D)\m_md2.obj $(OBJ_D)\m_md5.obj $(OBJ_D)\m_sha.obj \
-	$(OBJ_D)\m_sha1.obj $(OBJ_D)\m_dss.obj $(OBJ_D)\m_dss1.obj \
-	$(OBJ_D)\m_mdc2.obj $(OBJ_D)\m_ripemd.obj $(OBJ_D)\p_open.obj \
-	$(OBJ_D)\p_seal.obj $(OBJ_D)\p_sign.obj $(OBJ_D)\p_verify.obj \
-	$(OBJ_D)\p_lib.obj $(OBJ_D)\p_enc.obj $(OBJ_D)\p_dec.obj \
-	$(OBJ_D)\bio_md.obj $(OBJ_D)\bio_b64.obj $(OBJ_D)\bio_enc.obj \
-	$(OBJ_D)\evp_err.obj $(OBJ_D)\e_null.obj $(OBJ_D)\c_all.obj \
-	$(OBJ_D)\evp_lib.obj $(OBJ_D)\pem_sign.obj $(OBJ_D)\pem_seal.obj \
-	$(OBJ_D)\pem_info.obj $(OBJ_D)\pem_lib.obj $(OBJ_D)\pem_all.obj \
-	$(OBJ_D)\pem_err.obj $(OBJ_D)\a_object.obj $(OBJ_D)\a_bitstr.obj \
-	$(OBJ_D)\a_utctm.obj $(OBJ_D)\a_int.obj $(OBJ_D)\a_octet.obj \
-	$(OBJ_D)\a_print.obj $(OBJ_D)\a_type.obj $(OBJ_D)\a_set.obj \
-	$(OBJ_D)\a_dup.obj $(OBJ_D)\a_d2i_fp.obj $(OBJ_D)\a_i2d_fp.obj \
-	$(OBJ_D)\a_sign.obj $(OBJ_D)\a_digest.obj $(OBJ_D)\a_verify.obj \
-	$(OBJ_D)\x_algor.obj $(OBJ_D)\x_val.obj $(OBJ_D)\x_pubkey.obj \
-	$(OBJ_D)\x_sig.obj $(OBJ_D)\x_req.obj $(OBJ_D)\x_attrib.obj \
-	$(OBJ_D)\x_name.obj $(OBJ_D)\x_cinf.obj $(OBJ_D)\x_x509.obj \
-	$(OBJ_D)\x_crl.obj $(OBJ_D)\x_info.obj $(OBJ_D)\x_spki.obj \
-	$(OBJ_D)\d2i_r_pr.obj $(OBJ_D)\i2d_r_pr.obj $(OBJ_D)\d2i_r_pu.obj \
-	$(OBJ_D)\i2d_r_pu.obj $(OBJ_D)\d2i_s_pr.obj $(OBJ_D)\i2d_s_pr.obj \
-	$(OBJ_D)\d2i_s_pu.obj $(OBJ_D)\i2d_s_pu.obj $(OBJ_D)\d2i_pu.obj \
-	$(OBJ_D)\d2i_pr.obj $(OBJ_D)\i2d_pu.obj $(OBJ_D)\i2d_pr.obj \
-	$(OBJ_D)\t_req.obj $(OBJ_D)\t_x509.obj $(OBJ_D)\t_pkey.obj \
-	$(OBJ_D)\p7_i_s.obj $(OBJ_D)\p7_signi.obj $(OBJ_D)\p7_signd.obj \
-	$(OBJ_D)\p7_recip.obj $(OBJ_D)\p7_enc_c.obj $(OBJ_D)\p7_evp.obj \
-	$(OBJ_D)\p7_dgst.obj $(OBJ_D)\p7_s_e.obj $(OBJ_D)\p7_enc.obj \
-	$(OBJ_D)\p7_lib.obj $(OBJ_D)\f_int.obj $(OBJ_D)\f_string.obj \
-	$(OBJ_D)\i2d_dhp.obj $(OBJ_D)\i2d_dsap.obj $(OBJ_D)\d2i_dhp.obj \
-	$(OBJ_D)\d2i_dsap.obj $(OBJ_D)\n_pkey.obj $(OBJ_D)\a_hdr.obj \
-	$(OBJ_D)\x_pkey.obj $(OBJ_D)\a_bool.obj $(OBJ_D)\x_exten.obj \
-	$(OBJ_D)\asn1_par.obj $(OBJ_D)\asn1_lib.obj $(OBJ_D)\asn1_err.obj \
-	$(OBJ_D)\a_meth.obj $(OBJ_D)\a_bytes.obj $(OBJ_D)\evp_asn1.obj \
-	$(OBJ_D)\x509_def.obj $(OBJ_D)\x509_d2.obj $(OBJ_D)\x509_r2x.obj \
-	$(OBJ_D)\x509_cmp.obj $(OBJ_D)\x509_obj.obj $(OBJ_D)\x509_req.obj \
-	$(OBJ_D)\x509_vfy.obj $(OBJ_D)\x509_set.obj $(OBJ_D)\x509rset.obj \
-	$(OBJ_D)\x509_err.obj $(OBJ_D)\x509name.obj $(OBJ_D)\x509_v3.obj \
-	$(OBJ_D)\x509_ext.obj $(OBJ_D)\x509pack.obj $(OBJ_D)\x509type.obj \
-	$(OBJ_D)\x509_lu.obj $(OBJ_D)\x_all.obj $(OBJ_D)\x509_txt.obj \
-	$(OBJ_D)\by_file.obj $(OBJ_D)\by_dir.obj $(OBJ_D)\v3_net.obj \
-	$(OBJ_D)\v3_x509.obj $(OBJ_D)\conf.obj $(OBJ_D)\conf_err.obj \
-	$(OBJ_D)\txt_db.obj $(OBJ_D)\pk7_lib.obj $(OBJ_D)\pkcs7err.obj \
-	$(OBJ_D)\pk7_doit.obj
-
-SSLOBJ=$(OBJ_D)\s2_meth.obj \
-	$(OBJ_D)\s2_srvr.obj $(OBJ_D)\s2_clnt.obj $(OBJ_D)\s2_lib.obj \
-	$(OBJ_D)\s2_enc.obj $(OBJ_D)\s2_pkt.obj $(OBJ_D)\s3_meth.obj \
-	$(OBJ_D)\s3_srvr.obj $(OBJ_D)\s3_clnt.obj $(OBJ_D)\s3_lib.obj \
-	$(OBJ_D)\s3_enc.obj $(OBJ_D)\s3_pkt.obj $(OBJ_D)\s3_both.obj \
-	$(OBJ_D)\s23_meth.obj $(OBJ_D)\s23_srvr.obj $(OBJ_D)\s23_clnt.obj \
-	$(OBJ_D)\s23_lib.obj $(OBJ_D)\s23_pkt.obj $(OBJ_D)\t1_meth.obj \
-	$(OBJ_D)\t1_srvr.obj $(OBJ_D)\t1_clnt.obj $(OBJ_D)\t1_lib.obj \
-	$(OBJ_D)\t1_enc.obj $(OBJ_D)\ssl_lib.obj $(OBJ_D)\ssl_err2.obj \
-	$(OBJ_D)\ssl_cert.obj $(OBJ_D)\ssl_sess.obj $(OBJ_D)\ssl_ciph.obj \
-	$(OBJ_D)\ssl_stat.obj $(OBJ_D)\ssl_rsa.obj $(OBJ_D)\ssl_asn1.obj \
-	$(OBJ_D)\ssl_txt.obj $(OBJ_D)\ssl_algs.obj $(OBJ_D)\bio_ssl.obj \
-	$(OBJ_D)\ssl_err.obj
-
-RSAGLUEOBJ=$(OBJ_D)\rsaref.obj \
-	$(OBJ_D)\rsar_err.obj
-
-T_EXE=$(TEST_D)\md2test.exe \
-	$(TEST_D)\md5test.exe $(TEST_D)\shatest.exe $(TEST_D)\sha1test.exe \
-	$(TEST_D)\mdc2test.exe $(TEST_D)\hmactest.exe $(TEST_D)\rmdtest.exe \
-	$(TEST_D)\destest.exe $(TEST_D)\rc2test.exe $(TEST_D)\rc4test.exe \
-	$(TEST_D)\rc5test.exe $(TEST_D)\ideatest.exe $(TEST_D)\bftest.exe \
-	$(TEST_D)\casttest.exe $(TEST_D)\bntest.exe $(TEST_D)\exptest.exe \
-	$(TEST_D)\dsatest.exe $(TEST_D)\dhtest.exe $(TEST_D)\randtest.exe \
-	$(TEST_D)\ssltest.exe
-
-###################################################################
-all: banner $(TMP_D) $(BIN_D) $(TEST_D) $(LIB_D) $(INC_D) headers lib exe
-
-banner:
-	@echo Make sure you have run 'perl Configure VC-WIN16' in the
-	@echo top level directory, if you don't have perl, you will
-	@echo need to probably edit crypto/bn/bn.h, check the
-	@echo documentation for details.
-
-
-$(TMP_D):
-	$(MKDIR) $(TMP_D)
-
-$(BIN_D):
-	$(MKDIR) $(BIN_D)
-
-$(TEST_D):
-	$(MKDIR) $(TEST_D)
-
-$(LIB_D):
-	$(MKDIR) $(LIB_D)
-
-$(INC_D):
-	$(MKDIR) $(INC_D)
-
-headers: $(HEADER) $(EXHEADER)
-
-lib: $(LIBS_DEP)
-
-exe: $(T_EXE) $(BIN_D)\$(E_EXE).exe
-
-install:
-	$(MKDIR) $(INSTALLTOP)
-	$(MKDIR) $(INSTALLTOP)\bin
-	$(MKDIR) $(INSTALLTOP)\include
-	$(MKDIR) $(INSTALLTOP)\lib
-	$(CP) $(INC_D)\*.[ch] $(INSTALLTOP)\include
-	$(CP) $(BIN_D)\$(E_EXE).exe $(INSTALLTOP)\bin
-	$(CP) $(O_SSL) $(INSTALLTOP)\lib
-	$(CP) $(O_CRYPTO) $(INSTALLTOP)\lib
-
-clean:
-	$(RM) $(TMP_D)\*.*
-
-vclean:
-	$(RM) $(TMP_D)\*.*
-	$(RM) $(OUT_D)\*.*
-
-$(INCL_D)\cryptlib.h: $(SRC_D)\crypto\cryptlib.h
-	$(CP) $(SRC_D)\crypto\cryptlib.h $(INCL_D)\cryptlib.h
-
-$(INCL_D)\date.h: $(SRC_D)\crypto\date.h
-	$(CP) $(SRC_D)\crypto\date.h $(INCL_D)\date.h
-
-$(INCL_D)\md5_locl.h: $(SRC_D)\crypto\md5\md5_locl.h
-	$(CP) $(SRC_D)\crypto\md5\md5_locl.h $(INCL_D)\md5_locl.h
-
-$(INCL_D)\sha_locl.h: $(SRC_D)\crypto\sha\sha_locl.h
-	$(CP) $(SRC_D)\crypto\sha\sha_locl.h $(INCL_D)\sha_locl.h
-
-$(INCL_D)\rmd_locl.h: $(SRC_D)\crypto\ripemd\rmd_locl.h
-	$(CP) $(SRC_D)\crypto\ripemd\rmd_locl.h $(INCL_D)\rmd_locl.h
-
-$(INCL_D)\rmdconst.h: $(SRC_D)\crypto\ripemd\rmdconst.h
-	$(CP) $(SRC_D)\crypto\ripemd\rmdconst.h $(INCL_D)\rmdconst.h
-
-$(INCL_D)\des_locl.h: $(SRC_D)\crypto\des\des_locl.h
-	$(CP) $(SRC_D)\crypto\des\des_locl.h $(INCL_D)\des_locl.h
-
-$(INCL_D)\rpc_des.h: $(SRC_D)\crypto\des\rpc_des.h
-	$(CP) $(SRC_D)\crypto\des\rpc_des.h $(INCL_D)\rpc_des.h
-
-$(INCL_D)\podd.h: $(SRC_D)\crypto\des\podd.h
-	$(CP) $(SRC_D)\crypto\des\podd.h $(INCL_D)\podd.h
-
-$(INCL_D)\sk.h: $(SRC_D)\crypto\des\sk.h
-	$(CP) $(SRC_D)\crypto\des\sk.h $(INCL_D)\sk.h
-
-$(INCL_D)\spr.h: $(SRC_D)\crypto\des\spr.h
-	$(CP) $(SRC_D)\crypto\des\spr.h $(INCL_D)\spr.h
-
-$(INCL_D)\des_ver.h: $(SRC_D)\crypto\des\des_ver.h
-	$(CP) $(SRC_D)\crypto\des\des_ver.h $(INCL_D)\des_ver.h
-
-$(INCL_D)\rc2_locl.h: $(SRC_D)\crypto\rc2\rc2_locl.h
-	$(CP) $(SRC_D)\crypto\rc2\rc2_locl.h $(INCL_D)\rc2_locl.h
-
-$(INCL_D)\rc4_locl.h: $(SRC_D)\crypto\rc4\rc4_locl.h
-	$(CP) $(SRC_D)\crypto\rc4\rc4_locl.h $(INCL_D)\rc4_locl.h
-
-$(INCL_D)\rc5_locl.h: $(SRC_D)\crypto\rc5\rc5_locl.h
-	$(CP) $(SRC_D)\crypto\rc5\rc5_locl.h $(INCL_D)\rc5_locl.h
-
-$(INCL_D)\idea_lcl.h: $(SRC_D)\crypto\idea\idea_lcl.h
-	$(CP) $(SRC_D)\crypto\idea\idea_lcl.h $(INCL_D)\idea_lcl.h
-
-$(INCL_D)\bf_pi.h: $(SRC_D)\crypto\bf\bf_pi.h
-	$(CP) $(SRC_D)\crypto\bf\bf_pi.h $(INCL_D)\bf_pi.h
-
-$(INCL_D)\bf_locl.h: $(SRC_D)\crypto\bf\bf_locl.h
-	$(CP) $(SRC_D)\crypto\bf\bf_locl.h $(INCL_D)\bf_locl.h
-
-$(INCL_D)\cast_s.h: $(SRC_D)\crypto\cast\cast_s.h
-	$(CP) $(SRC_D)\crypto\cast\cast_s.h $(INCL_D)\cast_s.h
-
-$(INCL_D)\cast_lcl.h: $(SRC_D)\crypto\cast\cast_lcl.h
-	$(CP) $(SRC_D)\crypto\cast\cast_lcl.h $(INCL_D)\cast_lcl.h
-
-$(INCL_D)\bn_lcl.h: $(SRC_D)\crypto\bn\bn_lcl.h
-	$(CP) $(SRC_D)\crypto\bn\bn_lcl.h $(INCL_D)\bn_lcl.h
-
-$(INCL_D)\bn_prime.h: $(SRC_D)\crypto\bn\bn_prime.h
-	$(CP) $(SRC_D)\crypto\bn\bn_prime.h $(INCL_D)\bn_prime.h
-
-$(INCL_D)\obj_dat.h: $(SRC_D)\crypto\objects\obj_dat.h
-	$(CP) $(SRC_D)\crypto\objects\obj_dat.h $(INCL_D)\obj_dat.h
-
-$(INCL_D)\conf_lcl.h: $(SRC_D)\crypto\conf\conf_lcl.h
-	$(CP) $(SRC_D)\crypto\conf\conf_lcl.h $(INCL_D)\conf_lcl.h
-
-$(INCL_D)\ssl_locl.h: $(SRC_D)\ssl\ssl_locl.h
-	$(CP) $(SRC_D)\ssl\ssl_locl.h $(INCL_D)\ssl_locl.h
-
-$(INCL_D)\rsaref.h: $(SRC_D)\rsaref\rsaref.h
-	$(CP) $(SRC_D)\rsaref\rsaref.h $(INCL_D)\rsaref.h
-
-$(INCL_D)\apps.h: $(SRC_D)\apps\apps.h
-	$(CP) $(SRC_D)\apps\apps.h $(INCL_D)\apps.h
-
-$(INCL_D)\progs.h: $(SRC_D)\apps\progs.h
-	$(CP) $(SRC_D)\apps\progs.h $(INCL_D)\progs.h
-
-$(INCL_D)\s_apps.h: $(SRC_D)\apps\s_apps.h
-	$(CP) $(SRC_D)\apps\s_apps.h $(INCL_D)\s_apps.h
-
-$(INCL_D)\testdsa.h: $(SRC_D)\apps\testdsa.h
-	$(CP) $(SRC_D)\apps\testdsa.h $(INCL_D)\testdsa.h
-
-$(INCL_D)\testrsa.h: $(SRC_D)\apps\testrsa.h
-	$(CP) $(SRC_D)\apps\testrsa.h $(INCL_D)\testrsa.h
-
-$(INC_D)\e_os.h: $(SRC_D)\.\e_os.h
-	$(CP) $(SRC_D)\.\e_os.h $(INC_D)\e_os.h
-
-$(INC_D)\crypto.h: $(SRC_D)\crypto\crypto.h
-	$(CP) $(SRC_D)\crypto\crypto.h $(INC_D)\crypto.h
-
-$(INC_D)\cryptall.h: $(SRC_D)\crypto\cryptall.h
-	$(CP) $(SRC_D)\crypto\cryptall.h $(INC_D)\cryptall.h
-
-$(INC_D)\md2.h: $(SRC_D)\crypto\md2\md2.h
-	$(CP) $(SRC_D)\crypto\md2\md2.h $(INC_D)\md2.h
-
-$(INC_D)\md5.h: $(SRC_D)\crypto\md5\md5.h
-	$(CP) $(SRC_D)\crypto\md5\md5.h $(INC_D)\md5.h
-
-$(INC_D)\sha.h: $(SRC_D)\crypto\sha\sha.h
-	$(CP) $(SRC_D)\crypto\sha\sha.h $(INC_D)\sha.h
-
-$(INC_D)\mdc2.h: $(SRC_D)\crypto\mdc2\mdc2.h
-	$(CP) $(SRC_D)\crypto\mdc2\mdc2.h $(INC_D)\mdc2.h
-
-$(INC_D)\hmac.h: $(SRC_D)\crypto\hmac\hmac.h
-	$(CP) $(SRC_D)\crypto\hmac\hmac.h $(INC_D)\hmac.h
-
-$(INC_D)\ripemd.h: $(SRC_D)\crypto\ripemd\ripemd.h
-	$(CP) $(SRC_D)\crypto\ripemd\ripemd.h $(INC_D)\ripemd.h
-
-$(INC_D)\des.h: $(SRC_D)\crypto\des\des.h
-	$(CP) $(SRC_D)\crypto\des\des.h $(INC_D)\des.h
-
-$(INC_D)\rc2.h: $(SRC_D)\crypto\rc2\rc2.h
-	$(CP) $(SRC_D)\crypto\rc2\rc2.h $(INC_D)\rc2.h
-
-$(INC_D)\rc4.h: $(SRC_D)\crypto\rc4\rc4.h
-	$(CP) $(SRC_D)\crypto\rc4\rc4.h $(INC_D)\rc4.h
-
-$(INC_D)\rc5.h: $(SRC_D)\crypto\rc5\rc5.h
-	$(CP) $(SRC_D)\crypto\rc5\rc5.h $(INC_D)\rc5.h
-
-$(INC_D)\idea.h: $(SRC_D)\crypto\idea\idea.h
-	$(CP) $(SRC_D)\crypto\idea\idea.h $(INC_D)\idea.h
-
-$(INC_D)\blowfish.h: $(SRC_D)\crypto\bf\blowfish.h
-	$(CP) $(SRC_D)\crypto\bf\blowfish.h $(INC_D)\blowfish.h
-
-$(INC_D)\cast.h: $(SRC_D)\crypto\cast\cast.h
-	$(CP) $(SRC_D)\crypto\cast\cast.h $(INC_D)\cast.h
-
-$(INC_D)\bn.h: $(SRC_D)\crypto\bn\bn.h
-	$(CP) $(SRC_D)\crypto\bn\bn.h $(INC_D)\bn.h
-
-$(INC_D)\rsa.h: $(SRC_D)\crypto\rsa\rsa.h
-	$(CP) $(SRC_D)\crypto\rsa\rsa.h $(INC_D)\rsa.h
-
-$(INC_D)\dsa.h: $(SRC_D)\crypto\dsa\dsa.h
-	$(CP) $(SRC_D)\crypto\dsa\dsa.h $(INC_D)\dsa.h
-
-$(INC_D)\dh.h: $(SRC_D)\crypto\dh\dh.h
-	$(CP) $(SRC_D)\crypto\dh\dh.h $(INC_D)\dh.h
-
-$(INC_D)\buffer.h: $(SRC_D)\crypto\buffer\buffer.h
-	$(CP) $(SRC_D)\crypto\buffer\buffer.h $(INC_D)\buffer.h
-
-$(INC_D)\bio.h: $(SRC_D)\crypto\bio\bio.h
-	$(CP) $(SRC_D)\crypto\bio\bio.h $(INC_D)\bio.h
-
-$(INC_D)\bss_file.c: $(SRC_D)\crypto\bio\bss_file.c
-	$(CP) $(SRC_D)\crypto\bio\bss_file.c $(INC_D)\bss_file.c
-
-$(INC_D)\stack.h: $(SRC_D)\crypto\stack\stack.h
-	$(CP) $(SRC_D)\crypto\stack\stack.h $(INC_D)\stack.h
-
-$(INC_D)\lhash.h: $(SRC_D)\crypto\lhash\lhash.h
-	$(CP) $(SRC_D)\crypto\lhash\lhash.h $(INC_D)\lhash.h
-
-$(INC_D)\rand.h: $(SRC_D)\crypto\rand\rand.h
-	$(CP) $(SRC_D)\crypto\rand\rand.h $(INC_D)\rand.h
-
-$(INC_D)\err.h: $(SRC_D)\crypto\err\err.h
-	$(CP) $(SRC_D)\crypto\err\err.h $(INC_D)\err.h
-
-$(INC_D)\objects.h: $(SRC_D)\crypto\objects\objects.h
-	$(CP) $(SRC_D)\crypto\objects\objects.h $(INC_D)\objects.h
-
-$(INC_D)\evp.h: $(SRC_D)\crypto\evp\evp.h
-	$(CP) $(SRC_D)\crypto\evp\evp.h $(INC_D)\evp.h
-
-$(INC_D)\pem.h: $(SRC_D)\crypto\pem\pem.h
-	$(CP) $(SRC_D)\crypto\pem\pem.h $(INC_D)\pem.h
-
-$(INC_D)\asn1.h: $(SRC_D)\crypto\asn1\asn1.h
-	$(CP) $(SRC_D)\crypto\asn1\asn1.h $(INC_D)\asn1.h
-
-$(INC_D)\asn1_mac.h: $(SRC_D)\crypto\asn1\asn1_mac.h
-	$(CP) $(SRC_D)\crypto\asn1\asn1_mac.h $(INC_D)\asn1_mac.h
-
-$(INC_D)\x509.h: $(SRC_D)\crypto\x509\x509.h
-	$(CP) $(SRC_D)\crypto\x509\x509.h $(INC_D)\x509.h
-
-$(INC_D)\x509_vfy.h: $(SRC_D)\crypto\x509\x509_vfy.h
-	$(CP) $(SRC_D)\crypto\x509\x509_vfy.h $(INC_D)\x509_vfy.h
-
-$(INC_D)\conf.h: $(SRC_D)\crypto\conf\conf.h
-	$(CP) $(SRC_D)\crypto\conf\conf.h $(INC_D)\conf.h
-
-$(INC_D)\txt_db.h: $(SRC_D)\crypto\txt_db\txt_db.h
-	$(CP) $(SRC_D)\crypto\txt_db\txt_db.h $(INC_D)\txt_db.h
-
-$(INC_D)\pkcs7.h: $(SRC_D)\crypto\pkcs7\pkcs7.h
-	$(CP) $(SRC_D)\crypto\pkcs7\pkcs7.h $(INC_D)\pkcs7.h
-
-$(INC_D)\ssl.h: $(SRC_D)\ssl\ssl.h
-	$(CP) $(SRC_D)\ssl\ssl.h $(INC_D)\ssl.h
-
-$(INC_D)\ssl2.h: $(SRC_D)\ssl\ssl2.h
-	$(CP) $(SRC_D)\ssl\ssl2.h $(INC_D)\ssl2.h
-
-$(INC_D)\ssl3.h: $(SRC_D)\ssl\ssl3.h
-	$(CP) $(SRC_D)\ssl\ssl3.h $(INC_D)\ssl3.h
-
-$(INC_D)\ssl23.h: $(SRC_D)\ssl\ssl23.h
-	$(CP) $(SRC_D)\ssl\ssl23.h $(INC_D)\ssl23.h
-
-$(INC_D)\tls1.h: $(SRC_D)\ssl\tls1.h
-	$(CP) $(SRC_D)\ssl\tls1.h $(INC_D)\tls1.h
-
-$(OBJ_D)\md2test.obj: $(SRC_D)\crypto\md2\md2test.c
-	$(CC) /Fo$(OBJ_D)\md2test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\md2\md2test.c
-
-$(OBJ_D)\md5test.obj: $(SRC_D)\crypto\md5\md5test.c
-	$(CC) /Fo$(OBJ_D)\md5test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\md5\md5test.c
-
-$(OBJ_D)\shatest.obj: $(SRC_D)\crypto\sha\shatest.c
-	$(CC) /Fo$(OBJ_D)\shatest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\sha\shatest.c
-
-$(OBJ_D)\sha1test.obj: $(SRC_D)\crypto\sha\sha1test.c
-	$(CC) /Fo$(OBJ_D)\sha1test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\sha\sha1test.c
-
-$(OBJ_D)\mdc2test.obj: $(SRC_D)\crypto\mdc2\mdc2test.c
-	$(CC) /Fo$(OBJ_D)\mdc2test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\mdc2\mdc2test.c
-
-$(OBJ_D)\hmactest.obj: $(SRC_D)\crypto\hmac\hmactest.c
-	$(CC) /Fo$(OBJ_D)\hmactest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\hmac\hmactest.c
-
-$(OBJ_D)\rmdtest.obj: $(SRC_D)\crypto\ripemd\rmdtest.c
-	$(CC) /Fo$(OBJ_D)\rmdtest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\ripemd\rmdtest.c
-
-$(OBJ_D)\destest.obj: $(SRC_D)\crypto\des\destest.c
-	$(CC) /Fo$(OBJ_D)\destest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\des\destest.c
-
-$(OBJ_D)\rc2test.obj: $(SRC_D)\crypto\rc2\rc2test.c
-	$(CC) /Fo$(OBJ_D)\rc2test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2test.c
-
-$(OBJ_D)\rc4test.obj: $(SRC_D)\crypto\rc4\rc4test.c
-	$(CC) /Fo$(OBJ_D)\rc4test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\rc4\rc4test.c
-
-$(OBJ_D)\rc5test.obj: $(SRC_D)\crypto\rc5\rc5test.c
-	$(CC) /Fo$(OBJ_D)\rc5test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\rc5\rc5test.c
-
-$(OBJ_D)\ideatest.obj: $(SRC_D)\crypto\idea\ideatest.c
-	$(CC) /Fo$(OBJ_D)\ideatest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\idea\ideatest.c
-
-$(OBJ_D)\bftest.obj: $(SRC_D)\crypto\bf\bftest.c
-	$(CC) /Fo$(OBJ_D)\bftest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\bf\bftest.c
-
-$(OBJ_D)\casttest.obj: $(SRC_D)\crypto\cast\casttest.c
-	$(CC) /Fo$(OBJ_D)\casttest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\cast\casttest.c
-
-$(OBJ_D)\bntest.obj: $(SRC_D)\crypto\bn\bntest.c
-	$(CC) /Fo$(OBJ_D)\bntest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\bn\bntest.c
-
-$(OBJ_D)\exptest.obj: $(SRC_D)\crypto\bn\exptest.c
-	$(CC) /Fo$(OBJ_D)\exptest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\bn\exptest.c
-
-$(OBJ_D)\dsatest.obj: $(SRC_D)\crypto\dsa\dsatest.c
-	$(CC) /Fo$(OBJ_D)\dsatest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\dsa\dsatest.c
-
-$(OBJ_D)\dhtest.obj: $(SRC_D)\crypto\dh\dhtest.c
-	$(CC) /Fo$(OBJ_D)\dhtest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\dh\dhtest.c
-
-$(OBJ_D)\randtest.obj: $(SRC_D)\crypto\rand\randtest.c
-	$(CC) /Fo$(OBJ_D)\randtest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\rand\randtest.c
-
-$(OBJ_D)\ssltest.obj: $(SRC_D)\ssl\ssltest.c
-	$(CC) /Fo$(OBJ_D)\ssltest.obj $(APP_CFLAGS) -c $(SRC_D)\ssl\ssltest.c
-
-$(OBJ_D)\verify.obj: $(SRC_D)\apps\verify.c
-	$(CC) /Fo$(OBJ_D)\verify.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\verify.c
-
-$(OBJ_D)\asn1pars.obj: $(SRC_D)\apps\asn1pars.c
-	$(CC) /Fo$(OBJ_D)\asn1pars.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\asn1pars.c
-
-$(OBJ_D)\req.obj: $(SRC_D)\apps\req.c
-	$(CC) /Fo$(OBJ_D)\req.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\req.c
-
-$(OBJ_D)\dgst.obj: $(SRC_D)\apps\dgst.c
-	$(CC) /Fo$(OBJ_D)\dgst.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\dgst.c
-
-$(OBJ_D)\dh.obj: $(SRC_D)\apps\dh.c
-	$(CC) /Fo$(OBJ_D)\dh.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\dh.c
-
-$(OBJ_D)\enc.obj: $(SRC_D)\apps\enc.c
-	$(CC) /Fo$(OBJ_D)\enc.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\enc.c
-
-$(OBJ_D)\gendh.obj: $(SRC_D)\apps\gendh.c
-	$(CC) /Fo$(OBJ_D)\gendh.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\gendh.c
-
-$(OBJ_D)\errstr.obj: $(SRC_D)\apps\errstr.c
-	$(CC) /Fo$(OBJ_D)\errstr.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\errstr.c
-
-$(OBJ_D)\ca.obj: $(SRC_D)\apps\ca.c
-	$(CC) /Fo$(OBJ_D)\ca.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\ca.c
-
-$(OBJ_D)\pkcs7.obj: $(SRC_D)\apps\pkcs7.c
-	$(CC) /Fo$(OBJ_D)\pkcs7.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\pkcs7.c
-
-$(OBJ_D)\crl2p7.obj: $(SRC_D)\apps\crl2p7.c
-	$(CC) /Fo$(OBJ_D)\crl2p7.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\crl2p7.c
-
-$(OBJ_D)\crl.obj: $(SRC_D)\apps\crl.c
-	$(CC) /Fo$(OBJ_D)\crl.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\crl.c
-
-$(OBJ_D)\rsa.obj: $(SRC_D)\apps\rsa.c
-	$(CC) /Fo$(OBJ_D)\rsa.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\rsa.c
-
-$(OBJ_D)\dsa.obj: $(SRC_D)\apps\dsa.c
-	$(CC) /Fo$(OBJ_D)\dsa.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\dsa.c
-
-$(OBJ_D)\dsaparam.obj: $(SRC_D)\apps\dsaparam.c
-	$(CC) /Fo$(OBJ_D)\dsaparam.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\dsaparam.c
-
-$(OBJ_D)\x509.obj: $(SRC_D)\apps\x509.c
-	$(CC) /Fo$(OBJ_D)\x509.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\x509.c
-
-$(OBJ_D)\genrsa.obj: $(SRC_D)\apps\genrsa.c
-	$(CC) /Fo$(OBJ_D)\genrsa.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\genrsa.c
-
-$(OBJ_D)\s_server.obj: $(SRC_D)\apps\s_server.c
-	$(CC) /Fo$(OBJ_D)\s_server.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\s_server.c
-
-$(OBJ_D)\s_client.obj: $(SRC_D)\apps\s_client.c
-	$(CC) /Fo$(OBJ_D)\s_client.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\s_client.c
-
-$(OBJ_D)\speed.obj: $(SRC_D)\apps\speed.c
-	$(CC) /Fo$(OBJ_D)\speed.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\speed.c
-
-$(OBJ_D)\s_time.obj: $(SRC_D)\apps\s_time.c
-	$(CC) /Fo$(OBJ_D)\s_time.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\s_time.c
-
-$(OBJ_D)\apps.obj: $(SRC_D)\apps\apps.c
-	$(CC) /Fo$(OBJ_D)\apps.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\apps.c
-
-$(OBJ_D)\s_cb.obj: $(SRC_D)\apps\s_cb.c
-	$(CC) /Fo$(OBJ_D)\s_cb.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\s_cb.c
-
-$(OBJ_D)\s_socket.obj: $(SRC_D)\apps\s_socket.c
-	$(CC) /Fo$(OBJ_D)\s_socket.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\s_socket.c
-
-$(OBJ_D)\version.obj: $(SRC_D)\apps\version.c
-	$(CC) /Fo$(OBJ_D)\version.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\version.c
-
-$(OBJ_D)\sess_id.obj: $(SRC_D)\apps\sess_id.c
-	$(CC) /Fo$(OBJ_D)\sess_id.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\sess_id.c
-
-$(OBJ_D)\ciphers.obj: $(SRC_D)\apps\ciphers.c
-	$(CC) /Fo$(OBJ_D)\ciphers.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\ciphers.c
-
-$(OBJ_D)\ssleay.obj: $(SRC_D)\apps\ssleay.c
-	$(CC) /Fo$(OBJ_D)\ssleay.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\ssleay.c
-
-crypto\bn\asm\x86w32.obj: crypto\bn\asm\x86w32.asm
-	$(ASM) /Focrypto\bn\asm\x86w32.obj $(SRC_D)\crypto\bn\asm\x86w32.asm
-
-$(OBJ_D)\cryptlib.obj: $(SRC_D)\crypto\cryptlib.c
-	$(CC) /Fo$(OBJ_D)\cryptlib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cryptlib.c
-
-$(OBJ_D)\mem.obj: $(SRC_D)\crypto\mem.c
-	$(CC) /Fo$(OBJ_D)\mem.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\mem.c
-
-$(OBJ_D)\cversion.obj: $(SRC_D)\crypto\cversion.c
-	$(CC) /Fo$(OBJ_D)\cversion.obj  $(SHLIB_CFLAGS) -DCFLAGS="\"$(CC) $(CFLAG)\"" -c $(SRC_D)\crypto\cversion.c
-
-$(OBJ_D)\ex_data.obj: $(SRC_D)\crypto\ex_data.c
-	$(CC) /Fo$(OBJ_D)\ex_data.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\ex_data.c
-
-$(OBJ_D)\cpt_err.obj: $(SRC_D)\crypto\cpt_err.c
-	$(CC) /Fo$(OBJ_D)\cpt_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cpt_err.c
-
-$(OBJ_D)\md2_dgst.obj: $(SRC_D)\crypto\md2\md2_dgst.c
-	$(CC) /Fo$(OBJ_D)\md2_dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\md2\md2_dgst.c
-
-$(OBJ_D)\md2_one.obj: $(SRC_D)\crypto\md2\md2_one.c
-	$(CC) /Fo$(OBJ_D)\md2_one.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\md2\md2_one.c
-
-$(OBJ_D)\md5_dgst.obj: $(SRC_D)\crypto\md5\md5_dgst.c
-	$(CC) /Fo$(OBJ_D)\md5_dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\md5\md5_dgst.c
-
-$(OBJ_D)\md5_one.obj: $(SRC_D)\crypto\md5\md5_one.c
-	$(CC) /Fo$(OBJ_D)\md5_one.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\md5\md5_one.c
-
-$(OBJ_D)\sha_dgst.obj: $(SRC_D)\crypto\sha\sha_dgst.c
-	$(CC) /Fo$(OBJ_D)\sha_dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha_dgst.c
-
-$(OBJ_D)\sha1dgst.obj: $(SRC_D)\crypto\sha\sha1dgst.c
-	$(CC) /Fo$(OBJ_D)\sha1dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha1dgst.c
-
-$(OBJ_D)\sha_one.obj: $(SRC_D)\crypto\sha\sha_one.c
-	$(CC) /Fo$(OBJ_D)\sha_one.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha_one.c
-
-$(OBJ_D)\sha1_one.obj: $(SRC_D)\crypto\sha\sha1_one.c
-	$(CC) /Fo$(OBJ_D)\sha1_one.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha1_one.c
-
-$(OBJ_D)\mdc2dgst.obj: $(SRC_D)\crypto\mdc2\mdc2dgst.c
-	$(CC) /Fo$(OBJ_D)\mdc2dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\mdc2\mdc2dgst.c
-
-$(OBJ_D)\mdc2_one.obj: $(SRC_D)\crypto\mdc2\mdc2_one.c
-	$(CC) /Fo$(OBJ_D)\mdc2_one.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\mdc2\mdc2_one.c
-
-$(OBJ_D)\hmac.obj: $(SRC_D)\crypto\hmac\hmac.c
-	$(CC) /Fo$(OBJ_D)\hmac.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\hmac\hmac.c
-
-$(OBJ_D)\rmd_dgst.obj: $(SRC_D)\crypto\ripemd\rmd_dgst.c
-	$(CC) /Fo$(OBJ_D)\rmd_dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\ripemd\rmd_dgst.c
-
-$(OBJ_D)\rmd_one.obj: $(SRC_D)\crypto\ripemd\rmd_one.c
-	$(CC) /Fo$(OBJ_D)\rmd_one.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\ripemd\rmd_one.c
-
-$(OBJ_D)\set_key.obj: $(SRC_D)\crypto\des\set_key.c
-	$(CC) /Fo$(OBJ_D)\set_key.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\set_key.c
-
-$(OBJ_D)\ecb_enc.obj: $(SRC_D)\crypto\des\ecb_enc.c
-	$(CC) /Fo$(OBJ_D)\ecb_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\ecb_enc.c
-
-$(OBJ_D)\cbc_enc.obj: $(SRC_D)\crypto\des\cbc_enc.c
-	$(CC) /Fo$(OBJ_D)\cbc_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\cbc_enc.c
-
-$(OBJ_D)\ecb3_enc.obj: $(SRC_D)\crypto\des\ecb3_enc.c
-	$(CC) /Fo$(OBJ_D)\ecb3_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\ecb3_enc.c
-
-$(OBJ_D)\cfb64enc.obj: $(SRC_D)\crypto\des\cfb64enc.c
-	$(CC) /Fo$(OBJ_D)\cfb64enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\cfb64enc.c
-
-$(OBJ_D)\cfb64ede.obj: $(SRC_D)\crypto\des\cfb64ede.c
-	$(CC) /Fo$(OBJ_D)\cfb64ede.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\cfb64ede.c
-
-$(OBJ_D)\cfb_enc.obj: $(SRC_D)\crypto\des\cfb_enc.c
-	$(CC) /Fo$(OBJ_D)\cfb_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\cfb_enc.c
-
-$(OBJ_D)\ofb64ede.obj: $(SRC_D)\crypto\des\ofb64ede.c
-	$(CC) /Fo$(OBJ_D)\ofb64ede.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\ofb64ede.c
-
-$(OBJ_D)\enc_read.obj: $(SRC_D)\crypto\des\enc_read.c
-	$(CC) /Fo$(OBJ_D)\enc_read.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\enc_read.c
-
-$(OBJ_D)\enc_writ.obj: $(SRC_D)\crypto\des\enc_writ.c
-	$(CC) /Fo$(OBJ_D)\enc_writ.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\enc_writ.c
-
-$(OBJ_D)\ofb64enc.obj: $(SRC_D)\crypto\des\ofb64enc.c
-	$(CC) /Fo$(OBJ_D)\ofb64enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\ofb64enc.c
-
-$(OBJ_D)\ofb_enc.obj: $(SRC_D)\crypto\des\ofb_enc.c
-	$(CC) /Fo$(OBJ_D)\ofb_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\ofb_enc.c
-
-$(OBJ_D)\str2key.obj: $(SRC_D)\crypto\des\str2key.c
-	$(CC) /Fo$(OBJ_D)\str2key.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\str2key.c
-
-$(OBJ_D)\pcbc_enc.obj: $(SRC_D)\crypto\des\pcbc_enc.c
-	$(CC) /Fo$(OBJ_D)\pcbc_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\pcbc_enc.c
-
-$(OBJ_D)\qud_cksm.obj: $(SRC_D)\crypto\des\qud_cksm.c
-	$(CC) /Fo$(OBJ_D)\qud_cksm.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\qud_cksm.c
-
-$(OBJ_D)\rand_key.obj: $(SRC_D)\crypto\des\rand_key.c
-	$(CC) /Fo$(OBJ_D)\rand_key.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\rand_key.c
-
-$(OBJ_D)\des_enc.obj: $(SRC_D)\crypto\des\des_enc.c
-	$(CC) /Fo$(OBJ_D)\des_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\des_enc.c
-
-$(OBJ_D)\fcrypt_b.obj: $(SRC_D)\crypto\des\fcrypt_b.c
-	$(CC) /Fo$(OBJ_D)\fcrypt_b.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\fcrypt_b.c
-
-$(OBJ_D)\read2pwd.obj: $(SRC_D)\crypto\des\read2pwd.c
-	$(CC) /Fo$(OBJ_D)\read2pwd.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\read2pwd.c
-
-$(OBJ_D)\fcrypt.obj: $(SRC_D)\crypto\des\fcrypt.c
-	$(CC) /Fo$(OBJ_D)\fcrypt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\fcrypt.c
-
-$(OBJ_D)\xcbc_enc.obj: $(SRC_D)\crypto\des\xcbc_enc.c
-	$(CC) /Fo$(OBJ_D)\xcbc_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\xcbc_enc.c
-
-$(OBJ_D)\read_pwd.obj: $(SRC_D)\crypto\des\read_pwd.c
-	$(CC) /Fo$(OBJ_D)\read_pwd.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\read_pwd.c
-
-$(OBJ_D)\rpc_enc.obj: $(SRC_D)\crypto\des\rpc_enc.c
-	$(CC) /Fo$(OBJ_D)\rpc_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\rpc_enc.c
-
-$(OBJ_D)\cbc_cksm.obj: $(SRC_D)\crypto\des\cbc_cksm.c
-	$(CC) /Fo$(OBJ_D)\cbc_cksm.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\cbc_cksm.c
-
-$(OBJ_D)\supp.obj: $(SRC_D)\crypto\des\supp.c
-	$(CC) /Fo$(OBJ_D)\supp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\supp.c
-
-$(OBJ_D)\rc2_ecb.obj: $(SRC_D)\crypto\rc2\rc2_ecb.c
-	$(CC) /Fo$(OBJ_D)\rc2_ecb.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2_ecb.c
-
-$(OBJ_D)\rc2_skey.obj: $(SRC_D)\crypto\rc2\rc2_skey.c
-	$(CC) /Fo$(OBJ_D)\rc2_skey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2_skey.c
-
-$(OBJ_D)\rc2_cbc.obj: $(SRC_D)\crypto\rc2\rc2_cbc.c
-	$(CC) /Fo$(OBJ_D)\rc2_cbc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2_cbc.c
-
-$(OBJ_D)\rc2cfb64.obj: $(SRC_D)\crypto\rc2\rc2cfb64.c
-	$(CC) /Fo$(OBJ_D)\rc2cfb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2cfb64.c
-
-$(OBJ_D)\rc2ofb64.obj: $(SRC_D)\crypto\rc2\rc2ofb64.c
-	$(CC) /Fo$(OBJ_D)\rc2ofb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2ofb64.c
-
-$(OBJ_D)\rc4_skey.obj: $(SRC_D)\crypto\rc4\rc4_skey.c
-	$(CC) /Fo$(OBJ_D)\rc4_skey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc4\rc4_skey.c
-
-$(OBJ_D)\rc4_enc.obj: $(SRC_D)\crypto\rc4\rc4_enc.c
-	$(CC) /Fo$(OBJ_D)\rc4_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc4\rc4_enc.c
-
-$(OBJ_D)\rc5_skey.obj: $(SRC_D)\crypto\rc5\rc5_skey.c
-	$(CC) /Fo$(OBJ_D)\rc5_skey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc5\rc5_skey.c
-
-$(OBJ_D)\rc5_ecb.obj: $(SRC_D)\crypto\rc5\rc5_ecb.c
-	$(CC) /Fo$(OBJ_D)\rc5_ecb.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc5\rc5_ecb.c
-
-$(OBJ_D)\rc5_enc.obj: $(SRC_D)\crypto\rc5\rc5_enc.c
-	$(CC) /Fo$(OBJ_D)\rc5_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc5\rc5_enc.c
-
-$(OBJ_D)\rc5cfb64.obj: $(SRC_D)\crypto\rc5\rc5cfb64.c
-	$(CC) /Fo$(OBJ_D)\rc5cfb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc5\rc5cfb64.c
-
-$(OBJ_D)\rc5ofb64.obj: $(SRC_D)\crypto\rc5\rc5ofb64.c
-	$(CC) /Fo$(OBJ_D)\rc5ofb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc5\rc5ofb64.c
-
-$(OBJ_D)\i_cbc.obj: $(SRC_D)\crypto\idea\i_cbc.c
-	$(CC) /Fo$(OBJ_D)\i_cbc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_cbc.c
-
-$(OBJ_D)\i_cfb64.obj: $(SRC_D)\crypto\idea\i_cfb64.c
-	$(CC) /Fo$(OBJ_D)\i_cfb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_cfb64.c
-
-$(OBJ_D)\i_ofb64.obj: $(SRC_D)\crypto\idea\i_ofb64.c
-	$(CC) /Fo$(OBJ_D)\i_ofb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_ofb64.c
-
-$(OBJ_D)\i_ecb.obj: $(SRC_D)\crypto\idea\i_ecb.c
-	$(CC) /Fo$(OBJ_D)\i_ecb.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_ecb.c
-
-$(OBJ_D)\i_skey.obj: $(SRC_D)\crypto\idea\i_skey.c
-	$(CC) /Fo$(OBJ_D)\i_skey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_skey.c
-
-$(OBJ_D)\bf_skey.obj: $(SRC_D)\crypto\bf\bf_skey.c
-	$(CC) /Fo$(OBJ_D)\bf_skey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_skey.c
-
-$(OBJ_D)\bf_ecb.obj: $(SRC_D)\crypto\bf\bf_ecb.c
-	$(CC) /Fo$(OBJ_D)\bf_ecb.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_ecb.c
-
-$(OBJ_D)\bf_enc.obj: $(SRC_D)\crypto\bf\bf_enc.c
-	$(CC) /Fo$(OBJ_D)\bf_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_enc.c
-
-$(OBJ_D)\bf_cfb64.obj: $(SRC_D)\crypto\bf\bf_cfb64.c
-	$(CC) /Fo$(OBJ_D)\bf_cfb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_cfb64.c
-
-$(OBJ_D)\bf_ofb64.obj: $(SRC_D)\crypto\bf\bf_ofb64.c
-	$(CC) /Fo$(OBJ_D)\bf_ofb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_ofb64.c
-
-$(OBJ_D)\c_skey.obj: $(SRC_D)\crypto\cast\c_skey.c
-	$(CC) /Fo$(OBJ_D)\c_skey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cast\c_skey.c
-
-$(OBJ_D)\c_ecb.obj: $(SRC_D)\crypto\cast\c_ecb.c
-	$(CC) /Fo$(OBJ_D)\c_ecb.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cast\c_ecb.c
-
-$(OBJ_D)\c_enc.obj: $(SRC_D)\crypto\cast\c_enc.c
-	$(CC) /Fo$(OBJ_D)\c_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cast\c_enc.c
-
-$(OBJ_D)\c_cfb64.obj: $(SRC_D)\crypto\cast\c_cfb64.c
-	$(CC) /Fo$(OBJ_D)\c_cfb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cast\c_cfb64.c
-
-$(OBJ_D)\c_ofb64.obj: $(SRC_D)\crypto\cast\c_ofb64.c
-	$(CC) /Fo$(OBJ_D)\c_ofb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cast\c_ofb64.c
-
-$(OBJ_D)\bn_add.obj: $(SRC_D)\crypto\bn\bn_add.c
-	$(CC) /Fo$(OBJ_D)\bn_add.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_add.c
-
-$(OBJ_D)\bn_div.obj: $(SRC_D)\crypto\bn\bn_div.c
-	$(CC) /Fo$(OBJ_D)\bn_div.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_div.c
-
-$(OBJ_D)\bn_exp.obj: $(SRC_D)\crypto\bn\bn_exp.c
-	$(CC) /Fo$(OBJ_D)\bn_exp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_exp.c
-
-$(OBJ_D)\bn_lib.obj: $(SRC_D)\crypto\bn\bn_lib.c
-	$(CC) /Fo$(OBJ_D)\bn_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_lib.c
-
-$(OBJ_D)\bn_mod.obj: $(SRC_D)\crypto\bn\bn_mod.c
-	$(CC) /Fo$(OBJ_D)\bn_mod.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mod.c
-
-$(OBJ_D)\bn_mul.obj: $(SRC_D)\crypto\bn\bn_mul.c
-	$(CC) /Fo$(OBJ_D)\bn_mul.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mul.c
-
-$(OBJ_D)\bn_print.obj: $(SRC_D)\crypto\bn\bn_print.c
-	$(CC) /Fo$(OBJ_D)\bn_print.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_print.c
-
-$(OBJ_D)\bn_rand.obj: $(SRC_D)\crypto\bn\bn_rand.c
-	$(CC) /Fo$(OBJ_D)\bn_rand.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_rand.c
-
-$(OBJ_D)\bn_shift.obj: $(SRC_D)\crypto\bn\bn_shift.c
-	$(CC) /Fo$(OBJ_D)\bn_shift.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_shift.c
-
-$(OBJ_D)\bn_sub.obj: $(SRC_D)\crypto\bn\bn_sub.c
-	$(CC) /Fo$(OBJ_D)\bn_sub.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_sub.c
-
-$(OBJ_D)\bn_word.obj: $(SRC_D)\crypto\bn\bn_word.c
-	$(CC) /Fo$(OBJ_D)\bn_word.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_word.c
-
-$(OBJ_D)\bn_blind.obj: $(SRC_D)\crypto\bn\bn_blind.c
-	$(CC) /Fo$(OBJ_D)\bn_blind.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_blind.c
-
-$(OBJ_D)\bn_gcd.obj: $(SRC_D)\crypto\bn\bn_gcd.c
-	$(CC) /Fo$(OBJ_D)\bn_gcd.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_gcd.c
-
-$(OBJ_D)\bn_prime.obj: $(SRC_D)\crypto\bn\bn_prime.c
-	$(CC) /Fo$(OBJ_D)\bn_prime.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_prime.c
-
-$(OBJ_D)\bn_err.obj: $(SRC_D)\crypto\bn\bn_err.c
-	$(CC) /Fo$(OBJ_D)\bn_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_err.c
-
-$(OBJ_D)\bn_sqr.obj: $(SRC_D)\crypto\bn\bn_sqr.c
-	$(CC) /Fo$(OBJ_D)\bn_sqr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_sqr.c
-
-$(OBJ_D)\bn_mulw.obj: $(SRC_D)\crypto\bn\bn_mulw.c
-	$(CC) /Fo$(OBJ_D)\bn_mulw.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mulw.c
-
-$(OBJ_D)\bn_recp.obj: $(SRC_D)\crypto\bn\bn_recp.c
-	$(CC) /Fo$(OBJ_D)\bn_recp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_recp.c
-
-$(OBJ_D)\bn_mont.obj: $(SRC_D)\crypto\bn\bn_mont.c
-	$(CC) /Fo$(OBJ_D)\bn_mont.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mont.c
-
-$(OBJ_D)\bn_mpi.obj: $(SRC_D)\crypto\bn\bn_mpi.c
-	$(CC) /Fo$(OBJ_D)\bn_mpi.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mpi.c
-
-$(OBJ_D)\rsa_eay.obj: $(SRC_D)\crypto\rsa\rsa_eay.c
-	$(CC) /Fo$(OBJ_D)\rsa_eay.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_eay.c
-
-$(OBJ_D)\rsa_gen.obj: $(SRC_D)\crypto\rsa\rsa_gen.c
-	$(CC) /Fo$(OBJ_D)\rsa_gen.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_gen.c
-
-$(OBJ_D)\rsa_lib.obj: $(SRC_D)\crypto\rsa\rsa_lib.c
-	$(CC) /Fo$(OBJ_D)\rsa_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_lib.c
-
-$(OBJ_D)\rsa_sign.obj: $(SRC_D)\crypto\rsa\rsa_sign.c
-	$(CC) /Fo$(OBJ_D)\rsa_sign.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_sign.c
-
-$(OBJ_D)\rsa_saos.obj: $(SRC_D)\crypto\rsa\rsa_saos.c
-	$(CC) /Fo$(OBJ_D)\rsa_saos.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_saos.c
-
-$(OBJ_D)\rsa_err.obj: $(SRC_D)\crypto\rsa\rsa_err.c
-	$(CC) /Fo$(OBJ_D)\rsa_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_err.c
-
-$(OBJ_D)\rsa_pk1.obj: $(SRC_D)\crypto\rsa\rsa_pk1.c
-	$(CC) /Fo$(OBJ_D)\rsa_pk1.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_pk1.c
-
-$(OBJ_D)\rsa_ssl.obj: $(SRC_D)\crypto\rsa\rsa_ssl.c
-	$(CC) /Fo$(OBJ_D)\rsa_ssl.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_ssl.c
-
-$(OBJ_D)\rsa_none.obj: $(SRC_D)\crypto\rsa\rsa_none.c
-	$(CC) /Fo$(OBJ_D)\rsa_none.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_none.c
-
-$(OBJ_D)\dsa_gen.obj: $(SRC_D)\crypto\dsa\dsa_gen.c
-	$(CC) /Fo$(OBJ_D)\dsa_gen.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_gen.c
-
-$(OBJ_D)\dsa_key.obj: $(SRC_D)\crypto\dsa\dsa_key.c
-	$(CC) /Fo$(OBJ_D)\dsa_key.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_key.c
-
-$(OBJ_D)\dsa_lib.obj: $(SRC_D)\crypto\dsa\dsa_lib.c
-	$(CC) /Fo$(OBJ_D)\dsa_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_lib.c
-
-$(OBJ_D)\dsa_vrf.obj: $(SRC_D)\crypto\dsa\dsa_vrf.c
-	$(CC) /Fo$(OBJ_D)\dsa_vrf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_vrf.c
-
-$(OBJ_D)\dsa_sign.obj: $(SRC_D)\crypto\dsa\dsa_sign.c
-	$(CC) /Fo$(OBJ_D)\dsa_sign.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_sign.c
-
-$(OBJ_D)\dsa_err.obj: $(SRC_D)\crypto\dsa\dsa_err.c
-	$(CC) /Fo$(OBJ_D)\dsa_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_err.c
-
-$(OBJ_D)\dh_gen.obj: $(SRC_D)\crypto\dh\dh_gen.c
-	$(CC) /Fo$(OBJ_D)\dh_gen.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_gen.c
-
-$(OBJ_D)\dh_key.obj: $(SRC_D)\crypto\dh\dh_key.c
-	$(CC) /Fo$(OBJ_D)\dh_key.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_key.c
-
-$(OBJ_D)\dh_lib.obj: $(SRC_D)\crypto\dh\dh_lib.c
-	$(CC) /Fo$(OBJ_D)\dh_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_lib.c
-
-$(OBJ_D)\dh_check.obj: $(SRC_D)\crypto\dh\dh_check.c
-	$(CC) /Fo$(OBJ_D)\dh_check.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_check.c
-
-$(OBJ_D)\dh_err.obj: $(SRC_D)\crypto\dh\dh_err.c
-	$(CC) /Fo$(OBJ_D)\dh_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_err.c
-
-$(OBJ_D)\buffer.obj: $(SRC_D)\crypto\buffer\buffer.c
-	$(CC) /Fo$(OBJ_D)\buffer.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\buffer\buffer.c
-
-$(OBJ_D)\buf_err.obj: $(SRC_D)\crypto\buffer\buf_err.c
-	$(CC) /Fo$(OBJ_D)\buf_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\buffer\buf_err.c
-
-$(OBJ_D)\bio_lib.obj: $(SRC_D)\crypto\bio\bio_lib.c
-	$(CC) /Fo$(OBJ_D)\bio_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bio_lib.c
-
-$(OBJ_D)\bio_cb.obj: $(SRC_D)\crypto\bio\bio_cb.c
-	$(CC) /Fo$(OBJ_D)\bio_cb.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bio_cb.c
-
-$(OBJ_D)\bio_err.obj: $(SRC_D)\crypto\bio\bio_err.c
-	$(CC) /Fo$(OBJ_D)\bio_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bio_err.c
-
-$(OBJ_D)\bss_mem.obj: $(SRC_D)\crypto\bio\bss_mem.c
-	$(CC) /Fo$(OBJ_D)\bss_mem.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_mem.c
-
-$(OBJ_D)\bss_null.obj: $(SRC_D)\crypto\bio\bss_null.c
-	$(CC) /Fo$(OBJ_D)\bss_null.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_null.c
-
-$(OBJ_D)\bss_fd.obj: $(SRC_D)\crypto\bio\bss_fd.c
-	$(CC) /Fo$(OBJ_D)\bss_fd.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_fd.c
-
-$(OBJ_D)\bss_file.obj: $(SRC_D)\crypto\bio\bss_file.c
-	$(CC) /Fo$(OBJ_D)\bss_file.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_file.c
-
-$(OBJ_D)\bss_sock.obj: $(SRC_D)\crypto\bio\bss_sock.c
-	$(CC) /Fo$(OBJ_D)\bss_sock.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_sock.c
-
-$(OBJ_D)\bss_conn.obj: $(SRC_D)\crypto\bio\bss_conn.c
-	$(CC) /Fo$(OBJ_D)\bss_conn.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_conn.c
-
-$(OBJ_D)\bf_null.obj: $(SRC_D)\crypto\bio\bf_null.c
-	$(CC) /Fo$(OBJ_D)\bf_null.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bf_null.c
-
-$(OBJ_D)\bf_buff.obj: $(SRC_D)\crypto\bio\bf_buff.c
-	$(CC) /Fo$(OBJ_D)\bf_buff.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bf_buff.c
-
-$(OBJ_D)\b_print.obj: $(SRC_D)\crypto\bio\b_print.c
-	$(CC) /Fo$(OBJ_D)\b_print.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\b_print.c
-
-$(OBJ_D)\b_dump.obj: $(SRC_D)\crypto\bio\b_dump.c
-	$(CC) /Fo$(OBJ_D)\b_dump.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\b_dump.c
-
-$(OBJ_D)\b_sock.obj: $(SRC_D)\crypto\bio\b_sock.c
-	$(CC) /Fo$(OBJ_D)\b_sock.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\b_sock.c
-
-$(OBJ_D)\bss_acpt.obj: $(SRC_D)\crypto\bio\bss_acpt.c
-	$(CC) /Fo$(OBJ_D)\bss_acpt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_acpt.c
-
-$(OBJ_D)\bf_nbio.obj: $(SRC_D)\crypto\bio\bf_nbio.c
-	$(CC) /Fo$(OBJ_D)\bf_nbio.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bf_nbio.c
-
-$(OBJ_D)\stack.obj: $(SRC_D)\crypto\stack\stack.c
-	$(CC) /Fo$(OBJ_D)\stack.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\stack\stack.c
-
-$(OBJ_D)\lhash.obj: $(SRC_D)\crypto\lhash\lhash.c
-	$(CC) /Fo$(OBJ_D)\lhash.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\lhash\lhash.c
-
-$(OBJ_D)\lh_stats.obj: $(SRC_D)\crypto\lhash\lh_stats.c
-	$(CC) /Fo$(OBJ_D)\lh_stats.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\lhash\lh_stats.c
-
-$(OBJ_D)\md_rand.obj: $(SRC_D)\crypto\rand\md_rand.c
-	$(CC) /Fo$(OBJ_D)\md_rand.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rand\md_rand.c
-
-$(OBJ_D)\randfile.obj: $(SRC_D)\crypto\rand\randfile.c
-	$(CC) /Fo$(OBJ_D)\randfile.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rand\randfile.c
-
-$(OBJ_D)\err.obj: $(SRC_D)\crypto\err\err.c
-	$(CC) /Fo$(OBJ_D)\err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\err\err.c
-
-$(OBJ_D)\err_all.obj: $(SRC_D)\crypto\err\err_all.c
-	$(CC) /Fo$(OBJ_D)\err_all.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\err\err_all.c
-
-$(OBJ_D)\err_prn.obj: $(SRC_D)\crypto\err\err_prn.c
-	$(CC) /Fo$(OBJ_D)\err_prn.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\err\err_prn.c
-
-$(OBJ_D)\obj_dat.obj: $(SRC_D)\crypto\objects\obj_dat.c
-	$(CC) /Fo$(OBJ_D)\obj_dat.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\objects\obj_dat.c
-
-$(OBJ_D)\obj_lib.obj: $(SRC_D)\crypto\objects\obj_lib.c
-	$(CC) /Fo$(OBJ_D)\obj_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\objects\obj_lib.c
-
-$(OBJ_D)\obj_err.obj: $(SRC_D)\crypto\objects\obj_err.c
-	$(CC) /Fo$(OBJ_D)\obj_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\objects\obj_err.c
-
-$(OBJ_D)\encode.obj: $(SRC_D)\crypto\evp\encode.c
-	$(CC) /Fo$(OBJ_D)\encode.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\encode.c
-
-$(OBJ_D)\digest.obj: $(SRC_D)\crypto\evp\digest.c
-	$(CC) /Fo$(OBJ_D)\digest.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\digest.c
-
-$(OBJ_D)\evp_enc.obj: $(SRC_D)\crypto\evp\evp_enc.c
-	$(CC) /Fo$(OBJ_D)\evp_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\evp_enc.c
-
-$(OBJ_D)\evp_key.obj: $(SRC_D)\crypto\evp\evp_key.c
-	$(CC) /Fo$(OBJ_D)\evp_key.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\evp_key.c
-
-$(OBJ_D)\e_ecb_d.obj: $(SRC_D)\crypto\evp\e_ecb_d.c
-	$(CC) /Fo$(OBJ_D)\e_ecb_d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_d.c
-
-$(OBJ_D)\e_cbc_d.obj: $(SRC_D)\crypto\evp\e_cbc_d.c
-	$(CC) /Fo$(OBJ_D)\e_cbc_d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_d.c
-
-$(OBJ_D)\e_cfb_d.obj: $(SRC_D)\crypto\evp\e_cfb_d.c
-	$(CC) /Fo$(OBJ_D)\e_cfb_d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_d.c
-
-$(OBJ_D)\e_ofb_d.obj: $(SRC_D)\crypto\evp\e_ofb_d.c
-	$(CC) /Fo$(OBJ_D)\e_ofb_d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_d.c
-
-$(OBJ_D)\e_ecb_i.obj: $(SRC_D)\crypto\evp\e_ecb_i.c
-	$(CC) /Fo$(OBJ_D)\e_ecb_i.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_i.c
-
-$(OBJ_D)\e_cbc_i.obj: $(SRC_D)\crypto\evp\e_cbc_i.c
-	$(CC) /Fo$(OBJ_D)\e_cbc_i.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_i.c
-
-$(OBJ_D)\e_cfb_i.obj: $(SRC_D)\crypto\evp\e_cfb_i.c
-	$(CC) /Fo$(OBJ_D)\e_cfb_i.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_i.c
-
-$(OBJ_D)\e_ofb_i.obj: $(SRC_D)\crypto\evp\e_ofb_i.c
-	$(CC) /Fo$(OBJ_D)\e_ofb_i.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_i.c
-
-$(OBJ_D)\e_ecb_3d.obj: $(SRC_D)\crypto\evp\e_ecb_3d.c
-	$(CC) /Fo$(OBJ_D)\e_ecb_3d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_3d.c
-
-$(OBJ_D)\e_cbc_3d.obj: $(SRC_D)\crypto\evp\e_cbc_3d.c
-	$(CC) /Fo$(OBJ_D)\e_cbc_3d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_3d.c
-
-$(OBJ_D)\e_rc4.obj: $(SRC_D)\crypto\evp\e_rc4.c
-	$(CC) /Fo$(OBJ_D)\e_rc4.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_rc4.c
-
-$(OBJ_D)\names.obj: $(SRC_D)\crypto\evp\names.c
-	$(CC) /Fo$(OBJ_D)\names.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\names.c
-
-$(OBJ_D)\e_cfb_3d.obj: $(SRC_D)\crypto\evp\e_cfb_3d.c
-	$(CC) /Fo$(OBJ_D)\e_cfb_3d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_3d.c
-
-$(OBJ_D)\e_ofb_3d.obj: $(SRC_D)\crypto\evp\e_ofb_3d.c
-	$(CC) /Fo$(OBJ_D)\e_ofb_3d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_3d.c
-
-$(OBJ_D)\e_xcbc_d.obj: $(SRC_D)\crypto\evp\e_xcbc_d.c
-	$(CC) /Fo$(OBJ_D)\e_xcbc_d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_xcbc_d.c
-
-$(OBJ_D)\e_ecb_r2.obj: $(SRC_D)\crypto\evp\e_ecb_r2.c
-	$(CC) /Fo$(OBJ_D)\e_ecb_r2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_r2.c
-
-$(OBJ_D)\e_cbc_r2.obj: $(SRC_D)\crypto\evp\e_cbc_r2.c
-	$(CC) /Fo$(OBJ_D)\e_cbc_r2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_r2.c
-
-$(OBJ_D)\e_cfb_r2.obj: $(SRC_D)\crypto\evp\e_cfb_r2.c
-	$(CC) /Fo$(OBJ_D)\e_cfb_r2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_r2.c
-
-$(OBJ_D)\e_ofb_r2.obj: $(SRC_D)\crypto\evp\e_ofb_r2.c
-	$(CC) /Fo$(OBJ_D)\e_ofb_r2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_r2.c
-
-$(OBJ_D)\e_ecb_bf.obj: $(SRC_D)\crypto\evp\e_ecb_bf.c
-	$(CC) /Fo$(OBJ_D)\e_ecb_bf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_bf.c
-
-$(OBJ_D)\e_cbc_bf.obj: $(SRC_D)\crypto\evp\e_cbc_bf.c
-	$(CC) /Fo$(OBJ_D)\e_cbc_bf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_bf.c
-
-$(OBJ_D)\e_cfb_bf.obj: $(SRC_D)\crypto\evp\e_cfb_bf.c
-	$(CC) /Fo$(OBJ_D)\e_cfb_bf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_bf.c
-
-$(OBJ_D)\e_ofb_bf.obj: $(SRC_D)\crypto\evp\e_ofb_bf.c
-	$(CC) /Fo$(OBJ_D)\e_ofb_bf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_bf.c
-
-$(OBJ_D)\e_ecb_c.obj: $(SRC_D)\crypto\evp\e_ecb_c.c
-	$(CC) /Fo$(OBJ_D)\e_ecb_c.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_c.c
-
-$(OBJ_D)\e_cbc_c.obj: $(SRC_D)\crypto\evp\e_cbc_c.c
-	$(CC) /Fo$(OBJ_D)\e_cbc_c.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_c.c
-
-$(OBJ_D)\e_cfb_c.obj: $(SRC_D)\crypto\evp\e_cfb_c.c
-	$(CC) /Fo$(OBJ_D)\e_cfb_c.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_c.c
-
-$(OBJ_D)\e_ofb_c.obj: $(SRC_D)\crypto\evp\e_ofb_c.c
-	$(CC) /Fo$(OBJ_D)\e_ofb_c.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_c.c
-
-$(OBJ_D)\e_ecb_r5.obj: $(SRC_D)\crypto\evp\e_ecb_r5.c
-	$(CC) /Fo$(OBJ_D)\e_ecb_r5.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_r5.c
-
-$(OBJ_D)\e_cbc_r5.obj: $(SRC_D)\crypto\evp\e_cbc_r5.c
-	$(CC) /Fo$(OBJ_D)\e_cbc_r5.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_r5.c
-
-$(OBJ_D)\e_cfb_r5.obj: $(SRC_D)\crypto\evp\e_cfb_r5.c
-	$(CC) /Fo$(OBJ_D)\e_cfb_r5.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_r5.c
-
-$(OBJ_D)\e_ofb_r5.obj: $(SRC_D)\crypto\evp\e_ofb_r5.c
-	$(CC) /Fo$(OBJ_D)\e_ofb_r5.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_r5.c
-
-$(OBJ_D)\m_null.obj: $(SRC_D)\crypto\evp\m_null.c
-	$(CC) /Fo$(OBJ_D)\m_null.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_null.c
-
-$(OBJ_D)\m_md2.obj: $(SRC_D)\crypto\evp\m_md2.c
-	$(CC) /Fo$(OBJ_D)\m_md2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_md2.c
-
-$(OBJ_D)\m_md5.obj: $(SRC_D)\crypto\evp\m_md5.c
-	$(CC) /Fo$(OBJ_D)\m_md5.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_md5.c
-
-$(OBJ_D)\m_sha.obj: $(SRC_D)\crypto\evp\m_sha.c
-	$(CC) /Fo$(OBJ_D)\m_sha.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_sha.c
-
-$(OBJ_D)\m_sha1.obj: $(SRC_D)\crypto\evp\m_sha1.c
-	$(CC) /Fo$(OBJ_D)\m_sha1.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_sha1.c
-
-$(OBJ_D)\m_dss.obj: $(SRC_D)\crypto\evp\m_dss.c
-	$(CC) /Fo$(OBJ_D)\m_dss.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_dss.c
-
-$(OBJ_D)\m_dss1.obj: $(SRC_D)\crypto\evp\m_dss1.c
-	$(CC) /Fo$(OBJ_D)\m_dss1.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_dss1.c
-
-$(OBJ_D)\m_mdc2.obj: $(SRC_D)\crypto\evp\m_mdc2.c
-	$(CC) /Fo$(OBJ_D)\m_mdc2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_mdc2.c
-
-$(OBJ_D)\m_ripemd.obj: $(SRC_D)\crypto\evp\m_ripemd.c
-	$(CC) /Fo$(OBJ_D)\m_ripemd.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_ripemd.c
-
-$(OBJ_D)\p_open.obj: $(SRC_D)\crypto\evp\p_open.c
-	$(CC) /Fo$(OBJ_D)\p_open.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_open.c
-
-$(OBJ_D)\p_seal.obj: $(SRC_D)\crypto\evp\p_seal.c
-	$(CC) /Fo$(OBJ_D)\p_seal.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_seal.c
-
-$(OBJ_D)\p_sign.obj: $(SRC_D)\crypto\evp\p_sign.c
-	$(CC) /Fo$(OBJ_D)\p_sign.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_sign.c
-
-$(OBJ_D)\p_verify.obj: $(SRC_D)\crypto\evp\p_verify.c
-	$(CC) /Fo$(OBJ_D)\p_verify.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_verify.c
-
-$(OBJ_D)\p_lib.obj: $(SRC_D)\crypto\evp\p_lib.c
-	$(CC) /Fo$(OBJ_D)\p_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_lib.c
-
-$(OBJ_D)\p_enc.obj: $(SRC_D)\crypto\evp\p_enc.c
-	$(CC) /Fo$(OBJ_D)\p_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_enc.c
-
-$(OBJ_D)\p_dec.obj: $(SRC_D)\crypto\evp\p_dec.c
-	$(CC) /Fo$(OBJ_D)\p_dec.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_dec.c
-
-$(OBJ_D)\bio_md.obj: $(SRC_D)\crypto\evp\bio_md.c
-	$(CC) /Fo$(OBJ_D)\bio_md.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\bio_md.c
-
-$(OBJ_D)\bio_b64.obj: $(SRC_D)\crypto\evp\bio_b64.c
-	$(CC) /Fo$(OBJ_D)\bio_b64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\bio_b64.c
-
-$(OBJ_D)\bio_enc.obj: $(SRC_D)\crypto\evp\bio_enc.c
-	$(CC) /Fo$(OBJ_D)\bio_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\bio_enc.c
-
-$(OBJ_D)\evp_err.obj: $(SRC_D)\crypto\evp\evp_err.c
-	$(CC) /Fo$(OBJ_D)\evp_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\evp_err.c
-
-$(OBJ_D)\e_null.obj: $(SRC_D)\crypto\evp\e_null.c
-	$(CC) /Fo$(OBJ_D)\e_null.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_null.c
-
-$(OBJ_D)\c_all.obj: $(SRC_D)\crypto\evp\c_all.c
-	$(CC) /Fo$(OBJ_D)\c_all.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\c_all.c
-
-$(OBJ_D)\evp_lib.obj: $(SRC_D)\crypto\evp\evp_lib.c
-	$(CC) /Fo$(OBJ_D)\evp_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\evp_lib.c
-
-$(OBJ_D)\pem_sign.obj: $(SRC_D)\crypto\pem\pem_sign.c
-	$(CC) /Fo$(OBJ_D)\pem_sign.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_sign.c
-
-$(OBJ_D)\pem_seal.obj: $(SRC_D)\crypto\pem\pem_seal.c
-	$(CC) /Fo$(OBJ_D)\pem_seal.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_seal.c
-
-$(OBJ_D)\pem_info.obj: $(SRC_D)\crypto\pem\pem_info.c
-	$(CC) /Fo$(OBJ_D)\pem_info.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_info.c
-
-$(OBJ_D)\pem_lib.obj: $(SRC_D)\crypto\pem\pem_lib.c
-	$(CC) /Fo$(OBJ_D)\pem_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_lib.c
-
-$(OBJ_D)\pem_all.obj: $(SRC_D)\crypto\pem\pem_all.c
-	$(CC) /Fo$(OBJ_D)\pem_all.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_all.c
-
-$(OBJ_D)\pem_err.obj: $(SRC_D)\crypto\pem\pem_err.c
-	$(CC) /Fo$(OBJ_D)\pem_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_err.c
-
-$(OBJ_D)\a_object.obj: $(SRC_D)\crypto\asn1\a_object.c
-	$(CC) /Fo$(OBJ_D)\a_object.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_object.c
-
-$(OBJ_D)\a_bitstr.obj: $(SRC_D)\crypto\asn1\a_bitstr.c
-	$(CC) /Fo$(OBJ_D)\a_bitstr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_bitstr.c
-
-$(OBJ_D)\a_utctm.obj: $(SRC_D)\crypto\asn1\a_utctm.c
-	$(CC) /Fo$(OBJ_D)\a_utctm.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_utctm.c
-
-$(OBJ_D)\a_int.obj: $(SRC_D)\crypto\asn1\a_int.c
-	$(CC) /Fo$(OBJ_D)\a_int.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_int.c
-
-$(OBJ_D)\a_octet.obj: $(SRC_D)\crypto\asn1\a_octet.c
-	$(CC) /Fo$(OBJ_D)\a_octet.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_octet.c
-
-$(OBJ_D)\a_print.obj: $(SRC_D)\crypto\asn1\a_print.c
-	$(CC) /Fo$(OBJ_D)\a_print.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_print.c
-
-$(OBJ_D)\a_type.obj: $(SRC_D)\crypto\asn1\a_type.c
-	$(CC) /Fo$(OBJ_D)\a_type.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_type.c
-
-$(OBJ_D)\a_set.obj: $(SRC_D)\crypto\asn1\a_set.c
-	$(CC) /Fo$(OBJ_D)\a_set.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_set.c
-
-$(OBJ_D)\a_dup.obj: $(SRC_D)\crypto\asn1\a_dup.c
-	$(CC) /Fo$(OBJ_D)\a_dup.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_dup.c
-
-$(OBJ_D)\a_d2i_fp.obj: $(SRC_D)\crypto\asn1\a_d2i_fp.c
-	$(CC) /Fo$(OBJ_D)\a_d2i_fp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_d2i_fp.c
-
-$(OBJ_D)\a_i2d_fp.obj: $(SRC_D)\crypto\asn1\a_i2d_fp.c
-	$(CC) /Fo$(OBJ_D)\a_i2d_fp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_i2d_fp.c
-
-$(OBJ_D)\a_sign.obj: $(SRC_D)\crypto\asn1\a_sign.c
-	$(CC) /Fo$(OBJ_D)\a_sign.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_sign.c
-
-$(OBJ_D)\a_digest.obj: $(SRC_D)\crypto\asn1\a_digest.c
-	$(CC) /Fo$(OBJ_D)\a_digest.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_digest.c
-
-$(OBJ_D)\a_verify.obj: $(SRC_D)\crypto\asn1\a_verify.c
-	$(CC) /Fo$(OBJ_D)\a_verify.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_verify.c
-
-$(OBJ_D)\x_algor.obj: $(SRC_D)\crypto\asn1\x_algor.c
-	$(CC) /Fo$(OBJ_D)\x_algor.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_algor.c
-
-$(OBJ_D)\x_val.obj: $(SRC_D)\crypto\asn1\x_val.c
-	$(CC) /Fo$(OBJ_D)\x_val.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_val.c
-
-$(OBJ_D)\x_pubkey.obj: $(SRC_D)\crypto\asn1\x_pubkey.c
-	$(CC) /Fo$(OBJ_D)\x_pubkey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_pubkey.c
-
-$(OBJ_D)\x_sig.obj: $(SRC_D)\crypto\asn1\x_sig.c
-	$(CC) /Fo$(OBJ_D)\x_sig.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_sig.c
-
-$(OBJ_D)\x_req.obj: $(SRC_D)\crypto\asn1\x_req.c
-	$(CC) /Fo$(OBJ_D)\x_req.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_req.c
-
-$(OBJ_D)\x_attrib.obj: $(SRC_D)\crypto\asn1\x_attrib.c
-	$(CC) /Fo$(OBJ_D)\x_attrib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_attrib.c
-
-$(OBJ_D)\x_name.obj: $(SRC_D)\crypto\asn1\x_name.c
-	$(CC) /Fo$(OBJ_D)\x_name.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_name.c
-
-$(OBJ_D)\x_cinf.obj: $(SRC_D)\crypto\asn1\x_cinf.c
-	$(CC) /Fo$(OBJ_D)\x_cinf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_cinf.c
-
-$(OBJ_D)\x_x509.obj: $(SRC_D)\crypto\asn1\x_x509.c
-	$(CC) /Fo$(OBJ_D)\x_x509.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_x509.c
-
-$(OBJ_D)\x_crl.obj: $(SRC_D)\crypto\asn1\x_crl.c
-	$(CC) /Fo$(OBJ_D)\x_crl.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_crl.c
-
-$(OBJ_D)\x_info.obj: $(SRC_D)\crypto\asn1\x_info.c
-	$(CC) /Fo$(OBJ_D)\x_info.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_info.c
-
-$(OBJ_D)\x_spki.obj: $(SRC_D)\crypto\asn1\x_spki.c
-	$(CC) /Fo$(OBJ_D)\x_spki.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_spki.c
-
-$(OBJ_D)\d2i_r_pr.obj: $(SRC_D)\crypto\asn1\d2i_r_pr.c
-	$(CC) /Fo$(OBJ_D)\d2i_r_pr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_r_pr.c
-
-$(OBJ_D)\i2d_r_pr.obj: $(SRC_D)\crypto\asn1\i2d_r_pr.c
-	$(CC) /Fo$(OBJ_D)\i2d_r_pr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_r_pr.c
-
-$(OBJ_D)\d2i_r_pu.obj: $(SRC_D)\crypto\asn1\d2i_r_pu.c
-	$(CC) /Fo$(OBJ_D)\d2i_r_pu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_r_pu.c
-
-$(OBJ_D)\i2d_r_pu.obj: $(SRC_D)\crypto\asn1\i2d_r_pu.c
-	$(CC) /Fo$(OBJ_D)\i2d_r_pu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_r_pu.c
-
-$(OBJ_D)\d2i_s_pr.obj: $(SRC_D)\crypto\asn1\d2i_s_pr.c
-	$(CC) /Fo$(OBJ_D)\d2i_s_pr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_s_pr.c
-
-$(OBJ_D)\i2d_s_pr.obj: $(SRC_D)\crypto\asn1\i2d_s_pr.c
-	$(CC) /Fo$(OBJ_D)\i2d_s_pr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_s_pr.c
-
-$(OBJ_D)\d2i_s_pu.obj: $(SRC_D)\crypto\asn1\d2i_s_pu.c
-	$(CC) /Fo$(OBJ_D)\d2i_s_pu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_s_pu.c
-
-$(OBJ_D)\i2d_s_pu.obj: $(SRC_D)\crypto\asn1\i2d_s_pu.c
-	$(CC) /Fo$(OBJ_D)\i2d_s_pu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_s_pu.c
-
-$(OBJ_D)\d2i_pu.obj: $(SRC_D)\crypto\asn1\d2i_pu.c
-	$(CC) /Fo$(OBJ_D)\d2i_pu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_pu.c
-
-$(OBJ_D)\d2i_pr.obj: $(SRC_D)\crypto\asn1\d2i_pr.c
-	$(CC) /Fo$(OBJ_D)\d2i_pr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_pr.c
-
-$(OBJ_D)\i2d_pu.obj: $(SRC_D)\crypto\asn1\i2d_pu.c
-	$(CC) /Fo$(OBJ_D)\i2d_pu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_pu.c
-
-$(OBJ_D)\i2d_pr.obj: $(SRC_D)\crypto\asn1\i2d_pr.c
-	$(CC) /Fo$(OBJ_D)\i2d_pr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_pr.c
-
-$(OBJ_D)\t_req.obj: $(SRC_D)\crypto\asn1\t_req.c
-	$(CC) /Fo$(OBJ_D)\t_req.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\t_req.c
-
-$(OBJ_D)\t_x509.obj: $(SRC_D)\crypto\asn1\t_x509.c
-	$(CC) /Fo$(OBJ_D)\t_x509.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\t_x509.c
-
-$(OBJ_D)\t_pkey.obj: $(SRC_D)\crypto\asn1\t_pkey.c
-	$(CC) /Fo$(OBJ_D)\t_pkey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\t_pkey.c
-
-$(OBJ_D)\p7_i_s.obj: $(SRC_D)\crypto\asn1\p7_i_s.c
-	$(CC) /Fo$(OBJ_D)\p7_i_s.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_i_s.c
-
-$(OBJ_D)\p7_signi.obj: $(SRC_D)\crypto\asn1\p7_signi.c
-	$(CC) /Fo$(OBJ_D)\p7_signi.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_signi.c
-
-$(OBJ_D)\p7_signd.obj: $(SRC_D)\crypto\asn1\p7_signd.c
-	$(CC) /Fo$(OBJ_D)\p7_signd.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_signd.c
-
-$(OBJ_D)\p7_recip.obj: $(SRC_D)\crypto\asn1\p7_recip.c
-	$(CC) /Fo$(OBJ_D)\p7_recip.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_recip.c
-
-$(OBJ_D)\p7_enc_c.obj: $(SRC_D)\crypto\asn1\p7_enc_c.c
-	$(CC) /Fo$(OBJ_D)\p7_enc_c.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_enc_c.c
-
-$(OBJ_D)\p7_evp.obj: $(SRC_D)\crypto\asn1\p7_evp.c
-	$(CC) /Fo$(OBJ_D)\p7_evp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_evp.c
-
-$(OBJ_D)\p7_dgst.obj: $(SRC_D)\crypto\asn1\p7_dgst.c
-	$(CC) /Fo$(OBJ_D)\p7_dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_dgst.c
-
-$(OBJ_D)\p7_s_e.obj: $(SRC_D)\crypto\asn1\p7_s_e.c
-	$(CC) /Fo$(OBJ_D)\p7_s_e.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_s_e.c
-
-$(OBJ_D)\p7_enc.obj: $(SRC_D)\crypto\asn1\p7_enc.c
-	$(CC) /Fo$(OBJ_D)\p7_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_enc.c
-
-$(OBJ_D)\p7_lib.obj: $(SRC_D)\crypto\asn1\p7_lib.c
-	$(CC) /Fo$(OBJ_D)\p7_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_lib.c
-
-$(OBJ_D)\f_int.obj: $(SRC_D)\crypto\asn1\f_int.c
-	$(CC) /Fo$(OBJ_D)\f_int.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\f_int.c
-
-$(OBJ_D)\f_string.obj: $(SRC_D)\crypto\asn1\f_string.c
-	$(CC) /Fo$(OBJ_D)\f_string.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\f_string.c
-
-$(OBJ_D)\i2d_dhp.obj: $(SRC_D)\crypto\asn1\i2d_dhp.c
-	$(CC) /Fo$(OBJ_D)\i2d_dhp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_dhp.c
-
-$(OBJ_D)\i2d_dsap.obj: $(SRC_D)\crypto\asn1\i2d_dsap.c
-	$(CC) /Fo$(OBJ_D)\i2d_dsap.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_dsap.c
-
-$(OBJ_D)\d2i_dhp.obj: $(SRC_D)\crypto\asn1\d2i_dhp.c
-	$(CC) /Fo$(OBJ_D)\d2i_dhp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_dhp.c
-
-$(OBJ_D)\d2i_dsap.obj: $(SRC_D)\crypto\asn1\d2i_dsap.c
-	$(CC) /Fo$(OBJ_D)\d2i_dsap.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_dsap.c
-
-$(OBJ_D)\n_pkey.obj: $(SRC_D)\crypto\asn1\n_pkey.c
-	$(CC) /Fo$(OBJ_D)\n_pkey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\n_pkey.c
-
-$(OBJ_D)\a_hdr.obj: $(SRC_D)\crypto\asn1\a_hdr.c
-	$(CC) /Fo$(OBJ_D)\a_hdr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_hdr.c
-
-$(OBJ_D)\x_pkey.obj: $(SRC_D)\crypto\asn1\x_pkey.c
-	$(CC) /Fo$(OBJ_D)\x_pkey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_pkey.c
-
-$(OBJ_D)\a_bool.obj: $(SRC_D)\crypto\asn1\a_bool.c
-	$(CC) /Fo$(OBJ_D)\a_bool.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_bool.c
-
-$(OBJ_D)\x_exten.obj: $(SRC_D)\crypto\asn1\x_exten.c
-	$(CC) /Fo$(OBJ_D)\x_exten.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_exten.c
-
-$(OBJ_D)\asn1_par.obj: $(SRC_D)\crypto\asn1\asn1_par.c
-	$(CC) /Fo$(OBJ_D)\asn1_par.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\asn1_par.c
-
-$(OBJ_D)\asn1_lib.obj: $(SRC_D)\crypto\asn1\asn1_lib.c
-	$(CC) /Fo$(OBJ_D)\asn1_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\asn1_lib.c
-
-$(OBJ_D)\asn1_err.obj: $(SRC_D)\crypto\asn1\asn1_err.c
-	$(CC) /Fo$(OBJ_D)\asn1_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\asn1_err.c
-
-$(OBJ_D)\a_meth.obj: $(SRC_D)\crypto\asn1\a_meth.c
-	$(CC) /Fo$(OBJ_D)\a_meth.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_meth.c
-
-$(OBJ_D)\a_bytes.obj: $(SRC_D)\crypto\asn1\a_bytes.c
-	$(CC) /Fo$(OBJ_D)\a_bytes.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_bytes.c
-
-$(OBJ_D)\evp_asn1.obj: $(SRC_D)\crypto\asn1\evp_asn1.c
-	$(CC) /Fo$(OBJ_D)\evp_asn1.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\evp_asn1.c
-
-$(OBJ_D)\x509_def.obj: $(SRC_D)\crypto\x509\x509_def.c
-	$(CC) /Fo$(OBJ_D)\x509_def.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_def.c
-
-$(OBJ_D)\x509_d2.obj: $(SRC_D)\crypto\x509\x509_d2.c
-	$(CC) /Fo$(OBJ_D)\x509_d2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_d2.c
-
-$(OBJ_D)\x509_r2x.obj: $(SRC_D)\crypto\x509\x509_r2x.c
-	$(CC) /Fo$(OBJ_D)\x509_r2x.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_r2x.c
-
-$(OBJ_D)\x509_cmp.obj: $(SRC_D)\crypto\x509\x509_cmp.c
-	$(CC) /Fo$(OBJ_D)\x509_cmp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_cmp.c
-
-$(OBJ_D)\x509_obj.obj: $(SRC_D)\crypto\x509\x509_obj.c
-	$(CC) /Fo$(OBJ_D)\x509_obj.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_obj.c
-
-$(OBJ_D)\x509_req.obj: $(SRC_D)\crypto\x509\x509_req.c
-	$(CC) /Fo$(OBJ_D)\x509_req.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_req.c
-
-$(OBJ_D)\x509_vfy.obj: $(SRC_D)\crypto\x509\x509_vfy.c
-	$(CC) /Fo$(OBJ_D)\x509_vfy.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_vfy.c
-
-$(OBJ_D)\x509_set.obj: $(SRC_D)\crypto\x509\x509_set.c
-	$(CC) /Fo$(OBJ_D)\x509_set.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_set.c
-
-$(OBJ_D)\x509rset.obj: $(SRC_D)\crypto\x509\x509rset.c
-	$(CC) /Fo$(OBJ_D)\x509rset.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509rset.c
-
-$(OBJ_D)\x509_err.obj: $(SRC_D)\crypto\x509\x509_err.c
-	$(CC) /Fo$(OBJ_D)\x509_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_err.c
-
-$(OBJ_D)\x509name.obj: $(SRC_D)\crypto\x509\x509name.c
-	$(CC) /Fo$(OBJ_D)\x509name.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509name.c
-
-$(OBJ_D)\x509_v3.obj: $(SRC_D)\crypto\x509\x509_v3.c
-	$(CC) /Fo$(OBJ_D)\x509_v3.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_v3.c
-
-$(OBJ_D)\x509_ext.obj: $(SRC_D)\crypto\x509\x509_ext.c
-	$(CC) /Fo$(OBJ_D)\x509_ext.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_ext.c
-
-$(OBJ_D)\x509pack.obj: $(SRC_D)\crypto\x509\x509pack.c
-	$(CC) /Fo$(OBJ_D)\x509pack.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509pack.c
-
-$(OBJ_D)\x509type.obj: $(SRC_D)\crypto\x509\x509type.c
-	$(CC) /Fo$(OBJ_D)\x509type.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509type.c
-
-$(OBJ_D)\x509_lu.obj: $(SRC_D)\crypto\x509\x509_lu.c
-	$(CC) /Fo$(OBJ_D)\x509_lu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_lu.c
-
-$(OBJ_D)\x_all.obj: $(SRC_D)\crypto\x509\x_all.c
-	$(CC) /Fo$(OBJ_D)\x_all.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x_all.c
-
-$(OBJ_D)\x509_txt.obj: $(SRC_D)\crypto\x509\x509_txt.c
-	$(CC) /Fo$(OBJ_D)\x509_txt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_txt.c
-
-$(OBJ_D)\by_file.obj: $(SRC_D)\crypto\x509\by_file.c
-	$(CC) /Fo$(OBJ_D)\by_file.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\by_file.c
-
-$(OBJ_D)\by_dir.obj: $(SRC_D)\crypto\x509\by_dir.c
-	$(CC) /Fo$(OBJ_D)\by_dir.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\by_dir.c
-
-$(OBJ_D)\v3_net.obj: $(SRC_D)\crypto\x509\v3_net.c
-	$(CC) /Fo$(OBJ_D)\v3_net.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\v3_net.c
-
-$(OBJ_D)\v3_x509.obj: $(SRC_D)\crypto\x509\v3_x509.c
-	$(CC) /Fo$(OBJ_D)\v3_x509.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\v3_x509.c
-
-$(OBJ_D)\conf.obj: $(SRC_D)\crypto\conf\conf.c
-	$(CC) /Fo$(OBJ_D)\conf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\conf\conf.c
-
-$(OBJ_D)\conf_err.obj: $(SRC_D)\crypto\conf\conf_err.c
-	$(CC) /Fo$(OBJ_D)\conf_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\conf\conf_err.c
-
-$(OBJ_D)\txt_db.obj: $(SRC_D)\crypto\txt_db\txt_db.c
-	$(CC) /Fo$(OBJ_D)\txt_db.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\txt_db\txt_db.c
-
-$(OBJ_D)\pk7_lib.obj: $(SRC_D)\crypto\pkcs7\pk7_lib.c
-	$(CC) /Fo$(OBJ_D)\pk7_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pkcs7\pk7_lib.c
-
-$(OBJ_D)\pkcs7err.obj: $(SRC_D)\crypto\pkcs7\pkcs7err.c
-	$(CC) /Fo$(OBJ_D)\pkcs7err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pkcs7\pkcs7err.c
-
-$(OBJ_D)\pk7_doit.obj: $(SRC_D)\crypto\pkcs7\pk7_doit.c
-	$(CC) /Fo$(OBJ_D)\pk7_doit.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pkcs7\pk7_doit.c
-
-$(OBJ_D)\s2_meth.obj: $(SRC_D)\ssl\s2_meth.c
-	$(CC) /Fo$(OBJ_D)\s2_meth.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s2_meth.c
-
-$(OBJ_D)\s2_srvr.obj: $(SRC_D)\ssl\s2_srvr.c
-	$(CC) /Fo$(OBJ_D)\s2_srvr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s2_srvr.c
-
-$(OBJ_D)\s2_clnt.obj: $(SRC_D)\ssl\s2_clnt.c
-	$(CC) /Fo$(OBJ_D)\s2_clnt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s2_clnt.c
-
-$(OBJ_D)\s2_lib.obj: $(SRC_D)\ssl\s2_lib.c
-	$(CC) /Fo$(OBJ_D)\s2_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s2_lib.c
-
-$(OBJ_D)\s2_enc.obj: $(SRC_D)\ssl\s2_enc.c
-	$(CC) /Fo$(OBJ_D)\s2_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s2_enc.c
-
-$(OBJ_D)\s2_pkt.obj: $(SRC_D)\ssl\s2_pkt.c
-	$(CC) /Fo$(OBJ_D)\s2_pkt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s2_pkt.c
-
-$(OBJ_D)\s3_meth.obj: $(SRC_D)\ssl\s3_meth.c
-	$(CC) /Fo$(OBJ_D)\s3_meth.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_meth.c
-
-$(OBJ_D)\s3_srvr.obj: $(SRC_D)\ssl\s3_srvr.c
-	$(CC) /Fo$(OBJ_D)\s3_srvr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_srvr.c
-
-$(OBJ_D)\s3_clnt.obj: $(SRC_D)\ssl\s3_clnt.c
-	$(CC) /Fo$(OBJ_D)\s3_clnt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_clnt.c
-
-$(OBJ_D)\s3_lib.obj: $(SRC_D)\ssl\s3_lib.c
-	$(CC) /Fo$(OBJ_D)\s3_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_lib.c
-
-$(OBJ_D)\s3_enc.obj: $(SRC_D)\ssl\s3_enc.c
-	$(CC) /Fo$(OBJ_D)\s3_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_enc.c
-
-$(OBJ_D)\s3_pkt.obj: $(SRC_D)\ssl\s3_pkt.c
-	$(CC) /Fo$(OBJ_D)\s3_pkt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_pkt.c
-
-$(OBJ_D)\s3_both.obj: $(SRC_D)\ssl\s3_both.c
-	$(CC) /Fo$(OBJ_D)\s3_both.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_both.c
-
-$(OBJ_D)\s23_meth.obj: $(SRC_D)\ssl\s23_meth.c
-	$(CC) /Fo$(OBJ_D)\s23_meth.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s23_meth.c
-
-$(OBJ_D)\s23_srvr.obj: $(SRC_D)\ssl\s23_srvr.c
-	$(CC) /Fo$(OBJ_D)\s23_srvr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s23_srvr.c
-
-$(OBJ_D)\s23_clnt.obj: $(SRC_D)\ssl\s23_clnt.c
-	$(CC) /Fo$(OBJ_D)\s23_clnt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s23_clnt.c
-
-$(OBJ_D)\s23_lib.obj: $(SRC_D)\ssl\s23_lib.c
-	$(CC) /Fo$(OBJ_D)\s23_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s23_lib.c
-
-$(OBJ_D)\s23_pkt.obj: $(SRC_D)\ssl\s23_pkt.c
-	$(CC) /Fo$(OBJ_D)\s23_pkt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s23_pkt.c
-
-$(OBJ_D)\t1_meth.obj: $(SRC_D)\ssl\t1_meth.c
-	$(CC) /Fo$(OBJ_D)\t1_meth.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\t1_meth.c
-
-$(OBJ_D)\t1_srvr.obj: $(SRC_D)\ssl\t1_srvr.c
-	$(CC) /Fo$(OBJ_D)\t1_srvr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\t1_srvr.c
-
-$(OBJ_D)\t1_clnt.obj: $(SRC_D)\ssl\t1_clnt.c
-	$(CC) /Fo$(OBJ_D)\t1_clnt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\t1_clnt.c
-
-$(OBJ_D)\t1_lib.obj: $(SRC_D)\ssl\t1_lib.c
-	$(CC) /Fo$(OBJ_D)\t1_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\t1_lib.c
-
-$(OBJ_D)\t1_enc.obj: $(SRC_D)\ssl\t1_enc.c
-	$(CC) /Fo$(OBJ_D)\t1_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\t1_enc.c
-
-$(OBJ_D)\ssl_lib.obj: $(SRC_D)\ssl\ssl_lib.c
-	$(CC) /Fo$(OBJ_D)\ssl_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_lib.c
-
-$(OBJ_D)\ssl_err2.obj: $(SRC_D)\ssl\ssl_err2.c
-	$(CC) /Fo$(OBJ_D)\ssl_err2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_err2.c
-
-$(OBJ_D)\ssl_cert.obj: $(SRC_D)\ssl\ssl_cert.c
-	$(CC) /Fo$(OBJ_D)\ssl_cert.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_cert.c
-
-$(OBJ_D)\ssl_sess.obj: $(SRC_D)\ssl\ssl_sess.c
-	$(CC) /Fo$(OBJ_D)\ssl_sess.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_sess.c
-
-$(OBJ_D)\ssl_ciph.obj: $(SRC_D)\ssl\ssl_ciph.c
-	$(CC) /Fo$(OBJ_D)\ssl_ciph.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_ciph.c
-
-$(OBJ_D)\ssl_stat.obj: $(SRC_D)\ssl\ssl_stat.c
-	$(CC) /Fo$(OBJ_D)\ssl_stat.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_stat.c
-
-$(OBJ_D)\ssl_rsa.obj: $(SRC_D)\ssl\ssl_rsa.c
-	$(CC) /Fo$(OBJ_D)\ssl_rsa.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_rsa.c
-
-$(OBJ_D)\ssl_asn1.obj: $(SRC_D)\ssl\ssl_asn1.c
-	$(CC) /Fo$(OBJ_D)\ssl_asn1.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_asn1.c
-
-$(OBJ_D)\ssl_txt.obj: $(SRC_D)\ssl\ssl_txt.c
-	$(CC) /Fo$(OBJ_D)\ssl_txt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_txt.c
-
-$(OBJ_D)\ssl_algs.obj: $(SRC_D)\ssl\ssl_algs.c
-	$(CC) /Fo$(OBJ_D)\ssl_algs.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_algs.c
-
-$(OBJ_D)\bio_ssl.obj: $(SRC_D)\ssl\bio_ssl.c
-	$(CC) /Fo$(OBJ_D)\bio_ssl.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\bio_ssl.c
-
-$(OBJ_D)\ssl_err.obj: $(SRC_D)\ssl\ssl_err.c
-	$(CC) /Fo$(OBJ_D)\ssl_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_err.c
-
-$(OBJ_D)\rsaref.obj: $(SRC_D)\rsaref\rsaref.c
-	$(CC) /Fo$(OBJ_D)\rsaref.obj  $(LIB_CFLAGS) -c $(SRC_D)\rsaref\rsaref.c
-
-$(OBJ_D)\rsar_err.obj: $(SRC_D)\rsaref\rsar_err.c
-	$(CC) /Fo$(OBJ_D)\rsar_err.obj  $(LIB_CFLAGS) -c $(SRC_D)\rsaref\rsar_err.c
-
-$(TEST_D)\md2test.exe: $(OBJ_D)\md2test.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\md2test.obj
-  $(TEST_D)\md2test.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(TEST_D)\md5test.exe: $(OBJ_D)\md5test.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\md5test.obj
-  $(TEST_D)\md5test.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(TEST_D)\shatest.exe: $(OBJ_D)\shatest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\shatest.obj
-  $(TEST_D)\shatest.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(TEST_D)\sha1test.exe: $(OBJ_D)\sha1test.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\sha1test.obj
-  $(TEST_D)\sha1test.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(TEST_D)\mdc2test.exe: $(OBJ_D)\mdc2test.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\mdc2test.obj
-  $(TEST_D)\mdc2test.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(TEST_D)\hmactest.exe: $(OBJ_D)\hmactest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\hmactest.obj
-  $(TEST_D)\hmactest.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(TEST_D)\rmdtest.exe: $(OBJ_D)\rmdtest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\rmdtest.obj
-  $(TEST_D)\rmdtest.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(TEST_D)\destest.exe: $(OBJ_D)\destest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\destest.obj
-  $(TEST_D)\destest.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(TEST_D)\rc2test.exe: $(OBJ_D)\rc2test.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\rc2test.obj
-  $(TEST_D)\rc2test.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(TEST_D)\rc4test.exe: $(OBJ_D)\rc4test.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\rc4test.obj
-  $(TEST_D)\rc4test.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(TEST_D)\rc5test.exe: $(OBJ_D)\rc5test.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\rc5test.obj
-  $(TEST_D)\rc5test.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(TEST_D)\ideatest.exe: $(OBJ_D)\ideatest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\ideatest.obj
-  $(TEST_D)\ideatest.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(TEST_D)\bftest.exe: $(OBJ_D)\bftest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\bftest.obj
-  $(TEST_D)\bftest.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(TEST_D)\casttest.exe: $(OBJ_D)\casttest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\casttest.obj
-  $(TEST_D)\casttest.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(TEST_D)\bntest.exe: $(OBJ_D)\bntest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\bntest.obj
-  $(TEST_D)\bntest.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(TEST_D)\exptest.exe: $(OBJ_D)\exptest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\exptest.obj
-  $(TEST_D)\exptest.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(TEST_D)\dsatest.exe: $(OBJ_D)\dsatest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\dsatest.obj
-  $(TEST_D)\dsatest.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(TEST_D)\dhtest.exe: $(OBJ_D)\dhtest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\dhtest.obj
-  $(TEST_D)\dhtest.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(TEST_D)\randtest.exe: $(OBJ_D)\randtest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\randtest.obj
-  $(TEST_D)\randtest.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(TEST_D)\ssltest.exe: $(OBJ_D)\ssltest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\ssltest.obj
-  $(TEST_D)\ssltest.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(O_SSL): $(SSLOBJ)
-	$(LINK) $(MLFLAGS) @<<
-  $(SHLIB_EX_OBJ) +
-  $(OBJ_D)\bio_ssl.obj +
-  $(OBJ_D)\s23_clnt.obj +
-  $(OBJ_D)\s23_lib.obj +
-  $(OBJ_D)\s23_meth.obj +
-  $(OBJ_D)\s23_pkt.obj +
-  $(OBJ_D)\s23_srvr.obj +
-  $(OBJ_D)\s2_clnt.obj +
-  $(OBJ_D)\s2_enc.obj +
-  $(OBJ_D)\s2_lib.obj +
-  $(OBJ_D)\s2_meth.obj +
-  $(OBJ_D)\s2_pkt.obj +
-  $(OBJ_D)\s2_srvr.obj +
-  $(OBJ_D)\s3_both.obj +
-  $(OBJ_D)\s3_clnt.obj +
-  $(OBJ_D)\s3_enc.obj +
-  $(OBJ_D)\s3_lib.obj +
-  $(OBJ_D)\s3_meth.obj +
-  $(OBJ_D)\s3_pkt.obj +
-  $(OBJ_D)\s3_srvr.obj +
-  $(OBJ_D)\ssl_algs.obj +
-  $(OBJ_D)\ssl_asn1.obj +
-  $(OBJ_D)\ssl_cert.obj +
-  $(OBJ_D)\ssl_ciph.obj +
-  $(OBJ_D)\ssl_err.obj +
-  $(OBJ_D)\ssl_err2.obj +
-  $(OBJ_D)\ssl_lib.obj +
-  $(OBJ_D)\ssl_rsa.obj +
-  $(OBJ_D)\ssl_sess.obj +
-  $(OBJ_D)\ssl_stat.obj +
-  $(OBJ_D)\ssl_txt.obj +
-  $(OBJ_D)\t1_clnt.obj +
-  $(OBJ_D)\t1_enc.obj +
-  $(OBJ_D)\t1_lib.obj +
-  $(OBJ_D)\t1_meth.obj +
-  $(OBJ_D)\t1_srvr.obj +
-
-  $(O_SSL)
-
-  $(L_CRYPTO) winsock oldnames ldllcew libw
-ms\ssleay16.def;
-<<
-	implib /noignorecase /nowep $(L_SSL) $(O_SSL)
-
-$(O_RSAGLUE): $(RSAGLUEOBJ)
-	del $(O_RSAGLUE)
-	$(MKLIB) @<<
-$(O_RSAGLUE)
-y
-+$(OBJ_D)\rsar_err.obj &
-+$(OBJ_D)\rsaref.obj &
-
-
-<<
-
-$(O_CRYPTO): $(CRYPTOOBJ)
-	$(LINK) $(MLFLAGS) @<<
-  $(SHLIB_EX_OBJ) +
-  $(BN_MULW_OBJ) +
-  $(OBJ_D)\a_bitstr.obj +
-  $(OBJ_D)\a_bool.obj +
-  $(OBJ_D)\a_bytes.obj +
-  $(OBJ_D)\a_d2i_fp.obj +
-  $(OBJ_D)\a_digest.obj +
-  $(OBJ_D)\a_dup.obj +
-  $(OBJ_D)\a_hdr.obj +
-  $(OBJ_D)\a_i2d_fp.obj +
-  $(OBJ_D)\a_int.obj +
-  $(OBJ_D)\a_meth.obj +
-  $(OBJ_D)\a_object.obj +
-  $(OBJ_D)\a_octet.obj +
-  $(OBJ_D)\a_print.obj +
-  $(OBJ_D)\a_set.obj +
-  $(OBJ_D)\a_sign.obj +
-  $(OBJ_D)\a_type.obj +
-  $(OBJ_D)\a_utctm.obj +
-  $(OBJ_D)\a_verify.obj +
-  $(OBJ_D)\asn1_err.obj +
-  $(OBJ_D)\asn1_lib.obj +
-  $(OBJ_D)\asn1_par.obj +
-  $(OBJ_D)\b_dump.obj +
-  $(OBJ_D)\b_print.obj +
-  $(OBJ_D)\b_sock.obj +
-  $(OBJ_D)\bf_buff.obj +
-  $(OBJ_D)\bf_cfb64.obj +
-  $(OBJ_D)\bf_ecb.obj +
-  $(OBJ_D)\bf_enc.obj +
-  $(OBJ_D)\bf_nbio.obj +
-  $(OBJ_D)\bf_null.obj +
-  $(OBJ_D)\bf_ofb64.obj +
-  $(OBJ_D)\bf_skey.obj +
-  $(OBJ_D)\bio_b64.obj +
-  $(OBJ_D)\bio_cb.obj +
-  $(OBJ_D)\bio_enc.obj +
-  $(OBJ_D)\bio_err.obj +
-  $(OBJ_D)\bio_lib.obj +
-  $(OBJ_D)\bio_md.obj +
-  $(OBJ_D)\bn_add.obj +
-  $(OBJ_D)\bn_blind.obj +
-  $(OBJ_D)\bn_div.obj +
-  $(OBJ_D)\bn_err.obj +
-  $(OBJ_D)\bn_exp.obj +
-  $(OBJ_D)\bn_gcd.obj +
-  $(OBJ_D)\bn_lib.obj +
-  $(OBJ_D)\bn_mod.obj +
-  $(OBJ_D)\bn_mont.obj +
-  $(OBJ_D)\bn_mpi.obj +
-  $(OBJ_D)\bn_mul.obj +
-  $(OBJ_D)\bn_prime.obj +
-  $(OBJ_D)\bn_print.obj +
-  $(OBJ_D)\bn_rand.obj +
-  $(OBJ_D)\bn_recp.obj +
-  $(OBJ_D)\bn_shift.obj +
-  $(OBJ_D)\bn_sqr.obj +
-  $(OBJ_D)\bn_sub.obj +
-  $(OBJ_D)\bn_word.obj +
-  $(OBJ_D)\bss_acpt.obj +
-  $(OBJ_D)\bss_conn.obj +
-  $(OBJ_D)\bss_fd.obj +
-  $(OBJ_D)\bss_file.obj +
-  $(OBJ_D)\bss_mem.obj +
-  $(OBJ_D)\bss_null.obj +
-  $(OBJ_D)\bss_sock.obj +
-  $(OBJ_D)\buf_err.obj +
-  $(OBJ_D)\buffer.obj +
-  $(OBJ_D)\by_dir.obj +
-  $(OBJ_D)\by_file.obj +
-  $(OBJ_D)\c_all.obj +
-  $(OBJ_D)\c_cfb64.obj +
-  $(OBJ_D)\c_ecb.obj +
-  $(OBJ_D)\c_enc.obj +
-  $(OBJ_D)\c_ofb64.obj +
-  $(OBJ_D)\c_skey.obj +
-  $(OBJ_D)\cbc_cksm.obj +
-  $(OBJ_D)\cbc_enc.obj +
-  $(OBJ_D)\cfb64ede.obj +
-  $(OBJ_D)\cfb64enc.obj +
-  $(OBJ_D)\cfb_enc.obj +
-  $(OBJ_D)\conf.obj +
-  $(OBJ_D)\conf_err.obj +
-  $(OBJ_D)\cpt_err.obj +
-  $(OBJ_D)\cryptlib.obj +
-  $(OBJ_D)\cversion.obj +
-  $(OBJ_D)\d2i_dhp.obj +
-  $(OBJ_D)\d2i_dsap.obj +
-  $(OBJ_D)\d2i_pr.obj +
-  $(OBJ_D)\d2i_pu.obj +
-  $(OBJ_D)\d2i_r_pr.obj +
-  $(OBJ_D)\d2i_r_pu.obj +
-  $(OBJ_D)\d2i_s_pr.obj +
-  $(OBJ_D)\d2i_s_pu.obj +
-  $(OBJ_D)\des_enc.obj +
-  $(OBJ_D)\dh_check.obj +
-  $(OBJ_D)\dh_err.obj +
-  $(OBJ_D)\dh_gen.obj +
-  $(OBJ_D)\dh_key.obj +
-  $(OBJ_D)\dh_lib.obj +
-  $(OBJ_D)\digest.obj +
-  $(OBJ_D)\dsa_err.obj +
-  $(OBJ_D)\dsa_gen.obj +
-  $(OBJ_D)\dsa_key.obj +
-  $(OBJ_D)\dsa_lib.obj +
-  $(OBJ_D)\dsa_sign.obj +
-  $(OBJ_D)\dsa_vrf.obj +
-  $(OBJ_D)\e_cbc_3d.obj +
-  $(OBJ_D)\e_cbc_bf.obj +
-  $(OBJ_D)\e_cbc_c.obj +
-  $(OBJ_D)\e_cbc_d.obj +
-  $(OBJ_D)\e_cbc_i.obj +
-  $(OBJ_D)\e_cbc_r2.obj +
-  $(OBJ_D)\e_cbc_r5.obj +
-  $(OBJ_D)\e_cfb_3d.obj +
-  $(OBJ_D)\e_cfb_bf.obj +
-  $(OBJ_D)\e_cfb_c.obj +
-  $(OBJ_D)\e_cfb_d.obj +
-  $(OBJ_D)\e_cfb_i.obj +
-  $(OBJ_D)\e_cfb_r2.obj +
-  $(OBJ_D)\e_cfb_r5.obj +
-  $(OBJ_D)\e_ecb_3d.obj +
-  $(OBJ_D)\e_ecb_bf.obj +
-  $(OBJ_D)\e_ecb_c.obj +
-  $(OBJ_D)\e_ecb_d.obj +
-  $(OBJ_D)\e_ecb_i.obj +
-  $(OBJ_D)\e_ecb_r2.obj +
-  $(OBJ_D)\e_ecb_r5.obj +
-  $(OBJ_D)\e_null.obj +
-  $(OBJ_D)\e_ofb_3d.obj +
-  $(OBJ_D)\e_ofb_bf.obj +
-  $(OBJ_D)\e_ofb_c.obj +
-  $(OBJ_D)\e_ofb_d.obj +
-  $(OBJ_D)\e_ofb_i.obj +
-  $(OBJ_D)\e_ofb_r2.obj +
-  $(OBJ_D)\e_ofb_r5.obj +
-  $(OBJ_D)\e_rc4.obj +
-  $(OBJ_D)\e_xcbc_d.obj +
-  $(OBJ_D)\ecb3_enc.obj +
-  $(OBJ_D)\ecb_enc.obj +
-  $(OBJ_D)\enc_read.obj +
-  $(OBJ_D)\enc_writ.obj +
-  $(OBJ_D)\encode.obj +
-  $(OBJ_D)\err.obj +
-  $(OBJ_D)\err_all.obj +
-  $(OBJ_D)\err_prn.obj +
-  $(OBJ_D)\evp_asn1.obj +
-  $(OBJ_D)\evp_enc.obj +
-  $(OBJ_D)\evp_err.obj +
-  $(OBJ_D)\evp_key.obj +
-  $(OBJ_D)\evp_lib.obj +
-  $(OBJ_D)\ex_data.obj +
-  $(OBJ_D)\f_int.obj +
-  $(OBJ_D)\f_string.obj +
-  $(OBJ_D)\fcrypt.obj +
-  $(OBJ_D)\fcrypt_b.obj +
-  $(OBJ_D)\hmac.obj +
-  $(OBJ_D)\i2d_dhp.obj +
-  $(OBJ_D)\i2d_dsap.obj +
-  $(OBJ_D)\i2d_pr.obj +
-  $(OBJ_D)\i2d_pu.obj +
-  $(OBJ_D)\i2d_r_pr.obj +
-  $(OBJ_D)\i2d_r_pu.obj +
-  $(OBJ_D)\i2d_s_pr.obj +
-  $(OBJ_D)\i2d_s_pu.obj +
-  $(OBJ_D)\i_cbc.obj +
-  $(OBJ_D)\i_cfb64.obj +
-  $(OBJ_D)\i_ecb.obj +
-  $(OBJ_D)\i_ofb64.obj +
-  $(OBJ_D)\i_skey.obj +
-  $(OBJ_D)\lh_stats.obj +
-  $(OBJ_D)\lhash.obj +
-  $(OBJ_D)\m_dss.obj +
-  $(OBJ_D)\m_dss1.obj +
-  $(OBJ_D)\m_md2.obj +
-  $(OBJ_D)\m_md5.obj +
-  $(OBJ_D)\m_mdc2.obj +
-  $(OBJ_D)\m_null.obj +
-  $(OBJ_D)\m_ripemd.obj +
-  $(OBJ_D)\m_sha.obj +
-  $(OBJ_D)\m_sha1.obj +
-  $(OBJ_D)\md2_dgst.obj +
-  $(OBJ_D)\md2_one.obj +
-  $(OBJ_D)\md5_dgst.obj +
-  $(OBJ_D)\md5_one.obj +
-  $(OBJ_D)\md_rand.obj +
-  $(OBJ_D)\mdc2_one.obj +
-  $(OBJ_D)\mdc2dgst.obj +
-  $(OBJ_D)\mem.obj +
-  $(OBJ_D)\n_pkey.obj +
-  $(OBJ_D)\names.obj +
-  $(OBJ_D)\obj_dat.obj +
-  $(OBJ_D)\obj_err.obj +
-  $(OBJ_D)\obj_lib.obj +
-  $(OBJ_D)\ofb64ede.obj +
-  $(OBJ_D)\ofb64enc.obj +
-  $(OBJ_D)\ofb_enc.obj +
-  $(OBJ_D)\p7_dgst.obj +
-  $(OBJ_D)\p7_enc.obj +
-  $(OBJ_D)\p7_enc_c.obj +
-  $(OBJ_D)\p7_evp.obj +
-  $(OBJ_D)\p7_i_s.obj +
-  $(OBJ_D)\p7_lib.obj +
-  $(OBJ_D)\p7_recip.obj +
-  $(OBJ_D)\p7_s_e.obj +
-  $(OBJ_D)\p7_signd.obj +
-  $(OBJ_D)\p7_signi.obj +
-  $(OBJ_D)\p_dec.obj +
-  $(OBJ_D)\p_enc.obj +
-  $(OBJ_D)\p_lib.obj +
-  $(OBJ_D)\p_open.obj +
-  $(OBJ_D)\p_seal.obj +
-  $(OBJ_D)\p_sign.obj +
-  $(OBJ_D)\p_verify.obj +
-  $(OBJ_D)\pcbc_enc.obj +
-  $(OBJ_D)\pem_all.obj +
-  $(OBJ_D)\pem_err.obj +
-  $(OBJ_D)\pem_info.obj +
-  $(OBJ_D)\pem_lib.obj +
-  $(OBJ_D)\pem_seal.obj +
-  $(OBJ_D)\pem_sign.obj +
-  $(OBJ_D)\pk7_doit.obj +
-  $(OBJ_D)\pk7_lib.obj +
-  $(OBJ_D)\pkcs7err.obj +
-  $(OBJ_D)\qud_cksm.obj +
-  $(OBJ_D)\rand_key.obj +
-  $(OBJ_D)\randfile.obj +
-  $(OBJ_D)\rc2_cbc.obj +
-  $(OBJ_D)\rc2_ecb.obj +
-  $(OBJ_D)\rc2_skey.obj +
-  $(OBJ_D)\rc2cfb64.obj +
-  $(OBJ_D)\rc2ofb64.obj +
-  $(OBJ_D)\rc4_enc.obj +
-  $(OBJ_D)\rc4_skey.obj +
-  $(OBJ_D)\rc5_ecb.obj +
-  $(OBJ_D)\rc5_enc.obj +
-  $(OBJ_D)\rc5_skey.obj +
-  $(OBJ_D)\rc5cfb64.obj +
-  $(OBJ_D)\rc5ofb64.obj +
-  $(OBJ_D)\read2pwd.obj +
-  $(OBJ_D)\read_pwd.obj +
-  $(OBJ_D)\rmd_dgst.obj +
-  $(OBJ_D)\rmd_one.obj +
-  $(OBJ_D)\rpc_enc.obj +
-  $(OBJ_D)\rsa_eay.obj +
-  $(OBJ_D)\rsa_err.obj +
-  $(OBJ_D)\rsa_gen.obj +
-  $(OBJ_D)\rsa_lib.obj +
-  $(OBJ_D)\rsa_none.obj +
-  $(OBJ_D)\rsa_pk1.obj +
-  $(OBJ_D)\rsa_saos.obj +
-  $(OBJ_D)\rsa_sign.obj +
-  $(OBJ_D)\rsa_ssl.obj +
-  $(OBJ_D)\set_key.obj +
-  $(OBJ_D)\sha1_one.obj +
-  $(OBJ_D)\sha1dgst.obj +
-  $(OBJ_D)\sha_dgst.obj +
-  $(OBJ_D)\sha_one.obj +
-  $(OBJ_D)\stack.obj +
-  $(OBJ_D)\str2key.obj +
-  $(OBJ_D)\supp.obj +
-  $(OBJ_D)\t_pkey.obj +
-  $(OBJ_D)\t_req.obj +
-  $(OBJ_D)\t_x509.obj +
-  $(OBJ_D)\txt_db.obj +
-  $(OBJ_D)\v3_net.obj +
-  $(OBJ_D)\v3_x509.obj +
-  $(OBJ_D)\x509_cmp.obj +
-  $(OBJ_D)\x509_d2.obj +
-  $(OBJ_D)\x509_def.obj +
-  $(OBJ_D)\x509_err.obj +
-  $(OBJ_D)\x509_ext.obj +
-  $(OBJ_D)\x509_lu.obj +
-  $(OBJ_D)\x509_obj.obj +
-  $(OBJ_D)\x509_r2x.obj +
-  $(OBJ_D)\x509_req.obj +
-  $(OBJ_D)\x509_set.obj +
-  $(OBJ_D)\x509_txt.obj +
-  $(OBJ_D)\x509_v3.obj +
-  $(OBJ_D)\x509_vfy.obj +
-  $(OBJ_D)\x509name.obj +
-  $(OBJ_D)\x509pack.obj +
-  $(OBJ_D)\x509rset.obj +
-  $(OBJ_D)\x509type.obj +
-  $(OBJ_D)\x_algor.obj +
-  $(OBJ_D)\x_all.obj +
-  $(OBJ_D)\x_attrib.obj +
-  $(OBJ_D)\x_cinf.obj +
-  $(OBJ_D)\x_crl.obj +
-  $(OBJ_D)\x_exten.obj +
-  $(OBJ_D)\x_info.obj +
-  $(OBJ_D)\x_name.obj +
-  $(OBJ_D)\x_pkey.obj +
-  $(OBJ_D)\x_pubkey.obj +
-  $(OBJ_D)\x_req.obj +
-  $(OBJ_D)\x_sig.obj +
-  $(OBJ_D)\x_spki.obj +
-  $(OBJ_D)\x_val.obj +
-  $(OBJ_D)\x_x509.obj +
-  $(OBJ_D)\xcbc_enc.obj +
-
-  $(O_CRYPTO)
-
-   winsock oldnames ldllcew libw
-ms\libeay16.def;
-<<
-	implib /noignorecase /nowep $(L_CRYPTO) $(O_CRYPTO)
-
-$(BIN_D)\$(E_EXE).exe: $(E_OBJ) $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) +
-  $(OBJ_D)\apps.obj +
-  $(OBJ_D)\asn1pars.obj +
-  $(OBJ_D)\ca.obj +
-  $(OBJ_D)\ciphers.obj +
-  $(OBJ_D)\crl.obj +
-  $(OBJ_D)\crl2p7.obj +
-  $(OBJ_D)\dgst.obj +
-  $(OBJ_D)\dh.obj +
-  $(OBJ_D)\dsa.obj +
-  $(OBJ_D)\dsaparam.obj +
-  $(OBJ_D)\enc.obj +
-  $(OBJ_D)\errstr.obj +
-  $(OBJ_D)\gendh.obj +
-  $(OBJ_D)\genrsa.obj +
-  $(OBJ_D)\pkcs7.obj +
-  $(OBJ_D)\req.obj +
-  $(OBJ_D)\rsa.obj +
-  $(OBJ_D)\s_cb.obj +
-  $(OBJ_D)\s_client.obj +
-  $(OBJ_D)\s_server.obj +
-  $(OBJ_D)\s_socket.obj +
-  $(OBJ_D)\s_time.obj +
-  $(OBJ_D)\sess_id.obj +
-  $(OBJ_D)\speed.obj +
-  $(OBJ_D)\ssleay.obj +
-  $(OBJ_D)\verify.obj +
-  $(OBJ_D)\version.obj +
-  $(OBJ_D)\x509.obj +
-
-  $(BIN_D)\$(E_EXE).exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
diff --git a/lib/libssl/src/ms/x86asm.bat b/lib/libssl/src/ms/x86asm.bat
new file mode 100644
index 00000000000..4d80e706e4b
--- /dev/null
+++ b/lib/libssl/src/ms/x86asm.bat
@@ -0,0 +1,57 @@
+
+@echo off
+echo Generating x86 assember
+
+echo Bignum
+cd crypto\bn\asm
+perl x86.pl win32n > bn-win32.asm
+cd ..\..\..
+
+echo DES
+cd crypto\des\asm
+perl des-586.pl win32n > d-win32.asm
+cd ..\..\..
+
+echo "crypt(3)"
+
+cd crypto\des\asm
+perl crypt586.pl win32n > y-win32.asm
+cd ..\..\..
+
+echo Blowfish
+
+cd crypto\bf\asm
+perl bf-586.pl win32n > b-win32.asm
+cd ..\..\..
+
+echo CAST5
+cd crypto\cast\asm
+perl cast-586.pl win32n > c-win32.asm
+cd ..\..\..
+
+echo RC4
+cd crypto\rc4\asm
+perl rc4-586.pl win32n > r4-win32.asm
+cd ..\..\..
+
+echo MD5
+cd crypto\md5\asm
+perl md5-586.pl win32n > m5-win32.asm
+cd ..\..\..
+
+echo SHA1
+cd crypto\sha\asm
+perl sha1-586.pl win32n > s1-win32.asm
+cd ..\..\..
+
+echo RIPEMD160
+cd crypto\ripemd\asm
+perl rmd-586.pl win32n > rm-win32.asm
+cd ..\..\..
+
+echo RC5\32
+cd crypto\rc5\asm
+perl rc5-586.pl win32n > r5-win32.asm
+cd ..\..\..
+
+echo on
diff --git a/lib/libssl/src/mt/mttest.c b/lib/libssl/src/mt/mttest.c
index 8651a1131a0..b2f332602da 100644
--- a/lib/libssl/src/mt/mttest.c
+++ b/lib/libssl/src/mt/mttest.c
@@ -74,13 +74,13 @@
 #include <ulocks.h>
 #include <sys/prctl.h>
 #endif
-#include "lhash.h"
-#include "crypto.h"
-#include "buffer.h"
+#include <openssl/lhash.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
 #include "../e_os.h"
-#include "x509.h"
-#include "ssl.h"
-#include "err.h"
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
 
 #ifdef NO_FP_API
 #define APPS_WIN16
@@ -92,7 +92,6 @@
 
 #define MAX_THREAD_NUMBER	100
 
-#ifndef NOPROTO
 int MS_CALLBACK verify_callback(int ok, X509 *xs, X509 *xi, int depth,
 	int error,char *arg);
 void thread_setup(void);
@@ -108,23 +107,6 @@ unsigned long irix_thread_id(void );
 unsigned long solaris_thread_id(void );
 unsigned long pthreads_thread_id(void );
 
-#else
-int MS_CALLBACK verify_callback();
-void thread_setup();
-void thread_cleanup();
-void do_threads();
-
-void irix_locking_callback();
-void solaris_locking_callback();
-void win32_locking_callback();
-void pthreads_locking_callback();
-
-unsigned long irix_thread_id();
-unsigned long solaris_thread_id();
-unsigned long pthreads_thread_id();
-
-#endif
-
 BIO *bio_err=NULL;
 BIO *bio_stdout=NULL;
 
@@ -139,12 +121,7 @@ int number_of_loops=10;
 int reconnect=0;
 int cache_stats=0;
 
-#ifndef  NOPROTO
 int doit(char *ctx[4]);
-#else
-int doit();
-#endif
-
 static void print_stats(fp,ctx)
 FILE *fp;
 SSL_CTX *ctx;
diff --git a/lib/libssl/src/openssl.doxy b/lib/libssl/src/openssl.doxy
new file mode 100644
index 00000000000..479c311470a
--- /dev/null
+++ b/lib/libssl/src/openssl.doxy
@@ -0,0 +1,7 @@
+PROJECT_NAME=OpenSSL
+GENERATE_LATEX=no
+OUTPUT_DIRECTORY=doxygen
+INPUT=ssl include
+FILE_PATTERNS=*.c *.h
+RECURSIVE=yes
+PREDEFINED=DOXYGEN
diff --git a/lib/libssl/src/perl/MANIFEST b/lib/libssl/src/perl/MANIFEST
index 992db5ed4c1..80c900769d0 100644
--- a/lib/libssl/src/perl/MANIFEST
+++ b/lib/libssl/src/perl/MANIFEST
@@ -1,17 +1,17 @@
+README.1ST
 MANIFEST
 Makefile.PL
-SSLeay.pm
-bio.xs
-bn.xs
-cipher.xs
-digest.xs
-err.xs
-ssl.xs
-x509.xs
-test.pl
-test2.pl
-test3.pl
-test9.pl
-testbn.pl
-testmd.pl
 typemap
+OpenSSL.pm
+OpenSSL.xs
+openssl.h
+openssl_bio.xs
+openssl_bn.xs
+openssl_cipher.xs
+openssl_digest.xs
+openssl_err.xs
+openssl_ssl.xs
+openssl_x509.xs
+t/01-use.t
+t/02-version.t
+t/03-bio.t
diff --git a/lib/libssl/src/perl/Makefile.PL b/lib/libssl/src/perl/Makefile.PL
index f9998e0a610..2a67ad061d5 100644
--- a/lib/libssl/src/perl/Makefile.PL
+++ b/lib/libssl/src/perl/Makefile.PL
@@ -1,25 +1,45 @@
+##
+##  Makefile.PL -- Perl MakeMaker specification
+##
+
+open(IN,"<../Makefile.ssl") || die "unable to open Makefile.ssl!\n";
+while(<IN>) {
+    $V=$1 if (/^VERSION=(.*)$/);
+}
+close(IN);
+print "Configuring companion Perl module for OpenSSL $V\n";
+
 use ExtUtils::MakeMaker;
-# See lib/ExtUtils/MakeMaker.pm for details of how to influence
-# the contents of the Makefile that is written.
+
 WriteMakefile(
-	'OPTIMIZE'	=> '-g',
-	'DISTNAME'	=> 'SSLeay-perl5-0.8.5',
-	'NAME'		=> 'SSLeay',
-	'VERSION_FROM'	=> 'SSLeay.pm',
-	'LIBS'		=> ['-L.. -lssl -lcrypto'],
-	'DEFINE'	=> '',
-	'INC'		=> '-I../include',
-	'C'		=> ['callback.c'],
-	'H'		=> ['p5SSLeay.h'],
-	'OBJECT'	=> "	SSLeay.o bio.o bn.o cipher.o digest.o err.o 
-				ssl.o x509.o",
-	'XS'		=> {	'SSLeay.xs'	=>	'SSLeay.c',
-				'bio.xs'	=>	'bio.c',
-				'bn.xs'		=>	'bn.c',
-				'cipher.xs'	=>	'cipher.c',
-				'digest.xs'	=>	'digest.c',
-				'err.xs'	=>	'err.c',
-				'ssl.xs'	=>	'ssl.c',
-				'x509.xs'	=>	'x509.c',
-				}
-	);
+    'OPTIMIZE'      => '',
+    'DISTNAME'      => "openssl-$V",
+    'NAME'          => 'OpenSSL',
+    'VERSION_FROM'  => 'OpenSSL.pm',
+    'LIBS'          => ( $^O eq 'MSWin32'
+                         ? [ '-L../out32dll -lssleay32 -llibeay32' ]
+                         : [ '-L.. -lssl -lcrypto' ]                 ),
+    'DEFINE'        => '',
+    'INC'           => '-I../include',
+    'H'             => ['openssl.h'],
+    'OBJECT' =>
+        'OpenSSL.o ' .
+        'openssl_bio.o ' .
+        'openssl_bn.o ' .
+        'openssl_cipher.o ' .
+        'openssl_digest.o ' .
+        'openssl_err.o ' .
+        'openssl_ssl.o ' .
+        'openssl_x509.o ',
+    'XS' => { 
+        'OpenSSL.xs'        =>  'OpenSSL.c',
+        'openssl_bio.xs'    =>  'openssl_bio.c',
+        'openssl_bn.xs'     =>  'openssl_bn.c',
+        'openssl_cipher.xs' =>  'openssl_cipher.c',
+        'openssl_digest.xs' =>  'openssl_digest.c',
+        'openssl_err.xs'    =>  'openssl_err.c',
+        'openssl_ssl.xs'    =>  'openssl_ssl.c',
+        'openssl_x509.xs'   =>  'openssl_x509.c',
+    },
+);
+
diff --git a/lib/libssl/src/perl/OpenSSL.pm b/lib/libssl/src/perl/OpenSSL.pm
new file mode 100644
index 00000000000..ae7265a21d9
--- /dev/null
+++ b/lib/libssl/src/perl/OpenSSL.pm
@@ -0,0 +1,90 @@
+##
+##  OpenSSL.pm
+##
+
+package OpenSSL;
+
+require 5.000;
+use Exporter;
+use DynaLoader;
+
+@ISA    = qw(Exporter DynaLoader);
+@EXPORT = qw();
+
+$VERSION = '0.94';
+bootstrap OpenSSL;
+
+@OpenSSL::BN::ISA        = qw(OpenSSL::ERR);
+@OpenSSL::MD::ISA        = qw(OpenSSL::ERR);
+@OpenSSL::Cipher::ISA    = qw(OpenSSL::ERR);
+@OpenSSL::SSL::CTX::ISA  = qw(OpenSSL::ERR);
+@OpenSSL::BIO::ISA       = qw(OpenSSL::ERR);
+@OpenSSL::SSL::ISA       = qw(OpenSSL::ERR);
+
+@BN::ISA                 = qw(OpenSSL::BN);
+@MD::ISA                 = qw(OpenSSL::MD);
+@Cipher::ISA             = qw(OpenSSL::Cipher);
+@SSL::ISA                = qw(OpenSSL::SSL);
+@SSL::CTX::ISA           = qw(OpenSSL::SSL::CTX);
+@BIO::ISA                = qw(OpenSSL::BIO);
+
+@OpenSSL::MD::names = qw(
+    md2 md5 sha sha1 ripemd160 mdc2
+);
+
+@OpenSSL::Cipher::names = qw(
+    des-ecb des-cfb des-ofb des-cbc
+    des-ede des-ede-cfb des-ede-ofb des-ede-cbc
+    des-ede3 des-ede3-cfb des-ede3-ofb des-ede3-cbc
+    desx-cbc rc4 rc4-40
+    idea-ecb idea-cfb idea-ofb idea-cbc
+    rc2-ecb rc2-cbc rc2-40-cbc rc2-cfb rc2-ofb
+    bf-ecb bf-cfb bf-ofb bf-cbc
+    cast5-ecb cast5-cfb cast5-ofb cast5-cbc
+    rc5-ecb rc5-cfb rc5-ofb rc5-cbc
+);
+
+sub OpenSSL::SSL::CTX::new_ssl { 
+    OpenSSL::SSL::new($_[0]);
+}
+
+sub OpenSSL::ERR::error {
+    my($o) = @_;
+    my($s, $ret);
+
+    while (($s = $o->get_error()) != 0) {
+        $ret.=$s."\n";
+    }
+    return($ret);
+}
+
+@OpenSSL::Cipher::aliases = qw(
+    des desx des3 idea rc2 bf cast
+);
+
+package OpenSSL::BN;
+
+sub bnfix { 
+    (ref($_[0]) ne "OpenSSL::BN") ? OpenSSL::BN::dec2bn($_[0]) : $_[0]; 
+}
+
+use overload
+"="    => sub { dup($_[0]); },
+"+"    => sub { add($_[0],$_[1]); },
+"-"    => sub { ($_[1],$_[0])=($_[0],$_[1]) if $_[2]; OpenSSL::BN::sub($_[0],$_[1]); },
+"*"    => sub { mul($_[0],$_[1]); },
+"**"   => sub { ($_[1],$_[0])=($_[0],$_[1]) if $_[2]; OpenSSL::BN::exp($_[0],$_[1]); },
+"/"    => sub { ($_[1],$_[0])=($_[0],$_[1]) if $_[2]; (div($_[0],$_[1]))[0]; },
+"%"    => sub { ($_[1],$_[0])=($_[0],$_[1]) if $_[2]; mod($_[0],$_[1]); },
+"<<"   => sub { lshift($_[0],$_[1]); },
+">>"   => sub { rshift($_[0],$_[1]); },
+"<=>"  => sub { OpenSSL::BN::cmp($_[0],$_[1]); },
+'""'   => sub { bn2dec($_[0]); },
+'0+'   => sub { dec2bn($_[0]); },
+"bool" => sub { ref($_[0]) eq "OpenSSL::BN"; };
+
+sub OpenSSL::BIO::do_accept { 
+    OpenSSL::BIO::do_handshake(@_);
+}
+
+1;
diff --git a/lib/libssl/src/perl/OpenSSL.xs b/lib/libssl/src/perl/OpenSSL.xs
new file mode 100644
index 00000000000..2267168b79a
--- /dev/null
+++ b/lib/libssl/src/perl/OpenSSL.xs
@@ -0,0 +1,82 @@
+/*
+**  OpenSSL.xs
+*/
+
+#include "openssl.h"
+
+SV *
+new_ref(type, obj, mort)
+  char *type;
+  char *obj;
+{
+    SV *ret;
+
+    if (mort)
+        ret = sv_newmortal();
+    else
+        ret = newSViv(0);
+#ifdef DEBUG
+    printf(">new_ref %d\n",type);
+#endif
+    sv_setref_pv(ret, type, (void *)obj);
+    return(ret);
+}
+
+int 
+ex_new(obj, data, ad, idx, argl, argp)
+  char *obj;
+  SV *data;
+  CRYPTO_EX_DATA *ad;
+  int idx;
+  long argl;
+  char *argp;
+{
+    SV *sv;
+
+#ifdef DEBUG
+    printf("ex_new %08X %s\n",obj,argp); 
+#endif
+    sv = sv_newmortal();
+    sv_setref_pv(sv, argp, (void *)obj);
+#ifdef DEBUG
+    printf("%d>new_ref '%s'\n", sv, argp);
+#endif
+    CRYPTO_set_ex_data(ad, idx, (char *)sv);
+    return(1);
+}
+
+void 
+ex_cleanup(obj, data, ad, idx, argl, argp)
+  char *obj;
+  SV *data;
+  CRYPTO_EX_DATA *ad;
+  int idx;
+  long argl;
+  char *argp;
+{
+    pr_name("ex_cleanup");
+#ifdef DEBUG
+    printf("ex_cleanup %08X %s\n", obj, argp);
+#endif
+    if (data != NULL)
+        SvREFCNT_dec((SV *)data);
+}
+
+MODULE = OpenSSL  PACKAGE = OpenSSL
+
+PROTOTYPES: ENABLE
+
+BOOT:
+    boot_bio();
+    boot_cipher();
+    boot_digest();
+    boot_err();
+    boot_ssl();
+    boot_OpenSSL__BN();
+    boot_OpenSSL__BIO();
+    boot_OpenSSL__Cipher();
+    boot_OpenSSL__MD();
+    boot_OpenSSL__ERR();
+    boot_OpenSSL__SSL();
+    boot_OpenSSL__X509();
+
diff --git a/lib/libssl/src/perl/README.1ST b/lib/libssl/src/perl/README.1ST
new file mode 100644
index 00000000000..7b5a1aa5e9d
--- /dev/null
+++ b/lib/libssl/src/perl/README.1ST
@@ -0,0 +1,4 @@
+
+  WARNING, this Perl interface to OpenSSL is horrible incomplete.
+  Don't expect it to be really useable!!
+
diff --git a/lib/libssl/src/perl/SSLeay.pm b/lib/libssl/src/perl/SSLeay.pm
deleted file mode 100644
index f7710039d25..00000000000
--- a/lib/libssl/src/perl/SSLeay.pm
+++ /dev/null
@@ -1,78 +0,0 @@
-package SSLeay;
-
-use Exporter;
-use DynaLoader;
-
-@ISA = qw(Exporter DynaLoader);
-@EXPORT = qw();
-
-$VERSION='0.82';
-$VERSION='0.82';
-bootstrap SSLeay;
-
-@SSLeay::BN::ISA=	qw(SSLeay::ERR);
-@SSLeay::MD::ISA=	qw(SSLeay::ERR);
-@SSLeay::Cipher::ISA=	qw(SSLeay::ERR);
-@SSLeay::SSL::CTX::ISA=	qw(SSLeay::ERR);
-@SSLeay::BIO::ISA=	qw(SSLeay::ERR);
-@SSLeay::SSL::ISA=	qw(SSLeay::ERR);
-
-@BN::ISA=	qw(SSLeay::BN);
-@MD::ISA=	qw(SSLeay::MD);
-@Cipher::ISA=	qw(SSLeay::Cipher);
-@SSL::ISA=	qw(SSLeay::SSL);
-@SSL::CTX::ISA=	qw(SSLeay::SSL::CTX);
-@BIO::ISA=	qw(SSLeay::BIO);
-
-
-@SSLeay::MD::names=qw(md2 md5 sha sha1 ripemd160 mdc2);
-
-@SSLeay::Cipher::names=qw(
-	des-ecb des-cfb des-ofb des-cbc
-	des-ede des-ede-cfb des-ede-ofb des-ede-cbc
-	des-ede3 des-ede3-cfb des-ede3-ofb des-ede3-cbc
-	desx-cbc rc4 rc4-40
-	idea-ecb idea-cfb idea-ofb idea-cbc
-	rc2-ecb rc2-cbc rc2-40-cbc rc2-cfb rc2-ofb
-	bf-ecb bf-cfb bf-ofb bf-cbc
-	cast5-ecb cast5-cfb cast5-ofb cast5-cbc
-	rc5-ecb rc5-cfb rc5-ofb rc5-cbc
-	);
-
-sub SSLeay::SSL::CTX::new_ssl { SSLeay::SSL::new($_[0]); }
-
-sub SSLeay::ERR::error
-	{
-	my($o)=@_;
-	my($s,$ret);
-
-	while (($s=$o->get_error()) != 0)
-		{
-		$ret.=$s."\n";
-		}
-	return($ret);
-	}
-
-@SSLeay::Cipher::aliases=qw(des desx des3 idea rc2 bf cast);
-
-package SSLeay::BN;
-
-sub bnfix { (ref($_[0]) ne "SSLeay::BN")?SSLeay::BN::dec2bn($_[0]):$_[0]; }
-use overload
-"="  => sub { dup($_[0]); },
-"+"  => sub { add($_[0],$_[1]); },
-"-"  => sub {	($_[1],$_[0])=($_[0],$_[1]) if $_[2];
-		SSLeay::BN::sub($_[0],$_[1]); },
-"*"  => sub { mul($_[0],$_[1]); },
-"/"  => sub {  ($_[1],$_[0])=($_[0],$_[1]) if $_[2]; (div($_[0],$_[1]))[0]; },
-"%"  => sub {  ($_[1],$_[0])=($_[0],$_[1]) if $_[2]; mod($_[0],$_[1]); },
-"**" => sub { ($_[1],$_[0])=($_[0],$_[1]) if $_[2]; exp($_[0],$_[1]); },
-"<<" => sub { lshift($_[0],$_[1]); },
-">>" => sub { rshift($_[0],$_[1]); },
-"<=>" => sub { SSLeay::BN::cmp($_[0],$_[1]); },
-'""' => sub { bn2dec($_[0]); },
-'0+' => sub { dec2bn($_[0]); },
-"bool" => sub { ref($_[0]) eq "SSLeay::BN"; };
-
-sub SSLeay::BIO::do_accept { SSLeay::BIO::do_handshake(@_); }
-1;
diff --git a/lib/libssl/src/perl/SSLeay.xs b/lib/libssl/src/perl/SSLeay.xs
deleted file mode 100644
index 582b5705aad..00000000000
--- a/lib/libssl/src/perl/SSLeay.xs
+++ /dev/null
@@ -1,63 +0,0 @@
-#include "p5SSLeay.h"
-
-SV *new_ref(type,obj,mort)
-char *type;
-char *obj;
-	{
-	SV *ret;
-
-	if (mort)
-		ret=sv_newmortal();
-	else
-		ret=newSViv(0);
-	sv_setref_pv(ret,type,(void *)obj);
-	return(ret);
-	}
-
-int ex_new(obj,data,ad,idx,argl,argp)
-char *obj;
-SV *data;
-CRYPTO_EX_DATA *ad;
-int idx;
-long argl;
-char *argp;
-	{
-	SV *sv;
-
-fprintf(stderr,"ex_new %08X %s\n",obj,argp);
-	sv=sv_newmortal();
-	sv_setref_pv(sv,argp,(void *)obj);
-	CRYPTO_set_ex_data(ad,idx,(char *)sv);
-	return(1);
-	}
-
-void ex_cleanup(obj,data,ad,idx,argl,argp)
-char *obj;
-SV *data;
-CRYPTO_EX_DATA *ad;
-int idx;
-long argl;
-char *argp;
-	{
-	pr_name("ex_cleanup");
-fprintf(stderr,"ex_cleanup %08X %s\n",obj,argp);
-	if (data != NULL)
-		SvREFCNT_dec((SV *)data);
-	}
-
-MODULE =  SSLeay        PACKAGE = SSLeay
-
-BOOT:
-	boot_bio();
-	boot_cipher();
-	boot_digest();
-	boot_err();
-	boot_ssl();
-	boot_SSLeay__BN();
-	boot_SSLeay__BIO();
-	boot_SSLeay__Cipher();
-	boot_SSLeay__MD();
-	boot_SSLeay__ERR();
-	boot_SSLeay__SSL();
-	boot_SSLeay__X509();
-
diff --git a/lib/libssl/src/perl/b.pl b/lib/libssl/src/perl/b.pl
deleted file mode 100644
index e8b3fd0dd9e..00000000000
--- a/lib/libssl/src/perl/b.pl
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/usr/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-$cmd=<<"EOF";
-
-EOF
-
-$conn="localhost:4433";
-$conn=$ARGV[0] if $#ARGV >= 0;
-print "X\n";
-$bio=BIO->new("connect");
-print "XX\n";
-$bio->set_callback(sub {print STDERR $_[0]->number_read."\n"; $_[$#_] });
-print "XXX\n";
-$bio->hostname($conn) || die $ssl->error();
-print "XXXX\n";
-
-#$ssl=BIO->new("ssl");
diff --git a/lib/libssl/src/perl/bio.pl b/lib/libssl/src/perl/bio.pl
deleted file mode 100644
index 653322c2cc9..00000000000
--- a/lib/libssl/src/perl/bio.pl
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/usr/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-$cmd=<<"EOF";
-
-EOF
-
-$conn="localhost:4433";
-$conn=$ARGV[0] if $#ARGV >= 0;
-$bio=SSLeay::BIO::new("connect");
-$bio->set_callback(sub {print STDERR $_[0]->number_read."\n"; $_[$#_] });
-$bio->hostname($conn) || die $ssl->error();
-
-
-(($ret=$bio->do_handshake()) > 0) || die $bio->error();
-
-(($ret=$bio->syswrite($cmd)) > 0) || die $bio->error();
-
-while (1)
-	{
-	$ret=$bio->sysread($buf,10240);
-	last if ($ret <= 0);
-	print $buf;
-	}
-
diff --git a/lib/libssl/src/perl/bio.txt b/lib/libssl/src/perl/bio.txt
deleted file mode 100644
index 5b46c9f5ee5..00000000000
--- a/lib/libssl/src/perl/bio.txt
+++ /dev/null
@@ -1,36 +0,0 @@
-BIO::new(type)
-	"connect"
-	"accept"
-	"ssl"
-	"buffer"
-
-"connect"
-	BIO::hostname(name)	host:port to connect to
-
-"accept"
-	BIO::set_accept_port(port)	port to connect too.
-
-"connect", "accept", "ssl"
-	BIO::do_andshake	do protocol
-
-"ssl"
-	BIO::set_ssl(ssl)
-	BIO::get_ssl()
-
-BIO::push(bio)
-BIO::pop;			return BIO
-BIO::number_read()
-BIO::number_written()
-BIO::references()
-
-BIO::sysread(buf,len[,offset])
-BIO::syswrite(in[,len][,offset])
-BIO::getline()
-BIO::puts(in)
-BIO::flush()
-BIO::type()
-BIO::next_bio();
-BIO::set_callback(callback[, args])
-
-BIO::new_buffer_ssl_connect(SSL_CTX)
-BIO::new_ssl_connect(SSL_CTX)
diff --git a/lib/libssl/src/perl/bio.xs b/lib/libssl/src/perl/bio.xs
deleted file mode 100644
index 3782d42062c..00000000000
--- a/lib/libssl/src/perl/bio.xs
+++ /dev/null
@@ -1,448 +0,0 @@
-#include "p5SSLeay.h"
-
-static int p5_bio_ex_bio_ptr=0;
-static int p5_bio_ex_bio_callback=0;
-static int p5_bio_ex_bio_callback_data=0;
-
-static long p5_bio_callback(bio,state,parg,cmd,larg,ret)
-BIO *bio;
-int state;
-char *parg;
-int cmd;
-long larg;
-int ret;
-	{
-	int i;
-	SV *me,*cb;
-
-	me=(SV *)BIO_get_ex_data(bio,p5_bio_ex_bio_ptr);
-	cb=(SV *)BIO_get_ex_data(bio,p5_bio_ex_bio_callback);
-	if (cb != NULL)
-		{
-		dSP;
-
-		ENTER ;
-		SAVETMPS;
-
-		PUSHMARK(sp);
-		XPUSHs(me);
-		XPUSHs(sv_2mortal(newSViv(state)));
-		XPUSHs(sv_2mortal(newSViv(cmd)));
-		if ((state == BIO_CB_READ) || (state == BIO_CB_WRITE))
-			{
-			XPUSHs(sv_2mortal(newSVpv(parg,larg)));
-			}
-		else
-			XPUSHs(&sv_undef);
-		/* ptr one */
-		XPUSHs(sv_2mortal(newSViv(larg)));
-		XPUSHs(sv_2mortal(newSViv(ret)));
-		PUTBACK;
-
-		i=perl_call_sv(cb,G_SCALAR);
-
-		SPAGAIN;
-		if (i == 1)
-			ret=POPi;
-		else
-			ret=1;
-		PUTBACK;
-		FREETMPS;
-		LEAVE;
-		}
-	else
-		{
-		croak("Internal error in SSL p5_ssl_info_callback");
-		}
-	return(ret);
-	}
-
-int boot_bio()
-	{
-	p5_bio_ex_bio_ptr=
-		BIO_get_ex_new_index(0,"SSLeay::BIO",ex_new,NULL,ex_cleanup);
-	p5_bio_ex_bio_callback=	
-		BIO_get_ex_new_index(0,"bio_callback",NULL,NULL,
-			ex_cleanup);
-	p5_bio_ex_bio_callback_data=
-		BIO_get_ex_new_index(0,"bio_callback_data",NULL,NULL,
-			ex_cleanup);
-	return(1);
-	}
-
-MODULE =  SSLeay::BIO	PACKAGE = SSLeay::BIO PREFIX = p5_BIO_
-
-VERSIONCHECK: DISABLE
-
-void
-p5_BIO_new_buffer_ssl_connect(...)
-	PREINIT:
-		SSL_CTX *ctx;
-		BIO *bio;
-		SV *arg;
-	PPCODE:
-		if (items == 1)
-			arg=ST(0);
-		else if (items == 2)
-			arg=ST(1);
-		else
-			arg=NULL;
-
-		if ((arg == NULL) || !(sv_derived_from(arg,"SSLeay::SSL::CTX")))
-			croak("Usage: SSLeay::BIO::new_buffer_ssl_connect(SSL_CTX)");
-		else
-			{
-			IV tmp=SvIV((SV *)SvRV(arg));
-			ctx=(SSL_CTX *)tmp;
-			}
-		EXTEND(sp,1);
-		bio=BIO_new_buffer_ssl_connect(ctx);
-		arg=new_ref("SSLeay::BIO",(char *)bio,0);
-		PUSHs(arg);
-		BIO_set_ex_data(bio,p5_bio_ex_bio_ptr,(char *)arg);
-
-void
-p5_BIO_new_ssl_connect(...)
-	PREINIT:
-		SSL_CTX *ctx;
-		BIO *bio;
-		SV *arg;
-	PPCODE:
-		if (items == 1)
-			arg=ST(0);
-		else if (items == 2)
-			arg=ST(1);
-		else
-			arg=NULL;
-
-		if ((arg == NULL) || !(sv_derived_from(arg,"SSLeay::SSL::CTX")))
-			croak("Usage: SSLeay::BIO::new_ssl_connect(SSL_CTX)");
-		else
-			{
-			IV tmp=SvIV((SV *)SvRV(arg));
-			ctx=(SSL_CTX *)tmp;
-			}
-		EXTEND(sp,1);
-		bio=BIO_new_ssl_connect(ctx);
-		arg=new_ref("SSLeay::BIO",(char *)bio,0);
-		PUSHs(arg);
-		BIO_set_ex_data(bio,p5_bio_ex_bio_ptr,(char *)arg);
-
-void
-p5_BIO_new(...)
-	PREINIT:
-		BIO *bio;
-		char *type;
-		SV *arg;
-	PPCODE:
-		pr_name("p5_BIO_new");
-		if ((items == 1) && SvPOK(ST(0)))
-			type=SvPV(ST(0),na);
-		else if ((items == 2) && SvPOK(ST(1)))
-			type=SvPV(ST(1),na);
-		else
-			croak("Usage: SSLeay::BIO::new(type)");
-
-		EXTEND(sp,1);
-		if (strcmp(type,"connect") == 0)
-			bio=BIO_new(BIO_s_connect());
-		else if (strcmp(type,"accept") == 0)
-			bio=BIO_new(BIO_s_accept());
-		else if (strcmp(type,"ssl") == 0)
-			bio=BIO_new(BIO_f_ssl());
-		else if (strcmp(type,"buffer") == 0)
-			bio=BIO_new(BIO_f_buffer());
-		else
-			croak("unknown BIO type");
-		arg=new_ref("SSLeay::BIO",(char *)bio,0);
-		PUSHs(arg);
-		BIO_set_ex_data(bio,p5_bio_ex_bio_ptr,(char *)arg);
-
-int
-p5_BIO_hostname(bio,name)
-	BIO *bio;
-	char *name;
-	CODE:
-		RETVAL=BIO_set_hostname(bio,name);
-	OUTPUT:
-		RETVAL
-
-int
-p5_BIO_set_accept_port(bio,str)
-	BIO *bio;
-	char *str;
-	CODE:
-		RETVAL=BIO_set_accept_port(bio,str);
-	OUTPUT:
-		RETVAL
-
-int
-p5_BIO_do_handshake(bio)
-	BIO *bio;
-	CODE:
-		RETVAL=BIO_do_handshake(bio);
-	OUTPUT:
-		RETVAL
-
-BIO *
-p5_BIO_push(b,bio)
-	BIO *b;
-	BIO *bio;
-	CODE:
-		/* This reference will be reduced when the reference is
-		 * let go, and then when the BIO_free_all() is called
-		 * inside the SSLeay library by the BIO with this
-		 * pushed into */
-		bio->references++;
-		RETVAL=BIO_push(b,bio);
-	OUTPUT:
-		RETVAL
-
-void
-p5_BIO_pop(b)
-	BIO *b
-	PREINIT:
-		BIO *bio;
-		char *type;
-		SV *arg;
-	PPCODE:
-		bio=BIO_pop(b);
-		if (bio != NULL)
-			{
-			/* This BIO will either be one created in the
-			 * perl library, in which case it will have a perl
-			 * SV, otherwise it will have been created internally,
-			 * inside SSLeay.  For the 'pushed in', it needs
-			 * the reference count decememted. */
-			arg=(SV *)BIO_get_ex_data(bio,p5_bio_ex_bio_ptr);
-			if (arg == NULL)
-				{
-				arg=new_ref("SSLeay::BIO",(char *)bio,0);
-				PUSHs(arg);
-				BIO_set_ex_data(bio,p5_bio_ex_bio_ptr,(char *)arg);
-				}
-			else
-				{
-				/* it was pushed in */
-				SvREFCNT_inc(arg);
-				PUSHs(arg);
-				if (bio->references < 1)
-					abort();
-				/* decrement the reference count */
-				BIO_free(bio);
-				}
-			}
-
-int
-p5_BIO_sysread(bio,in,num, ...)
-	BIO *bio;
-	SV *in;
-	int num;
-	PREINIT:
-		int i,n,olen;
-		int offset;
-		char *p;
-	CODE:
-		offset=0;
-		if (!SvPOK(in))
-			sv_setpvn(in,"",0);
-		SvPV(in,olen);
-		if (items > 3)
-			{
-			offset=SvIV(ST(3));
-			if (offset < 0)
-				{
-				if (-offset > olen)
-					croad("Offset outside string");
-				offset+=olen;
-				}
-			}
-		if ((num+offset) > olen)
-			{
-			SvGROW(in,num+offset+1);
-			p=SvPV(in,i);
-			memset(&(p[olen]),0,(num+offset)-olen+1);
-			}
-		p=SvPV(in,n);
-
-		i=BIO_read(bio,p+offset,num);
-		RETVAL=i;
-		if (i <= 0) i=0;
-		SvCUR_set(in,offset+i);
-	OUTPUT:
-		RETVAL
-
-int
-p5_BIO_syswrite(bio,in, ...)
-	BIO *bio;
-	SV *in;
-	PREINIT:
-		char *ptr;
-		int len,in_len;
-		int offset=0;
-		int n;
-	CODE:
-		ptr=SvPV(in,in_len);
-		if (items > 2)
-			{
-			len=SvOK(ST(2))?SvIV(ST(2)):in_len;
-			if (items > 3)
-				{
-				offset=SvIV(ST(3));
-				if (offset < 0)
-					{
-					if (-offset > in_len)
-						croak("Offset outside string");
-					offset+=in_len;
-					}
-				else if ((offset >= in_len) && (in_len > 0))
-					croak("Offset outside string");
-				}
-			if (len >= (in_len-offset))
-				len=in_len-offset;
-			}
-		else
-			len=in_len;
-
-		RETVAL=BIO_write(bio,ptr+offset,len);
-	OUTPUT:
-		RETVAL
-
-void
-p5_BIO_getline(bio)
-	BIO *bio;
-	PREINIT:
-		int i;
-		char *p;
-	PPCODE:
-		pr_name("p5_BIO_gets");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		sv_setpvn(ST(0),"",0);
-		SvGROW(ST(0),1024);
-		p=SvPV(ST(0),na);
-		i=BIO_gets(bio,p,1024);
-		if (i < 0) i=0;
-		SvCUR_set(ST(0),i);
-
-int
-p5_BIO_flush(bio)
-	BIO *bio;
-	CODE:
-		RETVAL=BIO_flush(bio);
-	OUTPUT:
-		RETVAL
-
-char *
-p5_BIO_type(bio)
-	BIO *bio;
-	CODE:
-		RETVAL=bio->method->name;
-	OUTPUT:
-		RETVAL
-
-void
-p5_BIO_next_bio(b)
-	BIO *b
-	PREINIT:
-		BIO *bio;
-		char *type;
-		SV *arg;
-	PPCODE:
-		bio=b->next_bio;
-		if (bio != NULL)
-			{
-			arg=(SV *)BIO_get_ex_data(bio,p5_bio_ex_bio_ptr);
-			if (arg == NULL)
-				{
-				arg=new_ref("SSLeay::BIO",(char *)bio,0);
-				PUSHs(arg);
-				BIO_set_ex_data(bio,p5_bio_ex_bio_ptr,(char *)arg);
-				}
-			else
-				{
-				SvREFCNT_inc(arg);
-				PUSHs(arg);
-				}
-			}
-
-int
-p5_BIO_puts(bio,in)
-	BIO *bio;
-	SV *in;
-	PREINIT:
-		char *ptr;
-	CODE:
-		ptr=SvPV(in,na);
-		RETVAL=BIO_puts(bio,ptr);
-	OUTPUT:
-		RETVAL
-
-void
-p5_BIO_set_callback(bio,cb,...)
-	BIO *bio;
-	SV *cb;
-	PREINIT:
-		SV *arg=NULL;
-		SV *arg2=NULL;
-	CODE:
-		if (items > 3)
-			croak("Usage: SSLeay::BIO::set_callback(bio,callback[,arg]");
-		if (items == 3)
-			{
-			arg2=sv_mortalcopy(ST(2));
-			SvREFCNT_inc(arg2);
-			BIO_set_ex_data(bio,p5_bio_ex_bio_callback_data,
-				(char *)arg2);
-			}
-		arg=sv_mortalcopy(ST(1));
-		SvREFCNT_inc(arg);
-		BIO_set_ex_data(bio,p5_bio_ex_bio_callback,(char *)arg);
-		BIO_set_callback(bio,p5_bio_callback);
-
-void
-p5_BIO_DESTROY(bio)
-	BIO *bio
-	PREINIT:
-		SV *sv;
-	PPCODE:
-		pr_name_d("p5_BIO_DESTROY",bio->references);
-		printf("p5_BIO_DESTROY <%s> %d\n",bio->method->name,bio->references);
-		BIO_set_ex_data(bio,p5_bio_ex_bio_ptr,NULL);
-		BIO_free_all(bio);
-
-int
-p5_BIO_set_ssl(bio,ssl)
-	BIO *bio;
-	SSL *ssl;
-	CODE:
-		pr_name("p5_BIO_set_ssl");
-		ssl->references++;
-		RETVAL=BIO_set_ssl(bio,ssl,BIO_CLOSE);
-	OUTPUT:
-		RETVAL
-
-int
-p5_BIO_number_read(bio)
-	BIO *bio;
-	CODE:
-		RETVAL=BIO_number_read(bio);
-	OUTPUT:
-		RETVAL
-
-int
-p5_BIO_number_written(bio)
-	BIO *bio;
-	CODE:
-		RETVAL=BIO_number_written(bio);
-	OUTPUT:
-		RETVAL
-
-int
-p5_BIO_references(bio)
-	BIO *bio;
-	CODE:
-		RETVAL=bio->references;	
-	OUTPUT:
-		RETVAL
-
diff --git a/lib/libssl/src/perl/bn.pl b/lib/libssl/src/perl/bn.pl
deleted file mode 100644
index 5314ca46e19..00000000000
--- a/lib/libssl/src/perl/bn.pl
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/usr/bin/perl
-use ExtUtils::testlib;
-use SSLeay;
-
-$message=SSLeay::BN::new();
-$e=SSLeay::BN::new();
-$mod=SSLeay::BN::new();
-
-$mod=SSLeay::BN::dec2bn("114381625757888867669235779976146612010218296721242362562561842935706935245733897830597123563958705058989075147599290026879543541");
-$e=5;
-$d=SSLeay::BN::dec2bn("45752650303155547067694311990458644804087318688496945025024737159778909096647814932594914301288138204957467016445183857236173773");
-
-$message=SSLeay::BN::bin2bn("The magic words are squeamish ossifrage");
-
-
-	$cipher_text=	$message->mod_exp($e,$mod);
-print $mod."\n";
-print $mod->num_bits()."\n";
-for (1 .. 1000)
-	{
-	$clear=		$cipher_text->mod_exp($d,$mod);
-	}
-print $clear->bn2bin()."\n";
diff --git a/lib/libssl/src/perl/bn.txt b/lib/libssl/src/perl/bn.txt
deleted file mode 100644
index 784e7615585..00000000000
--- a/lib/libssl/src/perl/bn.txt
+++ /dev/null
@@ -1,38 +0,0 @@
-BN->new()
-BN->dup(a)
-BN->rand(bits[,top][,bottom])
-
-BN->hex2bn(a)
-BN->bn2hex(a)
-BN->dec2bn(a)
-BN->bn2dec(a)
-BN->bin2bn(a)
-BN->bn2bin(a)
-BN->mpi2bn(a)
-BN->bn2mpi(a)
-
-BN->add(a,b)
-BN->sub(a,b)
-BN->mul(a,b)
-(div,mod)=BN->div(a,b)
-BN->mod(a,b)
-BN->exp(a,p)
-BN->mod_mul(a,b,c)
-BN->mod_exp(a,b,c)
-
-BN->is_prime(p,num)
-BN->generate_prime(bits,strong,callback)
-
-BN->num_bits(a)
-BN->cmp(a,b)
-BN->ucmp(a,b)
-BN->is_bit_set(a,pos)
-BN->set_bit(a,pos)
-BN->clear_bit(a,pos)
-BN->lshift(a,num)
-BN->rshift(a,num)
-BN->mask_bits(a,pos)
-BN->clear(a)
-BN->gcd(a,b)
-BN->mod_inverse(a,mod)
-
diff --git a/lib/libssl/src/perl/cipher.pl b/lib/libssl/src/perl/cipher.pl
deleted file mode 100644
index e774bceed22..00000000000
--- a/lib/libssl/src/perl/cipher.pl
+++ /dev/null
@@ -1,39 +0,0 @@
-#!/usr/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-$md=SSLeay::MD::new("md5");
-
-foreach (@SSLeay::Cipher::names)
-	{
-	($c=SSLeay::Cipher::new($_)) ||
-		die "'$_' is an unknown cipher algorithm\n";
-
-
-	$data="012345678abcdefghijklmnopqrstuvwxyz";
-	$c->init("01234567abcdefghABCDEFGH","zyxwvut",1);
-
-	$in =$c->update(substr($data, 0, 5));
-	$in.=$c->update(substr($data, 5,10));
-	$in.=$c->update(substr($data,15,1));
-	$in.=$c->update(substr($data,16));
-
-	$in.=$c->final();
-
-	$c->init("01234567abcdefghABCDEFGH","zyxwvut",0);
-	$out=$c->update($in);
-	$out.=$c->final();
-
-	($out eq $data) || die "decrypt for $_ failed:$!\n";
-
-	$md->init();
-	$md->update($in);
-	$digest=$md->final();
-
-	print unpack("H*",$digest);
-	printf " %2d %2d %2d %s\n", $c->key_length(), $c->iv_length(),
-		$c->block_size(), $c->name();
-	}
-
diff --git a/lib/libssl/src/perl/cipher.txt b/lib/libssl/src/perl/cipher.txt
deleted file mode 100644
index c47952b5c99..00000000000
--- a/lib/libssl/src/perl/cipher.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-Cipher::new(name) "des-cbc" etc
-Cipher::name()
-Cipher::key_length()
-Cipher::iv_length()
-Cipher::block_size()
-
-Cipher::init(key,iv,enc)
-Cipher::update(in)
-Cipher::final()
-Cipher::cipher(in)
diff --git a/lib/libssl/src/perl/dh.pl b/lib/libssl/src/perl/dh.pl
deleted file mode 100644
index 73decc241a9..00000000000
--- a/lib/libssl/src/perl/dh.pl
+++ /dev/null
@@ -1,40 +0,0 @@
-#!/usr/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-$g=SSLeay::BN::hex2bn("000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"); 
-$p=SSLeay::BN::hex2bn("ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a63a3620ffffffffffffffff");
-$pub=SSLeay::BN::hex2bn("521b5b72d0a23f5f908eff62741b9c43ac65c47ad264a4f8d62d73dfab4938a6e019f81c28d64efd9b47c1b8188566c6184b6064cc42fac2778bd732678148c6cc7601bfe0ed18da76dd7bb976cd2ff0afc7b20f3f81171e2ea6534de061f929");
-$priv=SSLeay::BN::hex2bn("6e15c752af3f4cf6d7425164c451eeba760ec0651d12dc3b0ee5002a95af6191268ca47c0fbb3d836136eee795ae4af3a1adad5e04d0dbb04378cae0406ece23ca3b86839c0fd60064c1019c7d18be4dc0ec4be6c1e9ff6b0f5bd76373585503");
-$his=SSLeay::BN::hex2bn("d0fb51cd44a8578f55eb0822ede90f07504f4720d7367ff4bf76c27fedbce79d9204421ff7e86bd1dd02031bce4ceccd1d3e7c62679b6eb5fda8238fd4fe07bff573d552795f0d46f25753c688300fb9ed396792b59a49fdf89c8429124b668e");
-$sh=SSLeay::BN::hex2bn("66ec34b09bddf86147f6c6efd5ee4e6691e690eb0e90aceda16a742cad0abe531cb61d057aff362001ca19013215140ca2a1dd8966c78105bacbf2161f9cfbd58d351ff87923de77f9c56851037223d48272565416ee769e65a621cefb90b403");
-
-$g2=SSLeay::BN::hex2bn("000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002");
-$p2=SSLeay::BN::hex2bn("ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a63a3620ffffffffffffffff");
-$pub2=SSLeay::BN::hex2bn("d0fb51cd44a8578f55eb0822ede90f07504f4720d7367ff4bf76c27fedbce79d9204421ff7e86bd1dd02031bce4ceccd1d3e7c62679b6eb5fda8238fd4fe07bff573d552795f0d46f25753c688300fb9ed396792b59a49fdf89c8429124b668e");
-$priv2=SSLeay::BN::hex2bn("b81d54f52b687669fc8bd8087ac319accc2f94a2feafe09779f4a81e8e01f77290f5bbe84a08003afc4448145be427fad0b9d047889cf361c9dd378b15c1ebd5bda33e051fbd9eba8bf063e2bd836467cddb61f1db5c4b06bea5c9a77fb87b24");
-$his2=SSLeay::BN::hex2bn("521b5b72d0a23f5f908eff62741b9c43ac65c47ad264a4f8d62d73dfab4938a6e019f81c28d64efd9b47c1b8188566c6184b6064cc42fac2778bd732678148c6cc7601bfe0ed18da76dd7bb976cd2ff0afc7b20f3f81171e2ea6534de061f929");
-$sh2=SSLeay::BN::hex2bn("791faba7a6b592cb68a963945229483dc30f80f5cb295b2b5a59ef618a262d22de0845948a34db83d8bde260b940967ff85593a609e53ee6510aea09b776b4704d5e916917f384458d4790b6e0befcb1cb2f112b850e9ed410a091db80e1db2e");
-
-print "g=".$g->bn2hex."\n";
-print "p=".$p->bn2hex."\n";
-print "pub=".$pub->bn2hex."\n";
-print "priv=".$priv->bn2hex."\n";
-print "sh=".$sh->bn2hex."\n";
-
-print "new p - p2 = ".($p-$p2)."\n";
-
-$tmp=$g->mod_exp($priv,$p);
-print "XXXXXXXXXXXXXXXX\n";
-print "new pub - pub = ".($tmp-$pub)."\n";
-$tmp2=$g2->mod_exp($priv2,$p2);
-print "XXXXXXXXXXXXXXXX\n";
-
-print $p." pub\n";
-print $tmp2." calc pub\n";
-print $pub2." txt pub\n";
-
-
-
diff --git a/lib/libssl/src/perl/digest.txt b/lib/libssl/src/perl/digest.txt
deleted file mode 100644
index 6cb3ffedb00..00000000000
--- a/lib/libssl/src/perl/digest.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-MD::new(name) "md2", "md5" etc
-MD::name()
-MD::init()
-MD::update(in)
-MD::final()
-
-
diff --git a/lib/libssl/src/perl/err.txt b/lib/libssl/src/perl/err.txt
deleted file mode 100644
index 5e6cdaecdcc..00000000000
--- a/lib/libssl/src/perl/err.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-ERR::get_error()
-ERR::peek_error()
diff --git a/lib/libssl/src/perl/f.pl b/lib/libssl/src/perl/f.pl
deleted file mode 100644
index a2559318645..00000000000
--- a/lib/libssl/src/perl/f.pl
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/usr/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-$data=<>;
-
-#$b=SSLeay::BN::hex2bn($a);
-#$data=$b->bn2bin;
-
-#substr($data,0,8)="";
-#print $data;
-
-$md=SSLeay::MD::new("md5");
-$md->init();
-$md->update("test");
-$key=$md->final();
-
-$rc4=SSLeay::Cipher::new("rc4");
-$rc4->init($key,"",1);
-$out=$rc4->cipher($data);
-
-print $out;
-
diff --git a/lib/libssl/src/perl/g.pl b/lib/libssl/src/perl/g.pl
deleted file mode 100644
index ffbe694b054..00000000000
--- a/lib/libssl/src/perl/g.pl
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/usr/bin/perl
-use ExtUtils::testlib;
-use SSLeay;
-
-$num=SSLeay::BN::new();
-$shift=SSLeay::BN::new();
-
-print "0\n";
-$num=SSLeay::BN::hex2bn("1234329378209857309429670349760347603497603496398");
-print "1\n";
-$s=SSLeay::BN::hex2bn("59");
-print "a\n";
-$r=$num->lshift(59);
-print "b";
-
-print $num->bn2hex."\n";
-print $s->bn2hex."\n";
-print $r->bn2hex."\n";
diff --git a/lib/libssl/src/perl/gen_rsa.pl b/lib/libssl/src/perl/gen_rsa.pl
deleted file mode 100644
index ed8c71aa9ec..00000000000
--- a/lib/libssl/src/perl/gen_rsa.pl
+++ /dev/null
@@ -1,49 +0,0 @@
-#!/usr/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-$bits=512;
-$bits=$ARGV[0] if $#ARGV >= 0;
-
-$p=SSLeay::BN::generate_prime($bits/2,0,sub {print STDERR $_[0]?"+":"."});
-print "\n";
-$q=SSLeay::BN::generate_prime($bits/2,0,sub {print STDERR $_[0]?"+":"."});
-print "\n";
-
-$e=SSLeay::BN::hex2bn("10001");
-
-$t1=$p-1;
-$t2=$q-1;
-
-($t1->gcd($e) == 1) || die "p failed the gcd test\n";
-($t2->gcd($e) == 1) || die "q failed the gcd test\n";
-
-($q,$p)=($p,$q) if ($p < $q);
-$n=$p*$q;
-$t=($p-1)*($q-1);
-($t->gcd($e) == 1) || die "t failed the gcd test\n";
-
-$d=$e->mod_inverse($t);
-
-$dmp1=$d%($p-1);
-$dmq1=$d%($q-1);
-$iqmp=$q->mod_inverse($p);
-
-print "n   =$n\n";
-print "e   =$e\n";
-print "d   =$d\n";
-print "dmp1=$dmp1\n";
-print "dmq1=$dmq1\n";
-print "iqmp=$iqmp\n";
-
-$a=SSLeay::BN::bin2bn("This is an RSA test");
-print "Test with\n'".$a->bn2bin."' or\n$a\n";
-
-$t1=$a->mod_exp($e,$n);
-print "$t1\n";
-$t2=$t1->mod_exp($d,$n);
-print "'".$t2->bn2bin."'\n";
-
-
diff --git a/lib/libssl/src/perl/mul.pl b/lib/libssl/src/perl/mul.pl
deleted file mode 100644
index 611a7606259..00000000000
--- a/lib/libssl/src/perl/mul.pl
+++ /dev/null
@@ -1,56 +0,0 @@
-#!/usr/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-
-sub mul
-	{
-	my($ab,$cd,$num)=@_;
-
-	if ($num <= 4096)
-		{
-		return($ab*$cd);
-		}
-	else
-		{
-		my($a,$b,$c,$d,$n,$ac,$bd,$m,$t1,$t2);
-
-		$n=$num/2;
-
-		$a=$ab->mask_bits($n);
-		$b=$ab->rshift($n);
-		$c=$cd->mask_bits($n);
-		$d=$cd->rshift($n);
-
-		$t1=($b-$a);
-		$t2=($c-$d);
-		$m= &mul($t1,$t2,$n);
-		$ac=&mul($a,$c,$n);
-		$bd=&mul($b,$d,$n);
-		$m=$m+$ac+$bd;
-		$m=$m->lshift($n);
-		$bd=$bd->lshift($num);
-
-		$r=$ac+$m+$bd;
-		return($r);
-		}
-	}
-
-$num=4096*32;
-$a=SSLeay::BN::rand($num);
-$b=SSLeay::BN::rand($num);
-
-#for (1 .. 10)
-	{
-	$r=&mul($a,$b,$num);
-	}
-
-#for (1 .. 10)
-	{
-	$rr=$a*$b;
-	}
-
-$res=$rr-$r;
-print $res->bn2hex()."\n";
diff --git a/lib/libssl/src/perl/p5SSLeay.h b/lib/libssl/src/perl/openssl.h
index bcccda7d5fb..2712324a302 100644
--- a/lib/libssl/src/perl/p5SSLeay.h
+++ b/lib/libssl/src/perl/openssl.h
@@ -1,4 +1,3 @@
-/* perl/p5SSLeay.h */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -55,34 +54,36 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+
 #ifdef __cplusplus
 extern "C" {
 #endif
+
 #include "EXTERN.h"
 #include "perl.h"
 #include "XSUB.h"
+
 #ifdef __cplusplus
 }
 #endif
 
-typedef struct datum_st
-	{
-	char *dptr;
-	int dsize;
-	} datum;
+typedef struct datum_st {
+    char *dptr;
+    int dsize;
+} datum;
 
-#include "crypto.h"
-#include "buffer.h"
-#include "bio.h"
-#include "evp.h"
-#include "err.h"
-#include "x509.h"
-#include "ssl.h"
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
 
-#if 0
-#define pr_name(name)		printf("%s\n",name)
-#define pr_name_d(name,p2)	printf("%s %d\n",name,p2)
-#define pr_name_dd(name,p2,p3)	printf("%s %d %d\n",name,p2,p3)
+#ifdef DEBUG
+#define pr_name(name)           printf("%s\n",name)
+#define pr_name_d(name,p2)      printf("%s %d\n",name,p2)
+#define pr_name_dd(name,p2,p3)  printf("%s %d %d\n",name,p2,p3)
 #else
 #define pr_name(name)
 #define pr_name_d(name,p2)
@@ -90,7 +91,6 @@ typedef struct datum_st
 #endif
 
 SV *new_ref(char *type, char *obj, int mort);
-int ex_new(char *obj,SV *data,CRYPTO_EX_DATA *ad,int idx,long argl,char *argp);
-void ex_cleanup(char *obj,SV *data,CRYPTO_EX_DATA *ad,int idx,
-	long argl,char *argp);
+int ex_new(char *obj, SV *data, CRYPTO_EX_DATA *ad, int idx, long argl, char *argp);
+void ex_cleanup(char *obj, SV *data, CRYPTO_EX_DATA *ad, int idx, long argl, char *argp);
 
diff --git a/lib/libssl/src/perl/openssl_bio.xs b/lib/libssl/src/perl/openssl_bio.xs
new file mode 100644
index 00000000000..06d61af1305
--- /dev/null
+++ b/lib/libssl/src/perl/openssl_bio.xs
@@ -0,0 +1,450 @@
+
+#include "openssl.h"
+
+static int p5_bio_ex_bio_ptr = 0;
+static int p5_bio_ex_bio_callback = 0;
+static int p5_bio_ex_bio_callback_data = 0;
+
+static long 
+p5_bio_callback(bio,state,parg,cmd,larg,ret)
+  BIO  *bio;
+  int   state;
+  char *parg;
+  int   cmd;
+  long  larg;
+  int   ret;
+{
+    int i;
+    SV *me,*cb;
+
+    me = (SV *)BIO_get_ex_data(bio, p5_bio_ex_bio_ptr);
+    cb = (SV *)BIO_get_ex_data(bio, p5_bio_ex_bio_callback);
+    if (cb != NULL) {
+        dSP;
+
+        ENTER;
+        SAVETMPS;
+
+        PUSHMARK(sp);
+        XPUSHs(sv_2mortal(newSVsv(me)));
+        XPUSHs(sv_2mortal(newSViv(state)));
+        XPUSHs(sv_2mortal(newSViv(cmd)));
+        if ((state == BIO_CB_READ) || (state == BIO_CB_WRITE))
+            XPUSHs(sv_2mortal(newSVpv(parg,larg)));
+        else
+            XPUSHs(&sv_undef);
+        /* ptr one */
+        XPUSHs(sv_2mortal(newSViv(larg)));
+        XPUSHs(sv_2mortal(newSViv(ret)));
+        PUTBACK;
+
+        i = perl_call_sv(cb,G_SCALAR);
+
+        SPAGAIN;
+        if (i == 1)
+            ret = POPi;
+        else
+            ret = 1;
+        PUTBACK;
+        FREETMPS;
+        LEAVE;
+    }
+    else {
+        croak("Internal error in p5_bio_callback");
+    }
+    return(ret);
+}
+
+int 
+boot_bio(void)
+{
+    p5_bio_ex_bio_ptr = BIO_get_ex_new_index(0, "OpenSSL::BIO", ex_new, NULL, ex_cleanup);
+    p5_bio_ex_bio_callback = BIO_get_ex_new_index(0, "bio_callback", NULL, NULL, ex_cleanup);
+    p5_bio_ex_bio_callback_data = BIO_get_ex_new_index(0, "bio_callback_data", NULL, NULL, ex_cleanup);
+    return(1);
+}
+
+MODULE = OpenSSL::BIO  PACKAGE = OpenSSL::BIO  PREFIX = p5_BIO_
+
+PROTOTYPES: ENABLE
+VERSIONCHECK: DISABLE
+
+void
+p5_BIO_new_buffer_ssl_connect(...)
+    PROTOTYPE: ;$
+    PREINIT:
+        SSL_CTX *ctx;
+        BIO *bio;
+        SV *arg;
+    PPCODE:
+        if (items == 1)
+            arg = ST(0);
+        else if (items == 2)
+            arg = ST(1);
+        else
+            arg = NULL;
+        if ((arg == NULL) || !(sv_derived_from(arg,"OpenSSL::SSL::CTX")))
+            croak("Usage: OpenSSL::BIO::new_buffer_ssl_connect(SSL_CTX)");
+        else {
+            IV tmp = SvIV((SV *)SvRV(arg));
+            ctx = (SSL_CTX *)tmp;
+        }
+        EXTEND(sp, 1);
+        bio = BIO_new_buffer_ssl_connect(ctx);
+        arg = (SV *)BIO_get_ex_data(bio, p5_bio_ex_bio_ptr);
+        PUSHs(arg);
+    
+void
+p5_BIO_new_ssl_connect(...)
+    PROTOTYPE: ;$
+    PREINIT:
+        SSL_CTX *ctx;
+        BIO *bio;
+        SV *arg;
+    PPCODE:
+        if (items == 1)
+            arg = ST(0);
+        else if (items == 2)
+            arg = ST(1);
+        else
+            arg = NULL;
+        if ((arg == NULL) || !(sv_derived_from(arg,"OpenSSL::SSL::CTX")))
+            croak("Usage: OpenSSL::BIO::new_ssl_connect(SSL_CTX)");
+        else {
+            IV tmp = SvIV((SV *)SvRV(arg));
+            ctx = (SSL_CTX *)tmp;
+        }
+        EXTEND(sp,1);
+        bio = BIO_new_ssl_connect(ctx);
+        arg = (SV *)BIO_get_ex_data(bio,p5_bio_ex_bio_ptr);
+        PUSHs(arg);
+    
+void
+p5_BIO_new(...)
+    PROTOTYPE: ;$
+    PREINIT:
+        BIO *bio;
+        char *type;
+        SV *arg;
+    PPCODE:
+        pr_name("p5_BIO_new");
+        if ((items == 1) && SvPOK(ST(0)))
+            type = SvPV(ST(0),na);
+        else if ((items == 2) && SvPOK(ST(1)))
+            type = SvPV(ST(1),na);
+        else
+            croak("Usage: OpenSSL::BIO::new(type)");
+        EXTEND(sp,1);
+        if (strcmp(type, "mem") == 0)
+            bio=BIO_new(BIO_s_mem());
+        else if (strcmp(type, "socket") == 0)
+            bio=BIO_new(BIO_s_socket());
+        else if (strcmp(type, "connect") == 0)
+            bio=BIO_new(BIO_s_connect());
+        else if (strcmp(type, "accept") == 0)
+            bio=BIO_new(BIO_s_accept());
+        else if (strcmp(type, "fd") == 0)
+            bio=BIO_new(BIO_s_fd());
+        else if (strcmp(type, "file") == 0)
+            bio=BIO_new(BIO_s_file());
+        else if (strcmp(type, "null") == 0)
+            bio=BIO_new(BIO_s_null());
+        else if (strcmp(type, "ssl") == 0)
+            bio=BIO_new(BIO_f_ssl());
+        else if (strcmp(type, "buffer") == 0)
+            bio=BIO_new(BIO_f_buffer());
+        else
+            croak("unknown BIO type");
+        arg = (SV *)BIO_get_ex_data(bio,p5_bio_ex_bio_ptr);
+        PUSHs(arg);
+
+int
+p5_BIO_hostname(bio, name)
+    BIO *bio;
+    char *name;
+    PROTOTYPE: $$
+    CODE:
+        RETVAL = BIO_set_conn_hostname(bio, name);
+    OUTPUT:
+        RETVAL
+
+int
+p5_BIO_set_accept_port(bio, str)
+    BIO *bio;
+    char *str;
+    PROTOTYPE: $$
+    CODE:
+        RETVAL = BIO_set_accept_port(bio, str);
+    OUTPUT:
+        RETVAL
+
+int
+p5_BIO_do_handshake(bio)
+    BIO *bio;
+    PROTOTYPE: $
+    CODE:
+        RETVAL = BIO_do_handshake(bio);
+    OUTPUT:
+        RETVAL
+
+BIO *
+p5_BIO_push(b, bio)
+    BIO *b;
+    BIO *bio;
+    PROTOTYPE: $$
+    CODE:
+        /* This reference will be reduced when the reference is
+         * let go, and then when the BIO_free_all() is called
+         * inside the OpenSSL library by the BIO with this
+         * pushed into */
+        bio->references++;
+        RETVAL = BIO_push(b, bio);
+    OUTPUT:
+        RETVAL
+
+void
+p5_BIO_pop(b)
+    BIO *b
+    PROTOTYPE: $
+    PREINIT:
+        BIO *bio;
+        char *type;
+        SV *arg;
+    PPCODE:
+        bio = BIO_pop(b);
+        if (bio != NULL) {
+            /* This BIO will either be one created in the
+             * perl library, in which case it will have a perl
+             * SV, otherwise it will have been created internally,
+             * inside OpenSSL.  For the 'pushed in', it needs
+             * the reference count decremented. */
+            arg = (SV *)BIO_get_ex_data(bio, p5_bio_ex_bio_ptr);
+            if (arg == NULL) {
+                arg = new_ref("OpenSSL::BIO",(char *)bio,0);
+                BIO_set_ex_data(bio, p5_bio_ex_bio_ptr, (char *)arg);
+                PUSHs(arg);
+            }
+            else {
+                /* it was pushed in */
+                SvREFCNT_inc(arg);
+                PUSHs(arg);
+            }
+        }
+
+int
+p5_BIO_sysread(bio, in, num, ...)
+    BIO *bio;
+    SV *in;
+    int num;
+    PROTOTYPE: $$$;
+    PREINIT:
+        int i,n,olen;
+        int offset;
+        char *p;
+    CODE:
+        offset = 0;
+        if (!SvPOK(in))
+            sv_setpvn(in, "", 0);
+        SvPV(in, olen);
+        if (items > 3) {
+            offset = SvIV(ST(3));
+            if (offset < 0) {
+                if (-offset > olen)
+                    croak("Offset outside string");
+                offset+=olen;
+            }
+        }
+        if ((num+offset) > olen) {
+            SvGROW(in, num+offset+1);
+            p=SvPV(in, i);
+            memset(&(p[olen]), 0, (num+offset)-olen+1);
+        }
+        p = SvPV(in,n);
+        i = BIO_read(bio, p+offset, num);
+        RETVAL = i;
+        if (i <= 0) 
+            i = 0;
+        SvCUR_set(in, offset+i);
+    OUTPUT:
+        RETVAL
+
+int
+p5_BIO_syswrite(bio, in, ...)
+    BIO *bio;
+    SV *in;
+    PROTOTYPE: $$;
+    PREINIT:
+        char *ptr;
+        int len,in_len;
+        int offset=0;
+        int n;
+    CODE:
+        ptr = SvPV(in, in_len);
+        if (items > 2) {
+            len = SvOK(ST(2)) ? SvIV(ST(2)) : in_len;
+            if (items > 3) {
+                offset = SvIV(ST(3));
+                if (offset < 0) {
+                    if (-offset > in_len)
+                        croak("Offset outside string");
+                    offset+=in_len;
+                }
+                else if ((offset >= in_len) && (in_len > 0))
+                    croak("Offset outside string");
+            }
+            if (len >= (in_len-offset))
+                len = in_len-offset;
+        }
+        else
+            len = in_len;
+        RETVAL = BIO_write(bio, ptr+offset, len);
+    OUTPUT:
+        RETVAL
+
+void
+p5_BIO_getline(bio)
+    BIO *bio;
+    PROTOTYPE: $
+    PREINIT:
+        int i;
+        char *p;
+    PPCODE:
+        pr_name("p5_BIO_gets");
+        EXTEND(sp, 1);
+        PUSHs(sv_newmortal());
+        sv_setpvn(ST(0), "", 0);
+        SvGROW(ST(0), 1024);
+        p=SvPV(ST(0), na);
+        i = BIO_gets(bio, p, 1024);
+        if (i < 0) 
+            i = 0;
+        SvCUR_set(ST(0), i);
+
+int
+p5_BIO_flush(bio)
+    BIO *bio;
+    PROTOTYPE: $
+    CODE:
+        RETVAL = BIO_flush(bio);
+    OUTPUT:
+        RETVAL
+
+char *
+p5_BIO_type(bio)
+    BIO *bio;
+    PROTOTYPE: $
+    CODE:
+        RETVAL = bio->method->name;
+    OUTPUT:
+        RETVAL
+
+void
+p5_BIO_next_bio(b)
+    BIO *b
+    PROTOTYPE: $
+    PREINIT:
+        BIO *bio;
+        char *type;
+        SV *arg;
+    PPCODE:
+        bio = b->next_bio;
+        if (bio != NULL) {
+            arg = (SV *)BIO_get_ex_data(bio, p5_bio_ex_bio_ptr);
+            if (arg == NULL) {
+                arg = new_ref("OpenSSL::BIO", (char *)bio, 0);
+                BIO_set_ex_data(bio, p5_bio_ex_bio_ptr, (char *)arg);
+                bio->references++;
+                PUSHs(arg);
+            }
+            else {
+                SvREFCNT_inc(arg);
+                PUSHs(arg);
+            }
+        }
+
+int
+p5_BIO_puts(bio, in)
+    BIO *bio;
+    SV *in;
+    PROTOTYPE: $$
+    PREINIT:
+        char *ptr;
+    CODE:
+        ptr = SvPV(in,na);
+        RETVAL = BIO_puts(bio, ptr);
+    OUTPUT:
+        RETVAL
+
+void
+p5_BIO_set_callback(bio, cb,...)
+    BIO *bio;
+    SV *cb;
+    PROTOTYPE: $$;
+    PREINIT:
+        SV *arg  = NULL;
+        SV *arg2 = NULL;
+    CODE:
+        if (items > 3)
+            croak("Usage: OpenSSL::BIO::set_callback(bio,callback[,arg]");
+        if (items == 3) {
+            arg2 = sv_mortalcopy(ST(2));
+            SvREFCNT_inc(arg2);
+            BIO_set_ex_data(bio, p5_bio_ex_bio_callback_data, (char *)arg2);
+        }
+        arg = sv_mortalcopy(ST(1));
+        SvREFCNT_inc(arg);
+        BIO_set_ex_data(bio, p5_bio_ex_bio_callback, (char *)arg);
+        /* printf("%08lx < bio_ptr\n",BIO_get_ex_data(bio,p5_bio_ex_bio_ptr)); */
+        BIO_set_callback(bio, p5_bio_callback);
+
+void
+p5_BIO_DESTROY(bio)
+    BIO *bio
+    PROTOTYPE: $
+    PREINIT:
+        SV *sv;
+    PPCODE:
+        pr_name_d("p5_BIO_DESTROY",bio->references);
+        /* printf("p5_BIO_DESTROY <%s> %d\n",bio->method->name,bio->references); */
+        BIO_set_ex_data(bio,p5_bio_ex_bio_ptr,NULL);
+        BIO_free_all(bio);
+
+int
+p5_BIO_set_ssl(bio, ssl)
+    BIO *bio;
+    SSL *ssl;
+    PROTOTYPE: $$
+    CODE:
+        pr_name("p5_BIO_set_ssl");
+        ssl->references++;
+        RETVAL = BIO_set_ssl(bio, ssl, BIO_CLOSE);
+    OUTPUT:
+        RETVAL
+
+int
+p5_BIO_number_read(bio)
+    BIO *bio;
+    PROTOTYPE: $
+    CODE:
+        RETVAL = BIO_number_read(bio);
+    OUTPUT:
+        RETVAL
+
+int
+p5_BIO_number_written(bio)
+    BIO *bio;
+    PROTOTYPE: $
+    CODE:
+        RETVAL = BIO_number_written(bio);
+    OUTPUT:
+        RETVAL
+
+int
+p5_BIO_references(bio)
+    BIO *bio;
+    PROTOTYPE: $
+    CODE:
+        RETVAL = bio->references; 
+    OUTPUT:
+        RETVAL
+
diff --git a/lib/libssl/src/perl/bn.xs b/lib/libssl/src/perl/openssl_bn.xs
index c15be3729a9..f79bf879e8b 100644
--- a/lib/libssl/src/perl/bn.xs
+++ b/lib/libssl/src/perl/openssl_bn.xs
@@ -1,4 +1,5 @@
-#include "p5SSLeay.h"
+
+#include "openssl.h"
 
 int sv_to_BIGNUM(var,arg,name)
 BIGNUM **var;
@@ -7,7 +8,7 @@ char *name;
 	{
 	int ret=1;
 
-	if (sv_derived_from(arg,"SSLeay::BN"))
+	if (sv_derived_from(arg,"OpenSSL::BN"))
 		{
 		IV tmp = SvIV((SV*)SvRV(arg));
 		*var = (BIGNUM *) tmp;
@@ -16,14 +17,14 @@ char *name;
 		SV *tmp=sv_newmortal();
 		*var=BN_new();
 		BN_set_word(*var,SvIV(arg));
-		sv_setref_pv(tmp,"SSLeay::BN",(void*)*var);
+		sv_setref_pv(tmp,"OpenSSL::BN",(void*)*var);
 		}
 	else if (SvPOK(arg)) {
 		char *ptr;
 		STRLEN len;
 		SV *tmp=sv_newmortal();
 		*var=BN_new();
-		sv_setref_pv(tmp,"SSLeay::BN", (void*)*var);
+		sv_setref_pv(tmp,"OpenSSL::BN", (void*)*var);
 		ptr=SvPV(arg,len);
 		SvGROW(arg,len+1);
 		ptr[len]='\0';
@@ -69,8 +70,9 @@ char *arg;
 	LEAVE;
 	}
 
-MODULE =  SSLeay::BN	PACKAGE = SSLeay::BN	PREFIX = p5_BN_
+MODULE =  OpenSSL::BN	PACKAGE = OpenSSL::BN	PREFIX = p5_BN_
 
+PROTOTYPES: ENABLE
 VERSIONCHECK: DISABLE
 
 void
@@ -83,7 +85,7 @@ p5_BN_new(...)
 		EXTEND(sp,1);
 		PUSHs(sv_newmortal());
 		bn=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)bn);
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)bn);
 
 void
 p5_BN_dup(a)
@@ -95,7 +97,7 @@ p5_BN_dup(a)
 		EXTEND(sp,1);
 		PUSHs(sv_newmortal());
 		bn=BN_dup(a);
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)bn);
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)bn);
 
 void
 p5_BN_rand(bits,...)
@@ -107,14 +109,14 @@ p5_BN_rand(bits,...)
 	PPCODE:	
 		pr_name("p5_BN_rand");
 		if ((items < 1) || (items > 3))
-			croak("Usage: SSLeay::BN::rand(bits[,top_bit][,bottombit]");
+			croak("Usage: OpenSSL::BN::rand(bits[,top_bit][,bottombit]");
 		if (items >= 2) top=(int)SvIV(ST(0));
 		if (items >= 3) bottom=(int)SvIV(ST(1));
 		EXTEND(sp,1);
 		PUSHs(sv_newmortal());
 		ret=BN_new();
 		BN_rand(ret,bits,top,bottom);
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret);
 
 void
 p5_BN_bin2bn(a)
@@ -126,7 +128,7 @@ p5_BN_bin2bn(a)
 		EXTEND(sp,1);
 		PUSHs(sv_newmortal());
 		ret=BN_bin2bn(a.dptr,a.dsize,NULL);
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret);
 
 void
 p5_BN_bn2bin(a)
@@ -152,7 +154,7 @@ p5_BN_mpi2bn(a)
 		EXTEND(sp,1);
 		PUSHs(sv_newmortal());
 		ret=BN_mpi2bn(a.dptr,a.dsize,NULL);
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret);
 
 void
 p5_BN_bn2mpi(a)
@@ -178,7 +180,7 @@ p5_BN_hex2bn(a)
 		EXTEND(sp,1);
 		PUSHs(sv_newmortal());
 		ret=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret);
 		BN_hex2bn(&ret,a.dptr);
 
 void
@@ -191,7 +193,7 @@ p5_BN_dec2bn(a)
 		EXTEND(sp,1);
 		PUSHs(sv_newmortal());
 		ret=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret);
 		BN_dec2bn(&ret,a.dptr);
 
 SV *
@@ -241,7 +243,7 @@ p5_BN_add(a,b)
 		EXTEND(sp,1);
 		PUSHs(sv_newmortal());
 		ret=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret);
 		BN_add(ret,a,b);
 
 void
@@ -255,7 +257,7 @@ p5_BN_sub(a,b)
 		EXTEND(sp,1);
 		PUSHs(sv_newmortal());
 		ret=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret);
 		BN_sub(ret,a,b);
 
 void
@@ -263,14 +265,16 @@ p5_BN_mul(a,b)
 	BIGNUM *a;
 	BIGNUM *b;
 	PREINIT:
+		static BN_CTX *ctx=NULL;
 		BIGNUM *ret;
 	PPCODE:
 		pr_name("p5_BN_mul");
+		if (ctx == NULL) ctx=BN_CTX_new();
 		EXTEND(sp,1);
 		PUSHs(sv_newmortal());
 		ret=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
-		BN_mul(ret,a,b);
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret);
+		BN_mul(ret,a,b,ctx);
 
 void
 p5_BN_div(a,b)
@@ -287,8 +291,8 @@ p5_BN_div(a,b)
 		PUSHs(sv_newmortal());
 		div=BN_new();
 		mod=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)div);
-		sv_setref_pv(ST(1), "SSLeay::BN", (void*)mod);
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)div);
+		sv_setref_pv(ST(1), "OpenSSL::BN", (void*)mod);
 		BN_div(div,mod,a,b,ctx);
 
 void
@@ -304,7 +308,7 @@ p5_BN_mod(a,b)
 		EXTEND(sp,1);
 		PUSHs(sv_newmortal());
 		rem=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)rem);
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)rem);
 		BN_mod(rem,a,b,ctx);
 
 void
@@ -320,7 +324,7 @@ p5_BN_exp(a,p)
 		EXTEND(sp,1);
 		PUSHs(sv_newmortal());
 		ret=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret);
 		BN_exp(ret,a,p,ctx);
 
 void
@@ -337,7 +341,7 @@ p5_BN_mod_mul(a,b,c)
 		EXTEND(sp,1);
 		PUSHs(sv_newmortal());
 		ret=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret);
 		BN_mod_mul(ret,a,b,c,ctx);
 
 void
@@ -354,7 +358,7 @@ p5_BN_mod_exp(a,b,c)
 		EXTEND(sp,1);
 		PUSHs(sv_newmortal());
 		ret=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret);
 		BN_mod_exp(ret,a,b,c,ctx);
 
 void
@@ -371,20 +375,20 @@ p5_BN_generate_prime(...)
 	PPCODE:
 		pr_name("p5_BN_generate_prime");
 		if ((items < 0) || (items > 4))
-			croak("Usage: SSLeay::BN::generate_prime(a[,strong][,callback][,cb_arg]");
+			croak("Usage: OpenSSL::BN::generate_prime(a[,strong][,callback][,cb_arg]");
 		if (items >= 1) bits=(int)SvIV(ST(0));
 		if (items >= 2) strong=(int)SvIV(ST(1));
 		if (items >= 3) callback=ST(2);
 		if (items == 4) cb_arg=ST(3);
 
 		if (callback == NULL)
-			ret=BN_generate_prime(bits,strong,NULL,NULL,NULL,NULL);
+			ret=BN_generate_prime(ret,bits,strong,NULL,NULL,NULL,NULL);
 		else
 			{
 			arg.cb=callback;
 			arg.arg=cb_arg;
 
-			ret=BN_generate_prime(bits,strong,NULL,NULL,
+			ret=BN_generate_prime(ret,bits,strong,NULL,NULL,
 				generate_prime_callback,(char *)&arg);
 			}
 
@@ -393,7 +397,7 @@ p5_BN_generate_prime(...)
 
 		EXTEND(sp,1);
 		PUSHs(sv_newmortal());
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret);
 
 void
 p5_BN_is_prime(p,...)
@@ -408,7 +412,7 @@ p5_BN_is_prime(p,...)
 	PPCODE:
 		pr_name("p5_BN_is_prime");
 		if ((items < 1) || (items > 4))
-			croak("Usage: SSLeay::BN::is_prime(a[,ncheck][,callback][,callback_arg]");
+			croak("Usage: OpenSSL::BN::is_prime(a[,ncheck][,callback][,callback_arg]");
 		if (ctx == NULL) ctx=BN_CTX_new();
 		if (items >= 2) nchecks=(int)SvIV(ST(1));
 		if (items >= 3) callback=ST(2);
@@ -477,7 +481,7 @@ p5_BN_set_bit(a,b)
 		EXTEND(sp,1);
 		PUSHs(sv_newmortal());
 		ret=BN_dup(a);
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret);
 		BN_set_bit(ret,b);
 
 void
@@ -491,7 +495,7 @@ p5_BN_clear_bit(a,b)
 		EXTEND(sp,1);
 		PUSHs(sv_newmortal());
 		ret=BN_dup(a);
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret);
 		BN_clear_bit(ret,b);
 
 void
@@ -505,7 +509,7 @@ p5_BN_lshift(a,b)
 		EXTEND(sp,1);
 		PUSHs(sv_newmortal());
 		ret=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret);
 		if (b == 1)
 			BN_lshift1(ret,a);
 		else
@@ -522,7 +526,7 @@ p5_BN_rshift(a,b)
 		EXTEND(sp,1);
 		PUSHs(sv_newmortal());
 		ret=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret);
 		if (b == 1)
 			BN_rshift1(ret,a);
 		else
@@ -539,7 +543,7 @@ p5_BN_mask_bits(a,b)
 		EXTEND(sp,1);
 		PUSHs(sv_newmortal());
 		ret=BN_dup(a);
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret);
 		BN_mask_bits(ret,b);
 
 void
@@ -562,7 +566,7 @@ p5_BN_gcd(a,b)
 		EXTEND(sp,1);
 		PUSHs(sv_newmortal());
 		ret=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret);
 		BN_gcd(ret,a,b,ctx);
 
 void
@@ -575,10 +579,10 @@ p5_BN_mod_inverse(a,mod)
 	PPCODE:
 		pr_name("p5_BN_mod_inverse");
 		if (ctx == NULL) ctx=BN_CTX_new();
-		ret=BN_mod_inverse(a,mod,ctx);
+		ret=BN_mod_inverse(ret,a,mod,ctx);
 		EXTEND(sp,1);
 		PUSHs(sv_newmortal());
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
+		sv_setref_pv(ST(0), "OpenSSL::BN", (void*)ret);
 
 void
 p5_BN_DESTROY(bn)
diff --git a/lib/libssl/src/perl/cipher.xs b/lib/libssl/src/perl/openssl_cipher.xs
index 1044d7a4ef8..e9ff2a8f790 100644
--- a/lib/libssl/src/perl/cipher.xs
+++ b/lib/libssl/src/perl/openssl_cipher.xs
@@ -1,4 +1,5 @@
-#include "p5SSLeay.h"
+
+#include "openssl.h"
 
 int boot_cipher()
 	{
@@ -6,15 +7,16 @@ int boot_cipher()
 	return(1);
 	}
 
-MODULE =  SSLeay::Cipher	PACKAGE = SSLeay::Cipher PREFIX = p5_EVP_C_
+MODULE =  OpenSSL::Cipher	PACKAGE = OpenSSL::Cipher PREFIX = p5_EVP_C_
 
+PROTOTYPES: ENABLE
 VERSIONCHECK: DISABLE
 
 void
 p5_EVP_C_new(...)
 	PREINIT:
 		EVP_CIPHER_CTX *ctx;
-		EVP_CIPHER *c;
+		const EVP_CIPHER *c;
 		char *name;
 	PPCODE:
 		if ((items == 1) && SvPOK(ST(0)))
@@ -22,14 +24,14 @@ p5_EVP_C_new(...)
 		else if ((items == 2) && SvPOK(ST(1)))
 			name=SvPV(ST(1),na);
 		else
-			croak("Usage: SSLeay::Cipher::new(type)");
+			croak("Usage: OpenSSL::Cipher::new(type)");
 		PUSHs(sv_newmortal());
 		c=EVP_get_cipherbyname(name);
 		if (c != NULL)
 			{
 			ctx=malloc(sizeof(EVP_CIPHER_CTX));
 			EVP_EncryptInit(ctx,c,NULL,NULL);
-			sv_setref_pv(ST(0), "SSLeay::Cipher", (void*)ctx);
+			sv_setref_pv(ST(0), "OpenSSL::Cipher", (void*)ctx);
 			}
 
 datum
diff --git a/lib/libssl/src/perl/digest.xs b/lib/libssl/src/perl/openssl_digest.xs
index 5738b09e48b..6cd3018e9f2 100644
--- a/lib/libssl/src/perl/digest.xs
+++ b/lib/libssl/src/perl/openssl_digest.xs
@@ -1,4 +1,5 @@
-#include "p5SSLeay.h"
+
+#include "openssl.h"
 
 int boot_digest()
 	{
@@ -6,12 +7,12 @@ int boot_digest()
 	return(1);
 	}
 
-MODULE =  SSLeay::MD	PACKAGE = SSLeay::MD	PREFIX = p5_EVP_MD_
+MODULE =  OpenSSL::MD	PACKAGE = OpenSSL::MD	PREFIX = p5_EVP_MD_
 
 PROTOTYPES: ENABLE
 VERSIONCHECK: DISABLE
 
-# SSLeay::MD::new(name) name= md2, md5, sha, sha1, or mdc2
+# OpenSSL::MD::new(name) name= md2, md5, sha, sha1, or mdc2
 #	md->name() - returns the name
 #	md->init() - reinitalises the digest
 #	md->update(data) - adds more data to digest
@@ -22,7 +23,7 @@ void
 p5_EVP_MD_new(...)
 	PREINIT:
 		EVP_MD_CTX *ctx;
-		EVP_MD *md;
+		const EVP_MD *md;
 		char *name;
 	PPCODE:
 		if ((items == 1) && SvPOK(ST(0)))
@@ -30,14 +31,14 @@ p5_EVP_MD_new(...)
 		else if ((items == 2) && SvPOK(ST(1)))
 			name=SvPV(ST(1),na);
 		else
-			croak("Usage: SSLeay::MD::new(type)");
+			croak("Usage: OpenSSL::MD::new(type)");
 		PUSHs(sv_newmortal());
 		md=EVP_get_digestbyname(name);
 		if (md != NULL)
 			{
 			ctx=malloc(sizeof(EVP_MD_CTX));
 			EVP_DigestInit(ctx,md);
-			sv_setref_pv(ST(0), "SSLeay::MD", (void*)ctx);
+			sv_setref_pv(ST(0), "OpenSSL::MD", (void*)ctx);
 			}
 
 datum
diff --git a/lib/libssl/src/perl/err.xs b/lib/libssl/src/perl/openssl_err.xs
index 6d1aec3ea12..3a6f698f285 100644
--- a/lib/libssl/src/perl/err.xs
+++ b/lib/libssl/src/perl/openssl_err.xs
@@ -1,4 +1,5 @@
-#include "p5SSLeay.h"
+
+#include "openssl.h"
 
 int boot_err()
 	{
@@ -6,7 +7,7 @@ int boot_err()
 	return(1);
 	}
 
-MODULE =  SSLeay::ERR	PACKAGE = SSLeay::ERR	PREFIX = p5_ERR_
+MODULE =  OpenSSL::ERR	PACKAGE = OpenSSL::ERR	PREFIX = p5_ERR_
 
 PROTOTYPES: ENABLE
 VERSIONCHECK: DISABLE
diff --git a/lib/libssl/src/perl/ssl.xs b/lib/libssl/src/perl/openssl_ssl.xs
index 6777cf7ada8..c7d1b171abf 100644
--- a/lib/libssl/src/perl/ssl.xs
+++ b/lib/libssl/src/perl/openssl_ssl.xs
@@ -1,4 +1,5 @@
-#include "p5SSLeay.h"
+
+#include "openssl.h"
 
 static int p5_ssl_ex_ssl_ptr=0;
 static int p5_ssl_ex_ssl_info_callback=0;
@@ -44,7 +45,7 @@ int ret;
 int boot_ssl()
 	{
 	p5_ssl_ex_ssl_ptr=		
-		SSL_get_ex_new_index(0,"SSLeay::SSL",ex_new,NULL,ex_cleanup);
+		SSL_get_ex_new_index(0,"OpenSSL::SSL",ex_new,NULL,ex_cleanup);
 	p5_ssl_ex_ssl_info_callback=
 		SSL_get_ex_new_index(0,"ssl_info_callback",NULL,NULL,
 			ex_cleanup);
@@ -57,8 +58,9 @@ int boot_ssl()
 	return(1);
 	}
 
-MODULE =  SSLeay::SSL	PACKAGE = SSLeay::SSL::CTX PREFIX = p5_SSL_CTX_
+MODULE =  OpenSSL::SSL	PACKAGE = OpenSSL::SSL::CTX PREFIX = p5_SSL_CTX_
 
+PROTOTYPES: ENABLE
 VERSIONCHECK: DISABLE
 
 void
@@ -74,7 +76,7 @@ p5_SSL_CTX_new(...)
 		else if ((items == 2) && SvPOK(ST(1)))
 			method=SvPV(ST(1),na);
 		else
-			croak("Usage: SSLeay::SSL_CTX::new(type)");
+			croak("Usage: OpenSSL::SSL::CTX::new(type)");
 			
 		if (strcmp(method,"SSLv3") == 0)
 			meth=SSLv3_method();
@@ -94,14 +96,20 @@ p5_SSL_CTX_new(...)
 			meth=SSLv2_client_method();
 		else if (strcmp(method,"SSLv2_server") == 0)
 			meth=SSLv2_server_method();
+		else if (strcmp(method,"TLSv1") == 0)
+			meth=TLSv1_method();
+		else if (strcmp(method,"TLSv1_client") == 0)
+			meth=TLSv1_client_method();
+		else if (strcmp(method,"TLSv1_server") == 0)
+			meth=TLSv1_server_method();
 		else
 			{
-			croak("Not passed a valid SSL method name, should be 'SSLv[23] [client|server]'");
+			croak("Not a valid SSL method name, should be 'SSLv[23] [client|server]'");
 			}
 		EXTEND(sp,1);
 		PUSHs(sv_newmortal());
 		ctx=SSL_CTX_new(meth);
-		sv_setref_pv(ST(0), "SSLeay::SSL::CTX", (void*)ctx);
+		sv_setref_pv(ST(0), "OpenSSL::SSL::CTX", (void*)ctx);
 
 int
 p5_SSL_CTX_use_PrivateKey_file(ctx,file,...)
@@ -113,7 +121,7 @@ p5_SSL_CTX_use_PrivateKey_file(ctx,file,...)
 	CODE:
 		pr_name("p5_SSL_CTX_use_PrivateKey_file");
 		if (items > 3)
-			croak("SSLeay::SSL::CTX::use_PrivateKey_file(ssl_ctx,file[,type])");
+			croak("OpenSSL::SSL::CTX::use_PrivateKey_file(ssl_ctx,file[,type])");
 		if (items == 3)
 			{
 			ptr=SvPV(ST(2),na);
@@ -139,7 +147,7 @@ p5_SSL_CTX_set_options(ctx,...)
 		for (i=1; i<items; i++)
 			{
 			if (!SvPOK(ST(i)))
-				croak("Usage: SSLeay::SSL_CTX::set_options(ssl_ctx[,option,value]+)");
+				croak("Usage: OpenSSL::SSL_CTX::set_options(ssl_ctx[,option,value]+)");
 			ptr=SvPV(ST(i),na);
 			if (strcmp(ptr,"-info_callback") == 0)
 				{
@@ -154,7 +162,7 @@ p5_SSL_CTX_set_options(ctx,...)
 				}
 			else
 				{
-				croak("SSLeay::SSL_CTX::set_options(): unknown option");
+				croak("OpenSSL::SSL_CTX::set_options(): unknown option");
 				}
 			}
 
@@ -167,7 +175,7 @@ p5_SSL_CTX_DESTROY(ctx)
 		pr_name_d("p5_SSL_CTX_DESTROY",ctx->references);
 		SSL_CTX_free(ctx);
 
-MODULE =  SSLeay::SSL	PACKAGE = SSLeay::SSL PREFIX = p5_SSL_
+MODULE =  OpenSSL::SSL	PACKAGE = OpenSSL::SSL PREFIX = p5_SSL_
 
 void
 p5_SSL_new(...)
@@ -175,30 +183,29 @@ p5_SSL_new(...)
 		SV *sv_ctx;
 		SSL_CTX *ctx;
 		SSL *ssl;
-		int i;
 		SV *arg;
 	PPCODE:
 		pr_name("p5_SSL_new");
 		if ((items != 1) && (items != 2))
-			croak("Usage: SSLeay::SSL::new(ssl_ctx)");
-		if (sv_derived_from(ST(items-1),"SSLeay::SSL::CTX"))
+			croak("Usage: OpenSSL::SSL::new(ssl_ctx)");
+		if (sv_derived_from(ST(items-1),"OpenSSL::SSL::CTX"))
 			{
 			IV tmp = SvIV((SV*)SvRV(ST(items-1)));
 			ctx=(SSL_CTX *)tmp;
 			sv_ctx=ST(items-1);
 			}
 		else
-			croak("ssl_ctx is not of type SSLeay::SSL::CTX");
+			croak("ssl_ctx is not of type OpenSSL::SSL::CTX");
 
 		EXTEND(sp,1);
 		PUSHs(sv_newmortal());
 		ssl=SSL_new(ctx);
-		sv_setref_pv(ST(0), "SSLeay::SSL", (void*)ssl);
+		sv_setref_pv(ST(0), "OpenSSL::SSL", (void*)ssl);
 
 		/* Now this is being a little hairy, we keep a pointer to
 		 * our perl reference.  We need to do a different one
-		 * to the one we return because it will have it's reference
-		 * count droped to 0 apon return and if we up its reference
+		 * to the one we return because it will have its reference
+		 * count dropped to 0 upon return and if we up its reference
 		 * count, it will never be DESTROYED */
 		arg=newSVsv(ST(0));
 		SSL_set_ex_data(ssl,p5_ssl_ex_ssl_ptr,(char *)arg);
@@ -241,7 +248,7 @@ p5_SSL_sysread(ssl,in,num, ...)
 			if (offset < 0)
 				{
 				if (-offset > olen)
-					croad("Offset outside string");
+					croak("Offset outside string");
 				offset+=olen;
 				}
 			}
@@ -317,7 +324,7 @@ p5_SSL_set_options(ssl,...)
 		for (i=1; i<items; i++)
 			{
 			if (!SvPOK(ST(i)))
-				croak("Usage: SSLeay::SSL::set_options(ssl[,option,value]+)");
+				croak("Usage: OpenSSL::SSL::set_options(ssl[,option,value]+)");
 			ptr=SvPV(ST(i),na);
 			if (strcmp(ptr,"-info_callback") == 0)
 				{
@@ -339,7 +346,7 @@ p5_SSL_set_options(ssl,...)
 				}
 			else
 				{
-				croak("SSLeay::SSL::set_options(): unknown option");
+				croak("OpenSSL::SSL::set_options(): unknown option");
 				}
 			}
 
@@ -362,7 +369,9 @@ p5_SSL_DESTROY(ssl)
 	SSL *ssl;
 	CODE:
 	pr_name_dd("p5_SSL_DESTROY",ssl->references,ssl->ctx->references);
+#ifdef DEBUG
 	fprintf(stderr,"SSL_DESTROY %d\n",ssl->references);
+#endif
 	SSL_free(ssl);
 
 int
@@ -421,7 +430,7 @@ p5_SSL_get_peer_certificate(ssl)
 	OUTPUT:
 		RETVAL
 
-MODULE =  SSLeay::SSL	PACKAGE = SSLeay::SSL::CIPHER PREFIX = p5_SSL_CIPHER_
+MODULE =  OpenSSL::SSL	PACKAGE = OpenSSL::SSL::CIPHER PREFIX = p5_SSL_CIPHER_
 
 int
 p5_SSL_CIPHER_get_bits(sc)
@@ -452,7 +461,7 @@ p5_SSL_CIPHER_get_name(sc)
 	OUTPUT:
 		RETVAL
 
-MODULE =  SSLeay::SSL	PACKAGE = SSLeay::BIO PREFIX = p5_BIO_
+MODULE =  OpenSSL::SSL	PACKAGE = OpenSSL::BIO PREFIX = p5_BIO_
 
 void
 p5_BIO_get_ssl(bio)
diff --git a/lib/libssl/src/perl/x509.xs b/lib/libssl/src/perl/openssl_x509.xs
index 67633ad2254..008d959c642 100644
--- a/lib/libssl/src/perl/x509.xs
+++ b/lib/libssl/src/perl/openssl_x509.xs
@@ -1,6 +1,7 @@
-#include "p5SSLeay.h"
 
-MODULE =  SSLeay::X509	PACKAGE = SSLeay::X509	PREFIX = p5_X509_
+#include "openssl.h"
+
+MODULE =  OpenSSL::X509	PACKAGE = OpenSSL::X509	PREFIX = p5_X509_
 
 PROTOTYPES: ENABLE
 VERSIONCHECK: DISABLE
@@ -15,7 +16,7 @@ p5_X509_new(void )
 		EXTEND(sp,1);
 		PUSHs(sv_newmortal());
 		x509=X509_new();
-		sv_setref_pv(ST(0),"SSLeay::X509",(void *)x509);
+		sv_setref_pv(ST(0),"OpenSSL::X509",(void *)x509);
 
 char *
 p5_X509_get_subject_name(x509)
diff --git a/lib/libssl/src/perl/r.pl b/lib/libssl/src/perl/r.pl
deleted file mode 100644
index abcc331c785..00000000000
--- a/lib/libssl/src/perl/r.pl
+++ /dev/null
@@ -1,56 +0,0 @@
-#!/usr/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-$bits=512;
-$bits=$ARGV[0] if $#ARGV >= 0;
-
-$q=SSLeay::BN::dec2bn("334533373942443239443435463034324139443635374634423531423146313742443038394230324138363038393539303745363034393946353346323345374537463935433635374238353245344341444241344138413244373443323338334431414134363244443532423243423133433537");
-
-$p=SSLeay::BN::dec2bn("3338413942343132463534373734353742343636444439363131313131353843334536434330363934313646414132453044434138413630434631334134443046313735313632344131433437443642434436423642453234383046393732383538444139393131314339303743393939363744443235443332393332394543384630304634323646333735");
-$pp=SSLeay::BN::generate_prime($bits/2,0,sub {print STDERR $_[0]?"+":"."});
-
-printf $pp->is_prime."\n";
-printf $p->is_prime."\n";
-printf $q->is_prime."\n";
-printf "p->length=%d\n",$p->num_bits;
-printf "q->length=%d\n",$q->num_bits;
-$bits=$p->num_bits+$q->num_bits;
-$e=SSLeay::BN::hex2bn("10001");
-
-$t1=$p-1;
-$t2=$q-1;
-
-($t1->gcd($e) == 1) || die "p failed the gcd test\n";
-($t2->gcd($e) == 1) || die "q failed the gcd test\n";
-
-($q,$p)=($p,$q) if ($p < $q);
-$n=$p*$q;
-$t=($p-1)*($q-1);
-($t->gcd($e) == 1) || die "t failed the gcd test\n";
-
-$d=$e->mod_inverse($t);
-
-$dmp1=$d%($p-1);
-$dmq1=$d%($q-1);
-$iqmp=$q->mod_inverse($p);
-
-print "n   =$n\n";
-print "e   =$e\n";
-print "d   =$d\n";
-print "dmp1=$dmp1\n";
-print "dmq1=$dmq1\n";
-print "iqmp=$iqmp\n";
-
-$a=SSLeay::BN::bin2bn("This is an RSA test");
-print "Test with\n'".$a->bn2bin."' or\n$a\n";
-
-print "<$a>\n";
-$t1=$a->mod_exp($e,$n);
-print ">$t1>\n";
-$t2=$t1->mod_exp($d,$n);
-print "<$t2>\n";
-
-
diff --git a/lib/libssl/src/perl/s.pl b/lib/libssl/src/perl/s.pl
deleted file mode 100644
index 1d438a6765a..00000000000
--- a/lib/libssl/src/perl/s.pl
+++ /dev/null
@@ -1,72 +0,0 @@
-#!/usr/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-$ssl_ctx=SSL::CTX->new("SSLv3_client");
-
-$ssl_ctx->set_options("-info_callback" =>
-	sub	{
-		print STDERR $_[0]->state()."\n";
-		}
-	);
-
-$conn="localhost:4433";
-$conn=$ARGV[0] if $#ARGV >= 0;
-$cbio=BIO->new("connect");
-$cbio->hostname($conn) || die $ssl->error();
-
-$bbio=BIO->new("buffer");
-
-$sbio=BIO->new("ssl");
-$ssl=$ssl_ctx->new_ssl;
-$ssl->set_options(-connect_state);
-$sbio->set_ssl($ssl);
-
-$sbio->push($cbio);
-$bbio->push($sbio);
-$bio=$bbio;
-
-#$bio->set_callback(
-#	sub	{
-#		my($bio,$state,$cmd,$buf,$lart,$ret)=@_;
-#		print STDERR "$state:$cmd\n";
-#		return($ret);
-#		}
-#	);
-
-$b=$bio;
-do	{
-	print STDERR $b->type."\n";
-	} while ($b=$b->next_bio);
-
-(($ret=$bio->syswrite("GET / HTTP/1.0\r\n\r\n")) > 0) || die $bio->error();
-$bio->flush;
-
-$data="";
-while (1)
-	{
-	$ret=$bio->getline;
-	$ret =~ s/[\r\n]//g;
-	print STDERR "$ret\n";
-	last if $ret eq "";
-	$server=$1 if $ret=~ /^Server: (.*)/;
-	}
-
-
-print "server is $server\n";
-$x509=$ssl->get_peer_certificate();
-print "version     :".$x509->get_version()."\n";
-print "serialNumber:".$x509->get_serialNumber()->bn2hex."\n";
-print "subject     :".$x509->get_subject_name()."\n";
-print "issuer      :". $x509->get_issuer_name()."\n";
-
-$c=$ssl->get_current_cipher;
-($i,$a)=$c->get_bits;
-$v=$c->get_version;
-$n=$c->get_name;
-
-print "protocol=".$ssl->get_version."\n";
-print "bits=$i($a) cipher type=$v cipher=$n\n";
-
diff --git a/lib/libssl/src/perl/s2.pl b/lib/libssl/src/perl/s2.pl
deleted file mode 100644
index d39b4b8e250..00000000000
--- a/lib/libssl/src/perl/s2.pl
+++ /dev/null
@@ -1,49 +0,0 @@
-#!/usr/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-$ssl_ctx=SSL::CTX->new("SSLv3");
-
-$ssl_ctx->set_options("-info_callback" =>
-	sub	{
-		print STDERR $_[0]->state()."\n";
-		}
-	);
-
-$conn="localhost:4433";
-$conn=$ARGV[0] if $#ARGV >= 0;
-$cbio=BIO->new("connect");
-$cbio->hostname($conn) || die $ssl->error();
-
-$ssl=$ssl_ctx->new_ssl;
-$sbio=BIO->new("ssl");
-$sbio->set_ssl($ssl);
-$ssl->set_options("-connect_state");
-
-$bio=BIO->new("buffer");
-
-$sbio->push($cbio);
-$bio->push($sbio);
-
-($bio->do_handshake() > 0) || die $bio->error();
-
-(($ret=$bio->syswrite("GET / HTTP/1.0\r\n\r\n")) > 0) || die $ssl->error();
-$bio->flush() || die $bio->error();
-
-$data="";
-while ($_=$bio->getline())
-	{
-	if (/^Server:/)
-		{
-		print;
-		last;
-		}
-	}
-
-if ($bio->peek_error())
-	{
-	print "There was an error:".$ssl->error();
-	}
-print "exit\n";
diff --git a/lib/libssl/src/perl/server.pem b/lib/libssl/src/perl/server.pem
deleted file mode 100644
index eabb927036f..00000000000
--- a/lib/libssl/src/perl/server.pem
+++ /dev/null
@@ -1,369 +0,0 @@
-issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
-subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)
------BEGIN CERTIFICATE-----
-MIIB6TCCAVICAQAwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
-BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
-VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzQ2WhcNOTgwNjA5
-MTM1NzQ2WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
-A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl
-cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP
-Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2//
-Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB4TMR2CvacKE9wAsu9jyCX8YiW
-mgCM+YoP6kt4Zkj2z5IRfm7WrycKsnpnOR+tGeqAjkCeZ6/36o9l91RvPnN1VJ/i
-xQv2df0KFeMr00IkDdTNAdIWqFkSsZTAY2QAdgenb7MB1joejquYzO2DQIO7+wpH
-irObpESxAZLySCmPPg==
------END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD
-TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu
-OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj
-gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz
-rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b
-PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA
-vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU=
------END RSA PRIVATE KEY-----
-subject=/C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
-issuer= /C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
-notBefore=950413210656Z
-notAfter =970412210656Z
------BEGIN X509 CERTIFICATE-----
-
-MIICCDCCAXECAQAwDQYJKoZIhvcNAQEEBQAwTjELMAkGA1UEBhMCVVMxHzAdBgNV
-BAoUFkFUJlQgQmVsbCBMYWJvcmF0b3JpZXMxHjAcBgNVBAsUFVByb3RvdHlwZSBS
-ZXNlYXJjaCBDQTAeFw05NTA0MTMyMTA2NTZaFw05NzA0MTIyMTA2NTZaME4xCzAJ
-BgNVBAYTAlVTMR8wHQYDVQQKFBZBVCZUIEJlbGwgTGFib3JhdG9yaWVzMR4wHAYD
-VQQLFBVQcm90b3R5cGUgUmVzZWFyY2ggQ0EwgZwwDQYJKoZIhvcNAQEBBQADgYoA
-MIGGAoGAebOmgtSCl+wCYZc86UGYeTLY8cjmW2P0FN8ToT/u2pECCoFdrlycX0OR
-3wt0ZhpFXLVNeDnHwEE9veNUih7pCL2ZBFqoIoQkB1lZmXRiVtjGonz8BLm/qrFM
-YHb0lme/Ol+s118mwKVxnn6bSAeI/OXKhLaVdYZWk+aEaxEDkVkCAQ8wDQYJKoZI
-hvcNAQEEBQADgYEAAZMG14lZmZ8bahkaHaTV9dQf4p2FZiQTFwHP9ZyGsXPC+LT5
-dG5iTaRmyjNIJdPWohZDl97kAci79aBndvuEvRKOjLHs3WRGBIwERnAcnY9Mz8u/
-zIHK23PjYVxGGaZd669OJwD0CYyqH22HH9nFUGaoJdsv39ChW0NRdLE9+y8=
------END X509 CERTIFICATE-----
-issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
-subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
------BEGIN CERTIFICATE-----
-MIICJjCCAY8CAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
-BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
-VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0M1oXDTAxMDYw
-OTEzNTc0M1owWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
-BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgxMDI0
-IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgybTsZ
-DCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/dFXSv
-1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUecQU2
-mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAM7achv3v
-hLQJcv/65eGEpBXM40ZDVoFQFFJWaY5p883HTqLB1x4FdzsXHH0QKBTcKpWwqyu4
-YDm3fb8oDugw72bCzfyZK/zVZPR/hVlqI/fvU109Qoc+7oPvIXWky71HfcK6ZBCA
-q30KIqGM/uoM60INq97qjDmCJapagcNBGQs=
------END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
-gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
-2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
-AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
-hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
-J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
-HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
-21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
-nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
-MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
-pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
-KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
-XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
------END RSA PRIVATE KEY-----
------BEGIN X509 CERTIFICATE-----
-MIICYDCCAiACAgEoMAkGBSsOAwINBQAwfDELMAkGA1UEBhMCVVMxNjA0BgNVBAoT
-LU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZ
-MBcGA1UECxMQVGVzdCBFbnZpcm9ubWVudDEaMBgGA1UECxMRRFNTLU5BU0EtUGls
-b3QtQ0EwHhcNOTYwMjI2MTYzMjQ1WhcNOTcwMjI1MTYzMjQ1WjB8MQswCQYDVQQG
-EwJVUzE2MDQGA1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFk
-bWluaXN0cmF0aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MRowGAYDVQQL
-ExFEU1MtTkFTQS1QaWxvdC1DQTCB8jAJBgUrDgMCDAUAA4HkADCB4AJBAMA/ssKb
-hPNUG7ZlASfVwEJU21O5OyF/iyBzgHI1O8eOhJGUYO8cc8wDMjR508Mr9cp6Uhl/
-ZB7FV5GkLNEnRHYCQQDUEaSg45P2qrDwixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLb
-bn3QK74T2IxY1yY+kCNq8XrIqf5fJJzIH0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3
-fVd0geUCQQCzCFUQAh+ZkEmp5804cs6ZWBhrUAfnra8lJItYo9xPcXgdIfLfibcX
-R71UsyO77MRD7B0+Ag2tq794IleCVcEEMAkGBSsOAwINBQADLwAwLAIUUayDfreR
-Yh2WeU86/pHNdkUC1IgCFEfxe1f0oMpxJyrJ5XIxTi7vGdoK
------END X509 CERTIFICATE-----
------BEGIN X509 CERTIFICATE-----
-
-MIICGTCCAdgCAwCqTDAJBgUrDgMCDQUAMHwxCzAJBgNVBAYTAlVTMTYwNAYDVQQK
-Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x
-GTAXBgNVBAsTEFRlc3QgRW52aXJvbm1lbnQxGjAYBgNVBAsTEURTUy1OQVNBLVBp
-bG90LUNBMB4XDTk2MDUxNDE3MDE0MVoXDTk3MDUxNDE3MDE0MVowMzELMAkGA1UE
-BhMCQVUxDzANBgNVBAoTBk1pbmNvbTETMBEGA1UEAxMKRXJpYyBZb3VuZzCB8jAJ
-BgUrDgMCDAUAA4HkADCB4AJBAKbfHz6vE6pXXMTpswtGUec2tvnfLJUsoxE9qs4+
-ObZX7LmLvragNPUeiTJx7UOWZ5DfBj6bXLc8eYne0lP1g3ACQQDUEaSg45P2qrDw
-ixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLbbn3QK74T2IxY1yY+kCNq8XrIqf5fJJzI
-H0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3fVd0geUCQQCzCFUQAh+ZkEmp5804cs6Z
-WBhrUAfnra8lJItYo9xPcXgdIfLfibcXR71UsyO77MRD7B0+Ag2tq794IleCVcEE
-MAkGBSsOAwINBQADMAAwLQIUWsuuJRE3VT4ueWkWMAJMJaZjj1ECFQCYY0zX4bzM
-LC7obsrHD8XAHG+ZRG==
------END X509 CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIICTTCCAbagAwIBAgIBADANBgkqhkiG9w0BAQQFADBMMQswCQYDVQQGEwJHQjEM
-MAoGA1UEChMDVUNMMRgwFgYDVQQLEw9JQ0UtVEVMIFByb2plY3QxFTATBgNVBAMT
-DFRydXN0RmFjdG9yeTAeFw05NzA0MjIxNDM5MTRaFw05ODA0MjIxNDM5MTRaMEwx
-CzAJBgNVBAYTAkdCMQwwCgYDVQQKEwNVQ0wxGDAWBgNVBAsTD0lDRS1URUwgUHJv
-amVjdDEVMBMGA1UEAxMMVHJ1c3RGYWN0b3J5MIGcMAoGBFUIAQECAgQAA4GNADCB
-iQKBgQCEieR8NcXkUW1f0G6aC6u0i8q/98JqS6RxK5YmHIGKCkuTWAUjzLfUa4dt
-U9igGCjTuxaDqlzEim+t/02pmiBZT9HaX++35MjQPUWmsChcYU5WyzGErXi+rQaw
-zlwS73zM8qiPj/97lXYycWhgL0VaiDSPxRXEUdWoaGruom4mNQIDAQABo0IwQDAd
-BgNVHQ4EFgQUHal1LZr7oVg5z6lYzrhTgZRCmcUwDgYDVR0PAQH/BAQDAgH2MA8G
-A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAfaggfl6FZoioecjv0dq8
-/DXo/u11iMZvXn08gjX/zl2b4wtPbShOSY5FhkSm8GeySasz+/Nwb/uzfnIhokWi
-lfPZHtlCWtXbIy/TN51eJyq04ceDCQDWvLC2enVg9KB+GJ34b5c5VaPRzq8MBxsA
-S7ELuYGtmYgYm9NZOIr7yU0=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIB6jCCAZQCAgEtMA0GCSqGSIb3DQEBBAUAMIGAMQswCQYDVQQGEwJVUzE2MDQG
-A1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFkbWluaXN0cmF0
-aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MR4wHAYDVQQLExVNRDUtUlNB
-LU5BU0EtUGlsb3QtQ0EwHhcNOTYwNDMwMjIwNTAwWhcNOTcwNDMwMjIwNTAwWjCB
-gDELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu
-ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZMBcGA1UECxMQVGVzdCBFbnZpcm9ubWVu
-dDEeMBwGA1UECxMVTUQ1LVJTQS1OQVNBLVBpbG90LUNBMFkwCgYEVQgBAQICAgAD
-SwAwSAJBALmmX5+GqAvcrWK13rfDrNX9UfeA7f+ijyBgeFQjYUoDpFqapw4nzQBL
-bAXug8pKkRwa2Zh8YODhXsRWu2F/UckCAwEAATANBgkqhkiG9w0BAQQFAANBAH9a
-OBA+QCsjxXgnSqHx04gcU8S49DVUb1f2XVoLnHlIb8RnX0k5O6mpHT5eti9bLkiW
-GJNMJ4L0AJ/ac+SmHZc=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIICajCCAdMCBDGA0QUwDQYJKoZIhvcNAQEEBQAwfTELMAkGA1UEBhMCQ2ExDzAN
-BgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmlsaXR5IEFjY2VwdGVkMR8w
-HQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRwwGgYDVQQDExNFbnRydXN0
-IERlbW8gV2ViIENBMB4XDTk2MDQyNjEzMzUwMVoXDTA2MDQyNjEzMzUwMVowfTEL
-MAkGA1UEBhMCQ2ExDzANBgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmls
-aXR5IEFjY2VwdGVkMR8wHQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRww
-GgYDVQQDExNFbnRydXN0IERlbW8gV2ViIENBMIGdMA0GCSqGSIb3DQEBAQUAA4GL
-ADCBhwKBgQCaroS7O1DA0hm4IefNYU1cx/nqOmzEnk291d1XqznDeF4wEgakbkCc
-zTKxK791yNpXG5RmngqH7cygDRTHZJ6mfCRn0wGC+AI00F2vYTGqPGRQL1N3lZT0
-YDKFC0SQeMMjFIZ1aeQigroFQnHo0VB3zWIMpNkka8PY9lxHZAmWwQIBAzANBgkq
-hkiG9w0BAQQFAAOBgQBAx0UMVA1s54lMQyXjMX5kj99FJN5itb8bK1Rk+cegPQPF
-cWO9SEWyEjjBjIkjjzAwBkaEszFsNGxemxtXvwjIm1xEUMTVlPEWTs2qnDvAUA9W
-YqhWbhH0toGT36236QAsqCZ76rbTRVSSX2BHyJwJMG2tCRv7kRJ//NIgxj3H4w==
------END CERTIFICATE-----
-
-issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
-subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
------BEGIN CERTIFICATE-----
-MIICJzCCAZACAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
-BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
-VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTczN1oXDTAxMDYw
-OTEzNTczN1owXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
-BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy
-NCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfjIrkg
-40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp
-22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3vR1Y
-BEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABNA1u/S
-Cg/LJZWb7GliiKJsvuhxlE4E5JxQF2zMub/CSNbF97//tYSyj96sxeFQxZXbcjm9
-xt6mr/xNLA4szNQMJ4P+L7b5e/jC5DSqlwS+CUYJgaFs/SP+qJoCSu1bR3IM9XWO
-cRBpDmcBbYLkSyB92WURvsZ1LtjEcn+cdQVI
------END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg
-wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ
-vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB
-AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc
-z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz
-xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7
-HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD
-yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS
-xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj
-7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG
-h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL
-QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q
-hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=
------END RSA PRIVATE KEY-----
-subject=/C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
-issuer= /C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
-notBefore=941104185834Z
-notAfter =991103185834Z
------BEGIN X509 CERTIFICATE-----
-
-MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw
-HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy
-Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05
-OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT
-ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u
-IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o
-975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/
-touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE
-7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j
-9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI
-0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb
-MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU=
------END X509 CERTIFICATE-----
-subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
-issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
-notBefore=941109235417Z
-notAfter =991231235417Z
------BEGIN X509 CERTIFICATE-----
-
-MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw
-HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl
-IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda
-Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0
-YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp
-Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB
-roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12
-aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc
-HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A
-iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7
-suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h
-cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk=
------END X509 CERTIFICATE-----
-subject=/C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
-	/OU=Certification Services Division/CN=Thawte Server CA
-	/Email=server-certs@thawte.com
-issuer= /C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
-	/OU=Certification Services Division/CN=Thawte Server CA
-	/Email=server-certs@thawte.com
------BEGIN CERTIFICATE-----
-MIIC+TCCAmICAQAwDQYJKoZIhvcNAQEEBQAwgcQxCzAJBgNVBAYTAlpBMRUwEwYD
-VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
-VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
-dmljZXMgRGl2aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkq
-hkiG9w0BCQEWF3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMB4XDTk2MDcyNzE4MDc1
-N1oXDTk4MDcyNzE4MDc1N1owgcQxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0
-ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMUVGhhd3RlIENv
-bnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2
-aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkqhkiG9w0BCQEW
-F3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
-iQKBgQDTpFBuyP9Wa+bPXbbqDGh1R6KqwtqEJfyo9EdR2oW1IHSUhh4PdcnpCGH1
-Bm0wbhUZAulSwGLbTZme4moMRDjN/r7jZAlwxf6xaym2L0nIO9QnBCUQly/nkG3A
-KEKZ10xD3sP1IW1Un13DWOHA5NlbsLjctHvfNjrCtWYiEtaHDQIDAQABMA0GCSqG
-SIb3DQEBBAUAA4GBAIsvn7ifX3RUIrvYXtpI4DOfARkTogwm6o7OwVdl93yFhDcX
-7h5t0XZ11MUAMziKdde3rmTvzUYIUCYoY5b032IwGMTvdiclK+STN6NP2m5nvFAM
-qJT5gC5O+j/jBuZRQ4i0AMYQr5F4lT8oBJnhgafw6PL8aDY2vMHGSPl9+7uf
------END CERTIFICATE-----
-
------BEGIN CERTIFICATE-----
-MIIDDTCCAnYCAQAwDQYJKoZIhvcNAQEEBQAwgc4xCzAJBgNVBAYTAlpBMRUwEwYD
-VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
-VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
-dmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBD
-QTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTAeFw05
-NjA3MjcxODA3MTRaFw05ODA3MjcxODA3MTRaMIHOMQswCQYDVQQGEwJaQTEVMBMG
-A1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAbBgNVBAoT
-FFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNl
-cnZpY2VzIERpdmlzaW9uMSEwHwYDVQQDExhUaGF3dGUgUHJlbWl1bSBTZXJ2ZXIg
-Q0ExKDAmBgkqhkiG9w0BCQEWGXByZW1pdW0tc2VydmVyQHRoYXd0ZS5jb20wgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANI2NmqL18JbntqBQWKPOO5JBFXW0O8c
-G5UWR+8YSDU6UvQragaPOy/qVuOvho2eF/eetGV1Ak3vywmiIVHYm9Bn0LoNkgYU
-c9STy5cqAJxcTgy8+hVS/PJEbtoRSm4Iny8t4/mqOoZztkZTWMiJBb2DEbhzP6oH
-jfRCTedAnRw3AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAutFIgTRZVYerIZfL9lvR
-w9Eifvvo5KTZ3h+Bj+VzNnyw4Qc/IyXkPOu6SIiH9LQ3sCmWBdxpe+qr4l77rLj2
-GYuMtESFfn1XVALzkYgC7JcPuTOjMfIiMByt+uFf8AV8x0IW/Qkuv+hEQcyM9vxK
-3VZdLbCVIhNoEsysrxCpxcI=
------END CERTIFICATE-----
-Tims test GCI CA
-
------BEGIN CERTIFICATE-----
-MIIB8DCCAZoCAQAwDQYJKoZIhvcNAQEEBQAwgYIxCzAJBgNVBAYTAkFVMRMwEQYD
-VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
-cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBD
-cnlwdFNvZnQgRGV2IENBMB4XDTk3MDMyMjEzMzQwNFoXDTk4MDMyMjEzMzQwNFow
-gYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhC
-cmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2Rl
-dmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQgRGV2IENBMFwwDQYJKoZIhvcN
-AQEBBQADSwAwSAJBAOAOAqogG5QwAmLhzyO4CoRnx/wVy4NZP4dxJy83O1EnL0rw
-OdsamJKvPOLHgSXo3gDu9uVyvCf/QJmZAmC5ml8CAwEAATANBgkqhkiG9w0BAQQF
-AANBADRRS/GVdd7rAqRW6SdmgLJduOU2yq3avBu99kRqbp9A/dLu6r6jU+eP4oOA
-TfdbFZtAAD2Hx9jUtY3tfdrJOb8= 
------END CERTIFICATE-----
-
------BEGIN CERTIFICATE-----
-MIICVjCCAgACAQAwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAkFVMRMwEQYD
-VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
-cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsTI1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9O
-IEFVVEhPUklUSUVTMTQwMgYDVQQDEytaRVJPIFZBTFVFIENBIC0gREVNT05TVFJB
-VElPTiBQVVJQT1NFUyBPTkxZMB4XDTk3MDQwMzEzMjI1NFoXDTk4MDQwMzEzMjI1
-NFowgbUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
-EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsT
-I1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9OIEFVVEhPUklUSUVTMTQwMgYDVQQDEyta
-RVJPIFZBTFVFIENBIC0gREVNT05TVFJBVElPTiBQVVJQT1NFUyBPTkxZMFwwDQYJ
-KoZIhvcNAQEBBQADSwAwSAJBAOZ7T7yqP/tyspcko3yPY1y0Cm2EmwNvzW4QgVXR
-Fjs3HmJ4xtSpXdo6mwcGezL3Abt/aQXaxv9PU8xt+Jr0OFUCAwEAATANBgkqhkiG
-9w0BAQQFAANBAOQpYmGgyCqCy1OljgJhCqQOu627oVlHzK1L+t9vBaMfn40AVUR4
-WzQVWO31KTgi5vTK1U+3h46fgUWqQ0h+6rU=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIAwgKADAgECAgEAMA0GCSqGSIb3DQEBBAUAMGIxETAPBgNVBAcTCEludGVybmV0
-MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh
-c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw05NjA0MDgxMDIwMjda
-Fw05NzA0MDgxMDIwMjdaMGIxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5W
-ZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIElu
-ZGl2aWR1YWwgU3Vic2NyaWJlcjCAMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2
-FKbPTdAFDdjKI9BvqrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7j
-W80GqLd5HUQq7XPysVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cari
-QPJUObwW7s987LrbP2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABAAAAADANBgkqhkiG
-9w0BAQQFAAOBgQA+1nJryNt8VBRjRr07ArDAV/3jAH7GjDc9jsrxZS68ost9v06C
-TvTNKGL+LISNmFLXl+JXhgGB0JZ9fvyYzNgHQ46HBUng1H6voalfJgS2KdEo50wW
-8EFZYMDkT1k4uynwJqkVN2QJK/2q4/A/VCov5h6SlM8Affg2W+1TLqvqkwAA
------END CERTIFICATE-----
-
- subject=/L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
- issuer= /L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
-
------BEGIN CERTIFICATE-----
-MIIEkzCCA/ygAwIBAgIRANDTUpSRL3nTFeMrMayFSPAwDQYJKoZIhvcNAQECBQAw
-YjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQw
-MgYDVQQLEytWZXJpU2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3Jp
-YmVyMB4XDTk2MDYwNDAwMDAwMFoXDTk4MDYwNDIzNTk1OVowYjERMA8GA1UEBxMI
-SW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJp
-U2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMIGfMA0GCSqG
-SIb3DQEBAQUAA4GNADCBiQKBgQC6A+2czKGRcYMfm8gdnk+0de99TDDzsqo0v5nb
-RsbUmMcdRQ7nsMbRWe0SAb/9QoLTZ/cJ0iOBqdrkz7UpqqKarVoTSdlSMVM92tWp
-3bJncZHQD1t4xd6lQVdI1/T6R+5J0T1ukOdsI9Jmf+F28S6g3R3L1SFwiHKeZKZv
-z+793wIDAQABo4ICRzCCAkMwggIpBgNVHQMBAf8EggIdMIICGTCCAhUwggIRBgtg
-hkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0ZXMg
-YnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0IHRv
-LCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQg
-KENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQ
-Uy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBv
-ciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1v
-dW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04ODMw
-IENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0cyBS
-ZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJQUJJ
-TElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQECMC8w
-LRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMDAU
-BglghkgBhvhCAQEBAf8EBAMCAgQwDQYJKoZIhvcNAQECBQADgYEApRJRkNBqLLgs
-53IR/d18ODdLOWMTZ+QOOxBrq460iBEdUwgF8vmPRX1ku7UiDeNzaLlurE6eFqHq
-2zPyK5j60zfTLVJMWKcQWwTJLjHtXrW8pxhNtFc6Fdvy5ZkHnC/9NIl7/t4U6WqB
-p4y+p7SdMIkEwIZfds0VbnQyX5MRUJY=
------END CERTIFICATE-----
-
- subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
- issuer= /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
------BEGIN CERTIFICATE-----
-MIICMTCCAZoCBQKhAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
-FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMg
-UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
-Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
-biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
-Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyVxZ
-nvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqoRAWq7AMfeH+ek7ma
-AKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4rCNfcCk2pMmG57Ga
-IMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATANBgkqhkiG9w0BAQIF
-AAOBgQB1Zmw+0c2B27X4LzZRtvdCvM1Cr9wO+hVs+GeTVzrrtpLotgHKjLeOQ7RJ
-Zfk+7r11Ri7J/CVdqMcvi5uPaM+0nJcYwE3vH9mvgrPmZLiEXIqaB1JDYft0nls6
-NvxMsvwaPxUupVs8G5DsiCnkWRb5zget7Ond2tIxik/W2O8XjQ==
------END CERTIFICATE-----
- subject=/C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
- issuer= /C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
------BEGIN CERTIFICATE-----
-MIICMTCCAZoCBQKmAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
-FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMg
-UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
-Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
-biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
-Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LJ1
-9njQrlpQ9OlQqZ+M1++RlHDo0iSQdomF1t+s5gEXMoDwnZNHvJplnR+Xrr/phnVj
-IIm9gFidBAydqMEk6QvlMXi9/C0MN2qeeIDpRnX57aP7E3vIwUzSo+/1PLBij0pd
-O92VZ48TucE81qcmm+zDO3rZTbxtm+gVAePwR6kCAwEAATANBgkqhkiG9w0BAQIF
-AAOBgQBT3dPwnCR+QKri/AAa19oM/DJhuBUNlvP6Vxt/M3yv6ZiaYch6s7f/sdyZ
-g9ysEvxwyR84Qu1E9oAuW2szaayc01znX1oYx7EteQSWQZGZQbE8DbqEOcY7l/Am
-yY7uvcxClf8exwI/VAx49byqYHwCaejcrOICdmHEPgPq0ook0Q==
------END CERTIFICATE-----
diff --git a/lib/libssl/src/perl/ss.pl b/lib/libssl/src/perl/ss.pl
deleted file mode 100644
index f243a3af509..00000000000
--- a/lib/libssl/src/perl/ss.pl
+++ /dev/null
@@ -1,64 +0,0 @@
-#!/usr/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-$ssl_ctx=SSL::CTX->new("SSLv3_client");
-
-#$ssl_ctx->set_options("-info_callback" =>
-#	sub	{
-#		print STDERR $_[0]->state()."\n";
-#		}
-#	);
-
-$conn="localhost:4433";
-$conn=$ARGV[0] if $#ARGV >= 0;
-
-print $ssl_ctx."\n";
-$bio=BIO->new_buffer_ssl_connect($ssl_ctx);
-$bio->hostname($conn) || die $bio->error();
-
-#$bio->set_callback(
-#	sub	{
-#		my($bio,$state,$cmd,$buf,$lart,$ret)=@_;
-#		print STDERR "$state:$cmd\n";
-#		return($ret);
-#		}
-#	);
-
-#$b=$bio;
-#do	{
-#	print STDERR $b->type."\n";
-#	} while ($b=$b->next_bio);
-
-(($ret=$bio->syswrite("GET / HTTP/1.0\r\n\r\n")) > 0) || die $bio->error();
-$bio->flush;
-
-$data="";
-while (1)
-	{
-	$ret=$bio->getline;
-	$ret =~ s/[\r\n]//g;
-	print STDERR "$ret\n";
-	last if $ret eq "";
-	$server=$1 if $ret=~ /^Server: (.*)/;
-	}
-
-
-print "server is $server\n";
-$x509=$ssl->get_peer_certificate();
-print "version     :".$x509->get_version()."\n";
-print "serialNumber:".$x509->get_serialNumber()->bn2hex."\n";
-print "subject     :".$x509->get_subject_name()."\n";
-print "issuer      :". $x509->get_issuer_name()."\n";
-
-$c=$ssl->get_current_cipher;
-($i,$a)=$c->get_bits;
-$v=$c->get_version;
-$n=$c->get_name;
-
-$ssl=$bio->get_ssl();
-print "protocol=".$ssl->get_version."\n";
-print "bits=$i($a) cipher type=$v cipher=$n\n";
-
diff --git a/lib/libssl/src/perl/ssl.pl b/lib/libssl/src/perl/ssl.pl
deleted file mode 100644
index f9e983ed874..00000000000
--- a/lib/libssl/src/perl/ssl.pl
+++ /dev/null
@@ -1,71 +0,0 @@
-#!/usr/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-$ssl_ctx=SSL::CTX->new("SSLv3");
-
-$ssl_ctx->set_options("-info_callback" =>
-	sub	{
-		print STDERR $_[0]->state()."\n";
-		}
-	);
-
-$conn="localhost:4433";
-$conn=$ARGV[0] if $#ARGV >= 0;
-$bio=BIO->new("connect");
-$bio->hostname($conn) || die $ssl->error();
-
-#$bbio=BIO->new("buffer");
-#$bbio->push($cbio);
-#$bio=$bbio;
-
-#$bio->set_callback(
-#	sub	{
-#		my($bio,$state,$cmd,$buf,$lart,$ret)=@_;
-#		print STDERR "$state:$cmd\n";
-#		return($ret);
-#		}
-#	);
-
-print STDERR "-1 ABCD\n";
-$ssl=$ssl_ctx->new_ssl;
-print STDERR "000 ABCD\n";
-$ssl->set_bio($bio);
-
-print STDERR "00 ABCD\n";
-(($ret=$ssl->connect()) > 0) || die $ssl->error();
-
-print STDERR "0 ABCD\n";
-
-(($ret=$ssl->syswrite("GET / HTTP/1.0\r\n\r\n")) > 0) || die $ssl->error();
-
-print STDERR "1 ABCD\n";
-$data="";
-while (1)
-	{
-print STDERR "2 ABCD\n";
-	$ret=$ssl->sysread($buf,1024);
-print STDERR "3 ABCD\n";
-	last if $ret <= 0;
-	$data.=$buf;
-	}
-
-print STDERR "4 ABCD\n";
-@a=split(/[\r]\n/,$data);
-($server)=grep(/^Server:/,@a);
-
-print "$server\n";
-$x509=$ssl->get_peer_certificate();
-print "subject:".$x509->get_subject_name()."\n";
-print "issuer:". $x509->get_issuer_name()."\n";
-
-$c=$ssl->get_current_cipher;
-($i,$a)=$c->get_bits;
-$v=$c->get_version;
-$n=$c->get_name;
-
-print "protocol=".$ssl->get_version."\n";
-print "bits=$i($a) cipher type=$v cipher=$n\n";
-
diff --git a/lib/libssl/src/perl/ssl.txt b/lib/libssl/src/perl/ssl.txt
deleted file mode 100644
index 63c52a0e1d4..00000000000
--- a/lib/libssl/src/perl/ssl.txt
+++ /dev/null
@@ -1,43 +0,0 @@
-SSL_CTX::new(method)
-	SSLv3
-	SSLv3_client
-	SSLv3_server
-	SSLv23
-	SSLv23_client
-	SSLv23_server
-	SSLv2
-	SSLv2_client
-	SSLv2_server
-
-SSL_CTX::use_PrivateKey_file(file[,type])
-	type eq "der" or "pem".  Default == 'pem'.
-
-SSL_CTX::set_options(...)
-	-info_callback	function
-
-SSL::new(SSL_CTX)
-
-SSL::connect(); returns 0, -1 or 1
-SSL::accept(); return 0, -1 or 1
-SSL::sysread(); as per sysread
-SSL::syswrite(); as per syswrite
-SSL::set_bio(bio);
-
-SSL::set_options(...)
-	-info_callback function
-	-connect_state
-	-accept_state
-
-SSL::state(); the state in numeric and text form.
-SSL::references(); debug stuff
-SSL::get_peer_certificate()
-SSL::do_handshake()
-SSL::renegotiate()
-SSL::shutdown()
-SSL::get_version()
-
-SSL::get_current_cipher();
-
-(key,alg)=SSL_CIPHER::get_bits();
-SSL_CIPHER::get_version();
-SSL_CIPHER::get_name();
diff --git a/lib/libssl/src/perl/ssl_srvr.pl b/lib/libssl/src/perl/ssl_srvr.pl
deleted file mode 100644
index 653a2e7f03e..00000000000
--- a/lib/libssl/src/perl/ssl_srvr.pl
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/usr/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-$ssl_ctx=SSL::CTX->new("SSLv3");
-
-$ssl_ctx->set_options("-info_callback" =>
-	sub	{
-		print STDERR $_[0]->state()."\n";
-		}
-	);
-
-$ssl_ctx->use_PrivateKey_file("server.pem");
-
-$conn="localhost:4433";
-$conn=$ARGV[0] if $#ARGV >= 0;
-$bio=BIO->new("connect");
-$bio->hostname($conn) || die $ssl->error();
-
-$ssl=$ssl_ctx->new_ssl;
-$ssl->set_bio($bio);
-
-(($ret=$ssl->connect()) > 0) || die $ssl->error();
-
-(($ret=$ssl->write("GET / HTTP/1.0\r\n\r\n")) > 0) || die $ssl->error();
-
-while (1)
-	{
-	$ret=$ssl->read($buf,10240);
-	last if ($ret <= 0);
-	print $buf;
-	}
-
diff --git a/lib/libssl/src/perl/sslbio.pl b/lib/libssl/src/perl/sslbio.pl
deleted file mode 100644
index ca9daa36a1a..00000000000
--- a/lib/libssl/src/perl/sslbio.pl
+++ /dev/null
@@ -1,40 +0,0 @@
-#!/usr/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-$ssl_ctx=SSL::CTX->new("SSLv3");
-
-#$ssl_ctx->set_options("-info_callback" =>
-#	sub	{
-#		print STDOUT $_[0]->state()."\n";
-#		}
-#	);
-
-# create a ssl bio
-$bssl=BIO->new("ssl");
-$bssl->set_ssl($ssl_ctx->new_ssl()) || die $bssl->error();
-$bssl->get_ssl->set_options("-connect_state") || die $ssl->error();
-
-$bssl->set_callback(sub { printf "XXXXXXXXXXXXXXXXXXXXXX %d %s\n",$_[1],$_[0]->type; });
-
-# create connect bio
-$host="localhost:4433";
-$host=$ARGV[0] if $#ARGV >= 0;
-$bio=BIO->new("connect");
-$bio->hostname($host) || die $bio->error();
-
-# push it in
-$bssl->push($bio);
-
-(($ret=$bssl->write("GET / HTTP/1.0\r\n\r\n")) > 0) || die $bssl->error();
-
-while (1)
-	{
-	$ret=$bssl->read($buf,10240);
-	last if ($ret <= 0);
-	print $buf;
-	}
-
-
diff --git a/lib/libssl/src/perl/t.pl b/lib/libssl/src/perl/t.pl
deleted file mode 100644
index fbd9fb84907..00000000000
--- a/lib/libssl/src/perl/t.pl
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/usr/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-$a=SSLeay::BN::dec2bn("1231353465324563455");
-print "a=$a\n".$a->bn2dec."\n";
-$b=SSLeay::BN::dec2bn("98790816238765235");
-print "a=$a\nb=$b\n";
-print $a->gcd($b)."\n";
-
diff --git a/lib/libssl/src/perl/test b/lib/libssl/src/perl/test
deleted file mode 100644
index 3977c488650..00000000000
--- a/lib/libssl/src/perl/test
+++ /dev/null
@@ -1,32 +0,0 @@
-30373b8dbfc38d360bda81fad2fb462e  8  0  8 des-ecb
-a5f61a73a0894979d46c2481e9f27151  8  8  1 des-cfb
-a64a08dc69e79becccde95bed6239fca  8  8  1 des-ofb
-553d168193e54100524541f2c473b705  8  8  8 des-cbc
-bb75383e4aad6d83418dde16c6cea6f5 16  0  8 des-ede
-3ea71cd9a2e50d82d66b433e9471eeb2 16  8  1 des-ede-cfb
-3d56b76d43dc8d51647773bc9719a355 16  8  1 des-ede-ofb
-eafa89aae63167b9798639c0e31223b4 16  8  8 des-ede-cbc
-a952f8c409fb0df75a7df1aa54ba30b8 24  0  8 des-ede3
-0badccc43a14d8503d33f32a2345bbd2 24  8  1 des-ede3-cfb
-bae638c0e33850d02c792ed0e3d6b600 24  8  1 des-ede3-ofb
-ec4522bbefabf0198126683e661325e2 24  8  8 des-ede3-cbc
-4431f05d198d8afc003aeec85bea01b9 24  8  8 desx-cbc
-606af8d6f30c1fd9c647df5eb716ae0f 16  0  1 rc4
-4aaaf7e4bc3fd2caa6318a4852f636f4  5  0  1 rc4-40
-77e0851e8c96c4a1e26140d1ec822036 16  0  8 idea-ecb
-a28e51e283519fde0e128bcb697bc23e 16  8  1 idea-cfb
-17d0e70f07de6c08e9673d52987599ab 16  8  1 idea-ofb
-0687cf6ca11ee45f8bf9c29525405a4d 16  8  8 idea-cbc
-e2268681a63198fe38282b0a1bb6ed36 16  0  8 rc2-ecb
-f48748e6386790e639bbee4fccaa5067 16  8  8 rc2-cbc
-f250cfe829ef797d6866e32526ec4fe4  5  8  8 rc2-40-cbc
-a372f970b6c346341a2899bb872a7349 16  8  1 rc2-cfb
-d2da66102dea6b833f0fbf71e2cb4988 16  8  1 rc2-ofb
-237b0ef0e4f7fb28a5708d59773caecf 16  0  8 bf-ecb
-c58cf5da90472caf0f0b7fafb0590977 16  8  1 bf-cfb
-1f3e49e2e27f9ad177a6a64b09d361ed 16  8  1 bf-ofb
-66acaf2cb5f301580c59fa17d005b716 16  8  8 bf-cbc
-3548c9fe9fcd13f647ae177a15915af9 16  0  8 cast5-ecb
-e8d074ad8cc0d3d828da80ab18452f91 16  8  1 cast5-cfb
-5331eb4351c2048c27c8a8901fd29e20 16  8  1 cast5-ofb
-8033607fdb68598cc62c379af218eeeb 16  8  8 cast5-cbc
diff --git a/lib/libssl/src/perl/test.pl b/lib/libssl/src/perl/test.pl
deleted file mode 100644
index 52423ef620a..00000000000
--- a/lib/libssl/src/perl/test.pl
+++ /dev/null
@@ -1,30 +0,0 @@
-#!/usr/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-($a=SSLeay::BN::new()) || die "unable to make bignum\n";
-($b=SSLeay::BN::new()) || die "unable to make bignum\n";
-
-$a=SSLeay::BN::hex2bn("123456789ABCDEF");
-$b=SSLeay::BN::hex2bn("123456789ABCDEF");
-$mod=SSLeay::BN::hex2bn("fedcba9876543201");
-$c=SSLeay::BN::hex2bn("1234");
-
-print "a=".$a->bn2hex()."\n";
-print "b=".$b->bn2hex()."\n";
-print "c=".$c->bn2hex()."\n";
-
-print $a->mul($b)->bn2hex."\n";
-($d,$r)=$b->div($c);
-print "($d)($r)\n";
-printf "%s x %s + %s\n",$c->bn2hex,$d->bn2hex,$r->bn2hex;
-
-$g=$d;
-
-for (;;)
-	{
-	$a=$a->mod_mul($a,$mod);
-	print $a->bn2hex."\n";
-	}
diff --git a/lib/libssl/src/perl/test.txt b/lib/libssl/src/perl/test.txt
deleted file mode 100644
index ff37ffd09b0..00000000000
--- a/lib/libssl/src/perl/test.txt
+++ /dev/null
@@ -1,36 +0,0 @@
-30373b8dbfc38d360bda81fad2fb462e  8  0  8 des-ecb
-a5f61a73a0894979d46c2481e9f27151  8  8  1 des-cfb
-a64a08dc69e79becccde95bed6239fca  8  8  1 des-ofb
-553d168193e54100524541f2c473b705  8  8  8 des-cbc
-bb75383e4aad6d83418dde16c6cea6f5 16  0  8 des-ede
-3ea71cd9a2e50d82d66b433e9471eeb2 16  8  1 des-ede-cfb
-3d56b76d43dc8d51647773bc9719a355 16  8  1 des-ede-ofb
-eafa89aae63167b9798639c0e31223b4 16  8  8 des-ede-cbc
-a952f8c409fb0df75a7df1aa54ba30b8 24  0  8 des-ede3
-0badccc43a14d8503d33f32a2345bbd2 24  8  1 des-ede3-cfb
-bae638c0e33850d02c792ed0e3d6b600 24  8  1 des-ede3-ofb
-ec4522bbefabf0198126683e661325e2 24  8  8 des-ede3-cbc
-4431f05d198d8afc003aeec85bea01b9 24  8  8 desx-cbc
-606af8d6f30c1fd9c647df5eb716ae0f 16  0  1 rc4
-4aaaf7e4bc3fd2caa6318a4852f636f4  5  0  1 rc4-40
-77e0851e8c96c4a1e26140d1ec822036 16  0  8 idea-ecb
-a28e51e283519fde0e128bcb697bc23e 16  8  1 idea-cfb
-17d0e70f07de6c08e9673d52987599ab 16  8  1 idea-ofb
-0687cf6ca11ee45f8bf9c29525405a4d 16  8  8 idea-cbc
-e2268681a63198fe38282b0a1bb6ed36 16  0  8 rc2-ecb
-f48748e6386790e639bbee4fccaa5067 16  8  8 rc2-cbc
-f250cfe829ef797d6866e32526ec4fe4  5  8  8 rc2-40-cbc
-a372f970b6c346341a2899bb872a7349 16  8  1 rc2-cfb
-d2da66102dea6b833f0fbf71e2cb4988 16  8  1 rc2-ofb
-237b0ef0e4f7fb28a5708d59773caecf 16  0  8 bf-ecb
-c58cf5da90472caf0f0b7fafb0590977 16  8  1 bf-cfb
-1f3e49e2e27f9ad177a6a64b09d361ed 16  8  1 bf-ofb
-66acaf2cb5f301580c59fa17d005b716 16  8  8 bf-cbc
-3548c9fe9fcd13f647ae177a15915af9 16  0  8 cast5-ecb
-e8d074ad8cc0d3d828da80ab18452f91 16  8  1 cast5-cfb
-5331eb4351c2048c27c8a8901fd29e20 16  8  1 cast5-ofb
-8033607fdb68598cc62c379af218eeeb 16  8  8 cast5-cbc
-e3a6760eb5e79bf4063cf0791e99842d 16  0  8 rc5-ecb
-2f5eab0d0992dcce8615a5a60966391a 16  8  1 rc5-cfb
-c5893e49e73342db2957b83b70f23e27 16  8  1 rc5-ofb
-683ce60c8b7bf028ec0d3dc0f018a1a4 16  8  8 rc5-cbc
diff --git a/lib/libssl/src/perl/test2.pl b/lib/libssl/src/perl/test2.pl
deleted file mode 100644
index 2e1196c0723..00000000000
--- a/lib/libssl/src/perl/test2.pl
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/usr/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-@md=();
-($c=SSLeay::Cipher::new("idea")) ||
-	die "'des' is an unknown cipher algorithm\n";
-
-printf "name      =%s\n" ,$c->name();
-printf "key length=%2d\n",$c->key_length();
-printf "iv length =%2d\n",$c->iv_length();
-printf "block size=%2d\n",$c->block_size();
-
-$data="1234";
-$c->init("01234567","abcdefgh",1);
-$in=$c->update($data);
-$in.=$c->final();
-
-$c->init("01234567","abcdefgh",0);
-$out=$c->update($in);
-$out.=$c->final();
-print $data;
-print " -> ";
-print $out;
-print "\n";
-
diff --git a/lib/libssl/src/perl/test3.pl b/lib/libssl/src/perl/test3.pl
deleted file mode 100644
index 4102ab92971..00000000000
--- a/lib/libssl/src/perl/test3.pl
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/usr/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-@md=();
-($c=SSLeay::Cipher::new("idea")) ||
-	die "'des' is an unknown cipher algorithm\n";
-
-$key=" ";
-$iv=" ";
-$c->init($key,$iv,0);
-while (<>)
-	{
-	print $c->update($_);
-	}
-print $c->final();
-
diff --git a/lib/libssl/src/perl/test8.pl b/lib/libssl/src/perl/test8.pl
deleted file mode 100644
index c144f7f136e..00000000000
--- a/lib/libssl/src/perl/test8.pl
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/usr/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-# 2687145 * 3003 * 10^5072 - 1. 
-
-$a=SSLeay::BN::set_word(99);
-$b=SSLeay::BN::set_word(100);
-
-$aa=$a->dup;
-$bb=$b->dup;
-
-$c=$a*$b;
-$bb+=$a;
-
-print "$a*$b=$c\n";
-print "$bb\n";
diff --git a/lib/libssl/src/perl/test9.pl b/lib/libssl/src/perl/test9.pl
deleted file mode 100644
index cc710c310eb..00000000000
--- a/lib/libssl/src/perl/test9.pl
+++ /dev/null
@@ -1,38 +0,0 @@
-#!/usr/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-# 2687145 * 3003 * 10^5072 - 1. 
-
-$a=SSLeay::BN::set_word(2687145);
-$b=SSLeay::BN::set_word(3003);
-$c=SSLeay::BN::set_word(10);
-$d=SSLeay::BN::set_word(5072);
-$e=SSLeay::BN::set_word(1);
-
-print $a->bn2hex()."\n";
-print $b->bn2hex()."\n";
-print $c->bn2hex()."\n";
-print $d->bn2hex()."\n";
-print $e->bn2hex()."\n";
-
-$f=(($a->mul($b)->mul($c->exp($d)))->sub($e));
-#print "$a $b\n";
-
-$c=$a->mul($b);
-print "1->".$c->bn2hex()." \n";
-
-$c=$a*$b;
-print "2->".$c->bn2hex()." \n";
-$a*=$b;
-print "3->$a\n";
-
-print $f->bn2hex()." $a\n";
-print $a."\n";
-
-print "$a=(($b*$c)/$d);\n";
-$a=(($b*$c)/$d);
-print "$a\n";
-
diff --git a/lib/libssl/src/perl/testbn.pl b/lib/libssl/src/perl/testbn.pl
deleted file mode 100644
index 30624395637..00000000000
--- a/lib/libssl/src/perl/testbn.pl
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/usr/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-$num ="a43f6a8885a308d313198a2e03707344a4093822";
-$num.="299f31d0082efa98ec4e6c89452821e638d01377";
-$num.="be5466cf34e90c6cc0ac29b7c97c50dd3f84d5b5";
-$num.="b54709179216d5d98979fb1bd1310ba698dfb5ac";
-$num.="2ffd72dbd01adfb7b8e1afed6a267e96ba7c9045";
-$num.="f12c7f9924a19947b3916cf70801f2e2858efc16";
-$num.="636920d871574e69a458fea3f4933d7e0d95748f";
-$num.="728eb658718bcd5882154aee7b54a41dc25a59b5";
-$num.="9c30d5392af26013c5d1b023286085f0ca417918";
-$num.="b8db38ef8e79dcb0603a180e6c9e0e8bb01e8a3e";
-$num.="d71577c1bd314b2778af2fda55605c60e65525f3";
-$num.="aa55ab945748986263e8144055ca396a2aab10b6";
-$num.="b4cc5c341141e8cea15486af7c8f14a7";
-
-$a=SSLeay::BN::hex2bn($num);
-print "num bits =".$a->num_bits."\n";
-print $a->is_prime(50,sub {print STDERR $_[0]?"+":"."})."\n";
diff --git a/lib/libssl/src/perl/testdec.pl b/lib/libssl/src/perl/testdec.pl
deleted file mode 100644
index 0dce3f8e794..00000000000
--- a/lib/libssl/src/perl/testdec.pl
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/usr/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-$a=SSLeay::BN::dec2bn("1234");
-
-foreach (1..4)
-	{
-	$a*=$a;
-	print $a."\n",$a->bn2dec()."\n";
-	}
-
diff --git a/lib/libssl/src/perl/testmd.pl b/lib/libssl/src/perl/testmd.pl
deleted file mode 100644
index 6549166c8a6..00000000000
--- a/lib/libssl/src/perl/testmd.pl
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/usr/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-@md=();
-foreach ("md2", "md5", "sha", "sha1", "mdc2", "ripemd160")
-	{
-	($f=MD->new($_)) ||
-		die "$_ is an unknown message digest algorithm\n";
-	push(@md,$f);
-	}
-
-while (<>)
-	{
-	foreach $md (@md)
-		{ $md->update($_); }
-	}
-
-foreach (@md)
-	{
-	$digest=$_->final();
-	printf "%-4s=%s\n",$_->name(),unpack("H*",$digest);
-	}
-
diff --git a/lib/libssl/src/perl/tt.pl b/lib/libssl/src/perl/tt.pl
deleted file mode 100644
index 80ec88b2a83..00000000000
--- a/lib/libssl/src/perl/tt.pl
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/usr/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-for ($i=1; $i<1000; $i++)
-	{
-	$a.=$i%10;
-	$y=SSLeay::BN::dec2bn($a);
-	$z=SSLeay::BN::bn2dec($y);
-
-	print "$a\n$y\n$z\n";
-	}
-
diff --git a/lib/libssl/src/perl/typemap b/lib/libssl/src/perl/typemap
index 5226fbc3699..f67b598adf1 100644
--- a/lib/libssl/src/perl/typemap
+++ b/lib/libssl/src/perl/typemap
@@ -14,83 +14,83 @@ INPUT
 T_DATUM
 	$var.dptr=SvPV($arg,$var.dsize);
 T_MD_CTX
-	if (sv_derived_from($arg, \"SSLeay::MD\")) {
+	if (sv_derived_from($arg, \"OpenSSL::MD\")) {
 		IV tmp = SvIV((SV*)SvRV($arg));
 		$var = (EVP_MD_CTX *) tmp;
 		}
 	else
-		croak(\"$var is not of type SSLeay::MD\")
+		croak(\"$var is not of type OpenSSL::MD\")
 T_CIPHER_CTX
-	if (sv_derived_from($arg, \"SSLeay::Cipher\")) {
+	if (sv_derived_from($arg, \"OpenSSL::Cipher\")) {
 		IV tmp = SvIV((SV*)SvRV($arg));
 		$var = (EVP_CIPHER_CTX *) tmp;
 		}
 	else
-		croak(\"$var is not of type SSLeay::Cipher\")
+		croak(\"$var is not of type OpenSSL::Cipher\")
 T_BIGNUM
-	sv_to_BIGNUM(&($var),$arg,\"$var is not of type SSLeay::MD, int or string\")
+	sv_to_BIGNUM(&($var),$arg,\"$var is not of type OpenSSL::MD, int or string\")
 T_SSL_METHOD
-	if (sv_derived_from($arg, \"SSLeay::SSL::METHOD\")) {
+	if (sv_derived_from($arg, \"OpenSSL::SSL::METHOD\")) {
 		IV tmp = SvIV((SV*)SvRV($arg));
 		$var = (SSL_METHOD *) tmp;
 		}
 	else
-		croak(\"$var is not of type SSLeay::SSL::METHOD\")
+		croak(\"$var is not of type OpenSSL::SSL::METHOD\")
 T_SSL_CTX
-	if (sv_derived_from($arg, \"SSLeay::SSL::CTX\")) {
+	if (sv_derived_from($arg, \"OpenSSL::SSL::CTX\")) {
 		IV tmp = SvIV((SV*)SvRV($arg));
 		$var = (SSL_CTX *) tmp;
 		}
 	else
-		croak(\"$var is not of type SSLeay::SSL::CTX\")
+		croak(\"$var is not of type OpenSSL::SSL::CTX\")
 T_SSL_CIPHER
-	if (sv_derived_from($arg, \"SSLeay::SSL::CIPHER\")) {
+	if (sv_derived_from($arg, \"OpenSSL::SSL::CIPHER\")) {
 		IV tmp = SvIV((SV*)SvRV($arg));
 		$var = (SSL_CIPHER *) tmp;
 		}
 	else
-		croak(\"$var is not of type SSLeay::SSL::CIPHER\")
+		croak(\"$var is not of type OpenSSL::SSL::CIPHER\")
 T_SSL
-	if (sv_derived_from($arg, \"SSLeay::SSL\")) {
+	if (sv_derived_from($arg, \"OpenSSL::SSL\")) {
 		IV tmp = SvIV((SV*)SvRV($arg));
 		$var = (SSL *) tmp;
 		}
 	else
-		croak(\"$var is not of type SSLeay::SSL\")
+		croak(\"$var is not of type OpenSSL::SSL\")
 T_BIO
-	if (sv_derived_from($arg, \"SSLeay::BIO\")) {
+	if (sv_derived_from($arg, \"OpenSSL::BIO\")) {
 		IV tmp = SvIV((SV*)SvRV($arg));
 		$var = (BIO *) tmp;
 		}
 	else
-		croak(\"$var is not of type SSLeay::BIO\")
+		croak(\"$var is not of type OpenSSL::BIO\")
 T_X509
-	if (sv_derived_from($arg, \"SSLeay::X509\")) {
+	if (sv_derived_from($arg, \"OpenSSL::X509\")) {
 		IV tmp = SvIV((SV*)SvRV($arg));
 		$var = (X509 *) tmp;
 		}
 	else
-		croak(\"$var is not of type SSLeay::X509\")
+		croak(\"$var is not of type OpenSSL::X509\")
 OUTPUT
 T_DATUM
 	sv_setpvn($arg,$var.dptr,$var.dsize);
 T_MD_CTX
-	sv_setref_pv($arg, \"SSLeay::MD\", (void*)$var);
+	sv_setref_pv($arg, \"OpenSSL::MD\", (void*)$var);
 T_CIPHER_CTX
-	sv_setref_pv($arg, \"SSLeay::Cipher\", (void*)$var);
+	sv_setref_pv($arg, \"OpenSSL::Cipher\", (void*)$var);
 T_BIGNUM
-	sv_setref_pv($arg, \"SSLeay::BN\", (void*)$var);
+	sv_setref_pv($arg, \"OpenSSL::BN\", (void*)$var);
 T_SSL_METHOD
-	sv_setref_pv($arg, \"SSLeay::SSL::METHOD\", (void*)$var);
+	sv_setref_pv($arg, \"OpenSSL::SSL::METHOD\", (void*)$var);
 T_SSL_CTX
-	sv_setref_pv($arg, \"SSLeay::SSL::CTX\", (void*)$var);
+	sv_setref_pv($arg, \"OpenSSL::SSL::CTX\", (void*)$var);
 T_SSL_CIPHER
-	sv_setref_pv($arg, \"SSLeay::SSL::CIPHER\", (void*)$var);
+	sv_setref_pv($arg, \"OpenSSL::SSL::CIPHER\", (void*)$var);
 T_SSL
-	sv_setref_pv($arg, \"SSLeay::SSL\", (void*)$var);
+	sv_setref_pv($arg, \"OpenSSL::SSL\", (void*)$var);
 T_BIO
-	sv_setref_pv($arg, \"SSLeay::BIO\", (void*)$var);
+	sv_setref_pv($arg, \"OpenSSL::BIO\", (void*)$var);
 T_X509
-	sv_setref_pv($arg, \"SSLeay::X509\", (void*)$var);
+	sv_setref_pv($arg, \"OpenSSL::X509\", (void*)$var);
 
 
diff --git a/lib/libssl/src/perl/x509.txt b/lib/libssl/src/perl/x509.txt
deleted file mode 100644
index 8468eff512a..00000000000
--- a/lib/libssl/src/perl/x509.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-X509::new()
-
-X509::get_verson()
-X509::get_serial_number()
-X509::get_subject_name()
-X509::get_issuer_name()
diff --git a/lib/libssl/src/perl/xstmp.c b/lib/libssl/src/perl/xstmp.c
deleted file mode 100644
index aa189590178..00000000000
--- a/lib/libssl/src/perl/xstmp.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/* perl/xstmp.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/*
- * This file was generated automatically by xsubpp version 1.9402 from the 
- * contents of SSLeay.xs. Do not edit this file, edit SSLeay.xs instead.
- *
- *	ANY CHANGES MADE HERE WILL BE LOST! 
- *
- */
-
-#line 1 "SSLeay.xs"
-#ifdef __cplusplus
-extern "C" {
-#endif
-#include "EXTERN.h"
-#include "perl.h"
-#include "XSUB.h"
-#ifdef __cplusplus
-}
-#endif
-
-typedef struct datum_st
-	{
-	char *dptr;
-	int dsize;
-	} datum;
-
-#include "crypto.h"
-#include "buffer.h"
-#include "bio.h"
-#include "evp.h"
-#include "err.h"
-#include "x509.h"
-#include "ssl.h"
-
-#if 0
-#define pr_name(name)		printf("%s\n",name)
-#define pr_name_d(name,p2)	printf("%s %d\n",name,p2)
-#define pr_name_dd(name,p2,p3)	printf("%s %d %d\n",name,p2,p3)
-#else
-#define pr_name(name)
-#define pr_name_d(name,p2)
-#define pr_name_dd(name,p2,p3)
-#endif
-
-#include "callback.c"
-
diff --git a/lib/libssl/src/perl/y.pl b/lib/libssl/src/perl/y.pl
deleted file mode 100644
index fe608a67248..00000000000
--- a/lib/libssl/src/perl/y.pl
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/usr/bin/perl
-use ExtUtils::testlib;
-use SSLeay;
-
-$message=SSLeay::BN::dec2bn("936345681743241125150760694794510965960940252288797108931456691368672287489405603308617928680920874760917824938589009714909675985261365549781893129784821682998948722");
-
-print $message->bn2hex."\n";
diff --git a/lib/libssl/src/perl/yy.pl b/lib/libssl/src/perl/yy.pl
deleted file mode 100644
index 2e00edb3e92..00000000000
--- a/lib/libssl/src/perl/yy.pl
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/usr/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-$a=SSLeay::BN::new();
-
-$a+="1234567";
-
-print $a->bn2hex()."\n";
-
-
-for (1 .. 20)
-	{
-	$a*=$a;
-	$b=$a->bn2hex();
-	print " ".$b."\n".length($b)."\n";
-	}
diff --git a/lib/libssl/src/perl/z.pl b/lib/libssl/src/perl/z.pl
deleted file mode 100644
index 7e2d5285ccd..00000000000
--- a/lib/libssl/src/perl/z.pl
+++ /dev/null
@@ -1,32 +0,0 @@
-#!/usr/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-use Benchmark;
-
-$buf=('x' x (1024*1024));
-$buf=('x' x (1024*1024));
-
-@md=();
-foreach $name ("md2", "mdc2", "sha", "ripemd160", "sha1", "md5")
-	{
-	if (($name eq "md2") || ($name eq "mdc2"))
-		{ $num=5; }
-	else	{ $num=100; }
-
-	$t=timeit($num,'&hash($name)');
-	printf "%6d000 bytes/sec:$name\n",int(($num*1024*1024)/$t->[1]/1000);
-	}
-
-sub hash
-	{
-	my($name)=@_;
-	my($f,$digest);
-
-	($f=MD->new($name)) ||
-		die "$_ is an unknown message digest algorithm\n";
-	$f->update($buf);
-	$digest=$f->final();
-	}
-
diff --git a/lib/libssl/src/perl/zz.pl b/lib/libssl/src/perl/zz.pl
deleted file mode 100644
index 38866c92274..00000000000
--- a/lib/libssl/src/perl/zz.pl
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/usr/bin/perl
-use ExtUtils::testlib;
-use SSLeay;
-
-$a=SSLeay::BN::dec2bn("12345678901234567890");
-$b=SSLeay::BN::dec2bn("98765432109876543210");
-print "a=$a\n";
-print "b=$b\n";
-
-$n=$a*$b;
-$m=$n+"1223123235345634764534567889";
-$l=$m*88888888;
-
-$r=$l/$b;
-
-print "a=$a\n";
-print "b=$b\n";
-print "n=$n\n";
-print "m=$m\n";
-print "l=$l\n";
-print "r=$r\n";
-
diff --git a/lib/libssl/src/shlib/linux.sh b/lib/libssl/src/shlib/linux.sh
deleted file mode 100644
index f80292d90c5..00000000000
--- a/lib/libssl/src/shlib/linux.sh
+++ /dev/null
@@ -1,76 +0,0 @@
-#!/bin/sh
-
-echo "#define DATE      \"`date`\"" >crypto/date.h
-
-major="0"
-minor="8.2"
-slib=libssl
-clib=libcrypto
-CC=gcc
-CPP='gcc -E'
-AS=as
-FLAGS='-DX86_ASM -DTERMIO -O3 -DL_ENDIAN -fomit-frame-pointer -m486 -Wall'
-#FLAGS='-DTERMIO -g2 -ggdb -DL_ENDIAN -m486 -Wall -DREF_CHECK -DCRYPTO_MDEBUG'
-INCLUDE='-Iinclude -Icrypto -Issl'
-SHFLAGS='-DPIC -fpic'
-
-CFLAGS="$FLAGS $INCLUDE $SHFLAGS"
-ASM_OBJ="";
-
-echo compiling bignum assember
-$CPP -DELF crypto/bn/asm/bn86unix.cpp | $AS -o bn_asm.o
-CFLAGS="$CFLAGS -DBN_ASM -DX86_ASM"
-ASM_OBJ="$ASM_OBJ bn_asm.o"
-
-echo compiling des assember
-$CPP -DELF crypto/des/asm/dx86unix.cpp | $AS -o des_enc.o
-$CPP -DELF crypto/des/asm/yx86unix.cpp | $AS -o fcrypt-b.o
-CFLAGS="$CFLAGS -DDES_ASM"
-ASM_OBJ="$ASM_OBJ des_enc.o fcrypt-b.o"
-
-echo compiling blowfish assember
-$CPP -DELF crypto/bf/asm/bx86unix.cpp | $AS -o bf_enc.o
-CFLAGS="$CFLAGS -DBF_ASM"
-ASM_OBJ="$ASM_OBJ bf_enc.o"
-
-echo compiling cast assember
-$CPP -DELF crypto/cast/asm/cx86unix.cpp | $AS -o cast_enc.o
-CFLAGS="$CFLAGS -DCAST_ASM"
-ASM_OBJ="$ASM_OBJ cast_enc.o"
-
-echo compiling rc4 assember
-$CPP -DELF crypto/rc4/asm/rx86unix.cpp | $AS -o rc4_enc.o
-CFLAGS="$CFLAGS -DRC4_ASM"
-ASM_OBJ="$ASM_OBJ rc4_enc.o"
-
-echo compiling md5 assember
-$CPP -DELF crypto/md5/asm/mx86unix.cpp | $AS -o md5_enc.o
-CFLAGS="$CFLAGS -DMD5_ASM"
-ASM_OBJ="$ASM_OBJ md5_enc.o"
-
-echo compiling sha1 assember
-$CPP -DELF crypto/sha/asm/sx86unix.cpp | $AS -o sha1_enc.o
-CFLAGS="$CFLAGS -DSHA1_ASM"
-ASM_OBJ="$ASM_OBJ sha1_enc.o"
-
-echo compiling $clib
-$CC -c $CFLAGS -DCFLAGS="\"$FLAGS\"" -o crypto.o crypto/crypto.c
-
-echo linking $clib.so
-gcc $CFLAGS -shared -Wl,-soname,$clib.so.$major -o $clib.so.$major.$minor crypto.o $ASM_OBJ
-/bin/rm -f $clib.so $clib.so.$major
-ln -s $clib.so.$major.$minor $clib.so
-ln -s $clib.so.$major.$minor $clib.so.$major
-
-echo compiling $slib.so
-$CC -c $CFLAGS -o ssl.o ssl/ssl.c
-
-echo building $slib.so
-gcc $CFLAGS -shared -Wl,-soname,$slib.so.$major -o $slib.so.$major.$minor ssl.o
-/bin/rm -f $slib.so $slib.so.$major
-ln -s $slib.so.$major.$minor $slib.so
-ln -s $slib.so.$major.$minor $slib.so.$major
-
-echo building ssleay executable
-gcc $CFLAGS -o ssleay apps/eay.c -L. -lssl -lcrypto
-
diff --git a/lib/libssl/src/shlib/solaris-sc4.sh b/lib/libssl/src/shlib/solaris-sc4.sh
new file mode 100644
index 00000000000..b0766b35f7c
--- /dev/null
+++ b/lib/libssl/src/shlib/solaris-sc4.sh
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+major="1"
+
+slib=libssl
+sh_slib=$slib.so.$major
+
+clib=libcrypto
+sh_clib=$clib.so.$major
+
+echo collecting all object files for $clib.so
+OBJS=
+find . -name \*.o -print > allobjs
+for obj in `ar t libcrypto.a`
+do
+	OBJS="$OBJS `grep $obj allobjs`"
+done
+
+echo linking $clib.so
+cc -G -o $sh_clib -h $sh_clib $OBJS -lnsl -lsocket
+
+rm -f $clib.so
+ln -s $sh_clib $clib.so
+
+echo collecting all object files for $slib.so
+OBJS=
+for obj in `ar t libssl.a`
+do
+	OBJS="$OBJS `grep $obj allobjs`"
+done
+
+echo linking $slib.so
+cc -G -o $sh_slib -h $sh_slib $OBJS -L. -lcrypto
+	
+rm -f $slib.so
+ln -s $sh_slib $slib.so
+
+rm -f allobjs
+
+mv libRSAglue.a libRSAglue.a.orig
+mv libcrypto.a  libcrypto.a.orig
+mv libssl.a     libssl.a.orig 
diff --git a/lib/libssl/src/ssl/Makefile.ssl b/lib/libssl/src/ssl/Makefile.ssl
index f4b13bf83b8..7f9c6ead8a8 100644
--- a/lib/libssl/src/ssl/Makefile.ssl
+++ b/lib/libssl/src/ssl/Makefile.ssl
@@ -7,17 +7,17 @@ TOP=	..
 CC=	cc
 INCLUDES= -I../crypto -I../include
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
-ERR=ssl
-ERRC=ssl_err
-GENERAL=Makefile README
+GENERAL=Makefile README ssl-lib.com install.com
 TEST=ssltest.c
 APPS=
 
@@ -30,7 +30,7 @@ LIBSRC=	\
 	ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \
 	ssl_ciph.c ssl_stat.c ssl_rsa.c \
 	ssl_asn1.c ssl_txt.c ssl_algs.c \
-	bio_ssl.c $(ERRC).c
+	bio_ssl.c ssl_err.c
 LIBOBJ= \
 	s2_meth.o  s2_srvr.o  s2_clnt.o  s2_lib.o  s2_enc.o s2_pkt.o \
 	s3_meth.o  s3_srvr.o  s3_clnt.o  s3_lib.o  s3_enc.o s3_pkt.o s3_both.o \
@@ -39,7 +39,7 @@ LIBOBJ= \
 	ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \
 	ssl_ciph.o ssl_stat.o ssl_rsa.o \
 	ssl_asn1.o ssl_txt.o ssl_algs.o \
-	bio_ssl.o $(ERRC).o
+	bio_ssl.o ssl_err.o
 
 SRC= $(LIBSRC)
 
@@ -55,24 +55,23 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB)
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../test $(TEST)
-	$(TOP)/util/mklink.sh ../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -84,17 +83,746 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
-	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../crypto/err/err_genc.pl -s $(ERR).h $(ERRC).c
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+bio_ssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+bio_ssl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+bio_ssl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+bio_ssl.o: ../include/openssl/crypto.h ../include/openssl/des.h
+bio_ssl.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+bio_ssl.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+bio_ssl.o: ../include/openssl/evp.h ../include/openssl/idea.h
+bio_ssl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+bio_ssl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+bio_ssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+bio_ssl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+bio_ssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+bio_ssl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+bio_ssl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+bio_ssl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+bio_ssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+bio_ssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+bio_ssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+bio_ssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+bio_ssl.o: ../include/openssl/x509_vfy.h
+s23_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s23_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s23_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s23_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s23_clnt.o: ../include/openssl/des.h ../include/openssl/dh.h
+s23_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+s23_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s23_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s23_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s23_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s23_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s23_clnt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s23_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s23_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+s23_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s23_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s23_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s23_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s23_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s23_clnt.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+s23_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+s23_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s23_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s23_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s23_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s23_lib.o: ../include/openssl/des.h ../include/openssl/dh.h
+s23_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+s23_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s23_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s23_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s23_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s23_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s23_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s23_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s23_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s23_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s23_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s23_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s23_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s23_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s23_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s23_lib.o: ../include/openssl/x509_vfy.h ssl_locl.h
+s23_meth.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s23_meth.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s23_meth.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s23_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s23_meth.o: ../include/openssl/des.h ../include/openssl/dh.h
+s23_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+s23_meth.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s23_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s23_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s23_meth.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s23_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s23_meth.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s23_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s23_meth.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s23_meth.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s23_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s23_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s23_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s23_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s23_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s23_meth.o: ../include/openssl/x509_vfy.h ssl_locl.h
+s23_pkt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s23_pkt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s23_pkt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s23_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s23_pkt.o: ../include/openssl/des.h ../include/openssl/dh.h
+s23_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+s23_pkt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s23_pkt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s23_pkt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s23_pkt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s23_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s23_pkt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s23_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s23_pkt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s23_pkt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s23_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s23_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s23_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s23_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s23_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s23_pkt.o: ../include/openssl/x509_vfy.h ssl_locl.h
+s23_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s23_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s23_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s23_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s23_srvr.o: ../include/openssl/des.h ../include/openssl/dh.h
+s23_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+s23_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s23_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s23_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s23_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s23_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s23_srvr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s23_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s23_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+s23_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s23_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s23_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s23_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s23_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s23_srvr.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+s23_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+s2_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s2_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s2_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s2_clnt.o: ../include/openssl/des.h ../include/openssl/dh.h
+s2_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+s2_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s2_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s2_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s2_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s2_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s2_clnt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s2_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s2_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+s2_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s2_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s2_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s2_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s2_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s2_clnt.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+s2_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+s2_enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s2_enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s2_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s2_enc.o: ../include/openssl/des.h ../include/openssl/dh.h
+s2_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+s2_enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s2_enc.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s2_enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s2_enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s2_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s2_enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s2_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s2_enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s2_enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s2_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s2_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s2_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s2_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s2_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s2_enc.o: ../include/openssl/x509_vfy.h ssl_locl.h
+s2_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s2_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s2_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s2_lib.o: ../include/openssl/des.h ../include/openssl/dh.h
+s2_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+s2_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s2_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s2_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s2_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s2_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s2_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s2_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s2_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s2_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s2_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s2_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s2_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s2_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s2_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s2_lib.o: ../include/openssl/x509_vfy.h ssl_locl.h
+s2_meth.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_meth.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s2_meth.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s2_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s2_meth.o: ../include/openssl/des.h ../include/openssl/dh.h
+s2_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+s2_meth.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s2_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s2_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s2_meth.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s2_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s2_meth.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s2_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s2_meth.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s2_meth.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s2_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s2_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s2_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s2_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s2_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s2_meth.o: ../include/openssl/x509_vfy.h ssl_locl.h
+s2_pkt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_pkt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s2_pkt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s2_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s2_pkt.o: ../include/openssl/des.h ../include/openssl/dh.h
+s2_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+s2_pkt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s2_pkt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s2_pkt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s2_pkt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s2_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s2_pkt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s2_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s2_pkt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s2_pkt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s2_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s2_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s2_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s2_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s2_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s2_pkt.o: ../include/openssl/x509_vfy.h ssl_locl.h
+s2_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s2_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s2_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s2_srvr.o: ../include/openssl/des.h ../include/openssl/dh.h
+s2_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+s2_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s2_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s2_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s2_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s2_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s2_srvr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s2_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s2_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+s2_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s2_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s2_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s2_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s2_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s2_srvr.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+s2_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+s3_both.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s3_both.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s3_both.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s3_both.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s3_both.o: ../include/openssl/des.h ../include/openssl/dh.h
+s3_both.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+s3_both.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s3_both.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s3_both.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s3_both.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s3_both.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s3_both.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s3_both.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s3_both.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+s3_both.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s3_both.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s3_both.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s3_both.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s3_both.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s3_both.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+s3_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+s3_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s3_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s3_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s3_clnt.o: ../include/openssl/des.h ../include/openssl/dh.h
+s3_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+s3_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s3_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s3_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s3_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s3_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s3_clnt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s3_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s3_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+s3_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s3_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s3_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s3_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s3_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s3_clnt.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+s3_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+s3_enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s3_enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s3_enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s3_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s3_enc.o: ../include/openssl/des.h ../include/openssl/dh.h
+s3_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+s3_enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s3_enc.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s3_enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s3_enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s3_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s3_enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s3_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s3_enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s3_enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s3_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s3_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s3_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s3_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s3_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s3_enc.o: ../include/openssl/x509_vfy.h ssl_locl.h
+s3_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s3_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s3_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s3_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s3_lib.o: ../include/openssl/des.h ../include/openssl/dh.h
+s3_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+s3_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s3_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s3_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s3_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s3_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s3_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s3_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s3_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s3_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s3_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s3_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s3_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s3_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s3_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s3_lib.o: ../include/openssl/x509_vfy.h ssl_locl.h
+s3_meth.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s3_meth.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s3_meth.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s3_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s3_meth.o: ../include/openssl/des.h ../include/openssl/dh.h
+s3_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+s3_meth.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s3_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s3_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s3_meth.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s3_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s3_meth.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s3_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s3_meth.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s3_meth.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s3_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s3_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s3_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s3_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s3_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s3_meth.o: ../include/openssl/x509_vfy.h ssl_locl.h
+s3_pkt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s3_pkt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s3_pkt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s3_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s3_pkt.o: ../include/openssl/des.h ../include/openssl/dh.h
+s3_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+s3_pkt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s3_pkt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s3_pkt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s3_pkt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s3_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s3_pkt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s3_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s3_pkt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s3_pkt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s3_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s3_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s3_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s3_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s3_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s3_pkt.o: ../include/openssl/x509_vfy.h ssl_locl.h
+s3_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s3_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s3_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s3_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s3_srvr.o: ../include/openssl/des.h ../include/openssl/dh.h
+s3_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+s3_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s3_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s3_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s3_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s3_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s3_srvr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s3_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s3_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+s3_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s3_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s3_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s3_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s3_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s3_srvr.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+s3_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_algs.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ssl_algs.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ssl_algs.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ssl_algs.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_algs.o: ../include/openssl/des.h ../include/openssl/dh.h
+ssl_algs.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+ssl_algs.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ssl_algs.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_algs.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_algs.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_algs.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_algs.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+ssl_algs.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_algs.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ssl_algs.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ssl_algs.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_algs.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_algs.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_algs.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_algs.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ssl_algs.o: ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_asn1.o: ../include/openssl/asn1.h ../include/openssl/asn1_mac.h
+ssl_asn1.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ssl_asn1.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_asn1.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ssl_asn1.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssl_asn1.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ssl_asn1.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+ssl_asn1.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_asn1.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+ssl_asn1.o: ../include/openssl/md2.h ../include/openssl/md5.h
+ssl_asn1.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+ssl_asn1.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_asn1.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssl_asn1.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ssl_asn1.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ssl_asn1.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ssl_asn1.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_asn1.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl_asn1.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssl_asn1.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+ssl_asn1.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_cert.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ssl_cert.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ssl_cert.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ssl_cert.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_cert.o: ../include/openssl/des.h ../include/openssl/dh.h
+ssl_cert.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+ssl_cert.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ssl_cert.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_cert.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_cert.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_cert.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_cert.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+ssl_cert.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_cert.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ssl_cert.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ssl_cert.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_cert.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_cert.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_cert.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_cert.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ssl_cert.o: ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_ciph.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ssl_ciph.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ssl_ciph.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ssl_ciph.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_ciph.o: ../include/openssl/des.h ../include/openssl/dh.h
+ssl_ciph.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+ssl_ciph.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ssl_ciph.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_ciph.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_ciph.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_ciph.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_ciph.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+ssl_ciph.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_ciph.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ssl_ciph.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ssl_ciph.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_ciph.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_ciph.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_ciph.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_ciph.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ssl_ciph.o: ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_err.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ssl_err.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ssl_err.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ssl_err.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssl_err.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ssl_err.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ssl_err.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_err.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_err.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_err.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_err.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+ssl_err.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_err.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ssl_err.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ssl_err.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_err.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_err.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_err.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_err.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ssl_err.o: ../include/openssl/x509_vfy.h
+ssl_err2.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ssl_err2.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ssl_err2.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ssl_err2.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssl_err2.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ssl_err2.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ssl_err2.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_err2.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_err2.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_err2.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_err2.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+ssl_err2.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_err2.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ssl_err2.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ssl_err2.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_err2.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_err2.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_err2.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_err2.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ssl_err2.o: ../include/openssl/x509_vfy.h
+ssl_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ssl_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ssl_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ssl_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_lib.o: ../include/openssl/des.h ../include/openssl/dh.h
+ssl_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+ssl_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ssl_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+ssl_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ssl_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ssl_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ssl_lib.o: ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_rsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ssl_rsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ssl_rsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ssl_rsa.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_rsa.o: ../include/openssl/des.h ../include/openssl/dh.h
+ssl_rsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+ssl_rsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ssl_rsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_rsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_rsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_rsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+ssl_rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_rsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ssl_rsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ssl_rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_rsa.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_rsa.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_rsa.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_rsa.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ssl_rsa.o: ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_sess.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ssl_sess.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ssl_sess.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ssl_sess.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_sess.o: ../include/openssl/des.h ../include/openssl/dh.h
+ssl_sess.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+ssl_sess.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ssl_sess.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_sess.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_sess.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_sess.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_sess.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+ssl_sess.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_sess.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+ssl_sess.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ssl_sess.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ssl_sess.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_sess.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl_sess.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssl_sess.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+ssl_sess.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_stat.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ssl_stat.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ssl_stat.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ssl_stat.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_stat.o: ../include/openssl/des.h ../include/openssl/dh.h
+ssl_stat.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+ssl_stat.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ssl_stat.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_stat.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_stat.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_stat.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_stat.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+ssl_stat.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_stat.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ssl_stat.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ssl_stat.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_stat.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_stat.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_stat.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_stat.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ssl_stat.o: ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_txt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ssl_txt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ssl_txt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ssl_txt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_txt.o: ../include/openssl/des.h ../include/openssl/dh.h
+ssl_txt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+ssl_txt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ssl_txt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_txt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_txt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_txt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_txt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+ssl_txt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_txt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ssl_txt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ssl_txt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_txt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_txt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_txt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_txt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ssl_txt.o: ../include/openssl/x509_vfy.h ssl_locl.h
+t1_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+t1_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+t1_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+t1_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+t1_clnt.o: ../include/openssl/des.h ../include/openssl/dh.h
+t1_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+t1_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+t1_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+t1_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+t1_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+t1_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+t1_clnt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+t1_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+t1_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+t1_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+t1_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+t1_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+t1_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+t1_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+t1_clnt.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+t1_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+t1_enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+t1_enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+t1_enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+t1_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+t1_enc.o: ../include/openssl/des.h ../include/openssl/dh.h
+t1_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+t1_enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+t1_enc.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+t1_enc.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+t1_enc.o: ../include/openssl/md2.h ../include/openssl/md5.h
+t1_enc.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+t1_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+t1_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+t1_enc.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+t1_enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+t1_enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+t1_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+t1_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+t1_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+t1_enc.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+t1_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+t1_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+t1_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+t1_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+t1_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+t1_lib.o: ../include/openssl/des.h ../include/openssl/dh.h
+t1_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+t1_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+t1_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
+t1_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+t1_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+t1_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+t1_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+t1_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+t1_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+t1_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+t1_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+t1_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+t1_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+t1_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+t1_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+t1_lib.o: ../include/openssl/x509_vfy.h ssl_locl.h
+t1_meth.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+t1_meth.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+t1_meth.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+t1_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+t1_meth.o: ../include/openssl/des.h ../include/openssl/dh.h
+t1_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+t1_meth.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+t1_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h
+t1_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+t1_meth.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+t1_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+t1_meth.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+t1_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+t1_meth.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+t1_meth.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+t1_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+t1_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+t1_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+t1_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+t1_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+t1_meth.o: ../include/openssl/x509_vfy.h ssl_locl.h
+t1_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+t1_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+t1_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+t1_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+t1_srvr.o: ../include/openssl/des.h ../include/openssl/dh.h
+t1_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+t1_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+t1_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
+t1_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+t1_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+t1_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+t1_srvr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+t1_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+t1_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+t1_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+t1_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+t1_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+t1_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+t1_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+t1_srvr.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+t1_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
diff --git a/lib/libssl/src/ssl/bio_ssl.c b/lib/libssl/src/ssl/bio_ssl.c
index 58a6d69b9ba..f62cde4e5d5 100644
--- a/lib/libssl/src/ssl/bio_ssl.c
+++ b/lib/libssl/src/ssl/bio_ssl.c
@@ -60,27 +60,17 @@
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
-#include "crypto.h"
-#include "bio.h"
-#include "err.h"
-#include "ssl.h"
+#include <openssl/crypto.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
 
-#ifndef NOPROTO
 static int ssl_write(BIO *h,char *buf,int num);
 static int ssl_read(BIO *h,char *buf,int size);
 static int ssl_puts(BIO *h,char *str);
 static long ssl_ctrl(BIO *h,int cmd,long arg1,char *arg2);
 static int ssl_new(BIO *h);
 static int ssl_free(BIO *data);
-#else
-static int ssl_write();
-static int ssl_read();
-static int ssl_puts();
-static long ssl_ctrl();
-static int ssl_new();
-static int ssl_free();
-#endif
-
 typedef struct bio_ssl_st
 	{
 	SSL *ssl; /* The ssl handle :-) */
@@ -104,13 +94,12 @@ static BIO_METHOD methods_sslp=
 	ssl_free,
 	};
 
-BIO_METHOD *BIO_f_ssl()
+BIO_METHOD *BIO_f_ssl(void)
 	{
 	return(&methods_sslp);
 	}
 
-static int ssl_new(bi)
-BIO *bi;
+static int ssl_new(BIO *bi)
 	{
 	BIO_SSL *bs;
 
@@ -127,8 +116,7 @@ BIO *bi;
 	return(1);
 	}
 
-static int ssl_free(a)
-BIO *a;
+static int ssl_free(BIO *a)
 	{
 	BIO_SSL *bs;
 
@@ -147,10 +135,7 @@ BIO *a;
 	return(1);
 	}
 	
-static int ssl_read(b,out,outl)
-BIO *b;
-char *out;
-int outl;
+static int ssl_read(BIO *b, char *out, int outl)
 	{
 	int ret=1;
 	BIO_SSL *sb;
@@ -234,10 +219,7 @@ int outl;
 	return(ret);
 	}
 
-static int ssl_write(b,out,outl)
-BIO *b;
-char *out;
-int outl;
+static int ssl_write(BIO *b, char *out, int outl)
 	{
 	int ret,r=0;
 	int retry_reason=0;
@@ -305,11 +287,7 @@ int outl;
 	return(ret);
 	}
 
-static long ssl_ctrl(b,cmd,num,ptr)
-BIO *b;
-int cmd;
-long num;
-char *ptr;
+static long ssl_ctrl(BIO *b, int cmd, long num, char *ptr)
 	{
 	SSL **sslp,*ssl;
 	BIO_SSL *bs;
@@ -483,9 +461,7 @@ char *ptr;
 	return(ret);
 	}
 
-static int ssl_puts(bp,str)
-BIO *bp;
-char *str;
+static int ssl_puts(BIO *bp, char *str)
 	{
 	int n,ret;
 
@@ -494,8 +470,7 @@ char *str;
 	return(ret);
 	}
 
-BIO *BIO_new_buffer_ssl_connect(ctx)
-SSL_CTX *ctx;
+BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
 	{
 	BIO *ret=NULL,*buf=NULL,*ssl=NULL;
 
@@ -512,8 +487,7 @@ err:
 	return(NULL);
 	}
 
-BIO *BIO_new_ssl_connect(ctx)
-SSL_CTX *ctx;
+BIO *BIO_new_ssl_connect(SSL_CTX *ctx)
 	{
 	BIO *ret=NULL,*con=NULL,*ssl=NULL;
 
@@ -530,9 +504,7 @@ err:
 	return(NULL);
 	}
 
-BIO *BIO_new_ssl(ctx,client)
-SSL_CTX *ctx;
-int client;
+BIO *BIO_new_ssl(SSL_CTX *ctx, int client)
 	{
 	BIO *ret;
 	SSL *ssl;
@@ -553,8 +525,7 @@ int client;
 	return(ret);
 	}
 
-int BIO_ssl_copy_session_id(t,f)
-BIO *t,*f;
+int BIO_ssl_copy_session_id(BIO *t, BIO *f)
 	{
 	t=BIO_find_type(t,BIO_TYPE_SSL);
 	f=BIO_find_type(f,BIO_TYPE_SSL);
@@ -567,8 +538,7 @@ BIO *t,*f;
 	return(1);
 	}
 
-void BIO_ssl_shutdown(b)
-BIO *b;
+void BIO_ssl_shutdown(BIO *b)
 	{
 	SSL *s;
 
diff --git a/lib/libssl/src/ssl/install.com b/lib/libssl/src/ssl/install.com
new file mode 100644
index 00000000000..2b62f4e499d
--- /dev/null
+++ b/lib/libssl/src/ssl/install.com
@@ -0,0 +1,102 @@
+$! INSTALL.COM -- Installs the files in a given directory tree
+$!
+$! Author: Richard Levitte <richard@levitte.org>
+$! Time of creation: 22-MAY-1998 10:13
+$!
+$! P1	root of the directory tree
+$!
+$	IF P1 .EQS. ""
+$	THEN
+$	    WRITE SYS$OUTPUT "First argument missing."
+$	    WRITE SYS$OUTPUT "Should be the directory where you want things installed."
+$	    EXIT
+$	ENDIF
+$
+$	ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
+$	ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
+$	ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
+		   - "[000000." - "][" - "[" - "]"
+$	ROOT = ROOT_DEV + "[" + ROOT_DIR
+$
+$	DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
+$	DEFINE/NOLOG WRK_SSLVLIB WRK_SSLROOT:[VAX_LIB]
+$	DEFINE/NOLOG WRK_SSLALIB WRK_SSLROOT:[ALPHA_LIB]
+$	DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE]
+$	DEFINE/NOLOG WRK_SSLVEXE WRK_SSLROOT:[VAX_EXE]
+$	DEFINE/NOLOG WRK_SSLAEXE WRK_SSLROOT:[ALPHA_EXE]
+$
+$	IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLROOT:[000000]
+$	IF F$PARSE("WRK_SSLVLIB:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLVLIB:
+$	IF F$PARSE("WRK_SSLALIB:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLALIB:
+$	IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLINCLUDE:
+$	IF F$PARSE("WRK_SSLVEXE:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLVEXE:
+$	IF F$PARSE("WRK_SSLAEXE:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLAEXE:
+$
+$	EXHEADER := ssl.h,ssl2.h,ssl3.h,ssl23.h,tls1.h
+$	E_EXE := ssl_task
+$	LIBS := LIBSSL
+$
+$	VEXE_DIR := [-.VAX.EXE.SSL]
+$	AEXE_DIR := [-.AXP.EXE.SSL]
+$
+$	COPY 'EXHEADER' WRK_SSLINCLUDE:/LOG
+$
+$	I = 0
+$ LOOP_EXE: 
+$	E = F$EDIT(F$ELEMENT(I, ",", E_EXE),"TRIM")
+$	I = I + 1
+$	IF E .EQS. "," THEN GOTO LOOP_EXE_END
+$	SET NOON
+$	IF F$SEARCH(VEXE_DIR+E+".EXE") .NES. ""
+$	THEN
+$	  COPY 'VEXE_DIR''E'.EXE WRK_SSLVEXE:'E'.EXE/log
+$	  SET FILE/PROT=W:RE WRK_SSLVEXE:'E'.EXE
+$	ENDIF
+$	IF F$SEARCH(AEXE_DIR+E+".EXE") .NES. ""
+$	THEN
+$	  COPY 'AEXE_DIR''E'.EXE WRK_SSLAEXE:'E'.EXE/log
+$	  SET FILE/PROT=W:RE WRK_SSLAEXE:'E'.EXE
+$	ENDIF
+$	SET ON
+$	GOTO LOOP_EXE
+$ LOOP_EXE_END:
+$
+$	I = 0
+$ LOOP_LIB: 
+$	E = F$EDIT(F$ELEMENT(I, ",", LIBS),"TRIM")
+$	I = I + 1
+$	IF E .EQS. "," THEN GOTO LOOP_LIB_END
+$	SET NOON
+$	IF F$SEARCH(VEXE_DIR+E+".OLB") .NES. ""
+$	THEN
+$	  COPY 'VEXE_DIR''E'.OLB WRK_SSLVLIB:'E'.OLB/log
+$	  SET FILE/PROT=W:RE WRK_SSLVLIB:'E'.OLB
+$	ENDIF
+$	! Preparing for the time when we have shareable images
+$	IF F$SEARCH(VEXE_DIR+E+".EXE") .NES. ""
+$	THEN
+$	  COPY 'VEXE_DIR''E'.EXE WRK_SSLVLIB:'E'.EXE/log
+$	  SET FILE/PROT=W:RE WRK_SSLVLIB:'E'.EXE
+$	ENDIF
+$	IF F$SEARCH(AEXE_DIR+E+".OLB") .NES. ""
+$	THEN
+$	  COPY 'AEXE_DIR''E'.OLB WRK_SSLALIB:'E'.OLB/log
+$	  SET FILE/PROT=W:RE WRK_SSLALIB:'E'.OLB
+$	ENDIF
+$	! Preparing for the time when we have shareable images
+$	IF F$SEARCH(AEXE_DIR+E+".EXE") .NES. ""
+$	THEN
+$	  COPY 'AEXE_DIR''E'.EXE WRK_SSLALIB:'E'.EXE/log
+$	  SET FILE/PROT=W:RE WRK_SSLALIB:'E'.EXE
+$	ENDIF
+$	SET ON
+$	GOTO LOOP_LIB
+$ LOOP_LIB_END:
+$
+$	EXIT
diff --git a/lib/libssl/src/ssl/readme b/lib/libssl/src/ssl/readme
deleted file mode 100644
index ca174848a1f..00000000000
--- a/lib/libssl/src/ssl/readme
+++ /dev/null
@@ -1,277 +0,0 @@
-22 Jun 1996
-This file belongs in ../apps, but I'll leave it here because it deals
-with SSL :-)  It is rather dated but it gives you an idea of how
-things work.
-===
-
-17 Jul 1995
-I have been changing things quite a bit and have not fully updated
-this file, so take what you read with a grain of salt
-eric
-===
-The s_client and s_server programs can be used to test SSL capable
-IP/port addresses and the verification of the X509 certificates in use
-by these services.  I strongly advise having a look at the code to get
-an idea of how to use the authentication under SSLeay.  Any feedback
-on changes and improvements would be greatly accepted.
-
-This file will probably be gibberish unless you have read
-rfc1421, rfc1422, rfc1423 and rfc1424 which describe PEM
-authentication.
-
-A Brief outline (and examples) how to use them to do so.
-
-NOTE:
-The environment variable SSL_CIPER is used to specify the prefered
-cipher to use, play around with setting it's value to combinations of
-RC4-MD5, EXP-RC4-MD5, CBC-DES-MD5, CBC3-DES-MD5, CFB-DES-NULL
-in a : separated list.
-
-This directory contains 3 X509 certificates which can be used by these programs.
-client.pem: a file containing a certificate and private key to be used
-	by s_client.
-server.pem :a file containing a certificate and private key to be used
-	by s_server.
-eay1024.pem:the certificate used to sign client.pem and server.pem.
-	This would be your CA's certificate.  There is also a link
-	from the file a8556381.0 to eay1024.PEM.  The value a8556381
-	is returned by 'x509 -hash -noout <eay1024.pem' and is the
-	value used by X509 verification routines to 'find' this
-	certificte when search a directory for it.
-	[the above is not true any more, the CA cert is 
-	 ../certs/testca.pem which is signed by ../certs/mincomca.pem]
-
-When testing the s_server, you may get
-bind: Address already in use
-errors.  These indicate the port is still being held by the unix
-kernel and you are going to have to wait for it to let go of it.  If
-this is the case, remember to use the port commands on the s_server and
-s_client to talk on an alternative port.
-
-=====
-s_client.
-This program can be used to connect to any IP/hostname:port that is
-talking SSL.  Once connected, it will attempt to authenticate the
-certificate it was passed and if everything works as expected, a 2
-directional channel will be open.  Any text typed will be sent to the
-other end.  type Q<cr> to exit.  Flags are as follows.
--host arg	: Arg is the host or IP address to connect to.
--port arg	: Arg is the port to connect to (https is 443).
--verify arg	: Turn on authentication of the server certificate.
-		: Arg specifies the 'depth', this will covered below.
--cert arg	: The optional certificate to use.  This certificate
-		: will be returned to the server if the server
-		: requests it for client authentication.
--key arg	: The private key that matches the certificate
-		: specified by the -cert option.  If this is not
-		: specified (but -cert is), the -cert file will be
-		: searched for the Private key.  Both files are
-		: assumed to be in PEM format.
--CApath arg	: When to look for certificates when 'verifying' the
-		: certificate from the server.
--CAfile arg	: A file containing certificates to be used for
-		: 'verifying' the server certificate.
--reconnect	: Once a connection has been made, drop it and
-		: reconnect with same session-id.  This is for testing :-).
-
-The '-verify n' parameter specifies not only to verify the servers
-certificate but to also only take notice of 'n' levels.  The best way
-to explain is to show via examples.
-Given
-s_server -cert server.PEM is running.
-
-s_client
-	CONNECTED
-	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
-	issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
-	verify error:num=1:unable to get issuer certificate
-	verify return:1
-	CIPHER is CBC-DES-MD5
-What has happened is that the 'SSLeay demo server' certificate's
-issuer ('CA') could not be found but because verify is not on, we
-don't care and the connection has been made anyway.  It is now 'up'
-using CBC-DES-MD5 mode.  This is an unauthenticate secure channel.
-You may not be talking to the right person but the data going to them
-is encrypted.
-
-s_client -verify 0
-	CONNECTED
-	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
-	issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
-	verify error:num=1:unable to get issuer certificate
-	verify return:1
-	CIPHER is CBC-DES-MD5
-We are 'verifying' but only to depth 0, so since the 'SSLeay demo server'
-certificate passed the date and checksum, we are happy to proceed.
-
-s_client -verify 1
-	CONNECTED
-	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
-	issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
-	verify error:num=1:unable to get issuer certificate
-	verify return:0
-	ERROR
-	verify error:unable to get issuer certificate
-In this case we failed to make the connection because we could not
-authenticate the certificate because we could not find the
-'CA' certificate.
-
-s_client -verify 1 -CAfile eay1024.PEM
-	CONNECTED
-	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
-	verify return:1
-	depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
-	verify return:1
-	CIPHER is CBC-DES-MD5
-We loaded the certificates from the file eay1024.PEM.  Everything
-checked out and so we made the connection.
-
-s_client -verify 1 -CApath .
-	CONNECTED
-	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
-	verify return:1
-	depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
-	verify return:1
-	CIPHER is CBC-DES-MD5
-We looked in out local directory for issuer certificates and 'found'
-a8556381.0 and so everything is ok.
-
-It is worth noting that 'CA' is a self certified certificate.  If you
-are passed one of these, it will fail to 'verify' at depth 0 because
-we need to lookup the certifier of a certificate from some information
-that we trust and keep locally.
-
-SSL_CIPHER=CBC3-DES-MD5:RC4-MD5
-export SSL_CIPHER
-s_client -verify 10 -CApath . -reconnect
-	CONNECTED
-	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
-	verify return:1
-	depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
-	verify return:1
-	drop the connection and reconnect with the same session id
-	CIPHER is CBC3-DES-MD5
-This has done a full connection and then re-estabished it with the
-same session id but a new socket.  No RSA stuff occures on the second
-connection.  Note that we said we would prefer to use CBC3-DES-MD5
-encryption and so, since the server supports it, we are.
-
-=====
-s_server
-This program accepts SSL connections on a specified port
-Once connected, it will estabish an SSL connection and optionaly
-attempt to authenticate the client.  A 2 directional channel will be
-open.  Any text typed will be sent to the other end.  Type Q<cr> to exit.
-Flags are as follows.
--port arg	: Arg is the port to listen on.
--verify arg	: Turn on authentication of the client if they have a
-		: certificate.  Arg specifies the 'depth'.
--Verify arg	: Turn on authentication of the client. If they don't
-		: have a valid certificate, drop the connection.
--cert arg	: The certificate to use.  This certificate
-		: will be passed to the client.  If it is not
-		: specified, it will default to server.PEM
--key arg	: The private key that matches the certificate
-		: specified by the -cert option.  If this is not
-		: specified (but -cert is), the -cert file will be
-		: searched for the Private key.  Both files are
-		: assumed to be in PEM format.  Default is server.PEM
--CApath arg	: When to look for certificates when 'verifying' the
-		: certificate from the client.
--CAfile arg	: A file containing certificates to be used for
-		: 'verifying' the client certificate.
-
-For the following 'demo'  I will specify the s_server command and
-the s_client command and then list the output from the s_server.
-s_server
-s_client
-	CONNECTED
-	CIPHER is CBC-DES-MD5
-Everything up and running
-
-s_server -verify 0
-s_client  
-	CONNECTED
-	CIPHER is CBC-DES-MD5
-Ok since no certificate was returned and we don't care.
-
-s_server -verify 0
-./s_client -cert client.PEM
-	CONNECTED
-	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client
-	issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
-	verify error:num=1:unable to get issuer certificate
-	verify return:1
-	CIPHER is CBC-DES-MD5
-Ok since we were only verifying to level 0
-
-s_server -verify 4
-s_client -cert client.PEM
-	CONNECTED
-	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client
-	issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
-	verify error:num=1:unable to get issuer certificate
-	verify return:0
-	ERROR
-	verify error:unable to get issuer certificate
-Bad because we could not authenticate the returned certificate.
-
-s_server -verify 4 -CApath .
-s_client -cert client.PEM
-	CONNECTED
-	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client
-	verify return:1
-	depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
-	verify return:1
-	CIPHER is CBC-DES-MD5
-Ok because we could authenticate the returned certificate :-).
-
-s_server -Verify 0 -CApath .
-s_client
-	CONNECTED
-	ERROR
-	SSL error:function is:REQUEST_CERTIFICATE
-		 :error is   :client end did not return a certificate
-Error because no certificate returned.
-
-s_server -Verify 4 -CApath .
-s_client -cert client.PEM
-	CONNECTED
-	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client
-	verify return:1
-	depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
-	verify return:1
-	CIPHER is CBC-DES-MD5
-Full authentication of the client.
-
-So in summary to do full authentication of both ends
-s_server -Verify 9 -CApath .
-s_client -cert client.PEM -CApath . -verify 9
-From the server side
-	CONNECTED
-	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client
-	verify return:1
-	depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
-	verify return:1
-	CIPHER is CBC-DES-MD5
-From the client side
-	CONNECTED
-	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
-	verify return:1
-	depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
-	verify return:1
-	CIPHER is CBC-DES-MD5
-
-For general probing of the 'internet https' servers for the
-distribution area, run
-s_client -host www.netscape.com -port 443 -verify 4 -CApath ../rsa/hash
-Then enter
-GET /
-and you should be talking to the https server on that host.
-
-www.rsa.com was refusing to respond to connections on 443 when I was
-testing.
-
-have fun :-).
-
-eric
diff --git a/lib/libssl/src/ssl/s23_clnt.c b/lib/libssl/src/ssl/s23_clnt.c
index a4661ebb687..299d2ae5d28 100644
--- a/lib/libssl/src/ssl/s23_clnt.c
+++ b/lib/libssl/src/ssl/s23_clnt.c
@@ -57,28 +57,20 @@
  */
 
 #include <stdio.h>
-#include "buffer.h"
-#include "rand.h"
-#include "objects.h"
-#include "evp.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
 #include "ssl_locl.h"
 
-#define BREAK break
-
-#ifndef NOPROTO
+static SSL_METHOD *ssl23_get_client_method(int ver);
 static int ssl23_client_hello(SSL *s);
 static int ssl23_get_server_hello(SSL *s);
-#else
-static int ssl23_client_hello();
-static int ssl23_get_server_hello();
-#endif
-
-static SSL_METHOD *ssl23_get_client_method(ver)
-int ver;
+static SSL_METHOD *ssl23_get_client_method(int ver)
 	{
 	if (ver == SSL2_VERSION)
 		return(SSLv2_client_method());
-	else if (ver == SSL3_VERSION)
+	if (ver == SSL3_VERSION)
 		return(SSLv3_client_method());
 	else if (ver == TLS1_VERSION)
 		return(TLSv1_client_method());
@@ -86,24 +78,23 @@ int ver;
 		return(NULL);
 	}
 
-SSL_METHOD *SSLv23_client_method()
+SSL_METHOD *SSLv23_client_method(void)
 	{
 	static int init=1;
 	static SSL_METHOD SSLv23_client_data;
 
 	if (init)
 		{
-		init=0;
 		memcpy((char *)&SSLv23_client_data,
 			(char *)sslv23_base_method(),sizeof(SSL_METHOD));
 		SSLv23_client_data.ssl_connect=ssl23_connect;
 		SSLv23_client_data.get_ssl_method=ssl23_get_client_method;
+		init=0;
 		}
 	return(&SSLv23_client_data);
 	}
 
-int ssl23_connect(s)
-SSL *s;
+int ssl23_connect(SSL *s)
 	{
 	BUF_MEM *buf;
 	unsigned long Time=time(NULL);
@@ -111,7 +102,7 @@ SSL *s;
 	int ret= -1;
 	int new_state,state;
 
-	RAND_seed((unsigned char *)&Time,sizeof(Time));
+	RAND_seed(&Time,sizeof(Time));
 	ERR_clear_error();
 	clear_sys_error();
 
@@ -134,6 +125,13 @@ SSL *s;
 		case SSL_ST_BEFORE|SSL_ST_CONNECT:
 		case SSL_ST_OK|SSL_ST_CONNECT:
 
+			if (s->session != NULL)
+				{
+				SSLerr(SSL_F_SSL23_CONNECT,SSL_R_SSL23_DOING_SESSION_ID_REUSE);
+				ret= -1;
+				goto end;
+				}
+			s->server=0;
 			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
 
 			/* s->version=TLS1_VERSION; */
@@ -159,7 +157,7 @@ SSL *s;
 			ssl3_init_finished_mac(s);
 
 			s->state=SSL23_ST_CW_CLNT_HELLO_A;
-			s->ctx->sess_connect++;
+			s->ctx->stats.sess_connect++;
 			s->init_num=0;
 			break;
 
@@ -179,7 +177,7 @@ SSL *s;
 			ret=ssl23_get_server_hello(s);
 			if (ret >= 0) cb=NULL;
 			goto end;
-			break;
+			/* break; */
 
 		default:
 			SSLerr(SSL_F_SSL23_CONNECT,SSL_R_UNKNOWN_STATE);
@@ -188,7 +186,7 @@ SSL *s;
 			/* break; */
 			}
 
-		if (s->debug) BIO_flush(s->wbio);
+		if (s->debug) { (void)BIO_flush(s->wbio); }
 
 		if ((cb != NULL) && (s->state != state))
 			{
@@ -206,8 +204,7 @@ end:
 	}
 
 
-static int ssl23_client_hello(s)
-SSL *s;
+static int ssl23_client_hello(SSL *s)
 	{
 	unsigned char *buf;
 	unsigned char *p,*d;
@@ -236,16 +233,19 @@ SSL *s;
 			{
 			*(d++)=TLS1_VERSION_MAJOR;
 			*(d++)=TLS1_VERSION_MINOR;
+			s->client_version=TLS1_VERSION;
 			}
 		else if (!(s->options & SSL_OP_NO_SSLv3))
 			{
 			*(d++)=SSL3_VERSION_MAJOR;
 			*(d++)=SSL3_VERSION_MINOR;
+			s->client_version=SSL3_VERSION;
 			}
 		else if (!(s->options & SSL_OP_NO_SSLv2))
 			{
 			*(d++)=SSL2_VERSION_MAJOR;
 			*(d++)=SSL2_VERSION_MINOR;
+			s->client_version=SSL2_VERSION;
 			}
 		else
 			{
@@ -303,8 +303,7 @@ SSL *s;
 	return(ssl23_write_bytes(s));
 	}
 
-static int ssl23_get_server_hello(s)
-SSL *s;
+static int ssl23_get_server_hello(SSL *s)
 	{
 	char buf[8];
 	unsigned char *p;
@@ -443,7 +442,7 @@ SSL *s;
 			}
 
 		s->rwstate=SSL_NOTHING;
-		SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,1000+p[6]);
+		SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]);
 		goto err;
 		}
 	else
diff --git a/lib/libssl/src/ssl/s23_lib.c b/lib/libssl/src/ssl/s23_lib.c
index e16f641101a..822a3958372 100644
--- a/lib/libssl/src/ssl/s23_lib.c
+++ b/lib/libssl/src/ssl/s23_lib.c
@@ -57,28 +57,17 @@
  */
 
 #include <stdio.h>
-#include "objects.h"
+#include <openssl/objects.h>
 #include "ssl_locl.h"
 
-#ifndef NOPROTO
 static int ssl23_num_ciphers(void );
 static SSL_CIPHER *ssl23_get_cipher(unsigned int u);
-static int ssl23_read(SSL *s, char *buf, int len);
-static int ssl23_write(SSL *s, char *buf, int len);
+static int ssl23_read(SSL *s, void *buf, int len);
+static int ssl23_write(SSL *s, const void *buf, int len);
 static long ssl23_default_timeout(void );
-static int ssl23_put_cipher_by_char(SSL_CIPHER *c, unsigned char *p);
-static SSL_CIPHER *ssl23_get_cipher_by_char(unsigned char *p);
-#else
-static int ssl23_num_ciphers();
-static SSL_CIPHER *ssl23_get_cipher();
-static int ssl23_read();
-static int ssl23_write();
-static long ssl23_default_timeout();
-static int ssl23_put_cipher_by_char();
-static SSL_CIPHER *ssl23_get_cipher_by_char();
-#endif
-
-char *SSL23_version_str="SSLv2/3 compatablity part of SSLeay 0.7.0 30-Jan-1997";
+static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
+static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
+char *SSL23_version_str="SSLv2/3 compatibility" OPENSSL_VERSION_PTEXT;
 
 static SSL_METHOD SSLv23_data= {
 	TLS1_VERSION,
@@ -88,10 +77,11 @@ static SSL_METHOD SSLv23_data= {
 	ssl_undefined_function,
 	ssl_undefined_function,
 	ssl23_read,
-	ssl_undefined_function,
+	(int (*)(struct ssl_st *, char *, int))ssl_undefined_function,
 	ssl23_write,
 	ssl_undefined_function,
 	ssl_undefined_function,
+	ssl_ok,
 	ssl3_ctrl,
 	ssl3_ctx_ctrl,
 	ssl23_get_cipher_by_char,
@@ -104,23 +94,22 @@ static SSL_METHOD SSLv23_data= {
 	&ssl3_undef_enc_method,
 	};
 
-static long ssl23_default_timeout()
+static long ssl23_default_timeout(void)
 	{
 	return(300);
 	}
 
-SSL_METHOD *sslv23_base_method()
+SSL_METHOD *sslv23_base_method(void)
 	{
 	return(&SSLv23_data);
 	}
 
-static int ssl23_num_ciphers()
+static int ssl23_num_ciphers(void)
 	{
 	return(ssl3_num_ciphers()+ssl2_num_ciphers());
 	}
 
-static SSL_CIPHER *ssl23_get_cipher(u)
-unsigned int u;
+static SSL_CIPHER *ssl23_get_cipher(unsigned int u)
 	{
 	unsigned int uu=ssl3_num_ciphers();
 
@@ -132,8 +121,7 @@ unsigned int u;
 
 /* This function needs to check if the ciphers required are actually
  * available */
-static SSL_CIPHER *ssl23_get_cipher_by_char(p)
-unsigned char *p;
+static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
 	{
 	SSL_CIPHER c,*cp;
 	unsigned long id;
@@ -149,9 +137,7 @@ unsigned char *p;
 	return(cp);
 	}
 
-static int ssl23_put_cipher_by_char(c,p)
-SSL_CIPHER *c;
-unsigned char *p;
+static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
 	{
 	long l;
 
@@ -166,10 +152,7 @@ unsigned char *p;
 	return(3);
 	}
 
-static int ssl23_read(s,buf,len)
-SSL *s;
-char *buf;
-int len;
+static int ssl23_read(SSL *s, void *buf, int len)
 	{
 	int n;
 
@@ -199,10 +182,7 @@ int len;
 		}
 	}
 
-static int ssl23_write(s,buf,len)
-SSL *s;
-char *buf;
-int len;
+static int ssl23_write(SSL *s, const void *buf, int len)
 	{
 	int n;
 
diff --git a/lib/libssl/src/ssl/s23_meth.c b/lib/libssl/src/ssl/s23_meth.c
index 1eed7a54bcf..b52ca1d58b3 100644
--- a/lib/libssl/src/ssl/s23_meth.c
+++ b/lib/libssl/src/ssl/s23_meth.c
@@ -57,11 +57,11 @@
  */
 
 #include <stdio.h>
-#include "objects.h"
+#include <openssl/objects.h>
 #include "ssl_locl.h"
 
-static SSL_METHOD *ssl23_get_method(ver)
-int ver;
+static SSL_METHOD *ssl23_get_method(int ver);
+static SSL_METHOD *ssl23_get_method(int ver)
 	{
 	if (ver == SSL2_VERSION)
 		return(SSLv23_method());
@@ -73,19 +73,19 @@ int ver;
 		return(NULL);
 	}
 
-SSL_METHOD *SSLv23_method()
+SSL_METHOD *SSLv23_method(void)
 	{
 	static int init=1;
 	static SSL_METHOD SSLv23_data;
 
 	if (init)
 		{
-		init=0;
 		memcpy((char *)&SSLv23_data,(char *)sslv23_base_method(),
 			sizeof(SSL_METHOD));
 		SSLv23_data.ssl_connect=ssl23_connect;
 		SSLv23_data.ssl_accept=ssl23_accept;
 		SSLv23_data.get_ssl_method=ssl23_get_method;
+		init=0;
 		}
 	return(&SSLv23_data);
 	}
diff --git a/lib/libssl/src/ssl/s23_pkt.c b/lib/libssl/src/ssl/s23_pkt.c
index c25c3127725..8370ea508c7 100644
--- a/lib/libssl/src/ssl/s23_pkt.c
+++ b/lib/libssl/src/ssl/s23_pkt.c
@@ -59,12 +59,11 @@
 #include <stdio.h>
 #include <errno.h>
 #define USE_SOCKETS
-#include "evp.h"
-#include "buffer.h"
+#include <openssl/evp.h>
+#include <openssl/buffer.h>
 #include "ssl_locl.h"
 
-int ssl23_write_bytes(s)
-SSL *s;
+int ssl23_write_bytes(SSL *s)
 	{
 	int i,num,tot;
 	char *buf;
@@ -76,7 +75,7 @@ SSL *s;
 		{
 		s->rwstate=SSL_WRITING;
 		i=BIO_write(s->wbio,&(buf[tot]),num);
-		if (i < 0)
+		if (i <= 0)
 			{
 			s->init_off=tot;
 			s->init_num=num;
@@ -91,9 +90,7 @@ SSL *s;
 	}
 
 /* only return when we have read 'n' bytes */
-int ssl23_read_bytes(s,n)
-SSL *s;
-int n;
+int ssl23_read_bytes(SSL *s, int n)
 	{
 	unsigned char *p;
 	int j;
diff --git a/lib/libssl/src/ssl/s23_srvr.c b/lib/libssl/src/ssl/s23_srvr.c
index c7b9ecbcf28..e4122f2d78d 100644
--- a/lib/libssl/src/ssl/s23_srvr.c
+++ b/lib/libssl/src/ssl/s23_srvr.c
@@ -57,26 +57,19 @@
  */
 
 #include <stdio.h>
-#include "buffer.h"
-#include "rand.h"
-#include "objects.h"
-#include "evp.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
 #include "ssl_locl.h"
 
-#define BREAK break
-
-#ifndef NOPROTO
+static SSL_METHOD *ssl23_get_server_method(int ver);
 int ssl23_get_client_hello(SSL *s);
-#else
-int ssl23_get_client_hello();
-#endif
-
-static SSL_METHOD *ssl23_get_server_method(ver)
-int ver;
+static SSL_METHOD *ssl23_get_server_method(int ver)
 	{
 	if (ver == SSL2_VERSION)
 		return(SSLv2_server_method());
-	else if (ver == SSL3_VERSION)
+	if (ver == SSL3_VERSION)
 		return(SSLv3_server_method());
 	else if (ver == TLS1_VERSION)
 		return(TLSv1_server_method());
@@ -84,24 +77,23 @@ int ver;
 		return(NULL);
 	}
 
-SSL_METHOD *SSLv23_server_method()
+SSL_METHOD *SSLv23_server_method(void)
 	{
 	static int init=1;
 	static SSL_METHOD SSLv23_server_data;
 
 	if (init)
 		{
-		init=0;
 		memcpy((char *)&SSLv23_server_data,
 			(char *)sslv23_base_method(),sizeof(SSL_METHOD));
 		SSLv23_server_data.ssl_accept=ssl23_accept;
 		SSLv23_server_data.get_ssl_method=ssl23_get_server_method;
+		init=0;
 		}
 	return(&SSLv23_server_data);
 	}
 
-int ssl23_accept(s)
-SSL *s;
+int ssl23_accept(SSL *s)
 	{
 	BUF_MEM *buf;
 	unsigned long Time=time(NULL);
@@ -109,7 +101,7 @@ SSL *s;
 	int ret= -1;
 	int new_state,state;
 
-	RAND_seed((unsigned char *)&Time,sizeof(Time));
+	RAND_seed(&Time,sizeof(Time));
 	ERR_clear_error();
 	clear_sys_error();
 
@@ -132,6 +124,7 @@ SSL *s;
 		case SSL_ST_BEFORE|SSL_ST_ACCEPT:
 		case SSL_ST_OK|SSL_ST_ACCEPT:
 
+			s->server=1;
 			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
 
 			/* s->version=SSL3_VERSION; */
@@ -155,7 +148,7 @@ SSL *s;
 			ssl3_init_finished_mac(s);
 
 			s->state=SSL23_ST_SR_CLNT_HELLO_A;
-			s->ctx->sess_accept++;
+			s->ctx->stats.sess_accept++;
 			s->init_num=0;
 			break;
 
@@ -166,7 +159,7 @@ SSL *s;
 			ret=ssl23_get_client_hello(s);
 			if (ret >= 0) cb=NULL;
 			goto end;
-			break;
+			/* break; */
 
 		default:
 			SSLerr(SSL_F_SSL23_ACCEPT,SSL_R_UNKNOWN_STATE);
@@ -191,8 +184,7 @@ end:
 	}
 
 
-int ssl23_get_client_hello(s)
-SSL *s;
+int ssl23_get_client_hello(SSL *s)
 	{
 	char buf_space[8];
 	char *buf= &(buf_space[0]);
@@ -201,14 +193,16 @@ SSL *s;
 	unsigned int csl,sil,cl;
 	int n=0,j,tls1=0;
 	int type=0,use_sslv2_strong=0;
+	int v[2];
 
 	/* read the initial header */
+	v[0]=v[1]=0;
 	if (s->state ==	SSL23_ST_SR_CLNT_HELLO_A)
 		{
 		if (!ssl3_setup_buffers(s)) goto err;
 
 		n=ssl23_read_bytes(s,7);
-		if (n != 7) return(n);
+		if (n != 7) return(n); /* n == -1 || n == 0 */
 
 		p=s->packet;
 
@@ -219,12 +213,14 @@ SSL *s;
 			/* SSLv2 header */
 			if ((p[3] == 0x00) && (p[4] == 0x02))
 				{
+				v[0]=p[3]; v[1]=p[4];
 				/* SSLv2 */
 				if (!(s->options & SSL_OP_NO_SSLv2))
 					type=1;
 				}
 			else if (p[3] == SSL3_VERSION_MAJOR)
 				{
+				v[0]=p[3]; v[1]=p[4];
 				/* SSLv3/TLSv1 */
 				if (p[4] >= TLS1_VERSION_MINOR)
 					{
@@ -237,13 +233,19 @@ SSL *s;
 						{
 						s->state=SSL23_ST_SR_CLNT_HELLO_B;
 						}
+					else if (!(s->options & SSL_OP_NO_SSLv2))
+						{
+						type=1;
+						}
 					}
 				else if (!(s->options & SSL_OP_NO_SSLv3))
 					s->state=SSL23_ST_SR_CLNT_HELLO_B;
+				else if (!(s->options & SSL_OP_NO_SSLv2))
+					type=1;
 
 				if (s->options & SSL_OP_NON_EXPORT_FIRST)
 					{
-					STACK *sk;
+					STACK_OF(SSL_CIPHER) *sk;
 					SSL_CIPHER *c;
 					int ne2,ne3;
 
@@ -274,10 +276,10 @@ SSL *s;
 					if (sk != NULL)
 						{
 						ne2=ne3=0;
-						for (j=0; j<sk_num(sk); j++)
+						for (j=0; j<sk_SSL_CIPHER_num(sk); j++)
 							{
-							c=(SSL_CIPHER *)sk_value(sk,j);
-							if (!(c->algorithms & SSL_EXP))
+							c=sk_SSL_CIPHER_value(sk,j);
+							if (!SSL_C_IS_EXPORT(c))
 								{
 								if ((c->id>>24L) == 2L)
 									ne2=1;
@@ -299,6 +301,7 @@ SSL *s;
 			 (p[1] == SSL3_VERSION_MAJOR) &&
 			 (p[5] == SSL3_MT_CLIENT_HELLO))
 			{
+			v[0]=p[1]; v[1]=p[2];
 			/* true SSLv3 or tls1 */
 			if (p[2] >= TLS1_VERSION_MINOR)
 				{
@@ -313,15 +316,15 @@ SSL *s;
 			else if (!(s->options & SSL_OP_NO_SSLv3))
 				type=3;
 			}
-		else if ((strncmp("GET ", p,4) == 0) ||
-			 (strncmp("POST ",p,5) == 0) ||
-			 (strncmp("HEAD ",p,5) == 0) ||
-			 (strncmp("PUT ", p,4) == 0))
+		else if ((strncmp("GET ", (char *)p,4) == 0) ||
+			 (strncmp("POST ",(char *)p,5) == 0) ||
+			 (strncmp("HEAD ",(char *)p,5) == 0) ||
+			 (strncmp("PUT ", (char *)p,4) == 0))
 			{
 			SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTP_REQUEST);
 			goto err;
 			}
-		else if (strncmp("CONNECT",p,7) == 0)
+		else if (strncmp("CONNECT",(char *)p,7) == 0)
 			{
 			SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTPS_PROXY_REQUEST);
 			goto err;
@@ -387,7 +390,7 @@ next_bit:
 			}
 		s2n(j,dd);
 
-		/* compression */
+		/* COMPRESSION */
 		*(d++)=1;
 		*(d++)=0;
 		
@@ -478,6 +481,7 @@ next_bit:
 			s->version=SSL3_VERSION;
 			s->method=SSLv3_server_method();
 			}
+		s->client_version=(v[0]<<8)|v[1];
 		s->handshake_func=s->method->ssl_accept;
 		}
 	
diff --git a/lib/libssl/src/ssl/s2_clnt.c b/lib/libssl/src/ssl/s2_clnt.c
index 16df9ec5655..1fe8bd627db 100644
--- a/lib/libssl/src/ssl/s2_clnt.c
+++ b/lib/libssl/src/ssl/s2_clnt.c
@@ -56,14 +56,15 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_RSA
 #include <stdio.h>
-#include "rand.h"
-#include "buffer.h"
-#include "objects.h"
+#include <openssl/rand.h>
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
 #include "ssl_locl.h"
-#include "evp.h"
+#include <openssl/evp.h>
 
-#ifndef NOPROTO
+static SSL_METHOD *ssl2_get_client_method(int ver);
 static int get_server_finished(SSL *s);
 static int get_server_verify(SSL *s);
 static int get_server_hello(SSL *s);
@@ -71,23 +72,11 @@ static int client_hello(SSL *s);
 static int client_master_key(SSL *s);
 static int client_finished(SSL *s);
 static int client_certificate(SSL *s);
-static int ssl_rsa_public_encrypt(CERT *c, int len, unsigned char *from,
+static int ssl_rsa_public_encrypt(SESS_CERT *sc, int len, unsigned char *from,
 	unsigned char *to,int padding);
-#else
-static int get_server_finished();
-static int get_server_verify();
-static int get_server_hello();
-static int client_hello(); 
-static int client_master_key();
-static int client_finished();
-static int client_certificate();
-static int ssl_rsa_public_encrypt();
-#endif
-
 #define BREAK	break
 
-static SSL_METHOD *ssl2_get_client_method(ver)
-int ver;
+static SSL_METHOD *ssl2_get_client_method(int ver)
 	{
 	if (ver == SSL2_VERSION)
 		return(SSLv2_client_method());
@@ -95,24 +84,23 @@ int ver;
 		return(NULL);
 	}
 
-SSL_METHOD *SSLv2_client_method()
+SSL_METHOD *SSLv2_client_method(void)
 	{
 	static int init=1;
 	static SSL_METHOD SSLv2_client_data;
 
 	if (init)
 		{
-		init=0;
 		memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(),
 			sizeof(SSL_METHOD));
 		SSLv2_client_data.ssl_connect=ssl2_connect;
 		SSLv2_client_data.get_ssl_method=ssl2_get_client_method;
+		init=0;
 		}
 	return(&SSLv2_client_data);
 	}
 
-int ssl2_connect(s)
-SSL *s;
+int ssl2_connect(SSL *s)
 	{
 	unsigned long l=time(NULL);
 	BUF_MEM *buf=NULL;
@@ -120,7 +108,7 @@ SSL *s;
 	void (*cb)()=NULL;
 	int new_state,state;
 
-	RAND_seed((unsigned char *)&l,sizeof(l));
+	RAND_seed(&l,sizeof(l));
 	ERR_clear_error();
 	clear_sys_error();
 
@@ -144,6 +132,7 @@ SSL *s;
 		case SSL_ST_BEFORE|SSL_ST_CONNECT:
 		case SSL_ST_OK|SSL_ST_CONNECT:
 
+			s->server=0;
 			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
 
 			s->version=SSL2_VERSION;
@@ -164,7 +153,7 @@ SSL *s;
 			s->init_buf=buf;
 			s->init_num=0;
 			s->state=SSL2_ST_SEND_CLIENT_HELLO_A;
-			s->ctx->sess_connect++;
+			s->ctx->stats.sess_connect++;
 			s->handshake_func=ssl2_connect;
 			BREAK;
 
@@ -247,8 +236,11 @@ SSL *s;
 			break;
 
 		case SSL_ST_OK:
-			BUF_MEM_free(s->init_buf);
-			s->init_buf=NULL;
+			if (s->init_buf != NULL)
+				{
+				BUF_MEM_free(s->init_buf);
+				s->init_buf=NULL;
+				}
 			s->init_num=0;
 		/*	ERR_clear_error();*/
 
@@ -259,16 +251,16 @@ SSL *s;
 			 */
 
 			ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
-			if (s->hit) s->ctx->sess_hit++;
+			if (s->hit) s->ctx->stats.sess_hit++;
 
 			ret=1;
 			/* s->server=0; */
-			s->ctx->sess_connect_good++;
+			s->ctx->stats.sess_connect_good++;
 
 			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
 
 			goto end;
-			break;
+			/* break; */
 		default:
 			SSLerr(SSL_F_SSL2_CONNECT,SSL_R_UNKNOWN_STATE);
 			return(-1);
@@ -290,13 +282,12 @@ end:
 	return(ret);
 	}
 
-static int get_server_hello(s)
-SSL *s;
+static int get_server_hello(SSL *s)
 	{
 	unsigned char *buf;
 	unsigned char *p;
 	int i,j;
-	STACK *sk=NULL,*cl;
+	STACK_OF(SSL_CIPHER) *sk=NULL,*cl;
 
 	buf=(unsigned char *)s->init_buf->data;
 	p=buf;
@@ -405,7 +396,7 @@ SSL *s;
 
 		/* load the ciphers */
 		sk=ssl_bytes_to_cipher_list(s,p,s->s2->tmp.csl,
-			&s->session->ciphers);
+					    &s->session->ciphers);
 		p+=s->s2->tmp.csl;
 		if (sk == NULL)
 			{
@@ -414,7 +405,7 @@ SSL *s;
 			return(-1);
 			}
 
-		sk_set_cmp_func(sk,ssl_cipher_ptr_id_cmp);
+		sk_SSL_CIPHER_set_cmp_func(sk,ssl_cipher_ptr_id_cmp);
 
 		/* get the array of ciphers we will accept */
 		cl=ssl_get_ciphers_by_id(s);
@@ -424,38 +415,46 @@ SSL *s;
 		 * will check against the list we origionally sent and
 		 * for performance reasons we should not bother to match
 		 * the two lists up just to check. */
-		for (i=0; i<sk_num(cl); i++)
+		for (i=0; i<sk_SSL_CIPHER_num(cl); i++)
 			{
-			if (sk_find(sk,sk_value(cl,i)) >= 0)
+			if (sk_SSL_CIPHER_find(sk,
+					       sk_SSL_CIPHER_value(cl,i)) >= 0)
 				break;
 			}
 
-		if (i >= sk_num(cl))
+		if (i >= sk_SSL_CIPHER_num(cl))
 			{
 			ssl2_return_error(s,SSL2_PE_NO_CIPHER);
 			SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_NO_CIPHER_MATCH);
 			return(-1);
 			}
-		s->session->cipher=(SSL_CIPHER *)sk_value(cl,i);
+		s->session->cipher=sk_SSL_CIPHER_value(cl,i);
 		}
 
-	if ((s->session != NULL) && (s->session->peer != NULL))
+	if (s->session->peer != NULL)
 		X509_free(s->session->peer);
 
+#if 0 /* What is all this meant to accomplish?? */
 	/* hmmm, can we have the problem of the other session with this
 	 * cert, Free's it before we increment the reference count. */
 	CRYPTO_w_lock(CRYPTO_LOCK_X509);
-	s->session->peer=s->session->cert->key->x509;
-	CRYPTO_add(&s->session->peer->references,1,CRYPTO_LOCK_X509);
+	s->session->peer=s->session->sess_cert->key->x509;
+	/* Shouldn't do this: already locked */
+	/*CRYPTO_add(&s->session->peer->references,1,CRYPTO_LOCK_X509);*/
+	s->session->peer->references++;
 	CRYPTO_w_unlock(CRYPTO_LOCK_X509);
+#else
+	s->session->peer = s->session->sess_cert->peer_key->x509;
+    /* peer_key->x509 has been set by ssl2_set_certificate. */
+	CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509);
+#endif
 
 	s->s2->conn_id_length=s->s2->tmp.conn_id_length;
 	memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
 	return(1);
 	}
 
-static int client_hello(s)
-SSL *s;
+static int client_hello(SSL *s)
 	{
 	unsigned char *buf;
 	unsigned char *p,*d;
@@ -479,7 +478,7 @@ SSL *s;
 		p=buf;					/* header */
 		d=p+9;					/* data section */
 		*(p++)=SSL2_MT_CLIENT_HELLO;		/* type */
-		s2n(SSL2_CLIENT_VERSION,p);		/* version */
+		s2n(SSL2_VERSION,p);			/* version */
 		n=j=0;
 
 		n=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),d);
@@ -522,21 +521,20 @@ SSL *s;
 	return(ssl2_do_write(s));
 	}
 
-static int client_master_key(s)
-SSL *s;
+static int client_master_key(SSL *s)
 	{
 	unsigned char *buf;
 	unsigned char *p,*d;
 	int clear,enc,karg,i;
 	SSL_SESSION *sess;
-	EVP_CIPHER *c;
-	EVP_MD *md;
+	const EVP_CIPHER *c;
+	const EVP_MD *md;
 
 	buf=(unsigned char *)s->init_buf->data;
 	if (s->state == SSL2_ST_SEND_CLIENT_MASTER_KEY_A)
 		{
 
-		if (!ssl_cipher_get_evp(s->session->cipher,&c,&md))
+		if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
 			{
 			ssl2_return_error(s,SSL2_PE_NO_CIPHER);
 			SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
@@ -562,7 +560,7 @@ SSL *s;
 
 		if (sess->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC)
 			enc=8;
-		else if (sess->cipher->algorithms & SSL_EXP)
+		else if (SSL_C_IS_EXPORT(sess->cipher))
 			enc=5;
 		else
 			enc=i;
@@ -578,7 +576,7 @@ SSL *s;
 		memcpy(d,sess->master_key,(unsigned int)clear);
 		d+=clear;
 
-		enc=ssl_rsa_public_encrypt(sess->cert,enc,
+		enc=ssl_rsa_public_encrypt(sess->sess_cert,enc,
 			&(sess->master_key[clear]),d,
 			(s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
 		if (enc <= 0)
@@ -587,6 +585,11 @@ SSL *s;
 			SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PUBLIC_KEY_ENCRYPT_ERROR);
 			return(-1);
 			}
+#ifdef PKCS1_CHECK
+		if (s->options & SSL_OP_PKCS1_CHECK_1) d[1]++;
+		if (s->options & SSL_OP_PKCS1_CHECK_2)
+			sess->master_key[clear]++;
+#endif
 		s2n(enc,p);
 		d+=enc;
 		karg=sess->key_arg_length;	
@@ -603,8 +606,7 @@ SSL *s;
 	return(ssl2_do_write(s));
 	}
 
-static int client_finished(s)
-SSL *s;
+static int client_finished(SSL *s)
 	{
 	unsigned char *p;
 
@@ -622,8 +624,7 @@ SSL *s;
 	}
 
 /* read the data and then respond */
-static int client_certificate(s)
-SSL *s;
+static int client_certificate(SSL *s)
 	{
 	unsigned char *buf;
 	unsigned char *p,*d;
@@ -738,7 +739,7 @@ SSL *s;
 		EVP_SignUpdate(&ctx,s->s2->key_material,
 			(unsigned int)s->s2->key_material_length);
 		EVP_SignUpdate(&ctx,cert_ch,(unsigned int)cert_ch_len);
-		n=i2d_X509(s->session->cert->key->x509,&p);
+		n=i2d_X509(s->session->sess_cert->peer_key->x509,&p);
 		EVP_SignUpdate(&ctx,buf,(unsigned int)n);
 
 		p=buf;
@@ -767,8 +768,7 @@ SSL *s;
 	return(ssl2_do_write(s));
 	}
 
-static int get_server_verify(s)
-SSL *s;
+static int get_server_verify(SSL *s)
 	{
 	unsigned char *p;
 	int i;
@@ -811,8 +811,7 @@ SSL *s;
 	return(1);
 	}
 
-static int get_server_finished(s)
-SSL *s;
+static int get_server_finished(SSL *s)
 	{
 	unsigned char *buf;
 	unsigned char *p;
@@ -877,15 +876,11 @@ SSL *s;
 	}
 
 /* loads in the certificate from the server */
-int ssl2_set_certificate(s, type, len, data)
-SSL *s;
-int type;
-int len;
-unsigned char *data;
+int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data)
 	{
-	STACK *sk=NULL;
+	STACK_OF(X509) *sk=NULL;
 	EVP_PKEY *pkey=NULL;
-	CERT *c=NULL;
+	SESS_CERT *sc=NULL;
 	int i;
 	X509 *x509=NULL;
 	int ret=0;
@@ -897,8 +892,7 @@ unsigned char *data;
 		goto err;
 		}
 
-	if (((sk=sk_new_null()) == NULL) ||
-		(!sk_push(sk,(char *)x509)))
+	if ((sk=sk_X509_new_null()) == NULL || !sk_X509_push(sk,x509))
 		{
 		SSLerr(SSL_F_SSL2_SET_CERTIFICATE,ERR_R_MALLOC_FAILURE);
 		goto err;
@@ -912,22 +906,18 @@ unsigned char *data;
 		goto err;
 		}
 
-	/* cert for ssl */
-	c=ssl_cert_new();
-	if (c == NULL)
+	/* server's cert for this session */
+	sc=ssl_sess_cert_new();
+	if (sc == NULL)
 		{
 		ret= -1;
 		goto err;
 		}
+	if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert);
+	s->session->sess_cert=sc;
 
-	/* cert for session */
-	if (s->session->cert) ssl_cert_free(s->session->cert);
-	s->session->cert=c;
-
-/*	c->cert_type=type; */
-
-	c->pkeys[SSL_PKEY_RSA_ENC].x509=x509;
-	c->key= &(c->pkeys[SSL_PKEY_RSA_ENC]);
+	sc->peer_pkeys[SSL_PKEY_RSA_ENC].x509=x509;
+	sc->peer_key= &(sc->peer_pkeys[SSL_PKEY_RSA_ENC]);
 
 	pkey=X509_get_pubkey(x509);
 	x509=NULL;
@@ -942,27 +932,24 @@ unsigned char *data;
 		goto err;
 		}
 
-	if (!ssl_set_cert_type(c,SSL2_CT_X509_CERTIFICATE))
+	if (!ssl_set_peer_cert_type(sc,SSL2_CT_X509_CERTIFICATE))
 		goto err;
 	ret=1;
 err:
-	if (sk != NULL) sk_free(sk);
-	if (x509 != NULL) X509_free(x509);
+	sk_X509_free(sk);
+	X509_free(x509);
+	EVP_PKEY_free(pkey);
 	return(ret);
 	}
 
-static int ssl_rsa_public_encrypt(c, len, from, to, padding)
-CERT *c;
-int len;
-unsigned char *from;
-unsigned char *to;
-int padding;
+static int ssl_rsa_public_encrypt(SESS_CERT *sc, int len, unsigned char *from,
+	     unsigned char *to, int padding)
 	{
 	EVP_PKEY *pkey=NULL;
 	int i= -1;
 
-	if ((c == NULL) || (c->key->x509 == NULL) ||
-		((pkey=X509_get_pubkey(c->key->x509)) == NULL))
+	if ((sc == NULL) || (sc->peer_key->x509 == NULL) ||
+		((pkey=X509_get_pubkey(sc->peer_key->x509)) == NULL))
 		{
 		SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,SSL_R_NO_PUBLICKEY);
 		return(-1);
@@ -978,6 +965,7 @@ int padding;
 	if (i < 0)
 		SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,ERR_R_RSA_LIB);
 end:
+	EVP_PKEY_free(pkey);
 	return(i);
 	}
-
+#endif
diff --git a/lib/libssl/src/ssl/s2_enc.c b/lib/libssl/src/ssl/s2_enc.c
index b43056fa14f..09835008a99 100644
--- a/lib/libssl/src/ssl/s2_enc.c
+++ b/lib/libssl/src/ssl/s2_enc.c
@@ -59,17 +59,15 @@
 #include <stdio.h>
 #include "ssl_locl.h"
 
-int ssl2_enc_init(s, client)
-SSL *s;
-int client;
+int ssl2_enc_init(SSL *s, int client)
 	{
 	/* Max number of bytes needed */
 	EVP_CIPHER_CTX *rs,*ws;
-	EVP_CIPHER *c;
-	EVP_MD *md;
+	const EVP_CIPHER *c;
+	const EVP_MD *md;
 	int num;
 
-	if (!ssl_cipher_get_evp(s->session->cipher,&c,&md))
+	if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
 		{
 		ssl2_return_error(s,SSL2_PE_NO_CIPHER);
 		SSLerr(SSL_F_SSL2_ENC_INIT,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
@@ -114,9 +112,7 @@ err:
 /* read/writes from s->s2->mac_data using length for encrypt and 
  * decrypt.  It sets the s->s2->padding, s->[rw]length and
  * s->s2->pad_data ptr if we are encrypting */
-void ssl2_enc(s,send)
-SSL *s;
-int send;
+void ssl2_enc(SSL *s, int send)
 	{
 	EVP_CIPHER_CTX *ds;
 	unsigned long l;
@@ -146,10 +142,7 @@ int send;
 	EVP_Cipher(ds,s->s2->mac_data,s->s2->mac_data,l);
 	}
 
-void ssl2_mac(s, md,send)
-SSL *s;
-unsigned char *md;
-int send;
+void ssl2_mac(SSL *s, unsigned char *md, int send)
 	{
 	EVP_MD_CTX c;
 	unsigned char sequence[4],*p,*sec,*act;
diff --git a/lib/libssl/src/ssl/s2_lib.c b/lib/libssl/src/ssl/s2_lib.c
index 275eb52f13e..ff804d8e0d1 100644
--- a/lib/libssl/src/ssl/s2_lib.c
+++ b/lib/libssl/src/ssl/s2_lib.c
@@ -56,31 +56,26 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_RSA
 #include <stdio.h>
-#include "rsa.h"
-#include "objects.h"
+#include <openssl/rsa.h>
+#include <openssl/objects.h>
+#include <openssl/md5.h>
 #include "ssl_locl.h"
 
-#ifndef NOPROTO
-static int ssl2_ok(SSL *s);
 static long ssl2_default_timeout(void );
-#else
-static int ssl2_ok();
-static long ssl2_default_timeout();
-#endif
-
-char *ssl2_version_str="SSLv2 part of SSLeay 0.9.0b 29-Jun-1998";
+const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
 
 #define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER))
 
-SSL_CIPHER ssl2_ciphers[]={
+OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
 /* NULL_WITH_MD5 v3 */
 #if 0
 	{
 	1,
 	SSL2_TXT_NULL_WITH_MD5,
 	SSL2_CK_NULL_WITH_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_EXP|SSL_SSLV2,
+	SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_EXP40|SSL_SSLV2,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -90,7 +85,7 @@ SSL_CIPHER ssl2_ciphers[]={
 	1,
 	SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,
 	SSL2_CK_RC4_128_EXPORT40_WITH_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_EXP|SSL_SSLV2,
+	SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_EXP40|SSL_SSLV2,
 	SSL2_CF_5_BYTE_ENC,
 	SSL_ALL_CIPHERS,
 	},
@@ -108,7 +103,7 @@ SSL_CIPHER ssl2_ciphers[]={
 	1,
 	SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,
 	SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_EXP|SSL_SSLV2,
+	SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_EXP40|SSL_SSLV2,
 	SSL2_CF_5_BYTE_ENC,
 	SSL_ALL_CIPHERS,
 	},
@@ -184,7 +179,8 @@ static SSL_METHOD SSLv2_data= {
 	ssl2_peek,
 	ssl2_write,
 	ssl2_shutdown,
-	ssl2_ok,
+	ssl_ok,	/* NULL - renegotiate */
+	ssl_ok,	/* NULL - check renegotiate */
 	ssl2_ctrl,	/* local */
 	ssl2_ctx_ctrl,	/* local */
 	ssl2_get_cipher_by_char,
@@ -197,23 +193,22 @@ static SSL_METHOD SSLv2_data= {
 	&ssl3_undef_enc_method,
 	};
 
-static long ssl2_default_timeout()
+static long ssl2_default_timeout(void)
 	{
 	return(300);
 	}
 
-SSL_METHOD *sslv2_base_method()
+SSL_METHOD *sslv2_base_method(void)
 	{
 	return(&SSLv2_data);
 	}
 
-int ssl2_num_ciphers()
+int ssl2_num_ciphers(void)
 	{
 	return(SSL2_NUM_CIPHERS);
 	}
 
-SSL_CIPHER *ssl2_get_cipher(u)
-unsigned int u;
+SSL_CIPHER *ssl2_get_cipher(unsigned int u)
 	{
 	if (u < SSL2_NUM_CIPHERS)
 		return(&(ssl2_ciphers[SSL2_NUM_CIPHERS-1-u]));
@@ -221,14 +216,12 @@ unsigned int u;
 		return(NULL);
 	}
 
-int ssl2_pending(s)
-SSL *s;
+int ssl2_pending(SSL *s)
 	{
 	return(s->s2->ract_data_length);
 	}
 
-int ssl2_new(s)
-SSL *s;
+int ssl2_new(SSL *s)
 	{
 	SSL2_CTX *s2;
 
@@ -253,11 +246,13 @@ err:
 	return(0);
 	}
 
-void ssl2_free(s)
-SSL *s;
+void ssl2_free(SSL *s)
 	{
 	SSL2_CTX *s2;
 
+	if(s == NULL)
+	    return;
+
 	s2=s->s2;
 	if (s2->rbuf != NULL) Free(s2->rbuf);
 	if (s2->wbuf != NULL) Free(s2->wbuf);
@@ -266,8 +261,7 @@ SSL *s;
 	s->s2=NULL;
 	}
 
-void ssl2_clear(s)
-SSL *s;
+void ssl2_clear(SSL *s)
 	{
 	SSL2_CTX *s2;
 	unsigned char *rbuf,*wbuf;
@@ -287,11 +281,7 @@ SSL *s;
 	s->packet_length=0;
 	}
 
-long ssl2_ctrl(s,cmd,larg,parg)
-SSL *s;
-int cmd;
-long larg;
-char *parg;
+long ssl2_ctrl(SSL *s, int cmd, long larg, char *parg)
 	{
 	int ret=0;
 
@@ -306,19 +296,14 @@ char *parg;
 	return(ret);
 	}
 
-long ssl2_ctx_ctrl(ctx,cmd,larg,parg)
-SSL_CTX *ctx;
-int cmd;
-long larg;
-char *parg;
+long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg)
 	{
 	return(0);
 	}
 
 /* This function needs to check if the ciphers required are actually
  * available */
-SSL_CIPHER *ssl2_get_cipher_by_char(p)
-unsigned char *p;
+SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
 	{
 	static int init=1;
 	static SSL_CIPHER *sorted[SSL2_NUM_CIPHERS];
@@ -328,7 +313,7 @@ unsigned char *p;
 
 	if (init)
 		{
-		init=0;
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL);
 
 		for (i=0; i<SSL2_NUM_CIPHERS; i++)
 			sorted[i]= &(ssl2_ciphers[i]);
@@ -336,6 +321,9 @@ unsigned char *p;
 		qsort(  (char *)sorted,
 			SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
 			FP_ICC ssl_cipher_ptr_id_cmp);
+
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+		init=0;
 		}
 
 	id=0x02000000L|((unsigned long)p[0]<<16L)|
@@ -351,9 +339,7 @@ unsigned char *p;
 		return(*cpp);
 	}
 
-int ssl2_put_cipher_by_char(c,p)
-SSL_CIPHER *c;
-unsigned char *p;
+int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
 	{
 	long l;
 
@@ -368,14 +354,18 @@ unsigned char *p;
 	return(3);
 	}
 
-void ssl2_generate_key_material(s)
-SSL *s;
+void ssl2_generate_key_material(SSL *s)
 	{
 	unsigned int i;
 	MD5_CTX ctx;
 	unsigned char *km;
 	unsigned char c='0';
 
+#ifdef CHARSET_EBCDIC
+	c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0',
+				see SSLv2 docu */
+#endif
+
 	km=s->s2->key_material;
 	for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
 		{
@@ -391,9 +381,7 @@ SSL *s;
 		}
 	}
 
-void ssl2_return_error(s,err)
-SSL *s;
-int err;
+void ssl2_return_error(SSL *s, int err)
 	{
 	if (!s->error)
 		{
@@ -405,10 +393,9 @@ int err;
 	}
 
 
-void ssl2_write_error(s)
-SSL *s;
+void ssl2_write_error(SSL *s)
 	{
-	char buf[3];
+	unsigned char buf[3];
 	int i,error;
 
 	buf[0]=SSL2_MT_ERROR;
@@ -429,16 +416,9 @@ SSL *s;
 		s->error=0; */
 	}
 
-static int ssl2_ok(s)
-SSL *s;
-	{
-	return(1);
-	}
-
-int ssl2_shutdown(s)
-SSL *s;
+int ssl2_shutdown(SSL *s)
 	{
 	s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
 	return(1);
 	}
-
+#endif
diff --git a/lib/libssl/src/ssl/s2_meth.c b/lib/libssl/src/ssl/s2_meth.c
index cfc8828cc71..e2add164ddb 100644
--- a/lib/libssl/src/ssl/s2_meth.c
+++ b/lib/libssl/src/ssl/s2_meth.c
@@ -56,12 +56,13 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_RSA
 #include <stdio.h>
-#include "objects.h"
+#include <openssl/objects.h>
 #include "ssl_locl.h"
 
-static SSL_METHOD *ssl2_get_method(ver)
-int ver;
+static SSL_METHOD *ssl2_get_method(int ver);
+static SSL_METHOD *ssl2_get_method(int ver)
 	{
 	if (ver == SSL2_VERSION)
 		return(SSLv2_method());
@@ -69,20 +70,20 @@ int ver;
 		return(NULL);
 	}
 
-SSL_METHOD *SSLv2_method()
+SSL_METHOD *SSLv2_method(void)
 	{
 	static int init=1;
 	static SSL_METHOD SSLv2_data;
 
 	if (init)
 		{
-		init=0;
 		memcpy((char *)&SSLv2_data,(char *)sslv2_base_method(),
 			sizeof(SSL_METHOD));
 		SSLv2_data.ssl_connect=ssl2_connect;
 		SSLv2_data.ssl_accept=ssl2_accept;
 		SSLv2_data.get_ssl_method=ssl2_get_method;
+		init=0;
 		}
 	return(&SSLv2_data);
 	}
-
+#endif
diff --git a/lib/libssl/src/ssl/s2_pkt.c b/lib/libssl/src/ssl/s2_pkt.c
index e4167b53af5..a1bb5bca4b8 100644
--- a/lib/libssl/src/ssl/s2_pkt.c
+++ b/lib/libssl/src/ssl/s2_pkt.c
@@ -61,29 +61,11 @@
 #define USE_SOCKETS
 #include "ssl_locl.h"
 
-/* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_PEER_ERROR_NO_CIPHER);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_PEER_ERROR_NO_CERTIFICATE);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_PEER_ERROR_CERTIFICATE);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_UNKNOWN_REMOTE_ERROR_TYPE);
- */
-
-#ifndef NOPROTO
 static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend);
-static int do_ssl_write(SSL *s, char *buf, unsigned int len);
-static int write_pending(SSL *s, char *buf, unsigned int len);
+static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len);
+static int write_pending(SSL *s, const unsigned char *buf, unsigned int len);
 static int ssl_mt_error(int n);
-#else
-static int read_n();
-static int do_ssl_write();
-static int write_pending();
-static int ssl_mt_error();
-#endif
-
-int ssl2_peek(s,buf,len)
-SSL *s;
-char *buf;
-int len;
+int ssl2_peek(SSL *s, char *buf, int len)
 	{
 	int ret;
 
@@ -99,10 +81,7 @@ int len;
 /* SSL_read -
  * This routine will return 0 to len bytes, decrypted etc if required.
  */
-int ssl2_read(s, buf, len)
-SSL *s;
-char *buf;
-int len;
+int ssl2_read(SSL *s, void *buf, int len)
 	{
 	int n;
 	unsigned char mac[MAX_MAC_SIZE];
@@ -110,6 +89,7 @@ int len;
 	int i;
 	unsigned int mac_size=0;
 
+ssl2_read_again:
 	if (SSL_in_init(s) && !s->in_handshake)
 		{
 		n=s->handshake_func(s);
@@ -237,6 +217,25 @@ int len;
 		INC32(s->s2->read_sequence); /* expect next number */
 		/* s->s2->ract_data is now available for processing */
 
+#if 1
+		/* How should we react when a packet containing 0
+		 * bytes is received?  (Note that SSLeay/OpenSSL itself
+		 * never sends such packets; see ssl2_write.)
+		 * Returning 0 would be interpreted by the caller as
+		 * indicating EOF, so it's not a good idea.
+		 * Instead, we just continue reading.  Note that using
+		 * select() for blocking sockets *never* guarantees
+		 * that the next SSL_read will not block -- the available
+		 * data may contain incomplete packets, and except for SSL 2
+		 * renegotiation can confuse things even more. */
+
+		goto ssl2_read_again; /* This should really be
+				       * "return ssl2_read(s,buf,len)",
+				       * but that would allow for
+				       * denial-of-service attacks if a
+				       * C compiler is used that does not
+				       * recognize end-recursion. */
+#else
 		/* If a 0 byte packet was sent, return 0, otherwise
 		 * we play havoc with people using select with
 		 * blocking sockets.  Let them handle a packet at a time,
@@ -244,6 +243,7 @@ int len;
 		if (s->s2->ract_data_length == 0)
 			return(0);
 		return(ssl2_read(s,buf,len));
+#endif
 		}
 	else
 		{
@@ -252,11 +252,8 @@ int len;
 		}
 	}
 
-static int read_n(s, n, max, extend)
-SSL *s;
-unsigned int n;
-unsigned int max;
-unsigned int extend;
+static int read_n(SSL *s, unsigned int n, unsigned int max,
+	     unsigned int extend)
 	{
 	int i,off,newb;
 
@@ -354,11 +351,9 @@ unsigned int extend;
 	return(n);
 	}
 
-int ssl2_write(s, buf, len)
-SSL *s;
-char *buf;
-int len;
+int ssl2_write(SSL *s, const void *_buf, int len)
 	{
+	const unsigned char *buf=_buf;
 	unsigned int n,tot;
 	int i;
 
@@ -396,17 +391,18 @@ int len;
 			s->s2->wnum=tot;
 			return(i);
 			}
-		if (i == (int)n) return(tot+i);
-
+		if ((i == (int)n) ||
+			(s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))
+			{
+			return(tot+i);
+			}
+		
 		n-=i;
 		tot+=i;
 		}
 	}
 
-static int write_pending(s,buf,len)
-SSL *s;
-char *buf;
-unsigned int len;
+static int write_pending(SSL *s, const unsigned char *buf, unsigned int len)
 	{
 	int i;
 
@@ -414,7 +410,9 @@ unsigned int len;
 
 	/* check that they have given us the same buffer to
 	 * write */
-	if ((s->s2->wpend_tot > (int)len) || (s->s2->wpend_buf != buf))
+	if ((s->s2->wpend_tot > (int)len) ||
+		((s->s2->wpend_buf != buf) &&
+		 !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)))
 		{
 		SSLerr(SSL_F_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY);
 		return(-1);
@@ -451,10 +449,7 @@ unsigned int len;
 		}
 	}
 
-static int do_ssl_write(s, buf, len)
-SSL *s;
-char *buf;
-unsigned int len;
+static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
 	{
 	unsigned int j,k,olen,p,mac_size,bs;
 	register unsigned char *pp;
@@ -567,7 +562,7 @@ unsigned int len;
 
 	/* lets try to actually write the data */
 	s->s2->wpend_tot=olen;
-	s->s2->wpend_buf=(char *)buf;
+	s->s2->wpend_buf=buf;
 
 	s->s2->wpend_ret=len;
 
@@ -575,10 +570,7 @@ unsigned int len;
 	return(write_pending(s,buf,olen));
 	}
 
-int ssl2_part_read(s,f,i)
-SSL *s;
-unsigned long f;
-int i;
+int ssl2_part_read(SSL *s, unsigned long f, int i)
 	{
 	unsigned char *p;
 	int j;
@@ -608,13 +600,11 @@ int i;
 		}
 	}
 
-int ssl2_do_write(s)
-SSL *s;
+int ssl2_do_write(SSL *s)
 	{
 	int ret;
 
-	ret=ssl2_write(s,(char *)&(s->init_buf->data[s->init_off]),
-		s->init_num);
+	ret=ssl2_write(s,&s->init_buf->data[s->init_off],s->init_num);
 	if (ret == s->init_num)
 		return(1);
 	if (ret < 0)
@@ -624,8 +614,7 @@ SSL *s;
 	return(0);
 	}
 
-static int ssl_mt_error(n)
-int n;
+static int ssl_mt_error(int n)
 	{
 	int ret;
 
diff --git a/lib/libssl/src/ssl/s2_srvr.c b/lib/libssl/src/ssl/s2_srvr.c
index c6c8ea32f14..9aeedef55f6 100644
--- a/lib/libssl/src/ssl/s2_srvr.c
+++ b/lib/libssl/src/ssl/s2_srvr.c
@@ -56,14 +56,15 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef NO_RSA
 #include <stdio.h>
-#include "bio.h"
-#include "rand.h"
-#include "objects.h"
+#include <openssl/bio.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
 #include "ssl_locl.h"
-#include "evp.h"
+#include <openssl/evp.h>
 
-#ifndef NOPROTO
+static SSL_METHOD *ssl2_get_server_method(int ver);
 static int get_client_master_key(SSL *s);
 static int get_client_hello(SSL *s);
 static int server_hello(SSL *s); 
@@ -73,21 +74,9 @@ static int server_finish(SSL *s);
 static int request_certificate(SSL *s);
 static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from,
 	unsigned char *to,int padding);
-#else
-static int get_client_master_key();
-static int get_client_hello();
-static int server_hello(); 
-static int get_client_finished();
-static int server_verify();
-static int server_finish();
-static int request_certificate();
-static int ssl_rsa_private_decrypt();
-#endif
-
 #define BREAK	break
 
-static SSL_METHOD *ssl2_get_server_method(ver)
-int ver;
+static SSL_METHOD *ssl2_get_server_method(int ver)
 	{
 	if (ver == SSL2_VERSION)
 		return(SSLv2_server_method());
@@ -95,24 +84,23 @@ int ver;
 		return(NULL);
 	}
 
-SSL_METHOD *SSLv2_server_method()
+SSL_METHOD *SSLv2_server_method(void)
 	{
 	static int init=1;
 	static SSL_METHOD SSLv2_server_data;
 
 	if (init)
 		{
-		init=0;
 		memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(),
 			sizeof(SSL_METHOD));
 		SSLv2_server_data.ssl_accept=ssl2_accept;
 		SSLv2_server_data.get_ssl_method=ssl2_get_server_method;
+		init=0;
 		}
 	return(&SSLv2_server_data);
 	}
 
-int ssl2_accept(s)
-SSL *s;
+int ssl2_accept(SSL *s)
 	{
 	unsigned long l=time(NULL);
 	BUF_MEM *buf=NULL;
@@ -121,7 +109,7 @@ SSL *s;
 	void (*cb)()=NULL;
 	int new_state,state;
 
-	RAND_seed((unsigned char *)&l,sizeof(l));
+	RAND_seed(&l,sizeof(l));
 	ERR_clear_error();
 	clear_sys_error();
 
@@ -134,8 +122,7 @@ SSL *s;
 	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
 	s->in_handshake++;
 
-	if (((s->session == NULL) || (s->session->cert == NULL)) &&
-		(s->cert == NULL))
+	if (s->cert == NULL)
 		{
 		SSLerr(SSL_F_SSL2_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
 		return(-1);
@@ -153,6 +140,7 @@ SSL *s;
 		case SSL_ST_BEFORE|SSL_ST_ACCEPT:
 		case SSL_ST_OK|SSL_ST_ACCEPT:
 
+			s->server=1;
 			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
 
 			s->version=SSL2_VERSION;
@@ -166,7 +154,7 @@ SSL *s;
 				{ ret= -1; goto end; }
 			s->init_buf=buf;
 			s->init_num=0;
-			s->ctx->sess_accept++;
+			s->ctx->stats.sess_accept++;
 			s->handshake_func=ssl2_accept;
 			s->state=SSL2_ST_GET_CLIENT_HELLO_A;
 			BREAK;
@@ -293,13 +281,14 @@ SSL *s;
 
 		case SSL_ST_OK:
 			BUF_MEM_free(s->init_buf);
+			ssl_free_wbio_buffer(s);
 			s->init_buf=NULL;
 			s->init_num=0;
 		/*	ERR_clear_error();*/
 
 			ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
 
-			s->ctx->sess_accept_good++;
+			s->ctx->stats.sess_accept_good++;
 			/* s->server=1; */
 			ret=1;
 
@@ -330,14 +319,13 @@ end:
 	return(ret);
 	}
 
-static int get_client_master_key(s)
-SSL *s;
+static int get_client_master_key(SSL *s)
 	{
-	int export,i,n,keya,error=0,ek;
+	int is_export,i,n,keya,ek;
 	unsigned char *p;
 	SSL_CIPHER *cp;
-	EVP_CIPHER *c;
-	EVP_MD *md;
+	const EVP_CIPHER *c;
+	const EVP_MD *md;
 
 	p=(unsigned char *)s->init_buf->data;
 	if (s->state == SSL2_ST_GET_CLIENT_MASTER_KEY_A)
@@ -387,7 +375,7 @@ SSL *s;
 	memcpy(s->session->key_arg,&(p[s->s2->tmp.clear+s->s2->tmp.enc]),
 		(unsigned int)keya);
 
-	if (s->session->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL)
+	if (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL)
 		{
 		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
 		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY);
@@ -397,9 +385,9 @@ SSL *s;
 		&(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]),
 		(s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
 
-	export=(s->session->cipher->algorithms & SSL_EXP)?1:0;
+	is_export=SSL_C_IS_EXPORT(s->session->cipher);
 	
-	if (!ssl_cipher_get_evp(s->session->cipher,&c,&md))
+	if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
 		{
 		ssl2_return_error(s,SSL2_PE_NO_CIPHER);
 		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
@@ -408,7 +396,7 @@ SSL *s;
 
 	if (s->session->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC)
 		{
-		export=1;
+		is_export=1;
 		ek=8;
 		}
 	else
@@ -419,11 +407,11 @@ SSL *s;
 	/* If a bad decrypt, continue with protocol but with a
 	 * dud master secret */
 	if ((i < 0) ||
-		((!export && (i != EVP_CIPHER_key_length(c)))
-		|| ( export && ((i != ek) || (s->s2->tmp.clear+i !=
+		((!is_export && (i != EVP_CIPHER_key_length(c)))
+		|| (is_export && ((i != ek) || (s->s2->tmp.clear+i !=
 			EVP_CIPHER_key_length(c))))))
 		{
-		if (export)
+		if (is_export)
 			i=ek;
 		else
 			i=EVP_CIPHER_key_length(c);
@@ -436,8 +424,8 @@ SSL *s;
 		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_RSA_DECRYPT);
 		}
 	/* incorrect number of key bytes for non export cipher */
-	else if ((!export && (i != EVP_CIPHER_key_length(c)))
-		|| ( export && ((i != ek) || (s->s2->tmp.clear+i !=
+	else if ((!is_export && (i != EVP_CIPHER_key_length(c)))
+		|| (is_export && ((i != ek) || (s->s2->tmp.clear+i !=
 			EVP_CIPHER_key_length(c)))))
 		{
 		error=1;
@@ -450,19 +438,18 @@ SSL *s;
 		}
 #endif
 
-	if (export) i+=s->s2->tmp.clear;
+	if (is_export) i+=s->s2->tmp.clear;
 	s->session->master_key_length=i;
 	memcpy(s->session->master_key,p,(unsigned int)i);
 	return(1);
 	}
 
-static int get_client_hello(s)
-SSL *s;
+static int get_client_hello(SSL *s)
 	{
 	int i,n;
 	unsigned char *p;
-	STACK *cs; /* a stack of SSL_CIPHERS */
-	STACK *cl; /* the ones we want to use */
+	STACK_OF(SSL_CIPHER) *cs; /* a stack of SSL_CIPHERS */
+	STACK_OF(SSL_CIPHER) *cl; /* the ones we want to use */
 	int z;
 
 	/* This is a bit of a hack to check for the correct packet
@@ -570,11 +557,11 @@ SSL *s;
 
 		cl=ssl_get_ciphers_by_id(s);
 
-		for (z=0; z<sk_num(cs); z++)
+		for (z=0; z<sk_SSL_CIPHER_num(cs); z++)
 			{
-			if (sk_find(cl,sk_value(cs,z)) < 0)
+			if (sk_SSL_CIPHER_find(cl,sk_SSL_CIPHER_value(cs,z)) < 0)
 				{
-				sk_delete(cs,z);
+				sk_SSL_CIPHER_delete(cs,z);
 				z--;
 				}
 			}
@@ -599,12 +586,11 @@ mem_err:
 	return(0);
 	}
 
-static int server_hello(s)
-SSL *s;
+static int server_hello(SSL *s)
 	{
 	unsigned char *p,*d;
 	int n,hit;
-	STACK *sk;
+	STACK_OF(SSL_CIPHER) *sk;
 
 	p=(unsigned char *)s->init_buf->data;
 	if (s->state == SSL2_ST_SEND_SERVER_HELLO_A)
@@ -613,27 +599,52 @@ SSL *s;
 		*(p++)=SSL2_MT_SERVER_HELLO;		/* type */
 		hit=s->hit;
 		*(p++)=(unsigned char)hit;
+#if 1
+		if (!hit)
+			{
+			if (s->session->sess_cert != NULL)
+				/* This can't really happen because get_client_hello
+				 * has called ssl_get_new_session, which does not set
+				 * sess_cert. */
+				ssl_sess_cert_free(s->session->sess_cert);
+			s->session->sess_cert = ssl_sess_cert_new();
+			if (s->session->sess_cert == NULL)
+				{
+				SSLerr(SSL_F_SERVER_HELLO, ERR_R_MALLOC_FAILURE);
+				return(-1);
+				}
+			}
+		/* If 'hit' is set, then s->sess_cert may be non-NULL or NULL,
+		 * depending on whether it survived in the internal cache
+		 * or was retrieved from an external cache.
+		 * If it is NULL, we cannot put any useful data in it anyway,
+		 * so we don't touch it.
+		 */
+
+#else /* That's what used to be done when cert_st and sess_cert_st were
+	   * the same. */
 		if (!hit)
 			{			/* else add cert to session */
 			CRYPTO_add(&s->cert->references,1,CRYPTO_LOCK_SSL_CERT);
-			if (s->session->cert != NULL)
-				ssl_cert_free(s->session->cert);
-			s->session->cert=s->cert;		
+			if (s->session->sess_cert != NULL)
+				ssl_cert_free(s->session->sess_cert);
+			s->session->sess_cert=s->cert;		
 			}
 		else	/* We have a session id-cache hit, if the
 			 * session-id has no certificate listed against
 			 * the 'cert' structure, grab the 'old' one
 			 * listed against the SSL connection */
 			{
-			if (s->session->cert == NULL)
+			if (s->session->sess_cert == NULL)
 				{
 				CRYPTO_add(&s->cert->references,1,
 					CRYPTO_LOCK_SSL_CERT);
-				s->session->cert=s->cert;
+				s->session->sess_cert=s->cert;
 				}
 			}
+#endif
 
-		if (s->session->cert == NULL)
+		if (s->cert == NULL)
 			{
 			ssl2_return_error(s,SSL2_PE_NO_CERTIFICATE);
 			SSLerr(SSL_F_SERVER_HELLO,SSL_R_NO_CERTIFICATE_SPECIFIED);
@@ -690,8 +701,7 @@ SSL *s;
 	return(ssl2_do_write(s));
 	}
 
-static int get_client_finished(s)
-SSL *s;
+static int get_client_finished(SSL *s)
 	{
 	unsigned char *p;
 	int i;
@@ -733,8 +743,7 @@ SSL *s;
 	return(1);
 	}
 
-static int server_verify(s)
-SSL *s;
+static int server_verify(SSL *s)
 	{
 	unsigned char *p;
 
@@ -752,8 +761,7 @@ SSL *s;
 	return(ssl2_do_write(s));
 	}
 
-static int server_finish(s)
-SSL *s;
+static int server_finish(SSL *s)
 	{
 	unsigned char *p;
 
@@ -776,14 +784,13 @@ SSL *s;
 	}
 
 /* send the request and check the response */
-static int request_certificate(s)
-SSL *s;
+static int request_certificate(SSL *s)
 	{
 	unsigned char *p,*p2,*buf2;
 	unsigned char *ccd;
 	int i,j,ctype,ret= -1;
 	X509 *x509=NULL;
-	STACK *sk=NULL;
+	STACK_OF(X509) *sk=NULL;
 
 	ccd=s->s2->tmp.ccl;
 	if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_A)
@@ -872,7 +879,7 @@ SSL *s;
 		goto msg_end;
 		}
 
-	if (((sk=sk_new_null()) == NULL) || (!sk_push(sk,(char *)x509)))
+	if (((sk=sk_X509_new_null()) == NULL) || (!sk_X509_push(sk,x509)))
 		{
 		SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_MALLOC_FAILURE);
 		goto msg_end;
@@ -890,7 +897,7 @@ SSL *s;
 			(unsigned int)s->s2->key_material_length);
 		EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
 
-		i=i2d_X509(s->session->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);
+		i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);
 		buf2=(unsigned char *)Malloc((unsigned int)i);
 		if (buf2 == NULL)
 			{
@@ -898,13 +905,14 @@ SSL *s;
 			goto msg_end;
 			}
 		p2=buf2;
-		i=i2d_X509(s->session->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&p2);
+		i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&p2);
 		EVP_VerifyUpdate(&ctx,buf2,(unsigned int)i);
 		Free(buf2);
 
 		pkey=X509_get_pubkey(x509);
 		if (pkey == NULL) goto end;
 		i=EVP_VerifyFinal(&ctx,p,s->s2->tmp.rlen,pkey);
+		EVP_PKEY_free(pkey);
 		memset(&ctx,0,sizeof(ctx));
 
 		if (i) 
@@ -928,17 +936,13 @@ msg_end:
 		ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE);
 		}
 end:
-	if (sk != NULL) sk_free(sk);
-	if (x509 != NULL) X509_free(x509);
+	sk_X509_free(sk);
+	X509_free(x509);
 	return(ret);
 	}
 
-static int ssl_rsa_private_decrypt(c, len, from, to,padding)
-CERT *c;
-int len;
-unsigned char *from;
-unsigned char *to;
-int padding;
+static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from,
+	     unsigned char *to, int padding)
 	{
 	RSA *rsa;
 	int i;
@@ -961,4 +965,4 @@ int padding;
 		SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,ERR_R_RSA_LIB);
 	return(i);
 	}
-
+#endif
diff --git a/lib/libssl/src/ssl/s3_both.c b/lib/libssl/src/ssl/s3_both.c
index 6de62e15916..f3f27715d57 100644
--- a/lib/libssl/src/ssl/s3_both.c
+++ b/lib/libssl/src/ssl/s3_both.c
@@ -57,24 +57,15 @@
  */
 
 #include <stdio.h>
-#include "buffer.h"
-#include "rand.h"
-#include "objects.h"
-#include "evp.h"
-#include "x509.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
 #include "ssl_locl.h"
 
-#define BREAK	break
-
-/* SSL3err(SSL_F_SSL3_GET_FINISHED,SSL_R_EXCESSIVE_MESSAGE_SIZE);
- */
-
-int ssl3_send_finished(s,a,b,sender,slen)
-SSL *s;
-int a;
-int b;
-unsigned char *sender;
-int slen;
+int ssl3_send_finished(SSL *s, int a, int b, unsigned char *sender,
+	     int slen)
 	{
 	unsigned char *p,*d;
 	int i;
@@ -92,6 +83,13 @@ int slen;
 		p+=i;
 		l=i;
 
+#ifdef WIN16
+		/* MSVC 1.5 does not clear the top bytes of the word unless
+		 * I do this.
+		 */
+		l&=0xffff;
+#endif
+
 		*(d++)=SSL3_MT_FINISHED;
 		l2n3(l,d);
 		s->init_num=(int)l+4;
@@ -104,10 +102,7 @@ int slen;
 	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
 	}
 
-int ssl3_get_finished(s,a,b)
-SSL *s;
-int a;
-int b;
+int ssl3_get_finished(SSL *s, int a, int b)
 	{
 	int al,i,ok;
 	long n;
@@ -167,9 +162,7 @@ f_err:
  * ssl->session->read_compression	assign
  * ssl->session->read_hash		assign
  */
-int ssl3_send_change_cipher_spec(s,a,b)
-SSL *s;
-int a,b;
+int ssl3_send_change_cipher_spec(SSL *s, int a, int b)
 	{ 
 	unsigned char *p;
 
@@ -187,9 +180,7 @@ int a,b;
 	return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));
 	}
 
-unsigned long ssl3_output_cert_chain(s,x)
-SSL *s;
-X509 *x;
+unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
 	{
 	unsigned char *p;
 	int n,i;
@@ -236,6 +227,23 @@ X509 *x;
 		X509_STORE_CTX_cleanup(&xs_ctx);
 		}
 
+	/* Thawte special :-) */
+	if (s->ctx->extra_certs != NULL)
+	for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)
+		{
+		x=sk_X509_value(s->ctx->extra_certs,i);
+		n=i2d_X509(x,NULL);
+		if (!BUF_MEM_grow(buf,(int)(n+l+3)))
+			{
+			SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
+			return(0);
+			}
+		p=(unsigned char *)&(buf->data[l]);
+		l2n3(n,p);
+		i2d_X509(x,&p);
+		l+=n+3;
+		}
+
 	l-=7;
 	p=(unsigned char *)&(buf->data[4]);
 	l2n3(l,p);
@@ -247,11 +255,7 @@ X509 *x;
 	return(l);
 	}
 
-long ssl3_get_message(s,st1,stn,mt,max,ok)
-SSL *s;
-int st1,stn,mt;
-long max;
-int *ok;
+long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
 	{
 	unsigned char *p;
 	unsigned long l;
@@ -275,9 +279,8 @@ int *ok;
 
 	if (s->state == st1)
 		{
-		i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,
-			(char *)&(p[s->init_num]),
-			4-s->init_num);
+		i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],
+				  4-s->init_num);
 		if (i < (4-s->init_num))
 			{
 			*ok=0;
@@ -315,8 +318,7 @@ int *ok;
 	n=s->s3->tmp.message_size;
 	if (n > 0)
 		{
-		i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,
-			(char *)&(p[s->init_num]),(int)n);
+		i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n);
 		if (i != (int)n)
 			{
 			*ok=0;
@@ -332,9 +334,7 @@ err:
 	return(-1);
 	}
 
-int ssl_cert_type(x,pkey)
-X509 *x;
-EVP_PKEY *pkey;
+int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
 	{
 	EVP_PKEY *pk;
 	int ret= -1,i,j;
@@ -380,11 +380,11 @@ EVP_PKEY *pkey;
 		ret= -1;
 
 err:
+	if(!pkey) EVP_PKEY_free(pk);
 	return(ret);
 	}
 
-int ssl_verify_alarm_type(type)
-long type;
+int ssl_verify_alarm_type(long type)
 	{
 	int al;
 
@@ -436,8 +436,7 @@ long type;
 	return(al);
 	}
 
-int ssl3_setup_buffers(s)
-SSL *s;
+int ssl3_setup_buffers(SSL *s)
 	{
 	unsigned char *p;
 	unsigned int extra;
diff --git a/lib/libssl/src/ssl/s3_clnt.c b/lib/libssl/src/ssl/s3_clnt.c
index 940c6a458f3..d3e6b4d1e58 100644
--- a/lib/libssl/src/ssl/s3_clnt.c
+++ b/lib/libssl/src/ssl/s3_clnt.c
@@ -57,23 +57,15 @@
  */
 
 #include <stdio.h>
-#include "buffer.h"
-#include "rand.h"
-#include "objects.h"
-#include "evp.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/md5.h>
+#include <openssl/sha.h>
+#include <openssl/evp.h>
 #include "ssl_locl.h"
 
-#define BREAK break
-/* SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,ERR_R_MALLOC_FAILURE);
- * SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
- * SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,ERR_R_MALLOC_FAILURE);
- * SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
- * SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
- * SSLerr(SSL_F_SSL3_GET_SERVER_DONE,ERR_R_MALLOC_FAILURE);
-SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_SHORT);
- */
-
-#ifndef NOPROTO
+static SSL_METHOD *ssl3_get_client_method(int ver);
 static int ssl3_client_hello(SSL *s);
 static int ssl3_get_server_hello(SSL *s);
 static int ssl3_get_certificate_request(SSL *s);
@@ -85,22 +77,7 @@ static int ssl3_send_client_key_exchange(SSL *s);
 static int ssl3_get_key_exchange(SSL *s);
 static int ssl3_get_server_certificate(SSL *s);
 static int ssl3_check_cert_and_algorithm(SSL *s);
-#else
-static int ssl3_client_hello();
-static int ssl3_get_server_hello();
-static int ssl3_get_certificate_request();
-static int ca_dn_cmp();
-static int ssl3_get_server_done();
-static int ssl3_send_client_verify();
-static int ssl3_send_client_certificate();
-static int ssl3_send_client_key_exchange();
-static int ssl3_get_key_exchange();
-static int ssl3_get_server_certificate();
-static int ssl3_check_cert_and_algorithm();
-#endif
-
-static SSL_METHOD *ssl3_get_client_method(ver)
-int ver;
+static SSL_METHOD *ssl3_get_client_method(int ver)
 	{
 	if (ver == SSL3_VERSION)
 		return(SSLv3_client_method());
@@ -108,7 +85,7 @@ int ver;
 		return(NULL);
 	}
 
-SSL_METHOD *SSLv3_client_method()
+SSL_METHOD *SSLv3_client_method(void)
 	{
 	static int init=1;
 	static SSL_METHOD SSLv3_client_data;
@@ -124,18 +101,16 @@ SSL_METHOD *SSLv3_client_method()
 	return(&SSLv3_client_data);
 	}
 
-int ssl3_connect(s)
-SSL *s;
+int ssl3_connect(SSL *s)
 	{
 	BUF_MEM *buf;
 	unsigned long Time=time(NULL),l;
 	long num1;
 	void (*cb)()=NULL;
 	int ret= -1;
-	BIO *under;
 	int new_state,state,skip=0;;
 
-	RAND_seed((unsigned char *)&Time,sizeof(Time));
+	RAND_seed(&Time,sizeof(Time));
 	ERR_clear_error();
 	clear_sys_error();
 
@@ -156,13 +131,14 @@ SSL *s;
 		case SSL_ST_RENEGOTIATE:
 			s->new_session=1;
 			s->state=SSL_ST_CONNECT;
-			s->ctx->sess_connect_renegotiate++;
+			s->ctx->stats.sess_connect_renegotiate++;
 			/* break */
 		case SSL_ST_BEFORE:
 		case SSL_ST_CONNECT:
 		case SSL_ST_BEFORE|SSL_ST_CONNECT:
 		case SSL_ST_OK|SSL_ST_CONNECT:
 
+			s->server=0;
 			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
 
 			if ((s->version & 0xff00 ) != 0x0300)
@@ -195,7 +171,7 @@ SSL *s;
 			ssl3_init_finished_mac(s);
 
 			s->state=SSL3_ST_CW_CLNT_HELLO_A;
-			s->ctx->sess_connect++;
+			s->ctx->stats.sess_connect++;
 			s->init_num=0;
 			break;
 
@@ -278,6 +254,7 @@ SSL *s;
 		case SSL3_ST_CW_CERT_A:
 		case SSL3_ST_CW_CERT_B:
 		case SSL3_ST_CW_CERT_C:
+		case SSL3_ST_CW_CERT_D:
 			ret=ssl3_send_client_certificate(s);
 			if (ret <= 0) goto end;
 			s->state=SSL3_ST_CW_KEY_EXCH_A;
@@ -324,6 +301,11 @@ SSL *s;
 			s->init_num=0;
 
 			s->session->cipher=s->s3->tmp.new_cipher;
+			if (s->s3->tmp.new_compression == NULL)
+				s->session->compress_meth=0;
+			else
+				s->session->compress_meth=
+					s->s3->tmp.new_compression->id;
 			if (!s->method->ssl3_enc->setup_key_block(s))
 				{
 				ret= -1;
@@ -399,38 +381,33 @@ SSL *s;
 			/* clean a few things up */
 			ssl3_cleanup_key_block(s);
 
-			BUF_MEM_free(s->init_buf);
-			s->init_buf=NULL;
-
-			if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
+			if (s->init_buf != NULL)
 				{
-				/* remove buffering */
-				under=BIO_pop(s->wbio);
-				if (under != NULL)
-					s->wbio=under;
-				else
-					abort(); /* ok */
-
-				BIO_free(s->bbio);
-				s->bbio=NULL;
+				BUF_MEM_free(s->init_buf);
+				s->init_buf=NULL;
 				}
-			/* else do it later */
+
+			/* If we are not 'joining' the last two packets,
+			 * remove the buffering now */
+			if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
+				ssl_free_wbio_buffer(s);
+			/* else do it later in ssl3_write */
 
 			s->init_num=0;
 			s->new_session=0;
 
 			ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
-			if (s->hit) s->ctx->sess_hit++;
+			if (s->hit) s->ctx->stats.sess_hit++;
 
 			ret=1;
 			/* s->server=0; */
 			s->handshake_func=ssl3_connect;
-			s->ctx->sess_connect_good++;
+			s->ctx->stats.sess_connect_good++;
 
 			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
 
 			goto end;
-			break;
+			/* break; */
 			
 		default:
 			SSLerr(SSL_F_SSL3_CONNECT,SSL_R_UNKNOWN_STATE);
@@ -466,19 +443,20 @@ end:
 	}
 
 
-static int ssl3_client_hello(s)
-SSL *s;
+static int ssl3_client_hello(SSL *s)
 	{
 	unsigned char *buf;
 	unsigned char *p,*d;
-	int i;
+	int i,j;
 	unsigned long Time,l;
+	SSL_COMP *comp;
 
 	buf=(unsigned char *)s->init_buf->data;
 	if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
 		{
 		if ((s->session == NULL) ||
-			(s->session->ssl_version != s->version))
+			(s->session->ssl_version != s->version) ||
+			(s->session->not_resumable))
 			{
 			if (!ssl_get_new_session(s,0))
 				goto err;
@@ -488,13 +466,14 @@ SSL *s;
 		p=s->s3->client_random;
 		Time=time(NULL);			/* Time */
 		l2n(Time,p);
-		RAND_bytes(&(p[4]),SSL3_RANDOM_SIZE-sizeof(Time));
+		RAND_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
 
 		/* Do the message type and length last */
 		d=p= &(buf[4]);
 
 		*(p++)=s->version>>8;
 		*(p++)=s->version&0xff;
+		s->client_version=s->version;
 
 		/* Random stuff */
 		memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
@@ -522,9 +501,18 @@ SSL *s;
 		s2n(i,p);
 		p+=i;
 
-		/* hardwire in the NULL compression algorithm. */
-		*(p++)=1;
-		*(p++)=0;
+		/* COMPRESSION */
+		if (s->ctx->comp_methods == NULL)
+			j=0;
+		else
+			j=sk_SSL_COMP_num(s->ctx->comp_methods);
+		*(p++)=1+j;
+		for (i=0; i<j; i++)
+			{
+			comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
+			*(p++)=comp->id;
+			}
+		*(p++)=0; /* Add the NULL method */
 		
 		l=(p-d);
 		d=buf;
@@ -543,15 +531,15 @@ err:
 	return(-1);
 	}
 
-static int ssl3_get_server_hello(s)
-SSL *s;
+static int ssl3_get_server_hello(SSL *s)
 	{
-	STACK *sk;
+	STACK_OF(SSL_CIPHER) *sk;
 	SSL_CIPHER *c;
 	unsigned char *p,*d;
 	int i,al,ok;
 	unsigned int j;
 	long n;
+	SSL_COMP *comp;
 
 	n=ssl3_get_message(s,
 		SSL3_ST_CR_SRVR_HELLO_A,
@@ -590,9 +578,18 @@ SSL *s;
 			goto f_err;
 			}
 		}
-	if ((j != 0) && (j == s->session->session_id_length) &&
-		(memcmp(p,s->session->session_id,j) == 0))
-		s->hit=1;
+	if (j != 0 && j == s->session->session_id_length
+	    && memcmp(p,s->session->session_id,j) == 0)
+	    {
+	    if(s->sid_ctx_length != s->session->sid_ctx_length
+	       || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length))
+		{
+		al=SSL_AD_ILLEGAL_PARAMETER;
+		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
+		goto f_err;
+		}
+	    s->hit=1;
+	    }
 	else	/* a miss or crap from the other end */
 		{
 		/* If we were trying for session-id reuse, make a new
@@ -621,7 +618,7 @@ SSL *s;
 	p+=ssl_put_cipher_by_char(s,NULL,NULL);
 
 	sk=ssl_get_ciphers_by_id(s);
-	i=sk_find(sk,(char *)c);
+	i=sk_SSL_CIPHER_find(sk,c);
 	if (i < 0)
 		{
 		/* we did not say we would use this cipher */
@@ -643,13 +640,23 @@ SSL *s;
 	s->s3->tmp.new_cipher=c;
 
 	/* lets get the compression algorithm */
+	/* COMPRESSION */
 	j= *(p++);
-	if (j != 0)
+	if (j == 0)
+		comp=NULL;
+	else
+		comp=ssl3_comp_find(s->ctx->comp_methods,j);
+	
+	if ((j != 0) && (comp == NULL))
 		{
 		al=SSL_AD_ILLEGAL_PARAMETER;
 		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
 		goto f_err;
 		}
+	else
+		{
+		s->s3->tmp.new_compression=comp;
+		}
 
 	if (p != (d+n))
 		{
@@ -666,15 +673,14 @@ err:
 	return(-1);
 	}
 
-static int ssl3_get_server_certificate(s)
-SSL *s;
+static int ssl3_get_server_certificate(SSL *s)
 	{
 	int al,i,ok,ret= -1;
 	unsigned long n,nc,llen,l;
 	X509 *x=NULL;
 	unsigned char *p,*d,*q;
-	STACK *sk=NULL;
-	CERT *c;
+	STACK_OF(X509) *sk=NULL;
+	SESS_CERT *sc;
 	EVP_PKEY *pkey=NULL;
 
 	n=ssl3_get_message(s,
@@ -704,7 +710,7 @@ SSL *s;
 		}
 	d=p=(unsigned char *)s->init_buf->data;
 
-	if ((sk=sk_new_null()) == NULL)
+	if ((sk=sk_X509_new_null()) == NULL)
 		{
 		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
 		goto err;
@@ -741,7 +747,7 @@ SSL *s;
 			SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
 			goto f_err;
 			}
-		if (!sk_push(sk,(char *)x))
+		if (!sk_X509_push(sk,x))
 			{
 			SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
 			goto err;
@@ -752,26 +758,26 @@ SSL *s;
 		}
 
 	i=ssl_verify_cert_chain(s,sk);
-        if ((s->verify_mode != SSL_VERIFY_NONE) && (!i))
+	if ((s->verify_mode != SSL_VERIFY_NONE) && (!i))
 		{
 		al=ssl_verify_alarm_type(s->verify_result);
 		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
 		goto f_err; 
 		}
 
-	c=ssl_cert_new();
-	if (c == NULL) goto err;
+	sc=ssl_sess_cert_new();
+	if (sc == NULL) goto err;
 
-	if (s->session->cert) ssl_cert_free(s->session->cert);
-	s->session->cert=c;
+	if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert);
+	s->session->sess_cert=sc;
 
-	c->cert_chain=sk;
-	x=(X509 *)sk_value(sk,0);
+	sc->cert_chain=sk;
+	x=sk_X509_value(sk,0);
 	sk=NULL;
 
 	pkey=X509_get_pubkey(x);
 
-	if (EVP_PKEY_missing_parameters(pkey))
+	if ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))
 		{
 		x=NULL;
 		al=SSL3_AL_FATAL;
@@ -788,14 +794,16 @@ SSL *s;
 		goto f_err;
 		}
 
-	c->cert_type=i;
+	sc->peer_cert_type=i;
 	CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
-	if (c->pkeys[i].x509 != NULL)
-		X509_free(c->pkeys[i].x509);
-	c->pkeys[i].x509=x;
-	c->key= &(c->pkeys[i]);
-
-	if ((s->session != NULL) && (s->session->peer != NULL)) 
+	if (sc->peer_pkeys[i].x509 != NULL) /* Why would this ever happen?
+										 * We just created sc a couple of
+										 * lines ago. */
+		X509_free(sc->peer_pkeys[i].x509);
+	sc->peer_pkeys[i].x509=x;
+	sc->peer_key= &(sc->peer_pkeys[i]);
+
+	if (s->session->peer != NULL)
 		X509_free(s->session->peer);
 	CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
 	s->session->peer=x;
@@ -809,13 +817,13 @@ f_err:
 		ssl3_send_alert(s,SSL3_AL_FATAL,al);
 		}
 err:
-	if (x != NULL) X509_free(x);
-	if (sk != NULL) sk_pop_free(sk,X509_free);
+	EVP_PKEY_free(pkey);
+	X509_free(x);
+	sk_X509_pop_free(sk,X509_free);
 	return(ret);
 	}
 
-static int ssl3_get_key_exchange(s)
-SSL *s;
+static int ssl3_get_key_exchange(SSL *s)
 	{
 #ifndef NO_RSA
 	unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2];
@@ -825,7 +833,9 @@ SSL *s;
 	int al,i,j,param_len,ok;
 	long n,alg;
 	EVP_PKEY *pkey=NULL;
+#ifndef NO_RSA
 	RSA *rsa=NULL;
+#endif
 #ifndef NO_DH
 	DH *dh=NULL;
 #endif
@@ -847,26 +857,26 @@ SSL *s;
 
 	param=p=(unsigned char *)s->init_buf->data;
 
-	if (s->session->cert != NULL)
+	if (s->session->sess_cert != NULL)
 		{
 #ifndef NO_RSA
-		if (s->session->cert->rsa_tmp != NULL)
+		if (s->session->sess_cert->peer_rsa_tmp != NULL)
 			{
-			RSA_free(s->session->cert->rsa_tmp);
-			s->session->cert->rsa_tmp=NULL;
+			RSA_free(s->session->sess_cert->peer_rsa_tmp);
+			s->session->sess_cert->peer_rsa_tmp=NULL;
 			}
 #endif
 #ifndef NO_DH
-		if (s->session->cert->dh_tmp)
+		if (s->session->sess_cert->peer_dh_tmp)
 			{
-			DH_free(s->session->cert->dh_tmp);
-			s->session->cert->dh_tmp=NULL;
+			DH_free(s->session->sess_cert->peer_dh_tmp);
+			s->session->sess_cert->peer_dh_tmp=NULL;
 			}
 #endif
 		}
 	else
 		{
-		s->session->cert=ssl_cert_new();
+		s->session->sess_cert=ssl_sess_cert_new();
 		}
 
 	param_len=0;
@@ -911,16 +921,16 @@ SSL *s;
 		p+=i;
 		n-=param_len;
 
-/*		s->session->cert->rsa_tmp=rsa;*/
 		/* this should be because we are using an export cipher */
 		if (alg & SSL_aRSA)
-			pkey=X509_get_pubkey(s->session->cert->pkeys[SSL_PKEY_RSA_ENC].x509);
+			pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
 		else
 			{
 			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR);
 			goto err;
 			}
-		s->session->cert->rsa_tmp=rsa;
+		s->session->sess_cert->peer_rsa_tmp=rsa;
+		rsa=NULL;
 		}
 	else
 #endif
@@ -980,16 +990,17 @@ SSL *s;
 
 #ifndef NO_RSA
 		if (alg & SSL_aRSA)
-			pkey=X509_get_pubkey(s->session->cert->pkeys[SSL_PKEY_RSA_ENC].x509);
+			pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
 		else
 #endif
 #ifndef NO_DSA
 		if (alg & SSL_aDSS)
-			pkey=X509_get_pubkey(s->session->cert->pkeys[SSL_PKEY_DSA_SIGN].x509);
+			pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
 #endif
 		/* else anonymous DH, so no certificate or pkey. */
 
-		s->session->cert->dh_tmp=dh;
+		s->session->sess_cert->peer_dh_tmp=dh;
+		dh=NULL;
 		}
 	else if ((alg & SSL_kDHr) || (alg & SSL_kDHd))
 		{
@@ -998,6 +1009,13 @@ SSL *s;
 		goto f_err;
 		}
 #endif
+	if (alg & SSL_aFZA)
+		{
+		al=SSL_AD_HANDSHAKE_FAILURE;
+		SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
+		goto f_err;
+		}
+
 
 	/* p points to the next byte, there are 'n' bytes left */
 
@@ -1014,7 +1032,7 @@ SSL *s;
 			/* wrong packet length */
 			al=SSL_AD_DECODE_ERROR;
 			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_LENGTH);
-			goto err;
+			goto f_err;
 			}
 
 #ifndef NO_RSA
@@ -1091,23 +1109,31 @@ SSL *s;
 			goto f_err;
 			}
 		}
-
+	EVP_PKEY_free(pkey);
 	return(1);
 f_err:
 	ssl3_send_alert(s,SSL3_AL_FATAL,al);
 err:
+	EVP_PKEY_free(pkey);
+#ifndef NO_RSA
+	if (rsa != NULL)
+		RSA_free(rsa);
+#endif
+#ifndef NO_DH
+	if (dh != NULL)
+		DH_free(dh);
+#endif
 	return(-1);
 	}
 
-static int ssl3_get_certificate_request(s)
-SSL *s;
+static int ssl3_get_certificate_request(SSL *s)
 	{
 	int ok,ret=0;
 	unsigned long n,nc,l;
 	unsigned int llen,ctype_num,i;
 	X509_NAME *xn=NULL;
 	unsigned char *p,*d,*q;
-	STACK *ca_sk=NULL;
+	STACK_OF(X509_NAME) *ca_sk=NULL;
 
 	n=ssl3_get_message(s,
 		SSL3_ST_CR_CERT_REQ_A,
@@ -1151,7 +1177,7 @@ SSL *s;
 
 	d=p=(unsigned char *)s->init_buf->data;
 
-	if ((ca_sk=sk_new(ca_dn_cmp)) == NULL)
+	if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL)
 		{
 		SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
 		goto err;
@@ -1167,6 +1193,15 @@ SSL *s;
 
 	/* get the CA RDNs */
 	n2s(p,llen);
+#if 0
+{
+FILE *out;
+out=fopen("/tmp/vsign.der","w");
+fwrite(p,1,llen,out);
+fclose(out);
+}
+#endif
+
 	if ((llen+ctype_num+2+1) != n)
 		{
 		ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
@@ -1207,7 +1242,7 @@ SSL *s;
 			SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_LENGTH_MISMATCH);
 			goto err;
 			}
-		if (!sk_push(ca_sk,(char *)xn))
+		if (!sk_X509_NAME_push(ca_sk,xn))
 			{
 			SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
 			goto err;
@@ -1227,24 +1262,22 @@ cont:
 	s->s3->tmp.cert_req=1;
 	s->s3->tmp.ctype_num=ctype_num;
 	if (s->s3->tmp.ca_names != NULL)
-		sk_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
+		sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
 	s->s3->tmp.ca_names=ca_sk;
 	ca_sk=NULL;
 
 	ret=1;
 err:
-	if (ca_sk != NULL) sk_pop_free(ca_sk,X509_NAME_free);
+	if (ca_sk != NULL) sk_X509_NAME_pop_free(ca_sk,X509_NAME_free);
 	return(ret);
 	}
 
-static int ca_dn_cmp(a,b)
-X509_NAME **a,**b;
+static int ca_dn_cmp(X509_NAME **a, X509_NAME **b)
 	{
 	return(X509_NAME_cmp(*a,*b));
 	}
 
-static int ssl3_get_server_done(s)
-SSL *s;
+static int ssl3_get_server_done(SSL *s)
 	{
 	int ok,ret=0;
 	long n;
@@ -1267,13 +1300,15 @@ SSL *s;
 	return(ret);
 	}
 
-static int ssl3_send_client_key_exchange(s)
-SSL *s;
+static int ssl3_send_client_key_exchange(SSL *s)
 	{
-	unsigned char *p,*q,*d;
+	unsigned char *p,*d;
 	int n;
 	unsigned long l;
+#ifndef NO_RSA
+	unsigned char *q;
 	EVP_PKEY *pkey=NULL;
+#endif
 
 	if (s->state == SSL3_ST_CW_KEY_EXCH_A)
 		{
@@ -1286,13 +1321,13 @@ SSL *s;
 		if (l & SSL_kRSA)
 			{
 			RSA *rsa;
-			unsigned char tmp_buf[48];
+			unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
 
-			if (s->session->cert->rsa_tmp != NULL)
-				rsa=s->session->cert->rsa_tmp;
+			if (s->session->sess_cert->peer_rsa_tmp != NULL)
+				rsa=s->session->sess_cert->peer_rsa_tmp;
 			else
 				{
-				pkey=X509_get_pubkey(s->session->cert->pkeys[SSL_PKEY_RSA_ENC].x509);
+				pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
 				if ((pkey == NULL) ||
 					(pkey->type != EVP_PKEY_RSA) ||
 					(pkey->pkey.rsa == NULL))
@@ -1301,10 +1336,11 @@ SSL *s;
 					goto err;
 					}
 				rsa=pkey->pkey.rsa;
+				EVP_PKEY_free(pkey);
 				}
 				
-			tmp_buf[0]=s->version>>8;
-			tmp_buf[1]=s->version&0xff;
+			tmp_buf[0]=s->client_version>>8;
+			tmp_buf[1]=s->client_version&0xff;
 			RAND_bytes(&(tmp_buf[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
 
 			s->session->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
@@ -1315,6 +1351,10 @@ SSL *s;
 				p+=2;
 			n=RSA_public_encrypt(SSL_MAX_MASTER_KEY_LENGTH,
 				tmp_buf,p,rsa,RSA_PKCS1_PADDING);
+#ifdef PKCS1_CHECK
+			if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++;
+			if (s->options & SSL_OP_PKCS1_CHECK_2) tmp_buf[0]=0x70;
+#endif
 			if (n <= 0)
 				{
 				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT);
@@ -1331,8 +1371,8 @@ SSL *s;
 			s->session->master_key_length=
 				s->method->ssl3_enc->generate_master_secret(s,
 					s->session->master_key,
-					tmp_buf,48);
-			memset(tmp_buf,0,48);
+					tmp_buf,SSL_MAX_MASTER_KEY_LENGTH);
+			memset(tmp_buf,0,SSL_MAX_MASTER_KEY_LENGTH);
 			}
 		else
 #endif
@@ -1341,8 +1381,8 @@ SSL *s;
 			{
 			DH *dh_srvr,*dh_clnt;
 
-			if (s->session->cert->dh_tmp != NULL)
-				dh_srvr=s->session->cert->dh_tmp;
+			if (s->session->sess_cert->peer_dh_tmp != NULL)
+				dh_srvr=s->session->sess_cert->peer_dh_tmp;
 			else
 				{
 				/* we get them from the cert */
@@ -1414,13 +1454,14 @@ err:
 	return(-1);
 	}
 
-static int ssl3_send_client_verify(s)
-SSL *s;
+static int ssl3_send_client_verify(SSL *s)
 	{
 	unsigned char *p,*d;
 	unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
 	EVP_PKEY *pkey;
+#ifndef NO_RSA
 	int i=0;
+#endif
 	unsigned long n;
 #ifndef NO_DSA
 	int j;
@@ -1485,8 +1526,7 @@ err:
 	return(-1);
 	}
 
-static int ssl3_send_client_certificate(s)
-SSL *s;
+static int ssl3_send_client_certificate(SSL *s)
 	{
 	X509 *x509=NULL;
 	EVP_PKEY *pkey=NULL;
@@ -1565,19 +1605,22 @@ SSL *s;
 
 #define has_bits(i,m)	(((i)&(m)) == (m))
 
-static int ssl3_check_cert_and_algorithm(s)
-SSL *s;
+static int ssl3_check_cert_and_algorithm(SSL *s)
 	{
 	int i,idx;
 	long algs;
 	EVP_PKEY *pkey=NULL;
-	CERT *c;
+	SESS_CERT *sc;
+#ifndef NO_RSA
 	RSA *rsa;
+#endif
+#ifndef NO_DH
 	DH *dh;
+#endif
 
-	c=s->session->cert;
+	sc=s->session->sess_cert;
 
-	if (c == NULL)
+	if (sc == NULL)
 		{
 		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_INTERNAL_ERROR);
 		goto err;
@@ -1589,14 +1632,19 @@ SSL *s;
 	if (algs & (SSL_aDH|SSL_aNULL))
 		return(1);
 
-	rsa=s->session->cert->rsa_tmp;
-	dh=s->session->cert->dh_tmp;
+#ifndef NO_RSA
+	rsa=s->session->sess_cert->peer_rsa_tmp;
+#endif
+#ifndef NO_DH
+	dh=s->session->sess_cert->peer_dh_tmp;
+#endif
 
 	/* This is the passed certificate */
 
-	idx=c->cert_type;
-	pkey=X509_get_pubkey(c->pkeys[idx].x509);
-	i=X509_certificate_type(c->pkeys[idx].x509,pkey);
+	idx=sc->peer_cert_type;
+	pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509);
+	i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey);
+	EVP_PKEY_free(pkey);
 
 	
 	/* Check that we have a certificate if we require one */
@@ -1612,15 +1660,16 @@ SSL *s;
 		goto f_err;
 		}
 #endif
-
+#ifndef NO_RSA
 	if ((algs & SSL_kRSA) &&
 		!(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL)))
 		{
 		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT);
 		goto f_err;
 		}
+#endif
 #ifndef NO_DH
-	else if ((algs & SSL_kEDH) &&
+	if ((algs & SSL_kEDH) &&
 		!(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL)))
 		{
 		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY);
@@ -1640,12 +1689,13 @@ SSL *s;
 #endif
 #endif
 
-	if ((algs & SSL_EXP) && !has_bits(i,EVP_PKT_EXP))
+	if (SSL_IS_EXPORT(algs) && !has_bits(i,EVP_PKT_EXP))
 		{
 #ifndef NO_RSA
 		if (algs & SSL_kRSA)
 			{
-			if ((rsa == NULL) || (RSA_size(rsa) > 512))
+			if (rsa == NULL
+			    || RSA_size(rsa) > SSL_EXPORT_PKEYLENGTH(algs))
 				{
 				SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
 				goto f_err;
@@ -1655,8 +1705,9 @@ SSL *s;
 #endif
 #ifndef NO_DH
 			if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
-			{
-			if ((dh == NULL) || (DH_size(dh) > 512))
+			    {
+			    if (dh == NULL
+				|| DH_size(dh) > SSL_EXPORT_PKEYLENGTH(algs))
 				{
 				SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
 				goto f_err;
diff --git a/lib/libssl/src/ssl/s3_enc.c b/lib/libssl/src/ssl/s3_enc.c
index bbd9b637c5c..15d4af6dfba 100644
--- a/lib/libssl/src/ssl/s3_enc.c
+++ b/lib/libssl/src/ssl/s3_enc.c
@@ -57,7 +57,9 @@
  */
 
 #include <stdio.h>
-#include "evp.h"
+#include <openssl/md5.h>
+#include <openssl/sha.h>
+#include <openssl/evp.h>
 #include "ssl_locl.h"
 
 static unsigned char ssl3_pad_1[48]={
@@ -83,10 +85,7 @@ static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
 static int ssl3_handshake_mac();
 #endif
 
-static void ssl3_generate_key_block(s,km,num)
-SSL *s;
-unsigned char *km;
-int num;
+static void ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
 	{
 	MD5_CTX m5;
 	SHA_CTX s1;
@@ -94,6 +93,9 @@ int num;
 	unsigned char c='A';
 	int i,j,k;
 
+#ifdef CHARSET_EBCDIC
+	c = os_toascii[c]; /*'A' in ASCII */
+#endif
 	k=0;
 	for (i=0; i<num; i+=MD5_DIGEST_LENGTH)
 		{
@@ -126,25 +128,26 @@ int num;
 	memset(smd,0,SHA_DIGEST_LENGTH);
 	}
 
-int ssl3_change_cipher_state(s,which)
-SSL *s;
-int which;
+int ssl3_change_cipher_state(SSL *s, int which)
 	{
 	unsigned char *p,*key_block,*mac_secret;
 	unsigned char exp_key[EVP_MAX_KEY_LENGTH];
 	unsigned char exp_iv[EVP_MAX_KEY_LENGTH];
 	unsigned char *ms,*key,*iv,*er1,*er2;
 	EVP_CIPHER_CTX *dd;
-	EVP_CIPHER *c;
-	SSL_COMPRESSION *comp;
-	EVP_MD *m;
+	const EVP_CIPHER *c;
+	COMP_METHOD *comp;
+	const EVP_MD *m;
 	MD5_CTX md;
-	int exp,n,i,j,k;
+	int exp,n,i,j,k,cl;
 
-	exp=(s->s3->tmp.new_cipher->algorithms & SSL_EXPORT)?1:0;
+	exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
 	c=s->s3->tmp.new_sym_enc;
 	m=s->s3->tmp.new_hash;
-	comp=s->s3->tmp.new_compression;
+	if (s->s3->tmp.new_compression == NULL)
+		comp=NULL;
+	else
+		comp=s->s3->tmp.new_compression->method;
 	key_block=s->s3->tmp.key_block;
 
 	if (which & SSL3_CC_READ)
@@ -155,7 +158,26 @@ int which;
 			goto err;
 		dd= s->enc_read_ctx;
 		s->read_hash=m;
-		s->read_compression=comp;
+		/* COMPRESS */
+		if (s->expand != NULL)
+			{
+			COMP_CTX_free(s->expand);
+			s->expand=NULL;
+			}
+		if (comp != NULL)
+			{
+			s->expand=COMP_CTX_new(comp);
+			if (s->expand == NULL)
+				{
+				SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
+				goto err2;
+				}
+			if (s->s3->rrec.comp == NULL)
+				s->s3->rrec.comp=(unsigned char *)
+					Malloc(SSL3_RT_MAX_PLAIN_LENGTH);
+			if (s->s3->rrec.comp == NULL)
+				goto err;
+			}
 		memset(&(s->s3->read_sequence[0]),0,8);
 		mac_secret= &(s->s3->read_mac_secret[0]);
 		}
@@ -167,7 +189,21 @@ int which;
 			goto err;
 		dd= s->enc_write_ctx;
 		s->write_hash=m;
-		s->write_compression=comp;
+		/* COMPRESS */
+		if (s->compress != NULL)
+			{
+			COMP_CTX_free(s->compress);
+			s->compress=NULL;
+			}
+		if (comp != NULL)
+			{
+			s->compress=COMP_CTX_new(comp);
+			if (s->compress == NULL)
+				{
+				SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
+				goto err2;
+				}
+			}
 		memset(&(s->s3->write_sequence[0]),0,8);
 		mac_secret= &(s->s3->write_mac_secret[0]);
 		}
@@ -176,7 +212,10 @@ int which;
 
 	p=s->s3->tmp.key_block;
 	i=EVP_MD_size(m);
-	j=(exp)?5:EVP_CIPHER_key_length(c);
+	cl=EVP_CIPHER_key_length(c);
+	j=exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
+		 cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
+	/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
 	k=EVP_CIPHER_iv_length(c);
 	if (	(which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
 		(which == SSL3_CHANGE_CIPHER_SERVER_READ))
@@ -239,18 +278,18 @@ err2:
 	return(0);
 	}
 
-int ssl3_setup_key_block(s)
-SSL *s;
+int ssl3_setup_key_block(SSL *s)
 	{
 	unsigned char *p;
-	EVP_CIPHER *c;
-	EVP_MD *hash;
-	int num,exp;
+	const EVP_CIPHER *c;
+	const EVP_MD *hash;
+	int num;
+	SSL_COMP *comp;
 
 	if (s->s3->tmp.key_block_length != 0)
 		return(1);
 
-	if (!ssl_cipher_get_evp(s->session->cipher,&c,&hash))
+	if (!ssl_cipher_get_evp(s->session,&c,&hash,&comp))
 		{
 		SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
 		return(0);
@@ -258,8 +297,7 @@ SSL *s;
 
 	s->s3->tmp.new_sym_enc=c;
 	s->s3->tmp.new_hash=hash;
-
-	exp=(s->session->cipher->algorithms & SSL_EXPORT)?1:0;
+	s->s3->tmp.new_compression=comp;
 
 	num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
 	num*=2;
@@ -280,8 +318,7 @@ err:
 	return(0);
 	}
 
-void ssl3_cleanup_key_block(s)
-SSL *s;
+void ssl3_cleanup_key_block(SSL *s)
 	{
 	if (s->s3->tmp.key_block != NULL)
 		{
@@ -293,44 +330,35 @@ SSL *s;
 	s->s3->tmp.key_block_length=0;
 	}
 
-int ssl3_enc(s,send)
-SSL *s;
-int send;
+int ssl3_enc(SSL *s, int send)
 	{
 	SSL3_RECORD *rec;
 	EVP_CIPHER_CTX *ds;
 	unsigned long l;
 	int bs,i;
-	EVP_CIPHER *enc;
-	SSL_COMPRESSION *comp;
+	const EVP_CIPHER *enc;
 
 	if (send)
 		{
 		ds=s->enc_write_ctx;
 		rec= &(s->s3->wrec);
 		if (s->enc_write_ctx == NULL)
-			{ enc=NULL; comp=NULL; }
+			enc=NULL;
 		else
-			{
 			enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
-			comp=s->write_compression;
-			}
 		}
 	else
 		{
 		ds=s->enc_read_ctx;
 		rec= &(s->s3->rrec);
 		if (s->enc_read_ctx == NULL)
-			{ enc=NULL; comp=NULL; }
+			enc=NULL;
 		else
-			{
 			enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
-			comp=s->read_compression;
-			}
 		}
 
 	if ((s->session == NULL) || (ds == NULL) ||
-		((enc == NULL) && (comp == NULL)))
+		(enc == NULL))
 		{
 		memcpy(rec->data,rec->input,rec->length);
 		rec->input=rec->data;
@@ -340,6 +368,8 @@ int send;
 		l=rec->length;
 		bs=EVP_CIPHER_block_size(ds->cipher);
 
+		/* COMPRESS */
+
 		/* This should be using (bs-1) and bs instead of 7 and 8 */
 		if ((bs != 1) && send)
 			{
@@ -368,36 +398,25 @@ int send;
 	return(1);
 	}
 
-void ssl3_init_finished_mac(s)
-SSL *s;
+void ssl3_init_finished_mac(SSL *s)
 	{
 	EVP_DigestInit(&(s->s3->finish_dgst1),s->ctx->md5);
 	EVP_DigestInit(&(s->s3->finish_dgst2),s->ctx->sha1);
 	}
 
-void ssl3_finish_mac(s,buf,len)
-SSL *s;
-unsigned char *buf;
-int len;
+void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len)
 	{
 	EVP_DigestUpdate(&(s->s3->finish_dgst1),buf,len);
 	EVP_DigestUpdate(&(s->s3->finish_dgst2),buf,len);
 	}
 
-int ssl3_cert_verify_mac(s,ctx,p)
-SSL *s;
-EVP_MD_CTX *ctx;
-unsigned char *p;
+int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *ctx, unsigned char *p)
 	{
 	return(ssl3_handshake_mac(s,ctx,NULL,0,p));
 	}
 
-int ssl3_final_finish_mac(s,ctx1,ctx2,sender,len,p)
-SSL *s;
-EVP_MD_CTX *ctx1,*ctx2;
-unsigned char *sender;
-int len;
-unsigned char *p;
+int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2,
+	     unsigned char *sender, int len, unsigned char *p)
 	{
 	int ret;
 
@@ -407,12 +426,8 @@ unsigned char *p;
 	return(ret);
 	}
 
-static int ssl3_handshake_mac(s,in_ctx,sender,len,p)
-SSL *s;
-EVP_MD_CTX *in_ctx;
-unsigned char *sender;
-int len;
-unsigned char *p;
+static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
+	     unsigned char *sender, int len, unsigned char *p)
 	{
 	unsigned int ret;
 	int npad,n;
@@ -420,7 +435,7 @@ unsigned char *p;
 	unsigned char md_buf[EVP_MAX_MD_SIZE];
 	EVP_MD_CTX ctx;
 
-	memcpy(&ctx,in_ctx,sizeof(EVP_MD_CTX));
+	EVP_MD_CTX_copy(&ctx,in_ctx);
 
 	n=EVP_MD_CTX_size(&ctx);
 	npad=(48/n)*n;
@@ -444,15 +459,12 @@ unsigned char *p;
 	return((int)ret);
 	}
 
-int ssl3_mac(ssl,md,send)
-SSL *ssl;
-unsigned char *md;
-int send;
+int ssl3_mac(SSL *ssl, unsigned char *md, int send)
 	{
 	SSL3_RECORD *rec;
 	unsigned char *mac_sec,*seq;
 	EVP_MD_CTX md_ctx;
-	EVP_MD *hash;
+	const EVP_MD *hash;
 	unsigned char *p,rec_char;
 	unsigned int md_size;
 	int npad,i;
@@ -501,16 +513,19 @@ int send;
 	return(md_size);
 	}
 
-int ssl3_generate_master_secret(s,out,p,len)
-SSL *s;
-unsigned char *out;
-unsigned char *p;
-int len;
+int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
+	     int len)
 	{
-	static unsigned char *salt[3]={
-		(unsigned char *)"A",
-		(unsigned char *)"BB",
-		(unsigned char *)"CCC",
+	static const unsigned char *salt[3]={
+#ifndef CHARSET_EBCDIC
+		(const unsigned char *)"A",
+		(const unsigned char *)"BB",
+		(const unsigned char *)"CCC",
+#else
+		(const unsigned char *)"\x41",
+		(const unsigned char *)"\x42\x42",
+		(const unsigned char *)"\x43\x43\x43",
+#endif
 		};
 	unsigned char buf[EVP_MAX_MD_SIZE];
 	EVP_MD_CTX ctx;
@@ -520,7 +535,7 @@ int len;
 	for (i=0; i<3; i++)
 		{
 		EVP_DigestInit(&ctx,s->ctx->sha1);
-		EVP_DigestUpdate(&ctx,salt[i],strlen((char *)salt[i]));
+		EVP_DigestUpdate(&ctx,salt[i],strlen((const char *)salt[i]));
 		EVP_DigestUpdate(&ctx,p,len);
 		EVP_DigestUpdate(&ctx,&(s->s3->client_random[0]),
 			SSL3_RANDOM_SIZE);
@@ -538,8 +553,7 @@ int len;
 	return(ret);
 	}
 
-int ssl3_alert_code(code)
-int code;
+int ssl3_alert_code(int code)
 	{
 	switch (code)
 		{
diff --git a/lib/libssl/src/ssl/s3_lib.c b/lib/libssl/src/ssl/s3_lib.c
index 0fd945025d2..aeff6b5c5bc 100644
--- a/lib/libssl/src/ssl/s3_lib.c
+++ b/lib/libssl/src/ssl/s3_lib.c
@@ -57,20 +57,18 @@
  */
 
 #include <stdio.h>
-#include "objects.h"
+#include <openssl/md5.h>
+#include <openssl/sha.h>
+#include <openssl/objects.h>
 #include "ssl_locl.h"
 
-char *ssl3_version_str="SSLv3 part of SSLeay 0.9.0b 29-Jun-1998";
+const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT;
 
 #define SSL3_NUM_CIPHERS	(sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
 
-#ifndef NOPROTO
 static long ssl3_default_timeout(void );
-#else
-static long ssl3_default_timeout();
-#endif
 
-SSL_CIPHER ssl3_ciphers[]={
+OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 /* The RSA ciphers */
 /* Cipher 01 */
 	{
@@ -97,7 +95,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_ADH_RC4_40_MD5,
 	SSL3_CK_ADH_RC4_40_MD5,
-	SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_EXP|SSL_SSLV3,
+	SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_EXP40|SSL_SSLV3,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -115,7 +113,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_ADH_DES_40_CBC_SHA,
 	SSL3_CK_ADH_DES_40_CBC_SHA,
-	SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
+	SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -144,7 +142,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_RSA_RC4_40_MD5,
 	SSL3_CK_RSA_RC4_40_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_MD5 |SSL_EXP|SSL_SSLV3,
+	SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_MD5 |SSL_EXP40|SSL_SSLV3,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -171,7 +169,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_RSA_RC2_40_MD5,
 	SSL3_CK_RSA_RC2_40_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_RC2  |SSL_MD5 |SSL_EXP|SSL_SSLV3,
+	SSL_kRSA|SSL_aRSA|SSL_RC2  |SSL_MD5 |SSL_EXP40|SSL_SSLV3,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -189,7 +187,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_RSA_DES_40_CBC_SHA,
 	SSL3_CK_RSA_DES_40_CBC_SHA,
-	SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
+	SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -218,7 +216,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	0,
 	SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
 	SSL3_CK_DH_DSS_DES_40_CBC_SHA,
-	SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
+	SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -245,7 +243,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	0,
 	SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
 	SSL3_CK_DH_RSA_DES_40_CBC_SHA,
-	SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
+	SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -274,7 +272,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
 	SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
-	SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
+	SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -301,7 +299,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
 	SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
-	SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
+	SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -355,6 +353,73 @@ SSL_CIPHER ssl3_ciphers[]={
 	SSL_ALL_CIPHERS,
 	},
 
+#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
+	/* New TLS Export CipherSuites */
+	/* Cipher 60 */
+	    {
+	    1,
+	    TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
+	    TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
+	    SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_EXP56|SSL_TLSV1,
+	    0,
+	    SSL_ALL_CIPHERS
+	    },
+	/* Cipher 61 */
+	    {
+	    1,
+	    TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
+	    TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
+	    SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_EXP56|SSL_TLSV1,
+	    0,
+	    SSL_ALL_CIPHERS
+	    },
+	/* Cipher 62 */
+	    {
+	    1,
+	    TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
+	    TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
+	    SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_EXP56|SSL_TLSV1,
+	    0,
+	    SSL_ALL_CIPHERS
+	    },
+	/* Cipher 63 */
+	    {
+	    1,
+	    TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
+	    TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
+	    SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_EXP56|SSL_TLSV1,
+	    0,
+	    SSL_ALL_CIPHERS
+	    },
+	/* Cipher 64 */
+	    {
+	    1,
+	    TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
+	    TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
+	    SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_EXP56|SSL_TLSV1,
+	    0,
+	    SSL_ALL_CIPHERS
+	    },
+	/* Cipher 65 */
+	    {
+	    1,
+	    TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
+	    TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
+	    SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_EXP56|SSL_TLSV1,
+	    0,
+	    SSL_ALL_CIPHERS
+	    },
+	/* Cipher 66 */
+	    {
+	    1,
+	    TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
+	    TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
+	    SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
+	    0,
+	    SSL_ALL_CIPHERS
+	    },
+#endif
+
 /* end of list */
 	};
 
@@ -384,6 +449,7 @@ static SSL_METHOD SSLv3_data= {
 	ssl3_write,
 	ssl3_shutdown,
 	ssl3_renegotiate,
+	ssl3_renegotiate_check,
 	ssl3_ctrl,
 	ssl3_ctx_ctrl,
 	ssl3_get_cipher_by_char,
@@ -396,25 +462,24 @@ static SSL_METHOD SSLv3_data= {
 	&SSLv3_enc_data,
 	};
 
-static long ssl3_default_timeout()
+static long ssl3_default_timeout(void)
 	{
 	/* 2 hours, the 24 hours mentioned in the SSLv3 spec
 	 * is way too long for http, the cache would over fill */
 	return(60*60*2);
 	}
 
-SSL_METHOD *sslv3_base_method()
+SSL_METHOD *sslv3_base_method(void)
 	{
 	return(&SSLv3_data);
 	}
 
-int ssl3_num_ciphers()
+int ssl3_num_ciphers(void)
 	{
 	return(SSL3_NUM_CIPHERS);
 	}
 
-SSL_CIPHER *ssl3_get_cipher(u)
-unsigned int u;
+SSL_CIPHER *ssl3_get_cipher(unsigned int u)
 	{
 	if (u < SSL3_NUM_CIPHERS)
 		return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
@@ -423,14 +488,12 @@ unsigned int u;
 	}
 
 /* The problem is that it may not be the correct record type */
-int ssl3_pending(s)
-SSL *s;
+int ssl3_pending(SSL *s)
 	{
 	return(s->s3->rrec.length);
 	}
 
-int ssl3_new(s)
-SSL *s;
+int ssl3_new(SSL *s)
 	{
 	SSL3_CTX *s3;
 
@@ -452,33 +515,42 @@ err:
 	return(0);
 	}
 
-void ssl3_free(s)
-SSL *s;
+void ssl3_free(SSL *s)
 	{
+	if(s == NULL)
+	    return;
+
 	ssl3_cleanup_key_block(s);
 	if (s->s3->rbuf.buf != NULL)
 		Free(s->s3->rbuf.buf);
 	if (s->s3->wbuf.buf != NULL)
 		Free(s->s3->wbuf.buf);
+	if (s->s3->rrec.comp != NULL)
+		Free(s->s3->rrec.comp);
 #ifndef NO_DH
 	if (s->s3->tmp.dh != NULL)
 		DH_free(s->s3->tmp.dh);
 #endif
 	if (s->s3->tmp.ca_names != NULL)
-		sk_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
+		sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
 	memset(s->s3,0,sizeof(SSL3_CTX));
 	Free(s->s3);
 	s->s3=NULL;
 	}
 
-void ssl3_clear(s)
-SSL *s;
+void ssl3_clear(SSL *s)
 	{
 	unsigned char *rp,*wp;
 
 	ssl3_cleanup_key_block(s);
 	if (s->s3->tmp.ca_names != NULL)
-		sk_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
+		sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
+
+	if (s->s3->rrec.comp != NULL)
+		{
+		Free(s->s3->rrec.comp);
+		s->s3->rrec.comp=NULL;
+		}
 
 	rp=s->s3->rbuf.buf;
 	wp=s->s3->wbuf.buf;
@@ -486,6 +558,9 @@ SSL *s;
 	memset(s->s3,0,sizeof(SSL3_CTX));
 	if (rp != NULL) s->s3->rbuf.buf=rp;
 	if (wp != NULL) s->s3->wbuf.buf=wp;
+
+	ssl_free_wbio_buffer(s);
+
 	s->packet_length=0;
 	s->s3->renegotiate=0;
 	s->s3->total_renegotiations=0;
@@ -494,14 +569,30 @@ SSL *s;
 	s->version=SSL3_VERSION;
 	}
 
-long ssl3_ctrl(s,cmd,larg,parg)
-SSL *s;
-int cmd;
-long larg;
-char *parg;
+long ssl3_ctrl(SSL *s, int cmd, long larg, char *parg)
 	{
 	int ret=0;
 
+#if !defined(NO_DSA) || !defined(NO_RSA)
+	if (
+#ifndef NO_RSA
+	    cmd == SSL_CTRL_SET_TMP_RSA ||
+	    cmd == SSL_CTRL_SET_TMP_RSA_CB ||
+#endif
+#ifndef NO_DSA
+	    cmd == SSL_CTRL_SET_TMP_DH ||
+	    cmd == SSL_CTRL_SET_TMP_DH_CB ||
+#endif
+		0)
+		{
+		if (!ssl_cert_inst(&s->cert))
+		    	{
+			SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
+			return(0);
+			}
+		}
+#endif
+
 	switch (cmd)
 		{
 	case SSL_CTRL_GET_SESSION_REUSED:
@@ -519,21 +610,75 @@ char *parg;
 	case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
 		ret=s->s3->total_renegotiations;
 		break;
+	case SSL_CTRL_GET_FLAGS:
+		ret=(int)(s->s3->flags);
+		break;
+#ifndef NO_RSA
+	case SSL_CTRL_NEED_TMP_RSA:
+		if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
+		    ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
+		     (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))))
+			ret = 1;
+		break;
+	case SSL_CTRL_SET_TMP_RSA:
+		{
+			RSA *rsa = (RSA *)parg;
+			if (rsa == NULL) {
+				SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+				return(ret);
+			}
+			if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) {
+				SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
+				return(ret);
+			}
+			if (s->cert->rsa_tmp != NULL)
+				RSA_free(s->cert->rsa_tmp);
+			s->cert->rsa_tmp = rsa;
+			ret = 1;
+		}
+		break;
+	case SSL_CTRL_SET_TMP_RSA_CB:
+		s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))parg;
+		break;
+#endif
+#ifndef NO_DH
+	case SSL_CTRL_SET_TMP_DH:
+		{
+			DH *dh = (DH *)parg;
+			if (dh == NULL) {
+				SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+				return(ret);
+			}
+			if ((dh = DHparams_dup(dh)) == NULL) {
+				SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
+				return(ret);
+			}
+			if (!DH_generate_key(dh)) {
+				DH_free(dh);
+				SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
+				return(ret);
+			}
+			if (s->cert->dh_tmp != NULL)
+				DH_free(s->cert->dh_tmp);
+			s->cert->dh_tmp = dh;
+			ret = 1;
+		}
+		break;
+	case SSL_CTRL_SET_TMP_DH_CB:
+		s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))parg;
+		break;
+#endif
 	default:
 		break;
 		}
 	return(ret);
 	}
 
-long ssl3_ctx_ctrl(ctx,cmd,larg,parg)
-SSL_CTX *ctx;
-int cmd;
-long larg;
-char *parg;
+long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg)
 	{
 	CERT *cert;
 
-	cert=ctx->default_cert;
+	cert=ctx->cert;
 
 	switch (cmd)
 		{
@@ -546,7 +691,7 @@ char *parg;
 			return(1);
 		else
 			return(0);
-		break;
+		/* break; */
 	case SSL_CTRL_SET_TMP_RSA:
 		{
 		RSA *rsa;
@@ -574,15 +719,16 @@ char *parg;
 			return(1);
 			}
 		}
-		break;
+		/* break; */
 	case SSL_CTRL_SET_TMP_RSA_CB:
-		cert->rsa_tmp_cb=(RSA *(*)())parg;
+		cert->rsa_tmp_cb=(RSA *(*)(SSL *, int, int))parg;
 		break;
 #endif
 #ifndef NO_DH
 	case SSL_CTRL_SET_TMP_DH:
 		{
 		DH *new=NULL,*dh;
+		int rret=0;
 
 		dh=(DH *)parg;
 		if (	((new=DHparams_dup(dh)) == NULL) ||
@@ -590,21 +736,31 @@ char *parg;
 			{
 			SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
 			if (new != NULL) DH_free(new);
-			return(0);
 			}
 		else
 			{
 			if (cert->dh_tmp != NULL)
 				DH_free(cert->dh_tmp);
 			cert->dh_tmp=new;
-			return(1);
+			rret=1;
 			}
+		return(rret);
 		}
-		break;
+		/*break; */
 	case SSL_CTRL_SET_TMP_DH_CB:
-		cert->dh_tmp_cb=(DH *(*)())parg;
+		cert->dh_tmp_cb=(DH *(*)(SSL *, int, int))parg;
 		break;
 #endif
+	/* A Thawte special :-) */
+	case SSL_CTRL_EXTRA_CHAIN_CERT:
+		if (ctx->extra_certs == NULL)
+			{
+			if ((ctx->extra_certs=sk_X509_new_null()) == NULL)
+				return(0);
+			}
+		sk_X509_push(ctx->extra_certs,(X509 *)parg);
+		break;
+
 	default:
 		return(0);
 		}
@@ -613,8 +769,7 @@ char *parg;
 
 /* This function needs to check if the ciphers required are actually
  * available */
-SSL_CIPHER *ssl3_get_cipher_by_char(p)
-unsigned char *p;
+SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
 	{
 	static int init=1;
 	static SSL_CIPHER *sorted[SSL3_NUM_CIPHERS];
@@ -624,7 +779,7 @@ unsigned char *p;
 
 	if (init)
 		{
-		init=0;
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL);
 
 		for (i=0; i<SSL3_NUM_CIPHERS; i++)
 			sorted[i]= &(ssl3_ciphers[i]);
@@ -632,6 +787,10 @@ unsigned char *p;
 		qsort(	(char *)sorted,
 			SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
 			FP_ICC ssl_cipher_ptr_id_cmp);
+
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+
+		init=0;
 		}
 
 	id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
@@ -646,9 +805,7 @@ unsigned char *p;
 		return(*cpp);
 	}
 
-int ssl3_put_cipher_by_char(c,p)
-SSL_CIPHER *c;
-unsigned char *p;
+int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
 	{
 	long l;
 
@@ -662,9 +819,7 @@ unsigned char *p;
 	return(2);
 	}
 
-int ssl3_part_read(s,i)
-SSL *s;
-int i;
+int ssl3_part_read(SSL *s, int i)
 	{
 	s->rwstate=SSL_READING;
 
@@ -679,61 +834,67 @@ int i;
 		}
 	}
 
-SSL_CIPHER *ssl3_choose_cipher(s,have,pref)
-SSL *s;
-STACK *have,*pref;
+SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *have,
+	     STACK_OF(SSL_CIPHER) *pref)
 	{
 	SSL_CIPHER *c,*ret=NULL;
 	int i,j,ok;
 	CERT *cert;
 	unsigned long alg,mask,emask;
 
-	/* Lets see which ciphers we can supported */
-	if (s->cert != NULL)
-		cert=s->cert;
-	else
-		cert=s->ctx->default_cert;
+	/* Let's see which ciphers we can support */
+	cert=s->cert;
 
-	ssl_set_cert_masks(cert);
-	mask=cert->mask;
-	emask=cert->export_mask;
-			
-	sk_set_cmp_func(pref,ssl_cipher_ptr_id_cmp);
+	sk_SSL_CIPHER_set_cmp_func(pref,ssl_cipher_ptr_id_cmp);
 
-	for (i=0; i<sk_num(have); i++)
+#ifdef CIPHER_DEBUG
+	printf("Have:\n");
+	for(i=0 ; i < sk_num(pref) ; ++i)
+	    {
+	    c=(SSL_CIPHER *)sk_value(pref,i);
+	    printf("%p:%s\n",c,c->name);
+	    }
+#endif
+
+	for (i=0; i<sk_SSL_CIPHER_num(have); i++)
 		{
-		c=(SSL_CIPHER *)sk_value(have,i);
+		c=sk_SSL_CIPHER_value(have,i);
+
+		ssl_set_cert_masks(cert,c);
+		mask=cert->mask;
+		emask=cert->export_mask;
+			
 		alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
-		if (alg & SSL_EXPORT)
+		if (SSL_IS_EXPORT(c->algorithms))
 			{
 			ok=((alg & emask) == alg)?1:0;
 #ifdef CIPHER_DEBUG
-			printf("%d:[%08lX:%08lX]%s\n",ok,alg,mask,c->name);
+			printf("%d:[%08lX:%08lX]%p:%s (export)\n",ok,alg,emask,
+			       c,c->name);
 #endif
 			}
 		else
 			{
 			ok=((alg & mask) == alg)?1:0;
 #ifdef CIPHER_DEBUG
-			printf("%d:[%08lX:%08lX]%s\n",ok,alg,mask,c->name);
+			printf("%d:[%08lX:%08lX]%p:%s\n",ok,alg,mask,c,
+			       c->name);
 #endif
 			}
 
 		if (!ok) continue;
 	
-		j=sk_find(pref,(char *)c);
+		j=sk_SSL_CIPHER_find(pref,c);
 		if (j >= 0)
 			{
-			ret=(SSL_CIPHER *)sk_value(pref,j);
+			ret=sk_SSL_CIPHER_value(pref,j);
 			break;
 			}
 		}
 	return(ret);
 	}
 
-int ssl3_get_req_cert_type(s,p)
-SSL *s;
-unsigned char *p;
+int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
 	{
 	int ret=0;
 	unsigned long alg;
@@ -743,33 +904,34 @@ unsigned char *p;
 #ifndef NO_DH
 	if (alg & (SSL_kDHr|SSL_kEDH))
 		{
-#ifndef NO_RSA
+#  ifndef NO_RSA
 		p[ret++]=SSL3_CT_RSA_FIXED_DH;
-#endif
-#ifndef NO_DSA
+#  endif
+#  ifndef NO_DSA
 		p[ret++]=SSL3_CT_DSS_FIXED_DH;
-#endif
+#  endif
 		}
 	if ((s->version == SSL3_VERSION) &&
 		(alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
 		{
-#ifndef NO_RSA
+#  ifndef NO_RSA
 		p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
-#endif
-#ifndef NO_DSA
+#  endif
+#  ifndef NO_DSA
 		p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
-#endif
+#  endif
 		}
 #endif /* !NO_DH */
 #ifndef NO_RSA
 	p[ret++]=SSL3_CT_RSA_SIGN;
 #endif
+#ifndef NO_DSA
 	p[ret++]=SSL3_CT_DSS_SIGN;
+#endif
 	return(ret);
 	}
 
-int ssl3_shutdown(s)
-SSL *s;
+int ssl3_shutdown(SSL *s)
 	{
 
 	/* Don't do anything much if we have not done the handshake or
@@ -809,13 +971,9 @@ SSL *s;
 		return(0);
 	}
 
-int ssl3_write(s,buf,len)
-SSL *s;
-char *buf;
-int len;
+int ssl3_write(SSL *s, const void *buf, int len)
 	{
 	int ret,n;
-	BIO *under;
 
 #if 0
 	if (s->shutdown & SSL_SEND_SHUTDOWN)
@@ -838,7 +996,7 @@ int len;
 		if (s->s3->delay_buf_pop_ret == 0)
 			{
 			ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
-				(char *)buf,len);
+					     buf,len);
 			if (ret <= 0) return(ret);
 
 			s->s3->delay_buf_pop_ret=ret;
@@ -849,30 +1007,24 @@ int len;
 		if (n <= 0) return(n);
 		s->rwstate=SSL_NOTHING;
 
-		/* We have flushed the buffer */
-		under=BIO_pop(s->wbio);
-		s->wbio=under;
-		BIO_free(s->bbio);
-		s->bbio=NULL;
+		/* We have flushed the buffer, so remove it */
+		ssl_free_wbio_buffer(s);
+		s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
+
 		ret=s->s3->delay_buf_pop_ret;
 		s->s3->delay_buf_pop_ret=0;
-
-		s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
 		}
 	else
 		{
 		ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
-			(char *)buf,len);
+				     buf,len);
 		if (ret <= 0) return(ret);
 		}
 
 	return(ret);
 	}
 
-int ssl3_read(s,buf,len)
-SSL *s;
-char *buf;
-int len;
+int ssl3_read(SSL *s, void *buf, int len)
 	{
 	int ret;
 	
@@ -894,10 +1046,7 @@ int len;
 	return(ret);
 	}
 
-int ssl3_peek(s,buf,len)
-SSL *s;
-char *buf;
-int len;
+int ssl3_peek(SSL *s, char *buf, int len)
 	{
 	SSL3_RECORD *rr;
 	int n;
@@ -919,8 +1068,7 @@ int len;
 	return(n);
 	}
 
-int ssl3_renegotiate(s)
-SSL *s;
+int ssl3_renegotiate(SSL *s)
 	{
 	if (s->handshake_func == NULL)
 		return(1);
@@ -932,8 +1080,7 @@ SSL *s;
 	return(1);
 	}
 
-int ssl3_renegotiate_check(s)
-SSL *s;
+int ssl3_renegotiate_check(SSL *s)
 	{
 	int ret=0;
 
@@ -958,4 +1105,3 @@ need to go to SSL_ST_ACCEPT.
 	return(ret);
 	}
 
-
diff --git a/lib/libssl/src/ssl/s3_meth.c b/lib/libssl/src/ssl/s3_meth.c
index 3d66b4643aa..81bcad89c52 100644
--- a/lib/libssl/src/ssl/s3_meth.c
+++ b/lib/libssl/src/ssl/s3_meth.c
@@ -57,11 +57,11 @@
  */
 
 #include <stdio.h>
-#include "objects.h"
+#include <openssl/objects.h>
 #include "ssl_locl.h"
 
-static SSL_METHOD *ssl3_get_method(ver)
-int ver;
+static SSL_METHOD *ssl3_get_method(int ver);
+static SSL_METHOD *ssl3_get_method(int ver)
 	{
 	if (ver == SSL3_VERSION)
 		return(SSLv3_method());
@@ -69,19 +69,19 @@ int ver;
 		return(NULL);
 	}
 
-SSL_METHOD *SSLv3_method()
+SSL_METHOD *SSLv3_method(void)
 	{
 	static int init=1;
 	static SSL_METHOD SSLv3_data;
 
 	if (init)
 		{
-		init=0;
 		memcpy((char *)&SSLv3_data,(char *)sslv3_base_method(),
 			sizeof(SSL_METHOD));
 		SSLv3_data.ssl_connect=ssl3_connect;
 		SSLv3_data.ssl_accept=ssl3_accept;
 		SSLv3_data.get_ssl_method=ssl3_get_method;
+		init=0;
 		}
 	return(&SSLv3_data);
 	}
diff --git a/lib/libssl/src/ssl/s3_pkt.c b/lib/libssl/src/ssl/s3_pkt.c
index 23850803479..7893d03123d 100644
--- a/lib/libssl/src/ssl/s3_pkt.c
+++ b/lib/libssl/src/ssl/s3_pkt.c
@@ -59,49 +59,19 @@
 #include <stdio.h>
 #include <errno.h>
 #define USE_SOCKETS
-#include "evp.h"
-#include "buffer.h"
+#include <openssl/evp.h>
+#include <openssl/buffer.h>
 #include "ssl_locl.h"
 
-/* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_BAD_RECORD_MAC);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_NO_CERTIFICATE);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_BAD_CERTIFICATE);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER);
- */
-
-#ifndef NOPROTO
-static int do_ssl3_write(SSL *s, int type, char *buf, unsigned int len);
-static int ssl3_write_pending(SSL *s, int type, char *buf, unsigned int len);
+static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+			 unsigned int len);
+static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
+			      unsigned int len);
 static int ssl3_get_record(SSL *s);
 static int do_compress(SSL *ssl);
 static int do_uncompress(SSL *ssl);
 static int do_change_cipher_spec(SSL *ssl);
-#else
-static int do_ssl3_write();
-static int ssl3_write_pending();
-static int ssl3_get_record();
-static int do_compress();
-static int do_uncompress();
-static int do_change_cipher_spec();
-#endif
-
-static int ssl3_read_n(s,n,max,extend)
-SSL *s;
-int n;
-int max;
-int extend;
+static int ssl3_read_n(SSL *s, int n, int max, int extend)
 	{
 	int i,off,newb;
 
@@ -210,10 +180,8 @@ int extend;
  * ssl->s3->rrec.data, 	- data
  * ssl->s3->rrec.length, - number of bytes
  */
-static int ssl3_get_record(s)
-SSL *s;
+static int ssl3_get_record(SSL *s)
 	{
-	char tmp_buf[512];
 	int ssl_major,ssl_minor,al;
 	int n,i,ret= -1;
 	SSL3_BUFFER *rb;
@@ -331,7 +299,6 @@ again:
 
 	/* decrypt in place in 'rr->input' */
 	rr->data=rr->input;
-	memcpy(tmp_buf,rr->input,(rr->length > 512)?512:rr->length);
 
 	if (!s->method->ssl3_enc->enc(s,0))
 		{
@@ -340,7 +307,7 @@ again:
 		}
 #ifdef TLS_DEBUG
 printf("dec %d\n",rr->length);
-{ int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
+{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
 printf("\n");
 #endif
 	/* r->length is now the compressed data plus mac */
@@ -378,7 +345,7 @@ printf("\n");
 		}
 
 	/* r->length is now just compressed */
-	if ((sess != NULL) && (sess->read_compression != NULL))
+	if (s->expand != NULL)
 		{
 		if (rr->length > 
 			(unsigned int)SSL3_RT_MAX_COMPRESSED_LENGTH+extra)
@@ -424,27 +391,47 @@ err:
 	return(ret);
 	}
 
-static int do_uncompress(ssl)
-SSL *ssl;
+static int do_uncompress(SSL *ssl)
 	{
+	int i;
+	SSL3_RECORD *rr;
+
+	rr= &(ssl->s3->rrec);
+	i=COMP_expand_block(ssl->expand,rr->comp,
+		SSL3_RT_MAX_PLAIN_LENGTH,rr->data,(int)rr->length);
+	if (i < 0)
+		return(0);
+	else
+		rr->length=i;
+	rr->data=rr->comp;
+
 	return(1);
 	}
 
-static int do_compress(ssl)
-SSL *ssl;
+static int do_compress(SSL *ssl)
 	{
+	int i;
+	SSL3_RECORD *wr;
+
+	wr= &(ssl->s3->wrec);
+	i=COMP_compress_block(ssl->compress,wr->data,
+		SSL3_RT_MAX_COMPRESSED_LENGTH,
+		wr->input,(int)wr->length);
+	if (i < 0)
+		return(0);
+	else
+		wr->length=i;
+
+	wr->input=wr->data;
 	return(1);
 	}
 
 /* Call this to write data
  * It will return <= 0 if not all data has been sent or non-blocking IO.
  */
-int ssl3_write_bytes(s,type,buf,len)
-SSL *s;
-int type;
-char *buf;
-int len;
+int ssl3_write_bytes(SSL *s, int type, const void *_buf, int len)
 	{
+	const unsigned char *buf=_buf;
 	unsigned int tot,n,nw;
 	int i;
 
@@ -479,20 +466,22 @@ int len;
 			}
 
 		if (type == SSL3_RT_HANDSHAKE)
-			ssl3_finish_mac(s,(unsigned char *)&(buf[tot]),i);
+			ssl3_finish_mac(s,&(buf[tot]),i);
 
-		if (i == (int)n) return(tot+i);
+		if ((i == (int)n) ||
+			(type == SSL3_RT_APPLICATION_DATA &&
+			 (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)))
+			{
+			return(tot+i);
+			}
 
 		n-=i;
 		tot+=i;
 		}
 	}
 
-static int do_ssl3_write(s,type,buf,len)
-SSL *s;
-int type;
-char *buf;
-unsigned int len;
+static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+			 unsigned int len)
 	{
 	unsigned char *p,*plen;
 	int i,mac_size,clear=0;
@@ -552,7 +541,7 @@ unsigned int len;
 	 * wr->data */
 
 	/* first we compress */
-	if ((sess != NULL) && (sess->write_compression != NULL))
+	if (s->compress != NULL)
 		{
 		if (!do_compress(s))
 			{
@@ -606,16 +595,15 @@ err:
 	}
 
 /* if s->s3->wbuf.left != 0, we need to call this */
-static int ssl3_write_pending(s,type,buf,len)
-SSL *s;
-int type;
-char *buf;
-unsigned int len;
+static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
+			      unsigned int len)
 	{
 	int i;
 
 /* XXXX */
-	if ((s->s3->wpend_tot > (int)len) || (s->s3->wpend_buf != buf)
+	if ((s->s3->wpend_tot > (int)len)
+		|| ((s->s3->wpend_buf != buf) &&
+			!(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER))
 		|| (s->s3->wpend_type != type))
 		{
 		SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY);
@@ -650,18 +638,14 @@ unsigned int len;
 		}
 	}
 
-int ssl3_read_bytes(s,type,buf,len)
-SSL *s;
-int type;
-char *buf;
-int len;
+int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len)
 	{
 	int al,i,j,n,ret;
 	SSL3_RECORD *rr;
 	void (*cb)()=NULL;
 	BIO *bio;
 
-	if (s->s3->rbuf.buf == NULL) /* Not initalised yet */
+	if (s->s3->rbuf.buf == NULL) /* Not initialize yet */
 		if (!ssl3_setup_buffers(s))
 			return(-1);
 
@@ -786,7 +770,8 @@ start:
 
 				s->rwstate=SSL_NOTHING;
 				s->s3->fatal_alert=n;
-				SSLerr(SSL_F_SSL3_READ_BYTES,1000+n);
+				SSLerr(SSL_F_SSL3_READ_BYTES,
+					SSL_AD_REASON_OFFSET+n);
 				sprintf(tmp,"%d",n);
 				ERR_add_error_data(2,"SSL alert number ",tmp);
 				s->shutdown|=SSL_RECEIVED_SHUTDOWN;
@@ -836,7 +821,9 @@ start:
 			if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
 				!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
 				{
-				s->state=SSL_ST_BEFORE;
+				s->state=SSL_ST_BEFORE|(s->server)
+						?SSL_ST_ACCEPT
+						:SSL_ST_CONNECT;
 				s->new_session=1;
 				}
 			n=s->handshake_func(s);
@@ -937,7 +924,7 @@ start:
 		}
 
 	if (type == SSL3_RT_HANDSHAKE)
-		ssl3_finish_mac(s,(unsigned char *)buf,n);
+		ssl3_finish_mac(s,buf,n);
 	return(n);
 f_err:
 	ssl3_send_alert(s,SSL3_AL_FATAL,al);
@@ -945,8 +932,7 @@ err:
 	return(-1);
 	}
 
-static int do_change_cipher_spec(s)
-SSL *s;
+static int do_change_cipher_spec(SSL *s)
 	{
 	int i;
 	unsigned char *sender;
@@ -988,14 +974,12 @@ SSL *s;
 	return(1);
 	}
 
-int ssl3_do_write(s,type)
-SSL *s;
-int type;
+int ssl3_do_write(SSL *s, int type)
 	{
 	int ret;
 
-	ret=ssl3_write_bytes(s,type,(char *)
-		&(s->init_buf->data[s->init_off]),s->init_num);
+	ret=ssl3_write_bytes(s,type,&s->init_buf->data[s->init_off],
+			     s->init_num);
 	if (ret == s->init_num)
 		return(1);
 	if (ret < 0) return(-1);
@@ -1004,10 +988,7 @@ int type;
 	return(0);
 	}
 
-void ssl3_send_alert(s,level,desc)
-SSL *s;
-int level;
-int desc;
+void ssl3_send_alert(SSL *s, int level, int desc)
 	{
 	/* Map tls/ssl alert value to correct one */
 	desc=s->method->ssl3_enc->alert_value(desc);
@@ -1025,14 +1006,13 @@ int desc;
 	 * some time in the future */
 	}
 
-int ssl3_dispatch_alert(s)
-SSL *s;
+int ssl3_dispatch_alert(SSL *s)
 	{
 	int i,j;
 	void (*cb)()=NULL;
 
 	s->s3->alert_dispatch=0;
-	i=do_ssl3_write(s,SSL3_RT_ALERT,&(s->s3->send_alert[0]),2);
+	i=do_ssl3_write(s,SSL3_RT_ALERT,&s->s3->send_alert[0],2);
 	if (i <= 0)
 		{
 		s->s3->alert_dispatch=1;
@@ -1043,7 +1023,7 @@ SSL *s;
 		 * does not get sent due to non-blocking IO, we will
 		 * not worry too much. */
 		if (s->s3->send_alert[0] == SSL3_AL_FATAL)
-			BIO_flush(s->wbio);
+			(void)BIO_flush(s->wbio);
 
 		if (s->info_callback != NULL)
 			cb=s->info_callback;
diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c
index 64903af1519..e003d883574 100644
--- a/lib/libssl/src/ssl/s3_srvr.c
+++ b/lib/libssl/src/ssl/s3_srvr.c
@@ -59,22 +59,16 @@
 #define REUSE_CIPHER_BUG
 
 #include <stdio.h>
-#include "buffer.h"
-#include "rand.h"
-#include "objects.h"
-#include "evp.h"
-#include "x509.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/md5.h>
+#include <openssl/sha.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
 #include "ssl_locl.h"
 
-#define BREAK	break
-/* SSLerr(SSL_F_SSL3_ACCEPT,ERR_R_MALLOC_FAILURE);
- * SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE);
- * SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
- * SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_MALLOC_FAILURE);
- * SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);
- */
-
-#ifndef NOPROTO
+static SSL_METHOD *ssl3_get_server_method(int ver);
 static int ssl3_get_client_hello(SSL *s);
 static int ssl3_send_server_hello(SSL *s);
 static int ssl3_send_server_key_exchange(SSL *s);
@@ -85,22 +79,7 @@ static int ssl3_get_client_key_exchange(SSL *s);
 static int ssl3_get_client_certificate(SSL *s);
 static int ssl3_send_hello_request(SSL *s);
 
-#else
-
-static int ssl3_get_client_hello();
-static int ssl3_send_server_hello();
-static int ssl3_send_server_key_exchange();
-static int ssl3_send_certificate_request();
-static int ssl3_send_server_done();
-static int ssl3_get_cert_verify();
-static int ssl3_get_client_key_exchange();
-static int ssl3_get_client_certificate();
-static int ssl3_send_hello_request();
-
-#endif
-
-static SSL_METHOD *ssl3_get_server_method(ver)
-int ver;
+static SSL_METHOD *ssl3_get_server_method(int ver)
 	{
 	if (ver == SSL3_VERSION)
 		return(SSLv3_server_method());
@@ -108,35 +87,32 @@ int ver;
 		return(NULL);
 	}
 
-SSL_METHOD *SSLv3_server_method()
+SSL_METHOD *SSLv3_server_method(void)
 	{
 	static int init=1;
 	static SSL_METHOD SSLv3_server_data;
 
 	if (init)
 		{
-		init=0;
 		memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(),
 			sizeof(SSL_METHOD));
 		SSLv3_server_data.ssl_accept=ssl3_accept;
 		SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
+		init=0;
 		}
 	return(&SSLv3_server_data);
 	}
 
-int ssl3_accept(s)
-SSL *s;
+int ssl3_accept(SSL *s)
 	{
 	BUF_MEM *buf;
 	unsigned long l,Time=time(NULL);
 	void (*cb)()=NULL;
 	long num1;
 	int ret= -1;
-	CERT *ct;
-	BIO *under;
 	int new_state,state,skip=0;
 
-	RAND_seed((unsigned char *)&Time,sizeof(Time));
+	RAND_seed(&Time,sizeof(Time));
 	ERR_clear_error();
 	clear_sys_error();
 
@@ -149,17 +125,11 @@ SSL *s;
 	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
 	s->in_handshake++;
 
-#ifdef undef
-	/* FIX THIS EAY EAY EAY */
-	/* we don't actually need a cert, we just need a cert or a DH_tmp */
-	if (((s->session == NULL) || (s->session->cert == NULL)) &&
-		(s->cert == NULL))
+	if (s->cert == NULL)
 		{
 		SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
-		ret= -1;
-		goto end;
+		return(-1);
 		}
-#endif
 
 	for (;;)
 		{
@@ -176,6 +146,7 @@ SSL *s;
 		case SSL_ST_BEFORE|SSL_ST_ACCEPT:
 		case SSL_ST_OK|SSL_ST_ACCEPT:
 
+			s->server=1;
 			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
 
 			if ((s->version>>8) != 3)
@@ -215,11 +186,11 @@ SSL *s;
 				{
 				s->state=SSL3_ST_SR_CLNT_HELLO_A;
 				ssl3_init_finished_mac(s);
-				s->ctx->sess_accept++;
+				s->ctx->stats.sess_accept++;
 				}
 			else
 				{
-				s->ctx->sess_accept_renegotiate++;
+				s->ctx->stats.sess_accept_renegotiate++;
 				s->state=SSL3_ST_SW_HELLO_REQ_A;
 				}
 			break;
@@ -238,15 +209,6 @@ SSL *s;
 			break;
 
 		case SSL3_ST_SW_HELLO_REQ_C:
-			/* remove buffering on output */
-			under=BIO_pop(s->wbio);
-			if (under != NULL)
-				s->wbio=under;
-			else
-				abort(); /* ok */
-			BIO_free(s->bbio);
-			s->bbio=NULL;
-
 			s->state=SSL_ST_OK;
 			ret=1;
 			goto end;
@@ -292,20 +254,6 @@ SSL *s;
 		case SSL3_ST_SW_KEY_EXCH_A:
 		case SSL3_ST_SW_KEY_EXCH_B:
 			l=s->s3->tmp.new_cipher->algorithms;
-			if (s->session->cert == NULL)
-				{
-				if (s->cert != NULL)
-					{
-					CRYPTO_add(&s->cert->references,1,CRYPTO_LOCK_SSL_CERT);
-					s->session->cert=s->cert;
-					}
-				else
-					{
-					CRYPTO_add(&s->ctx->default_cert->references,1,CRYPTO_LOCK_SSL_CERT);
-					s->session->cert=s->ctx->default_cert;
-					}
-				}
-			ct=s->session->cert;
 
 			/* clear this, it may get reset by
 			 * send_server_key_exchange */
@@ -316,16 +264,16 @@ SSL *s;
 
 			/* only send if a DH key exchange, fortezza or
 			 * RSA but we have a sign only certificate */
-			if ( s->s3->tmp.use_rsa_tmp ||
-			    (l & (SSL_DH|SSL_kFZA)) ||
-			    ((l & SSL_kRSA) &&
-			     ((ct->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL)||
-			      ((l & SSL_EXPORT) &&
-			       (EVP_PKEY_size(ct->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > 512)
-			      )
-			     )
+			if (s->s3->tmp.use_rsa_tmp
+			    || (l & (SSL_DH|SSL_kFZA))
+			    || ((l & SSL_kRSA)
+				&& (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
+				    || (SSL_IS_EXPORT(l)
+					&& EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_EXPORT_PKEYLENGTH(l)
+					)
+				    )
+				)
 			    )
-			   )
 				{
 				ret=ssl3_send_server_key_exchange(s);
 				if (ret <= 0) goto end;
@@ -478,20 +426,14 @@ SSL *s;
 			s->init_buf=NULL;
 
 			/* remove buffering on output */
-			under=BIO_pop(s->wbio);
-			if (under != NULL)
-				s->wbio=under;
-			else
-				abort(); /* ok */
-			BIO_free(s->bbio);
-			s->bbio=NULL;
+			ssl_free_wbio_buffer(s);
 
 			s->new_session=0;
 			s->init_num=0;
 
 			ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
 
-			s->ctx->sess_accept_good++;
+			s->ctx->stats.sess_accept_good++;
 			/* s->server=1; */
 			s->handshake_func=ssl3_accept;
 			ret=1;
@@ -536,8 +478,7 @@ end:
 	return(ret);
 	}
 
-static int ssl3_send_hello_request(s)
-SSL *s;
+static int ssl3_send_hello_request(SSL *s)
 	{
 	unsigned char *p;
 
@@ -559,15 +500,15 @@ SSL *s;
 	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
 	}
 
-static int ssl3_get_client_hello(s)
-SSL *s;
+static int ssl3_get_client_hello(SSL *s)
 	{
 	int i,j,ok,al,ret= -1;
 	long n;
 	unsigned long id;
-	unsigned char *p,*d;
+	unsigned char *p,*d,*q;
 	SSL_CIPHER *c;
-	STACK *ciphers=NULL;
+	SSL_COMP *comp=NULL;
+	STACK_OF(SSL_CIPHER) *ciphers=NULL;
 
 	/* We do this so that we will respond with our native type.
 	 * If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
@@ -593,6 +534,7 @@ SSL *s;
 	/* The version number has already been checked in ssl3_get_message.
 	 * I a native TLSv1/SSLv3 method, the match must be correct except
 	 * perhaps for the first message */
+/*	s->client_version=(((int)p[0])<<8)|(int)p[1]; */
 	p+=2;
 
 	/* load the client random */
@@ -615,7 +557,9 @@ SSL *s;
 			{ /* previous session */
 			s->hit=1;
 			}
-		else
+		else if (i == -1)
+			goto err;
+		else /* i == 0 */
 			{
 			if (!ssl_get_new_session(s,1))
 				goto err;
@@ -651,9 +595,16 @@ SSL *s;
 		j=0;
 		id=s->session->cipher->id;
 
-		for (i=0; i<sk_num(ciphers); i++)
+#ifdef CIPHER_DEBUG
+		printf("client sent %d ciphers\n",sk_num(ciphers));
+#endif
+		for (i=0; i<sk_SSL_CIPHER_num(ciphers); i++)
 			{
-			c=(SSL_CIPHER *)sk_value(ciphers,i);
+			c=sk_SSL_CIPHER_value(ciphers,i);
+#ifdef CIPHER_DEBUG
+			printf("client [%2d of %2d]:%s\n",
+				i,sk_num(ciphers),SSL_CIPHER_get_name(c));
+#endif
 			if (c->id == id)
 				{
 				j=1;
@@ -662,11 +613,11 @@ SSL *s;
 			}
 		if (j == 0)
 			{
-			if ((s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_num(ciphers) == 1))
+			if ((s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1))
 				{
 				/* Very bad for multi-threading.... */
-				s->session->cipher=
-					(SSL_CIPHER *)sk_value(ciphers,0);
+				s->session->cipher=sk_SSL_CIPHER_value(ciphers,
+								       0);
 				}
 			else
 				{
@@ -681,8 +632,11 @@ SSL *s;
 
 	/* compression */
 	i= *(p++);
+	q=p;
 	for (j=0; j<i; j++)
+		{
 		if (p[j] == 0) break;
+		}
 
 	p+=i;
 	if (j >= i)
@@ -693,6 +647,35 @@ SSL *s;
 		goto f_err;
 		}
 
+	/* Worst case, we will use the NULL compression, but if we have other
+	 * options, we will now look for them.  We have i-1 compression
+	 * algorithms from the client, starting at q. */
+	s->s3->tmp.new_compression=NULL;
+	if (s->ctx->comp_methods != NULL)
+		{ /* See if we have a match */
+		int m,nn,o,v,done=0;
+
+		nn=sk_SSL_COMP_num(s->ctx->comp_methods);
+		for (m=0; m<nn; m++)
+			{
+			comp=sk_SSL_COMP_value(s->ctx->comp_methods,m);
+			v=comp->id;
+			for (o=0; o<i; o++)
+				{
+				if (v == q[o])
+					{
+					done=1;
+					break;
+					}
+				}
+			if (done) break;
+			}
+		if (done)
+			s->s3->tmp.new_compression=comp;
+		else
+			comp=NULL;
+		}
+
 	/* TLS does not mind if there is extra stuff */
 	if (s->version == SSL3_VERSION)
 		{
@@ -706,15 +689,14 @@ SSL *s;
 			}
 		}
 
-	/* do nothing with compression */
-
 	/* Given s->session->ciphers and ssl_get_ciphers_by_id(s), we must
 	 * pick a cipher */
 
 	if (!s->hit)
 		{
+		s->session->compress_meth=(comp == NULL)?0:comp->id;
 		if (s->session->ciphers != NULL)
-			sk_free(s->session->ciphers);
+			sk_SSL_CIPHER_free(s->session->ciphers);
 		s->session->ciphers=ciphers;
 		if (ciphers == NULL)
 			{
@@ -724,7 +706,7 @@ SSL *s;
 			}
 		ciphers=NULL;
 		c=ssl3_choose_cipher(s,s->session->ciphers,
-			ssl_get_ciphers_by_id(s));
+				     ssl_get_ciphers_by_id(s));
 
 		if (c == NULL)
 			{
@@ -738,19 +720,19 @@ SSL *s;
 		{
 		/* Session-id reuse */
 #ifdef REUSE_CIPHER_BUG
-		STACK *sk;
+		STACK_OF(SSL_CIPHER) *sk;
 		SSL_CIPHER *nc=NULL;
 		SSL_CIPHER *ec=NULL;
 
 		if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
 			{
 			sk=s->session->ciphers;
-			for (i=0; i<sk_num(sk); i++)
+			for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
 				{
-				c=(SSL_CIPHER *)sk_value(sk,i);
+				c=sk_SSL_CIPHER_value(sk,i);
 				if (c->algorithms & SSL_eNULL)
 					nc=c;
-				if (c->algorithms & SSL_EXP)
+				if (SSL_C_IS_EXPORT(c))
 					ec=c;
 				}
 			if (nc != NULL)
@@ -783,12 +765,11 @@ f_err:
 		ssl3_send_alert(s,SSL3_AL_FATAL,al);
 		}
 err:
-	if (ciphers != NULL) sk_free(ciphers);
+	if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers);
 	return(ret);
 	}
 
-static int ssl3_send_server_hello(s)
-SSL *s;
+static int ssl3_send_server_hello(SSL *s)
 	{
 	unsigned char *buf;
 	unsigned char *p,*d;
@@ -833,7 +814,10 @@ SSL *s;
 		p+=i;
 
 		/* put the compression method */
-		*(p++)=0;
+		if (s->s3->tmp.new_compression == NULL)
+			*(p++)=0;
+		else
+			*(p++)=s->s3->tmp.new_compression->id;
 
 		/* do the header */
 		l=(p-d);
@@ -851,8 +835,7 @@ SSL *s;
 	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
 	}
 
-static int ssl3_send_server_done(s)
-SSL *s;
+static int ssl3_send_server_done(SSL *s)
 	{
 	unsigned char *p;
 
@@ -876,8 +859,7 @@ SSL *s;
 	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
 	}
 
-static int ssl3_send_server_key_exchange(s)
-SSL *s;
+static int ssl3_send_server_key_exchange(SSL *s)
 	{
 #ifndef NO_RSA
 	unsigned char *q;
@@ -902,7 +884,7 @@ SSL *s;
 	if (s->state == SSL3_ST_SW_KEY_EXCH_A)
 		{
 		type=s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK;
-		cert=s->session->cert;
+		cert=s->cert;
 
 		buf=s->init_buf;
 
@@ -912,11 +894,11 @@ SSL *s;
 		if (type & SSL_kRSA)
 			{
 			rsa=cert->rsa_tmp;
-			if ((rsa == NULL) && (s->ctx->default_cert->rsa_tmp_cb != NULL))
+			if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL))
 				{
-				rsa=s->ctx->default_cert->rsa_tmp_cb(s,
-					(s->s3->tmp.new_cipher->algorithms|
-					SSL_NOT_EXP)?0:1);
+				rsa=s->cert->rsa_tmp_cb(s,
+				      SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
+				      SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
 				CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
 				cert->rsa_tmp=rsa;
 				}
@@ -936,10 +918,10 @@ SSL *s;
 			if (type & SSL_kEDH)
 			{
 			dhp=cert->dh_tmp;
-			if ((dhp == NULL) && (cert->dh_tmp_cb != NULL))
-				dhp=cert->dh_tmp_cb(s,
-					(s->s3->tmp.new_cipher->algorithms|
-					SSL_NOT_EXP)?0:1);
+			if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
+				dhp=s->cert->dh_tmp_cb(s,
+				      !SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
+				      SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
 			if (dhp == NULL)
 				{
 				al=SSL_AD_HANDSHAKE_FAILURE;
@@ -953,13 +935,16 @@ SSL *s;
 				}
 
 			s->s3->tmp.dh=dh;
-			if (((dhp->pub_key == NULL) ||
-			     (dhp->priv_key == NULL) ||
-			     (s->options & SSL_OP_SINGLE_DH_USE)) &&
-			    (!DH_generate_key(dh)))
+			if ((dhp->pub_key == NULL ||
+			     dhp->priv_key == NULL ||
+			     (s->options & SSL_OP_SINGLE_DH_USE)))
 				{
-				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
-				goto err;
+				if(!DH_generate_key(dh))
+				    {
+				    SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+					   ERR_R_DH_LIB);
+				    goto err;
+				    }
 				}
 			else
 				{
@@ -1098,12 +1083,11 @@ err:
 	return(-1);
 	}
 
-static int ssl3_send_certificate_request(s)
-SSL *s;
+static int ssl3_send_certificate_request(SSL *s)
 	{
 	unsigned char *p,*d;
 	int i,j,nl,off,n;
-	STACK *sk=NULL;
+	STACK_OF(X509_NAME) *sk=NULL;
 	X509_NAME *name;
 	BUF_MEM *buf;
 
@@ -1128,9 +1112,9 @@ SSL *s;
 		nl=0;
 		if (sk != NULL)
 			{
-			for (i=0; i<sk_num(sk); i++)
+			for (i=0; i<sk_X509_NAME_num(sk); i++)
 				{
-				name=(X509_NAME *)sk_value(sk,i);
+				name=sk_X509_NAME_value(sk,i);
 				j=i2d_X509_NAME(name,NULL);
 				if (!BUF_MEM_grow(buf,4+n+j+2))
 					{
@@ -1176,15 +1160,16 @@ err:
 	return(-1);
 	}
 
-static int ssl3_get_client_key_exchange(s)
-SSL *s;
+static int ssl3_get_client_key_exchange(SSL *s)
 	{
 	int i,al,ok;
 	long n;
 	unsigned long l;
 	unsigned char *p;
+#ifndef NO_RSA
 	RSA *rsa=NULL;
 	EVP_PKEY *pkey=NULL;
+#endif
 #ifndef NO_DH
 	BIGNUM *pub=NULL;
 	DH *dh_srvr;
@@ -1208,12 +1193,8 @@ SSL *s;
 		/* FIX THIS UP EAY EAY EAY EAY */
 		if (s->s3->tmp.use_rsa_tmp)
 			{
-			if ((s->session->cert != NULL) &&
-				(s->session->cert->rsa_tmp != NULL))
-				rsa=s->session->cert->rsa_tmp;
-			else if ((s->ctx->default_cert != NULL) &&
-				(s->ctx->default_cert->rsa_tmp != NULL))
-				rsa=s->ctx->default_cert->rsa_tmp;
+			if ((s->cert != NULL) && (s->cert->rsa_tmp != NULL))
+				rsa=s->cert->rsa_tmp;
 			/* Don't do a callback because rsa_tmp should
 			 * be sent already */
 			if (rsa == NULL)
@@ -1259,15 +1240,28 @@ SSL *s;
 		i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING);
 
 #if 1
-		/* If a bad decrypt, use a dud master key */
+		/* If a bad decrypt, use a random master key */
 		if ((i != SSL_MAX_MASTER_KEY_LENGTH) ||
-			((p[0] != (s->version>>8)) ||
-			 (p[1] != (s->version & 0xff))))
+			((p[0] != (s->client_version>>8)) ||
+			 (p[1] != (s->client_version & 0xff))))
 			{
-			p[0]=(s->version>>8);
-			p[1]=(s->version & 0xff);
-			RAND_bytes(&(p[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
-			i=SSL_MAX_MASTER_KEY_LENGTH;
+			int bad=1;
+
+			if ((i == SSL_MAX_MASTER_KEY_LENGTH) &&
+				(p[0] == (s->version>>8)) &&
+				(p[1] == 0))
+				{
+				if (s->options & SSL_OP_TLS_ROLLBACK_BUG)
+					bad=0;
+				}
+			if (bad)
+				{
+				p[0]=(s->version>>8);
+				p[1]=(s->version & 0xff);
+				RAND_bytes(&(p[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
+				i=SSL_MAX_MASTER_KEY_LENGTH;
+				}
+			/* else, an SSLeay bug, ssl only server, tls client */
 			}
 #else
 		if (i != SSL_MAX_MASTER_KEY_LENGTH)
@@ -1370,8 +1364,7 @@ err:
 	return(-1);
 	}
 
-static int ssl3_get_cert_verify(s)
-SSL *s;
+static int ssl3_get_cert_verify(SSL *s)
 	{
 	EVP_PKEY *pkey=NULL;
 	unsigned char *p;
@@ -1505,17 +1498,17 @@ f_err:
 		ssl3_send_alert(s,SSL3_AL_FATAL,al);
 		}
 end:
+	EVP_PKEY_free(pkey);
 	return(ret);
 	}
 
-static int ssl3_get_client_certificate(s)
-SSL *s;
+static int ssl3_get_client_certificate(SSL *s)
 	{
 	int i,ok,al,ret= -1;
 	X509 *x=NULL;
 	unsigned long l,nc,llen,n;
 	unsigned char *p,*d,*q;
-	STACK *sk=NULL;
+	STACK_OF(X509) *sk=NULL;
 
 	n=ssl3_get_message(s,
 		SSL3_ST_SR_CERT_A,
@@ -1558,7 +1551,7 @@ SSL *s;
 		}
 	d=p=(unsigned char *)s->init_buf->data;
 
-	if ((sk=sk_new_null()) == NULL)
+	if ((sk=sk_X509_new_null()) == NULL)
 		{
 		SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);
 		goto err;
@@ -1594,7 +1587,7 @@ SSL *s;
 			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
 			goto f_err;
 			}
-		if (!sk_push(sk,(char *)x))
+		if (!sk_X509_push(sk,x))
 			{
 			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);
 			goto err;
@@ -1603,7 +1596,7 @@ SSL *s;
 		nc+=l+3;
 		}
 
-	if (sk_num(sk) <= 0)
+	if (sk_X509_num(sk) <= 0)
 		{
 		/* TLS does not mind 0 certs returned */
 		if (s->version == SSL3_VERSION)
@@ -1632,10 +1625,26 @@ SSL *s;
 			}
 		}
 
-	/* This should not be needed */
-	if (s->session->peer != NULL)
+	if (s->session->peer != NULL) /* This should not be needed */
 		X509_free(s->session->peer);
-	s->session->peer=(X509 *)sk_shift(sk);
+	s->session->peer=sk_X509_shift(sk);
+
+	/* With the current implementation, sess_cert will always be NULL
+	 * when we arrive here. */
+	if (s->session->sess_cert == NULL)
+		{
+		s->session->sess_cert = ssl_sess_cert_new();
+		if (s->session->sess_cert == NULL)
+			{
+			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		}
+	if (s->session->sess_cert->cert_chain != NULL)
+		sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);
+	s->session->sess_cert->cert_chain=sk;
+
+	sk=NULL;
 
 	ret=1;
 	if (0)
@@ -1645,12 +1654,11 @@ f_err:
 		}
 err:
 	if (x != NULL) X509_free(x);
-	if (sk != NULL) sk_pop_free(sk,X509_free);
+	if (sk != NULL) sk_X509_pop_free(sk,X509_free);
 	return(ret);
 	}
 
-int ssl3_send_server_certificate(s)
-SSL *s;
+int ssl3_send_server_certificate(SSL *s)
 	{
 	unsigned long l;
 	X509 *x;
diff --git a/lib/libssl/src/ssl/ssl-lib.com b/lib/libssl/src/ssl/ssl-lib.com
new file mode 100644
index 00000000000..75fa89f1930
--- /dev/null
+++ b/lib/libssl/src/ssl/ssl-lib.com
@@ -0,0 +1,1200 @@
+$!
+$!  SSL-LIB.COM
+$!  Written By:  Robert Byer
+$!               Vice-President
+$!               A-Com Computing, Inc.
+$!               byer@mail.all-net.net
+$!
+$!  Changes by Richard Levitte <richard@levitte.org>
+$!
+$!  This command file compiles and creates the "[.xxx.EXE.SSL]LIBSSL.OLB" 
+$!  library for OpenSSL.  The "xxx" denotes the machine architecture of AXP 
+$!  or VAX.
+$!
+$!  It is written to detect what type of machine you are compiling on
+$!  (i.e. AXP or VAX) and which "C" compiler you have (i.e. VAXC, DECC 
+$!  or GNU C) or you can specify which compiler to use.
+$!
+$!  Specify the following as P1 to build just that part or ALL to just
+$!  build everything.
+$!
+$!    		LIBRARY    To just compile the [.xxx.EXE.SSL]LIBSSL.OLB Library.
+$!    		SSL_TASK   To just compile the [.xxx.EXE.SSL]SSL_TASK.EXE
+$!
+$!  Specify RSAREF as P2 to compile with the RSAREF library instead of
+$!  the regular one.  If you specify NORSAREF it will compile with the
+$!  regular RSAREF routines.  (Note: If you are in the United States
+$!  you MUST compile with RSAREF unless you have a license from RSA).
+$!
+$!  Note: The RSAREF libraries are NOT INCLUDED and you have to
+$!        download it from "ftp://ftp.rsa.com/rsaref".  You have to
+$!        get the ".tar-Z" file as the ".zip" file dosen't have the
+$!        directory structure stored.  You have to extract the file
+$!        into the [.RSAREF] directory under the root directory as that
+$!        is where the scripts will look for the files.
+$!
+$!  Specify DEBUG or NODEBUG as P3 to compile with or without debugger
+$!  information.
+$!
+$!  Specify which compiler at P4 to try to compile under.
+$!
+$!	   VAXC	 For VAX C.
+$!	   DECC	 For DEC C.
+$!	   GNUC	 For GNU C.
+$!
+$!  If you don't speficy a compiler, it will try to determine which
+$!  "C" compiler to use.
+$!
+$!  P5, if defined, sets a TCP/IP library to use, through one of the following
+$!  keywords:
+$!
+$!	UCX		for UCX
+$!	SOCKETSHR	for SOCKETSHR+NETLIB
+$!
+$!  P6, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
+$!
+$!
+$! Define A TCP/IP Library That We Will Need To Link To.
+$! (That Is, If We Need To Link To One.)
+$!
+$ TCPIP_LIB = ""
+$!
+$! Check Which Architecture We Are Using.
+$!
+$ IF (F$GETSYI("CPU").GE.128)
+$ THEN
+$!
+$!  The Architecture Is AXP.
+$!
+$   ARCH := AXP
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  The Architecture Is VAX.
+$!
+$   ARCH := VAX
+$!
+$! End The Architecture Check.
+$!
+$ ENDIF
+$!
+$! Check To Make Sure We Have Valid Command Line Parameters.
+$!
+$ GOSUB CHECK_OPTIONS
+$!
+$! Initialise logical names and such
+$!
+$ GOSUB INITIALISE
+$!
+$! Tell The User What Kind of Machine We Run On.
+$!
+$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
+$!
+$! Define The OBJ Directory.
+$!
+$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.SSL]
+$!
+$! Check To See If The Architecture Specific OBJ Directory Exists.
+$!
+$ IF (F$PARSE(OBJ_DIR).EQS."")
+$ THEN
+$!
+$!  It Dosen't Exist, So Create It.
+$!
+$   CREATE/DIR 'OBJ_DIR'
+$!
+$! End The Architecture Specific OBJ Directory Check.
+$!
+$ ENDIF
+$!
+$! Define The EXE Directory.
+$!
+$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.SSL]
+$!
+$! Check To See If The Architecture Specific Directory Exists.
+$!
+$ IF (F$PARSE(EXE_DIR).EQS."")
+$ THEN
+$!
+$!  It Dosen't Exist, So Create It.
+$!
+$   CREATE/DIR 'EXE_DIR'
+$!
+$! End The Architecture Specific Directory Check.
+$!
+$ ENDIF
+$!
+$! Define The Library Name.
+$!
+$ SSL_LIB := 'EXE_DIR'LIBSSL.OLB
+$!
+$! Define The CRYPTO-LIB We Are To Use.
+$!
+$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.OLB
+$!
+$! Define The RSAREF-LIB We Are To Use.
+$!
+$ RSAREF_LIB := SYS$DISK:[-.'ARCH'.EXE.RSAREF]LIBRSAGLUE.OLB
+$!
+$! Check To See What We Are To Do.
+$!
+$ IF (BUILDALL.EQS."TRUE")
+$ THEN
+$!
+$!  Since Nothing Special Was Specified, Do Everything.
+$!
+$   GOSUB LIBRARY
+$   GOSUB SSL_TASK
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  Build Just What The User Wants Us To Build.
+$!
+$   GOSUB 'BUILDALL'
+$!
+$! End The BUILDALL Check.
+$!
+$ ENDIF
+$!
+$! Time To EXIT.
+$!
+$ EXIT:
+$ GOSUB CLEANUP
+$ EXIT   
+$!
+$! Compile The Library.
+$!
+$ LIBRARY:
+$!
+$! Check To See If We Already Have A "[.xxx.EXE.SSL]LIBSSL.OLB" Library...
+$!
+$ IF (F$SEARCH(SSL_LIB).EQS."")
+$ THEN
+$!
+$! Guess Not, Create The Library.
+$!
+$   LIBRARY/CREATE/OBJECT 'SSL_LIB'
+$!
+$! End The Library Exist Check.
+$!
+$ ENDIF
+$!
+$! Define The Different SSL "library" Files.
+$!
+$ LIB_SSL = "s2_meth,s2_srvr,s2_clnt,s2_lib,s2_enc,s2_pkt,"+ -
+	    "s3_meth,s3_srvr,s3_clnt,s3_lib,s3_enc,s3_pkt,s3_both,"+ -
+	    "s23_meth,s23_srvr,s23_clnt,s23_lib,s23_pkt,"+ -
+	    "t1_meth,t1_srvr,t1_clnt,t1_lib,t1_enc,"+ -
+	    "ssl_lib,ssl_err2,ssl_cert,ssl_sess,"+ -
+	    "ssl_ciph,ssl_stat,ssl_rsa,"+ -
+	    "ssl_asn1,ssl_txt,ssl_algs,"+ -
+	    "bio_ssl,ssl_err"
+$!
+$! Tell The User That We Are Compiling The Library.
+$!
+$ WRITE SYS$OUTPUT "Building The ",SSL_LIB," Library."
+$!
+$! Define A File Counter And Set It To "0"
+$!
+$ FILE_COUNTER = 0
+$!
+$! Top Of The File Loop.
+$!
+$ NEXT_FILE:
+$!
+$! O.K, Extract The File Name From The File List.
+$!
+$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",LIB_SSL)
+$!
+$! Check To See If We Are At The End Of The File List.
+$!
+$ IF (FILE_NAME.EQS.",") THEN GOTO FILE_DONE
+$!
+$! Increment The Counter.
+$!
+$ FILE_COUNTER = FILE_COUNTER + 1
+$!
+$! Create The Source File Name.
+$!
+$ SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME + ".C"
+$!
+$! Create The Object File Name.
+$!
+$ OBJECT_FILE = OBJ_DIR + FILE_NAME + ".OBJ"
+$ ON WARNING THEN GOTO NEXT_FILE
+$!
+$! Check To See If The File We Want To Compile Is Actually There.
+$!
+$ IF (F$SEARCH(SOURCE_FILE).EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Dosen't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Dosen't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   EXIT
+$!
+$! End The File Exists Check.
+$!
+$ ENDIF
+$!
+$!  Tell The User What File We Are Compiling.
+$!
+$ WRITE SYS$OUTPUT "	",FILE_NAME,".c"
+$!
+$! Compile The File.
+$!
+$ ON ERROR THEN GOTO NEXT_FILE
+$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$!
+$! Add It To The Library.
+$!
+$ LIBRARY/REPLACE/OBJECT 'SSL_LIB' 'OBJECT_FILE'
+$!
+$! Time To Clean Up The Object File.
+$!
+$ DELETE 'OBJECT_FILE';*
+$!
+$! Go Back And Get The Next File Name.
+$!
+$ GOTO NEXT_FILE
+$!
+$! All Done With This Library.
+$!
+$ FILE_DONE:
+$!
+$! Tell The User That We Are All Done.
+$!
+$ WRITE SYS$OUTPUT "Library ",SSL_LIB," Compiled."
+$!
+$! Time To RETURN.
+$!
+$ RETURN
+$ SSL_TASK:
+$!
+$! Check To See If We Have The Proper Libraries.
+$!
+$ GOSUB LIB_CHECK
+$!
+$! Check To See If We Have A Linker Option File.
+$!
+$ GOSUB CHECK_OPT_FILE
+$!
+$! Check To See If The File We Want To Compile Is Actually There.
+$!
+$ IF (F$SEARCH("SYS$DISK:[]SSL_TASK.C").EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Dosen't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File SSL_TASK.C Dosen't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   EXIT
+$!
+$! End The SSL_TASK.C File Check.
+$!
+$ ENDIF
+$!
+$! Tell The User We Are Creating The SSL_TASK.
+$!
+$ WRITE SYS$OUTPUT "Creating SSL_TASK OSU HTTP SSL Engine."	
+$!
+$! Compile The File.
+$!
+$ CC5/OBJECT='OBJ_DIR'SSL_TASK.OBJ SYS$DISK:[]SSL_TASK.C
+$!
+$! Link The Program, Check To See If We Need To Link With RSAREF Or Not.
+$!
+$ IF (RSAREF.EQS."TRUE")
+$ THEN
+$!
+$!  Check To See If We Are To Link With A Specific TCP/IP Library.
+$!
+$   IF (TCPIP_LIB.NES."")
+$   THEN
+$!
+$!    Link With The RSAREF Library And A Specific TCP/IP Library.
+$!
+$     LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR'SSL_TASK.EXE -
+          'OBJ_DIR'SSL_TASK.OBJ, -
+	  'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY,'RSAREF_LIB'/LIBRARY, -
+	  'TCPIP_LIB','OPT_FILE'/OPTION
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Link With The RSAREF Library And NO TCP/IP Library.
+$!
+$     LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR'SSL_TASK.EXE -
+          'OBJ_DIR'SSL_TASK.OBJ, -
+	  'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY,'RSAREF_LIB'/LIBRARY, -
+	  'OPT_FILE'/OPTION
+$!
+$!  End The TCP/IP Library Check.
+$!
+$   ENDIF
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  Don't Link With The RSAREF Routines.
+$!
+$!
+$!  Check To See If We Are To Link With A Specific TCP/IP Library.
+$!
+$   IF (TCPIP_LIB.NES."")
+$   THEN
+$!
+$!    Don't Link With The RSAREF Routines And TCP/IP Library.
+$!
+$     LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR'SSL_TASK.EXE -
+          'OBJ_DIR'SSL_TASK.OBJ, -
+	  'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, -
+          'TCPIP_LIB','OPT_FILE'/OPTION
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Don't Link With The RSAREF Routines And Link With A TCP/IP Library.
+$!
+$     LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR'SSL_TASK.EXE -
+          'OBJ_DIR'SSL_TASK.OBJ,-
+	  'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, -
+          'OPT_FILE'/OPTION
+$!
+$!  End The TCP/IP Library Check.
+$!
+$   ENDIF
+$!
+$! End The RSAREF Link Check.
+$!
+$ ENDIF
+$!
+$! Time To Return.
+$!
+$ RETURN
+$!
+$! Check For The Link Option FIle.
+$!
+$ CHECK_OPT_FILE:
+$!
+$! Check To See If We Need To Make A VAX C Option File.
+$!
+$ IF (COMPILER.EQS."VAXC")
+$ THEN
+$!
+$!  Check To See If We Already Have A VAX C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    We Need A VAX C Linker Option File.
+$!
+$     CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable VAX C Runtime Library.
+!
+SYS$SHARE:VAXCRTL.EXE/SHARE
+$EOD
+$!
+$!  End The Option File Check.
+$!
+$   ENDIF
+$!
+$! End The VAXC Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A GNU C Option File.
+$!
+$ IF (COMPILER.EQS."GNUC")
+$ THEN
+$!
+$!  Check To See If We Already Have A GNU C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    We Need A GNU C Linker Option File.
+$!
+$     CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable C Runtime Library.
+!
+GNU_CC:[000000]GCCLIB/LIBRARY
+SYS$SHARE:VAXCRTL/SHARE
+$EOD
+$!
+$!  End The Option File Check.
+$!
+$   ENDIF
+$!
+$! End The GNU C Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A DEC C Option File.
+$!
+$ IF (COMPILER.EQS."DECC")
+$ THEN
+$!
+$!  Check To See If We Already Have A DEC C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    Figure Out If We Need An AXP Or A VAX Linker Option File.
+$!
+$     IF (ARCH.EQS."VAX")
+$     THEN
+$!
+$!      We Need A DEC C Linker Option File For VAX.
+$!
+$       CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable DEC C Runtime Library.
+!
+SYS$SHARE:DECC$SHR.EXE/SHARE
+$EOD
+$!
+$!    Else...
+$!
+$     ELSE
+$!
+$!      Create The AXP Linker Option File.
+$!
+$       CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File For AXP To Link Agianst 
+! The Sharable C Runtime Library.
+!
+SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
+SYS$SHARE:CMA$OPEN_RTL/SHARE
+$EOD
+$!
+$!    End The VAX/AXP DEC C Option File Check.
+$!
+$     ENDIF
+$!
+$!  End The Option File Search.
+$!
+$   ENDIF
+$!
+$! End The DEC C Check.
+$!
+$ ENDIF
+$!
+$!  Tell The User What Linker Option File We Are Using.
+$!
+$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"."	
+$!
+$! Time To RETURN.
+$!
+$ RETURN
+$ LIB_CHECK:
+$!
+$! Look For The VAX Library LIBSSL.OLB.
+$!
+$ IF (F$SEARCH(SSL_LIB).EQS."")
+$ THEN
+$!
+$!  Tell The User We Can't Find The LIBSSL.OLB Library.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "Can't Find The Library ",SSL_LIB,"."
+$   WRITE SYS$OUTPUT "We Can't Link Without It."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Since We Can't Link Without It, Exit.
+$!
+$   EXIT
+$!
+$! End The LIBSSL.OLB Library Check.
+$!
+$ ENDIF
+$!
+$! Look For The Library LIBCRYPTO.OLB.
+$!
+$ IF (F$SEARCH(CRYPTO_LIB).EQS."")
+$ THEN
+$!
+$!  Tell The User We Can't Find The LIBCRYPTO.OLB Library.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "Can't Find The Library ",CRYPTO_LIB,"."
+$   WRITE SYS$OUTPUT "We Can't Link Without It."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Since We Can't Link Without It, Exit.
+$!
+$   EXIT
+$!
+$! End The LIBCRYPTO.OLB Library Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need The RSAREF Library.
+$!
+$ IF (RSAREF.EQS."TRUE")
+$ THEN
+$!
+$!  Look For The Library LIBRSAGLUE.OLB.
+$!
+$   IF (F$SEARCH(RSAREF_LIB).EQS."")
+$   THEN
+$!
+$!    Tell The User We Can't Find The LIBRSAGLUE.OLB Library.
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "Can't Find The Library ",RSAREF_LIB,"."
+$     WRITE SYS$OUTPUT "We Can't Link Without It."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Since We Can't Link Without It, Exit.
+$!
+$     EXIT
+$!
+$!   End The LIBRSAGLUE.OLB Library Check.
+$!
+$   ENDIF
+$!
+$! End The RSAREF Library Check.
+$!
+$ ENDIF
+$!
+$! Time To Return.
+$!
+$ RETURN
+$!
+$! Check The User's Options.
+$!
+$ CHECK_OPTIONS:
+$!
+$! Check To See If P1 Is Blank.
+$!
+$ IF (P1.EQS."ALL")
+$ THEN
+$!
+$!   P1 Is Blank, So Build Everything.
+$!
+$    BUILDALL = "TRUE"
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  Else, Check To See If P1 Has A Valid Arguement.
+$!
+$   IF (P1.EQS."LIBRARY").OR.(P1.EQS."SSL_TASK")
+$   THEN
+$!
+$!    A Valid Arguement.
+$!
+$     BUILDALL = P1
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Tell The User We Don't Know What They Want.
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ",P1," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "    ALL      :  Just Build Everything."
+$     WRITE SYS$OUTPUT "    LIBRARY  :  To Compile Just The [.xxx.EXE.SSL]LIBSSL.OLB Library."
+$     WRITE SYS$OUTPUT "    SSL_TASK :  To Compile Just The [.xxx.EXE.SSL]SSL_TASK.EXE Program."
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT " Where 'xxx' Stands For:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "        AXP  :  Alpha Architecture."
+$     WRITE SYS$OUTPUT "        VAX  :  VAX Architecture."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$!
+$!  End The Valid Arguement Check.
+$!
+$   ENDIF
+$!
+$! End The P1 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If P2 Is Blank.
+$!
+$ IF (P2.EQS."NORSAREF")
+$ THEN
+$!
+$!   P2 Is NORSAREF, So Compile With The Regular RSA Libraries.
+$!
+$    RSAREF = "FALSE"
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  Check To See If We Are To Use The RSAREF Library.
+$!
+$   IF (P2.EQS."RSAREF")
+$   THEN
+$!
+$!    Check To Make Sure We Have The RSAREF Source Code Directory.
+$!
+$     IF (F$SEARCH("SYS$DISK:[-.RSAREF]SOURCE.DIR").EQS."")
+$     THEN
+$!
+$!      We Don't Have The RSAREF Souce Code Directory, So Tell The
+$!      User This.
+$!
+$       WRITE SYS$OUTPUT ""
+$       WRITE SYS$OUTPUT "It appears that you don't have the RSAREF Souce Code."
+$       WRITE SYS$OUTPUT "You need to go to 'ftp://ftp.rsa.com/rsaref'.  You have to"
+$       WRITE SYS$OUTPUT "get the '.tar-Z' file as the '.zip' file dosen't have the"
+$       WRITE SYS$OUTPUT "directory structure stored.  You have to extract the file"
+$       WRITE SYS$OUTPUT "into the [.RSAREF] directory under the root directory"
+$       WRITE SYS$OUTPUT "as that is where the scripts will look for the files."
+$       WRITE SYS$OUTPUT ""
+$!
+$!      Time To Exit.
+$!
+$       EXIT
+$!
+$!    Else, Compile Using The RSAREF Library.
+$!
+$     ELSE
+$       RSAREF = "TRUE"
+$     ENDIF
+$   ELSE 
+$!
+$!    They Entered An Invalid Option..
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ",P2," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "     RSAREF   :  Compile With The RSAREF Library."
+$     WRITE SYS$OUTPUT "     NORSAREF :  Compile With The Regular RSA Library."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$!
+$!  End The Valid Arguement Check.
+$!
+$   ENDIF
+$!
+$! End The P2 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If P3 Is Blank.
+$!
+$ IF (P3.EQS."NODEBUG")
+$ THEN
+$!
+$!   P3 Is NODEBUG, So Compile Without Debugger Information.
+$!
+$    DEBUGGER  = "NODEBUG"
+$    TRACEBACK = "NOTRACEBACK" 
+$    GCC_OPTIMIZE = "OPTIMIZE"
+$    CC_OPTIMIZE = "OPTIMIZE"
+$    WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
+$    WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  Check To See If We Are To Compile With Debugger Information.
+$!
+$   IF (P3.EQS."DEBUG")
+$   THEN
+$!
+$!    Compile With Debugger Information.
+$!
+$     DEBUGGER  = "DEBUG"
+$     TRACEBACK = "TRACEBACK"
+$     GCC_OPTIMIZE = "NOOPTIMIZE"
+$     CC_OPTIMIZE = "NOOPTIMIZE"
+$     WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
+$     WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
+$   ELSE
+$!
+$!    Tell The User Entered An Invalid Option..
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ",P3," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "    DEBUG    :  Compile With The Debugger Information."
+$     WRITE SYS$OUTPUT "    NODEBUG  :  Compile Without The Debugger Information."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$!
+$!  End The Valid Arguement Check.
+$!
+$   ENDIF
+$!
+$! End The P3 Check.
+$!
+$ ENDIF
+$!
+$! Special Threads For OpenVMS v7.1 Or Later
+$!
+$! Written By:  Richard Levitte
+$!              richard@levitte.org
+$!
+$!
+$! Check To See If We Have A Option For P6.
+$!
+$ IF (P6.EQS."")
+$ THEN
+$!
+$!  Get The Version Of VMS We Are Using.
+$!
+$   ISSEVEN :=
+$   TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION")))
+$   TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))
+$!
+$!  Check To See If The VMS Version Is v7.1 Or Later.
+$!
+$   IF (TMP.GE.71)
+$   THEN
+$!
+$!    We Have OpenVMS v7.1 Or Later, So Use The Special Threads.
+$!
+$     ISSEVEN := ,PTHREAD_USE_D4
+$!
+$!  End The VMS Version Check.
+$!
+$   ENDIF
+$!
+$! End The P6 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If P4 Is Blank.
+$!
+$ IF (P4.EQS."")
+$ THEN
+$!
+$!  O.K., The User Didn't Specify A Compiler, Let's Try To
+$!  Find Out Which One To Use.
+$!
+$!  Check To See If We Have GNU C.
+$!
+$   IF (F$TRNLNM("GNU_CC").NES."")
+$   THEN
+$!
+$!    Looks Like GNUC, Set To Use GNUC.
+$!
+$     P4 = "GNUC"
+$!
+$!  End The GNU C Compiler Check.
+$!
+$   ELSE
+$!
+$!  Check To See If We Have VAXC Or DECC.
+$!
+$     IF (ARCH.EQS."AXP").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
+$     THEN 
+$!
+$!      Looks Like DECC, Set To Use DECC.
+$!
+$       P4 = "DECC"
+$!
+$!      Else...
+$!
+$     ELSE
+$!
+$!      Looks Like VAXC, Set To Use VAXC.
+$!
+$       P4 = "VAXC"
+$!
+$!    End The VAXC Compiler Check.
+$!
+$     ENDIF
+$!
+$!  End The DECC & VAXC Compiler Check.
+$!
+$   ENDIF
+$!
+$!  End The Compiler Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Have A Option For P5.
+$!
+$ IF (P5.EQS."")
+$ THEN
+$!
+$!  Find out what socket library we have available
+$!
+$   IF F$PARSE("SOCKETSHR:") .NES. ""
+$   THEN
+$!
+$!    We have SOCKETSHR, and it is my opinion that it's the best to use.
+$!
+$     P5 = "SOCKETSHR"
+$!
+$!    Tell the user
+$!
+$     WRITE SYS$OUTPUT "Using SOCKETSHR for TCP/IP"
+$!
+$!    Else, let's look for something else
+$!
+$   ELSE
+$!
+$!    Like UCX (the reason to do this before Multinet is that the UCX
+$!    emulation is easier to use...)
+$!
+$     IF F$TRNLNM("UCX$IPC_SHR") .NES. "" -
+	 .OR. F$PARSE("SYS$SHARE:UCX$IPC_SHR.EXE") .NES. "" -
+	 .OR. F$PARSE("SYS$LIBRARY:UCX$IPC.OLB") .NES. ""
+$     THEN
+$!
+$!	Last resort: a UCX or UCX-compatible library
+$!
+$	P5 = "UCX"
+$!
+$!      Tell the user
+$!
+$       WRITE SYS$OUTPUT "Using UCX or an emulation thereof for TCP/IP"
+$!
+$!	That was all...
+$!
+$     ENDIF
+$   ENDIF
+$ ENDIF
+$!
+$! Set Up Initial CC Definitions, Possibly With User Ones
+$!
+$ CCDEFS = "VMS=1,TCPIP_TYPE_''P5'"
+$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
+$ CCEXTRAFLAGS = ""
+$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
+$ CCDISABLEWARNINGS = ""
+$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
+	CCDISABLEWARNINGS = USER_CCDISABLEWARNINGS
+$!
+$!  Check To See If The User Entered A Valid Paramter.
+$!
+$ IF (P4.EQS."VAXC").OR.(P4.EQS."DECC").OR.(P4.EQS."GNUC")
+$ THEN
+$!
+$!  Check To See If The User Wanted DECC.
+$!
+$   IF (P4.EQS."DECC")
+$   THEN
+$!
+$!    Looks Like DECC, Set To Use DECC.
+$!
+$     COMPILER = "DECC"
+$!
+$!    Tell The User We Are Using DECC.
+$!
+$     WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
+$!
+$!    Use DECC...
+$!
+$     CC = "CC"
+$     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
+	 THEN CC = "CC/DECC"
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
+           "/NOLIST/PREFIX=ALL" + -
+	   "/INCLUDE=(SYS$DISK:[-.CRYPTO],SYS$DISK:[.SOURCE])" + CCEXTRAFLAGS
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT"
+$!
+$!  End DECC Check.
+$!
+$   ENDIF
+$!
+$!  Check To See If We Are To Use VAXC.
+$!
+$   IF (P4.EQS."VAXC")
+$   THEN
+$!
+$!    Looks Like VAXC, Set To Use VAXC.
+$!
+$     COMPILER = "VAXC"
+$!
+$!    Tell The User We Are Using VAX C.
+$!
+$     WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
+$!
+$!    Compile Using VAXC.
+$!
+$     CC = "CC"
+$     IF ARCH.EQS."AXP"
+$     THEN
+$	WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
+$	EXIT
+$     ENDIF
+$     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
+	   "/INCLUDE=(SYS$DISK:[-.CRYPTO],SYS$DISK:[.SOURCE])" + CCEXTRAFLAGS
+$     CCDEFS = CCDEFS + ",""VAXC"""
+$!
+$!    Define <sys> As SYS$COMMON:[SYSLIB]
+$!
+$     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT"
+$!
+$!  End VAXC Check
+$!
+$   ENDIF
+$!
+$!  Check To See If We Are To Use GNU C.
+$!
+$   IF (P4.EQS."GNUC")
+$   THEN
+$!
+$!    Looks Like GNUC, Set To Use GNUC.
+$!
+$     COMPILER = "GNUC"
+$!
+$!    Tell The User We Are Using GNUC.
+$!
+$     WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
+$!
+$!    Use GNU C...
+$!
+$     IF F$TYPE(GCC) .EQS. "" THEN GCC := GCC
+$     CC = GCC+"/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
+	   "/INCLUDE=(SYS$DISK:[-.CRYPTO],SYS$DISK:[.SOURCE])" + CCEXTRAFLAGS
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT"
+$!
+$!  End The GNU C Check.
+$!
+$   ENDIF
+$!
+$!  Set up default defines
+$!
+$   CCDEFS = """FLAT_INC=1""," + CCDEFS
+$!
+$!  Check To See If We Are To Compile With RSAREF Routines.
+$!
+$   IF (RSAREF.EQS."TRUE")
+$   THEN
+$!
+$!    Compile With RSAREF.
+$!
+$     CCDEFS = CCDEFS + ",""RSAref=1"""
+$!
+$!    Tell The User This.
+$!
+$     WRITE SYS$OUTPUT "Compiling With RSAREF Routines."
+$!
+$!    Else, We Don't Care.  Compile Without The RSAREF Library.
+$!
+$   ELSE
+$!
+$!    Tell The User We Are Compile Without The RSAREF Routines.
+$!
+$     WRITE SYS$OUTPUT "Compiling Without The RSAREF Routines.
+$!
+$!  End The RSAREF Check.
+$!
+$   ENDIF
+$!
+$!  Finish up the definition of CC.
+$!
+$   IF COMPILER .EQS. "DECC"
+$   THEN
+$     IF CCDISABLEWARNINGS .EQS. ""
+$     THEN
+$       CC4DISABLEWARNINGS = "DOLLARID"
+$     ELSE
+$       CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
+$       CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
+$     ENDIF
+$     CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
+$   ELSE
+$     CCDISABLEWARNINGS = ""
+$     CC4DISABLEWARNINGS = ""
+$   ENDIF
+$   CC2 = CC + "/DEFINE=(" + CCDEFS + ",_POSIX_C_SOURCE)" + CCDISABLEWARNINGS
+$   CC3 = CC + "/DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS
+$   CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
+$   IF COMPILER .EQS. "DECC"
+$   THEN
+$     CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS
+$     CC5 = CC3 - CCDISABLEWARNINGS + CC4DISABLEWARNINGS
+$   ELSE
+$     CC4 = CC
+$     CC5 = CC3
+$   ENDIF
+$!
+$!  Show user the result
+$!
+$   WRITE SYS$OUTPUT "Main Compiling Command: ",CC
+$!
+$!  Else The User Entered An Invalid Arguement.
+$!
+$ ELSE
+$!
+$!  Tell The User We Don't Know What They Want.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The Option ",P4," Is Invalid.  The Valid Options Are:"
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "    VAXC  :  To Compile With VAX C."
+$   WRITE SYS$OUTPUT "    DECC  :  To Compile With DEC C."
+$   WRITE SYS$OUTPUT "    GNUC  :  To Compile With GNU C."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Time To EXIT.
+$!
+$   EXIT
+$ ENDIF
+$!
+$! Time to check the contents, and to make sure we get the correct library.
+$!
+$ IF P5.EQS."SOCKETSHR" .OR. P5.EQS."MULTINET" .OR. P5.EQS."UCX"
+$ THEN
+$!
+$!  Check to see if SOCKETSHR was chosen
+$!
+$   IF P5.EQS."SOCKETSHR"
+$   THEN
+$!
+$!    Set the library to use SOCKETSHR
+$!
+$     TCPIP_LIB = "[-.VMS]SOCKETSHR_SHR.OPT/OPT"
+$!
+$!    Done with SOCKETSHR
+$!
+$   ENDIF
+$!
+$!  Check to see if MULTINET was chosen
+$!
+$   IF P5.EQS."MULTINET"
+$   THEN
+$!
+$!    Set the library to use UCX emulation.
+$!
+$     P5 = "UCX"
+$!
+$!    Done with MULTINET
+$!
+$   ENDIF
+$!
+$!  Check to see if UCX was chosen
+$!
+$   IF P5.EQS."UCX"
+$   THEN
+$!
+$!    Set the library to use UCX.
+$!
+$     TCPIP_LIB = "[-.VMS]UCX_SHR_DECC.OPT/OPT"
+$     IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
+$     THEN
+$       TCPIP_LIB = "[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT"
+$     ELSE
+$       IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
+	  TCPIP_LIB = "[-.VMS]UCX_SHR_VAXC.OPT/OPT"
+$     ENDIF
+$!
+$!    Done with UCX
+$!
+$   ENDIF
+$!
+$!  Print info
+$!
+$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
+$!
+$!  Else The User Entered An Invalid Arguement.
+$!
+$ ELSE
+$!
+$!  Tell The User We Don't Know What They Want.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The Option ",P5," Is Invalid.  The Valid Options Are:"
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "    SOCKETSHR  :  To link with SOCKETSHR TCP/IP library."
+$   WRITE SYS$OUTPUT "    UCX        :  To link with UCX TCP/IP library."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Time To EXIT.
+$!
+$   EXIT
+$!
+$!  Done with TCP/IP libraries
+$!
+$ ENDIF
+$!
+$!  Time To RETURN...
+$!
+$ RETURN
+$!
+$ INITIALISE:
+$!
+$! Save old value of the logical name OPENSSL
+$!
+$ __SAVE_OPENSSL = F$TRNLNM("OPENSSL","LNM$PROCESS_TABLE")
+$!
+$! Save directory information
+$!
+$ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;"
+$ __TOP = __HERE - "SSL]"
+$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
+$!
+$! Set up the logical name OPENSSL to point at the include directory
+$!
+$ DEFINE OPENSSL/NOLOG '__INCLUDE'
+$!
+$! Done
+$!
+$ RETURN
+$!
+$ CLEANUP:
+$!
+$! Restore the logical name OPENSSL if it had a value
+$!
+$ IF __SAVE_OPENSSL .EQS. ""
+$ THEN
+$   DEASSIGN OPENSSL
+$ ELSE
+$   DEFINE/NOLOG OPENSSL '__SAVE_OPENSSL'
+$ ENDIF
+$!
+$! Done
+$!
+$ RETURN
diff --git a/lib/libssl/src/ssl/ssl.c b/lib/libssl/src/ssl/ssl.c
deleted file mode 100644
index 7f506ce48f1..00000000000
--- a/lib/libssl/src/ssl/ssl.c
+++ /dev/null
@@ -1,172 +0,0 @@
-/* ssl/ssl.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#define USE_SOCKETS
-#include "../e_os.h"
-
-#include "buffer.h"
-#include "stack.h"
-#include "lhash.h"
-
-#include "bio.h"
-#include "err.h"
-
-#include "bn.h"
-
-#include "rand.h"
-#include "conf.h"
-#include "txt_db.h"
-
-#include "err.h"
-#include "evp.h"
-
-#include "x509.h"
-#include "pkcs7.h"
-#include "pem.h"
-#include "asn1.h"
-#include "objects.h"
-
-#include "ssl_locl.h"
-
-#if !(BUILD_SSLV23) && !defined(BUILD_SSLV2) && !defined(BUILD_SSLV3) && !defined(BUILD_SSL_COMMON) && !defined(BUILD_SSL_BIO) && !defined(BUILD_SSL_OPTIONAL)
-#define BUILD_SSLV23
-#define BUILD_SSLV2
-#define BUILD_SSLV3
-#define BUILD_TLS1
-#define BUILD_SSL_COMMON
-#define BUILD_SSL_BIO
-#define BUILD_SSL_OPTIONAL
-#endif
-
-#ifdef NO_RSA
-#undef BUILD_SSLV2
-#undef BUILD_SSLV23
-#endif
-
-#ifdef NO_SSL2
-#undef BUILD_SSLV2
-#undef BUILD_SSLV23
-#endif
-
-#ifdef NO_SSL3
-#undef BUILD_SSL3
-#undef BUILD_SSLV23
-#endif
-
-#ifdef BUILD_SSLV23
-#include "s23_clnt.c"
-#include "s23_srvr.c"
-#include "s23_pkt.c"
-#include "s23_lib.c"
-#include "s23_meth.c"
-#endif
-
-#ifdef BUILD_SSLV2
-#include "s2_clnt.c"
-#include "s2_srvr.c"
-#include "s2_pkt.c"
-#include "s2_enc.c"
-#include "s2_lib.c"
-#include "s2_meth.c"
-#endif
-
-#ifdef BUILD_SSLV3
-#include "s3_clnt.c"
-#include "s3_both.c"
-#include "s3_srvr.c"
-#include "s3_pkt.c"
-#include "s3_enc.c"
-#include "s3_lib.c"
-#include "s3_meth.c"
-#endif
-
-#ifdef BUILD_TLS1
-#include "t1_clnt.c"
-#include "t1_enc.c"
-#include "t1_lib.c"
-#include "t1_meth.c"
-#include "t1_srvr.c"
-#endif
-
-
-#ifdef BUILD_SSL_COMMON
-#include "ssl_lib.c"
-#include "ssl_algs.c"
-#include "ssl_cert.c"
-#include "ssl_ciph.c"
-#include "ssl_sess.c"
-#include "ssl_rsa.c"
-#endif
-
-/* Extra things */
-#ifdef BUILD_SSL_BIO
-#include "bio_ssl.c"
-#endif
-
-#ifdef BUILD_SSL_OPTIONAL
-#include "ssl_asn1.c"
-#include "ssl_txt.c"
-#include "ssl_stat.c"
-#include "ssl_err.c"
-#include "ssl_err2.c"
-#endif
-
diff --git a/lib/libssl/src/ssl/ssl.err b/lib/libssl/src/ssl/ssl.err
deleted file mode 100644
index c54326c624b..00000000000
--- a/lib/libssl/src/ssl/ssl.err
+++ /dev/null
@@ -1,290 +0,0 @@
-/* Error codes for the SSL functions. */
-
-/* Function codes. */
-#define SSL_F_CLIENT_CERTIFICATE			 100
-#define SSL_F_CLIENT_HELLO				 101
-#define SSL_F_CLIENT_MASTER_KEY				 102
-#define SSL_F_D2I_SSL_SESSION				 103
-#define SSL_F_DO_SSL3_WRITE				 104
-#define SSL_F_GET_CLIENT_FINISHED			 105
-#define SSL_F_GET_CLIENT_HELLO				 106
-#define SSL_F_GET_CLIENT_MASTER_KEY			 107
-#define SSL_F_GET_SERVER_FINISHED			 108
-#define SSL_F_GET_SERVER_HELLO				 109
-#define SSL_F_GET_SERVER_VERIFY				 110
-#define SSL_F_I2D_SSL_SESSION				 111
-#define SSL_F_READ_N					 112
-#define SSL_F_REQUEST_CERTIFICATE			 113
-#define SSL_F_SERVER_HELLO				 114
-#define SSL_F_SSL23_ACCEPT				 115
-#define SSL_F_SSL23_CLIENT_HELLO			 116
-#define SSL_F_SSL23_CONNECT				 117
-#define SSL_F_SSL23_GET_CLIENT_HELLO			 118
-#define SSL_F_SSL23_GET_SERVER_HELLO			 119
-#define SSL_F_SSL23_READ				 120
-#define SSL_F_SSL23_WRITE				 121
-#define SSL_F_SSL2_ACCEPT				 122
-#define SSL_F_SSL2_CONNECT				 123
-#define SSL_F_SSL2_ENC_INIT				 124
-#define SSL_F_SSL2_READ					 125
-#define SSL_F_SSL2_SET_CERTIFICATE			 126
-#define SSL_F_SSL2_WRITE				 127
-#define SSL_F_SSL3_ACCEPT				 128
-#define SSL_F_SSL3_CHANGE_CIPHER_STATE			 129
-#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM		 130
-#define SSL_F_SSL3_CLIENT_HELLO				 131
-#define SSL_F_SSL3_CONNECT				 132
-#define SSL_F_SSL3_CTX_CTRL				 133
-#define SSL_F_SSL3_ENC					 134
-#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST		 135
-#define SSL_F_SSL3_GET_CERT_VERIFY			 136
-#define SSL_F_SSL3_GET_CLIENT_CERTIFICATE		 137
-#define SSL_F_SSL3_GET_CLIENT_HELLO			 138
-#define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE		 139
-#define SSL_F_SSL3_GET_FINISHED				 140
-#define SSL_F_SSL3_GET_KEY_EXCHANGE			 141
-#define SSL_F_SSL3_GET_MESSAGE				 142
-#define SSL_F_SSL3_GET_RECORD				 143
-#define SSL_F_SSL3_GET_SERVER_CERTIFICATE		 144
-#define SSL_F_SSL3_GET_SERVER_DONE			 145
-#define SSL_F_SSL3_GET_SERVER_HELLO			 146
-#define SSL_F_SSL3_OUTPUT_CERT_CHAIN			 147
-#define SSL_F_SSL3_READ_BYTES				 148
-#define SSL_F_SSL3_READ_N				 149
-#define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST		 150
-#define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE		 151
-#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE		 152
-#define SSL_F_SSL3_SEND_CLIENT_VERIFY			 153
-#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE		 154
-#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE		 155
-#define SSL_F_SSL3_SETUP_BUFFERS			 156
-#define SSL_F_SSL3_SETUP_KEY_BLOCK			 157
-#define SSL_F_SSL3_WRITE_BYTES				 158
-#define SSL_F_SSL3_WRITE_PENDING			 159
-#define SSL_F_SSL_BAD_METHOD				 160
-#define SSL_F_SSL_BYTES_TO_CIPHER_LIST			 161
-#define SSL_F_SSL_CERT_NEW				 162
-#define SSL_F_SSL_CHECK_PRIVATE_KEY			 163
-#define SSL_F_SSL_CREATE_CIPHER_LIST			 164
-#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY			 165
-#define SSL_F_SSL_CTX_NEW				 166
-#define SSL_F_SSL_CTX_SET_SSL_VERSION			 167
-#define SSL_F_SSL_CTX_USE_CERTIFICATE			 168
-#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1		 169
-#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE		 170
-#define SSL_F_SSL_CTX_USE_PRIVATEKEY			 171
-#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1		 172
-#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE		 173
-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY			 174
-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1		 175
-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE		 176
-#define SSL_F_SSL_DO_HANDSHAKE				 177
-#define SSL_F_SSL_GET_NEW_SESSION			 178
-#define SSL_F_SSL_GET_SERVER_SEND_CERT			 179
-#define SSL_F_SSL_GET_SIGN_PKEY				 180
-#define SSL_F_SSL_INIT_WBIO_BUFFER			 181
-#define SSL_F_SSL_LOAD_CLIENT_CA_FILE			 182
-#define SSL_F_SSL_NEW					 183
-#define SSL_F_SSL_RSA_PRIVATE_DECRYPT			 184
-#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT			 185
-#define SSL_F_SSL_SESSION_NEW				 186
-#define SSL_F_SSL_SESSION_PRINT_FP			 187
-#define SSL_F_SSL_SET_CERT				 188
-#define SSL_F_SSL_SET_FD				 189
-#define SSL_F_SSL_SET_PKEY				 190
-#define SSL_F_SSL_SET_RFD				 191
-#define SSL_F_SSL_SET_SESSION				 192
-#define SSL_F_SSL_SET_WFD				 193
-#define SSL_F_SSL_UNDEFINED_FUNCTION			 194
-#define SSL_F_SSL_USE_CERTIFICATE			 195
-#define SSL_F_SSL_USE_CERTIFICATE_ASN1			 196
-#define SSL_F_SSL_USE_CERTIFICATE_FILE			 197
-#define SSL_F_SSL_USE_PRIVATEKEY			 198
-#define SSL_F_SSL_USE_PRIVATEKEY_ASN1			 199
-#define SSL_F_SSL_USE_PRIVATEKEY_FILE			 200
-#define SSL_F_SSL_USE_RSAPRIVATEKEY			 201
-#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1		 202
-#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE		 203
-#define SSL_F_SSL_WRITE					 204
-#define SSL_F_TLS1_CHANGE_CIPHER_STATE			 205
-#define SSL_F_TLS1_ENC					 206
-#define SSL_F_TLS1_SETUP_KEY_BLOCK			 207
-#define SSL_F_WRITE_PENDING				 208
-
-/* Reason codes. */
-#define SSL_R_APP_DATA_IN_HANDSHAKE			 100
-#define SSL_R_BAD_ALERT_RECORD				 101
-#define SSL_R_BAD_AUTHENTICATION_TYPE			 102
-#define SSL_R_BAD_CHANGE_CIPHER_SPEC			 103
-#define SSL_R_BAD_CHECKSUM				 104
-#define SSL_R_BAD_CLIENT_REQUEST			 105
-#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK		 106
-#define SSL_R_BAD_DECOMPRESSION				 107
-#define SSL_R_BAD_DH_G_LENGTH				 108
-#define SSL_R_BAD_DH_PUB_KEY_LENGTH			 109
-#define SSL_R_BAD_DH_P_LENGTH				 110
-#define SSL_R_BAD_DIGEST_LENGTH				 111
-#define SSL_R_BAD_DSA_SIGNATURE				 112
-#define SSL_R_BAD_MAC_DECODE				 113
-#define SSL_R_BAD_MESSAGE_TYPE				 114
-#define SSL_R_BAD_PACKET_LENGTH				 115
-#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER		 116
-#define SSL_R_BAD_RESPONSE_ARGUMENT			 117
-#define SSL_R_BAD_RSA_DECRYPT				 118
-#define SSL_R_BAD_RSA_ENCRYPT				 119
-#define SSL_R_BAD_RSA_E_LENGTH				 120
-#define SSL_R_BAD_RSA_MODULUS_LENGTH			 121
-#define SSL_R_BAD_RSA_SIGNATURE				 122
-#define SSL_R_BAD_SIGNATURE				 123
-#define SSL_R_BAD_SSL_FILETYPE				 124
-#define SSL_R_BAD_SSL_SESSION_ID_LENGTH			 125
-#define SSL_R_BAD_STATE					 126
-#define SSL_R_BAD_WRITE_RETRY				 127
-#define SSL_R_BIO_NOT_SET				 128
-#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG			 129
-#define SSL_R_BN_LIB					 130
-#define SSL_R_CA_DN_LENGTH_MISMATCH			 131
-#define SSL_R_CA_DN_TOO_LONG				 132
-#define SSL_R_CCS_RECEIVED_EARLY			 133
-#define SSL_R_CERTIFICATE_VERIFY_FAILED			 134
-#define SSL_R_CERT_LENGTH_MISMATCH			 135
-#define SSL_R_CHALLENGE_IS_DIFFERENT			 136
-#define SSL_R_CIPHER_CODE_WRONG_LENGTH			 137
-#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE		 138
-#define SSL_R_CIPHER_TABLE_SRC_ERROR			 139
-#define SSL_R_COMPRESSED_LENGTH_TOO_LONG		 140
-#define SSL_R_COMPRESSION_FAILURE			 141
-#define SSL_R_CONNECTION_ID_IS_DIFFERENT		 142
-#define SSL_R_CONNECTION_TYPE_NOT_SET			 143
-#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED		 144
-#define SSL_R_DATA_LENGTH_TOO_LONG			 145
-#define SSL_R_DECRYPTION_FAILED				 146
-#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG		 147
-#define SSL_R_DIGEST_CHECK_FAILED			 148
-#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG			 149
-#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST		 150
-#define SSL_R_EXCESSIVE_MESSAGE_SIZE			 151
-#define SSL_R_EXTRA_DATA_IN_MESSAGE			 152
-#define SSL_R_GOT_A_FIN_BEFORE_A_CCS			 153
-#define SSL_R_HTTPS_PROXY_REQUEST			 154
-#define SSL_R_HTTP_REQUEST				 155
-#define SSL_R_INTERNAL_ERROR				 156
-#define SSL_R_INVALID_CHALLENGE_LENGTH			 157
-#define SSL_R_LENGTH_MISMATCH				 158
-#define SSL_R_LENGTH_TOO_SHORT				 159
-#define SSL_R_LIBRARY_HAS_NO_CIPHERS			 160
-#define SSL_R_MISSING_DH_DSA_CERT			 161
-#define SSL_R_MISSING_DH_KEY				 162
-#define SSL_R_MISSING_DH_RSA_CERT			 163
-#define SSL_R_MISSING_DSA_SIGNING_CERT			 164
-#define SSL_R_MISSING_EXPORT_TMP_DH_KEY			 165
-#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY		 166
-#define SSL_R_MISSING_RSA_CERTIFICATE			 167
-#define SSL_R_MISSING_RSA_ENCRYPTING_CERT		 168
-#define SSL_R_MISSING_RSA_SIGNING_CERT			 169
-#define SSL_R_MISSING_TMP_DH_KEY			 170
-#define SSL_R_MISSING_TMP_RSA_KEY			 171
-#define SSL_R_MISSING_TMP_RSA_PKEY			 172
-#define SSL_R_MISSING_VERIFY_MESSAGE			 173
-#define SSL_R_NON_SSLV2_INITIAL_PACKET			 174
-#define SSL_R_NO_CERTIFICATES_RETURNED			 175
-#define SSL_R_NO_CERTIFICATE_ASSIGNED			 176
-#define SSL_R_NO_CERTIFICATE_RETURNED			 177
-#define SSL_R_NO_CERTIFICATE_SET			 178
-#define SSL_R_NO_CERTIFICATE_SPECIFIED			 179
-#define SSL_R_NO_CIPHERS_AVAILABLE			 180
-#define SSL_R_NO_CIPHERS_PASSED				 181
-#define SSL_R_NO_CIPHERS_SPECIFIED			 182
-#define SSL_R_NO_CIPHER_LIST				 183
-#define SSL_R_NO_CIPHER_MATCH				 184
-#define SSL_R_NO_CLIENT_CERT_RECEIVED			 185
-#define SSL_R_NO_COMPRESSION_SPECIFIED			 186
-#define SSL_R_NO_PRIVATEKEY				 187
-#define SSL_R_NO_PRIVATE_KEY_ASSIGNED			 188
-#define SSL_R_NO_PROTOCOLS_AVAILABLE			 189
-#define SSL_R_NO_PUBLICKEY				 190
-#define SSL_R_NO_SHARED_CIPHER				 191
-#define SSL_R_NULL_SSL_CTX				 192
-#define SSL_R_NULL_SSL_METHOD_PASSED			 193
-#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED		 194
-#define SSL_R_PACKET_LENGTH_TOO_LONG			 195
-#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE		 196
-#define SSL_R_PEER_ERROR				 197
-#define SSL_R_PEER_ERROR_CERTIFICATE			 198
-#define SSL_R_PEER_ERROR_NO_CERTIFICATE			 199
-#define SSL_R_PEER_ERROR_NO_CIPHER			 200
-#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE	 201
-#define SSL_R_PRE_MAC_LENGTH_TOO_LONG			 202
-#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS		 203
-#define SSL_R_PROTOCOL_IS_SHUTDOWN			 204
-#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR			 205
-#define SSL_R_PUBLIC_KEY_IS_NOT_RSA			 206
-#define SSL_R_PUBLIC_KEY_NOT_RSA			 207
-#define SSL_R_READ_BIO_NOT_SET				 208
-#define SSL_R_READ_WRONG_PACKET_TYPE			 209
-#define SSL_R_RECORD_LENGTH_MISMATCH			 210
-#define SSL_R_RECORD_TOO_LARGE				 211
-#define SSL_R_REQUIRED_CIPHER_MISSING			 212
-#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO		 213
-#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO			 214
-#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO		 215
-#define SSL_R_SHORT_READ				 216
-#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE	 217
-#define SSL_R_SSL3_SESSION_ID_TOO_SHORT			 218
-#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE		 1042
-#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC		 1020
-#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED		 1045
-#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED		 1044
-#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN		 1046
-#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE		 1030
-#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE		 1040
-#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER		 1047
-#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE		 1041
-#define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE	 219
-#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE	 220
-#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER		 221
-#define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 222
-#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE		 1010
-#define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE	 223
-#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE	 1043
-#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION	 224
-#define SSL_R_SSL_HANDSHAKE_FAILURE			 225
-#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS		 226
-#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT		 227
-#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER	 228
-#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 229
-#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG	 230
-#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER		 231
-#define SSL_R_UNABLE_TO_DECODE_DH_CERTS			 232
-#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY		 233
-#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS		 234
-#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS	 235
-#define SSL_R_UNABLE_TO_FIND_SSL_METHOD			 236
-#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES		 237
-#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES		 238
-#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES		 239
-#define SSL_R_UNEXPECTED_MESSAGE			 240
-#define SSL_R_UNEXPECTED_RECORD				 241
-#define SSL_R_UNKNOWN_ALERT_TYPE			 242
-#define SSL_R_UNKNOWN_CERTIFICATE_TYPE			 243
-#define SSL_R_UNKNOWN_CIPHER_RETURNED			 244
-#define SSL_R_UNKNOWN_CIPHER_TYPE			 245
-#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE			 246
-#define SSL_R_UNKNOWN_PKEY_TYPE				 247
-#define SSL_R_UNKNOWN_PROTOCOL				 248
-#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE			 249
-#define SSL_R_UNKNOWN_SSL_VERSION			 250
-#define SSL_R_UNKNOWN_STATE				 251
-#define SSL_R_UNSUPPORTED_CIPHER			 252
-#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM		 253
-#define SSL_R_UNSUPPORTED_PROTOCOL			 254
-#define SSL_R_UNSUPPORTED_SSL_VERSION			 255
-#define SSL_R_WRITE_BIO_NOT_SET				 256
-#define SSL_R_WRONG_CIPHER_RETURNED			 257
-#define SSL_R_WRONG_MESSAGE_TYPE			 258
-#define SSL_R_WRONG_NUMBER_OF_KEY_BITS			 259
-#define SSL_R_WRONG_SIGNATURE_LENGTH			 260
-#define SSL_R_WRONG_SIGNATURE_SIZE			 261
-#define SSL_R_WRONG_SSL_VERSION				 262
-#define SSL_R_WRONG_VERSION_NUMBER			 263
-#define SSL_R_X509_LIB					 264
diff --git a/lib/libssl/src/ssl/ssl.h b/lib/libssl/src/ssl/ssl.h
index cf8f9651b2b..fbe4f667fa1 100644
--- a/lib/libssl/src/ssl/ssl.h
+++ b/lib/libssl/src/ssl/ssl.h
@@ -63,6 +63,8 @@
 extern "C" {
 #endif
 
+#include <openssl/safestack.h>
+
 /* SSLeay version number for ASN.1 encoding of the session information */
 /* Version 0 - initial version
  * Version 1 - added the optional peer certificate
@@ -82,6 +84,7 @@ extern "C" {
 #define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA	
 
 #define SSL_MAX_SSL_SESSION_ID_LENGTH		32
+#define SSL_MAX_SID_CTX_LENGTH			32
 
 #define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES	(512/8)
 #define SSL_MAX_KEY_ARG_LENGTH			8
@@ -120,10 +123,12 @@ extern "C" {
 #define SSL_TXT_MD5		"MD5"
 #define SSL_TXT_SHA1		"SHA1"
 #define SSL_TXT_SHA		"SHA"
-#define SSL_TXT_EXP		"EXP"
+#define SSL_TXT_EXP40		"EXP"
 #define SSL_TXT_EXPORT		"EXPORT"
+#define SSL_TXT_EXP56		"EXPORT56"
 #define SSL_TXT_SSLV2		"SSLv2"
 #define SSL_TXT_SSLV3		"SSLv3"
+#define SSL_TXT_TLSV1		"TLSv1"
 #define SSL_TXT_ALL		"ALL"
 
 /* 'DEFAULT' at the start of the cipher list insert the following string
@@ -139,11 +144,12 @@ extern "C" {
 #define SSL_SENT_SHUTDOWN	1
 #define SSL_RECEIVED_SHUTDOWN	2
 
-#include "crypto.h"
-#include "lhash.h"
-#include "buffer.h"
-#include "bio.h"
-#include "x509.h"
+#include <openssl/crypto.h>
+#include <openssl/lhash.h>
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
+#include <openssl/pem.h>
+#include <openssl/x509.h>
 
 #define SSL_FILETYPE_ASN1	X509_FILETYPE_ASN1
 #define SSL_FILETYPE_PEM	X509_FILETYPE_PEM
@@ -157,44 +163,46 @@ typedef struct ssl_st *ssl_crock_st;
 typedef struct ssl_cipher_st
 	{
 	int valid;
-	char *name;			/* text name */
+	const char *name;		/* text name */
 	unsigned long id;		/* id, 4 bytes, first is version */
 	unsigned long algorithms;	/* what ciphers are used */
 	unsigned long algorithm2;	/* Extra flags */
 	unsigned long mask;		/* used for matching */
 	} SSL_CIPHER;
 
+DECLARE_STACK_OF(SSL_CIPHER)
+
+typedef struct ssl_st SSL;
+typedef struct ssl_ctx_st SSL_CTX;
+
 /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
 typedef struct ssl_method_st
 	{
 	int version;
-	int (*ssl_new)();
-	void (*ssl_clear)();
-	void (*ssl_free)();
-	int (*ssl_accept)();
-	int (*ssl_connect)();
-	int (*ssl_read)();
-	int (*ssl_peek)();
-	int (*ssl_write)();
-	int (*ssl_shutdown)();
-	int (*ssl_renegotiate)();
-	long (*ssl_ctrl)();
-	long (*ssl_ctx_ctrl)();
-	SSL_CIPHER *(*get_cipher_by_char)();
-	int (*put_cipher_by_char)();
-	int (*ssl_pending)();
-	int (*num_ciphers)();
-	SSL_CIPHER *(*get_cipher)();
-	struct ssl_method_st *(*get_ssl_method)();
-	long (*get_timeout)();
+	int (*ssl_new)(SSL *s);
+	void (*ssl_clear)(SSL *s);
+	void (*ssl_free)(SSL *s);
+	int (*ssl_accept)(SSL *s);
+	int (*ssl_connect)(SSL *s);
+	int (*ssl_read)(SSL *s,void *buf,int len);
+	int (*ssl_peek)(SSL *s,char *buf,int len);
+	int (*ssl_write)(SSL *s,const void *buf,int len);
+	int (*ssl_shutdown)(SSL *s);
+	int (*ssl_renegotiate)(SSL *s);
+	int (*ssl_renegotiate_check)(SSL *s);
+	long (*ssl_ctrl)(SSL *s,int cmd,long larg,char *parg);
+	long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,char *parg);
+	SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
+	int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);
+	int (*ssl_pending)(SSL *s);
+	int (*num_ciphers)(void);
+	SSL_CIPHER *(*get_cipher)(unsigned ncipher);
+	struct ssl_method_st *(*get_ssl_method)(int version);
+	long (*get_timeout)(void);
 	struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
+	int (*ssl_version)();
 	} SSL_METHOD;
 
-typedef struct ssl_compression_st
-	{
-	char *stuff;
-	} SSL_COMPRESSION;
-
 /* Lets make this into an ASN.1 type structure as follows
  * SSL_SESSION_ID ::= SEQUENCE {
  *	version 		INTEGER,	-- structure version number
@@ -206,6 +214,8 @@ typedef struct ssl_compression_st
  *	Time [ 1 ] EXPLICIT	INTEGER,	-- optional Start Time
  *	Timeout [ 2 ] EXPLICIT	INTEGER,	-- optional Timeout ins seconds
  *	Peer [ 3 ] EXPLICIT	X509,		-- optional Peer Certificate
+ *	Session_ID_context [ 4 ] EXPLICIT OCTET_STRING,   -- the Session ID context
+ *	Compression [5] IMPLICIT ASN1_OBJECT	-- compression OID XXXXX
  *	}
  * Look in ssl/ssl_asn1.c for more details
  * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
@@ -223,29 +233,35 @@ typedef struct ssl_session_st
 	/* session_id - valid? */
 	unsigned int session_id_length;
 	unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
+	/* this is used to determine whether the session is being reused in
+	 * the appropriate context. It is up to the application to set this,
+	 * via SSL_new */
+	unsigned int sid_ctx_length;
+	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
 
 	int not_resumable;
 
 	/* The cert is the certificate used to establish this connection */
-	struct cert_st /* CERT */ *cert;
+	struct sess_cert_st /* SESS_CERT */ *sess_cert;
 
-	/* This is the cert for the other end.  On servers, it will be
-	 * the same as cert->x509 */
+	/* This is the cert for the other end.
+	 * On clients, it will be the same as sess_cert->peer_key->x509
+	 * (the latter is not enough as sess_cert is not retained
+	 * in the external representation of sessions, see ssl_asn1.c). */
 	X509 *peer;
 
 	int references;
 	long timeout;
 	long time;
 
-	SSL_COMPRESSION *read_compression;
-	SSL_COMPRESSION *write_compression;
+	int compress_meth;		/* Need to lookup the method */
 
 	SSL_CIPHER *cipher;
 	unsigned long cipher_id;	/* when ASN.1 loaded, this
 					 * needs to be used to load
 					 * the 'cipher' structure */
 
-	STACK /* SSL_CIPHER */ *ciphers; /* shared ciphers? */
+	STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */
 
 	CRYPTO_EX_DATA ex_data; /* application specific data */
 
@@ -262,42 +278,81 @@ typedef struct ssl_session_st
 #define SSL_OP_MSIE_SSLV2_RSA_PADDING			0x00000040L
 #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG			0x00000080L
 #define SSL_OP_TLS_D5_BUG				0x00000100L
-#define	SSL_OP_TLS_BLOCK_PADDING_BUG			0x00000200L
+#define SSL_OP_TLS_BLOCK_PADDING_BUG			0x00000200L
+#define SSL_OP_TLS_ROLLBACK_BUG				0x00000400L
 
-/* If set, only use tmp_dh parameters once */
+/* If set, always create a new key when using tmp_dh parameters */
 #define SSL_OP_SINGLE_DH_USE				0x00100000L
 /* Set to also use the tmp_rsa key when doing RSA operations. */
 #define SSL_OP_EPHEMERAL_RSA				0x00200000L
 
+/* The next flag deliberately changes the ciphertest, this is a check
+ * for the PKCS#1 attack */
+#define SSL_OP_PKCS1_CHECK_1				0x08000000L
+#define SSL_OP_PKCS1_CHECK_2				0x10000000L
 #define SSL_OP_NETSCAPE_CA_DN_BUG			0x20000000L
 #define SSL_OP_NON_EXPORT_FIRST 			0x40000000L
 #define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG		0x80000000L
 #define SSL_OP_ALL					0x000FFFFFL
 
-#define SSL_CTX_set_options(ctx,op)	((ctx)->options|=(op))
-#define SSL_set_options(ssl,op)		((ssl)->options|=(op))
-
 #define SSL_OP_NO_SSLv2					0x01000000L
 #define SSL_OP_NO_SSLv3					0x02000000L
 #define SSL_OP_NO_TLSv1					0x04000000L
 
-/* Normally you will only use these if your application wants to use
- * the certificate store in other places, perhaps PKCS7 */
-#define SSL_CTX_get_cert_store(ctx)     ((ctx)->cert_store)
-#define SSL_CTX_set_cert_store(ctx,cs) \
-                (X509_STORE_free((ctx)->cert_store),(ctx)->cert_store=(cs))
-
+/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
+ * when just a single record has been written): */
+#define SSL_MODE_ENABLE_PARTIAL_WRITE       0x00000001L
+/* Make it possible to retry SSL_write() with changed buffer location
+ * (buffer contents must stay the same!); this is not the default to avoid
+ * the misconception that non-blocking SSL_write() behaves like
+ * non-blocking write(): */
+#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
+
+/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
+ * they cannot be used to clear bits. */
+
+#define SSL_CTX_set_options(ctx,op) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_OPTIONS,op,NULL)
+#define SSL_CTX_get_options(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_OPTIONS,0,NULL)
+#define SSL_set_options(ssl,op) \
+	SSL_ctrl(ssl,SSL_CTRL_OPTIONS,op,NULL)
+#define SSL_get_options(ssl) \
+        SSL_ctrl(ssl,SSL_CTRL_OPTIONS,0,NULL)
+
+#define SSL_CTX_set_mode(ctx,op) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_MODE,op,NULL)
+#define SSL_CTX_get_mode(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_MODE,0,NULL)
+#define SSL_set_mode(ssl,op) \
+	SSL_ctrl(ssl,SSL_CTRL_MODE,op,NULL)
+#define SSL_get_mode(ssl) \
+        SSL_ctrl(ssl,SSL_CTRL_MODE,0,NULL)
 
 #define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT	(1024*20)
 
-typedef struct ssl_ctx_st
+typedef struct ssl_comp_st
+{
+    int id;
+    char *name;
+#ifdef HEADER_COMP_H
+    COMP_METHOD *method;
+#else
+    char *method;
+#endif
+} SSL_COMP;
+
+DECLARE_STACK_OF(SSL_COMP)
+
+struct ssl_ctx_st
 	{
 	SSL_METHOD *method;
 	unsigned long options;
+	unsigned long mode;
 
-	STACK /* SSL_CIPHER */ *cipher_list;
+	STACK_OF(SSL_CIPHER) *cipher_list;
 	/* same as above but sorted for lookup */
-	STACK /* SSL_CIPHER */ *cipher_list_by_id;
+	STACK_OF(SSL_CIPHER) *cipher_list_by_id;
 
 	struct x509_store_st /* X509_STORE */ *cert_store;
 	struct lhash_st /* LHASH */ *sessions;	/* a set of SSL_SESSION's */
@@ -328,64 +383,70 @@ typedef struct ssl_ctx_st
 	 * a session-id is removed from the cache.  Again, a return
 	 * of 0 mens that SSLeay should not SSL_SESSION_free() since
 	 * the application is doing something with it. */
-#ifndef NOPROTO
 	int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess);
 	void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess);
 	SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
 		unsigned char *data,int len,int *copy);
-#else
-	int (*new_session_cb)();
-	void (*remove_session_cb)();
-	SSL_SESSION *(*get_session_cb)();
-#endif
-
-	int sess_connect;	/* SSL new connection - started */
-	int sess_connect_renegotiate;/* SSL renegotiatene  - requested */
-	int sess_connect_good;	/* SSL new connection/renegotiate - finished */
-	int sess_accept;	/* SSL new accept - started */
-	int sess_accept_renegotiate;/* SSL renegotiatene - requested */
-	int sess_accept_good;	/* SSL accept/renegotiate - finished */
-	int sess_miss;		/* session lookup misses  */
-	int sess_timeout;	/* session reuse attempt on timeouted session */
-	int sess_cache_full;	/* session removed due to full cache */
-	int sess_hit;		/* session reuse actually done */
-	int sess_cb_hit;	/* session-id that was not in the cache was
-				 * passed back via the callback.  This
-				 * indicates that the application is supplying
-				 * session-id's from other processes -
-				 * spooky :-) */
+	struct
+		{
+		int sess_connect;	/* SSL new conn - started */
+		int sess_connect_renegotiate;/* SSL reneg - requested */
+		int sess_connect_good;	/* SSL new conne/reneg - finished */
+		int sess_accept;	/* SSL new accept - started */
+		int sess_accept_renegotiate;/* SSL reneg - requested */
+		int sess_accept_good;	/* SSL accept/reneg - finished */
+		int sess_miss;		/* session lookup misses  */
+		int sess_timeout;	/* reuse attempt on timeouted session */
+		int sess_cache_full;	/* session removed due to full cache */
+		int sess_hit;		/* session reuse actually done */
+		int sess_cb_hit;	/* session-id that was not
+					 * in the cache was
+					 * passed back via the callback.  This
+					 * indicates that the application is
+					 * supplying session-id's from other
+					 * processes - spooky :-) */
+		} stats;
 
 	int references;
 
-	void (*info_callback)();
+/**/	void (*info_callback)();
 
 	/* if defined, these override the X509_verify_cert() calls */
-	int (*app_verify_callback)();
-	char *app_verify_arg;
+/**/	int (*app_verify_callback)();
+/**/	char *app_verify_arg; /* never used; should be void * */
 
 	/* default values to use in SSL structures */
-	struct cert_st /* CERT */ *default_cert;
-	int default_read_ahead;
-	int default_verify_mode;
-	int (*default_verify_callback)();
+/**/	struct cert_st /* CERT */ *cert;
+/**/	int read_ahead;
+/**/	int verify_mode;
+/**/	int verify_depth;
+/**/	unsigned int sid_ctx_length;
+/**/	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+/**/	int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx);
 
 	/* Default password callback. */
-	int (*default_passwd_callback)();
+/**/	pem_password_cb *default_passwd_callback;
+
+	/* Default password callback user data. */
+/**/	void *default_passwd_callback_userdata;
 
 	/* get client cert callback */
-	int (*client_cert_cb)(/* SSL *ssl, X509 **x509, EVP_PKEY **pkey */);
+/**/	int (*client_cert_cb)(/* SSL *ssl, X509 **x509, EVP_PKEY **pkey */);
 
 	/* what we put in client requests */
-	STACK *client_CA;
+	STACK_OF(X509_NAME) *client_CA;
 
-	int quiet_shutdown;
+/**/	int quiet_shutdown;
 
 	CRYPTO_EX_DATA ex_data;
 
-	EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */
-	EVP_MD *md5;	/* For SSLv3/TLSv1 'ssl3-md5' */
-	EVP_MD *sha1;   /* For SSLv3/TLSv1 'ssl3->sha1' */
-	} SSL_CTX;
+	const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */
+	const EVP_MD *md5;	/* For SSLv3/TLSv1 'ssl3-md5' */
+	const EVP_MD *sha1;   /* For SSLv3/TLSv1 'ssl3->sha1' */
+
+	STACK_OF(X509) *extra_certs;
+        STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
+	};
 
 #define SSL_SESS_CACHE_OFF			0x0000
 #define SSL_SESS_CACHE_CLIENT			0x0001
@@ -397,23 +458,30 @@ typedef struct ssl_ctx_st
  * defined, this will still get called. */
 #define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP	0x0100
 
-#define SSL_CTX_sessions(ctx)		((ctx)->sessions)
-/* You will need to include lhash.h to access the following #define */
-#define SSL_CTX_sess_number(ctx)	((ctx)->sessions->num_items)
-#define SSL_CTX_sess_connect(ctx)	((ctx)->sess_connect)
-#define SSL_CTX_sess_connect_good(ctx)	((ctx)->sess_connect_good)
-#define SSL_CTX_sess_accept(ctx)	((ctx)->sess_accept)
-#define SSL_CTX_sess_accept_renegotiate(ctx)	((ctx)->sess_accept_renegotiate)
-#define SSL_CTX_sess_connect_renegotiate(ctx)	((ctx)->sess_connect_renegotiate)
-#define SSL_CTX_sess_accept_good(ctx)	((ctx)->sess_accept_good)
-#define SSL_CTX_sess_hits(ctx)		((ctx)->sess_hit)
-#define SSL_CTX_sess_cb_hits(ctx)	((ctx)->sess_cb_hit)
-#define SSL_CTX_sess_misses(ctx)	((ctx)->sess_miss)
-#define SSL_CTX_sess_timeouts(ctx)	((ctx)->sess_timeout)
-#define SSL_CTX_sess_cache_full(ctx)	((ctx)->sess_cache_full)
-
-#define SSL_CTX_sess_set_cache_size(ctx,t) ((ctx)->session_cache_size=(t))
-#define SSL_CTX_sess_get_cache_size(ctx)   ((ctx)->session_cache_size)
+#define SSL_CTX_sess_number(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
+#define SSL_CTX_sess_connect(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)
+#define SSL_CTX_sess_connect_good(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)
+#define SSL_CTX_sess_connect_renegotiate(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)
+#define SSL_CTX_sess_accept(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)
+#define SSL_CTX_sess_accept_renegotiate(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)
+#define SSL_CTX_sess_accept_good(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)
+#define SSL_CTX_sess_hits(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)
+#define SSL_CTX_sess_cb_hits(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)
+#define SSL_CTX_sess_misses(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)
+#define SSL_CTX_sess_timeouts(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
+#define SSL_CTX_sess_cache_full(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
 
 #define SSL_CTX_sess_set_new_cb(ctx,cb)	((ctx)->new_session_cb=(cb))
 #define SSL_CTX_sess_get_new_cb(ctx)	((ctx)->new_session_cb)
@@ -421,15 +489,8 @@ typedef struct ssl_ctx_st
 #define SSL_CTX_sess_get_remove_cb(ctx)	((ctx)->remove_session_cb)
 #define SSL_CTX_sess_set_get_cb(ctx,cb)	((ctx)->get_session_cb=(cb))
 #define SSL_CTX_sess_get_get_cb(ctx)	((ctx)->get_session_cb)
-#define SSL_CTX_set_session_cache_mode(ctx,m)	((ctx)->session_cache_mode=(m))
-#define SSL_CTX_get_session_cache_mode(ctx)	((ctx)->session_cache_mode)
-#define SSL_CTX_set_timeout(ctx,t)	((ctx)->session_timeout=(t))
-#define SSL_CTX_get_timeout(ctx)	((ctx)->session_timeout)
-
 #define SSL_CTX_set_info_callback(ctx,cb)	((ctx)->info_callback=(cb))
 #define SSL_CTX_get_info_callback(ctx)		((ctx)->info_callback)
-#define SSL_CTX_set_default_read_ahead(ctx,m) (((ctx)->default_read_ahead)=(m))
-
 #define SSL_CTX_set_client_cert_cb(ctx,cb)	((ctx)->client_cert_cb=(cb))
 #define SSL_CTX_get_client_cert_cb(ctx)		((ctx)->client_cert_cb)
 
@@ -439,18 +500,16 @@ typedef struct ssl_ctx_st
 #define SSL_X509_LOOKUP	4
 
 /* These will only be used when doing non-blocking IO */
-#define SSL_want(s)		((s)->rwstate)
-#define SSL_want_nothing(s)	((s)->rwstate == SSL_NOTHING)
-#define SSL_want_read(s)	((s)->rwstate == SSL_READING)
-#define SSL_want_write(s)	((s)->rwstate == SSL_WRITING)
-#define SSL_want_x509_lookup(s)	((s)->rwstate == SSL_X509_LOOKUP)
+#define SSL_want_nothing(s)	(SSL_want(s) == SSL_NOTHING)
+#define SSL_want_read(s)	(SSL_want(s) == SSL_READING)
+#define SSL_want_write(s)	(SSL_want(s) == SSL_WRITING)
+#define SSL_want_x509_lookup(s)	(SSL_want(s) == SSL_X509_LOOKUP)
 
-typedef struct ssl_st
+struct ssl_st
 	{
-	/* procol version
-	 * 2 for SSLv2
-	 * 3 for SSLv3
-	 * -3 for SSLv3 but accept SSLv2 */
+	/* protocol version
+	 * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION)
+	 */
 	int version;
 	int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
 
@@ -480,7 +539,15 @@ typedef struct ssl_st
 	int in_handshake;
 	int (*handshake_func)();
 
-/*	int server;*/	/* are we the server side? */
+	/* Imagine that here's a boolean member "init" that is
+	 * switched as soon as SSL_set_{accept/connect}_state
+	 * is called for the first time, so that "state" and
+	 * "handshake_func" are properly initialized.  But as
+	 * handshake_func is == 0 until then, we use this
+	 * test instead of an "init" member.
+	 */
+
+	int server;	/* are we the server side? - mostly used by SSL_clear*/
 
 	int new_session;/* 1 if we are to use a new session */
 	int quiet_shutdown;/* don't send shutdown packets */
@@ -504,19 +571,27 @@ typedef struct ssl_st
 	int hit;		/* reusing a previous session */
 
 	/* crypto */
-	STACK /* SSL_CIPHER */ *cipher_list;
-	STACK /* SSL_CIPHER */ *cipher_list_by_id;
+	STACK_OF(SSL_CIPHER) *cipher_list;
+	STACK_OF(SSL_CIPHER) *cipher_list_by_id;
 
 	/* These are the ones being used, the ones is SSL_SESSION are
 	 * the ones to be 'copied' into these ones */
 
 	EVP_CIPHER_CTX *enc_read_ctx;		/* cryptographic state */
-	EVP_MD *read_hash;			/* used for mac generation */
-	SSL_COMPRESSION *read_compression;	/* compression */
+	const EVP_MD *read_hash;		/* used for mac generation */
+#ifdef HEADER_COMP_H
+	COMP_CTX *expand;			/* uncompress */
+#else
+	char *expand;
+#endif
 
 	EVP_CIPHER_CTX *enc_write_ctx;		/* cryptographic state */
-	EVP_MD *write_hash;			/* used for mac generation */
-	SSL_COMPRESSION *write_compression;	/* compression */
+	const EVP_MD *write_hash;		/* used for mac generation */
+#ifdef HEADER_COMP_H
+	COMP_CTX *compress;			/* compression */
+#else
+	char *compress;	
+#endif
 
 	/* session info */
 
@@ -524,13 +599,19 @@ typedef struct ssl_st
 	/* This is used to hold the server certificate used */
 	struct cert_st /* CERT */ *cert;
 
+	/* the session_id_context is used to ensure sessions are only reused
+	 * in the appropriate context */
+	unsigned int sid_ctx_length;
+	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+
 	/* This can also be in the session once a session is established */
 	SSL_SESSION *session;
 
 	/* Used in SSL2 and SSL3 */
 	int verify_mode;	/* 0 don't care about verify failure.
 				 * 1 fail if verify fails */
-	int (*verify_callback)(); /* fail if callback returns 0 */
+	int verify_depth;
+	int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */
 	void (*info_callback)(); /* optional informational callback */
 
 	int error;		/* error bytes to be written */
@@ -546,17 +627,20 @@ typedef struct ssl_st
 	CRYPTO_EX_DATA ex_data;
 
 	/* for server side, keep the list of CA_dn we can use */
-	STACK /* X509_NAME */ *client_CA;
+	STACK_OF(X509_NAME) *client_CA;
 
 	int references;
-	unsigned long options;
+	unsigned long options; /* protocol behaviour */
+	unsigned long mode; /* API behaviour */
 	int first_packet;
-	} SSL;
+	int client_version;	/* what was passed, used for
+				 * SSLv3/TLS rolback check */
+	};
 
-#include "ssl2.h"
-#include "ssl3.h"
-#include "tls1.h" /* This is mostly sslv3 with a few tweaks */
-#include "ssl23.h"
+#include <openssl/ssl2.h>
+#include <openssl/ssl3.h>
+#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
+#include <openssl/ssl23.h>
 
 /* compatablity */
 #define SSL_set_app_data(s,arg)		(SSL_set_ex_data(s,0,(char *)arg))
@@ -616,6 +700,8 @@ typedef struct ssl_st
 #define SSL_VERIFY_FAIL_IF_NO_PEER_CERT	0x02
 #define SSL_VERIFY_CLIENT_ONCE		0x04
 
+#define SSLeay_add_ssl_algorithms()	SSL_library_init()
+
 /* this is for backward compatablility */
 #if 0 /* NEW_SSLEAY */
 #define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c)
@@ -638,28 +724,25 @@ typedef struct ssl_st
 #define SSL_get_timeout(a)	SSL_SESSION_get_timeout(a)
 #define SSL_set_timeout(a,b)	SSL_SESSION_set_timeout((a),(b))
 
-/* VMS linker has a 31 char name limit */
-#define SSL_CTX_set_cert_verify_callback(a,b,c) \
-		SSL_CTX_set_cert_verify_cb((a),(b),(c))
-
 #if 1 /*SSLEAY_MACROS*/
 #define d2i_SSL_SESSION_bio(bp,s_id) (SSL_SESSION *)ASN1_d2i_bio( \
 	(char *(*)())SSL_SESSION_new,(char *(*)())d2i_SSL_SESSION, \
 	(bp),(unsigned char **)(s_id))
 #define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio(i2d_SSL_SESSION, \
 	bp,(unsigned char *)s_id)
-#define PEM_read_SSL_SESSION(fp,x,cb) (SSL_SESSION *)PEM_ASN1_read( \
-	(char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb)
-#define PEM_read_bio_SSL_SESSION(bp,x,cb) (SSL_SESSION *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb)
+#define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \
+	(char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u)
+#define PEM_read_bio_SSL_SESSION(bp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read_bio( \
+	(char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb,u)
 #define PEM_write_SSL_SESSION(fp,x) \
 	PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \
-		PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL)
+		PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL)
 #define PEM_write_bio_SSL_SESSION(bp,x) \
 	PEM_ASN1_write_bio((int (*)())i2d_SSL_SESSION, \
-		PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL)
+		PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL,NULL)
 #endif
 
+#define SSL_AD_REASON_OFFSET		1000
 /* These alert types are for SSLv3 and TLSv1 */
 #define SSL_AD_CLOSE_NOTIFY		SSL3_AD_CLOSE_NOTIFY
 #define SSL_AD_UNEXPECTED_MESSAGE	SSL3_AD_UNEXPECTED_MESSAGE /* fatal */
@@ -691,7 +774,7 @@ typedef struct ssl_st
 #define SSL_ERROR_WANT_READ		2
 #define SSL_ERROR_WANT_WRITE		3
 #define SSL_ERROR_WANT_X509_LOOKUP	4
-#define SSL_ERROR_SYSCALL		5 /* look at errno */
+#define SSL_ERROR_SYSCALL		5 /* look at error stack/return value/errno */
 #define SSL_ERROR_ZERO_RETURN		6
 #define SSL_ERROR_WANT_CONNECT		7
 
@@ -706,6 +789,31 @@ typedef struct ssl_st
 #define SSL_CTRL_GET_NUM_RENEGOTIATIONS		8
 #define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS	9
 #define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS	10
+#define SSL_CTRL_GET_FLAGS			11
+#define SSL_CTRL_EXTRA_CHAIN_CERT		12
+
+/* Stats */
+#define SSL_CTRL_SESS_NUMBER			20
+#define SSL_CTRL_SESS_CONNECT			21
+#define SSL_CTRL_SESS_CONNECT_GOOD		22
+#define SSL_CTRL_SESS_CONNECT_RENEGOTIATE	23
+#define SSL_CTRL_SESS_ACCEPT			24
+#define SSL_CTRL_SESS_ACCEPT_GOOD		25
+#define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE	26
+#define SSL_CTRL_SESS_HIT			27
+#define SSL_CTRL_SESS_CB_HIT			28
+#define SSL_CTRL_SESS_MISSES			29
+#define SSL_CTRL_SESS_TIMEOUTS			30
+#define SSL_CTRL_SESS_CACHE_FULL		31
+#define SSL_CTRL_OPTIONS			32
+#define SSL_CTRL_MODE			33
+
+#define SSL_CTRL_GET_READ_AHEAD			40
+#define SSL_CTRL_SET_READ_AHEAD			41
+#define SSL_CTRL_SET_SESS_CACHE_SIZE		42
+#define SSL_CTRL_GET_SESS_CACHE_SIZE		43
+#define SSL_CTRL_SET_SESS_CACHE_MODE		44
+#define SSL_CTRL_GET_SESS_CACHE_MODE		45
 
 #define SSL_session_reused(ssl) \
 	SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
@@ -723,16 +831,31 @@ typedef struct ssl_st
 #define SSL_CTX_set_tmp_dh(ctx,dh) \
 	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
 
-/* For the next 2, the callbacks are 
- * RSA *tmp_rsa_cb(int export)
- * DH *tmp_dh_cb(int export)
- */
-#define SSL_CTX_set_tmp_rsa_callback(ctx,cb) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,0,(char *)cb)
-#define SSL_CTX_set_tmp_dh_callback(ctx,dh) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,0,(char *)dh)
-
-#ifndef NOPROTO
+#define SSL_need_tmp_RSA(ssl) \
+	SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL)
+#define SSL_set_tmp_rsa(ssl,rsa) \
+	SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
+#define SSL_set_tmp_dh(ssl,dh) \
+	SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
+
+#define SSL_CTX_add_extra_chain_cert(ctx,x509) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
+
+/* VMS uses only 31 characters for symbols. */
+#ifdef VMS
+#undef SSL_CTX_set_cert_verify_callback
+#define SSL_CTX_set_cert_verify_callback SSL_CTX_set_cert_verify_cb
+#undef SSL_CTX_use_certificate_chain_file
+#define SSL_CTX_use_certificate_chain_file SSL_CTX_use_cert_chain_file
+#undef SSL_CTX_set_default_verify_paths
+#define SSL_CTX_set_default_verify_paths SSL_CTX_set_def_verify_paths
+#undef SSL_get_ex_data_X509_STORE_CTX_idx
+#define SSL_get_ex_data_X509_STORE_CTX_idx SSL_get_ex_data_X509_STOR_CTX_i
+#undef SSL_add_file_cert_subjects_to_stack
+#define SSL_add_file_cert_subjects_to_stack SSL_add_file_cert_sub_to_stack
+#undef SSL_add_dir_cert_subjects_to_stack
+#define SSL_add_dir_cert_subjects_to_stack SSL_add_dir_cert_sub_to_stack
+#endif
 
 #ifdef HEADER_BIO_H
 BIO_METHOD *BIO_f_ssl(void);
@@ -747,16 +870,22 @@ void BIO_ssl_shutdown(BIO *ssl_bio);
 int	SSL_CTX_set_cipher_list(SSL_CTX *,char *str);
 SSL_CTX *SSL_CTX_new(SSL_METHOD *meth);
 void	SSL_CTX_free(SSL_CTX *);
-void	SSL_clear(SSL *s);
+long SSL_CTX_set_timeout(SSL_CTX *ctx,long t);
+long SSL_CTX_get_timeout(SSL_CTX *ctx);
+X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *);
+void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *);
+int SSL_want(SSL *s);
+int	SSL_clear(SSL *s);
+
 void	SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm);
 
 SSL_CIPHER *SSL_get_current_cipher(SSL *s);
 int	SSL_CIPHER_get_bits(SSL_CIPHER *c,int *alg_bits);
 char *	SSL_CIPHER_get_version(SSL_CIPHER *c);
-char *	SSL_CIPHER_get_name(SSL_CIPHER *c);
+const char *	SSL_CIPHER_get_name(SSL_CIPHER *c);
 
 int	SSL_get_fd(SSL *s);
-char  * SSL_get_cipher_list(SSL *s,int n);
+const char  * SSL_get_cipher_list(SSL *s,int n);
 char *	SSL_get_shared_ciphers(SSL *s, char *buf, int len);
 int	SSL_get_read_ahead(SSL * s);
 int	SSL_pending(SSL *s);
@@ -773,23 +902,33 @@ BIO *	SSL_get_wbio(SSL *s);
 int	SSL_set_cipher_list(SSL *s, char *str);
 void	SSL_set_read_ahead(SSL *s, int yes);
 int	SSL_get_verify_mode(SSL *s);
-int	(*SSL_get_verify_callback(SSL *s))();
-void	SSL_set_verify(SSL *s, int mode, int (*callback) ());
+int	SSL_get_verify_depth(SSL *s);
+int	(*SSL_get_verify_callback(SSL *s))(int,X509_STORE_CTX *);
+void	SSL_set_verify(SSL *s, int mode,
+		       int (*callback)(int ok,X509_STORE_CTX *ctx));
+void	SSL_set_verify_depth(SSL *s, int depth);
+#ifndef NO_RSA
 int	SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
+#endif
 int	SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
 int	SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
 int	SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, unsigned char *d, long len);
 int	SSL_use_certificate(SSL *ssl, X509 *x);
-int	SSL_use_certificate_ASN1(SSL *ssl, int len, unsigned char *d);
+int	SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len);
 
 #ifndef NO_STDIO
-int	SSL_use_RSAPrivateKey_file(SSL *ssl, char *file, int type);
-int	SSL_use_PrivateKey_file(SSL *ssl, char *file, int type);
-int	SSL_use_certificate_file(SSL *ssl, char *file, int type);
-int	SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, char *file, int type);
-int	SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, char *file, int type);
-int	SSL_CTX_use_certificate_file(SSL_CTX *ctx, char *file, int type);
-STACK * SSL_load_client_CA_file(char *file);
+int	SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
+int	SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
+int	SSL_use_certificate_file(SSL *ssl, const char *file, int type);
+int	SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
+int	SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
+int	SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
+int	SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */
+STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
+int	SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
+					    const char *file);
+int	SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
+					   const char *dir);
 #endif
 
 void	ERR_load_SSL_strings(void );
@@ -824,13 +963,22 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,unsigned char **pp,long length);
 X509 *	SSL_get_peer_certificate(SSL *s);
 #endif
 
-STACK *	SSL_get_peer_cert_chain(SSL *s);
+STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s);
+
+#ifdef VMS
+#define SSL_CTX_set_default_passwd_cb_userdata SSL_CTX_set_def_passwd_cb_ud
+#endif
 
 int SSL_CTX_get_verify_mode(SSL_CTX *ctx);
-int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))();
-void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*callback)());
-void SSL_CTX_set_cert_verify_cb(SSL_CTX *ctx, int (*cb)(),char *arg);
+int SSL_CTX_get_verify_depth(SSL_CTX *ctx);
+int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int,X509_STORE_CTX *);
+void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,
+			int (*callback)(int, X509_STORE_CTX *));
+void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);
+void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(),char *arg);
+#ifndef NO_RSA
 int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
+#endif
 int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);
 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
 int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx,
@@ -838,19 +986,24 @@ int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx,
 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
 int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);
 
-void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx,int (*cb)());
+void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
+void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
 
 int SSL_CTX_check_private_key(SSL_CTX *ctx);
 int SSL_check_private_key(SSL *ctx);
 
+int	SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
+				       unsigned int sid_ctx_len);
+
 SSL *	SSL_new(SSL_CTX *ctx);
-void    SSL_clear(SSL *s);
+int	SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
+				   unsigned int sid_ctx_len);
 void	SSL_free(SSL *ssl);
 int 	SSL_accept(SSL *ssl);
 int 	SSL_connect(SSL *ssl);
 int 	SSL_read(SSL *ssl,char *buf,int num);
 int 	SSL_peek(SSL *ssl,char *buf,int num);
-int 	SSL_write(SSL *ssl,char *buf,int num);
+int 	SSL_write(SSL *ssl,const char *buf,int num);
 long	SSL_ctrl(SSL *ssl,int cmd, long larg, char *parg);
 long	SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, char *parg);
 
@@ -876,7 +1029,7 @@ SSL_METHOD *TLSv1_method(void);		/* TLSv1.0 */
 SSL_METHOD *TLSv1_server_method(void);	/* TLSv1.0 */
 SSL_METHOD *TLSv1_client_method(void);	/* TLSv1.0 */
 
-STACK *SSL_get_ciphers(SSL *s);
+STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s);
 
 int SSL_do_handshake(SSL *s);
 int SSL_renegotiate(SSL *s);
@@ -889,10 +1042,10 @@ char *SSL_alert_type_string(int value);
 char *SSL_alert_desc_string_long(int value);
 char *SSL_alert_desc_string(int value);
 
-void SSL_set_client_CA_list(SSL *s, STACK *list);
-void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK *list);
-STACK *SSL_get_client_CA_list(SSL *s);
-STACK *SSL_CTX_get_client_CA_list(SSL_CTX *s);
+void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list);
+void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
+STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s);
+STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *s);
 int SSL_add_client_CA(SSL *ssl,X509 *x);
 int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x);
 
@@ -901,10 +1054,10 @@ void SSL_set_accept_state(SSL *s);
 
 long SSL_get_default_timeout(SSL *s);
 
-void SSLeay_add_ssl_algorithms(void );
+int SSL_library_init(void );
 
 char *SSL_CIPHER_description(SSL_CIPHER *,char *buf,int size);
-STACK *SSL_dup_CA_list(STACK *sk);
+STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
 
 SSL *SSL_dup(SSL *ssl);
 
@@ -919,7 +1072,8 @@ void SSL_set_shutdown(SSL *ssl,int mode);
 int SSL_get_shutdown(SSL *ssl);
 int SSL_version(SSL *ssl);
 int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
-int SSL_CTX_load_verify_locations(SSL_CTX *ctx,char *CAfile,char *CApath);
+int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
+	const char *CApath);
 SSL_SESSION *SSL_get_session(SSL *ssl);
 SSL_CTX *SSL_get_SSL_CTX(SSL *ssl);
 void SSL_set_info_callback(SSL *ssl,void (*cb)());
@@ -929,232 +1083,69 @@ int SSL_state(SSL *ssl);
 void SSL_set_verify_result(SSL *ssl,long v);
 long SSL_get_verify_result(SSL *ssl);
 
-int SSL_set_ex_data(SSL *ssl,int idx,char *data);
-char *SSL_get_ex_data(SSL *ssl,int idx);
+int SSL_set_ex_data(SSL *ssl,int idx,void *data);
+void *SSL_get_ex_data(SSL *ssl,int idx);
 int SSL_get_ex_new_index(long argl, char *argp, int (*new_func)(),
 	int (*dup_func)(), void (*free_func)());
 
-int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,char *data);
-char *SSL_SESSION_get_ex_data(SSL_SESSION *ss,int idx);
+int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data);
+void *SSL_SESSION_get_ex_data(SSL_SESSION *ss,int idx);
 int SSL_SESSION_get_ex_new_index(long argl, char *argp, int (*new_func)(),
 	int (*dup_func)(), void (*free_func)());
 
-int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,char *data);
-char *SSL_CTX_get_ex_data(SSL_CTX *ssl,int idx);
+int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data);
+void *SSL_CTX_get_ex_data(SSL_CTX *ssl,int idx);
 int SSL_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(),
 	int (*dup_func)(), void (*free_func)());
 
-#else
-
-BIO_METHOD *BIO_f_ssl();
-BIO *BIO_new_ssl();
-BIO *BIO_new_ssl_connect();
-BIO *BIO_new_buffer_ssl_connect();
-int BIO_ssl_copy_session_id();
-void BIO_ssl_shutdown();
-
-int	SSL_CTX_set_cipher_list();
-SSL_CTX *SSL_CTX_new();
-void	SSL_CTX_free();
-void	SSL_clear();
-void	SSL_CTX_flush_sessions();
-
-SSL_CIPHER *SSL_get_current_cipher();
-int	SSL_CIPHER_get_bits();
-char *	SSL_CIPHER_get_version();
-char *	SSL_CIPHER_get_name();
-
-int	SSL_get_fd();
-char  * SSL_get_cipher_list();
-char *	SSL_get_shared_ciphers();
-int	SSL_get_read_ahead();
-int	SSL_pending();
-#ifndef NO_SOCK
-int	SSL_set_fd();
-int	SSL_set_rfd();
-int	SSL_set_wfd();
-#endif
-#ifdef HEADER_BIO_H
-void	SSL_set_bio();
-BIO *	SSL_get_rbio();
-BIO *	SSL_get_wbio();
-#endif
-int	SSL_set_cipher_list();
-void	SSL_set_read_ahead();
-int	SSL_get_verify_mode();
-
-void	SSL_set_verify();
-int	SSL_use_RSAPrivateKey();
-int	SSL_use_RSAPrivateKey_ASN1();
-int	SSL_use_PrivateKey();
-int	SSL_use_PrivateKey_ASN1();
-int	SSL_use_certificate();
-int	SSL_use_certificate_ASN1();
-
-#ifndef NO_STDIO
-int	SSL_use_RSAPrivateKey_file();
-int	SSL_use_PrivateKey_file();
-int	SSL_use_certificate_file();
-int	SSL_CTX_use_RSAPrivateKey_file();
-int	SSL_CTX_use_PrivateKey_file();
-int	SSL_CTX_use_certificate_file();
-STACK * SSL_load_client_CA_file();
-#endif
+int SSL_get_ex_data_X509_STORE_CTX_idx(void );
+
+#define SSL_CTX_sess_set_cache_size(ctx,t) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)
+#define SSL_CTX_sess_get_cache_size(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL)
+#define SSL_CTX_set_session_cache_mode(ctx,m) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)
+#define SSL_CTX_get_session_cache_mode(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL)
+
+#define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx)
+#define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m)
+#define SSL_CTX_get_read_ahead(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
+#define SSL_CTX_set_read_ahead(ctx,m) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,0,NULL)
+
+     /* NB: the keylength is only applicable when is_export is true */
+#ifndef NO_RSA
+void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
+				  RSA *(*cb)(SSL *ssl,int is_export,
+					     int keylength));
 
-void	ERR_load_SSL_strings();
-void	SSL_load_error_strings();
-char * 	SSL_state_string();
-char * 	SSL_rstate_string();
-char * 	SSL_state_string_long();
-char * 	SSL_rstate_string_long();
-long	SSL_SESSION_get_time();
-long	SSL_SESSION_set_time();
-long	SSL_SESSION_get_timeout();
-long	SSL_SESSION_set_timeout();
-void	SSL_copy_session_id();
-
-SSL_SESSION *SSL_SESSION_new();
-unsigned long SSL_SESSION_hash();
-int	SSL_SESSION_cmp();
-#ifndef NO_FP_API
-int	SSL_SESSION_print_fp();
+void SSL_set_tmp_rsa_callback(SSL *ssl,
+				  RSA *(*cb)(SSL *ssl,int is_export,
+					     int keylength));
 #endif
-#ifdef HEADER_BIO_H
-int	SSL_SESSION_print();
-#endif
-void	SSL_SESSION_free();
-int	i2d_SSL_SESSION();
-int	SSL_set_session();
-int	SSL_CTX_add_session();
-int	SSL_CTX_remove_session();
-SSL_SESSION *d2i_SSL_SESSION();
-
-#ifdef HEADER_X509_H
-X509 *	SSL_get_peer_certificate();
-#endif
-
-STACK *	SSL_get_peer_cert_chain();
-
-int SSL_CTX_get_verify_mode();
-int (*SSL_CTX_get_verify_callback())();
-void SSL_CTX_set_verify();
-void SSL_CTX_set_cert_verify_cb();
-int SSL_CTX_use_RSAPrivateKey();
-int SSL_CTX_use_RSAPrivateKey_ASN1();
-int SSL_CTX_use_PrivateKey();
-int SSL_CTX_use_PrivateKey_ASN1();
-int SSL_CTX_use_certificate();
-int SSL_CTX_use_certificate_ASN1();
-
-void SSL_CTX_set_default_passwd_cb();
-
-int SSL_CTX_check_private_key();
-int SSL_check_private_key();
-
-SSL *	SSL_new();
-void    SSL_clear();
-void	SSL_free();
-int 	SSL_accept();
-int 	SSL_connect();
-int 	SSL_read();
-int 	SSL_peek();
-int 	SSL_write();
-long	SSL_ctrl();
-long	SSL_CTX_ctrl();
-
-int	SSL_get_error();
-char *	SSL_get_version();
-
-int SSL_CTX_set_ssl_version();
-
-SSL_METHOD *SSLv2_method();
-SSL_METHOD *SSLv2_server_method();
-SSL_METHOD *SSLv2_client_method();
-
-SSL_METHOD *SSLv3_method();
-SSL_METHOD *SSLv3_server_method();
-SSL_METHOD *SSLv3_client_method();
-
-SSL_METHOD *SSLv23_method();
-SSL_METHOD *SSLv23_server_method();
-SSL_METHOD *SSLv23_client_method();
-
-SSL_METHOD *TLSv1_method();
-SSL_METHOD *TLSv1_server_method();
-SSL_METHOD *TLSv1_client_method();
-
-STACK *SSL_get_ciphers();
-
-int SSL_do_handshake();
-int SSL_renegotiate();
-int SSL_shutdown();
-
-SSL_METHOD *SSL_get_ssl_method();
-int SSL_set_ssl_method();
-char *SSL_alert_type_string_long();
-char *SSL_alert_type_string();
-char *SSL_alert_desc_string_long();
-char *SSL_alert_desc_string();
-
-void SSL_set_client_CA_list();
-void SSL_CTX_set_client_CA_list();
-STACK *SSL_get_client_CA_list();
-STACK *SSL_CTX_get_client_CA_list();
-int SSL_add_client_CA();
-int SSL_CTX_add_client_CA();
-
-void SSL_set_connect_state();
-void SSL_set_accept_state();
-
-long SSL_get_default_timeout();
-
-void SSLeay_add_ssl_algorithms();
-
-char *SSL_CIPHER_description();
-STACK *SSL_dup_CA_list();
-
-SSL *SSL_dup();
-
-X509 *SSL_get_certificate();
-/* EVP * */ struct evp_pkey_st *SSL_get_privatekey();
-
-#ifdef this_is_for_mk1mf_pl
-EVP *SSL_get_privatekey();
-
-void SSL_CTX_set_quiet_shutdown();
-int SSL_CTX_get_quiet_shutdown();
-void SSL_set_quiet_shutdown();
-int SSL_get_quiet_shutdown();
-void SSL_set_shutdown();
-int SSL_get_shutdown();
-int SSL_version();
-int SSL_CTX_set_default_verify_paths();
-int SSL_CTX_load_verify_locations();
-SSL_SESSION *SSL_get_session();
-SSL_CTX *SSL_get_SSL_CTX();
-void SSL_set_info_callback();
-int (*SSL_get_info_callback())();
-int SSL_state();
-void SSL_set_verify_result();
-long SSL_get_verify_result();
-
-int SSL_set_ex_data();
-char *SSL_get_ex_data();
-int SSL_get_ex_new_index();
-
-int SSL_SESSION_set_ex_data();
-char *SSL_SESSION_get_ex_data();
-int SSL_SESSION_get_ex_new_index();
-
-int SSL_CTX_set_ex_data();
-char *SSL_CTX_get_ex_data();
-int SSL_CTX_get_ex_new_index();
-
+#ifndef NO_DH
+void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
+				 DH *(*dh)(SSL *ssl,int is_export,
+					   int keylength));
+void SSL_set_tmp_dh_callback(SSL *ssl,
+				 DH *(*dh)(SSL *ssl,int is_export,
+					   int keylength));
 #endif
 
+#ifdef HEADER_COMP_H
+int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
+#else
+int SSL_COMP_add_compression_method(int id,char *cm);
 #endif
 
 /* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
 /* Error codes for the SSL functions. */
 
 /* Function codes. */
@@ -1191,6 +1182,7 @@ int SSL_CTX_get_ex_new_index();
 #define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM		 130
 #define SSL_F_SSL3_CLIENT_HELLO				 131
 #define SSL_F_SSL3_CONNECT				 132
+#define SSL_F_SSL3_CTRL					 213
 #define SSL_F_SSL3_CTX_CTRL				 133
 #define SSL_F_SSL3_ENC					 134
 #define SSL_F_SSL3_GET_CERTIFICATE_REQUEST		 135
@@ -1218,58 +1210,74 @@ int SSL_CTX_get_ex_new_index();
 #define SSL_F_SSL3_SETUP_KEY_BLOCK			 157
 #define SSL_F_SSL3_WRITE_BYTES				 158
 #define SSL_F_SSL3_WRITE_PENDING			 159
+#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK	 215
+#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK	 216
 #define SSL_F_SSL_BAD_METHOD				 160
 #define SSL_F_SSL_BYTES_TO_CIPHER_LIST			 161
+#define SSL_F_SSL_CERT_DUP				 221
+#define SSL_F_SSL_CERT_INST				 222
+#define SSL_F_SSL_CERT_INSTANTIATE			 214
 #define SSL_F_SSL_CERT_NEW				 162
 #define SSL_F_SSL_CHECK_PRIVATE_KEY			 163
-#define SSL_F_SSL_CREATE_CIPHER_LIST			 164
-#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY			 165
-#define SSL_F_SSL_CTX_NEW				 166
-#define SSL_F_SSL_CTX_SET_SSL_VERSION			 167
-#define SSL_F_SSL_CTX_USE_CERTIFICATE			 168
-#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1		 169
-#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE		 170
-#define SSL_F_SSL_CTX_USE_PRIVATEKEY			 171
-#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1		 172
-#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE		 173
-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY			 174
-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1		 175
-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE		 176
-#define SSL_F_SSL_DO_HANDSHAKE				 177
-#define SSL_F_SSL_GET_NEW_SESSION			 178
-#define SSL_F_SSL_GET_SERVER_SEND_CERT			 179
-#define SSL_F_SSL_GET_SIGN_PKEY				 180
-#define SSL_F_SSL_INIT_WBIO_BUFFER			 181
-#define SSL_F_SSL_LOAD_CLIENT_CA_FILE			 182
-#define SSL_F_SSL_NEW					 183
-#define SSL_F_SSL_RSA_PRIVATE_DECRYPT			 184
-#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT			 185
-#define SSL_F_SSL_SESSION_NEW				 186
-#define SSL_F_SSL_SESSION_PRINT_FP			 187
-#define SSL_F_SSL_SET_CERT				 188
-#define SSL_F_SSL_SET_FD				 189
-#define SSL_F_SSL_SET_PKEY				 190
-#define SSL_F_SSL_SET_RFD				 191
-#define SSL_F_SSL_SET_SESSION				 192
-#define SSL_F_SSL_SET_WFD				 193
-#define SSL_F_SSL_UNDEFINED_FUNCTION			 194
-#define SSL_F_SSL_USE_CERTIFICATE			 195
-#define SSL_F_SSL_USE_CERTIFICATE_ASN1			 196
-#define SSL_F_SSL_USE_CERTIFICATE_FILE			 197
-#define SSL_F_SSL_USE_PRIVATEKEY			 198
-#define SSL_F_SSL_USE_PRIVATEKEY_ASN1			 199
-#define SSL_F_SSL_USE_PRIVATEKEY_FILE			 200
-#define SSL_F_SSL_USE_RSAPRIVATEKEY			 201
-#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1		 202
-#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE		 203
-#define SSL_F_SSL_WRITE					 204
-#define SSL_F_TLS1_CHANGE_CIPHER_STATE			 205
-#define SSL_F_TLS1_ENC					 206
-#define SSL_F_TLS1_SETUP_KEY_BLOCK			 207
-#define SSL_F_WRITE_PENDING				 208
+#define SSL_F_SSL_CLEAR					 164
+#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD		 165
+#define SSL_F_SSL_CREATE_CIPHER_LIST			 166
+#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY			 168
+#define SSL_F_SSL_CTX_NEW				 169
+#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT		 219
+#define SSL_F_SSL_CTX_SET_SSL_VERSION			 170
+#define SSL_F_SSL_CTX_USE_CERTIFICATE			 171
+#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1		 172
+#define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE	 220
+#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE		 173
+#define SSL_F_SSL_CTX_USE_PRIVATEKEY			 174
+#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1		 175
+#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE		 176
+#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY			 177
+#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1		 178
+#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE		 179
+#define SSL_F_SSL_DO_HANDSHAKE				 180
+#define SSL_F_SSL_GET_NEW_SESSION			 181
+#define SSL_F_SSL_GET_PREV_SESSION			 217
+#define SSL_F_SSL_GET_SERVER_SEND_CERT			 182
+#define SSL_F_SSL_GET_SIGN_PKEY				 183
+#define SSL_F_SSL_INIT_WBIO_BUFFER			 184
+#define SSL_F_SSL_LOAD_CLIENT_CA_FILE			 185
+#define SSL_F_SSL_NEW					 186
+#define SSL_F_SSL_READ					 223
+#define SSL_F_SSL_RSA_PRIVATE_DECRYPT			 187
+#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT			 188
+#define SSL_F_SSL_SESSION_NEW				 189
+#define SSL_F_SSL_SESSION_PRINT_FP			 190
+#define SSL_F_SSL_SESS_CERT_NEW				 225
+#define SSL_F_SSL_SET_CERT				 191
+#define SSL_F_SSL_SET_FD				 192
+#define SSL_F_SSL_SET_PKEY				 193
+#define SSL_F_SSL_SET_RFD				 194
+#define SSL_F_SSL_SET_SESSION				 195
+#define SSL_F_SSL_SET_SESSION_ID_CONTEXT		 218
+#define SSL_F_SSL_SET_WFD				 196
+#define SSL_F_SSL_SHUTDOWN				 224
+#define SSL_F_SSL_UNDEFINED_FUNCTION			 197
+#define SSL_F_SSL_USE_CERTIFICATE			 198
+#define SSL_F_SSL_USE_CERTIFICATE_ASN1			 199
+#define SSL_F_SSL_USE_CERTIFICATE_FILE			 200
+#define SSL_F_SSL_USE_PRIVATEKEY			 201
+#define SSL_F_SSL_USE_PRIVATEKEY_ASN1			 202
+#define SSL_F_SSL_USE_PRIVATEKEY_FILE			 203
+#define SSL_F_SSL_USE_RSAPRIVATEKEY			 204
+#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1		 205
+#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE		 206
+#define SSL_F_SSL_VERIFY_CERT_CHAIN			 207
+#define SSL_F_SSL_WRITE					 208
+#define SSL_F_TLS1_CHANGE_CIPHER_STATE			 209
+#define SSL_F_TLS1_ENC					 210
+#define SSL_F_TLS1_SETUP_KEY_BLOCK			 211
+#define SSL_F_WRITE_PENDING				 212
 
 /* Reason codes. */
 #define SSL_R_APP_DATA_IN_HANDSHAKE			 100
+#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
 #define SSL_R_BAD_ALERT_RECORD				 101
 #define SSL_R_BAD_AUTHENTICATION_TYPE			 102
 #define SSL_R_BAD_CHANGE_CIPHER_SPEC			 103
@@ -1282,6 +1290,7 @@ int SSL_CTX_get_ex_new_index();
 #define SSL_R_BAD_DH_P_LENGTH				 110
 #define SSL_R_BAD_DIGEST_LENGTH				 111
 #define SSL_R_BAD_DSA_SIGNATURE				 112
+#define SSL_R_BAD_LENGTH				 271
 #define SSL_R_BAD_MAC_DECODE				 113
 #define SSL_R_BAD_MESSAGE_TYPE				 114
 #define SSL_R_BAD_PACKET_LENGTH				 115
@@ -1311,83 +1320,90 @@ int SSL_CTX_get_ex_new_index();
 #define SSL_R_CIPHER_TABLE_SRC_ERROR			 139
 #define SSL_R_COMPRESSED_LENGTH_TOO_LONG		 140
 #define SSL_R_COMPRESSION_FAILURE			 141
-#define SSL_R_CONNECTION_ID_IS_DIFFERENT		 142
-#define SSL_R_CONNECTION_TYPE_NOT_SET			 143
-#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED		 144
-#define SSL_R_DATA_LENGTH_TOO_LONG			 145
-#define SSL_R_DECRYPTION_FAILED				 146
-#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG		 147
-#define SSL_R_DIGEST_CHECK_FAILED			 148
-#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG			 149
-#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST		 150
-#define SSL_R_EXCESSIVE_MESSAGE_SIZE			 151
-#define SSL_R_EXTRA_DATA_IN_MESSAGE			 152
-#define SSL_R_GOT_A_FIN_BEFORE_A_CCS			 153
-#define SSL_R_HTTPS_PROXY_REQUEST			 154
-#define SSL_R_HTTP_REQUEST				 155
-#define SSL_R_INTERNAL_ERROR				 156
-#define SSL_R_INVALID_CHALLENGE_LENGTH			 157
-#define SSL_R_LENGTH_MISMATCH				 158
-#define SSL_R_LENGTH_TOO_SHORT				 159
-#define SSL_R_LIBRARY_HAS_NO_CIPHERS			 160
-#define SSL_R_MISSING_DH_DSA_CERT			 161
-#define SSL_R_MISSING_DH_KEY				 162
-#define SSL_R_MISSING_DH_RSA_CERT			 163
-#define SSL_R_MISSING_DSA_SIGNING_CERT			 164
-#define SSL_R_MISSING_EXPORT_TMP_DH_KEY			 165
-#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY		 166
-#define SSL_R_MISSING_RSA_CERTIFICATE			 167
-#define SSL_R_MISSING_RSA_ENCRYPTING_CERT		 168
-#define SSL_R_MISSING_RSA_SIGNING_CERT			 169
-#define SSL_R_MISSING_TMP_DH_KEY			 170
-#define SSL_R_MISSING_TMP_RSA_KEY			 171
-#define SSL_R_MISSING_TMP_RSA_PKEY			 172
-#define SSL_R_MISSING_VERIFY_MESSAGE			 173
-#define SSL_R_NON_SSLV2_INITIAL_PACKET			 174
-#define SSL_R_NO_CERTIFICATES_RETURNED			 175
-#define SSL_R_NO_CERTIFICATE_ASSIGNED			 176
-#define SSL_R_NO_CERTIFICATE_RETURNED			 177
-#define SSL_R_NO_CERTIFICATE_SET			 178
-#define SSL_R_NO_CERTIFICATE_SPECIFIED			 179
-#define SSL_R_NO_CIPHERS_AVAILABLE			 180
-#define SSL_R_NO_CIPHERS_PASSED				 181
-#define SSL_R_NO_CIPHERS_SPECIFIED			 182
-#define SSL_R_NO_CIPHER_LIST				 183
-#define SSL_R_NO_CIPHER_MATCH				 184
-#define SSL_R_NO_CLIENT_CERT_RECEIVED			 185
-#define SSL_R_NO_COMPRESSION_SPECIFIED			 186
-#define SSL_R_NO_PRIVATEKEY				 187
-#define SSL_R_NO_PRIVATE_KEY_ASSIGNED			 188
-#define SSL_R_NO_PROTOCOLS_AVAILABLE			 189
-#define SSL_R_NO_PUBLICKEY				 190
-#define SSL_R_NO_SHARED_CIPHER				 191
-#define SSL_R_NULL_SSL_CTX				 192
-#define SSL_R_NULL_SSL_METHOD_PASSED			 193
-#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED		 194
-#define SSL_R_PACKET_LENGTH_TOO_LONG			 195
-#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE		 196
-#define SSL_R_PEER_ERROR				 197
-#define SSL_R_PEER_ERROR_CERTIFICATE			 198
-#define SSL_R_PEER_ERROR_NO_CERTIFICATE			 199
-#define SSL_R_PEER_ERROR_NO_CIPHER			 200
-#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE	 201
-#define SSL_R_PRE_MAC_LENGTH_TOO_LONG			 202
-#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS		 203
-#define SSL_R_PROTOCOL_IS_SHUTDOWN			 204
-#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR			 205
-#define SSL_R_PUBLIC_KEY_IS_NOT_RSA			 206
-#define SSL_R_PUBLIC_KEY_NOT_RSA			 207
-#define SSL_R_READ_BIO_NOT_SET				 208
-#define SSL_R_READ_WRONG_PACKET_TYPE			 209
-#define SSL_R_RECORD_LENGTH_MISMATCH			 210
-#define SSL_R_RECORD_TOO_LARGE				 211
-#define SSL_R_REQUIRED_CIPHER_MISSING			 212
-#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO		 213
-#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO			 214
-#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO		 215
-#define SSL_R_SHORT_READ				 216
-#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE	 217
-#define SSL_R_SSL3_SESSION_ID_TOO_SHORT			 218
+#define SSL_R_COMPRESSION_LIBRARY_ERROR			 142
+#define SSL_R_CONNECTION_ID_IS_DIFFERENT		 143
+#define SSL_R_CONNECTION_TYPE_NOT_SET			 144
+#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED		 145
+#define SSL_R_DATA_LENGTH_TOO_LONG			 146
+#define SSL_R_DECRYPTION_FAILED				 147
+#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG		 148
+#define SSL_R_DIGEST_CHECK_FAILED			 149
+#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG			 150
+#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST		 151
+#define SSL_R_EXCESSIVE_MESSAGE_SIZE			 152
+#define SSL_R_EXTRA_DATA_IN_MESSAGE			 153
+#define SSL_R_GOT_A_FIN_BEFORE_A_CCS			 154
+#define SSL_R_HTTPS_PROXY_REQUEST			 155
+#define SSL_R_HTTP_REQUEST				 156
+#define SSL_R_INTERNAL_ERROR				 157
+#define SSL_R_INVALID_CHALLENGE_LENGTH			 158
+#define SSL_R_LENGTH_MISMATCH				 159
+#define SSL_R_LENGTH_TOO_SHORT				 160
+#define SSL_R_LIBRARY_BUG				 274
+#define SSL_R_LIBRARY_HAS_NO_CIPHERS			 161
+#define SSL_R_MISSING_DH_DSA_CERT			 162
+#define SSL_R_MISSING_DH_KEY				 163
+#define SSL_R_MISSING_DH_RSA_CERT			 164
+#define SSL_R_MISSING_DSA_SIGNING_CERT			 165
+#define SSL_R_MISSING_EXPORT_TMP_DH_KEY			 166
+#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY		 167
+#define SSL_R_MISSING_RSA_CERTIFICATE			 168
+#define SSL_R_MISSING_RSA_ENCRYPTING_CERT		 169
+#define SSL_R_MISSING_RSA_SIGNING_CERT			 170
+#define SSL_R_MISSING_TMP_DH_KEY			 171
+#define SSL_R_MISSING_TMP_RSA_KEY			 172
+#define SSL_R_MISSING_TMP_RSA_PKEY			 173
+#define SSL_R_MISSING_VERIFY_MESSAGE			 174
+#define SSL_R_NON_SSLV2_INITIAL_PACKET			 175
+#define SSL_R_NO_CERTIFICATES_RETURNED			 176
+#define SSL_R_NO_CERTIFICATE_ASSIGNED			 177
+#define SSL_R_NO_CERTIFICATE_RETURNED			 178
+#define SSL_R_NO_CERTIFICATE_SET			 179
+#define SSL_R_NO_CERTIFICATE_SPECIFIED			 180
+#define SSL_R_NO_CIPHERS_AVAILABLE			 181
+#define SSL_R_NO_CIPHERS_PASSED				 182
+#define SSL_R_NO_CIPHERS_SPECIFIED			 183
+#define SSL_R_NO_CIPHER_LIST				 184
+#define SSL_R_NO_CIPHER_MATCH				 185
+#define SSL_R_NO_CLIENT_CERT_RECEIVED			 186
+#define SSL_R_NO_COMPRESSION_SPECIFIED			 187
+#define SSL_R_NO_METHOD_SPECIFIED			 188
+#define SSL_R_NO_PRIVATEKEY				 189
+#define SSL_R_NO_PRIVATE_KEY_ASSIGNED			 190
+#define SSL_R_NO_PROTOCOLS_AVAILABLE			 191
+#define SSL_R_NO_PUBLICKEY				 192
+#define SSL_R_NO_SHARED_CIPHER				 193
+#define SSL_R_NO_VERIFY_CALLBACK			 194
+#define SSL_R_NULL_SSL_CTX				 195
+#define SSL_R_NULL_SSL_METHOD_PASSED			 196
+#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED		 197
+#define SSL_R_PACKET_LENGTH_TOO_LONG			 198
+#define SSL_R_PATH_TOO_LONG				 270
+#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE		 199
+#define SSL_R_PEER_ERROR				 200
+#define SSL_R_PEER_ERROR_CERTIFICATE			 201
+#define SSL_R_PEER_ERROR_NO_CERTIFICATE			 202
+#define SSL_R_PEER_ERROR_NO_CIPHER			 203
+#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE	 204
+#define SSL_R_PRE_MAC_LENGTH_TOO_LONG			 205
+#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS		 206
+#define SSL_R_PROTOCOL_IS_SHUTDOWN			 207
+#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR			 208
+#define SSL_R_PUBLIC_KEY_IS_NOT_RSA			 209
+#define SSL_R_PUBLIC_KEY_NOT_RSA			 210
+#define SSL_R_READ_BIO_NOT_SET				 211
+#define SSL_R_READ_WRONG_PACKET_TYPE			 212
+#define SSL_R_RECORD_LENGTH_MISMATCH			 213
+#define SSL_R_RECORD_TOO_LARGE				 214
+#define SSL_R_REQUIRED_CIPHER_MISSING			 215
+#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO		 216
+#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO			 217
+#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO		 218
+#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED		 277
+#define SSL_R_SHORT_READ				 219
+#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE	 220
+#define SSL_R_SSL23_DOING_SESSION_ID_REUSE		 221
+#define SSL_R_SSL3_SESSION_ID_TOO_SHORT			 222
 #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE		 1042
 #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC		 1020
 #define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED		 1045
@@ -1397,55 +1413,70 @@ int SSL_CTX_get_ex_new_index();
 #define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE		 1040
 #define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER		 1047
 #define SSL_R_SSLV3_ALERT_NO_CERTIFICATE		 1041
-#define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE	 219
-#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE	 220
-#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER		 221
-#define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 222
+#define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE	 223
+#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE	 224
+#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER		 225
+#define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 226
 #define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE		 1010
-#define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE	 223
+#define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE	 227
 #define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE	 1043
-#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION	 224
-#define SSL_R_SSL_HANDSHAKE_FAILURE			 225
-#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS		 226
-#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT		 227
-#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER	 228
-#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 229
-#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG	 230
-#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER		 231
-#define SSL_R_UNABLE_TO_DECODE_DH_CERTS			 232
-#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY		 233
-#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS		 234
-#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS	 235
-#define SSL_R_UNABLE_TO_FIND_SSL_METHOD			 236
-#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES		 237
-#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES		 238
-#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES		 239
-#define SSL_R_UNEXPECTED_MESSAGE			 240
-#define SSL_R_UNEXPECTED_RECORD				 241
-#define SSL_R_UNKNOWN_ALERT_TYPE			 242
-#define SSL_R_UNKNOWN_CERTIFICATE_TYPE			 243
-#define SSL_R_UNKNOWN_CIPHER_RETURNED			 244
-#define SSL_R_UNKNOWN_CIPHER_TYPE			 245
-#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE			 246
-#define SSL_R_UNKNOWN_PKEY_TYPE				 247
-#define SSL_R_UNKNOWN_PROTOCOL				 248
-#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE			 249
-#define SSL_R_UNKNOWN_SSL_VERSION			 250
-#define SSL_R_UNKNOWN_STATE				 251
-#define SSL_R_UNSUPPORTED_CIPHER			 252
-#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM		 253
-#define SSL_R_UNSUPPORTED_PROTOCOL			 254
-#define SSL_R_UNSUPPORTED_SSL_VERSION			 255
-#define SSL_R_WRITE_BIO_NOT_SET				 256
-#define SSL_R_WRONG_CIPHER_RETURNED			 257
-#define SSL_R_WRONG_MESSAGE_TYPE			 258
-#define SSL_R_WRONG_NUMBER_OF_KEY_BITS			 259
-#define SSL_R_WRONG_SIGNATURE_LENGTH			 260
-#define SSL_R_WRONG_SIGNATURE_SIZE			 261
-#define SSL_R_WRONG_SSL_VERSION				 262
-#define SSL_R_WRONG_VERSION_NUMBER			 263
-#define SSL_R_X509_LIB					 264
- 
+#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION	 228
+#define SSL_R_SSL_HANDSHAKE_FAILURE			 229
+#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS		 230
+#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG		 273
+#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT		 231
+#define SSL_R_TLSV1_ALERT_ACCESS_DENIED			 1049
+#define SSL_R_TLSV1_ALERT_DECODE_ERROR			 1050
+#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED		 1021
+#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR			 1051
+#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICION		 1060
+#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY		 1071
+#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR		 1080
+#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION		 1100
+#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION		 1070
+#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW		 1022
+#define SSL_R_TLSV1_ALERT_UNKNOWN_CA			 1048
+#define SSL_R_TLSV1_ALERT_USER_CANCLED			 1090
+#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER	 232
+#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
+#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG	 234
+#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER		 235
+#define SSL_R_UNABLE_TO_DECODE_DH_CERTS			 236
+#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY		 237
+#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS		 238
+#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS	 239
+#define SSL_R_UNABLE_TO_FIND_SSL_METHOD			 240
+#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES		 241
+#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES		 242
+#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES		 243
+#define SSL_R_UNEXPECTED_MESSAGE			 244
+#define SSL_R_UNEXPECTED_RECORD				 245
+#define SSL_R_UNINITIALIZED				 276
+#define SSL_R_UNKNOWN_ALERT_TYPE			 246
+#define SSL_R_UNKNOWN_CERTIFICATE_TYPE			 247
+#define SSL_R_UNKNOWN_CIPHER_RETURNED			 248
+#define SSL_R_UNKNOWN_CIPHER_TYPE			 249
+#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE			 250
+#define SSL_R_UNKNOWN_PKEY_TYPE				 251
+#define SSL_R_UNKNOWN_PROTOCOL				 252
+#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE			 253
+#define SSL_R_UNKNOWN_SSL_VERSION			 254
+#define SSL_R_UNKNOWN_STATE				 255
+#define SSL_R_UNSUPPORTED_CIPHER			 256
+#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM		 257
+#define SSL_R_UNSUPPORTED_PROTOCOL			 258
+#define SSL_R_UNSUPPORTED_SSL_VERSION			 259
+#define SSL_R_WRITE_BIO_NOT_SET				 260
+#define SSL_R_WRONG_CIPHER_RETURNED			 261
+#define SSL_R_WRONG_MESSAGE_TYPE			 262
+#define SSL_R_WRONG_NUMBER_OF_KEY_BITS			 263
+#define SSL_R_WRONG_SIGNATURE_LENGTH			 264
+#define SSL_R_WRONG_SIGNATURE_SIZE			 265
+#define SSL_R_WRONG_SSL_VERSION				 266
+#define SSL_R_WRONG_VERSION_NUMBER			 267
+#define SSL_R_X509_LIB					 268
+#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS		 269
+
 #ifdef  __cplusplus
 }
 #endif
diff --git a/lib/libssl/src/ssl/ssl2.h b/lib/libssl/src/ssl/ssl2.h
index 3dc94e520bb..d7f24ac1b4e 100644
--- a/lib/libssl/src/ssl/ssl2.h
+++ b/lib/libssl/src/ssl/ssl2.h
@@ -67,8 +67,8 @@ extern "C" {
 #define SSL2_VERSION		0x0002
 #define SSL2_VERSION_MAJOR	0x00
 #define SSL2_VERSION_MINOR	0x02
-#define SSL2_CLIENT_VERSION	0x0002
-#define SSL2_SERVER_VERSION	0x0002
+/* #define SSL2_CLIENT_VERSION	0x0002 */
+/* #define SSL2_SERVER_VERSION	0x0002 */
 
 /* Protocol Message Codes */
 #define SSL2_MT_ERROR			0
@@ -162,7 +162,7 @@ typedef struct ssl2_ctx_st
 	 * args were passwd */
 	unsigned int wnum;	/* number of bytes sent so far */
 	int wpend_tot;
-	char *wpend_buf;
+	const unsigned char *wpend_buf;
 
 	int wpend_off;	/* offset to data to write */
 	int wpend_len; 	/* number of bytes passwd to write */
diff --git a/lib/libssl/src/ssl/ssl3.h b/lib/libssl/src/ssl/ssl3.h
index 95772eef60c..2a9714fc19b 100644
--- a/lib/libssl/src/ssl/ssl3.h
+++ b/lib/libssl/src/ssl/ssl3.h
@@ -59,7 +59,9 @@
 #ifndef HEADER_SSL3_H 
 #define HEADER_SSL3_H 
 
-#include "buffer.h"
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+#include <openssl/ssl.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -208,7 +210,7 @@ typedef struct ssl3_record_st
 /*r */	unsigned int off;	/* read/write offset into 'buf' */
 /*rw*/	unsigned char *data;	/* pointer to the record data */
 /*rw*/	unsigned char *input;	/* where the decode bytes are */
-/*rw*/	unsigned char *comp;	/* only used with decompression */
+/*r */	unsigned char *comp;	/* only used with decompression - malloc()ed */
 	} SSL3_RECORD;
 
 typedef struct ssl3_buffer_st
@@ -220,10 +222,6 @@ typedef struct ssl3_buffer_st
 /*rw*/	unsigned char *buf;	/* SSL3_RT_MAX_PACKET_SIZE bytes */
 	} SSL3_BUFFER;
 
-typedef struct ssl3_compression_st {
-	int nothing;
-	} SSL3_COMPRESSION;
-
 #define SSL3_CT_RSA_SIGN			1
 #define SSL3_CT_DSS_SIGN			2
 #define SSL3_CT_RSA_FIXED_DH			3
@@ -236,7 +234,7 @@ typedef struct ssl3_compression_st {
 #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS	0x0001
 #define SSL3_FLAGS_DELAY_CLIENT_FINISHED	0x0002
 #define SSL3_FLAGS_POP_BUFFER			0x0004
-#define	TLS1_FLAGS_TLS_PADDING_BUG		0x0008
+#define TLS1_FLAGS_TLS_PADDING_BUG		0x0008
 
 #if 0
 #define AD_CLOSE_NOTIFY			0
@@ -290,7 +288,7 @@ typedef struct ssl3_ctx_st
 	int wpend_tot;		/* number bytes written */
 	int wpend_type;
 	int wpend_ret;		/* number of bytes submitted */
-	char *wpend_buf;
+	const unsigned char *wpend_buf;
 
 	/* used during startup, digest all incoming/outgoing packets */
 	EVP_MD_CTX finish_dgst1;
@@ -305,7 +303,7 @@ typedef struct ssl3_ctx_st
 	/* we alow one fatal and one warning alert to be outstanding,
 	 * send close alert via the warning alert */
 	int alert_dispatch;
-	char send_alert[2];
+	unsigned char send_alert[2];
 
 	/* This flag is set when we should renegotiate ASAP, basically when
 	 * there is no more data in the read or write buffers */
@@ -324,8 +322,9 @@ typedef struct ssl3_ctx_st
 
 		/* used to hold the new cipher we are going to use */
 		SSL_CIPHER *new_cipher;
+#ifndef NO_DH
 		DH *dh;
-
+#endif
 		/* used when SSL_ST_FLUSH_DATA is entered */
 		int next_state;			
 
@@ -335,18 +334,23 @@ typedef struct ssl3_ctx_st
 		int cert_req;
 		int ctype_num;
 		char ctype[SSL3_CT_NUMBER];
-		STACK *ca_names;
+		STACK_OF(X509_NAME) *ca_names;
 
 		int use_rsa_tmp;
 
 		int key_block_length;
 		unsigned char *key_block;
 
-		EVP_CIPHER *new_sym_enc;
-		EVP_MD *new_hash;
-		SSL_COMPRESSION *new_compression;
+		const EVP_CIPHER *new_sym_enc;
+		const EVP_MD *new_hash;
+#ifdef HEADER_COMP_H
+		const SSL_COMP *new_compression;
+#else
+		char *new_compression;
+#endif
 		int cert_request;
 		} tmp;
+
 	} SSL3_CTX;
 
 /* SSLv3 */
diff --git a/lib/libssl/src/ssl/ssl_algs.c b/lib/libssl/src/ssl/ssl_algs.c
index 65f3a593869..a91ee6d22e4 100644
--- a/lib/libssl/src/ssl/ssl_algs.c
+++ b/lib/libssl/src/ssl/ssl_algs.c
@@ -57,11 +57,11 @@
  */
 
 #include <stdio.h>
-#include "objects.h"
-#include "lhash.h"
+#include <openssl/objects.h>
+#include <openssl/lhash.h>
 #include "ssl_locl.h"
 
-void SSLeay_add_ssl_algorithms()
+int SSL_library_init(void)
 	{
 #ifndef NO_DES
 	EVP_add_cipher(EVP_des_cbc());
@@ -71,25 +71,25 @@ void SSLeay_add_ssl_algorithms()
 	EVP_add_cipher(EVP_idea_cbc());
 #endif
 #ifndef NO_RC4
-        EVP_add_cipher(EVP_rc4());
+	EVP_add_cipher(EVP_rc4());
 #endif  
 #ifndef NO_RC2
-        EVP_add_cipher(EVP_rc2_cbc());
+	EVP_add_cipher(EVP_rc2_cbc());
 #endif  
 
 #ifndef NO_MD2
-        EVP_add_digest(EVP_md2());
+	EVP_add_digest(EVP_md2());
 #endif
 #ifndef NO_MD5
 	EVP_add_digest(EVP_md5());
-	EVP_add_alias(SN_md5,"ssl2-md5");
-	EVP_add_alias(SN_md5,"ssl3-md5");
+	EVP_add_digest_alias(SN_md5,"ssl2-md5");
+	EVP_add_digest_alias(SN_md5,"ssl3-md5");
 #endif
-#ifndef NO_SHA1
+#ifndef NO_SHA
 	EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
-	EVP_add_alias(SN_sha1,"ssl3-sha1");
+	EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
 #endif
-#if !defined(NO_SHA1) && !defined(NO_DSA)
+#if !defined(NO_SHA) && !defined(NO_DSA)
 	EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
 #endif
 
@@ -98,5 +98,6 @@ void SSLeay_add_ssl_algorithms()
 	EVP_add_digest(EVP_sha());
 	EVP_add_digest(EVP_dss());
 #endif
+	return(1);
 	}
 
diff --git a/lib/libssl/src/ssl/ssl_asn1.c b/lib/libssl/src/ssl/ssl_asn1.c
index 116a83de645..0f6a0884e4a 100644
--- a/lib/libssl/src/ssl/ssl_asn1.c
+++ b/lib/libssl/src/ssl/ssl_asn1.c
@@ -58,8 +58,8 @@
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "asn1_mac.h"
-#include "objects.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/objects.h>
 #include "ssl_locl.h"
 
 typedef struct ssl_session_asn1_st
@@ -69,22 +69,16 @@ typedef struct ssl_session_asn1_st
 	ASN1_OCTET_STRING cipher;
 	ASN1_OCTET_STRING master_key;
 	ASN1_OCTET_STRING session_id;
+	ASN1_OCTET_STRING session_id_context;
 	ASN1_OCTET_STRING key_arg;
 	ASN1_INTEGER time;
 	ASN1_INTEGER timeout;
 	} SSL_SESSION_ASN1;
 
-/*
- * SSLerr(SSL_F_I2D_SSL_SESSION,SSL_R_CIPHER_CODE_WRONG_LENGTH);
- * SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_UNSUPPORTED_CIPHER);
- */
-
-int i2d_SSL_SESSION(in,pp)
-SSL_SESSION *in;
-unsigned char **pp;
+int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
 	{
 #define LSIZE2 (sizeof(long)*2)
-	int v1=0,v2=0,v3=0;
+	int v1=0,v2=0,v3=0,v4=0;
 	unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2];
 	unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2];
 	long l;
@@ -138,6 +132,10 @@ unsigned char **pp;
 	a.session_id.type=V_ASN1_OCTET_STRING;
 	a.session_id.data=in->session_id;
 
+	a.session_id_context.length=in->sid_ctx_length;
+	a.session_id_context.type=V_ASN1_OCTET_STRING;
+	a.session_id_context.data=in->sid_ctx;
+
 	a.key_arg.length=in->key_arg_length;
 	a.key_arg.type=V_ASN1_OCTET_STRING;
 	a.key_arg.data=in->key_arg;
@@ -171,6 +169,7 @@ unsigned char **pp;
 		M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
 	if (in->peer != NULL)
 		M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3);
+	M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4);
 
 	M_ASN1_I2D_seq_total();
 
@@ -187,14 +186,14 @@ unsigned char **pp;
 		M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
 	if (in->peer != NULL)
 		M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3);
+	M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,
+			       v4);
 
 	M_ASN1_I2D_finish();
 	}
 
-SSL_SESSION *d2i_SSL_SESSION(a,pp,length)
-SSL_SESSION **a;
-unsigned char **pp;
-long length;
+SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
+	     long length)
 	{
 	int version,ssl_version=0,i;
 	long id;
@@ -308,6 +307,21 @@ long length;
 		}
 	M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3);
 
+	os.length=0;
+	os.data=NULL;
+	M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,4);
+
+	if(os.data != NULL)
+	    {
+	    if (os.length > SSL_MAX_SID_CTX_LENGTH)
+		SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_BAD_LENGTH);
+	    ret->sid_ctx_length=os.length;
+	    memcpy(ret->sid_ctx,os.data,os.length);
+	    Free(os.data); os.data=NULL; os.length=0;
+	    }
+	else
+	    ret->sid_ctx_length=0;
+
 	M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION);
 	}
 
diff --git a/lib/libssl/src/ssl/ssl_cert.c b/lib/libssl/src/ssl/ssl_cert.c
index c1cb86e1b7d..6d2511f76c2 100644
--- a/lib/libssl/src/ssl/ssl_cert.c
+++ b/lib/libssl/src/ssl/ssl_cert.c
@@ -1,4 +1,4 @@
-/* ssl/ssl_cert.c */
+/*! \file ssl/ssl_cert.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -55,14 +55,82 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
 
 #include <stdio.h>
-#include "objects.h"
-#include "bio.h"
-#include "pem.h"
+#include <sys/types.h>
+#if !defined(WIN32) && !defined(VSM) && !defined(NeXT)
+#include <dirent.h>
+#endif
+#ifdef NeXT
+#include <sys/dir.h>
+#define dirent direct
+#endif
+#include <openssl/objects.h>
+#include <openssl/bio.h>
+#include <openssl/pem.h>
 #include "ssl_locl.h"
 
-CERT *ssl_cert_new()
+int SSL_get_ex_data_X509_STORE_CTX_idx(void)
+	{
+	static int ssl_x509_store_ctx_idx= -1;
+
+	if (ssl_x509_store_ctx_idx < 0)
+		{
+		ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index(
+			0,"SSL for verify callback",NULL,NULL,NULL);
+		}
+	return(ssl_x509_store_ctx_idx);
+	}
+
+CERT *ssl_cert_new(void)
 	{
 	CERT *ret;
 
@@ -73,14 +141,6 @@ CERT *ssl_cert_new()
 		return(NULL);
 		}
 	memset(ret,0,sizeof(CERT));
-/*
-	ret->valid=0;
-	ret->mask=0;
-	ret->export_mask=0;
-	ret->cert_type=0;
-	ret->key->x509=NULL;
-	ret->key->publickey=NULL;
-	ret->key->privatekey=NULL; */
 
 	ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]);
 	ret->references=1;
@@ -88,11 +148,132 @@ CERT *ssl_cert_new()
 	return(ret);
 	}
 
-void ssl_cert_free(c)
-CERT *c;
+CERT *ssl_cert_dup(CERT *cert)
+	{
+	CERT *ret;
+	int i;
+
+	ret = (CERT *)Malloc(sizeof(CERT));
+	if (ret == NULL)
+		{
+		SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+
+	memset(ret, 0, sizeof(CERT));
+
+	ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]];
+	/* or ret->key = ret->pkeys + (cert->key - cert->pkeys),
+	 * if you find that more readable */
+
+	ret->valid = cert->valid;
+	ret->mask = cert->mask;
+	ret->export_mask = cert->export_mask;
+
+#ifndef NO_RSA
+	if (cert->rsa_tmp != NULL)
+		{
+		ret->rsa_tmp = cert->rsa_tmp;
+		CRYPTO_add(&ret->rsa_tmp->references, 1, CRYPTO_LOCK_RSA);
+		}
+	ret->rsa_tmp_cb = cert->rsa_tmp_cb;
+#endif
+
+#ifndef NO_DH
+	if (cert->dh_tmp != NULL)
+		{
+		/* DH parameters don't have a reference count (and cannot
+		 * reasonably be shared anyway, as the secret exponent may
+		 * be created just when it is needed -- earlier library
+		 * versions did not pay attention to this) */
+		ret->dh_tmp = DHparams_dup(cert->dh_tmp);
+		if (ret->dh_tmp == NULL)
+			{
+			SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_DH_LIB);
+			goto err;
+			}
+		}
+	ret->dh_tmp_cb = cert->dh_tmp_cb;
+#endif
+
+	for (i = 0; i < SSL_PKEY_NUM; i++)
+		{
+		if (cert->pkeys[i].x509 != NULL)
+			{
+			ret->pkeys[i].x509 = cert->pkeys[i].x509;
+			CRYPTO_add(&ret->pkeys[i].x509->references, 1,
+				CRYPTO_LOCK_X509);
+			}
+		
+		if (cert->pkeys[i].privatekey != NULL)
+			{
+			ret->pkeys[i].privatekey = cert->pkeys[i].privatekey;
+			CRYPTO_add(&ret->pkeys[i].privatekey->references, 1,
+				CRYPTO_LOCK_EVP_PKEY);
+
+			switch(i) 
+				{
+				/* If there was anything special to do for
+				 * certain types of keys, we'd do it here.
+				 * (Nothing at the moment, I think.) */
+
+			case SSL_PKEY_RSA_ENC:
+			case SSL_PKEY_RSA_SIGN:
+				/* We have an RSA key. */
+				break;
+				
+			case SSL_PKEY_DSA_SIGN:
+				/* We have a DSA key. */
+				break;
+				
+			case SSL_PKEY_DH_RSA:
+			case SSL_PKEY_DH_DSA:
+				/* We have a DH key. */
+				break;
+				
+			default:
+				/* Can't happen. */
+				SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG);
+				}
+			}
+		}
+	
+	/* ret->extra_certs *should* exist, but currently the own certificate
+	 * chain is held inside SSL_CTX */
+
+	ret->references=1;
+
+	return(ret);
+	
+err:
+#ifndef NO_RSA
+	if (ret->rsa_tmp != NULL)
+		RSA_free(ret->rsa_tmp);
+#endif
+#ifndef NO_DH
+	if (ret->dh_tmp != NULL)
+		DH_free(ret->dh_tmp);
+#endif
+
+	for (i = 0; i < SSL_PKEY_NUM; i++)
+		{
+		if (ret->pkeys[i].x509 != NULL)
+			X509_free(ret->pkeys[i].x509);
+		if (ret->pkeys[i].privatekey != NULL)
+			EVP_PKEY_free(ret->pkeys[i].privatekey);
+		}
+
+	return NULL;
+	}
+
+
+void ssl_cert_free(CERT *c)
 	{
 	int i;
 
+	if(c == NULL)
+	    return;
+
 	i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT);
 #ifdef REF_PRINT
 	REF_PRINT("CERT",c);
@@ -124,97 +305,188 @@ CERT *c;
 			EVP_PKEY_free(c->pkeys[i].publickey);
 #endif
 		}
-	if (c->cert_chain != NULL)
-		sk_pop_free(c->cert_chain,X509_free);
 	Free(c);
 	}
 
-int ssl_set_cert_type(c, type)
-CERT *c;
-int type;
+int ssl_cert_inst(CERT **o)
 	{
-	c->cert_type=type;
+	/* Create a CERT if there isn't already one
+	 * (which cannot really happen, as it is initially created in
+	 * SSL_CTX_new; but the earlier code usually allows for that one
+	 * being non-existant, so we follow that behaviour, as it might
+	 * turn out that there actually is a reason for it -- but I'm
+	 * not sure that *all* of the existing code could cope with
+	 * s->cert being NULL, otherwise we could do without the
+	 * initialization in SSL_CTX_new).
+	 */
+	
+	if (o == NULL) 
+		{
+		SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER);
+		return(0);
+		}
+	if (*o == NULL)
+		{
+		if ((*o = ssl_cert_new()) == NULL)
+			{
+			SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE);
+			return(0);
+			}
+		}
+	return(1);
+	}
+
+
+SESS_CERT *ssl_sess_cert_new(void)
+	{
+	SESS_CERT *ret;
+
+	ret = Malloc(sizeof *ret);
+	if (ret == NULL)
+		{
+		SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE);
+		return NULL;
+		}
+
+	memset(ret, 0 ,sizeof *ret);
+	ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]);
+	ret->references = 1;
+
+	return ret;
+	}
+
+void ssl_sess_cert_free(SESS_CERT *sc)
+	{
+	int i;
+
+	if (sc == NULL)
+		return;
+
+	i = CRYPTO_add(&sc->references, -1, CRYPTO_LOCK_SSL_SESS_CERT);
+#ifdef REF_PRINT
+	REF_PRINT("SESS_CERT", sc);
+#endif
+	if (i > 0)
+		return;
+#ifdef REF_CHECK
+	if (i < 0)
+		{
+		fprintf(stderr,"ssl_sess_cert_free, bad reference count\n");
+		abort(); /* ok */
+		}
+#endif
+
+	/* i == 0 */
+	if (sc->cert_chain != NULL)
+		sk_X509_pop_free(sc->cert_chain, X509_free);
+	for (i = 0; i < SSL_PKEY_NUM; i++)
+		{
+		if (sc->peer_pkeys[i].x509 != NULL)
+			X509_free(sc->peer_pkeys[i].x509);
+#if 0 /* We don't have the peer's private key.  These lines are just
+	   * here as a reminder that we're still using a not-quite-appropriate
+	   * data structure. */
+		if (sc->peer_pkeys[i].privatekey != NULL)
+			EVP_PKEY_free(sc->peer_pkeys[i].privatekey);
+#endif
+		}
+
+#ifndef NO_RSA
+	if (sc->peer_rsa_tmp != NULL)
+		RSA_free(sc->peer_rsa_tmp);
+#endif
+#ifndef NO_DH
+	if (sc->peer_dh_tmp != NULL)
+		DH_free(sc->peer_dh_tmp);
+#endif
+
+	Free(sc);
+	}
+
+int ssl_set_peer_cert_type(SESS_CERT *sc,int type)
+	{
+	sc->peer_cert_type = type;
 	return(1);
 	}
 
-int ssl_verify_cert_chain(s,sk)
-SSL *s;
-STACK *sk;
+int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
 	{
 	X509 *x;
 	int i;
 	X509_STORE_CTX ctx;
 
-	if ((sk == NULL) || (sk_num(sk) == 0))
+	if ((sk == NULL) || (sk_X509_num(sk) == 0))
 		return(0);
 
-	x=(X509 *)sk_value(sk,0);
+	x=sk_X509_value(sk,0);
 	X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk);
-	X509_STORE_CTX_set_app_data(&ctx,(char *)s);
+	if (SSL_get_verify_depth(s) >= 0)
+		X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
+	X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),
+		(char *)s);
 
 	if (s->ctx->app_verify_callback != NULL)
-		i=s->ctx->app_verify_callback(&ctx);
+		i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */
 	else
+		{
+#ifndef NO_X509_VERIFY
 		i=X509_verify_cert(&ctx);
+#else
+		i=0;
+		ctx.error=X509_V_ERR_APPLICATION_VERIFICATION;
+		SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,SSL_R_NO_VERIFY_CALLBACK);
+#endif
+		}
 
-	X509_STORE_CTX_cleanup(&ctx);
 	s->verify_result=ctx.error;
+	X509_STORE_CTX_cleanup(&ctx);
 
 	return(i);
 	}
 
-static void set_client_CA_list(ca_list,list)
-STACK **ca_list;
-STACK *list;
+static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *list)
 	{
 	if (*ca_list != NULL)
-		sk_pop_free(*ca_list,X509_NAME_free);
+		sk_X509_NAME_pop_free(*ca_list,X509_NAME_free);
 
 	*ca_list=list;
 	}
 
-STACK *SSL_dup_CA_list(sk)
-STACK *sk;
+STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
 	{
 	int i;
-	STACK *ret;
+	STACK_OF(X509_NAME) *ret;
 	X509_NAME *name;
 
-	ret=sk_new_null();
-	for (i=0; i<sk_num(sk); i++)
+	ret=sk_X509_NAME_new_null();
+	for (i=0; i<sk_X509_NAME_num(sk); i++)
 		{
-		name=X509_NAME_dup((X509_NAME *)sk_value(sk,i));
-		if ((name == NULL) || !sk_push(ret,(char *)name))
+		name=X509_NAME_dup(sk_X509_NAME_value(sk,i));
+		if ((name == NULL) || !sk_X509_NAME_push(ret,name))
 			{
-			sk_pop_free(ret,X509_NAME_free);
+			sk_X509_NAME_pop_free(ret,X509_NAME_free);
 			return(NULL);
 			}
 		}
 	return(ret);
 	}
 
-void SSL_set_client_CA_list(s,list)
-SSL *s;
-STACK *list;
+void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *list)
 	{
 	set_client_CA_list(&(s->client_CA),list);
 	}
 
-void SSL_CTX_set_client_CA_list(ctx,list)
-SSL_CTX *ctx;
-STACK *list;
+void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *list)
 	{
 	set_client_CA_list(&(ctx->client_CA),list);
 	}
 
-STACK *SSL_CTX_get_client_CA_list(ctx)
-SSL_CTX *ctx;
+STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx)
 	{
 	return(ctx->client_CA);
 	}
 
-STACK *SSL_get_client_CA_list(s)
-SSL *s;
+STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s)
 	{
 	if (s->type == SSL_ST_CONNECT)
 		{ /* we are in the client */
@@ -233,20 +505,18 @@ SSL *s;
 		}
 	}
 
-static int add_client_CA(sk,x)
-STACK **sk;
-X509 *x;
+static int add_client_CA(STACK_OF(X509_NAME) **sk,X509 *x)
 	{
 	X509_NAME *name;
 
 	if (x == NULL) return(0);
-	if ((*sk == NULL) && ((*sk=sk_new_null()) == NULL))
+	if ((*sk == NULL) && ((*sk=sk_X509_NAME_new_null()) == NULL))
 		return(0);
 		
 	if ((name=X509_NAME_dup(X509_get_subject_name(x))) == NULL)
 		return(0);
 
-	if (!sk_push(*sk,(char *)name))
+	if (!sk_X509_NAME_push(*sk,name))
 		{
 		X509_NAME_free(name);
 		return(0);
@@ -254,37 +524,39 @@ X509 *x;
 	return(1);
 	}
 
-int SSL_add_client_CA(ssl,x)
-SSL *ssl;
-X509 *x;
+int SSL_add_client_CA(SSL *ssl,X509 *x)
 	{
 	return(add_client_CA(&(ssl->client_CA),x));
 	}
 
-int SSL_CTX_add_client_CA(ctx,x)
-SSL_CTX *ctx;
-X509 *x;
+int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x)
 	{
 	return(add_client_CA(&(ctx->client_CA),x));
 	}
 
-static int name_cmp(a,b)
-X509_NAME **a,**b;
+static int name_cmp(X509_NAME **a,X509_NAME **b)
 	{
 	return(X509_NAME_cmp(*a,*b));
 	}
 
 #ifndef NO_STDIO
-STACK *SSL_load_client_CA_file(file)
-char *file;
+/*!
+ * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
+ * it doesn't really have anything to do with clients (except that a common use
+ * for a stack of CAs is to send it to the client). Actually, it doesn't have
+ * much to do with CAs, either, since it will load any old cert.
+ * \param file the file containing one or more certs.
+ * \return a ::STACK containing the certs.
+ */
+STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
 	{
 	BIO *in;
 	X509 *x=NULL;
 	X509_NAME *xn=NULL;
-	STACK *ret,*sk;
+	STACK_OF(X509_NAME) *ret,*sk;
 
-	ret=sk_new(NULL);
-	sk=sk_new(name_cmp);
+	ret=sk_X509_NAME_new(NULL);
+	sk=sk_X509_NAME_new(name_cmp);
 
 	in=BIO_new(BIO_s_file_internal());
 
@@ -299,31 +571,146 @@ char *file;
 
 	for (;;)
 		{
-		if (PEM_read_bio_X509(in,&x,NULL) == NULL)
+		if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
 			break;
 		if ((xn=X509_get_subject_name(x)) == NULL) goto err;
 		/* check for duplicates */
 		xn=X509_NAME_dup(xn);
 		if (xn == NULL) goto err;
-		if (sk_find(sk,(char *)xn) >= 0)
+		if (sk_X509_NAME_find(sk,xn) >= 0)
 			X509_NAME_free(xn);
 		else
 			{
-			sk_push(sk,(char *)xn);
-			sk_push(ret,(char *)xn);
+			sk_X509_NAME_push(sk,xn);
+			sk_X509_NAME_push(ret,xn);
 			}
 		}
 
 	if (0)
 		{
 err:
-		if (ret != NULL) sk_pop_free(ret,X509_NAME_free);
+		if (ret != NULL) sk_X509_NAME_pop_free(ret,X509_NAME_free);
 		ret=NULL;
 		}
-	if (sk != NULL) sk_free(sk);
+	if (sk != NULL) sk_X509_NAME_free(sk);
 	if (in != NULL) BIO_free(in);
 	if (x != NULL) X509_free(x);
 	return(ret);
 	}
 #endif
 
+/*!
+ * Add a file of certs to a stack.
+ * \param stack the stack to add to.
+ * \param file the file to add from. All certs in this file that are not
+ * already in the stack will be added.
+ * \return 1 for success, 0 for failure. Note that in the case of failure some
+ * certs may have been added to \c stack.
+ */
+
+int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+					const char *file)
+    {
+    BIO *in;
+    X509 *x=NULL;
+    X509_NAME *xn=NULL;
+    int ret=1;
+    int (*oldcmp)(X509_NAME **a, X509_NAME **b);
+
+    oldcmp=sk_X509_NAME_set_cmp_func(stack,name_cmp);
+
+    in=BIO_new(BIO_s_file_internal());
+
+    if (in == NULL)
+	{
+	SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,ERR_R_MALLOC_FAILURE);
+	goto err;
+	}
+	
+    if (!BIO_read_filename(in,file))
+	goto err;
+
+    for (;;)
+	{
+	if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
+	    break;
+	if ((xn=X509_get_subject_name(x)) == NULL) goto err;
+	xn=X509_NAME_dup(xn);
+	if (xn == NULL) goto err;
+	if (sk_X509_NAME_find(stack,xn) >= 0)
+	    X509_NAME_free(xn);
+	else
+	    sk_X509_NAME_push(stack,xn);
+	}
+
+    if (0)
+	{
+err:
+	ret=0;
+	}
+    if(in != NULL)
+	BIO_free(in);
+    if(x != NULL)
+	X509_free(x);
+
+    sk_X509_NAME_set_cmp_func(stack,oldcmp);
+
+    return ret;
+    }
+
+/*!
+ * Add a directory of certs to a stack.
+ * \param stack the stack to append to.
+ * \param dir the directory to append from. All files in this directory will be
+ * examined as potential certs. Any that are acceptable to
+ * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will be
+ * included.
+ * \return 1 for success, 0 for failure. Note that in the case of failure some
+ * certs may have been added to \c stack.
+ */
+
+#ifndef WIN32
+#ifndef VMS			/* XXXX This may be fixed in the future */
+
+int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+				       const char *dir)
+    {
+    DIR *d;
+    struct dirent *dstruct;
+    int ret = 0;
+
+    CRYPTO_w_lock(CRYPTO_LOCK_READDIR);
+    d = opendir(dir);
+
+    /* Note that a side effect is that the CAs will be sorted by name */
+    if(!d)
+	{
+	SYSerr(SYS_F_OPENDIR, get_last_sys_error());
+	ERR_add_error_data(3, "opendir('", dir, "')");
+	SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
+	goto err;
+	}
+
+    while((dstruct=readdir(d)))
+	{
+	char buf[1024];
+
+	if(strlen(dir)+strlen(dstruct->d_name)+2 > sizeof buf)
+	    {
+	    SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
+	    goto err;
+	    }
+	
+	sprintf(buf,"%s/%s",dir,dstruct->d_name);
+	if(!SSL_add_file_cert_subjects_to_stack(stack,buf))
+	    goto err;
+	}
+    ret = 1;
+
+err:	
+    CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
+    return ret;
+    }
+
+#endif
+#endif
diff --git a/lib/libssl/src/ssl/ssl_ciph.c b/lib/libssl/src/ssl/ssl_ciph.c
index 820994408b3..4c2989c47a3 100644
--- a/lib/libssl/src/ssl/ssl_ciph.c
+++ b/lib/libssl/src/ssl/ssl_ciph.c
@@ -57,7 +57,8 @@
  */
 
 #include <stdio.h>
-#include "objects.h"
+#include <openssl/objects.h>
+#include <openssl/comp.h>
 #include "ssl_locl.h"
 
 #define SSL_ENC_DES_IDX		0
@@ -69,14 +70,16 @@
 #define SSL_ENC_NULL_IDX	6
 #define SSL_ENC_NUM_IDX		7
 
-static EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
+static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
 	NULL,NULL,NULL,NULL,NULL,NULL,
 	};
 
+static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
+
 #define SSL_MD_MD5_IDX	0
 #define SSL_MD_SHA1_IDX	1
 #define SSL_MD_NUM_IDX	2
-static EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
+static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
 	NULL,NULL,
 	};
 
@@ -108,7 +111,8 @@ typedef struct cipher_order_st
 	} CIPHER_ORDER;
 
 static SSL_CIPHER cipher_aliases[]={
-	{0,SSL_TXT_ALL, 0,SSL_ALL,   0,SSL_ALL},	/* must be first */
+	/* Don't include eNULL unless specifically enabled */
+	{0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL, 0,SSL_ALL}, /* must be first */
 	{0,SSL_TXT_kRSA,0,SSL_kRSA,  0,SSL_MKEY_MASK},
 	{0,SSL_TXT_kDHr,0,SSL_kDHr,  0,SSL_MKEY_MASK},
 	{0,SSL_TXT_kDHd,0,SSL_kDHd,  0,SSL_MKEY_MASK},
@@ -141,25 +145,26 @@ static SSL_CIPHER cipher_aliases[]={
 	{0,SSL_TXT_ADH,	0,SSL_ADH,   0,SSL_AUTH_MASK|SSL_MKEY_MASK},
 	{0,SSL_TXT_FZA,	0,SSL_FZA,   0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK},
 
-	{0,SSL_TXT_EXP,	0,SSL_EXP,   0,SSL_EXP_MASK},
-	{0,SSL_TXT_EXPORT,0,SSL_EXPORT,0,SSL_EXP_MASK},
-	{0,SSL_TXT_SSLV2,0,SSL_SSLV2,0,SSL_SSL_MASK},
-	{0,SSL_TXT_SSLV3,0,SSL_SSLV3,0,SSL_SSL_MASK},
-	{0,SSL_TXT_LOW,  0,SSL_LOW,0,SSL_STRONG_MASK},
+	{0,SSL_TXT_EXP40, 0,SSL_EXP40, 0,SSL_EXP_MASK},
+	{0,SSL_TXT_EXPORT,0,SSL_EXP40, 0,SSL_EXP_MASK},
+	{0,SSL_TXT_EXP56, 0,SSL_EXP56, 0,SSL_EXP_MASK},
+	{0,SSL_TXT_SSLV2, 0,SSL_SSLV2, 0,SSL_SSL_MASK},
+	{0,SSL_TXT_SSLV3, 0,SSL_SSLV3, 0,SSL_SSL_MASK},
+	{0,SSL_TXT_TLSV1, 0,SSL_TLSV1, 0,SSL_SSL_MASK},
+	{0,SSL_TXT_LOW,   0,SSL_LOW,   0,SSL_STRONG_MASK},
 	{0,SSL_TXT_MEDIUM,0,SSL_MEDIUM,0,SSL_STRONG_MASK},
-	{0,SSL_TXT_HIGH, 0,SSL_HIGH,0,SSL_STRONG_MASK},
+	{0,SSL_TXT_HIGH,  0,SSL_HIGH,  0,SSL_STRONG_MASK},
 	};
 
 static int init_ciphers=1;
 static void load_ciphers();
 
-static int cmp_by_name(a,b)
-SSL_CIPHER **a,**b;
+static int cmp_by_name(SSL_CIPHER **a, SSL_CIPHER **b)
 	{
 	return(strcmp((*a)->name,(*b)->name));
 	}
 
-static void load_ciphers()
+static void load_ciphers(void)
 	{
 	init_ciphers=0;
 	ssl_cipher_methods[SSL_ENC_DES_IDX]= 
@@ -179,14 +184,38 @@ static void load_ciphers()
 		EVP_get_digestbyname(SN_sha1);
 	}
 
-int ssl_cipher_get_evp(c,enc,md)
-SSL_CIPHER *c;
-EVP_CIPHER **enc;
-EVP_MD **md;
+int ssl_cipher_get_evp(SSL_SESSION *s, const EVP_CIPHER **enc,
+	     const EVP_MD **md, SSL_COMP **comp)
 	{
 	int i;
+	SSL_CIPHER *c;
 
+	c=s->cipher;
 	if (c == NULL) return(0);
+	if (comp != NULL)
+		{
+		SSL_COMP ctmp;
+
+		if (s->compress_meth == 0)
+			*comp=NULL;
+		else if (ssl_comp_methods == NULL)
+			{
+			/* bad */
+			*comp=NULL;
+			}
+		else
+			{
+
+			ctmp.id=s->compress_meth;
+			i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp);
+			if (i >= 0)
+				*comp=sk_SSL_COMP_value(ssl_comp_methods,i);
+			else
+				*comp=NULL;
+			}
+		}
+
+	if ((enc == NULL) || (md == NULL)) return(0);
 
 	switch (c->algorithms & SSL_ENC_MASK)
 		{
@@ -208,7 +237,6 @@ EVP_MD **md;
 	case SSL_eNULL:
 		i=SSL_ENC_NULL_IDX;
 		break;
-		break;
 	default:
 		i= -1;
 		break;
@@ -250,8 +278,8 @@ EVP_MD **md;
 #define ITEM_SEP(a) \
 	(((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
 
-static void ll_append_tail(head,curr,tail)
-CIPHER_ORDER **head,*curr,**tail;
+static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
+	     CIPHER_ORDER **tail)
 	{
 	if (curr == *tail) return;
 	if (curr == *head)
@@ -266,14 +294,14 @@ CIPHER_ORDER **head,*curr,**tail;
 	*tail=curr;
 	}
 
-STACK *ssl_create_cipher_list(ssl_method,cipher_list,cipher_list_by_id,str)
-SSL_METHOD *ssl_method;
-STACK **cipher_list,**cipher_list_by_id;
-char *str;
+STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_METHOD *ssl_method,
+		STACK_OF(SSL_CIPHER) **cipher_list,
+		STACK_OF(SSL_CIPHER) **cipher_list_by_id,
+		char *str)
 	{
 	SSL_CIPHER *c;
 	char *l;
-	STACK *ret=NULL,*ok=NULL;
+	STACK_OF(SSL_CIPHER) *ret=NULL,*ok=NULL;
 #define CL_BUF	40
 	char buf[CL_BUF];
 	char *tmp_str=NULL;
@@ -308,7 +336,7 @@ char *str;
 
 	num=ssl_method->num_ciphers();
 
-	if ((ret=(STACK *)sk_new(NULL)) == NULL) goto err;
+	if ((ret=sk_SSL_CIPHER_new(NULL)) == NULL) goto err;
 	if ((ca_list=(STACK *)sk_new(cmp_by_name)) == NULL) goto err;
 
 	mask =SSL_kFZA;
@@ -322,7 +350,7 @@ char *str;
 	mask|=SSL_kDHr|SSL_kDHd|SSL_kEDH|SSL_aDH;
 #endif
 
-#ifndef SSL_ALLOW_ENULL
+#ifdef SSL_FORBID_ENULL
 	mask|=SSL_eNULL;
 #endif
 
@@ -372,7 +400,7 @@ char *str;
 		}
 
 	/* special case */
-	cipher_aliases[0].algorithms= ~mask;
+	cipher_aliases[0].algorithms &= ~mask;
 
 	/* get the aliases */
 	k=sizeof(cipher_aliases)/sizeof(SSL_CIPHER);
@@ -430,10 +458,14 @@ char *str;
 			{
 			ch= *l;
 			i=0;
+#ifndef CHARSET_EBCDIC
 			while (	((ch >= 'A') && (ch <= 'Z')) ||
 				((ch >= '0') && (ch <= '9')) ||
 				((ch >= 'a') && (ch <= 'z')) ||
 				 (ch == '-'))
+#else
+			while (	isalnum(ch) || (ch == '-'))
+#endif
 				 {
 				 buf[i]=ch;
 				 ch= *(++l);
@@ -541,7 +573,7 @@ end_loop:
 		{
 		if (curr->active)
 			{
-			sk_push(ret,(char *)curr->cipher);
+			sk_SSL_CIPHER_push(ret,curr->cipher);
 #ifdef CIPHER_DEBUG
 			printf("<%s>\n",curr->cipher->name);
 #endif
@@ -551,15 +583,15 @@ end_loop:
 	if (cipher_list != NULL)
 		{
 		if (*cipher_list != NULL)
-			sk_free(*cipher_list);
+			sk_SSL_CIPHER_free(*cipher_list);
 		*cipher_list=ret;
 		}
 
 	if (cipher_list_by_id != NULL)
 		{
 		if (*cipher_list_by_id != NULL)
-			sk_free(*cipher_list_by_id);
-		*cipher_list_by_id=sk_dup(ret);
+			sk_SSL_CIPHER_free(*cipher_list_by_id);
+		*cipher_list_by_id=sk_SSL_CIPHER_dup(ret);
 		}
 
 	if (	(cipher_list_by_id == NULL) ||
@@ -567,25 +599,22 @@ end_loop:
 		(cipher_list == NULL) ||
 		(*cipher_list == NULL))
 		goto err;
-	sk_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
+	sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
 
 	ok=ret;
 	ret=NULL;
 err:
 	if (tmp_str) Free(tmp_str);
 	if (ops != NULL) Free(ops);
-	if (ret != NULL) sk_free(ret);
+	if (ret != NULL) sk_SSL_CIPHER_free(ret);
 	if (ca_list != NULL) sk_free(ca_list);
 	if (list != NULL) Free(list);
 	return(ok);
 	}
 
-char *SSL_CIPHER_description(cipher,buf,len)
-SSL_CIPHER *cipher;
-char *buf;
-int len;
+char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
 	{
-	int export;
+	int is_export,pkl,kl;
 	char *ver,*exp;
 	char *kx,*au,*enc,*mac;
 	unsigned long alg,alg2;
@@ -594,8 +623,10 @@ int len;
 	alg=cipher->algorithms;
 	alg2=cipher->algorithm2;
 
-	export=(alg&SSL_EXP)?1:0;
-	exp=(export)?" export":"";
+	is_export=SSL_IS_EXPORT(alg);
+	pkl=SSL_EXPORT_PKEYLENGTH(alg);
+	kl=SSL_EXPORT_KEYLENGTH(alg);
+	exp=is_export?" export":"";
 
 	if (alg & SSL_SSLV2)
 		ver="SSLv2";
@@ -607,7 +638,7 @@ int len;
 	switch (alg&SSL_MKEY_MASK)
 		{
 	case SSL_kRSA:
-		kx=(export)?"RSA(512)":"RSA";
+		kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA";
 		break;
 	case SSL_kDHr:
 		kx="DH/RSA";
@@ -619,7 +650,7 @@ int len;
 		kx="Fortezza";
 		break;
 	case SSL_kEDH:
-		kx=(export)?"DH(512)":"DH";
+		kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
 		break;
 	default:
 		kx="unknown";
@@ -648,16 +679,17 @@ int len;
 	switch (alg&SSL_ENC_MASK)
 		{
 	case SSL_DES:
-		enc=export?"DES(40)":"DES(56)";
+		enc=(is_export && kl == 5)?"DES(40)":"DES(56)";
 		break;
 	case SSL_3DES:
 		enc="3DES(168)";
 		break;
 	case SSL_RC4:
-		enc=export?"RC4(40)":((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
+		enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)")
+		  :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
 		break;
 	case SSL_RC2:
-		enc=export?"RC2(40)":"RC2(128)";
+		enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)";
 		break;
 	case SSL_IDEA:
 		enc="IDEA(128)";
@@ -698,8 +730,7 @@ int len;
 	return(buf);
 	}
 
-char *SSL_CIPHER_get_version(c)
-SSL_CIPHER *c;
+char *SSL_CIPHER_get_version(SSL_CIPHER *c)
 	{
 	int i;
 
@@ -714,8 +745,7 @@ SSL_CIPHER *c;
 	}
 
 /* return the actual cipher being used */
-char *SSL_CIPHER_get_name(c)
-SSL_CIPHER *c;
+const char *SSL_CIPHER_get_name(SSL_CIPHER *c)
 	{
 	if (c != NULL)
 		return(c->name);
@@ -723,24 +753,24 @@ SSL_CIPHER *c;
 	}
 
 /* number of bits for symetric cipher */
-int SSL_CIPHER_get_bits(c,alg_bits)
-SSL_CIPHER *c;
-int *alg_bits;
+int SSL_CIPHER_get_bits(SSL_CIPHER *c, int *alg_bits)
 	{
 	int ret=0,a=0;
-	EVP_CIPHER *enc;
-	EVP_MD *md;
+	const EVP_CIPHER *enc;
+	const EVP_MD *md;
+	SSL_SESSION ss;
 
 	if (c != NULL)
 		{
-		if (!ssl_cipher_get_evp(c,&enc,&md))
+		ss.cipher=c;
+		if (!ssl_cipher_get_evp(&ss,&enc,&md,NULL))
 			return(0);
 
 		a=EVP_CIPHER_key_length(enc)*8;
 
-		if (c->algorithms & SSL_EXP)
+		if (SSL_C_IS_EXPORT(c))
 			{
-			ret=40;
+			ret=SSL_C_EXPORT_KEYLENGTH(c)*8;
 			}
 		else
 			{
@@ -756,3 +786,50 @@ int *alg_bits;
 	return(ret);
 	}
 
+SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
+	{
+	SSL_COMP *ctmp;
+	int i,nn;
+
+	if ((n == 0) || (sk == NULL)) return(NULL);
+	nn=sk_SSL_COMP_num(sk);
+	for (i=0; i<nn; i++)
+		{
+		ctmp=sk_SSL_COMP_value(sk,i);
+		if (ctmp->id == n)
+			return(ctmp);
+		}
+	return(NULL);
+	}
+
+static int sk_comp_cmp(SSL_COMP **a,SSL_COMP **b)
+	{
+	return((*a)->id-(*b)->id);
+	}
+
+STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
+	{
+	return(ssl_comp_methods);
+	}
+
+int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
+	{
+	SSL_COMP *comp;
+	STACK_OF(SSL_COMP) *sk;
+
+	comp=(SSL_COMP *)Malloc(sizeof(SSL_COMP));
+	comp->id=id;
+	comp->method=cm;
+	if (ssl_comp_methods == NULL)
+		sk=ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
+	else
+		sk=ssl_comp_methods;
+	if ((sk == NULL) || !sk_SSL_COMP_push(sk,comp))
+		{
+		SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
+		return(0);
+		}
+	else
+		return(1);
+	}
+
diff --git a/lib/libssl/src/ssl/ssl_err.c b/lib/libssl/src/ssl/ssl_err.c
index bcbb98591f3..3ddc805b537 100644
--- a/lib/libssl/src/ssl/ssl_err.c
+++ b/lib/libssl/src/ssl/ssl_err.c
@@ -1,63 +1,65 @@
-/* lib/ssl/ssl_err.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* ssl/ssl_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
+ */
+
 #include <stdio.h>
-#include "err.h"
-#include "ssl.h"
+#include <openssl/err.h>
+#include <openssl/ssl.h>
 
 /* BEGIN ERROR CODES */
 #ifndef NO_ERR
@@ -96,6 +98,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_PACK(0,SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,0),	"SSL3_CHECK_CERT_AND_ALGORITHM"},
 {ERR_PACK(0,SSL_F_SSL3_CLIENT_HELLO,0),	"SSL3_CLIENT_HELLO"},
 {ERR_PACK(0,SSL_F_SSL3_CONNECT,0),	"SSL3_CONNECT"},
+{ERR_PACK(0,SSL_F_SSL3_CTRL,0),	"SSL3_CTRL"},
 {ERR_PACK(0,SSL_F_SSL3_CTX_CTRL,0),	"SSL3_CTX_CTRL"},
 {ERR_PACK(0,SSL_F_SSL3_ENC,0),	"SSL3_ENC"},
 {ERR_PACK(0,SSL_F_SSL3_GET_CERTIFICATE_REQUEST,0),	"SSL3_GET_CERTIFICATE_REQUEST"},
@@ -123,16 +126,25 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_PACK(0,SSL_F_SSL3_SETUP_KEY_BLOCK,0),	"SSL3_SETUP_KEY_BLOCK"},
 {ERR_PACK(0,SSL_F_SSL3_WRITE_BYTES,0),	"SSL3_WRITE_BYTES"},
 {ERR_PACK(0,SSL_F_SSL3_WRITE_PENDING,0),	"SSL3_WRITE_PENDING"},
+{ERR_PACK(0,SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,0),	"SSL_add_dir_cert_subjects_to_stack"},
+{ERR_PACK(0,SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,0),	"SSL_add_file_cert_subjects_to_stack"},
 {ERR_PACK(0,SSL_F_SSL_BAD_METHOD,0),	"SSL_BAD_METHOD"},
 {ERR_PACK(0,SSL_F_SSL_BYTES_TO_CIPHER_LIST,0),	"SSL_BYTES_TO_CIPHER_LIST"},
+{ERR_PACK(0,SSL_F_SSL_CERT_DUP,0),	"SSL_CERT_DUP"},
+{ERR_PACK(0,SSL_F_SSL_CERT_INST,0),	"SSL_CERT_INST"},
+{ERR_PACK(0,SSL_F_SSL_CERT_INSTANTIATE,0),	"SSL_CERT_INSTANTIATE"},
 {ERR_PACK(0,SSL_F_SSL_CERT_NEW,0),	"SSL_CERT_NEW"},
 {ERR_PACK(0,SSL_F_SSL_CHECK_PRIVATE_KEY,0),	"SSL_check_private_key"},
+{ERR_PACK(0,SSL_F_SSL_CLEAR,0),	"SSL_clear"},
+{ERR_PACK(0,SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,0),	"SSL_COMP_add_compression_method"},
 {ERR_PACK(0,SSL_F_SSL_CREATE_CIPHER_LIST,0),	"SSL_CREATE_CIPHER_LIST"},
 {ERR_PACK(0,SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,0),	"SSL_CTX_check_private_key"},
 {ERR_PACK(0,SSL_F_SSL_CTX_NEW,0),	"SSL_CTX_new"},
+{ERR_PACK(0,SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,0),	"SSL_CTX_set_session_id_context"},
 {ERR_PACK(0,SSL_F_SSL_CTX_SET_SSL_VERSION,0),	"SSL_CTX_set_ssl_version"},
 {ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE,0),	"SSL_CTX_use_certificate"},
 {ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,0),	"SSL_CTX_use_certificate_ASN1"},
+{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,0),	"SSL_CTX_use_certificate_chain_file"},
 {ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,0),	"SSL_CTX_use_certificate_file"},
 {ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY,0),	"SSL_CTX_use_PrivateKey"},
 {ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,0),	"SSL_CTX_use_PrivateKey_ASN1"},
@@ -142,21 +154,26 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_PACK(0,SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,0),	"SSL_CTX_use_RSAPrivateKey_file"},
 {ERR_PACK(0,SSL_F_SSL_DO_HANDSHAKE,0),	"SSL_do_handshake"},
 {ERR_PACK(0,SSL_F_SSL_GET_NEW_SESSION,0),	"SSL_GET_NEW_SESSION"},
+{ERR_PACK(0,SSL_F_SSL_GET_PREV_SESSION,0),	"SSL_GET_PREV_SESSION"},
 {ERR_PACK(0,SSL_F_SSL_GET_SERVER_SEND_CERT,0),	"SSL_GET_SERVER_SEND_CERT"},
 {ERR_PACK(0,SSL_F_SSL_GET_SIGN_PKEY,0),	"SSL_GET_SIGN_PKEY"},
 {ERR_PACK(0,SSL_F_SSL_INIT_WBIO_BUFFER,0),	"SSL_INIT_WBIO_BUFFER"},
 {ERR_PACK(0,SSL_F_SSL_LOAD_CLIENT_CA_FILE,0),	"SSL_load_client_CA_file"},
 {ERR_PACK(0,SSL_F_SSL_NEW,0),	"SSL_new"},
+{ERR_PACK(0,SSL_F_SSL_READ,0),	"SSL_read"},
 {ERR_PACK(0,SSL_F_SSL_RSA_PRIVATE_DECRYPT,0),	"SSL_RSA_PRIVATE_DECRYPT"},
 {ERR_PACK(0,SSL_F_SSL_RSA_PUBLIC_ENCRYPT,0),	"SSL_RSA_PUBLIC_ENCRYPT"},
 {ERR_PACK(0,SSL_F_SSL_SESSION_NEW,0),	"SSL_SESSION_new"},
 {ERR_PACK(0,SSL_F_SSL_SESSION_PRINT_FP,0),	"SSL_SESSION_print_fp"},
+{ERR_PACK(0,SSL_F_SSL_SESS_CERT_NEW,0),	"SSL_SESS_CERT_NEW"},
 {ERR_PACK(0,SSL_F_SSL_SET_CERT,0),	"SSL_SET_CERT"},
 {ERR_PACK(0,SSL_F_SSL_SET_FD,0),	"SSL_set_fd"},
 {ERR_PACK(0,SSL_F_SSL_SET_PKEY,0),	"SSL_SET_PKEY"},
 {ERR_PACK(0,SSL_F_SSL_SET_RFD,0),	"SSL_set_rfd"},
 {ERR_PACK(0,SSL_F_SSL_SET_SESSION,0),	"SSL_set_session"},
+{ERR_PACK(0,SSL_F_SSL_SET_SESSION_ID_CONTEXT,0),	"SSL_set_session_id_context"},
 {ERR_PACK(0,SSL_F_SSL_SET_WFD,0),	"SSL_set_wfd"},
+{ERR_PACK(0,SSL_F_SSL_SHUTDOWN,0),	"SSL_shutdown"},
 {ERR_PACK(0,SSL_F_SSL_UNDEFINED_FUNCTION,0),	"SSL_UNDEFINED_FUNCTION"},
 {ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE,0),	"SSL_use_certificate"},
 {ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE_ASN1,0),	"SSL_use_certificate_ASN1"},
@@ -167,17 +184,19 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY,0),	"SSL_use_RSAPrivateKey"},
 {ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,0),	"SSL_use_RSAPrivateKey_ASN1"},
 {ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,0),	"SSL_use_RSAPrivateKey_file"},
+{ERR_PACK(0,SSL_F_SSL_VERIFY_CERT_CHAIN,0),	"SSL_VERIFY_CERT_CHAIN"},
 {ERR_PACK(0,SSL_F_SSL_WRITE,0),	"SSL_write"},
 {ERR_PACK(0,SSL_F_TLS1_CHANGE_CIPHER_STATE,0),	"TLS1_CHANGE_CIPHER_STATE"},
 {ERR_PACK(0,SSL_F_TLS1_ENC,0),	"TLS1_ENC"},
 {ERR_PACK(0,SSL_F_TLS1_SETUP_KEY_BLOCK,0),	"TLS1_SETUP_KEY_BLOCK"},
 {ERR_PACK(0,SSL_F_WRITE_PENDING,0),	"WRITE_PENDING"},
-{0,NULL},
+{0,NULL}
 	};
 
 static ERR_STRING_DATA SSL_str_reasons[]=
 	{
 {SSL_R_APP_DATA_IN_HANDSHAKE             ,"app data in handshake"},
+{SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT,"attempt to reuse session in different context"},
 {SSL_R_BAD_ALERT_RECORD                  ,"bad alert record"},
 {SSL_R_BAD_AUTHENTICATION_TYPE           ,"bad authentication type"},
 {SSL_R_BAD_CHANGE_CIPHER_SPEC            ,"bad change cipher spec"},
@@ -190,6 +209,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_BAD_DH_P_LENGTH                   ,"bad dh p length"},
 {SSL_R_BAD_DIGEST_LENGTH                 ,"bad digest length"},
 {SSL_R_BAD_DSA_SIGNATURE                 ,"bad dsa signature"},
+{SSL_R_BAD_LENGTH                        ,"bad length"},
 {SSL_R_BAD_MAC_DECODE                    ,"bad mac decode"},
 {SSL_R_BAD_MESSAGE_TYPE                  ,"bad message type"},
 {SSL_R_BAD_PACKET_LENGTH                 ,"bad packet length"},
@@ -219,6 +239,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_CIPHER_TABLE_SRC_ERROR            ,"cipher table src error"},
 {SSL_R_COMPRESSED_LENGTH_TOO_LONG        ,"compressed length too long"},
 {SSL_R_COMPRESSION_FAILURE               ,"compression failure"},
+{SSL_R_COMPRESSION_LIBRARY_ERROR         ,"compression library error"},
 {SSL_R_CONNECTION_ID_IS_DIFFERENT        ,"connection id is different"},
 {SSL_R_CONNECTION_TYPE_NOT_SET           ,"connection type not set"},
 {SSL_R_DATA_BETWEEN_CCS_AND_FINISHED     ,"data between ccs and finished"},
@@ -237,6 +258,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_INVALID_CHALLENGE_LENGTH          ,"invalid challenge length"},
 {SSL_R_LENGTH_MISMATCH                   ,"length mismatch"},
 {SSL_R_LENGTH_TOO_SHORT                  ,"length too short"},
+{SSL_R_LIBRARY_BUG                       ,"library bug"},
 {SSL_R_LIBRARY_HAS_NO_CIPHERS            ,"library has no ciphers"},
 {SSL_R_MISSING_DH_DSA_CERT               ,"missing dh dsa cert"},
 {SSL_R_MISSING_DH_KEY                    ,"missing dh key"},
@@ -264,15 +286,18 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_NO_CIPHER_MATCH                   ,"no cipher match"},
 {SSL_R_NO_CLIENT_CERT_RECEIVED           ,"no client cert received"},
 {SSL_R_NO_COMPRESSION_SPECIFIED          ,"no compression specified"},
+{SSL_R_NO_METHOD_SPECIFIED               ,"no method specified"},
 {SSL_R_NO_PRIVATEKEY                     ,"no privatekey"},
 {SSL_R_NO_PRIVATE_KEY_ASSIGNED           ,"no private key assigned"},
 {SSL_R_NO_PROTOCOLS_AVAILABLE            ,"no protocols available"},
 {SSL_R_NO_PUBLICKEY                      ,"no publickey"},
 {SSL_R_NO_SHARED_CIPHER                  ,"no shared cipher"},
+{SSL_R_NO_VERIFY_CALLBACK                ,"no verify callback"},
 {SSL_R_NULL_SSL_CTX                      ,"null ssl ctx"},
 {SSL_R_NULL_SSL_METHOD_PASSED            ,"null ssl method passed"},
 {SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED   ,"old session cipher not returned"},
 {SSL_R_PACKET_LENGTH_TOO_LONG            ,"packet length too long"},
+{SSL_R_PATH_TOO_LONG                     ,"path too long"},
 {SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE ,"peer did not return a certificate"},
 {SSL_R_PEER_ERROR                        ,"peer error"},
 {SSL_R_PEER_ERROR_CERTIFICATE            ,"peer error certificate"},
@@ -293,8 +318,10 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_REUSE_CERT_LENGTH_NOT_ZERO        ,"reuse cert length not zero"},
 {SSL_R_REUSE_CERT_TYPE_NOT_ZERO          ,"reuse cert type not zero"},
 {SSL_R_REUSE_CIPHER_LIST_NOT_ZERO        ,"reuse cipher list not zero"},
+{SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED  ,"session id context uninitialized"},
 {SSL_R_SHORT_READ                        ,"short read"},
 {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
+{SSL_R_SSL23_DOING_SESSION_ID_REUSE      ,"ssl23 doing session id reuse"},
 {SSL_R_SSL3_SESSION_ID_TOO_SHORT         ,"ssl3 session id too short"},
 {SSL_R_SSLV3_ALERT_BAD_CERTIFICATE       ,"sslv3 alert bad certificate"},
 {SSL_R_SSLV3_ALERT_BAD_RECORD_MAC        ,"sslv3 alert bad record mac"},
@@ -315,7 +342,20 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION,"ssl ctx has no default ssl version"},
 {SSL_R_SSL_HANDSHAKE_FAILURE             ,"ssl handshake failure"},
 {SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS        ,"ssl library has no ciphers"},
+{SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG   ,"ssl session id context too long"},
 {SSL_R_SSL_SESSION_ID_IS_DIFFERENT       ,"ssl session id is different"},
+{SSL_R_TLSV1_ALERT_ACCESS_DENIED         ,"tlsv1 alert access denied"},
+{SSL_R_TLSV1_ALERT_DECODE_ERROR          ,"tlsv1 alert decode error"},
+{SSL_R_TLSV1_ALERT_DECRYPTION_FAILED     ,"tlsv1 alert decryption failed"},
+{SSL_R_TLSV1_ALERT_DECRYPT_ERROR         ,"tlsv1 alert decrypt error"},
+{SSL_R_TLSV1_ALERT_EXPORT_RESTRICION     ,"tlsv1 alert export restricion"},
+{SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY ,"tlsv1 alert insufficient security"},
+{SSL_R_TLSV1_ALERT_INTERNAL_ERROR        ,"tlsv1 alert internal error"},
+{SSL_R_TLSV1_ALERT_NO_RENEGOTIATION      ,"tlsv1 alert no renegotiation"},
+{SSL_R_TLSV1_ALERT_PROTOCOL_VERSION      ,"tlsv1 alert protocol version"},
+{SSL_R_TLSV1_ALERT_RECORD_OVERFLOW       ,"tlsv1 alert record overflow"},
+{SSL_R_TLSV1_ALERT_UNKNOWN_CA            ,"tlsv1 alert unknown ca"},
+{SSL_R_TLSV1_ALERT_USER_CANCLED          ,"tlsv1 alert user cancled"},
 {SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER,"tls client cert req with anon cipher"},
 {SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST,"tls peer did not respond with certificate list"},
 {SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG,"tls rsa encrypted value length is wrong"},
@@ -330,6 +370,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES ,"unable to load ssl3 sha1 routines"},
 {SSL_R_UNEXPECTED_MESSAGE                ,"unexpected message"},
 {SSL_R_UNEXPECTED_RECORD                 ,"unexpected record"},
+{SSL_R_UNINITIALIZED                     ,"uninitialized"},
 {SSL_R_UNKNOWN_ALERT_TYPE                ,"unknown alert type"},
 {SSL_R_UNKNOWN_CERTIFICATE_TYPE          ,"unknown certificate type"},
 {SSL_R_UNKNOWN_CIPHER_RETURNED           ,"unknown cipher returned"},
@@ -353,17 +394,18 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_WRONG_SSL_VERSION                 ,"wrong ssl version"},
 {SSL_R_WRONG_VERSION_NUMBER              ,"wrong version number"},
 {SSL_R_X509_LIB                          ,"x509 lib"},
-{0,NULL},
+{SSL_R_X509_VERIFICATION_SETUP_PROBLEMS  ,"x509 verification setup problems"},
+{0,NULL}
 	};
 
 #endif
 
-void ERR_load_SSL_strings()
+void ERR_load_SSL_strings(void)
 	{
 	static int init=1;
 
-	if (init);
-		{;
+	if (init)
+		{
 		init=0;
 #ifndef NO_ERR
 		ERR_load_strings(ERR_LIB_SSL,SSL_str_functs);
diff --git a/lib/libssl/src/ssl/ssl_err2.c b/lib/libssl/src/ssl/ssl_err2.c
index 0b91f7b8d23..cc089a612b1 100644
--- a/lib/libssl/src/ssl/ssl_err2.c
+++ b/lib/libssl/src/ssl/ssl_err2.c
@@ -57,10 +57,10 @@
  */
 
 #include <stdio.h>
-#include "err.h"
-#include "ssl.h"
+#include <openssl/err.h>
+#include <openssl/ssl.h>
 
-void SSL_load_error_strings()
+void SSL_load_error_strings(void)
 	{
 #ifndef NO_ERR
 	ERR_load_crypto_strings();
diff --git a/lib/libssl/src/ssl/ssl_lib.c b/lib/libssl/src/ssl/ssl_lib.c
index f562ec6b14d..e192fc4cac3 100644
--- a/lib/libssl/src/ssl/ssl_lib.c
+++ b/lib/libssl/src/ssl/ssl_lib.c
@@ -1,4 +1,6 @@
-/* ssl/ssl_lib.c */
+/*! \file ssl/ssl_lib.c
+ *  \brief Version independent SSL functions.
+ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -57,18 +59,18 @@
  */
 
 #include <stdio.h>
-#include "objects.h"
-#include "lhash.h"
+#include <openssl/objects.h>
+#include <openssl/lhash.h>
 #include "ssl_locl.h"
 
-char *SSL_version_str="SSLeay 0.9.0b 29-Jun-1998";
+char *SSL_version_str=OPENSSL_VERSION_TEXT;
 
 static STACK *ssl_meth=NULL;
 static STACK *ssl_ctx_meth=NULL;
 static int ssl_meth_num=0;
 static int ssl_ctx_meth_num=0;
 
-SSL3_ENC_METHOD ssl3_undef_enc_method={
+OPENSSL_GLOBAL SSL3_ENC_METHOD ssl3_undef_enc_method={
 	ssl_undefined_function,
 	ssl_undefined_function,
 	ssl_undefined_function,
@@ -77,30 +79,36 @@ SSL3_ENC_METHOD ssl3_undef_enc_method={
 	ssl_undefined_function,
 	};
 
-void SSL_clear(s)
-SSL *s;
+int SSL_clear(SSL *s)
 	{
 	int state;
 
-	if (s->method == NULL) return;
+	if (s->method == NULL)
+		{
+		SSLerr(SSL_F_SSL_CLEAR,SSL_R_NO_METHOD_SPECIFIED);
+		return(0);
+		}
 
 	s->error=0;
 	s->hit=0;
+	s->shutdown=0;
 
+#if 0
 	/* This is set if we are doing dynamic renegotiation so keep
 	 * the old cipher.  It is sort of a SSL_clear_lite :-) */
-	if (s->new_session) return;
+	if (s->new_session) return(1);
+#endif
 
 	state=s->state; /* Keep to check if we throw away the session-id */
 	s->type=0;
 
+	s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT);
+
 	s->version=s->method->version;
+	s->client_version=s->version;
 	s->rwstate=SSL_NOTHING;
-	s->state=SSL_ST_BEFORE;
 	s->rstate=SSL_ST_READ_HEADER;
-	s->read_ahead=s->ctx->default_read_ahead;
-
-/*	s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); */
+	s->read_ahead=s->ctx->read_ahead;
 
 	if (s->init_buf != NULL)
 		{
@@ -116,24 +124,34 @@ SSL *s;
 		s->session=NULL;
 		}
 
-	s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
 	s->first_packet=0;
 
-	s->method->ssl_clear(s);
+#if 1
+	/* Check to see if we were changed into a different method, if
+	 * so, revert back if we are not doing session-id reuse. */
+	if ((s->session == NULL) && (s->method != s->ctx->method))
+		{
+		s->method->ssl_free(s);
+		s->method=s->ctx->method;
+		if (!s->method->ssl_new(s))
+			return(0);
+		}
+	else
+#endif
+		s->method->ssl_clear(s);
+	return(1);
 	}
 
-/* Used to change an SSL_CTXs default SSL method type */
-int SSL_CTX_set_ssl_version(ctx,meth)
-SSL_CTX *ctx;
-SSL_METHOD *meth;
+/** Used to change an SSL_CTXs default SSL method type */
+int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth)
 	{
-	STACK *sk;
+	STACK_OF(SSL_CIPHER) *sk;
 
 	ctx->method=meth;
 
 	sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list),
 		&(ctx->cipher_list_by_id),SSL_DEFAULT_CIPHER_LIST);
-	if ((sk == NULL) || (sk_num(sk) <= 0))
+	if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0))
 		{
 		SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
 		return(0);
@@ -141,8 +159,7 @@ SSL_METHOD *meth;
 	return(1);
 	}
 
-SSL *SSL_new(ctx)
-SSL_CTX *ctx;
+SSL *SSL_new(SSL_CTX *ctx)
 	{
 	SSL *s;
 
@@ -161,15 +178,28 @@ SSL_CTX *ctx;
 	if (s == NULL) goto err;
 	memset(s,0,sizeof(SSL));
 
-	if (ctx->default_cert != NULL)
+	if (ctx->cert != NULL)
 		{
-		CRYPTO_add(&ctx->default_cert->references,1,
-			CRYPTO_LOCK_SSL_CERT);
-		s->cert=ctx->default_cert;
+		/* Earlier library versions used to copy the pointer to
+		 * the CERT, not its contents; only when setting new
+		 * parameters for the per-SSL copy, ssl_cert_new would be
+		 * called (and the direct reference to the per-SSL_CTX
+		 * settings would be lost, but those still were indirectly
+		 * accessed for various purposes, and for that reason they
+		 * used to be known as s->ctx->default_cert).
+		 * Now we don't look at the SSL_CTX's CERT after having
+		 * duplicated it once. */
+
+		s->cert = ssl_cert_dup(ctx->cert);
+		if (s->cert == NULL)
+			goto err;
 		}
 	else
-		s->cert=NULL;
-	s->verify_mode=ctx->default_verify_mode;
+		s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */
+	s->sid_ctx_length=ctx->sid_ctx_length;
+	memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
+	s->verify_mode=ctx->verify_mode;
+	s->verify_depth=ctx->verify_depth;
 	s->verify_callback=ctx->default_verify_callback;
 	CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
 	s->ctx=ctx;
@@ -179,30 +209,66 @@ SSL_CTX *ctx;
 	s->method=ctx->method;
 
 	if (!s->method->ssl_new(s))
-		{
-		SSL_CTX_free(ctx);
-		Free(s);
 		goto err;
-		}
 
 	s->quiet_shutdown=ctx->quiet_shutdown;
 	s->references=1;
+	s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1;
 	s->options=ctx->options;
+	s->mode=ctx->mode;
 	SSL_clear(s);
 
 	CRYPTO_new_ex_data(ssl_meth,(char *)s,&s->ex_data);
 
 	return(s);
 err:
+	if (s != NULL)
+		{
+		if (s->cert != NULL)
+			ssl_cert_free(s->cert);
+		if (s->ctx != NULL)
+			SSL_CTX_free(s->ctx); /* decrement reference count */
+		Free(s);
+		}
 	SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
 	return(NULL);
 	}
 
-void SSL_free(s)
-SSL *s;
+int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
+				   unsigned int sid_ctx_len)
+    {
+    if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
+	{
+	SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
+	return 0;
+	}
+    ctx->sid_ctx_length=sid_ctx_len;
+    memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len);
+
+    return 1;
+    }
+
+int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
+			       unsigned int sid_ctx_len)
+    {
+    if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
+	{
+	SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
+	return 0;
+	}
+    ssl->sid_ctx_length=sid_ctx_len;
+    memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len);
+
+    return 1;
+    }
+
+void SSL_free(SSL *s)
 	{
 	int i;
 
+	if(s == NULL)
+	    return;
+
 	i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL);
 #ifdef REF_PRINT
 	REF_PRINT("SSL",s);
@@ -236,8 +302,8 @@ SSL *s;
 	if (s->init_buf != NULL) BUF_MEM_free(s->init_buf);
 
 	/* add extra stuff */
-	if (s->cipher_list != NULL) sk_free(s->cipher_list);
-	if (s->cipher_list_by_id != NULL) sk_free(s->cipher_list_by_id);
+	if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list);
+	if (s->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(s->cipher_list_by_id);
 
 	/* Make the next call work :-) */
 	if (s->session != NULL)
@@ -254,17 +320,14 @@ SSL *s;
 	if (s->ctx) SSL_CTX_free(s->ctx);
 
 	if (s->client_CA != NULL)
-		sk_pop_free(s->client_CA,X509_NAME_free);
+		sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free);
 
 	if (s->method != NULL) s->method->ssl_free(s);
 
 	Free((char *)s);
 	}
 
-void SSL_set_bio(s, rbio,wbio)
-SSL *s;
-BIO *rbio;
-BIO *wbio;
+void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio)
 	{
 	/* If the output buffering BIO is still in place, remove it
 	 */
@@ -284,16 +347,13 @@ BIO *wbio;
 	s->wbio=wbio;
 	}
 
-BIO *SSL_get_rbio(s)
-SSL *s;
+BIO *SSL_get_rbio(SSL *s)
 	{ return(s->rbio); }
 
-BIO *SSL_get_wbio(s)
-SSL *s;
+BIO *SSL_get_wbio(SSL *s)
 	{ return(s->wbio); }
 
-int SSL_get_fd(s)
-SSL *s;
+int SSL_get_fd(SSL *s)
 	{
 	int ret= -1;
 	BIO *b,*r;
@@ -306,9 +366,7 @@ SSL *s;
 	}
 
 #ifndef NO_SOCK
-int SSL_set_fd(s, fd)
-SSL *s;
-int fd;
+int SSL_set_fd(SSL *s,int fd)
 	{
 	int ret=0;
 	BIO *bio=NULL;
@@ -327,9 +385,7 @@ err:
 	return(ret);
 	}
 
-int SSL_set_wfd(s, fd)
-SSL *s;
-int fd;
+int SSL_set_wfd(SSL *s,int fd)
 	{
 	int ret=0;
 	BIO *bio=NULL;
@@ -351,9 +407,7 @@ err:
 	return(ret);
 	}
 
-int SSL_set_rfd(s, fd)
-SSL *s;
-int fd;
+int SSL_set_rfd(SSL *s,int fd)
 	{
 	int ret=0;
 	BIO *bio=NULL;
@@ -379,61 +433,65 @@ err:
 	}
 #endif
 
-int SSL_get_verify_mode(s)
-SSL *s;
+int SSL_get_verify_mode(SSL *s)
 	{
 	return(s->verify_mode);
 	}
 
-int (*SSL_get_verify_callback(s))()
-SSL *s;
+int SSL_get_verify_depth(SSL *s)
+	{
+	return(s->verify_depth);
+	}
+
+int (*SSL_get_verify_callback(SSL *s))(int,X509_STORE_CTX *)
 	{
 	return(s->verify_callback);
 	}
 
-int SSL_CTX_get_verify_mode(ctx)
-SSL_CTX *ctx;
+int SSL_CTX_get_verify_mode(SSL_CTX *ctx)
+	{
+	return(ctx->verify_mode);
+	}
+
+int SSL_CTX_get_verify_depth(SSL_CTX *ctx)
 	{
-	return(ctx->default_verify_mode);
+	return(ctx->verify_depth);
 	}
 
-int (*SSL_CTX_get_verify_callback(ctx))()
-SSL_CTX *ctx;
+int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int,X509_STORE_CTX *)
 	{
 	return(ctx->default_verify_callback);
 	}
 
-void SSL_set_verify(s, mode, callback)
-SSL *s;
-int mode;
-int (*callback)();
+void SSL_set_verify(SSL *s,int mode,
+		    int (*callback)(int ok,X509_STORE_CTX *ctx))
 	{
 	s->verify_mode=mode;
 	if (callback != NULL)
 		s->verify_callback=callback;
 	}
 
-void SSL_set_read_ahead(s, yes)
-SSL *s;
-int yes;
+void SSL_set_verify_depth(SSL *s,int depth)
+	{
+	s->verify_depth=depth;
+	}
+
+void SSL_set_read_ahead(SSL *s,int yes)
 	{
 	s->read_ahead=yes;
 	}
 
-int SSL_get_read_ahead(s)
-SSL *s;
+int SSL_get_read_ahead(SSL *s)
 	{
 	return(s->read_ahead);
 	}
 
-int SSL_pending(s)
-SSL *s;
+int SSL_pending(SSL *s)
 	{
 	return(s->method->ssl_pending(s));
 	}
 
-X509 *SSL_get_peer_certificate(s)
-SSL *s;
+X509 *SSL_get_peer_certificate(SSL *s)
 	{
 	X509 *r;
 	
@@ -449,23 +507,21 @@ SSL *s;
 	return(r);
 	}
 
-STACK *SSL_get_peer_cert_chain(s)
-SSL *s;
+STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s)
 	{
-	STACK *r;
+	STACK_OF(X509) *r;
 	
-	if ((s == NULL) || (s->session == NULL) || (s->session->cert == NULL))
+	if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL))
 		r=NULL;
 	else
-		r=s->session->cert->cert_chain;
+		r=s->session->sess_cert->cert_chain;
 
 	return(r);
 	}
 
 /* Now in theory, since the calling process own 't' it should be safe to
  * modify.  We need to be able to read f without being hassled */
-void SSL_copy_session_id(t,f)
-SSL *t,*f;
+void SSL_copy_session_id(SSL *t,SSL *f)
 	{
 	CERT *tmp;
 
@@ -490,30 +546,29 @@ SSL *t,*f;
 	else
 		t->cert=NULL;
 	if (tmp != NULL) ssl_cert_free(tmp);
+	SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length);
 	}
 
 /* Fix this so it checks all the valid key/cert options */
-int SSL_CTX_check_private_key(ctx)
-SSL_CTX *ctx;
+int SSL_CTX_check_private_key(SSL_CTX *ctx)
 	{
 	if (	(ctx == NULL) ||
-		(ctx->default_cert == NULL) ||
-		(ctx->default_cert->key->x509 == NULL))
+		(ctx->cert == NULL) ||
+		(ctx->cert->key->x509 == NULL))
 		{
 		SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
 		return(0);
 		}
-	if 	(ctx->default_cert->key->privatekey == NULL)
+	if 	(ctx->cert->key->privatekey == NULL)
 		{
 		SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
 		return(0);
 		}
-	return(X509_check_private_key(ctx->default_cert->key->x509, ctx->default_cert->key->privatekey));
+	return(X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey));
 	}
 
 /* Fix this function so that it takes an optional type parameter */
-int SSL_check_private_key(ssl)
-SSL *ssl;
+int SSL_check_private_key(SSL *ssl)
 	{
 	if (ssl == NULL)
 		{
@@ -521,7 +576,10 @@ SSL *ssl;
 		return(0);
 		}
 	if (ssl->cert == NULL)
-		return(SSL_CTX_check_private_key(ssl->ctx));
+		{
+                SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
+		return 0;
+		}
 	if (ssl->cert->key->x509 == NULL)
 		{
 		SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
@@ -536,29 +594,37 @@ SSL *ssl;
 		ssl->cert->key->privatekey));
 	}
 
-int SSL_accept(s)
-SSL *s;
+int SSL_accept(SSL *s)
 	{
+	if (s->handshake_func == 0)
+		/* Not properly initialized yet */
+		SSL_set_accept_state(s);
+
 	return(s->method->ssl_accept(s));
 	}
 
-int SSL_connect(s)
-SSL *s;
+int SSL_connect(SSL *s)
 	{
+	if (s->handshake_func == 0)
+		/* Not properly initialized yet */
+		SSL_set_connect_state(s);
+
 	return(s->method->ssl_connect(s));
 	}
 
-long SSL_get_default_timeout(s)
-SSL *s;
+long SSL_get_default_timeout(SSL *s)
 	{
 	return(s->method->get_timeout());
 	}
 
-int SSL_read(s,buf,num)
-SSL *s;
-char *buf;
-int num;
+int SSL_read(SSL *s,char *buf,int num)
 	{
+	if (s->handshake_func == 0)
+		{
+		SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
+		return -1;
+		}
+
 	if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
 		{
 		s->rwstate=SSL_NOTHING;
@@ -567,10 +633,7 @@ int num;
 	return(s->method->ssl_read(s,buf,num));
 	}
 
-int SSL_peek(s,buf,num)
-SSL *s;
-char *buf;
-int num;
+int SSL_peek(SSL *s,char *buf,int num)
 	{
 	if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
 		{
@@ -579,11 +642,14 @@ int num;
 	return(s->method->ssl_peek(s,buf,num));
 	}
 
-int SSL_write(s,buf,num)
-SSL *s;
-char *buf;
-int num;
+int SSL_write(SSL *s,const char *buf,int num)
 	{
+	if (s->handshake_func == 0)
+		{
+		SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED);
+		return -1;
+		}
+
 	if (s->shutdown & SSL_SENT_SHUTDOWN)
 		{
 		s->rwstate=SSL_NOTHING;
@@ -593,42 +659,113 @@ int num;
 	return(s->method->ssl_write(s,buf,num));
 	}
 
-int SSL_shutdown(s)
-SSL *s;
+int SSL_shutdown(SSL *s)
 	{
+	/* Note that this function behaves differently from what one might
+	 * expect.  Return values are 0 for no success (yet),
+	 * 1 for success; but calling it once is usually not enough,
+	 * even if blocking I/O is used (see ssl3_shutdown).
+	 */
+
+	if (s->handshake_func == 0)
+		{
+		SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
+		return -1;
+		}
+
 	if ((s != NULL) && !SSL_in_init(s))
 		return(s->method->ssl_shutdown(s));
 	else
 		return(1);
 	}
 
-int SSL_renegotiate(s)
-SSL *s;
+int SSL_renegotiate(SSL *s)
 	{
 	s->new_session=1;
 	return(s->method->ssl_renegotiate(s));
 	}
 
-long SSL_ctrl(s,cmd,larg,parg)
-SSL *s;
-int cmd;
-long larg;
-char *parg;
+long SSL_ctrl(SSL *s,int cmd,long larg,char *parg)
 	{
-	return(s->method->ssl_ctrl(s,cmd,larg,parg));
+	long l;
+
+	switch (cmd)
+		{
+	case SSL_CTRL_GET_READ_AHEAD:
+		return(s->read_ahead);
+	case SSL_CTRL_SET_READ_AHEAD:
+		l=s->read_ahead;
+		s->read_ahead=larg;
+		return(l);
+	case SSL_CTRL_OPTIONS:
+		return(s->options|=larg);
+	case SSL_CTRL_MODE:
+		return(s->mode|=larg);
+	default:
+		return(s->method->ssl_ctrl(s,cmd,larg,parg));
+		}
 	}
 
-long SSL_CTX_ctrl(ctx,cmd,larg,parg)
-SSL_CTX *ctx;
-int cmd;
-long larg;
-char *parg;
+long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,char *parg)
 	{
-	return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg));
-	}
+	long l;
 
-int ssl_cipher_id_cmp(a,b)
-SSL_CIPHER *a,*b;
+	switch (cmd)
+		{
+	case SSL_CTRL_GET_READ_AHEAD:
+		return(ctx->read_ahead);
+	case SSL_CTRL_SET_READ_AHEAD:
+		l=ctx->read_ahead;
+		ctx->read_ahead=larg;
+		return(l);
+
+	case SSL_CTRL_SET_SESS_CACHE_SIZE:
+		l=ctx->session_cache_size;
+		ctx->session_cache_size=larg;
+		return(l);
+	case SSL_CTRL_GET_SESS_CACHE_SIZE:
+		return(ctx->session_cache_size);
+	case SSL_CTRL_SET_SESS_CACHE_MODE:
+		l=ctx->session_cache_mode;
+		ctx->session_cache_mode=larg;
+		return(l);
+	case SSL_CTRL_GET_SESS_CACHE_MODE:
+		return(ctx->session_cache_mode);
+
+	case SSL_CTRL_SESS_NUMBER:
+		return(ctx->sessions->num_items);
+	case SSL_CTRL_SESS_CONNECT:
+		return(ctx->stats.sess_connect);
+	case SSL_CTRL_SESS_CONNECT_GOOD:
+		return(ctx->stats.sess_connect_good);
+	case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
+		return(ctx->stats.sess_connect_renegotiate);
+	case SSL_CTRL_SESS_ACCEPT:
+		return(ctx->stats.sess_accept);
+	case SSL_CTRL_SESS_ACCEPT_GOOD:
+		return(ctx->stats.sess_accept_good);
+	case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
+		return(ctx->stats.sess_accept_renegotiate);
+	case SSL_CTRL_SESS_HIT:
+		return(ctx->stats.sess_hit);
+	case SSL_CTRL_SESS_CB_HIT:
+		return(ctx->stats.sess_cb_hit);
+	case SSL_CTRL_SESS_MISSES:
+		return(ctx->stats.sess_miss);
+	case SSL_CTRL_SESS_TIMEOUTS:
+		return(ctx->stats.sess_timeout);
+	case SSL_CTRL_SESS_CACHE_FULL:
+		return(ctx->stats.sess_cache_full);
+	case SSL_CTRL_OPTIONS:
+		return(ctx->options|=larg);
+	case SSL_CTRL_MODE:
+		return(ctx->mode|=larg);
+	default:
+		return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg));
+		}
+	}
+
+int ssl_cipher_id_cmp(SSL_CIPHER *a,SSL_CIPHER *b)
 	{
 	long l;
 
@@ -639,8 +776,7 @@ SSL_CIPHER *a,*b;
 		return((l > 0)?1:-1);
 	}
 
-int ssl_cipher_ptr_id_cmp(ap,bp)
-SSL_CIPHER **ap,**bp;
+int ssl_cipher_ptr_id_cmp(SSL_CIPHER **ap,SSL_CIPHER **bp)
 	{
 	long l;
 
@@ -651,10 +787,9 @@ SSL_CIPHER **ap,**bp;
 		return((l > 0)?1:-1);
 	}
 
-/* return a STACK of the ciphers available for the SSL and in order of
+/** return a STACK of the ciphers available for the SSL and in order of
  * preference */
-STACK *SSL_get_ciphers(s)
-SSL *s;
+STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s)
 	{
 	if ((s != NULL) && (s->cipher_list != NULL))
 		{
@@ -668,10 +803,9 @@ SSL *s;
 	return(NULL);
 	}
 
-/* return a STACK of the ciphers available for the SSL and in order of
+/** return a STACK of the ciphers available for the SSL and in order of
  * algorithm id */
-STACK *ssl_get_ciphers_by_id(s)
-SSL *s;
+STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
 	{
 	if ((s != NULL) && (s->cipher_list_by_id != NULL))
 		{
@@ -685,29 +819,25 @@ SSL *s;
 	return(NULL);
 	}
 
-/* The old interface to get the same thing as SSL_get_ciphers() */
-char *SSL_get_cipher_list(s,n)
-SSL *s;
-int n;
+/** The old interface to get the same thing as SSL_get_ciphers() */
+const char *SSL_get_cipher_list(SSL *s,int n)
 	{
 	SSL_CIPHER *c;
-	STACK *sk;
+	STACK_OF(SSL_CIPHER) *sk;
 
 	if (s == NULL) return(NULL);
 	sk=SSL_get_ciphers(s);
-	if ((sk == NULL) || (sk_num(sk) <= n))
+	if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
 		return(NULL);
-	c=(SSL_CIPHER *)sk_value(sk,n);
+	c=sk_SSL_CIPHER_value(sk,n);
 	if (c == NULL) return(NULL);
 	return(c->name);
 	}
 
-/* specify the ciphers to be used by defaut by the SSL_CTX */
-int SSL_CTX_set_cipher_list(ctx,str)
-SSL_CTX *ctx;
-char *str;
+/** specify the ciphers to be used by defaut by the SSL_CTX */
+int SSL_CTX_set_cipher_list(SSL_CTX *ctx,char *str)
 	{
-	STACK *sk;
+	STACK_OF(SSL_CIPHER) *sk;
 	
 	sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list,
 		&ctx->cipher_list_by_id,str);
@@ -715,12 +845,10 @@ char *str;
 	return((sk == NULL)?0:1);
 	}
 
-/* specify the ciphers to be used by the SSL */
-int SSL_set_cipher_list(s, str)
-SSL *s;
-char *str;
+/** specify the ciphers to be used by the SSL */
+int SSL_set_cipher_list(SSL *s,char *str)
 	{
-	STACK *sk;
+	STACK_OF(SSL_CIPHER) *sk;
 	
 	sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list,
 		&s->cipher_list_by_id,str);
@@ -729,13 +857,11 @@ char *str;
 	}
 
 /* works well for SSLv2, not so good for SSLv3 */
-char *SSL_get_shared_ciphers(s,buf,len)
-SSL *s;
-char *buf;
-int len;
+char *SSL_get_shared_ciphers(SSL *s,char *buf,int len)
 	{
-	char *p,*cp;
-	STACK *sk;
+	char *p;
+	const char *cp;
+	STACK_OF(SSL_CIPHER) *sk;
 	SSL_CIPHER *c;
 	int i;
 
@@ -745,11 +871,11 @@ int len;
 
 	p=buf;
 	sk=s->session->ciphers;
-	for (i=0; i<sk_num(sk); i++)
+	for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
 		{
 		/* Decrement for either the ':' or a '\0' */
 		len--;
-		c=(SSL_CIPHER *)sk_value(sk,i);
+		c=sk_SSL_CIPHER_value(sk,i);
 		for (cp=c->name; *cp; )
 			{
 			if (len-- == 0)
@@ -766,10 +892,7 @@ int len;
 	return(buf);
 	}
 
-int ssl_cipher_list_to_bytes(s,sk,p)
-SSL *s;
-STACK *sk;
-unsigned char *p;
+int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p)
 	{
 	int i,j=0;
 	SSL_CIPHER *c;
@@ -778,23 +901,20 @@ unsigned char *p;
 	if (sk == NULL) return(0);
 	q=p;
 
-	for (i=0; i<sk_num(sk); i++)
+	for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
 		{
-		c=(SSL_CIPHER *)sk_value(sk,i);
+		c=sk_SSL_CIPHER_value(sk,i);
 		j=ssl_put_cipher_by_char(s,c,p);
 		p+=j;
 		}
 	return(p-q);
 	}
 
-STACK *ssl_bytes_to_cipher_list(s,p,num,skp)
-SSL *s;
-unsigned char *p;
-int num;
-STACK **skp;
+STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
+					       STACK_OF(SSL_CIPHER) **skp)
 	{
 	SSL_CIPHER *c;
-	STACK *sk;
+	STACK_OF(SSL_CIPHER) *sk;
 	int i,n;
 
 	n=ssl_put_cipher_by_char(s,NULL,NULL);
@@ -804,11 +924,11 @@ STACK **skp;
 		return(NULL);
 		}
 	if ((skp == NULL) || (*skp == NULL))
-		sk=sk_new(NULL); /* change perhaps later */
+		sk=sk_SSL_CIPHER_new(NULL); /* change perhaps later */
 	else
 		{
 		sk= *skp;
-		sk_zero(sk);
+		sk_SSL_CIPHER_zero(sk);
 		}
 
 	for (i=0; i<num; i+=n)
@@ -817,7 +937,7 @@ STACK **skp;
 		p+=n;
 		if (c != NULL)
 			{
-			if (!sk_push(sk,(char *)c))
+			if (!sk_SSL_CIPHER_push(sk,c))
 				{
 				SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
 				goto err;
@@ -830,23 +950,23 @@ STACK **skp;
 	return(sk);
 err:
 	if ((skp == NULL) || (*skp == NULL))
-		sk_free(sk);
+		sk_SSL_CIPHER_free(sk);
 	return(NULL);
 	}
 
-unsigned long SSL_SESSION_hash(a)
-SSL_SESSION *a;
+unsigned long SSL_SESSION_hash(SSL_SESSION *a)
 	{
 	unsigned long l;
 
-	l=      (a->session_id[0]     )|(a->session_id[1]<< 8L)|
-		(a->session_id[2]<<16L)|(a->session_id[3]<<24L);
+	l=(unsigned long)
+		((unsigned int) a->session_id[0]     )|
+		((unsigned int) a->session_id[1]<< 8L)|
+		((unsigned long)a->session_id[2]<<16L)|
+		((unsigned long)a->session_id[3]<<24L);
 	return(l);
 	}
 
-int SSL_SESSION_cmp(a, b)
-SSL_SESSION *a;
-SSL_SESSION *b;
+int SSL_SESSION_cmp(SSL_SESSION *a,SSL_SESSION *b)
 	{
 	if (a->ssl_version != b->ssl_version)
 		return(1);
@@ -855,16 +975,21 @@ SSL_SESSION *b;
 	return(memcmp(a->session_id,b->session_id,a->session_id_length));
 	}
 
-SSL_CTX *SSL_CTX_new(meth)
-SSL_METHOD *meth;
+SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
 	{
-	SSL_CTX *ret;
+	SSL_CTX *ret=NULL;
 	
 	if (meth == NULL)
 		{
 		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED);
 		return(NULL);
 		}
+
+	if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
+		{
+		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
+		goto err;
+		}
 	ret=(SSL_CTX *)Malloc(sizeof(SSL_CTX));
 	if (ret == NULL)
 		goto err;
@@ -886,17 +1011,7 @@ SSL_METHOD *meth;
 	ret->remove_session_cb=NULL;
 	ret->get_session_cb=NULL;
 
-	ret->sess_connect=0;
-	ret->sess_connect_good=0;
-	ret->sess_accept=0;
-	ret->sess_accept_renegotiate=0;
-	ret->sess_connect_renegotiate=0;
-	ret->sess_accept_good=0;
-	ret->sess_miss=0;
-	ret->sess_timeout=0;
-	ret->sess_cache_full=0;
-	ret->sess_hit=0;
-	ret->sess_cb_hit=0;
+	memset((char *)&ret->stats,0,sizeof(ret->stats));
 
 	ret->references=1;
 	ret->quiet_shutdown=0;
@@ -912,13 +1027,15 @@ SSL_METHOD *meth;
 	ret->app_verify_callback=NULL;
 	ret->app_verify_arg=NULL;
 
-	ret->default_read_ahead=0;
-	ret->default_verify_mode=SSL_VERIFY_NONE;
+	ret->read_ahead=0;
+	ret->verify_mode=SSL_VERIFY_NONE;
+	ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */
 	ret->default_verify_callback=NULL;
-	if ((ret->default_cert=ssl_cert_new()) == NULL)
+	if ((ret->cert=ssl_cert_new()) == NULL)
 		goto err;
 
 	ret->default_passwd_callback=NULL;
+	ret->default_passwd_callback_userdata=NULL;
 	ret->client_cert_cb=NULL;
 
 	ret->sessions=lh_new(SSL_SESSION_hash,SSL_SESSION_cmp);
@@ -929,7 +1046,8 @@ SSL_METHOD *meth;
 	ssl_create_cipher_list(ret->method,
 		&ret->cipher_list,&ret->cipher_list_by_id,
 		SSL_DEFAULT_CIPHER_LIST);
-	if ((ret->cipher_list == NULL) || (sk_num(ret->cipher_list) <= 0))
+	if (ret->cipher_list == NULL
+	    || sk_SSL_CIPHER_num(ret->cipher_list) <= 0)
 		{
 		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS);
 		goto err2;
@@ -951,11 +1069,14 @@ SSL_METHOD *meth;
 		goto err2;
 		}
 
-	if ((ret->client_CA=sk_new_null()) == NULL)
+	if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL)
 		goto err;
 
 	CRYPTO_new_ex_data(ssl_ctx_meth,(char *)ret,&ret->ex_data);
 
+	ret->extra_certs=NULL;
+	ret->comp_methods=SSL_COMP_get_compression_methods();
+
 	return(ret);
 err:
 	SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
@@ -964,8 +1085,10 @@ err2:
 	return(NULL);
 	}
 
-void SSL_CTX_free(a)
-SSL_CTX *a;
+static void SSL_COMP_free(SSL_COMP *comp)
+    { Free(comp); }
+
+void SSL_CTX_free(SSL_CTX *a)
 	{
 	int i;
 
@@ -993,96 +1116,108 @@ SSL_CTX *a;
 	if (a->cert_store != NULL)
 		X509_STORE_free(a->cert_store);
 	if (a->cipher_list != NULL)
-		sk_free(a->cipher_list);
+		sk_SSL_CIPHER_free(a->cipher_list);
 	if (a->cipher_list_by_id != NULL)
-		sk_free(a->cipher_list_by_id);
-	if (a->default_cert != NULL)
-		ssl_cert_free(a->default_cert);
+		sk_SSL_CIPHER_free(a->cipher_list_by_id);
+	if (a->cert != NULL)
+		ssl_cert_free(a->cert);
 	if (a->client_CA != NULL)
-		sk_pop_free(a->client_CA,X509_NAME_free);
+		sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free);
+	if (a->extra_certs != NULL)
+		sk_X509_pop_free(a->extra_certs,X509_free);
+	if (a->comp_methods != NULL)
+		sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free);
 	Free((char *)a);
 	}
 
-void SSL_CTX_set_default_passwd_cb(ctx,cb)
-SSL_CTX *ctx;
-int (*cb)();
+void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
 	{
 	ctx->default_passwd_callback=cb;
 	}
 
-void SSL_CTX_set_cert_verify_cb(ctx,cb,arg)
-SSL_CTX *ctx;
-int (*cb)();
-char *arg;
+void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u)
 	{
+	ctx->default_passwd_callback_userdata=u;
+	}
+
+void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,int (*cb)(),char *arg)
+	{
+	/* now
+	 *     int (*cb)(X509_STORE_CTX *),
+	 * but should be
+	 *     int (*cb)(X509_STORE_CTX *, void *arg)
+	 */
 	ctx->app_verify_callback=cb;
-	ctx->app_verify_arg=arg;
+	ctx->app_verify_arg=arg; /* never used */
 	}
 
-void SSL_CTX_set_verify(ctx,mode,cb)
-SSL_CTX *ctx;
-int mode;
-int (*cb)();
+void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *))
 	{
-	ctx->default_verify_mode=mode;
+	ctx->verify_mode=mode;
 	ctx->default_verify_callback=cb;
 	/* This needs cleaning up EAY EAY EAY */
 	X509_STORE_set_verify_cb_func(ctx->cert_store,cb);
 	}
 
-void ssl_set_cert_masks(c)
-CERT *c;
+void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
+	{
+	ctx->verify_depth=depth;
+	}
+
+void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
 	{
 	CERT_PKEY *cpk;
 	int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign;
 	int rsa_enc_export,dh_rsa_export,dh_dsa_export;
-	int rsa_tmp_export,dh_tmp_export;
+	int rsa_tmp_export,dh_tmp_export,kl;
 	unsigned long mask,emask;
 
-	if ((c == NULL) || (c->valid)) return;
+	if (c == NULL) return;
+
+	kl=SSL_C_EXPORT_PKEYLENGTH(cipher);
 
 #ifndef NO_RSA
-	rsa_tmp=((c->rsa_tmp != NULL) || (c->rsa_tmp_cb != NULL))?1:0;
-	rsa_tmp_export=((c->rsa_tmp_cb != NULL) ||
-		(rsa_tmp && (RSA_size(c->rsa_tmp)*8 <= 512)))?1:0;
+	rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
+	rsa_tmp_export=(c->rsa_tmp_cb != NULL ||
+		(rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl));
 #else
 	rsa_tmp=rsa_tmp_export=0;
 #endif
 #ifndef NO_DH
-	dh_tmp=((c->dh_tmp != NULL) || (c->dh_tmp_cb != NULL))?1:0;
-	dh_tmp_export=((c->dh_tmp_cb != NULL) ||
-		(dh_tmp && (DH_size(c->dh_tmp)*8 <= 512)))?1:0;
+	dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
+	dh_tmp_export=(c->dh_tmp_cb != NULL ||
+		(dh_tmp && DH_size(c->dh_tmp)*8 <= kl));
 #else
 	dh_tmp=dh_tmp_export=0;
 #endif
 
 	cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]);
-	rsa_enc= ((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0;
-	rsa_enc_export=(rsa_enc && (EVP_PKEY_size(cpk->privatekey)*8 <= 512))?1:0;
+	rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL);
+	rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
 	cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]);
-	rsa_sign=((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0;
+	rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
 	cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]);
-	dsa_sign=((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0;
+	dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
 	cpk= &(c->pkeys[SSL_PKEY_DH_RSA]);
-	dh_rsa=  ((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0;
-	dh_rsa_export=(dh_rsa && (EVP_PKEY_size(cpk->privatekey)*8 <= 512))?1:0;
+	dh_rsa=  (cpk->x509 != NULL && cpk->privatekey != NULL);
+	dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
 	cpk= &(c->pkeys[SSL_PKEY_DH_DSA]);
 /* FIX THIS EAY EAY EAY */
-	dh_dsa=  ((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0;
-	dh_dsa_export=(dh_dsa && (EVP_PKEY_size(cpk->privatekey)*8 <= 512))?1:0;
+	dh_dsa=  (cpk->x509 != NULL && cpk->privatekey != NULL);
+	dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
 
 	mask=0;
 	emask=0;
 
 #ifdef CIPHER_DEBUG
-	printf("rt=%d dht=%d re=%d rs=%d ds=%d dhr=%d dhd=%d\n",
-		rsa_tmp,dh_tmp,
-		rsa_enc,rsa_sign,dsa_sign,dh_rsa,dh_dsa);
+	printf("rt=%d rte=%d dht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
+		rsa_tmp,rsa_tmp_export,dh_tmp,
+		rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa);
 #endif
 
 	if (rsa_enc || (rsa_tmp && rsa_sign))
 		mask|=SSL_kRSA;
-	if (rsa_enc_export || (rsa_tmp_export && rsa_sign))
+	if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc)))
 		emask|=SSL_kRSA;
 
 #if 0
@@ -1130,18 +1265,17 @@ CERT *c;
 	}
 
 /* THIS NEEDS CLEANING UP */
-X509 *ssl_get_server_send_cert(s)
-SSL *s;
+X509 *ssl_get_server_send_cert(SSL *s)
 	{
 	unsigned long alg,mask,kalg;
 	CERT *c;
-	int i,export;
+	int i,is_export;
 
 	c=s->cert;
-	ssl_set_cert_masks(c);
+	ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
 	alg=s->s3->tmp.new_cipher->algorithms;
-	export=(alg & SSL_EXPORT)?1:0;
-	mask=(export)?c->export_mask:c->mask;
+	is_export=SSL_IS_EXPORT(alg);
+	mask=is_export?c->export_mask:c->mask;
 	kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK);
 
 	if 	(kalg & SSL_kDHr)
@@ -1166,9 +1300,7 @@ SSL *s;
 	return(c->pkeys[i].x509);
 	}
 
-EVP_PKEY *ssl_get_sign_pkey(s,cipher)
-SSL *s;
-SSL_CIPHER *cipher;
+EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher)
 	{
 	unsigned long alg;
 	CERT *c;
@@ -1195,9 +1327,7 @@ SSL_CIPHER *cipher;
 		}
 	}
 
-void ssl_update_cache(s,mode)
-SSL *s;
-int mode;
+void ssl_update_cache(SSL *s,int mode)
 	{
 	int i;
 
@@ -1221,23 +1351,20 @@ int mode;
 		((i & mode) == mode))
 		{
 		if (  (((mode & SSL_SESS_CACHE_CLIENT)
-			?s->ctx->sess_connect_good
-			:s->ctx->sess_accept_good) & 0xff) == 0xff)
+			?s->ctx->stats.sess_connect_good
+			:s->ctx->stats.sess_accept_good) & 0xff) == 0xff)
 			{
 			SSL_CTX_flush_sessions(s->ctx,time(NULL));
 			}
 		}
 	}
 
-SSL_METHOD *SSL_get_ssl_method(s)
-SSL *s;
+SSL_METHOD *SSL_get_ssl_method(SSL *s)
 	{
 	return(s->method);
 	}
 
-int SSL_set_ssl_method(s,meth)
-SSL *s;
-SSL_METHOD *meth;
+int SSL_set_ssl_method(SSL *s,SSL_METHOD *meth)
 	{
 	int conn= -1;
 	int ret=1;
@@ -1264,17 +1391,23 @@ SSL_METHOD *meth;
 	return(ret);
 	}
 
-int SSL_get_error(s,i)
-SSL *s;
-int i;
+int SSL_get_error(SSL *s,int i)
 	{
 	int reason;
+	unsigned long l;
 	BIO *bio;
 
 	if (i > 0) return(SSL_ERROR_NONE);
 
-	if (ERR_peek_error() != 0)
-		return(SSL_ERROR_SSL);
+	/* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake
+	 * etc, where we do encode the error */
+	if ((l=ERR_peek_error()) != 0)
+		{
+		if (ERR_GET_LIB(l) == ERR_LIB_SYS)
+			return(SSL_ERROR_SYSCALL);
+		else
+			return(SSL_ERROR_SSL);
+		}
 
 	if ((i < 0) && SSL_want_read(s))
 		{
@@ -1282,6 +1415,15 @@ int i;
 		if (BIO_should_read(bio))
 			return(SSL_ERROR_WANT_READ);
 		else if (BIO_should_write(bio))
+			/* This one doesn't make too much sense ... We never try
+			 * to write to the rbio, and an application program where
+			 * rbio and wbio are separate couldn't even know what it
+			 * should wait for.
+			 * However if we ever set s->rwstate incorrectly
+			 * (so that we have SSL_want_read(s) instead of
+			 * SSL_want_write(s)) and rbio and wbio *are* the same,
+			 * this test works around that bug; so it might be safer
+			 * to keep it. */
 			return(SSL_ERROR_WANT_WRITE);
 		else if (BIO_should_io_special(bio))
 			{
@@ -1299,6 +1441,7 @@ int i;
 		if (BIO_should_write(bio))
 			return(SSL_ERROR_WANT_WRITE);
 		else if (BIO_should_read(bio))
+			/* See above (SSL_want_read(s) with BIO_should_write(bio)) */
 			return(SSL_ERROR_WANT_READ);
 		else if (BIO_should_io_special(bio))
 			{
@@ -1331,8 +1474,7 @@ int i;
 	return(SSL_ERROR_SYSCALL);
 	}
 
-int SSL_do_handshake(s)
-SSL *s;
+int SSL_do_handshake(SSL *s)
 	{
 	int ret=1;
 
@@ -1341,7 +1483,9 @@ SSL *s;
 		SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET);
 		return(-1);
 		}
-	if (s->s3->renegotiate) ssl3_renegotiate_check(s);
+
+	s->method->ssl_renegotiate_check(s);
+
 	if (SSL_in_init(s) || SSL_in_before(s))
 		{
 		ret=s->handshake_func(s);
@@ -1351,9 +1495,9 @@ SSL *s;
 
 /* For the next 2 functions, SSL_clear() sets shutdown and so
  * one of these calls will reset it */
-void SSL_set_accept_state(s)
-SSL *s;
+void SSL_set_accept_state(SSL *s)
 	{
+	s->server=1;
 	s->shutdown=0;
 	s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE;
 	s->handshake_func=s->method->ssl_accept;
@@ -1361,9 +1505,9 @@ SSL *s;
 	ssl_clear_cipher_ctx(s);
 	}
 
-void SSL_set_connect_state(s)
-SSL *s;
+void SSL_set_connect_state(SSL *s)
 	{
+	s->server=0;
 	s->shutdown=0;
 	s->state=SSL_ST_CONNECT|SSL_ST_BEFORE;
 	s->handshake_func=s->method->ssl_connect;
@@ -1371,22 +1515,19 @@ SSL *s;
 	ssl_clear_cipher_ctx(s);
 	}
 
-int ssl_undefined_function(s)
-SSL *s;
+int ssl_undefined_function(SSL *s)
 	{
 	SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
 	return(0);
 	}
 
-SSL_METHOD *ssl_bad_method(ver)
-int ver;
+SSL_METHOD *ssl_bad_method(int ver)
 	{
 	SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
 	return(NULL);
 	}
 
-char *SSL_get_version(s)
-SSL *s;
+char *SSL_get_version(SSL *s)
 	{
 	if (s->version == TLS1_VERSION)
 		return("TLSv1");
@@ -1398,22 +1539,46 @@ SSL *s;
 		return("unknown");
 	}
 
-SSL *SSL_dup(s)
-SSL *s;
-        {
-	STACK *sk;
+SSL *SSL_dup(SSL *s)
+	{
+	STACK_OF(X509_NAME) *sk;
 	X509_NAME *xn;
-        SSL *ret;
+	SSL *ret;
 	int i;
 		 
-	if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL) return(NULL);
+	if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL)
+	    return(NULL);
 			  
-	/* This copies version, session-id, SSL_METHOD and 'cert' */
-	SSL_copy_session_id(ret,s);
+	if (s->session != NULL)
+		{
+		/* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
+		SSL_copy_session_id(ret,s);
+		}
+	else
+		{
+		/* No session has been established yet, so we have to expect
+		 * that s->cert or ret->cert will be changed later --
+		 * they should not both point to the same object,
+		 * and thus we can't use SSL_copy_session_id. */
+
+		ret->method = s->method;
+		ret->method->ssl_new(ret);
+
+		if (s->cert != NULL)
+			{
+			ret->cert = ssl_cert_dup(s->cert);
+			if (ret->cert == NULL)
+				goto err;
+			}
+				
+		SSL_set_session_id_context(ret,
+			s->sid_ctx, s->sid_ctx_length);
+		}
 
 	SSL_set_read_ahead(ret,SSL_get_read_ahead(s));
 	SSL_set_verify(ret,SSL_get_verify_mode(s),
 		SSL_get_verify_callback(s));
+	SSL_set_verify_depth(ret,SSL_get_verify_depth(s));
 
 	SSL_set_info_callback(ret,SSL_get_info_callback(s));
 	
@@ -1444,23 +1609,23 @@ SSL *s;
 	/* dup the cipher_list and cipher_list_by_id stacks */
 	if (s->cipher_list != NULL)
 		{
-		if ((ret->cipher_list=sk_dup(s->cipher_list)) == NULL)
+		if ((ret->cipher_list=sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
 			goto err;
 		}
 	if (s->cipher_list_by_id != NULL)
-		if ((ret->cipher_list_by_id=sk_dup(s->cipher_list_by_id))
+		if ((ret->cipher_list_by_id=sk_SSL_CIPHER_dup(s->cipher_list_by_id))
 			== NULL)
 			goto err;
 
 	/* Dup the client_CA list */
 	if (s->client_CA != NULL)
 		{
-		if ((sk=sk_dup(s->client_CA)) == NULL) goto err;
+		if ((sk=sk_X509_NAME_dup(s->client_CA)) == NULL) goto err;
 		ret->client_CA=sk;
-		for (i=0; i<sk_num(sk); i++)
+		for (i=0; i<sk_X509_NAME_num(sk); i++)
 			{
-			xn=(X509_NAME *)sk_value(sk,i);
-			if ((sk_value(sk,i)=(char *)X509_NAME_dup(xn)) == NULL)
+			xn=sk_X509_NAME_value(sk,i);
+			if (sk_X509_NAME_set(sk,i,X509_NAME_dup(xn)) == NULL)
 				{
 				X509_NAME_free(xn);
 				goto err;
@@ -1471,6 +1636,7 @@ SSL *s;
 	ret->shutdown=s->shutdown;
 	ret->state=s->state;
 	ret->handshake_func=s->handshake_func;
+	ret->server=s->server;
 
 	if (0)
 		{
@@ -1481,26 +1647,34 @@ err:
 	return(ret);
 	}
 
-void ssl_clear_cipher_ctx(s)
-SSL *s;
+void ssl_clear_cipher_ctx(SSL *s)
 	{
-        if (s->enc_read_ctx != NULL)
-                {
-                EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
-                Free(s->enc_read_ctx);
-                s->enc_read_ctx=NULL;
-                }
-        if (s->enc_write_ctx != NULL)
-                {
-                EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
-                Free(s->enc_write_ctx);
-                s->enc_write_ctx=NULL;
-                }
+	if (s->enc_read_ctx != NULL)
+		{
+		EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
+		Free(s->enc_read_ctx);
+		s->enc_read_ctx=NULL;
+		}
+	if (s->enc_write_ctx != NULL)
+		{
+		EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
+		Free(s->enc_write_ctx);
+		s->enc_write_ctx=NULL;
+		}
+	if (s->expand != NULL)
+		{
+		COMP_CTX_free(s->expand);
+		s->expand=NULL;
+		}
+	if (s->compress != NULL)
+		{
+		COMP_CTX_free(s->compress);
+		s->compress=NULL;
+		}
 	}
 
 /* Fix this function so that it takes an optional type parameter */
-X509 *SSL_get_certificate(s)
-SSL *s;
+X509 *SSL_get_certificate(SSL *s)
 	{
 	if (s->cert != NULL)
 		return(s->cert->key->x509);
@@ -1509,8 +1683,7 @@ SSL *s;
 	}
 
 /* Fix this function so that it takes an optional type parameter */
-EVP_PKEY *SSL_get_privatekey(s)
-SSL *s;
+EVP_PKEY *SSL_get_privatekey(SSL *s)
 	{
 	if (s->cert != NULL)
 		return(s->cert->key->privatekey);
@@ -1518,17 +1691,14 @@ SSL *s;
 		return(NULL);
 	}
 
-SSL_CIPHER *SSL_get_current_cipher(s)
-SSL *s;
+SSL_CIPHER *SSL_get_current_cipher(SSL *s)
 	{
-        if ((s->session != NULL) && (s->session->cipher != NULL))
-                return(s->session->cipher);
-        return(NULL);
+	if ((s->session != NULL) && (s->session->cipher != NULL))
+		return(s->session->cipher);
+	return(NULL);
 	}
 
-int ssl_init_wbio_buffer(s,push)
-SSL *s;
-int push;
+int ssl_init_wbio_buffer(SSL *s,int push)
 	{
 	BIO *bbio;
 
@@ -1544,7 +1714,7 @@ int push;
 		if (s->bbio == s->wbio)
 			s->wbio=BIO_pop(s->wbio);
 		}
-	BIO_reset(bbio);
+	(void)BIO_reset(bbio);
 /*	if (!BIO_set_write_buffer_size(bbio,16*1024)) */
 	if (!BIO_set_read_buffer_size(bbio,1))
 		{
@@ -1563,159 +1733,215 @@ int push;
 		}
 	return(1);
 	}
+
+void ssl_free_wbio_buffer(SSL *s)
+	{
+	BIO *under;
+
+	if (s->bbio == NULL) return;
+
+	if (s->bbio == s->wbio)
+		{
+		/* remove buffering */
+		under=BIO_pop(s->wbio);
+		if (under != NULL)
+			s->wbio=under;
+		else
+			abort(); /* ok */
+		}
+	BIO_free(s->bbio);
+	s->bbio=NULL;
+	}
 	
-void SSL_CTX_set_quiet_shutdown(ctx,mode)
-SSL_CTX *ctx;
-int mode;
+void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode)
 	{
 	ctx->quiet_shutdown=mode;
 	}
 
-int SSL_CTX_get_quiet_shutdown(ctx)
-SSL_CTX *ctx;
+int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx)
 	{
 	return(ctx->quiet_shutdown);
 	}
 
-void SSL_set_quiet_shutdown(s,mode)
-SSL *s;
-int mode;
+void SSL_set_quiet_shutdown(SSL *s,int mode)
 	{
 	s->quiet_shutdown=mode;
 	}
 
-int SSL_get_quiet_shutdown(s)
-SSL *s;
+int SSL_get_quiet_shutdown(SSL *s)
 	{
 	return(s->quiet_shutdown);
 	}
 
-void SSL_set_shutdown(s,mode)
-SSL *s;
-int mode;
+void SSL_set_shutdown(SSL *s,int mode)
 	{
 	s->shutdown=mode;
 	}
 
-int SSL_get_shutdown(s)
-SSL *s;
+int SSL_get_shutdown(SSL *s)
 	{
 	return(s->shutdown);
 	}
 
-int SSL_version(s)
-SSL *s;
+int SSL_version(SSL *s)
 	{
 	return(s->version);
 	}
 
-SSL_CTX *SSL_get_SSL_CTX(ssl)
-SSL *ssl;
+SSL_CTX *SSL_get_SSL_CTX(SSL *ssl)
 	{
 	return(ssl->ctx);
 	}
 
-int SSL_CTX_set_default_verify_paths(ctx)
-SSL_CTX *ctx;
+#ifndef NO_STDIO
+int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
 	{
 	return(X509_STORE_set_default_paths(ctx->cert_store));
 	}
 
-int SSL_CTX_load_verify_locations(ctx,CAfile,CApath)
-SSL_CTX *ctx;
-char *CAfile;
-char *CApath;
+int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
+		const char *CApath)
 	{
 	return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath));
 	}
+#endif
 
-void SSL_set_info_callback(ssl,cb)
-SSL *ssl;
-void (*cb)();
+void SSL_set_info_callback(SSL *ssl,void (*cb)())
 	{
 	ssl->info_callback=cb;
 	}
 
-void (*SSL_get_info_callback(ssl))()
-SSL *ssl;
+void (*SSL_get_info_callback(SSL *ssl))(void)
 	{
-	return(ssl->info_callback);
+	return((void (*)())ssl->info_callback);
 	}
 
-int SSL_state(ssl)
-SSL *ssl;
+int SSL_state(SSL *ssl)
 	{
 	return(ssl->state);
 	}
 
-void SSL_set_verify_result(ssl,arg)
-SSL *ssl;
-long arg;
+void SSL_set_verify_result(SSL *ssl,long arg)
 	{
 	ssl->verify_result=arg;
 	}
 
-long SSL_get_verify_result(ssl)
-SSL *ssl;
+long SSL_get_verify_result(SSL *ssl)
 	{
 	return(ssl->verify_result);
 	}
 
-int SSL_get_ex_new_index(argl,argp,new_func,dup_func,free_func)
-long argl;
-char *argp;
-int (*new_func)();
-int (*dup_func)();
-void (*free_func)();
-        {
+int SSL_get_ex_new_index(long argl,char *argp,int (*new_func)(),
+			 int (*dup_func)(),void (*free_func)())
+	{
 	ssl_meth_num++;
 	return(CRYPTO_get_ex_new_index(ssl_meth_num-1,
 		&ssl_meth,argl,argp,new_func,dup_func,free_func));
-        }
+	}
 
-int SSL_set_ex_data(s,idx,arg)
-SSL *s;
-int idx;
-char *arg;
+int SSL_set_ex_data(SSL *s,int idx,void *arg)
 	{
 	return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
 	}
 
-char *SSL_get_ex_data(s,idx)
-SSL *s;
-int idx;
+void *SSL_get_ex_data(SSL *s,int idx)
 	{
 	return(CRYPTO_get_ex_data(&s->ex_data,idx));
 	}
 
-int SSL_CTX_get_ex_new_index(argl,argp,new_func,dup_func,free_func)
-long argl;
-char *argp;
-int (*new_func)();
-int (*dup_func)();
-void (*free_func)();
-        {
+int SSL_CTX_get_ex_new_index(long argl,char *argp,int (*new_func)(),
+			     int (*dup_func)(),void (*free_func)())
+	{
 	ssl_ctx_meth_num++;
 	return(CRYPTO_get_ex_new_index(ssl_ctx_meth_num-1,
 		&ssl_ctx_meth,argl,argp,new_func,dup_func,free_func));
-        }
+	}
 
-int SSL_CTX_set_ex_data(s,idx,arg)
-SSL_CTX *s;
-int idx;
-char *arg;
+int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg)
 	{
 	return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
 	}
 
-char *SSL_CTX_get_ex_data(s,idx)
-SSL_CTX *s;
-int idx;
+void *SSL_CTX_get_ex_data(SSL_CTX *s,int idx)
 	{
 	return(CRYPTO_get_ex_data(&s->ex_data,idx));
 	}
 
+int ssl_ok(SSL *s)
+	{
+	return(1);
+	}
+
+X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx)
+	{
+	return(ctx->cert_store);
+	}
+
+void SSL_CTX_set_cert_store(SSL_CTX *ctx,X509_STORE *store)
+	{
+	if (ctx->cert_store != NULL)
+		X509_STORE_free(ctx->cert_store);
+	ctx->cert_store=store;
+	}
+
+int SSL_want(SSL *s)
+	{
+	return(s->rwstate);
+	}
+
+/*!
+ * \brief Set the callback for generating temporary RSA keys.
+ * \param ctx the SSL context.
+ * \param cb the callback
+ */
+
+#ifndef NO_RSA
+void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,
+							  int is_export,
+							  int keylength))
+    { SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,0,(char *)cb); }
+#endif
+
+#ifndef NO_RSA
+void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl,int is_export,
+							  int keylength))
+    { SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,0,(char *)cb); }
+#endif
+
+#ifdef DOXYGEN
+/*!
+ * \brief The RSA temporary key callback function.
+ * \param ssl the SSL session.
+ * \param is_export \c TRUE if the temp RSA key is for an export ciphersuite.
+ * \param keylength if \c is_export is \c TRUE, then \c keylength is the size
+ * of the required key in bits.
+ * \return the temporary RSA key.
+ * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback
+ */
+
+RSA *cb(SSL *ssl,int is_export,int keylength)
+    {}
+#endif
+
+/*!
+ * \brief Set the callback for generating temporary DH keys.
+ * \param ctx the SSL context.
+ * \param dh the callback
+ */
+
+#ifndef NO_DH
+void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export,
+							int keylength))
+    { SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,0,(char *)dh); }
+
+void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export,
+							int keylength))
+    { SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,0,(char *)dh); }
+#endif
+
 #if defined(_WINDLL) && defined(WIN16)
 #include "../crypto/bio/bss_file.c"
 #endif
 
+IMPLEMENT_STACK_OF(SSL_CIPHER)
+IMPLEMENT_STACK_OF(SSL_COMP)
diff --git a/lib/libssl/src/ssl/ssl_locl.h b/lib/libssl/src/ssl/ssl_locl.h
index b29517081bc..0bfd57db326 100644
--- a/lib/libssl/src/ssl/ssl_locl.h
+++ b/lib/libssl/src/ssl/ssl_locl.h
@@ -63,17 +63,19 @@
 #include <string.h>
 #include <errno.h>
 
-#include "e_os.h"
+#include "openssl/e_os.h"
 
-#include "buffer.h"
-#include "bio.h"
-#include "crypto.h"
-#include "evp.h"
-#include "stack.h"
-#include "x509.h"
-#include "err.h"
-#include "ssl.h"
+#include <openssl/buffer.h>
+#include <openssl/comp.h>
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
+#include <openssl/evp.h>
+#include <openssl/stack.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
 
+#define PKCS1_CHECK
 
 #define c2l(c,l)	(l = ((unsigned long)(*((c)++)))     , \
 			 l|=(((unsigned long)(*((c)++)))<< 8), \
@@ -126,18 +128,18 @@
 				} \
 			}
 
-#define n2s(c,s)	(s =((unsigned int)(*((c)++)))<< 8, \
-			 s|=((unsigned int)(*((c)++))))
-#define s2n(s,c)	(*((c)++)=(unsigned char)(((s)>> 8)&0xff), \
-			 *((c)++)=(unsigned char)(((s)    )&0xff))
+#define n2s(c,s)	((s=(((unsigned int)(c[0]))<< 8)| \
+			    (((unsigned int)(c[1]))    )),c+=2)
+#define s2n(s,c)	((c[0]=(unsigned char)(((s)>> 8)&0xff), \
+			  c[1]=(unsigned char)(((s)    )&0xff)),c+=2)
 
-#define n2l3(c,l)	(l =((unsigned long)(*((c)++)))<<16, \
-			 l|=((unsigned long)(*((c)++)))<< 8, \
-			 l|=((unsigned long)(*((c)++))))
+#define n2l3(c,l)	((l =(((unsigned long)(c[0]))<<16)| \
+			     (((unsigned long)(c[1]))<< 8)| \
+			     (((unsigned long)(c[2]))    )),c+=3)
 
-#define l2n3(l,c)	(*((c)++)=(unsigned char)(((l)>>16)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
-			 *((c)++)=(unsigned char)(((l)    )&0xff))
+#define l2n3(l,c)	((c[0]=(unsigned char)(((l)>>16)&0xff), \
+			  c[1]=(unsigned char)(((l)>> 8)&0xff), \
+			  c[2]=(unsigned char)(((l)    )&0xff)),c+=3)
 
 /* LOCAL STUFF */
 
@@ -190,13 +192,25 @@
 #define SSL_SHA			(SSL_SHA1)
 
 #define SSL_EXP_MASK		0x00300000L
-#define SSL_EXP			0x00100000L
+#define SSL_EXP40		0x00100000L
 #define SSL_NOT_EXP		0x00200000L
-#define SSL_EXPORT		SSL_EXP
+#define SSL_EXP56		0x00300000L
+#define SSL_IS_EXPORT(a)	((a)&SSL_EXP40)
+#define SSL_IS_EXPORT56(a)	(((a)&SSL_EXP_MASK) == SSL_EXP56)
+#define SSL_IS_EXPORT40(a)	(((a)&SSL_EXP_MASK) == SSL_EXP40)
+#define SSL_C_IS_EXPORT(c)	SSL_IS_EXPORT((c)->algorithms)
+#define SSL_C_IS_EXPORT56(c)	SSL_IS_EXPORT56((c)->algorithms)
+#define SSL_C_IS_EXPORT40(c)	SSL_IS_EXPORT40((c)->algorithms)
+#define SSL_EXPORT_KEYLENGTH(a)	(SSL_IS_EXPORT40(a) ? 5 : \
+				 ((a)&SSL_ENC_MASK) == SSL_DES ? 8 : 7)
+#define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
+#define SSL_C_EXPORT_KEYLENGTH(c)	SSL_EXPORT_KEYLENGTH((c)->algorithms)
+#define SSL_C_EXPORT_PKEYLENGTH(c)	SSL_EXPORT_PKEYLENGTH((c)->algorithms)
 
 #define SSL_SSL_MASK		0x00c00000L
 #define SSL_SSLV2		0x00400000L
 #define SSL_SSLV3		0x00800000L
+#define SSL_TLSV1		SSL_SSLV3	/* for now */
 
 #define SSL_STRONG_MASK		0x07000000L
 #define SSL_LOW			0x01000000L
@@ -233,44 +247,59 @@
 typedef struct cert_pkey_st
 	{
 	X509 *x509;
-/*	EVP_PKEY *publickey; *//* when extracted */
 	EVP_PKEY *privatekey;
 	} CERT_PKEY;
 
 typedef struct cert_st
 	{
-	int cert_type;
-
-#ifdef undef
-	X509 *x509;
-	EVP_PKEY *publickey; /* when extracted */
-	EVP_PKEY *privatekey;
-
-	pkeys[SSL_PKEY_RSA_ENC].x509
-/*	pkeys[SSL_PKEY_RSA_ENC].publickey */
-	pkeys[SSL_PKEY_RSA_ENC].privatekey
-#endif
-
 	/* Current active set */
-	CERT_PKEY *key;
+	CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array
+					 * Probably it would make more sense to store
+					 * an index, not a pointer. */
 
 	/* The following masks are for the key and auth
 	 * algorithms that are supported by the certs below */
 	int valid;
 	unsigned long mask;
 	unsigned long export_mask;
-
+#ifndef NO_RSA
 	RSA *rsa_tmp;
+	RSA *(*rsa_tmp_cb)(SSL *ssl,int is_export,int keysize);
+#endif
+#ifndef NO_DH
 	DH *dh_tmp;
-	RSA *(*rsa_tmp_cb)();
-	DH *(*dh_tmp_cb)();
-	CERT_PKEY pkeys[SSL_PKEY_NUM];
+	DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize);
+#endif
 
-	STACK *cert_chain;
+	CERT_PKEY pkeys[SSL_PKEY_NUM];
 
-	int references;
+	int references; /* >1 only if SSL_copy_session_id is used */
 	} CERT;
 
+
+typedef struct sess_cert_st
+	{
+	STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */
+
+	/* The 'peer_...' members are used only by clients. */
+	int peer_cert_type;
+
+	CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */
+	CERT_PKEY peer_pkeys[SSL_PKEY_NUM];
+	/* Obviously we don't have the private keys of these,
+	 * so maybe we shouldn't even use the CERT_PKEY type here. */
+
+#ifndef NO_RSA
+	RSA *peer_rsa_tmp; /* not used for SSL 2 */
+#endif
+#ifndef NO_DH
+	DH *peer_dh_tmp; /* not used for SSL 2 */
+#endif
+
+	int references; /* actually always 1 at the moment */
+	} SESS_CERT;
+
+
 /*#define MAC_DEBUG	*/
 
 /*#define ERR_DEBUG	*/
@@ -282,12 +311,7 @@ typedef struct cert_st
 /*#define RSA_DEBUG	*/ 
 /*#define IDEA_DEBUG	*/ 
 
-#ifndef NOPROTO
 #define FP_ICC  (int (*)(const void *,const void *))
-#else
-#define FP_ICC
-#endif
-
 #define ssl_put_cipher_by_char(ssl,ciph,ptr) \
 		((ssl)->method->put_cipher_by_char((ciph),(ptr)))
 #define ssl_get_cipher_by_char(ssl,ptr) \
@@ -313,11 +337,23 @@ typedef struct ssl3_enc_method
 	int (*alert_value)();
 	} SSL3_ENC_METHOD;
 
-extern SSL3_ENC_METHOD ssl3_undef_enc_method;
-extern SSL_CIPHER ssl2_ciphers[];
-extern SSL_CIPHER ssl3_ciphers[];
+/* Used for holding the relevant compression methods loaded into SSL_CTX */
+typedef struct ssl3_comp_st
+	{
+	int comp_id;	/* The identifer byte for this compression type */
+	char *name;	/* Text name used for the compression type */
+	COMP_METHOD *method; /* The method :-) */
+	} SSL3_COMP;
+
+OPENSSL_EXTERN SSL3_ENC_METHOD ssl3_undef_enc_method;
+OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[];
+OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
+
+#ifdef VMS
+#undef SSL_COMP_get_compression_methods
+#define SSL_COMP_get_compression_methods SSL_COMP_get_compress_methods
+#endif
 
-#ifndef NOPROTO
 
 SSL_METHOD *ssl_bad_method(int ver);
 SSL_METHOD *sslv2_base_method(void);
@@ -327,33 +363,41 @@ SSL_METHOD *sslv3_base_method(void);
 void ssl_clear_cipher_ctx(SSL *s);
 int ssl_clear_bad_session(SSL *s);
 CERT *ssl_cert_new(void);
+CERT *ssl_cert_dup(CERT *cert);
+int ssl_cert_inst(CERT **o);
 void ssl_cert_free(CERT *c);
-int ssl_set_cert_type(CERT *c, int type);
+SESS_CERT *ssl_sess_cert_new(void);
+void ssl_sess_cert_free(SESS_CERT *sc);
+int ssl_set_peer_cert_type(SESS_CERT *c, int type);
 int ssl_get_new_session(SSL *s, int session);
 int ssl_get_prev_session(SSL *s, unsigned char *session,int len);
 int ssl_cipher_id_cmp(SSL_CIPHER *a,SSL_CIPHER *b);
 int ssl_cipher_ptr_id_cmp(SSL_CIPHER **ap,SSL_CIPHER **bp);
-STACK *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,STACK **skp);
-int ssl_cipher_list_to_bytes(SSL *s,STACK *sk,unsigned char *p);
-STACK *ssl_create_cipher_list(SSL_METHOD *meth,STACK **pref,
-	STACK **sorted,char *str);
+STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
+					       STACK_OF(SSL_CIPHER) **skp);
+int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p);
+STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_METHOD *meth,
+					     STACK_OF(SSL_CIPHER) **pref,
+					     STACK_OF(SSL_CIPHER) **sorted,
+					     char *str);
 void ssl_update_cache(SSL *s, int mode);
-int ssl_cipher_get_evp(SSL_CIPHER *c, EVP_CIPHER **enc, EVP_MD **md);
-int ssl_verify_cert_chain(SSL *s,STACK *sk);
+int ssl_cipher_get_evp(SSL_SESSION *s,const EVP_CIPHER **enc,const EVP_MD **md,
+		       SSL_COMP **comp);
+int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
 int ssl_undefined_function(SSL *s);
 X509 *ssl_get_server_send_cert(SSL *);
 EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *);
 int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
-void ssl_set_cert_masks(CERT *c);
-STACK *ssl_get_ciphers_by_id(SSL *s);
+void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher);
+STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
 int ssl_verify_alarm_type(long type);
 
 int ssl2_enc_init(SSL *s, int client);
 void ssl2_generate_key_material(SSL *s);
 void ssl2_enc(SSL *s,int send_data);
 void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
-SSL_CIPHER *ssl2_get_cipher_by_char(unsigned char *p);
-int ssl2_put_cipher_by_char(SSL_CIPHER *c,unsigned char *p);
+SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
+int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
 int ssl2_part_read(SSL *s, unsigned long f, int i);
 int ssl2_do_write(SSL *s);
 int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data);
@@ -365,17 +409,17 @@ int	ssl2_new(SSL *s);
 void	ssl2_free(SSL *s);
 int	ssl2_accept(SSL *s);
 int	ssl2_connect(SSL *s);
-int	ssl2_read(SSL *s, char *buf, int len);
+int	ssl2_read(SSL *s, void *buf, int len);
 int	ssl2_peek(SSL *s, char *buf, int len);
-int	ssl2_write(SSL *s, char *buf, int len);
+int	ssl2_write(SSL *s, const void *buf, int len);
 int	ssl2_shutdown(SSL *s);
 void	ssl2_clear(SSL *s);
 long	ssl2_ctrl(SSL *s,int cmd, long larg, char *parg);
 long	ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, char *parg);
 int	ssl2_pending(SSL *s);
 
-SSL_CIPHER *ssl3_get_cipher_by_char(unsigned char *p);
-int ssl3_put_cipher_by_char(SSL_CIPHER *c,unsigned char *p);
+SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
+int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
 void ssl3_init_finished_mac(SSL *s);
 int ssl3_send_server_certificate(SSL *s);
 int ssl3_get_finished(SSL *s,int state_a,int state_b);
@@ -395,25 +439,26 @@ SSL_CIPHER *ssl3_get_cipher(unsigned int u);
 int ssl3_renegotiate(SSL *ssl); 
 int ssl3_renegotiate_check(SSL *ssl); 
 int ssl3_dispatch_alert(SSL *s);
-int ssl3_read_bytes(SSL *s, int type, char *buf, int len);
+int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len);
 int ssl3_part_read(SSL *s, int i);
-int ssl3_write_bytes(SSL *s, int type, char *buf, int len);
+int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
 int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1,EVP_MD_CTX *ctx2,
 	unsigned char *sender, int slen,unsigned char *p);
 int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
-void ssl3_finish_mac(SSL *s, unsigned char *buf, int len);
+void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
 int ssl3_enc(SSL *s, int send_data);
 int ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
 unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
-SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK *have,STACK *pref);
+SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *have,
+			       STACK_OF(SSL_CIPHER) *pref);
 int	ssl3_setup_buffers(SSL *s);
 int	ssl3_new(SSL *s);
 void	ssl3_free(SSL *s);
 int	ssl3_accept(SSL *s);
 int	ssl3_connect(SSL *s);
-int	ssl3_read(SSL *s, char *buf, int len);
+int	ssl3_read(SSL *s, void *buf, int len);
 int	ssl3_peek(SSL *s,char *buf, int len);
-int	ssl3_write(SSL *s, char *buf, int len);
+int	ssl3_write(SSL *s, const void *buf, int len);
 int	ssl3_shutdown(SSL *s);
 void	ssl3_clear(SSL *s);
 long	ssl3_ctrl(SSL *s,int cmd, long larg, char *parg);
@@ -431,8 +476,8 @@ void tls1_clear(SSL *s);
 long tls1_ctrl(SSL *s,int cmd, long larg, char *parg);
 SSL_METHOD *tlsv1_base_method(void );
 
-
 int ssl_init_wbio_buffer(SSL *s, int push);
+void ssl_free_wbio_buffer(SSL *s);
 
 int tls1_change_cipher_state(SSL *s, int which);
 int tls1_setup_key_block(SSL *s);
@@ -445,114 +490,10 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out,
 	unsigned char *p, int len);
 int tls1_alert_code(int code);
 int ssl3_alert_code(int code);
+int ssl_ok(SSL *s);
 
+SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
+STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
 
-#else
-
-SSL_METHOD *ssl_bad_method();
-SSL_METHOD *sslv2_base_method();
-SSL_METHOD *sslv23_base_method();
-SSL_METHOD *sslv3_base_method();
-
-void ssl_clear_cipher_ctx();
-int ssl_clear_bad_session();
-CERT *ssl_cert_new();
-void ssl_cert_free();
-int ssl_set_cert_type();
-int ssl_get_new_session();
-int ssl_get_prev_session();
-int ssl_cipher_id_cmp();
-int ssl_cipher_ptr_id_cmp();
-STACK *ssl_bytes_to_cipher_list();
-int ssl_cipher_list_to_bytes();
-STACK *ssl_create_cipher_list();
-void ssl_update_cache();
-int ssl_session_get_ciphers();
-int ssl_verify_cert_chain();
-int ssl_undefined_function();
-X509 *ssl_get_server_send_cert();
-EVP_PKEY *ssl_get_sign_pkey();
-int ssl_cert_type();
-void ssl_set_cert_masks();
-STACK *ssl_get_ciphers_by_id();
-int ssl_verify_alarm_type();
-
-int ssl2_enc_init();
-void ssl2_generate_key_material();
-void ssl2_enc();
-void ssl2_mac();
-SSL_CIPHER *ssl2_get_cipher_by_char();
-int ssl2_put_cipher_by_char();
-int ssl2_part_read();
-int ssl2_do_write();
-int ssl2_set_certificate();
-void ssl2_return_error();
-void ssl2_write_error();
-int ssl2_num_ciphers();
-SSL_CIPHER *ssl2_get_cipher();
-int	ssl2_new();
-void	ssl2_free();
-int	ssl2_accept();
-int	ssl2_connect();
-int	ssl2_read();
-int	ssl2_peek();
-int	ssl2_write();
-int	ssl2_shutdown();
-void	ssl2_clear();
-long	ssl2_ctrl();
-long	ssl2_ctx_ctrl();
-int	ssl2_pending();
-
-SSL_CIPHER *ssl3_get_cipher_by_char();
-int ssl3_put_cipher_by_char();
-void ssl3_init_finished_mac();
-int ssl3_send_server_certificate();
-int ssl3_get_finished();
-int ssl3_setup_key_block();
-int ssl3_send_change_cipher_spec();
-int ssl3_change_cipher_state();
-void ssl3_cleanup_key_block();
-int ssl3_do_write();
-void ssl3_send_alert();
-int ssl3_generate_master_secret();
-int ssl3_get_req_cert_type();
-long ssl3_get_message();
-int ssl3_send_finished();
-int ssl3_num_ciphers();
-SSL_CIPHER *ssl3_get_cipher();
-int ssl3_renegotiate();
-int ssl3_renegotiate_check();
-int ssl3_dispatch_alert();
-int ssl3_read_bytes();
-int ssl3_part_read();
-int ssl3_write_bytes();
-int ssl3_final_finish_mac();
-void ssl3_finish_mac();
-int ssl3_enc();
-int ssl3_mac();
-unsigned long ssl3_output_cert_chain();
-SSL_CIPHER *ssl3_choose_cipher();
-int	ssl3_setup_buffers();
-int	ssl3_new();
-void	ssl3_free();
-int	ssl3_accept();
-int	ssl3_connect();
-int	ssl3_read();
-int	ssl3_peek();
-int	ssl3_write();
-int	ssl3_shutdown();
-void	ssl3_clear();
-long	ssl3_ctrl();
-long	ssl3_ctx_ctrl();
-int	ssl3_pending();
-
-int ssl23_accept();
-int ssl23_connect();
-int ssl23_read_bytes();
-int ssl23_write_bytes();
-
-int ssl_init_wbio_buffer();
-
-#endif
 
 #endif
diff --git a/lib/libssl/src/ssl/ssl_rsa.c b/lib/libssl/src/ssl/ssl_rsa.c
index 140475e5fbd..6ec7a5cdb19 100644
--- a/lib/libssl/src/ssl/ssl_rsa.c
+++ b/lib/libssl/src/ssl/ssl_rsa.c
@@ -57,53 +57,32 @@
  */
 
 #include <stdio.h>
-#include "bio.h"
-#include "objects.h"
-#include "evp.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 #include "ssl_locl.h"
 
-#ifndef NOPROTO
 static int ssl_set_cert(CERT *c, X509 *x509);
 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
-#else
-static int ssl_set_cert();
-static int ssl_set_pkey();
-#endif
-
-int SSL_use_certificate(ssl, x)
-SSL *ssl;
-X509 *x;
+int SSL_use_certificate(SSL *ssl, X509 *x)
 	{
-	CERT *c;
-
 	if (x == NULL)
 		{
 		SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
 		return(0);
 		}
-	if ((ssl->cert == NULL) || (ssl->cert == ssl->ctx->default_cert))
+	if (!ssl_cert_inst(&ssl->cert))
 		{
-		c=ssl_cert_new();
-		if (c == NULL)
-			{
-			SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
-			return(0);
-			}
-		if (ssl->cert != NULL) ssl_cert_free(ssl->cert);
-		ssl->cert=c;
+		SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
+		return(0);
 		}
-	c=ssl->cert;
-
-	return(ssl_set_cert(c,x));
+	return(ssl_set_cert(ssl->cert,x));
 	}
 
 #ifndef NO_STDIO
-int SSL_use_certificate_file(ssl, file, type)
-SSL *ssl;
-char *file;
-int type;
+int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
 	{
 	int j;
 	BIO *in;
@@ -130,7 +109,7 @@ int type;
 	else if (type == SSL_FILETYPE_PEM)
 		{
 		j=ERR_R_PEM_LIB;
-		x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback);
+		x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
 		}
 	else
 		{
@@ -152,10 +131,7 @@ end:
 	}
 #endif
 
-int SSL_use_certificate_ASN1(ssl, len, d)
-SSL *ssl;
-int len;
-unsigned char *d;
+int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len)
 	{
 	X509 *x;
 	int ret;
@@ -173,11 +149,8 @@ unsigned char *d;
 	}
 
 #ifndef NO_RSA
-int SSL_use_RSAPrivateKey(ssl, rsa)
-SSL *ssl;
-RSA *rsa;
+int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
 	{
-	CERT *c;
 	EVP_PKEY *pkey;
 	int ret;
 
@@ -186,19 +159,11 @@ RSA *rsa;
 		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
 		return(0);
 		}
-
-        if ((ssl->cert == NULL) || (ssl->cert == ssl->ctx->default_cert))
-                {
-                c=ssl_cert_new();
-		if (c == NULL)
-			{
-			SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
-			return(0);
-			}
-                if (ssl->cert != NULL) ssl_cert_free(ssl->cert);
-		ssl->cert=c;
+	if (!ssl_cert_inst(&ssl->cert))
+		{
+		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
+		return(0);
 		}
-	c=ssl->cert;
 	if ((pkey=EVP_PKEY_new()) == NULL)
 		{
 		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
@@ -208,15 +173,13 @@ RSA *rsa;
 	CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
 	EVP_PKEY_assign_RSA(pkey,rsa);
 
-	ret=ssl_set_pkey(c,pkey);
+	ret=ssl_set_pkey(ssl->cert,pkey);
 	EVP_PKEY_free(pkey);
 	return(ret);
 	}
 #endif
 
-static int ssl_set_pkey(c,pkey)
-CERT *c;
-EVP_PKEY *pkey;
+static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
 	{
 	int i,ok=0,bad=0;
 
@@ -229,6 +192,12 @@ EVP_PKEY *pkey;
 
 	if (c->pkeys[i].x509 != NULL)
 		{
+		EVP_PKEY *pktmp;
+		pktmp =	X509_get_pubkey(c->pkeys[i].x509);
+		EVP_PKEY_copy_parameters(pktmp,pkey);
+		EVP_PKEY_free(pktmp);
+		ERR_clear_error();
+
 #ifndef NO_RSA
 		/* Don't check the public/private key, this is mostly
 		 * for smart cards. */
@@ -284,10 +253,7 @@ EVP_PKEY *pkey;
 
 #ifndef NO_RSA
 #ifndef NO_STDIO
-int SSL_use_RSAPrivateKey_file(ssl, file, type)
-SSL *ssl;
-char *file;
-int type;
+int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
 	{
 	int j,ret=0;
 	BIO *in;
@@ -314,7 +280,7 @@ int type;
 		{
 		j=ERR_R_PEM_LIB;
 		rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
-			ssl->ctx->default_passwd_callback);
+			ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
 		}
 	else
 		{
@@ -334,10 +300,7 @@ end:
 	}
 #endif
 
-int SSL_use_RSAPrivateKey_ASN1(ssl,d,len)
-SSL *ssl;
-unsigned char *d;
-long len;
+int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
 	{
 	int ret;
 	unsigned char *p;
@@ -356,11 +319,8 @@ long len;
 	}
 #endif /* !NO_RSA */
 
-int SSL_use_PrivateKey(ssl, pkey)
-SSL *ssl;
-EVP_PKEY *pkey;
+int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
 	{
-	CERT *c;
 	int ret;
 
 	if (pkey == NULL)
@@ -368,29 +328,17 @@ EVP_PKEY *pkey;
 		SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
 		return(0);
 		}
-
-        if ((ssl->cert == NULL) || (ssl->cert == ssl->ctx->default_cert))
-                {
-                c=ssl_cert_new();
-		if (c == NULL)
-			{
-			SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
-			return(0);
-			}
-                if (ssl->cert != NULL) ssl_cert_free(ssl->cert);
-		ssl->cert=c;
+	if (!ssl_cert_inst(&ssl->cert))
+		{
+		SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
+		return(0);
 		}
-	c=ssl->cert;
-
-	ret=ssl_set_pkey(c,pkey);
+	ret=ssl_set_pkey(ssl->cert,pkey);
 	return(ret);
 	}
 
 #ifndef NO_STDIO
-int SSL_use_PrivateKey_file(ssl, file, type)
-SSL *ssl;
-char *file;
-int type;
+int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
 	{
 	int j,ret=0;
 	BIO *in;
@@ -412,7 +360,7 @@ int type;
 		{
 		j=ERR_R_PEM_LIB;
 		pkey=PEM_read_bio_PrivateKey(in,NULL,
-			ssl->ctx->default_passwd_callback);
+			ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
 		}
 	else
 		{
@@ -432,11 +380,7 @@ end:
 	}
 #endif
 
-int SSL_use_PrivateKey_ASN1(type,ssl,d,len)
-int type;
-SSL *ssl;
-unsigned char *d;
-long len;
+int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, unsigned char *d, long len)
 	{
 	int ret;
 	unsigned char *p;
@@ -454,36 +398,22 @@ long len;
 	return(ret);
 	}
 
-int SSL_CTX_use_certificate(ctx, x)
-SSL_CTX *ctx;
-X509 *x;
+int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
 	{
-	CERT *c;
-
 	if (x == NULL)
 		{
 		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
 		return(0);
 		}
-
-	if (ctx->default_cert == NULL)
+	if (!ssl_cert_inst(&ctx->cert))
 		{
-		c=ssl_cert_new();
-		if (c == NULL)
-			{
-			SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
-			return(0);
-			}
-		ctx->default_cert=c;
+		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
+		return(0);
 		}
-	c=ctx->default_cert;
-
-	return(ssl_set_cert(c,x));
+	return(ssl_set_cert(ctx->cert, x));
 	}
 
-static int ssl_set_cert(c,x)
-CERT *c;
-X509 *x;
+static int ssl_set_cert(CERT *c, X509 *x)
 	{
 	EVP_PKEY *pkey;
 	int i,ok=0,bad=0;
@@ -499,11 +429,25 @@ X509 *x;
 	if (i < 0)
 		{
 		SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+		EVP_PKEY_free(pkey);
 		return(0);
 		}
 
 	if (c->pkeys[i].privatekey != NULL)
 		{
+		EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey);
+		ERR_clear_error();
+
+#ifndef NO_RSA
+		/* Don't check the public/private key, this is mostly
+		 * for smart cards. */
+		if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
+			(RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
+			 RSA_METHOD_FLAG_NO_CHECK))
+			 ok=1;
+		else
+#endif
+		{
 		if (!X509_check_private_key(x,c->pkeys[i].privatekey))
 			{
 			if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA))
@@ -527,10 +471,12 @@ X509 *x;
 			}
 		else
 			ok=1;
+		} /* NO_RSA */
 		}
 	else
 		ok=1;
 
+	EVP_PKEY_free(pkey);
 	if (bad)
 		{
 		EVP_PKEY_free(c->pkeys[i].privatekey);
@@ -548,10 +494,7 @@ X509 *x;
 	}
 
 #ifndef NO_STDIO
-int SSL_CTX_use_certificate_file(ctx, file, type)
-SSL_CTX *ctx;
-char *file;
-int type;
+int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
 	{
 	int j;
 	BIO *in;
@@ -578,7 +521,7 @@ int type;
 	else if (type == SSL_FILETYPE_PEM)
 		{
 		j=ERR_R_PEM_LIB;
-		x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback);
+		x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
 		}
 	else
 		{
@@ -600,10 +543,7 @@ end:
 	}
 #endif
 
-int SSL_CTX_use_certificate_ASN1(ctx, len, d)
-SSL_CTX *ctx;
-int len;
-unsigned char *d;
+int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d)
 	{
 	X509 *x;
 	int ret;
@@ -621,12 +561,9 @@ unsigned char *d;
 	}
 
 #ifndef NO_RSA
-int SSL_CTX_use_RSAPrivateKey(ctx, rsa)
-SSL_CTX *ctx;
-RSA *rsa;
+int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
 	{
 	int ret;
-	CERT *c;
 	EVP_PKEY *pkey;
 
 	if (rsa == NULL)
@@ -634,18 +571,11 @@ RSA *rsa;
 		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
 		return(0);
 		}
-	if (ctx->default_cert == NULL)
+	if (!ssl_cert_inst(&ctx->cert))
 		{
-		c=ssl_cert_new();
-		if (c == NULL)
-			{
-			SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
-			return(0);
-			}
-		ctx->default_cert=c;
+		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
+		return(0);
 		}
-	c=ctx->default_cert;
-
 	if ((pkey=EVP_PKEY_new()) == NULL)
 		{
 		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
@@ -655,16 +585,13 @@ RSA *rsa;
 	CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
 	EVP_PKEY_assign_RSA(pkey,rsa);
 
-	ret=ssl_set_pkey(c,pkey);
+	ret=ssl_set_pkey(ctx->cert, pkey);
 	EVP_PKEY_free(pkey);
 	return(ret);
 	}
 
 #ifndef NO_STDIO
-int SSL_CTX_use_RSAPrivateKey_file(ctx, file, type)
-SSL_CTX *ctx;
-char *file;
-int type;
+int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
 	{
 	int j,ret=0;
 	BIO *in;
@@ -691,7 +618,7 @@ int type;
 		{
 		j=ERR_R_PEM_LIB;
 		rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
-			ctx->default_passwd_callback);
+			ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
 		}
 	else
 		{
@@ -711,10 +638,7 @@ end:
 	}
 #endif
 
-int SSL_CTX_use_RSAPrivateKey_ASN1(ctx,d,len)
-SSL_CTX *ctx;
-unsigned char *d;
-long len;
+int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len)
 	{
 	int ret;
 	unsigned char *p;
@@ -733,38 +657,23 @@ long len;
 	}
 #endif /* !NO_RSA */
 
-int SSL_CTX_use_PrivateKey(ctx, pkey)
-SSL_CTX *ctx;
-EVP_PKEY *pkey;
+int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
 	{
-	CERT *c;
-
 	if (pkey == NULL)
 		{
 		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
 		return(0);
 		}
-		
-	if (ctx->default_cert == NULL)
+	if (!ssl_cert_inst(&ctx->cert))
 		{
-		c=ssl_cert_new();
-		if (c == NULL)
-			{
-			SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
-			return(0);
-			}
-		ctx->default_cert=c;
+		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
+		return(0);
 		}
-	c=ctx->default_cert;
-
-	return(ssl_set_pkey(c,pkey));
+	return(ssl_set_pkey(ctx->cert,pkey));
 	}
 
 #ifndef NO_STDIO
-int SSL_CTX_use_PrivateKey_file(ctx, file, type)
-SSL_CTX *ctx;
-char *file;
-int type;
+int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
 	{
 	int j,ret=0;
 	BIO *in;
@@ -786,7 +695,7 @@ int type;
 		{
 		j=ERR_R_PEM_LIB;
 		pkey=PEM_read_bio_PrivateKey(in,NULL,
-			ctx->default_passwd_callback);
+			ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
 		}
 	else
 		{
@@ -806,11 +715,8 @@ end:
 	}
 #endif
 
-int SSL_CTX_use_PrivateKey_ASN1(type,ctx,d,len)
-int type;
-SSL_CTX *ctx;
-unsigned char *d;
-long len;
+int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d,
+	     long len)
 	{
 	int ret;
 	unsigned char *p;
@@ -829,3 +735,81 @@ long len;
 	}
 
 
+#ifndef NO_STDIO
+/* Read a file that contains our certificate in "PEM" format,
+ * possibly followed by a sequence of CA certificates that should be
+ * sent to the peer in the Certificate message.
+ */
+int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
+	{
+	BIO *in;
+	int ret=0;
+	X509 *x=NULL;
+
+	in=BIO_new(BIO_s_file_internal());
+	if (in == NULL)
+		{
+		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB);
+		goto end;
+		}
+
+	if (BIO_read_filename(in,file) <= 0)
+		{
+		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB);
+		goto end;
+		}
+
+	x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
+	if (x == NULL)
+		{
+		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB);
+		goto end;
+		}
+
+	ret=SSL_CTX_use_certificate(ctx,x);
+	if (ERR_peek_error() != 0)
+		ret = 0;  /* Key/certificate mismatch doesn't imply ret==0 ... */
+	if (ret)
+		{
+		/* If we could set up our certificate, now proceed to
+		 * the CA certificates.
+		 */
+		X509 *ca;
+		int r;
+		unsigned long err;
+		
+		if (ctx->extra_certs != NULL) 
+			{
+			sk_X509_pop_free(ctx->extra_certs, X509_free);
+			ctx->extra_certs = NULL;
+			}
+
+		while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata))
+			!= NULL)
+			{
+			r = SSL_CTX_add_extra_chain_cert(ctx, ca);
+			if (!r) 
+				{
+				X509_free(ca);
+				ret = 0;
+				goto end;
+				}
+			/* Note that we must not free r if it was successfully
+			 * added to the chain (while we must free the main
+			 * certificate, since its reference count is increased
+			 * by SSL_CTX_use_certificate). */
+			}
+		/* When the while loop ends, it's usually just EOF. */
+		err = ERR_peek_error();
+		if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
+			(void) ERR_get_error();
+		else 
+			ret = 0; /* some real error */
+		}
+
+end:
+	if (x != NULL) X509_free(x);
+	if (in != NULL) BIO_free(in);
+	return(ret);
+	}
+#endif
diff --git a/lib/libssl/src/ssl/ssl_sess.c b/lib/libssl/src/ssl/ssl_sess.c
index 8212600e408..681499f08aa 100644
--- a/lib/libssl/src/ssl/ssl_sess.c
+++ b/lib/libssl/src/ssl/ssl_sess.c
@@ -57,56 +57,41 @@
  */
 
 #include <stdio.h>
-#include "lhash.h"
-#include "rand.h"
+#include <openssl/lhash.h>
+#include <openssl/rand.h>
 #include "ssl_locl.h"
 
-#ifndef NOPROTO
 static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
 static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
-#else
-static void SSL_SESSION_list_remove();
-static void SSL_SESSION_list_add();
-#endif
-
-static ssl_session_num=0;
+static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
+static int ssl_session_num=0;
 static STACK *ssl_session_meth=NULL;
 
-SSL_SESSION *SSL_get_session(ssl)
-SSL *ssl;
+SSL_SESSION *SSL_get_session(SSL *ssl)
 	{
 	return(ssl->session);
 	}
 
-int SSL_SESSION_get_ex_new_index(argl,argp,new_func,dup_func,free_func)
-long argl;
-char *argp;
-int (*new_func)();
-int (*dup_func)();
-void (*free_func)();
-        {
-        ssl_session_num++;
-        return(CRYPTO_get_ex_new_index(ssl_session_num-1,
+int SSL_SESSION_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+	     int (*dup_func)(), void (*free_func)())
+	{
+	ssl_session_num++;
+	return(CRYPTO_get_ex_new_index(ssl_session_num-1,
 		&ssl_session_meth,
-                argl,argp,new_func,dup_func,free_func));
-        }
+		argl,argp,new_func,dup_func,free_func));
+	}
 
-int SSL_SESSION_set_ex_data(s,idx,arg)
-SSL_SESSION *s;
-int idx;
-char *arg;
+int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
 	{
 	return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
 	}
 
-char *SSL_SESSION_get_ex_data(s,idx)
-SSL_SESSION *s;
-int idx;
+void *SSL_SESSION_get_ex_data(SSL_SESSION *s, int idx)
 	{
 	return(CRYPTO_get_ex_data(&s->ex_data,idx));
 	}
 
-SSL_SESSION *SSL_SESSION_new()
+SSL_SESSION *SSL_SESSION_new(void)
 	{
 	SSL_SESSION *ss;
 
@@ -123,21 +108,24 @@ SSL_SESSION *SSL_SESSION_new()
 	ss->time=time(NULL);
 	ss->prev=NULL;
 	ss->next=NULL;
+	ss->compress_meth=0;
 	CRYPTO_new_ex_data(ssl_session_meth,(char *)ss,&ss->ex_data);
 	return(ss);
 	}
 
-int ssl_get_new_session(s, session)
-SSL *s;
-int session;
+int ssl_get_new_session(SSL *s, int session)
 	{
+	/* This gets used by clients and servers. */
+
 	SSL_SESSION *ss=NULL;
 
 	if ((ss=SSL_SESSION_new()) == NULL) return(0);
 
 	/* If the context has a default timeout, use it */
-	if (s->ctx->session_timeout != 0)
+	if (s->ctx->session_timeout == 0)
 		ss->timeout=SSL_get_default_timeout(s);
+	else
+		ss->timeout=s->ctx->session_timeout;
 
 	if (s->session != NULL)
 		{
@@ -147,7 +135,7 @@ int session;
 
 	if (session)
 		{
-		if (s->version == SSL2_CLIENT_VERSION)
+		if (s->version == SSL2_VERSION)
 			{
 			ss->ssl_version=SSL2_VERSION;
 			ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
@@ -180,6 +168,8 @@ int session;
 			CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
 			if (r == NULL) break;
 			/* else - woops a session_id match */
+			/* XXX should also check external cache!
+			 * (But the probability of a collision is negligible, anyway...) */
 			}
 		}
 	else
@@ -187,58 +177,100 @@ int session;
 		ss->session_id_length=0;
 		}
 
+	memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
+	ss->sid_ctx_length=s->sid_ctx_length;
 	s->session=ss;
 	ss->ssl_version=s->version;
 
 	return(1);
 	}
 
-int ssl_get_prev_session(s,session_id,len)
-SSL *s;
-unsigned char *session_id;
-int len;
+int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
 	{
+	/* This is used only by servers. */
+
 	SSL_SESSION *ret=NULL,data;
+	int fatal = 0;
 
 	/* conn_init();*/
 	data.ssl_version=s->version;
 	data.session_id_length=len;
 	if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
-		return(0);
-	memcpy(data.session_id,session_id,len);;
+		goto err;
+	memcpy(data.session_id,session_id,len);
 
 	if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
 		{
 		CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
 		ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,(char *)&data);
+		if (ret != NULL)
+		    /* don't allow other threads to steal it: */
+		    CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
 		CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
 		}
 
 	if (ret == NULL)
 		{
 		int copy=1;
-
-		s->ctx->sess_miss++;
+	
+		s->ctx->stats.sess_miss++;
 		ret=NULL;
-		if ((s->ctx->get_session_cb != NULL) &&
-			((ret=s->ctx->get_session_cb(s,session_id,len,&copy))
-				!= NULL))
+		if (s->ctx->get_session_cb != NULL
+		    && (ret=s->ctx->get_session_cb(s,session_id,len,&copy))
+		       != NULL)
 			{
-			s->ctx->sess_cb_hit++;
+			s->ctx->stats.sess_cb_hit++;
+
+			/* Increment reference count now if the session callback
+			 * asks us to do so (note that if the session structures
+			 * returned by the callback are shared between threads,
+			 * it must handle the reference count itself [i.e. copy == 0],
+			 * or things won't be thread-safe). */
+			if (copy)
+				CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
 
 			/* The following should not return 1, otherwise,
 			 * things are very strange */
 			SSL_CTX_add_session(s->ctx,ret);
-			/* auto free it */
-			if (!copy)
-				SSL_SESSION_free(ret);
 			}
-		if (ret == NULL) return(0);
+		if (ret == NULL)
+			goto err;
+		}
+
+	/* Now ret is non-NULL, and we own one of its reference counts. */
+
+	if((s->verify_mode&SSL_VERIFY_PEER)
+	   && (!s->sid_ctx_length || ret->sid_ctx_length != s->sid_ctx_length
+	       || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)))
+	    {
+		/* We've found the session named by the client, but we don't
+		 * want to use it in this context. */
+		
+		if (s->sid_ctx_length == 0)
+			{
+			/* application should have used SSL[_CTX]_set_session_id_context
+			 * -- we could tolerate this and just pretend we never heard
+			 * of this session, but then applications could effectively
+			 * disable the session cache by accident without anyone noticing */
+
+			SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
+			fatal = 1;
+			goto err;
+			}
+		else
+			{
+#if 0 /* The client cannot always know when a session is not appropriate,
+	   * so we shouldn't generate an error message. */
+
+			SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
+#endif
+			goto err; /* treat like cache miss */
+			}
 		}
 
 	if (ret->cipher == NULL)
 		{
-		char buf[5],*p;
+		unsigned char buf[5],*p;
 		unsigned long l;
 
 		p=buf;
@@ -249,25 +281,28 @@ int len;
 		else 
 			ret->cipher=ssl_get_cipher_by_char(s,&(buf[1]));
 		if (ret->cipher == NULL)
-			return(0);
+			goto err;
 		}
 
+
+#if 0 /* This is way too late. */
+
 	/* If a thread got the session, then 'swaped', and another got
 	 * it and then due to a time-out decided to 'Free' it we could
 	 * be in trouble.  So I'll increment it now, then double decrement
 	 * later - am I speaking rubbish?. */
 	CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
+#endif
 
 	if ((long)(ret->time+ret->timeout) < (long)time(NULL)) /* timeout */
 		{
-		s->ctx->sess_timeout++;
+		s->ctx->stats.sess_timeout++;
 		/* remove it from the cache */
 		SSL_CTX_remove_session(s->ctx,ret);
-		SSL_SESSION_free(ret);		/* again to actually Free it */
-		return(0);
+		goto err;
 		}
 
-	s->ctx->sess_hit++;
+	s->ctx->stats.sess_hit++;
 
 	/* ret->time=time(NULL); */ /* rezero timeout? */
 	/* again, just leave the session 
@@ -277,11 +312,17 @@ int len;
 		SSL_SESSION_free(s->session);
 	s->session=ret;
 	return(1);
+
+ err:
+	if (ret != NULL)
+		SSL_SESSION_free(ret);
+	if (fatal)
+		return -1;
+	else
+		return 0;
 	}
 
-int SSL_CTX_add_session(ctx,c)
-SSL_CTX *ctx;
-SSL_SESSION *c;
+int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
 	{
 	int ret=0;
 	SSL_SESSION *s;
@@ -314,11 +355,11 @@ SSL_SESSION *c;
 			while (SSL_CTX_sess_number(ctx) >
 				SSL_CTX_sess_get_cache_size(ctx))
 				{
-				if (!SSL_CTX_remove_session(ctx,
-					ctx->session_cache_tail))
+				if (!remove_session_lock(ctx,
+					ctx->session_cache_tail, 0))
 					break;
 				else
-					ctx->sess_cache_full++;
+					ctx->stats.sess_cache_full++;
 				}
 			}
 		}
@@ -326,16 +367,19 @@ SSL_SESSION *c;
 	return(ret);
 	}
 
-int SSL_CTX_remove_session(ctx,c)
-SSL_CTX *ctx;
-SSL_SESSION *c;
+int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c)
+{
+	return remove_session_lock(ctx, c, 1);
+}
+
+static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
 	{
 	SSL_SESSION *r;
 	int ret=0;
 
 	if ((c != NULL) && (c->session_id_length != 0))
 		{
-		CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+		if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
 		r=(SSL_SESSION *)lh_delete(ctx->sessions,(char *)c);
 		if (r != NULL)
 			{
@@ -343,7 +387,7 @@ SSL_SESSION *c;
 			SSL_SESSION_list_remove(ctx,c);
 			}
 
-		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+		if(lck) CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
 
 		if (ret)
 			{
@@ -358,11 +402,13 @@ SSL_SESSION *c;
 	return(ret);
 	}
 
-void SSL_SESSION_free(ss)
-SSL_SESSION *ss;
+void SSL_SESSION_free(SSL_SESSION *ss)
 	{
 	int i;
 
+	if(ss == NULL)
+	    return;
+
 	i=CRYPTO_add(&ss->references,-1,CRYPTO_LOCK_SSL_SESSION);
 #ifdef REF_PRINT
 	REF_PRINT("SSL_SESSION",ss);
@@ -381,16 +427,14 @@ SSL_SESSION *ss;
 	memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH);
 	memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH);
 	memset(ss->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH);
-	if (ss->cert != NULL) ssl_cert_free(ss->cert);
+	if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
 	if (ss->peer != NULL) X509_free(ss->peer);
-	if (ss->ciphers != NULL) sk_free(ss->ciphers);
+	if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
 	memset(ss,0,sizeof(*ss));
 	Free(ss);
 	}
 
-int SSL_set_session(s, session)
-SSL *s;
-SSL_SESSION *session;
+int SSL_set_session(SSL *s, SSL_SESSION *session)
 	{
 	int ret=0;
 	SSL_METHOD *meth;
@@ -410,7 +454,10 @@ SSL_SESSION *session;
 			{
 			if (!SSL_set_ssl_method(s,meth))
 				return(0);
-			session->timeout=SSL_get_default_timeout(s);
+			if (s->ctx->session_timeout == 0)
+				session->timeout=SSL_get_default_timeout(s);
+			else
+				session->timeout=s->ctx->session_timeout;
 			}
 
 		/* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/
@@ -428,42 +475,59 @@ SSL_SESSION *session;
 			SSL_SESSION_free(s->session);
 			s->session=NULL;
 			}
+
+		meth=s->ctx->method;
+		if (meth != s->method)
+			{
+			if (!SSL_set_ssl_method(s,meth))
+				return(0);
+			}
+		ret=1;
 		}
 	return(ret);
 	}
 
-long SSL_SESSION_set_timeout(s,t)
-SSL_SESSION *s;
-long t;
+long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
 	{
 	if (s == NULL) return(0);
 	s->timeout=t;
 	return(1);
 	}
 
-long SSL_SESSION_get_timeout(s)
-SSL_SESSION *s;
+long SSL_SESSION_get_timeout(SSL_SESSION *s)
 	{
 	if (s == NULL) return(0);
 	return(s->timeout);
 	}
 
-long SSL_SESSION_get_time(s)
-SSL_SESSION *s;
+long SSL_SESSION_get_time(SSL_SESSION *s)
 	{
 	if (s == NULL) return(0);
 	return(s->time);
 	}
 
-long SSL_SESSION_set_time(s,t)
-SSL_SESSION *s;
-long t;
+long SSL_SESSION_set_time(SSL_SESSION *s, long t)
 	{
 	if (s == NULL) return(0);
 	s->time=t;
 	return(t);
 	}
 
+long SSL_CTX_set_timeout(SSL_CTX *s, long t)
+	{
+	long l;
+	if (s == NULL) return(0);
+	l=s->session_timeout;
+	s->session_timeout=t;
+	return(l);
+	}
+
+long SSL_CTX_get_timeout(SSL_CTX *s)
+	{
+	if (s == NULL) return(0);
+	return(s->session_timeout);
+	}
+
 typedef struct timeout_param_st
 	{
 	SSL_CTX *ctx;
@@ -471,9 +535,7 @@ typedef struct timeout_param_st
 	LHASH *cache;
 	} TIMEOUT_PARAM;
 
-static void timeout(s,p)
-SSL_SESSION *s;
-TIMEOUT_PARAM *p;
+static void timeout(SSL_SESSION *s, TIMEOUT_PARAM *p)
 	{
 	if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */
 		{
@@ -488,15 +550,13 @@ TIMEOUT_PARAM *p;
 		}
 	}
 
-void SSL_CTX_flush_sessions(s,t)
-SSL_CTX *s;
-long t;
+void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
 	{
 	unsigned long i;
 	TIMEOUT_PARAM tp;
 
 	tp.ctx=s;
-	tp.cache=SSL_CTX_sessions(s);
+	tp.cache=s->sessions;
 	if (tp.cache == NULL) return;
 	tp.time=t;
 	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
@@ -507,8 +567,7 @@ long t;
 	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
 	}
 
-int ssl_clear_bad_session(s)
-SSL *s;
+int ssl_clear_bad_session(SSL *s)
 	{
 	if (	(s->session != NULL) &&
 		!(s->shutdown & SSL_SENT_SHUTDOWN) &&
@@ -522,9 +581,7 @@ SSL *s;
 	}
 
 /* locked by SSL_CTX in the calling function */
-static void SSL_SESSION_list_remove(ctx,s)
-SSL_CTX *ctx;
-SSL_SESSION *s;
+static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
 	{
 	if ((s->next == NULL) || (s->prev == NULL)) return;
 
@@ -557,9 +614,7 @@ SSL_SESSION *s;
 	s->prev=s->next=NULL;
 	}
 
-static void SSL_SESSION_list_add(ctx,s)
-SSL_CTX *ctx;
-SSL_SESSION *s;
+static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
 	{
 	if ((s->next != NULL) && (s->prev != NULL))
 		SSL_SESSION_list_remove(ctx,s);
diff --git a/lib/libssl/src/ssl/ssl_stat.c b/lib/libssl/src/ssl/ssl_stat.c
index a1daf25dd43..3eca4ee6017 100644
--- a/lib/libssl/src/ssl/ssl_stat.c
+++ b/lib/libssl/src/ssl/ssl_stat.c
@@ -59,22 +59,21 @@
 #include <stdio.h>
 #include "ssl_locl.h"
 
-char *SSL_state_string_long(s)
-SSL *s;
+char *SSL_state_string_long(SSL *s)
 	{
 	char *str;
 
 	switch (s->state)
 		{
-case SSL_ST_BEFORE: str="before SSL initalisation"; break;
-case SSL_ST_ACCEPT: str="before accept initalisation"; break;
-case SSL_ST_CONNECT: str="before connect initalisation"; break;
+case SSL_ST_BEFORE: str="before SSL initialization"; break;
+case SSL_ST_ACCEPT: str="before accept initialization"; break;
+case SSL_ST_CONNECT: str="before connect initialization"; break;
 case SSL_ST_OK: str="SSL negotiation finished successfully"; break;
 case SSL_ST_RENEGOTIATE:	str="SSL renegotiate ciphers"; break;
-case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initalisation"; break;
-case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initalisation"; break;
-case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initalisation"; break;
-case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initalisation"; break;
+case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initialization"; break;
+case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initialization"; break;
+case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initialization"; break;
+case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initialization"; break;
 #ifndef NO_SSL2
 case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break;
 case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break;
@@ -132,6 +131,8 @@ case SSL3_ST_CR_SRVR_DONE_A:	str="SSLv3 read server done A"; break;
 case SSL3_ST_CR_SRVR_DONE_B:	str="SSLv3 read server done B"; break;
 case SSL3_ST_CW_CERT_A:		str="SSLv3 write client certificate A"; break;
 case SSL3_ST_CW_CERT_B:		str="SSLv3 write client certificate B"; break;
+case SSL3_ST_CW_CERT_C:		str="SSLv3 write client certificate C"; break;
+case SSL3_ST_CW_CERT_D:		str="SSLv3 write client certificate D"; break;
 case SSL3_ST_CW_KEY_EXCH_A:	str="SSLv3 write client key exchange A"; break;
 case SSL3_ST_CW_KEY_EXCH_B:	str="SSLv3 write client key exchange B"; break;
 case SSL3_ST_CW_CERT_VRFY_A:	str="SSLv3 write certificate verify A"; break;
@@ -198,8 +199,7 @@ default:	str="unknown state"; break;
 	return(str);
 	}
 
-char *SSL_rstate_string_long(s)
-SSL *s;
+char *SSL_rstate_string_long(SSL *s)
 	{
 	char *str;
 
@@ -213,8 +213,7 @@ SSL *s;
 	return(str);
 	}
 
-char *SSL_state_string(s)
-SSL *s;
+char *SSL_state_string(SSL *s)
 	{
 	char *str;
 
@@ -283,6 +282,8 @@ case SSL3_ST_CR_SRVR_DONE_A:			str="3RSD_A"; break;
 case SSL3_ST_CR_SRVR_DONE_B:			str="3RSD_B"; break;
 case SSL3_ST_CW_CERT_A:				str="3WCC_A"; break;
 case SSL3_ST_CW_CERT_B:				str="3WCC_B"; break;
+case SSL3_ST_CW_CERT_C:				str="3WCC_C"; break;
+case SSL3_ST_CW_CERT_D:				str="3WCC_D"; break;
 case SSL3_ST_CW_KEY_EXCH_A:			str="3WCKEA"; break;
 case SSL3_ST_CW_KEY_EXCH_B:			str="3WCKEB"; break;
 case SSL3_ST_CW_CERT_VRFY_A:			str="3WCV_A"; break;
@@ -346,8 +347,7 @@ default:					str="UNKWN "; break;
 	return(str);
 	}
 
-char *SSL_alert_type_string_long(value)
-int value;
+char *SSL_alert_type_string_long(int value)
 	{
 	value>>=8;
 	if (value == SSL3_AL_WARNING)
@@ -358,8 +358,7 @@ int value;
 		return("unknown");
 	}
 
-char *SSL_alert_type_string(value)
-int value;
+char *SSL_alert_type_string(int value)
 	{
 	value>>=8;
 	if (value == SSL3_AL_WARNING)
@@ -370,8 +369,7 @@ int value;
 		return("U");
 	}
 
-char *SSL_alert_desc_string(value)
-int value;
+char *SSL_alert_desc_string(int value)
 	{
 	char *str;
 
@@ -394,8 +392,7 @@ int value;
 	return(str);
 	}
 
-char *SSL_alert_desc_string_long(value)
-int value;
+char *SSL_alert_desc_string_long(int value)
 	{
 	char *str;
 
@@ -442,8 +439,7 @@ int value;
 	return(str);
 	}
 
-char *SSL_rstate_string(s)
-SSL *s;
+char *SSL_rstate_string(SSL *s)
 	{
 	char *str;
 
diff --git a/lib/libssl/src/ssl/ssl_task.c b/lib/libssl/src/ssl/ssl_task.c
index ab72166665f..321e35c83ba 100644
--- a/lib/libssl/src/ssl/ssl_task.c
+++ b/lib/libssl/src/ssl/ssl_task.c
@@ -123,11 +123,13 @@ int LIB$INIT_TIMER(), LIB$SHOW_TIMER();
 
 #include <string.h>		/* from ssltest.c */
 #include <errno.h>
-#include "buffer.h"
-#include "../e_os.h"
-#include "x509.h"
-#include "ssl.h"
-#include "err.h"
+
+#include "openssl/e_os.h"
+
+#include <openssl/buffer.h>
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
 
 int MS_CALLBACK verify_callback(int ok, X509 *xs, X509 *xi, int depth,
 	int error);
@@ -224,8 +226,12 @@ int main ( int argc, char **argv )
 	printf("cipher list: %s\n", cipher ? cipher : "{undefined}" );
 
 	SSL_load_error_strings();
+	SSLeay_add_all_algorithms();
 
+/* DRM, this was the original, but there is no such thing as SSLv2()
 	s_ctx=SSL_CTX_new(SSLv2());
+*/
+	s_ctx=SSL_CTX_new(SSLv2_server_method());
 
 	if (s_ctx == NULL) goto end;
 
@@ -267,8 +273,12 @@ int doit(io_channel chan, SSL_CTX *s_ctx )
 	c_to_s=BIO_new(BIO_s_rtcp());
 	s_to_c=BIO_new(BIO_s_rtcp());
 	if ((s_to_c == NULL) || (c_to_s == NULL)) goto err;
+/* original, DRM 24-SEP-1997
 	BIO_set_fd ( c_to_s, "", chan );
 	BIO_set_fd ( s_to_c, "", chan );
+*/
+	BIO_set_fd ( c_to_s, 0, chan );
+	BIO_set_fd ( s_to_c, 0, chan );
 
 	c_bio=BIO_new(BIO_f_ssl());
 	s_bio=BIO_new(BIO_f_ssl());
diff --git a/lib/libssl/src/ssl/ssl_txt.c b/lib/libssl/src/ssl/ssl_txt.c
index ce60e1a6dd1..ca67a98d896 100644
--- a/lib/libssl/src/ssl/ssl_txt.c
+++ b/lib/libssl/src/ssl/ssl_txt.c
@@ -57,34 +57,30 @@
  */
 
 #include <stdio.h>
-#include "buffer.h"
+#include <openssl/buffer.h>
 #include "ssl_locl.h"
 
 #ifndef NO_FP_API
-int SSL_SESSION_print_fp(fp, x)
-FILE *fp;
-SSL_SESSION *x;
-        {
-        BIO *b;
-        int ret;
+int SSL_SESSION_print_fp(FILE *fp, SSL_SESSION *x)
+	{
+	BIO *b;
+	int ret;
 
-        if ((b=BIO_new(BIO_s_file_internal())) == NULL)
+	if ((b=BIO_new(BIO_s_file_internal())) == NULL)
 		{
 		SSLerr(SSL_F_SSL_SESSION_PRINT_FP,ERR_R_BUF_LIB);
-                return(0);
+		return(0);
 		}
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=SSL_SESSION_print(b,x);
-        BIO_free(b);
-        return(ret);
-        }
+	BIO_set_fp(b,fp,BIO_NOCLOSE);
+	ret=SSL_SESSION_print(b,x);
+	BIO_free(b);
+	return(ret);
+	}
 #endif
 
-int SSL_SESSION_print(bp,x)
-BIO *bp;
-SSL_SESSION *x;
+int SSL_SESSION_print(BIO *bp, SSL_SESSION *x)
 	{
-	int i;
+	unsigned int i;
 	char str[128],*s;
 
 	if (x == NULL) goto err;
@@ -111,13 +107,19 @@ SSL_SESSION *x;
 		sprintf(str,"    Cipher    : %s\n",(x->cipher == NULL)?"unknown":x->cipher->name);
 	if (BIO_puts(bp,str) <= 0) goto err;
 	if (BIO_puts(bp,"    Session-ID: ") <= 0) goto err;
-	for (i=0; i<(int)x->session_id_length; i++)
+	for (i=0; i<x->session_id_length; i++)
 		{
 		sprintf(str,"%02X",x->session_id[i]);
 		if (BIO_puts(bp,str) <= 0) goto err;
 		}
+	if (BIO_puts(bp,"\nSession-ID-ctx: ") <= 0) goto err;
+	for (i=0; i<x->sid_ctx_length; i++)
+		{
+		sprintf(str,"%02X",x->sid_ctx[i]);
+		if (BIO_puts(bp,str) <= 0) goto err;
+		}
 	if (BIO_puts(bp,"\n    Master-Key: ") <= 0) goto err;
-	for (i=0; i<(int)x->master_key_length; i++)
+	for (i=0; i<(unsigned int)x->master_key_length; i++)
 		{
 		sprintf(str,"%02X",x->master_key[i]);
 		if (BIO_puts(bp,str) <= 0) goto err;
@@ -128,11 +130,28 @@ SSL_SESSION *x;
 		if (BIO_puts(bp,"None") <= 0) goto err;
 		}
 	else
-		for (i=0; i<(int)x->key_arg_length; i++)
+		for (i=0; i<x->key_arg_length; i++)
 			{
 			sprintf(str,"%02X",x->key_arg[i]);
 			if (BIO_puts(bp,str) <= 0) goto err;
 			}
+	if (x->compress_meth != 0)
+		{
+		SSL_COMP *comp;
+
+		ssl_cipher_get_evp(x,NULL,NULL,&comp);
+		if (comp == NULL)
+			{
+			sprintf(str,"\n   Compression: %d",x->compress_meth);
+			if (BIO_puts(bp,str) <= 0) goto err;
+			}
+		else
+			{
+			sprintf(str,"\n   Compression: %d (%s)",
+				comp->id,comp->method->name);
+			if (BIO_puts(bp,str) <= 0) goto err;
+			}
+		}	
 	if (x->time != 0L)
 		{
 		sprintf(str,"\n    Start Time: %ld",x->time);
diff --git a/lib/libssl/src/ssl/ssltest.c b/lib/libssl/src/ssl/ssltest.c
index f9dca4e3ef7..90570f4bee7 100644
--- a/lib/libssl/src/ssl/ssltest.c
+++ b/lib/libssl/src/ssl/ssltest.c
@@ -60,51 +60,55 @@
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
-#include "e_os.h"
-#include "bio.h"
-#include "crypto.h"
-#include "x509.h"
-#include "ssl.h"
-#include "err.h"
+#include <limits.h>
+
+#include "openssl/e_os.h"
+
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
 #ifdef WINDOWS
 #include "../crypto/bio/bss_file.c"
 #endif
 
-#define TEST_SERVER_CERT "../apps/server.pem"
-#define TEST_CLIENT_CERT "../apps/client.pem"
-
-#ifndef NOPROTO
-int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
-static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export);
-#ifndef NO_DSA
-static DH *get_dh512(void);
+#if defined(NO_RSA) && !defined(NO_SSL2)
+#define NO_SSL2
 #endif
+
+#ifdef VMS
+#  define TEST_SERVER_CERT "SYS$DISK:[-.APPS]SERVER.PEM"
+#  define TEST_CLIENT_CERT "SYS$DISK:[-.APPS]CLIENT.PEM"
 #else
-int MS_CALLBACK verify_callback();
-static RSA MS_CALLBACK *tmp_rsa_cb();
-#ifndef NO_DSA
-static DH *get_dh512();
-#endif
+#  define TEST_SERVER_CERT "../apps/server.pem"
+#  define TEST_CLIENT_CERT "../apps/client.pem"
 #endif
 
+int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
+#ifndef NO_RSA
+static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export,int keylength);
+#endif
+#ifndef NO_DH
+static DH *get_dh512(void);
+#endif
 BIO *bio_err=NULL;
 BIO *bio_stdout=NULL;
 
 static char *cipher=NULL;
 int verbose=0;
 int debug=0;
+#if 0
+/* Not used yet. */
 #ifdef FIONBIO
 static int s_nbio=0;
 #endif
+#endif
 
 
-#ifndef  NOPROTO
+int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes);
 int doit(SSL *s_ssl,SSL *c_ssl,long bytes);
-#else
-int doit();
-#endif
-
-static void sv_usage()
+static void sv_usage(void)
 	{
 	fprintf(stderr,"usage: ssltest [args ...]\n");
 	fprintf(stderr,"\n");
@@ -115,6 +119,9 @@ static void sv_usage()
 	fprintf(stderr," -reuse        - use session-id reuse\n");
 	fprintf(stderr," -num <val>    - number of connections to perform\n");
 	fprintf(stderr," -bytes <val>  - number of bytes to swap between client/server\n");
+#if !defined NO_DH && !defined NO_DSA
+	fprintf(stderr," -dhe1024      - generate 1024 bit key for DHE\n");
+#endif
 #ifndef NO_SSL2
 	fprintf(stderr," -ssl2         - use SSLv2\n");
 #endif
@@ -130,14 +137,16 @@ static void sv_usage()
 	fprintf(stderr," -s_cert arg   - Just the server certificate file\n");
 	fprintf(stderr," -c_cert arg   - Just the client certificate file\n");
 	fprintf(stderr," -cipher arg   - The cipher list\n");
+	fprintf(stderr," -bio_pair     - Use BIO pairs\n");
+	fprintf(stderr," -f            - Test even cases that can't work\n");
 	}
 
-int main(argc, argv)
-int argc;
-char *argv[];
+int main(int argc, char *argv[])
 	{
 	char *CApath=NULL,*CAfile=NULL;
 	int badop=0;
+	int bio_pair=0;
+	int force=0;
 	int tls1=0,ssl2=0,ssl3=0,ret=1;
 	int client_auth=0;
 	int server_auth=0,i;
@@ -150,6 +159,7 @@ char *argv[];
 	int number=1,reuse=0;
 	long bytes=1L;
 	SSL_CIPHER *ciph;
+	int dhe1024 = 0;
 #ifndef NO_DH
 	DH *dh;
 #endif
@@ -174,6 +184,8 @@ char *argv[];
 			debug=1;
 		else if	(strcmp(*argv,"-reuse") == 0)
 			reuse=1;
+		else if	(strcmp(*argv,"-dhe1024") == 0)
+			dhe1024=1;
 		else if	(strcmp(*argv,"-ssl2") == 0)
 			ssl2=1;
 		else if	(strcmp(*argv,"-tls1") == 0)
@@ -225,6 +237,14 @@ char *argv[];
 			if (--argc < 1) goto bad;
 			CAfile= *(++argv);
 			}
+		else if	(strcmp(*argv,"-bio_pair") == 0)
+			{
+			bio_pair = 1;
+			}
+		else if	(strcmp(*argv,"-f") == 0)
+			{
+			force = 1;
+			}
 		else
 			{
 			fprintf(stderr,"unknown option %s\n",*argv);
@@ -241,9 +261,20 @@ bad:
 		goto end;
 		}
 
+	if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force)
+		{
+		fprintf(stderr, "This case cannot work.  Use -f switch to perform "
+			"the test anyway\n"
+			"(and -d to see what happens, "
+			"and -bio_pair to really make it happen :-)\n"
+			"or add one of -ssl2, -ssl3, -tls1, -reuse to "
+			"avoid protocol mismatch.\n");
+		exit(1);
+		}
+
 /*	if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */
 
-	SSLeay_add_ssl_algorithms();
+	SSL_library_init();
 	SSL_load_error_strings();
 
 #if !defined(NO_SSL2) && !defined(NO_SSL3)
@@ -280,7 +311,29 @@ bad:
 		}
 
 #ifndef NO_DH
-	dh=get_dh512();
+# ifndef NO_DSA
+	if (dhe1024) 
+		{
+		DSA *dsa;
+
+		if (verbose)
+			{
+			fprintf(stdout, "Creating 1024 bit DHE parameters ...");
+			fflush(stdout);
+			}
+
+		dsa = DSA_generate_parameters(1024, NULL, 0, NULL, NULL, 0, NULL);
+		dh = DSA_dup_DH(dsa);	
+		DSA_free(dsa);
+		/* important: SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
+		SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
+
+		if (verbose)
+			fprintf(stdout, " done\n");
+		}
+	else
+# endif
+		dh=get_dh512();
 	SSL_CTX_set_tmp_dh(s_ctx,dh);
 	DH_free(dh);
 #endif
@@ -338,7 +391,10 @@ bad:
 	for (i=0; i<number; i++)
 		{
 		if (!reuse) SSL_set_session(c_ssl,NULL);
-		ret=doit(s_ssl,c_ssl,bytes);
+		if (bio_pair)
+			ret=doit_biopair(s_ssl,c_ssl,bytes);
+		else
+			ret=doit(s_ssl,c_ssl,bytes);
 		}
 
 	if (!verbose)
@@ -361,20 +417,382 @@ end:
 
 	if (bio_stdout != NULL) BIO_free(bio_stdout);
 
+	ERR_free_strings();
 	ERR_remove_state(0);
 	EVP_cleanup();
 	CRYPTO_mem_leaks(bio_err);
 	EXIT(ret);
 	}
 
+int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count)
+	{
+	long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
+	BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
+	BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL;
+	SSL_CIPHER *ciph;
+	int ret = 1;
+	
+	size_t bufsiz = 256; /* small buffer for testing */
+
+	if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
+		goto err;
+	if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
+		goto err;
+	
+	s_ssl_bio = BIO_new(BIO_f_ssl());
+	if (!s_ssl_bio)
+		goto err;
+
+	c_ssl_bio = BIO_new(BIO_f_ssl());
+	if (!c_ssl_bio)
+		goto err;
+
+	SSL_set_connect_state(c_ssl);
+	SSL_set_bio(c_ssl, client, client);
+	(void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
+
+	SSL_set_accept_state(s_ssl);
+	SSL_set_bio(s_ssl, server, server);
+	(void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
+
+	do
+		{
+		/* c_ssl_bio:          SSL filter BIO
+		 *
+		 * client:             pseudo-I/O for SSL library
+		 *
+		 * client_io:          client's SSL communication; usually to be
+		 *                     relayed over some I/O facility, but in this
+		 *                     test program, we're the server, too:
+		 *
+		 * server_io:          server's SSL communication
+		 *
+		 * server:             pseudo-I/O for SSL library
+		 *
+		 * s_ssl_bio:          SSL filter BIO
+		 *
+		 * The client and the server each employ a "BIO pair":
+		 * client + client_io, server + server_io.
+		 * BIO pairs are symmetric.  A BIO pair behaves similar
+		 * to a non-blocking socketpair (but both endpoints must
+		 * be handled by the same thread).
+		 * [Here we could connect client and server to the ends
+		 * of a single BIO pair, but then this code would be less
+		 * suitable as an example for BIO pairs in general.]
+		 *
+		 * Useful functions for querying the state of BIO pair endpoints:
+		 *
+		 * BIO_ctrl_pending(bio)              number of bytes we can read now
+		 * BIO_ctrl_get_read_request(bio)     number of bytes needed to fulfil
+		 *                                      other side's read attempt
+		 * BIO_ctrl_get_write_gurantee(bio)   number of bytes we can write now
+		 *
+		 * ..._read_request is never more than ..._write_guarantee;
+		 * it depends on the application which one you should use.
+		 */
+
+		/* We have non-blocking behaviour throughout this test program, but
+		 * can be sure that there is *some* progress in each iteration; so
+		 * we don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE
+		 * -- we just try everything in each iteration
+		 */
+
+			{
+			/* CLIENT */
+		
+			MS_STATIC char cbuf[1024*8];
+			int i, r;
+
+			if (debug)
+				if (SSL_in_init(c_ssl))
+					printf("client waiting in SSL_connect - %s\n",
+						SSL_state_string_long(c_ssl));
+
+			if (cw_num > 0)
+				{
+				/* Write to server. */
+				
+				if (cw_num > (long)sizeof cbuf)
+					i = sizeof cbuf;
+				else
+					i = (int)cw_num;
+				r = BIO_write(c_ssl_bio, cbuf, i);
+				if (r == -1)
+					{
+					if (!BIO_should_retry(c_ssl_bio))
+						{
+						fprintf(stderr,"ERROR in CLIENT\n");
+						goto err;
+						}
+					/* BIO_should_retry(...) can just be ignored here.
+					 * The library expects us to call BIO_write with
+					 * the same arguments again, and that's what we will
+					 * do in the next iteration. */
+					}
+				else if (r == 0)
+					{
+					fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
+					goto err;
+					}
+				else
+					{
+					if (debug)
+						printf("client wrote %d\n", r);
+					cw_num -= r;				
+					}
+				}
+
+			if (cr_num > 0)
+				{
+				/* Read from server. */
+
+				r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
+				if (r < 0)
+					{
+					if (!BIO_should_retry(c_ssl_bio))
+						{
+						fprintf(stderr,"ERROR in CLIENT\n");
+						goto err;
+						}
+					/* Again, "BIO_should_retry" can be ignored. */
+					}
+				else if (r == 0)
+					{
+					fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
+					goto err;
+					}
+				else
+					{
+					if (debug)
+						printf("client read %d\n", r);
+					cr_num -= r;
+					}
+				}
+			}
+
+			{
+			/* SERVER */
+		
+			MS_STATIC char sbuf[1024*8];
+			int i, r;
+
+			if (debug)
+				if (SSL_in_init(s_ssl))
+					printf("server waiting in SSL_accept - %s\n",
+						SSL_state_string_long(s_ssl));
+
+			if (sw_num > 0)
+				{
+				/* Write to client. */
+				
+				if (sw_num > (long)sizeof sbuf)
+					i = sizeof sbuf;
+				else
+					i = (int)sw_num;
+				r = BIO_write(s_ssl_bio, sbuf, i);
+				if (r == -1)
+					{
+					if (!BIO_should_retry(s_ssl_bio))
+						{
+						fprintf(stderr,"ERROR in SERVER\n");
+						goto err;
+						}
+					/* Ignore "BIO_should_retry". */
+					}
+				else if (r == 0)
+					{
+					fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
+					goto err;
+					}
+				else
+					{
+					if (debug)
+						printf("server wrote %d\n", r);
+					sw_num -= r;				
+					}
+				}
+
+			if (sr_num > 0)
+				{
+				/* Read from client. */
+
+				r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
+				if (r < 0)
+					{
+					if (!BIO_should_retry(s_ssl_bio))
+						{
+						fprintf(stderr,"ERROR in SERVER\n");
+						goto err;
+						}
+					/* blah, blah */
+					}
+				else if (r == 0)
+					{
+					fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
+					goto err;
+					}
+				else
+					{
+					if (debug)
+						printf("server read %d\n", r);
+					sr_num -= r;
+					}
+				}
+			}
+			
+			{
+			/* "I/O" BETWEEN CLIENT AND SERVER. */
+
+#define RELAYBUFSIZ 200
+			static char buf[RELAYBUFSIZ];
+
+			/* RELAYBUF is arbitrary.  When writing data over some real
+			 * network, use a buffer of the same size as in the BIO_pipe
+			 * and make that size large (for reading from the network
+			 * small buffers usually won't hurt).
+			 * Here sizes differ for testing. */
+
+			size_t r1, r2;
+			size_t num;
+			int r;
+			static int prev_progress = 1;
+			int progress = 0;
+			
+			/* client to server */
+			do
+				{
+				r1 = BIO_ctrl_pending(client_io);
+				r2 = BIO_ctrl_get_write_guarantee(server_io);
+
+				num = r1;
+				if (r2 < num)
+					num = r2;
+				if (num)
+					{
+					if (sizeof buf < num)
+						num = sizeof buf;
+					if (INT_MAX < num) /* yeah, right */
+						num = INT_MAX;
+					
+					r = BIO_read(client_io, buf, (int)num);
+					if (r != (int)num) /* can't happen */
+						{
+						fprintf(stderr, "ERROR: BIO_read could not read "
+							"BIO_ctrl_pending() bytes");
+						goto err;
+						}
+					r = BIO_write(server_io, buf, (int)num);
+					if (r != (int)num) /* can't happen */
+						{
+						fprintf(stderr, "ERROR: BIO_write could not write "
+							"BIO_ctrl_get_write_guarantee() bytes");
+						goto err;
+						}
+					progress = 1;
+
+					if (debug)
+						printf("C->S relaying: %d bytes\n", (int)num);
+					}
+				}
+			while (r1 && r2);
+
+			/* server to client */
+			do
+				{
+				r1 = BIO_ctrl_pending(server_io);
+				r2 = BIO_ctrl_get_write_guarantee(client_io);
+
+				num = r1;
+				if (r2 < num)
+					num = r2;
+				if (num)
+					{
+					if (sizeof buf < num)
+						num = sizeof buf;
+					if (INT_MAX < num)
+						num = INT_MAX;
+					
+					r = BIO_read(server_io, buf, (int)num);
+					if (r != (int)num) /* can't happen */
+						{
+						fprintf(stderr, "ERROR: BIO_read could not read "
+							"BIO_ctrl_pending() bytes");
+						goto err;
+						}
+					r = BIO_write(client_io, buf, (int)num);
+					if (r != (int)num) /* can't happen */
+						{
+						fprintf(stderr, "ERROR: BIO_write could not write "
+							"BIO_ctrl_get_write_guarantee() bytes");
+						goto err;
+						}
+					progress = 1;
+
+					if (debug)
+						printf("S->C relaying: %d bytes\n", (int)num);
+					}
+				}
+			while (r1 && r2);
+
+			if (!progress && !prev_progress)
+				if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0)
+					{
+					fprintf(stderr, "ERROR: got stuck\n");
+					if (strcmp("SSLv2", SSL_get_version(c_ssl)) == 0)
+						{
+						fprintf(stderr, "This can happen for SSL2 because "
+							"CLIENT-FINISHED and SERVER-VERIFY are written \n"
+							"concurrently ...");
+						if (strncmp("2SCF", SSL_state_string(c_ssl), 4) == 0
+							&& strncmp("2SSV", SSL_state_string(s_ssl), 4) == 0)
+							{
+							fprintf(stderr, " ok.\n");
+							goto end;
+							}
+						}
+					fprintf(stderr, " ERROR.\n");
+					goto err;
+					}
+			prev_progress = progress;
+			}
+		}
+	while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
+
+	ciph = SSL_get_current_cipher(c_ssl);
+	if (verbose)
+		fprintf(stdout,"DONE via BIO pair, protocol %s, cipher %s, %s\n",
+			SSL_get_version(c_ssl),
+			SSL_CIPHER_get_version(ciph),
+			SSL_CIPHER_get_name(ciph));
+ end:
+	ret = 0;
+
+ err:
+	ERR_print_errors(bio_err);
+	
+	if (server)
+		BIO_free(server);
+	if (server_io)
+		BIO_free(server_io);
+	if (client)
+		BIO_free(client);
+	if (client_io)
+		BIO_free(client_io);
+	if (s_ssl_bio)
+		BIO_free(s_ssl_bio);
+	if (c_ssl_bio)
+		BIO_free(c_ssl_bio);
+
+	return ret;
+	}
+
+
 #define W_READ	1
 #define W_WRITE	2
 #define C_DONE	1
 #define S_DONE	2
 
-int doit(s_ssl,c_ssl,count)
-SSL *s_ssl,*c_ssl;
-long count;
+int doit(SSL *s_ssl, SSL *c_ssl, long count)
 	{
 	MS_STATIC char cbuf[1024*8],sbuf[1024*8];
 	long cw_num=count,cr_num=count;
@@ -673,9 +1091,7 @@ err:
 	return(ret);
 	}
 
-int MS_CALLBACK verify_callback(ok, ctx)
-int ok;
-X509_STORE_CTX *ctx;
+int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
 	{
 	char *s,buf[256];
 
@@ -716,7 +1132,7 @@ static unsigned char dh512_g[]={
 	0x02,
 	};
 
-static DH *get_dh512()
+static DH *get_dh512(void)
 	{
 	DH *dh=NULL;
 
@@ -729,23 +1145,19 @@ static DH *get_dh512()
 	}
 #endif
 
-static RSA MS_CALLBACK *tmp_rsa_cb(s,export)
-SSL *s;
-int export;
+#ifndef NO_RSA
+static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
 	{
 	static RSA *rsa_tmp=NULL;
 
 	if (rsa_tmp == NULL)
 		{
-		BIO_printf(bio_err,"Generating temp (512 bit) RSA key...");
-		BIO_flush(bio_err);
-#ifndef NO_RSA
-		rsa_tmp=RSA_generate_key(512,RSA_F4,NULL,NULL);
-#endif
+		BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
+		(void)BIO_flush(bio_err);
+		rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL);
 		BIO_printf(bio_err,"\n");
-		BIO_flush(bio_err);
+		(void)BIO_flush(bio_err);
 		}
 	return(rsa_tmp);
 	}
-
-
+#endif
diff --git a/lib/libssl/src/ssl/t1_clnt.c b/lib/libssl/src/ssl/t1_clnt.c
index 986d2436e2f..9745630a008 100644
--- a/lib/libssl/src/ssl/t1_clnt.c
+++ b/lib/libssl/src/ssl/t1_clnt.c
@@ -57,14 +57,14 @@
  */
 
 #include <stdio.h>
-#include "buffer.h"
-#include "rand.h"
-#include "objects.h"
-#include "evp.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
 #include "ssl_locl.h"
 
-static SSL_METHOD *tls1_get_client_method(ver)
-int ver;
+static SSL_METHOD *tls1_get_client_method(int ver);
+static SSL_METHOD *tls1_get_client_method(int ver)
 	{
 	if (ver == TLS1_VERSION)
 		return(TLSv1_client_method());
@@ -72,18 +72,18 @@ int ver;
 		return(NULL);
 	}
 
-SSL_METHOD *TLSv1_client_method()
+SSL_METHOD *TLSv1_client_method(void)
 	{
 	static int init=1;
 	static SSL_METHOD TLSv1_client_data;
 
 	if (init)
 		{
-		init=0;
 		memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(),
 			sizeof(SSL_METHOD));
 		TLSv1_client_data.ssl_connect=ssl3_connect;
 		TLSv1_client_data.get_ssl_method=tls1_get_client_method;
+		init=0;
 		}
 	return(&TLSv1_client_data);
 	}
diff --git a/lib/libssl/src/ssl/t1_enc.c b/lib/libssl/src/ssl/t1_enc.c
index fbdd3bffb52..914b7434987 100644
--- a/lib/libssl/src/ssl/t1_enc.c
+++ b/lib/libssl/src/ssl/t1_enc.c
@@ -57,18 +57,16 @@
  */
 
 #include <stdio.h>
-#include "evp.h"
-#include "hmac.h"
+#include <openssl/comp.h>
+#include <openssl/md5.h>
+#include <openssl/sha.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
 #include "ssl_locl.h"
 
-static void tls1_P_hash(md,sec,sec_len,seed,seed_len,out,olen)
-EVP_MD *md;
-unsigned char *sec;
-int sec_len;
-unsigned char *seed;
-int seed_len;
-unsigned char *out;
-int olen;
+static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
+			int sec_len, unsigned char *seed, int seed_len,
+			unsigned char *out, int olen)
 	{
 	int chunk,n;
 	unsigned int j;
@@ -110,19 +108,13 @@ int olen;
 	memset(A1,0,sizeof(A1));
 	}
 
-static void tls1_PRF(md5,sha1,label,label_len,sec,slen,out1,out2,olen)
-EVP_MD *md5;
-EVP_MD *sha1;
-unsigned char *label;
-int label_len;
-unsigned char *sec;
-int slen;
-unsigned char *out1;
-unsigned char *out2;
-int olen;
+static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
+		     unsigned char *label, int label_len,
+		     const unsigned char *sec, int slen, unsigned char *out1,
+		     unsigned char *out2, int olen)
 	{
 	int len,i;
-	unsigned char *S1,*S2;
+	const unsigned char *S1,*S2;
 
 	len=slen/2;
 	S1=sec;
@@ -137,10 +129,8 @@ int olen;
 		out1[i]^=out2[i];
 	}
 
-static void tls1_generate_key_block(s,km,tmp,num)
-SSL *s;
-unsigned char *km,*tmp;
-int num;
+static void tls1_generate_key_block(SSL *s, unsigned char *km,
+	     unsigned char *tmp, int num)
 	{
 	unsigned char *p;
 	unsigned char buf[SSL3_RANDOM_SIZE*2+
@@ -155,15 +145,14 @@ int num;
 	memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
 	p+=SSL3_RANDOM_SIZE;
 
-	tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,p-buf,
-		s->session->master_key,s->session->master_key_length,
-		km,tmp,num);
+	tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),
+		 s->session->master_key,s->session->master_key_length,
+		 km,tmp,num);
 	}
 
-int tls1_change_cipher_state(s,which)
-SSL *s;
-int which;
+int tls1_change_cipher_state(SSL *s, int which)
 	{
+	static const unsigned char empty[]="";
 	unsigned char *p,*key_block,*mac_secret;
 	unsigned char *exp_label,buf[TLS_MD_MAX_CONST_SIZE+
 		SSL3_RANDOM_SIZE*2];
@@ -174,12 +163,12 @@ int which;
 	unsigned char *ms,*key,*iv,*er1,*er2;
 	int client_write;
 	EVP_CIPHER_CTX *dd;
-	EVP_CIPHER *c;
-	SSL_COMPRESSION *comp;
-	EVP_MD *m;
-	int exp,n,i,j,k,exp_label_len;
+	const EVP_CIPHER *c;
+	const SSL_COMP *comp;
+	const EVP_MD *m;
+	int _exp,n,i,j,k,exp_label_len,cl;
 
-	exp=(s->s3->tmp.new_cipher->algorithms & SSL_EXPORT)?1:0;
+	_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
 	c=s->s3->tmp.new_sym_enc;
 	m=s->s3->tmp.new_hash;
 	comp=s->s3->tmp.new_compression;
@@ -193,7 +182,25 @@ int which;
 			goto err;
 		dd= s->enc_read_ctx;
 		s->read_hash=m;
-		s->read_compression=comp;
+		if (s->expand != NULL)
+			{
+			COMP_CTX_free(s->expand);
+			s->expand=NULL;
+			}
+		if (comp != NULL)
+			{
+			s->expand=COMP_CTX_new(comp->method);
+			if (s->expand == NULL)
+				{
+				SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
+				goto err2;
+				}
+			if (s->s3->rrec.comp == NULL)
+				s->s3->rrec.comp=(unsigned char *)
+					Malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
+			if (s->s3->rrec.comp == NULL)
+				goto err;
+			}
 		memset(&(s->s3->read_sequence[0]),0,8);
 		mac_secret= &(s->s3->read_mac_secret[0]);
 		}
@@ -205,7 +212,20 @@ int which;
 			goto err;
 		dd= s->enc_write_ctx;
 		s->write_hash=m;
-		s->write_compression=comp;
+		if (s->compress != NULL)
+			{
+			COMP_CTX_free(s->compress);
+			s->compress=NULL;
+			}
+		if (comp != NULL)
+			{
+			s->compress=COMP_CTX_new(comp->method);
+			if (s->compress == NULL)
+				{
+				SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
+				goto err2;
+				}
+			}
 		memset(&(s->s3->write_sequence[0]),0,8);
 		mac_secret= &(s->s3->write_mac_secret[0]);
 		}
@@ -214,7 +234,10 @@ int which;
 
 	p=s->s3->tmp.key_block;
 	i=EVP_MD_size(m);
-	j=(exp)?5:EVP_CIPHER_key_length(c);
+	cl=EVP_CIPHER_key_length(c);
+	j=_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
+		  cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
+	/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
 	k=EVP_CIPHER_iv_length(c);
 	er1= &(s->s3->client_random[0]);
 	er2= &(s->s3->server_random[0]);
@@ -250,7 +273,7 @@ int which;
 printf("which = %04X\nmac key=",which);
 { int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); }
 #endif
-	if (exp)
+	if (_exp)
 		{
 		/* In here I set both the read and write key/iv to the
 		 * same value since only the correct one will be used :-).
@@ -262,8 +285,8 @@ printf("which = %04X\nmac key=",which);
 		p+=SSL3_RANDOM_SIZE;
 		memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
 		p+=SSL3_RANDOM_SIZE;
-		tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,p-buf,key,j,
-			tmp1,tmp2,EVP_CIPHER_key_length(c));
+		tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),key,j,
+			 tmp1,tmp2,EVP_CIPHER_key_length(c));
 		key=tmp1;
 
 		if (k > 0)
@@ -276,8 +299,8 @@ printf("which = %04X\nmac key=",which);
 			p+=SSL3_RANDOM_SIZE;
 			memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
 			p+=SSL3_RANDOM_SIZE;
-			tls1_PRF(s->ctx->md5,s->ctx->sha1,
-				buf,p-buf,"",0,iv1,iv2,k*2);
+			tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,p-buf,empty,0,
+				 iv1,iv2,k*2);
 			if (client_write)
 				iv=iv1;
 			else
@@ -307,18 +330,18 @@ err2:
 	return(0);
 	}
 
-int tls1_setup_key_block(s)
-SSL *s;
+int tls1_setup_key_block(SSL *s)
 	{
 	unsigned char *p1,*p2;
-	EVP_CIPHER *c;
-	EVP_MD *hash;
-	int num,exp;
+	const EVP_CIPHER *c;
+	const EVP_MD *hash;
+	int num;
+	SSL_COMP *comp;
 
 	if (s->s3->tmp.key_block_length != 0)
 		return(1);
 
-	if (!ssl_cipher_get_evp(s->session->cipher,&c,&hash))
+	if (!ssl_cipher_get_evp(s->session,&c,&hash,&comp))
 		{
 		SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
 		return(0);
@@ -327,8 +350,6 @@ SSL *s;
 	s->s3->tmp.new_sym_enc=c;
 	s->s3->tmp.new_hash=hash;
 
-	exp=(s->session->cipher->algorithms & SSL_EXPORT)?1:0;
-
 	num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
 	num*=2;
 
@@ -365,16 +386,13 @@ err:
 	return(0);
 	}
 
-int tls1_enc(s,send)
-SSL *s;
-int send;
+int tls1_enc(SSL *s, int send)
 	{
 	SSL3_RECORD *rec;
 	EVP_CIPHER_CTX *ds;
 	unsigned long l;
 	int bs,i,ii,j,k,n=0;
-	EVP_CIPHER *enc;
-	SSL_COMPRESSION *comp;
+	const EVP_CIPHER *enc;
 
 	if (send)
 		{
@@ -383,12 +401,9 @@ int send;
 		ds=s->enc_write_ctx;
 		rec= &(s->s3->wrec);
 		if (s->enc_write_ctx == NULL)
-			{ enc=NULL; comp=NULL; }
+			enc=NULL;
 		else
-			{
 			enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
-			comp=s->write_compression;
-			}
 		}
 	else
 		{
@@ -397,16 +412,13 @@ int send;
 		ds=s->enc_read_ctx;
 		rec= &(s->s3->rrec);
 		if (s->enc_read_ctx == NULL)
-			{ enc=NULL; comp=NULL; }
+			enc=NULL;
 		else
-			{
 			enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
-			comp=s->read_compression;
-			}
 		}
 
 	if ((s->session == NULL) || (ds == NULL) ||
-		((enc == NULL) && (comp == NULL)))
+		(enc == NULL))
 		{
 		memcpy(rec->data,rec->input,rec->length);
 		rec->input=rec->data;
@@ -471,25 +483,18 @@ int send;
 	return(1);
 	}
 
-int tls1_cert_verify_mac(s,in_ctx,out)
-SSL *s;
-EVP_MD_CTX *in_ctx;
-unsigned char *out;
+int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out)
 	{
 	unsigned int ret;
 	EVP_MD_CTX ctx;
 
-	memcpy(&ctx,in_ctx,sizeof(EVP_MD_CTX));
+	EVP_MD_CTX_copy(&ctx,in_ctx);
 	EVP_DigestFinal(&ctx,out,&ret);
 	return((int)ret);
 	}
 
-int tls1_final_finish_mac(s,in1_ctx,in2_ctx,str,slen,out)
-SSL *s;
-EVP_MD_CTX *in1_ctx,*in2_ctx;
-unsigned char *str;
-int slen;
-unsigned char *out;
+int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
+	     unsigned char *str, int slen, unsigned char *out)
 	{
 	unsigned int i;
 	EVP_MD_CTX ctx;
@@ -500,14 +505,14 @@ unsigned char *out;
 	memcpy(q,str,slen);
 	q+=slen;
 
-	memcpy(&ctx,in1_ctx,sizeof(EVP_MD_CTX));
+	EVP_MD_CTX_copy(&ctx,in1_ctx);
 	EVP_DigestFinal(&ctx,q,&i);
 	q+=i;
-	memcpy(&ctx,in2_ctx,sizeof(EVP_MD_CTX));
+	EVP_MD_CTX_copy(&ctx,in2_ctx);
 	EVP_DigestFinal(&ctx,q,&i);
 	q+=i;
 
-	tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,q-buf,
+	tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf),
 		s->session->master_key,s->session->master_key_length,
 		out,buf2,12);
 	memset(&ctx,0,sizeof(EVP_MD_CTX));
@@ -515,14 +520,11 @@ unsigned char *out;
 	return((int)12);
 	}
 
-int tls1_mac(ssl,md,send)
-SSL *ssl;
-unsigned char *md;
-int send;
+int tls1_mac(SSL *ssl, unsigned char *md, int send)
 	{
 	SSL3_RECORD *rec;
 	unsigned char *mac_sec,*seq;
-	EVP_MD *hash;
+	const EVP_MD *hash;
 	unsigned int md_size;
 	int i;
 	HMAC_CTX hmac;
@@ -560,29 +562,26 @@ int send;
 
 #ifdef TLS_DEBUG
 printf("sec=");
-{int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }
+{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }
 printf("seq=");
 {int z; for (z=0; z<8; z++) printf("%02X ",seq[z]); printf("\n"); }
 printf("buf=");
 {int z; for (z=0; z<5; z++) printf("%02X ",buf[z]); printf("\n"); }
 printf("rec=");
-{int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
+{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
 #endif
 
 	for (i=7; i>=0; i--)
 		if (++seq[i]) break; 
 
 #ifdef TLS_DEBUG
-{int z; for (z=0; z<md_size; z++) printf("%02X ",md[z]); printf("\n"); }
+{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",md[z]); printf("\n"); }
 #endif
 	return(md_size);
 	}
 
-int tls1_generate_master_secret(s,out,p,len)
-SSL *s;
-unsigned char *out;
-unsigned char *p;
-int len;
+int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
+	     int len)
 	{
 	unsigned char buf[SSL3_RANDOM_SIZE*2+TLS_MD_MASTER_SECRET_CONST_SIZE];
 	unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH];
@@ -600,8 +599,7 @@ int len;
 	return(SSL3_MASTER_SECRET_SIZE);
 	}
 
-int tls1_alert_code(code)
-int code;
+int tls1_alert_code(int code)
 	{
 	switch (code)
 		{
diff --git a/lib/libssl/src/ssl/t1_lib.c b/lib/libssl/src/ssl/t1_lib.c
index f9fbfa414c8..ddf5c15799e 100644
--- a/lib/libssl/src/ssl/t1_lib.c
+++ b/lib/libssl/src/ssl/t1_lib.c
@@ -57,10 +57,10 @@
  */
 
 #include <stdio.h>
-#include "objects.h"
+#include <openssl/objects.h>
 #include "ssl_locl.h"
 
-char *tls1_version_str="TLSv1 part of SSLeay 0.9.0b 29-Jun-1998";
+char *tls1_version_str="TLSv1" OPENSSL_VERSION_PTEXT;
 
 #ifndef NO_PROTO
 static long tls1_default_timeout(void);
@@ -94,6 +94,7 @@ static SSL_METHOD TLSv1_data= {
 	ssl3_write,
 	ssl3_shutdown,
 	ssl3_renegotiate,
+	ssl3_renegotiate_check,
 	ssl3_ctrl,
 	ssl3_ctx_ctrl,
 	ssl3_get_cipher_by_char,
@@ -106,45 +107,38 @@ static SSL_METHOD TLSv1_data= {
 	&TLSv1_enc_data,
 	};
 
-static long tls1_default_timeout()
+static long tls1_default_timeout(void)
 	{
 	/* 2 hours, the 24 hours mentioned in the TLSv1 spec
 	 * is way too long for http, the cache would over fill */
 	return(60*60*2);
 	}
 
-SSL_METHOD *tlsv1_base_method()
+SSL_METHOD *tlsv1_base_method(void)
 	{
 	return(&TLSv1_data);
 	}
 
-int tls1_new(s)
-SSL *s;
+int tls1_new(SSL *s)
 	{
 	if (!ssl3_new(s)) return(0);
 	s->method->ssl_clear(s);
 	return(1);
 	}
 
-void tls1_free(s)
-SSL *s;
+void tls1_free(SSL *s)
 	{
 	ssl3_free(s);
 	}
 
-void tls1_clear(s)
-SSL *s;
+void tls1_clear(SSL *s)
 	{
 	ssl3_clear(s);
 	s->version=TLS1_VERSION;
 	}
 
 #if 0
-long tls1_ctrl(s,cmd,larg,parg)
-SSL *s;
-int cmd;
-long larg;
-char *parg;
+long tls1_ctrl(SSL *s, int cmd, long larg, char *parg)
 	{
 	return(0);
 	}
diff --git a/lib/libssl/src/ssl/t1_meth.c b/lib/libssl/src/ssl/t1_meth.c
index 512c2078e76..9bb36a7d1ca 100644
--- a/lib/libssl/src/ssl/t1_meth.c
+++ b/lib/libssl/src/ssl/t1_meth.c
@@ -57,11 +57,11 @@
  */
 
 #include <stdio.h>
-#include "objects.h"
+#include <openssl/objects.h>
 #include "ssl_locl.h"
 
-static SSL_METHOD *tls1_get_method(ver)
-int ver;
+static SSL_METHOD *tls1_get_method(int ver);
+static SSL_METHOD *tls1_get_method(int ver)
 	{
 	if (ver == TLS1_VERSION)
 		return(TLSv1_method());
@@ -69,19 +69,19 @@ int ver;
 		return(NULL);
 	}
 
-SSL_METHOD *TLSv1_method()
+SSL_METHOD *TLSv1_method(void)
 	{
 	static int init=1;
 	static SSL_METHOD TLSv1_data;
 
 	if (init)
 		{
-		init=0;
 		memcpy((char *)&TLSv1_data,(char *)tlsv1_base_method(),
 			sizeof(SSL_METHOD));
 		TLSv1_data.ssl_connect=ssl3_connect;
 		TLSv1_data.ssl_accept=ssl3_accept;
 		TLSv1_data.get_ssl_method=tls1_get_method;
+		init=0;
 		}
 	return(&TLSv1_data);
 	}
diff --git a/lib/libssl/src/ssl/t1_srvr.c b/lib/libssl/src/ssl/t1_srvr.c
index 8cf0addcd9e..996b7ca8e2e 100644
--- a/lib/libssl/src/ssl/t1_srvr.c
+++ b/lib/libssl/src/ssl/t1_srvr.c
@@ -57,15 +57,15 @@
  */
 
 #include <stdio.h>
-#include "buffer.h"
-#include "rand.h"
-#include "objects.h"
-#include "evp.h"
-#include "x509.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
 #include "ssl_locl.h"
 
-static SSL_METHOD *tls1_get_server_method(ver)
-int ver;
+static SSL_METHOD *tls1_get_server_method(int ver);
+static SSL_METHOD *tls1_get_server_method(int ver)
 	{
 	if (ver == TLS1_VERSION)
 		return(TLSv1_server_method());
@@ -73,18 +73,18 @@ int ver;
 		return(NULL);
 	}
 
-SSL_METHOD *TLSv1_server_method()
+SSL_METHOD *TLSv1_server_method(void)
 	{
 	static int init=1;
 	static SSL_METHOD TLSv1_server_data;
 
 	if (init)
 		{
-		init=0;
 		memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(),
 			sizeof(SSL_METHOD));
 		TLSv1_server_data.ssl_accept=ssl3_accept;
 		TLSv1_server_data.get_ssl_method=tls1_get_server_method;
+		init=0;
 		}
 	return(&TLSv1_server_data);
 	}
diff --git a/lib/libssl/src/ssl/tls1.h b/lib/libssl/src/ssl/tls1.h
index 60978613ef7..a931efa936a 100644
--- a/lib/libssl/src/ssl/tls1.h
+++ b/lib/libssl/src/ssl/tls1.h
@@ -59,12 +59,14 @@
 #ifndef HEADER_TLS1_H 
 #define HEADER_TLS1_H 
 
-#include "buffer.h"
+#include <openssl/buffer.h>
 
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
+#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES	0
+
 #define TLS1_VERSION			0x0301
 #define TLS1_VERSION_MAJOR		0x03
 #define TLS1_VERSION_MINOR		0x01
@@ -82,6 +84,23 @@ extern "C" {
 #define TLS1_AD_USER_CANCLED		90
 #define TLS1_AD_NO_RENEGOTIATION	100
 
+#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5		0x03000060
+#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5	0x03000061
+#define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA		0x03000062
+#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA	0x03000063
+#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA		0x03000064
+#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA	0x03000065
+#define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA		0x03000066
+
+#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5		"EXP1024-RC4-MD5"
+#define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5	"EXP1024-RC2-CBC-MD5"
+#define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA	"EXP1024-DES-CBC-SHA"
+#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA	"EXP1024-DHE-DSS-DES-CBC-SHA"
+#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA		"EXP1024-RC4-SHA"
+#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA	"EXP1024-DHE-DSS-RC4-SHA"
+#define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA		"DHE-DSS-RC4-SHA"
+
+
 #define TLS_CT_RSA_SIGN			1
 #define TLS_CT_DSS_SIGN			2
 #define TLS_CT_RSA_FIXED_DH		3
@@ -108,6 +127,25 @@ extern "C" {
 #define TLS_MD_MASTER_SECRET_CONST		"master secret"
 #define TLS_MD_MASTER_SECRET_CONST_SIZE		13
 
+#ifdef CHARSET_EBCDIC
+#undef TLS_MD_CLIENT_FINISH_CONST
+#define TLS_MD_CLIENT_FINISH_CONST    "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64"  /*client finished*/
+#undef TLS_MD_SERVER_FINISH_CONST
+#define TLS_MD_SERVER_FINISH_CONST    "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64"  /*server finished*/
+#undef TLS_MD_SERVER_WRITE_KEY_CONST
+#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"  /*server write key*/
+#undef TLS_MD_KEY_EXPANSION_CONST
+#define TLS_MD_KEY_EXPANSION_CONST    "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e"  /*key expansion*/
+#undef TLS_MD_CLIENT_WRITE_KEY_CONST
+#define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"  /*client write key*/
+#undef TLS_MD_SERVER_WRITE_KEY_CONST
+#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"  /*server write key*/
+#undef TLS_MD_IV_BLOCK_CONST
+#define TLS_MD_IV_BLOCK_CONST         "\x49\x56\x20\x62\x6c\x6f\x63\x6b"  /*IV block*/
+#undef TLS_MD_MASTER_SECRET_CONST
+#define TLS_MD_MASTER_SECRET_CONST    "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74"  /*master secret*/
+#endif
+
 #ifdef  __cplusplus
 }
 #endif
diff --git a/lib/libssl/src/test/.rnd b/lib/libssl/src/test/.rnd
deleted file mode 100644
index 234970e2412..00000000000
--- a/lib/libssl/src/test/.rnd
+++ /dev/null
diff --git a/lib/libssl/src/test/Makefile.ssl b/lib/libssl/src/test/Makefile.ssl
index b3de76751e1..2133ff15757 100644
--- a/lib/libssl/src/test/Makefile.ssl
+++ b/lib/libssl/src/test/Makefile.ssl
@@ -7,17 +7,22 @@ TOP=		..
 CC=		cc
 INCLUDES=	-I../include
 CFLAG=		-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=	/usr/local/ssl
 MAKEFILE=	Makefile.ssl
 MAKE=		make -f $(MAKEFILE)
-MAKEDEPEND=	makedepend -f$(MAKEFILE)
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 
 PEX_LIBS=
 EX_LIBS= #-lnsl -lsocket
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
-GENERAL=Makefile.ssl
+GENERAL=Makefile.ssl maketests.com \
+	tests.com testenc.com tx509.com trsa.com tcrl.com tsid.com treq.com \
+	tpkcs7.com tpkcs7d.com tverify.com testgen.com testss.com testssl.com \
+	testca.com VMSca-response.1 VMSca-response.2
 
 DLIBCRYPTO= ../libcrypto.a
 DLIBSSL= ../libssl.a
@@ -45,12 +50,13 @@ DHTEST=		dhtest
 DSATEST=	dsatest
 METHTEST=	methtest
 SSLTEST=	ssltest
+RSATEST=	rsa_oaep_test
 
 EXE=	$(BNTEST) $(IDEATEST) $(MD2TEST)  $(MD5TEST) $(HMACTEST) \
 	$(RC2TEST) $(RC4TEST) $(RC5TEST) \
 	$(DESTEST) $(SHATEST) $(SHA1TEST) $(MDC2TEST) $(RMDTEST) \
 	$(RANDTEST) $(DHTEST) \
-	$(BFTEST) $(CASTTEST) $(SSLTEST) $(EXPTEST) $(DSATEST)
+	$(BFTEST) $(CASTTEST) $(SSLTEST) $(EXPTEST) $(DSATEST) $(RSATEST)
 
 # $(METHTEST)
 
@@ -58,12 +64,12 @@ OBJ=	$(BNTEST).o $(IDEATEST).o $(MD2TEST).o  $(MD5TEST).o $(HMACTEST).o \
 	$(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \
 	$(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(MDC2TEST).o $(RMDTEST).o \
 	$(RANDTEST).o $(DHTEST).o $(CASTTEST).o \
-	$(BFTEST).o  $(SSLTEST).o  $(DSATEST).o  $(EXPTEST).o
+	$(BFTEST).o  $(SSLTEST).o  $(DSATEST).o  $(EXPTEST).o $(RSATEST).o
 SRC=	$(BNTEST).c $(IDEATEST).c $(MD2TEST).c  $(MD5TEST).c  $(HMACTEST).c \
 	$(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \
 	$(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \
 	$(RANDTEST).c $(DHTEST).c $(CASTTEST).c \
-	$(BFTEST).c  $(SSLTEST).c $(DSATEST).c   $(EXPTEST).c
+	$(BFTEST).c  $(SSLTEST).c $(DSATEST).c   $(EXPTEST).c $(RSATEST).c
 
 EXHEADER= 
 HEADER=	$(EXHEADER)
@@ -78,11 +84,10 @@ all:	exe
 exe:	$(EXE)
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
+	@@$(TOP)/util/point.sh Makefile.ssl Makefile
 
 errors:
 
@@ -94,15 +99,15 @@ tags:
 tests:	exe apps \
 	test_des test_idea test_sha test_md5 test_hmac test_md2 test_mdc2 \
 	test_rc2 test_rc4 test_rc5 test_bf test_cast \
-	test_rand test_enc test_x509 test_rsa test_crl test_sid test_req \
-	test_pkcs7 test_bn test_verify test_dh test_dsa test_reqgen \
+	test_rand test_bn test_enc test_x509 test_rsa test_crl test_sid \
+	test_reqgen test_req test_pkcs7 test_verify test_dh test_dsa \
 	test_ss test_ssl test_ca
 
 apps:
 	@(cd ../apps; $(MAKE)  CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' all)
 
 test_des:
-	#./$(DESTEST)
+	./$(DESTEST)
 
 test_idea:
 	./$(IDEATEST)
@@ -157,6 +162,7 @@ test_x509:
 
 test_rsa:
 	@sh ./trsa 2>/dev/null
+	./$(RSATEST)
 
 test_crl:
 	@sh ./tcrl 2>/dev/null
@@ -173,17 +179,17 @@ test_pkcs7:
 	@sh ./tpkcs7d 2>/dev/null
 
 test_bn:
-	@echo 'test a^b%c implementations'
-	./$(EXPTEST)
 	@echo starting big number library test, could take a while...
 	@(./$(BNTEST)|bc) | awk '{ \
 if ($$0 != "0") {print "error"; exit(1); } \
 if (((NR+1)%64) == 0) print NR+1," tests done"; }'
+	@echo 'test a^b%c implementations'
+	./$(EXPTEST)
 
 test_verify:
 	@echo "The following command should have some OK's and some failures"
 	@echo "There are definitly a few expired certificates"
-	../apps/ssleay verify -CApath ../certs ../certs/*.pem
+	../apps/openssl verify -CApath ../certs ../certs/*.pem
 
 test_dh:
 	@echo "Generate as set of DH parameters"
@@ -213,14 +219,14 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(SRC)
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(SRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss log
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss log
 
 $(DLIBSSL):
 	(cd ../ssl; $(MAKE))
@@ -228,6 +234,9 @@ $(DLIBSSL):
 $(DLIBCRYPTO):
 	(cd ../crypto; $(MAKE))
 
+$(RSATEST): $(RSATEST).o $(DLIBCRYPTO)
+	$(CC) -o $(RSATEST) $(CFLAGS) $(RSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
 $(BNTEST): $(BNTEST).o $(DLIBCRYPTO)
 	$(CC) -o $(BNTEST) $(CFLAGS) $(BNTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
@@ -292,3 +301,88 @@ $(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
 	$(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+bftest.o: ../include/openssl/blowfish.h
+bntest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+bntest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+bntest.o: ../include/openssl/cast.h ../include/openssl/crypto.h
+bntest.o: ../include/openssl/des.h ../include/openssl/dh.h
+bntest.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+bntest.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+bntest.o: ../include/openssl/evp.h ../include/openssl/idea.h
+bntest.o: ../include/openssl/md2.h ../include/openssl/md5.h
+bntest.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+bntest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+bntest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+bntest.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+bntest.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+bntest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+bntest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+bntest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+casttest.o: ../include/openssl/cast.h
+destest.o: ../include/openssl/des.h ../include/openssl/e_os2.h
+destest.o: ../include/openssl/opensslconf.h
+dhtest.o: ../include/openssl/bio.h ../include/openssl/bn.h
+dhtest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+dhtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dhtest.o: ../include/openssl/stack.h
+dsatest.o: ../include/openssl/bio.h ../include/openssl/bn.h
+dsatest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+dsatest.o: ../include/openssl/dsa.h ../include/openssl/err.h
+dsatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dsatest.o: ../include/openssl/rand.h ../include/openssl/stack.h
+exptest.o: ../include/openssl/bio.h ../include/openssl/bn.h
+exptest.o: ../include/openssl/crypto.h ../include/openssl/err.h
+exptest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+exptest.o: ../include/openssl/rand.h ../include/openssl/stack.h
+hmactest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+hmactest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+hmactest.o: ../include/openssl/cast.h ../include/openssl/crypto.h
+hmactest.o: ../include/openssl/des.h ../include/openssl/dh.h
+hmactest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+hmactest.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+hmactest.o: ../include/openssl/idea.h ../include/openssl/md2.h
+hmactest.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+hmactest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+hmactest.o: ../include/openssl/opensslv.h ../include/openssl/rc2.h
+hmactest.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+hmactest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+hmactest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+hmactest.o: ../include/openssl/stack.h
+ideatest.o: ../include/openssl/idea.h ../include/openssl/opensslconf.h
+md2test.o: ../include/openssl/md2.h ../include/openssl/opensslconf.h
+md5test.o: ../include/openssl/md5.h
+mdc2test.o: ../include/openssl/des.h ../include/openssl/e_os2.h
+mdc2test.o: ../include/openssl/mdc2.h ../include/openssl/opensslconf.h
+randtest.o: ../include/openssl/rand.h
+rc2test.o: ../include/openssl/opensslconf.h ../include/openssl/rc2.h
+rc4test.o: ../include/openssl/opensslconf.h ../include/openssl/rc4.h
+rc5test.o: ../include/openssl/rc5.h
+rmdtest.o: ../include/openssl/ripemd.h
+rsa_oaep_test.o: ../include/openssl/bn.h ../include/openssl/crypto.h
+rsa_oaep_test.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+rsa_oaep_test.o: ../include/openssl/err.h ../include/openssl/opensslconf.h
+rsa_oaep_test.o: ../include/openssl/opensslv.h ../include/openssl/rsa.h
+rsa_oaep_test.o: ../include/openssl/stack.h
+sha1test.o: ../include/openssl/sha.h
+shatest.o: ../include/openssl/sha.h
+ssltest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ssltest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ssltest.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ssltest.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssltest.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ssltest.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+ssltest.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssltest.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+ssltest.o: ../include/openssl/md2.h ../include/openssl/md5.h
+ssltest.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+ssltest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssltest.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssltest.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ssltest.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ssltest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ssltest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssltest.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssltest.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssltest.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+ssltest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
diff --git a/lib/libssl/src/test/VMSca-response.1 b/lib/libssl/src/test/VMSca-response.1
new file mode 100644
index 00000000000..8b137891791
--- /dev/null
+++ b/lib/libssl/src/test/VMSca-response.1
@@ -0,0 +1 @@
+
diff --git a/lib/libssl/src/test/VMSca-response.2 b/lib/libssl/src/test/VMSca-response.2
new file mode 100644
index 00000000000..9b48ee4cf97
--- /dev/null
+++ b/lib/libssl/src/test/VMSca-response.2
@@ -0,0 +1,2 @@
+y
+y
diff --git a/lib/libssl/src/test/certCA.srl b/lib/libssl/src/test/certCA.srl
deleted file mode 100644
index 39f5b69311d..00000000000
--- a/lib/libssl/src/test/certCA.srl
+++ /dev/null
@@ -1 +0,0 @@
-71
diff --git a/lib/libssl/src/test/maketests.com b/lib/libssl/src/test/maketests.com
new file mode 100644
index 00000000000..e4b052e6887
--- /dev/null
+++ b/lib/libssl/src/test/maketests.com
@@ -0,0 +1,1053 @@
+$!
+$!  MAKETESTS.COM
+$!  Written By:  Robert Byer
+$!               Vice-President
+$!               A-Com Computing, Inc.
+$!               byer@mail.all-net.net
+$!
+$!  Changes by Richard Levitte <richard@levitte.org>
+$!
+$!  This command files compiles and creates all the various different
+$!  "test" programs for the different types of encryption for OpenSSL.
+$!  It was written so it would try to determine what "C" compiler to
+$!  use or you can specify which "C" compiler to use.
+$!
+$!  The test "executeables" will be placed in a directory called
+$!  [.xxx.EXE.TEST] where "xxx" denotes AXP or VAX depending on your machines
+$!  architecture.
+$!
+$!  Specify RSAREF as P1 to compile with the RSAREF library instead of
+$!  the regular one.  If you specify NORSAREF it will compile with the
+$!  regular RSAREF routines.  (Note: If you are in the United States
+$!  you MUST compile with RSAREF unless you have a license from RSA).
+$!
+$!  Note: The RSAREF libraries are NOT INCLUDED and you have to
+$!        download it from "ftp://ftp.rsa.com/rsaref".  You have to
+$!        get the ".tar-Z" file as the ".zip" file dosen't have the
+$!        directory structure stored.  You have to extract the file
+$!        into the [.RSAREF] directory under the root directory as that
+$!        is where the scripts will look for the files.
+$!
+$!  Specify DEBUG or NODEBUG P2 to compile with or without debugger
+$!  information.
+$!
+$!  Specify which compiler at P3 to try to compile under.
+$!
+$!	   VAXC	 For VAX C.
+$!	   DECC	 For DEC C.
+$!	   GNUC	 For GNU C.
+$!
+$!  If you don't speficy a compiler, it will try to determine which
+$!  "C" compiler to use.
+$!
+$!  P4, if defined, sets a TCP/IP library to use, through one of the following
+$!  keywords:
+$!
+$!	UCX		for UCX
+$!	SOCKETSHR	for SOCKETSHR+NETLIB
+$!
+$!  P5, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
+$!
+$!
+$! Define A TCP/IP Library That We Will Need To Link To.
+$! (That is, If Wee Need To Link To One.)
+$!
+$ TCPIP_LIB = ""
+$!
+$! Check Which Architecture We Are Using.
+$!
+$ IF (F$GETSYI("CPU").GE.128) 
+$ THEN
+$!
+$!  The Architecture Is AXP.
+$!
+$   ARCH := AXP
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  The Architecture Is VAX.
+$!
+$   ARCH := VAX
+$!
+$! End The Architecture Check.
+$!
+$ ENDIF
+$!
+$! Check To Make Sure We Have Valid Command Line Parameters.
+$!
+$ GOSUB CHECK_OPTIONS
+$!
+$! Initialise logical names and such
+$!
+$ GOSUB INITIALISE
+$!
+$! Tell The User What Kind of Machine We Run On.
+$!
+$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
+$!
+$! Define The CRYPTO-LIB We Are To Use.
+$!
+$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.OLB
+$!
+$! Define The RSAREF-LIB We Are To Use.
+$!
+$ RSAREF_LIB := SYS$DISK:[-.'ARCH'.EXE.RSAREF]LIBRSAGLUE.OLB
+$!
+$! Define The SSL We Are To Use.
+$!
+$ SSL_LIB := SYS$DISK:[-.'ARCH'.EXE.SSL]LIBSSL.OLB
+$!
+$! Define The OBJ Directory.
+$!
+$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.TEST]
+$!
+$! Check To See If The Architecture Specific OBJ Directory Exists.
+$!
+$ IF (F$PARSE(OBJ_DIR).EQS."")
+$ THEN
+$!
+$!  The EXE Directory Dosen't Exist, So Create It.
+$!
+$   CREATE/DIRECTORY 'OBJ_DIR'
+$!
+$! End The Architecture Specific OBJ Directory Check.
+$!
+$ ENDIF
+$!
+$! Define The EXE Directory.
+$!
+$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.TEST]
+$!
+$! Check To See If The Architecture Specific EXE Directory Exists.
+$!
+$ IF (F$PARSE(EXE_DIR).EQS."")
+$ THEN
+$!
+$!  The EXE Directory Dosen't Exist, So Create It.
+$!
+$   CREATE/DIRECTORY 'EXE_DIR'
+$!
+$! End The Architecture Specific EXE Directory Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Have The Proper Libraries.
+$!
+$ GOSUB LIB_CHECK
+$!
+$! Check To See If We Have A Linker Option File.
+$!
+$ GOSUB CHECK_OPT_FILE
+$!
+$! Define The TEST Files.
+$!
+$ TEST_FILES = "BNTEST,IDEATEST,MD2TEST,MD5TEST,HMACTEST,"+ -
+	       "RC2TEST,RC4TEST,RC5TEST,"+ -
+	       "DESTEST,SHATEST,SHA1TEST,MDC2TEST,RMDTEST,"+ -
+	       "RANDTEST,DHTEST,"+ -
+	       "BFTEST,CASTTEST,SSLTEST,EXPTEST,DSATEST,RSA_OAEP_TEST"
+$ TCPIP_PROGRAMS = ",,"
+$ IF COMPILER .EQS. "VAXC" THEN -
+     TCPIP_PROGRAMS = ",SSLTEST,"
+$!
+$!  Define A File Counter And Set It To "0".
+$!
+$ FILE_COUNTER = 0
+$!
+$! Top Of The File Loop.
+$!
+$ NEXT_FILE:
+$!
+$! O.K, Extract The File Name From The File List.
+$!
+$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",TEST_FILES)
+$!
+$! Check To See If We Are At The End Of The File List.
+$!
+$ IF (FILE_NAME.EQS.",") THEN GOTO FILE_DONE
+$!
+$! Increment The Counter.
+$!
+$ FILE_COUNTER = FILE_COUNTER + 1
+$!
+$! Create The Source File Name.
+$!
+$ SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME + ".C"
+$!
+$! Create The Object File Name.
+$!
+$ OBJECT_FILE = OBJ_DIR + FILE_NAME + ".OBJ"
+$!
+$! Create The Executable File Name.
+$!
+$ EXE_FILE = EXE_DIR + FILE_NAME + ".EXE"
+$ ON WARNING THEN GOTO NEXT_FILE
+$!
+$! Check To See If The File We Want To Compile Actually Exists.
+$!
+$ IF (F$SEARCH(SOURCE_FILE).EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Dosen't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Dosen't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   GOTO EXIT
+$ ENDIF
+$!
+$! Tell The User What We Are Building.
+$!
+$ WRITE SYS$OUTPUT "Building The ",FILE_NAME," Test Program."
+$!
+$! Compile The File.
+$!
+$ ON ERROR THEN GOTO NEXT_FILE
+$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$ ON WARNING THEN GOTO NEXT_FILE
+$!
+$! Check If What We Are About To Compile Works Without A TCP/IP Library.
+$!
+$ IF ((TCPIP_LIB.EQS."").AND.((TCPIP_PROGRAMS-FILE_NAME).NES.TCPIP_PROGRAMS))
+$ THEN
+$!
+$!  Inform The User That A TCP/IP Library Is Needed To Compile This Program.
+$!
+$   WRITE SYS$OUTPUT FILE_NAME," Needs A TCP/IP Library.  Can't Link.  Skipping..."
+$   GOTO NEXT_FILE
+$!
+$! End The TCP/IP Library Check.
+$!
+$ ENDIF
+$!
+$! Link The Program, Check To See If We Need To Link With RSAREF Or Not.
+$!
+$ IF (RSAREF.EQS."TRUE")
+$ THEN
+$!
+$!  Check To See If We Are To Link With A Specific TCP/IP Library.
+$!
+$   IF (TCPIP_LIB.NES."")
+$   THEN
+$!
+$!    Link With The RSAREF Library And A Specific TCP/IP Library.
+$!
+$     LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' -
+	  'OBJECT_FILE',-
+	  'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY,'RSAREF_LIB'/LIBRARY, -
+          'TCPIP_LIB','OPT_FILE'/OPTION
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Link With The RSAREF Library And NO TCP/IP Library.
+$!
+$     LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' -
+	  'OBJECT_FILE', -
+          'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY,'RSAREF_LIB'/LIBRARY, -
+          'OPT_FILE'/OPTION
+$!
+$!  End The TCP/IP Library Check.
+$!
+$   ENDIF
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  Don't Link With The RSAREF Routines.
+$!
+$!
+$!  Check To See If We Are To Link With A Specific TCP/IP Library.
+$!
+$   IF (TCPIP_LIB.NES."")
+$   THEN
+$!
+$!    Don't Link With The RSAREF Routines And TCP/IP Library.
+$!
+$   LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' -
+	'OBJECT_FILE', -
+        'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, -
+        'TCPIP_LIB','OPT_FILE'/OPTION
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Don't Link With The RSAREF Routines And Link With A TCP/IP Library.
+$!
+$   LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' -
+	'OBJECT_FILE', -
+        'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, -
+        'OPT_FILE'/OPTION
+$!
+$!  End The TCP/IP Library Check.
+$!
+$   ENDIF
+$!
+$! End The RSAREF Link Check.
+$!
+$ ENDIF 
+$!
+$! Go Back And Do It Again.
+$!
+$ GOTO NEXT_FILE
+$!
+$! All Done With This Library Part.
+$!
+$ FILE_DONE:
+$!
+$! All Done, Time To Exit.
+$!
+$ EXIT:
+$ GOSUB CLEANUP
+$ EXIT
+$!
+$! Check For The Link Option FIle.
+$!
+$ CHECK_OPT_FILE:
+$!
+$! Check To See If We Need To Make A VAX C Option File.
+$!
+$ IF (COMPILER.EQS."VAXC")
+$ THEN
+$!
+$!  Check To See If We Already Have A VAX C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    We Need A VAX C Linker Option File.
+$!
+$     CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable VAX C Runtime Library.
+!
+SYS$SHARE:VAXCRTL.EXE/SHARE
+$EOD
+$!
+$!  End The Option File Check.
+$!
+$   ENDIF
+$!
+$! End The VAXC Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A GNU C Option File.
+$!
+$ IF (COMPILER.EQS."GNUC")
+$ THEN
+$!
+$!  Check To See If We Already Have A GNU C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    We Need A GNU C Linker Option File.
+$!
+$     CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable C Runtime Library.
+!
+GNU_CC:[000000]GCCLIB/LIBRARY
+SYS$SHARE:VAXCRTL/SHARE
+$EOD
+$!
+$!  End The Option File Check.
+$!
+$   ENDIF
+$!
+$! End The GNU C Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A DEC C Option File.
+$!
+$ IF (COMPILER.EQS."DECC")
+$ THEN
+$!
+$!  Check To See If We Already Have A DEC C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    Figure Out If We Need An AXP Or A VAX Linker Option File.
+$!
+$     IF (ARCH.EQS."VAX")
+$     THEN
+$!
+$!      We Need A DEC C Linker Option File For VAX.
+$!
+$       CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable DEC C Runtime Library.
+!
+SYS$SHARE:DECC$SHR.EXE/SHARE
+$EOD
+$!
+$!    Else...
+$!
+$     ELSE
+$!
+$!      Create The AXP Linker Option File.
+$!
+$       CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File For AXP To Link Agianst 
+! The Sharable C Runtime Library.
+!
+SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
+SYS$SHARE:CMA$OPEN_RTL/SHARE
+$EOD
+$!
+$!    End The VAX/AXP DEC C Option File Check.
+$!
+$     ENDIF
+$!
+$!  End The Option File Search.
+$!
+$   ENDIF
+$!
+$! End The DEC C Check.
+$!
+$ ENDIF
+$!
+$!  Tell The User What Linker Option File We Are Using.
+$!
+$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"."	
+$!
+$! Time To RETURN.
+$!
+$ RETURN
+$!
+$! Check To See If We Have The Appropiate Libraries.
+$!
+$ LIB_CHECK:
+$!
+$! Look For The Library LIBCRYPTO.OLB.
+$!
+$ IF (F$SEARCH(CRYPTO_LIB).EQS."")
+$ THEN
+$!
+$!  Tell The User We Can't Find The LIBCRYPTO.OLB Library.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "Can't Find The Library ",CRYPTO_LIB,"."
+$   WRITE SYS$OUTPUT "We Can't Link Without It."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Since We Can't Link Without It, Exit.
+$!
+$   EXIT
+$!
+$! End The Crypto Library Check.
+$!
+$ ENDIF
+$!
+$! See If We Need The RSAREF Library...
+$!
+$ IF (RSAREF.EQS."TRUE")
+$ THEN
+$!
+$!  Look For The Library LIBRSAGLUE.OLB.
+$!
+$   IF (F$SEARCH(RSAREF_LIB).EQS."")
+$   THEN
+$!
+$!    Tell The User We Can't Find The LIBRSAGLUE.OLB Library.
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "Can't Find The Library ",RSAREF_LIB,"."
+$     WRITE SYS$OUTPUT "We Can't Link Without It."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Since We Can't Link Without It, Exit.
+$!
+$     EXIT
+$   ENDIF
+$!
+$! End The RSAREF Library Check.
+$!
+$ ENDIF
+$!
+$! Look For The Library LIBSSL.OLB.
+$!
+$ IF (F$SEARCH(SSL_LIB).EQS."")
+$ THEN
+$!
+$!  Tell The User We Can't Find The LIBSSL.OLB Library.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "Can't Find The Library ",SSL_LIB,"."
+$   WRITE SYS$OUTPUT "Some Of The Test Programs Need To Link To It."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Since We Can't Link Without It, Exit.
+$!
+$   EXIT
+$!
+$! End The SSL Library Check.
+$!
+$ ENDIF
+$!
+$! Time To Return.
+$!
+$ RETURN
+$!
+$! Check The User's Options.
+$!
+$ CHECK_OPTIONS:
+$!
+$! Check To See If P1 Is Blank.
+$!
+$ IF (P1.EQS."NORSAREF")
+$ THEN
+$!
+$!   P1 Is NORSAREF, So Compile With The Regular RSA Libraries.
+$!
+$    RSAREF = "FALSE"
+$ ELSE
+$!
+$!  Check To See If We Are To Use The RSAREF Library.
+$!
+$   IF (P1.EQS."RSAREF")
+$   THEN
+$!
+$!    Check To Make Sure We Have The RSAREF Source Code Directory.
+$!
+$     IF (F$SEARCH("SYS$DISK:[-.RSAREF]SOURCE.DIR").EQS."")
+$     THEN
+$!
+$!      We Don't Have The RSAREF Souce Code Directory, So Tell The
+$!      User This.
+$!
+$       WRITE SYS$OUTPUT ""
+$       WRITE SYS$OUTPUT "It appears that you don't have the RSAREF Souce Code."
+$       WRITE SYS$OUTPUT "You need to go to 'ftp://ftp.rsa.com/rsaref'.  You have to"
+$       WRITE SYS$OUTPUT "get the '.tar-Z' file as the '.zip' file dosen't have the"
+$       WRITE SYS$OUTPUT "directory structure stored.  You have to extract the file"
+$       WRITE SYS$OUTPUT "into the [.RSAREF] directory under the root directory"
+$       WRITE SYS$OUTPUT "as that is where the scripts will look for the files."
+$       WRITE SYS$OUTPUT ""
+$!
+$!      Time To Exit.
+$!
+$       EXIT
+$!
+$!    Else, Compile Using The RSAREF Library.
+$!
+$     ELSE
+$       RSAREF = "TRUE"
+$     ENDIF
+$   ELSE 
+$!
+$!    They Entered An Invalid Option..
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ",P1," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "     RSAREF   :  Compile With The RSAREF Library."
+$     WRITE SYS$OUTPUT "     NORSAREF :  Compile With The Regular RSA Library."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$!
+$!  End The Valid Arguement Check.
+$!
+$   ENDIF
+$!
+$! End The P1 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If P2 Is Blank.
+$!
+$ IF (P2.EQS."NODEBUG")
+$ THEN
+$!
+$!   P2 Is NODEBUG, So Compile Without Debugger Information.
+$!
+$    DEBUGGER  = "NODEBUG"
+$    TRACEBACK = "NOTRACEBACK" 
+$    GCC_OPTIMIZE = "OPTIMIZE"
+$    CC_OPTIMIZE = "OPTIMIZE"
+$    WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
+$    WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  Check To See If We Are To Compile With Debugger Information.
+$!
+$   IF (P2.EQS."DEBUG")
+$   THEN
+$!
+$!    Compile With Debugger Information.
+$!
+$     DEBUGGER  = "DEBUG"
+$     TRACEBACK = "TRACEBACK"
+$     GCC_OPTIMIZE = "NOOPTIMIZE"
+$     CC_OPTIMIZE = "NOOPTIMIZE"
+$     WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
+$     WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Tell The User Entered An Invalid Option..
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ",P2," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "    DEBUG    :  Compile With The Debugger Information."
+$     WRITE SYS$OUTPUT "    NODEBUG  :  Compile Without The Debugger Information."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$!
+$!  End The Valid Arguement Check.
+$!
+$   ENDIF
+$!
+$! End The P3 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If P3 Is Blank.
+$!
+$ IF (P3.EQS."")
+$ THEN
+$!
+$!  O.K., The User Didn't Specify A Compiler, Let's Try To
+$!  Find Out Which One To Use.
+$!
+$!  Check To See If We Have GNU C.
+$!
+$   IF (F$TRNLNM("GNU_CC").NES."")
+$   THEN
+$!
+$!    Looks Like GNUC, Set To Use GNUC.
+$!
+$     P3 = "GNUC"
+$!
+$!  End The GNU C Compiler Check.
+$!
+$   ELSE
+$!
+$!  Check To See If We Have VAXC Or DECC.
+$!
+$     IF (ARCH.EQS."AXP").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
+$     THEN 
+$!
+$!      Looks Like DECC, Set To Use DECC.
+$!
+$       P3 = "DECC"
+$!
+$!      Else...
+$!
+$     ELSE
+$!
+$!      Looks Like VAXC, Set To Use VAXC.
+$!
+$       P3 = "VAXC"
+$!
+$!    End The VAXC Compiler Check.
+$!
+$     ENDIF
+$!
+$!  End The DECC & VAXC Compiler Check.
+$!
+$   ENDIF
+$!
+$!  End The Compiler Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Have A Option For P4.
+$!
+$ IF (P4.EQS."")
+$ THEN
+$!
+$!  Find out what socket library we have available
+$!
+$   IF F$PARSE("SOCKETSHR:") .NES. ""
+$   THEN
+$!
+$!    We have SOCKETSHR, and it is my opinion that it's the best to use.
+$!
+$     P4 = "SOCKETSHR"
+$!
+$!    Tell the user
+$!
+$     WRITE SYS$OUTPUT "Using SOCKETSHR for TCP/IP"
+$!
+$!    Else, let's look for something else
+$!
+$   ELSE
+$!
+$!    Like UCX (the reason to do this before Multinet is that the UCX
+$!    emulation is easier to use...)
+$!
+$     IF F$TRNLNM("UCX$IPC_SHR") .NES. "" -
+	 .OR. F$PARSE("SYS$SHARE:UCX$IPC_SHR.EXE") .NES. "" -
+	 .OR. F$PARSE("SYS$LIBRARY:UCX$IPC.OLB") .NES. ""
+$     THEN
+$!
+$!	Last resort: a UCX or UCX-compatible library
+$!
+$	P4 = "UCX"
+$!
+$!      Tell the user
+$!
+$       WRITE SYS$OUTPUT "Using UCX or an emulation thereof for TCP/IP"
+$!
+$!	That was all...
+$!
+$     ENDIF
+$   ENDIF
+$ ENDIF
+$!
+$! Set Up Initial CC Definitions, Possibly With User Ones
+$!
+$ CCDEFS = "VMS=1,TCPIP_TYPE_''P4'"
+$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
+$ CCEXTRAFLAGS = ""
+$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
+$ CCDISABLEWARNINGS = ""
+$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
+	CCDISABLEWARNINGS = USER_CCDISABLEWARNINGS
+$!
+$!  Check To See If The User Entered A Valid Paramter.
+$!
+$ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC")
+$ THEN
+$!
+$!  Check To See If The User Wanted DECC.
+$!
+$   IF (P3.EQS."DECC")
+$   THEN
+$!
+$!    Looks Like DECC, Set To Use DECC.
+$!
+$     COMPILER = "DECC"
+$!
+$!    Tell The User We Are Using DECC.
+$!
+$     WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
+$!
+$!    Use DECC...
+$!
+$     CC = "CC"
+$     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
+	 THEN CC = "CC/DECC"
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
+           "/NOLIST/PREFIX=ALL" + CCEXTRAFLAGS
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT"
+$!
+$!  End DECC Check.
+$!
+$   ENDIF
+$!
+$!  Check To See If We Are To Use VAXC.
+$!
+$   IF (P3.EQS."VAXC")
+$   THEN
+$!
+$!    Looks Like VAXC, Set To Use VAXC.
+$!
+$     COMPILER = "VAXC"
+$!
+$!    Tell The User We Are Using VAX C.
+$!
+$     WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
+$!
+$!    Compile Using VAXC.
+$!
+$     CC = "CC"
+$     IF ARCH.EQS."AXP"
+$     THEN
+$	WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
+$	EXIT
+$     ENDIF
+$     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS
+$     CCDEFS = CCDEFS + ",""VAXC"""
+$!
+$!    Define <sys> As SYS$COMMON:[SYSLIB]
+$!
+$     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT"
+$!
+$!  End VAXC Check
+$!
+$   ENDIF
+$!
+$!  Check To See If We Are To Use GNU C.
+$!
+$   IF (P3.EQS."GNUC")
+$   THEN
+$!
+$!    Looks Like GNUC, Set To Use GNUC.
+$!
+$     COMPILER = "GNUC"
+$!
+$!    Tell The User We Are Using GNUC.
+$!
+$     WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
+$!
+$!    Use GNU C...
+$!
+$     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT"
+$!
+$!  End The GNU C Check.
+$!
+$   ENDIF
+$!
+$!  Set up default defines
+$!
+$   CCDEFS = """FLAT_INC=1""," + CCDEFS
+$!
+$!  Check To See If We Are To Compile With RSAREF Routines.
+$!
+$   IF (RSAREF.EQS."TRUE")
+$   THEN
+$!
+$!    Compile With RSAREF.
+$!
+$     CCDEFS = CCDEFS + ",""RSAref=1"""
+$!
+$!    Tell The User This.
+$!
+$     WRITE SYS$OUTPUT "Compiling With RSAREF Routines."
+$!
+$!    Else, We Don't Care.  Compile Without The RSAREF Library.
+$!
+$   ELSE
+$!
+$!    Tell The User We Are Compile Without The RSAREF Routines.
+$!
+$     WRITE SYS$OUTPUT "Compiling Without The RSAREF Routines.
+$!
+$!  End The RSAREF Check.
+$!
+$   ENDIF
+$!
+$!  Finish up the definition of CC.
+$!
+$   IF COMPILER .EQS. "DECC"
+$   THEN
+$     IF CCDISABLEWARNINGS .EQS. ""
+$     THEN
+$       CC4DISABLEWARNINGS = "DOLLARID"
+$     ELSE
+$       CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
+$       CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
+$     ENDIF
+$     CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
+$   ELSE
+$     CCDISABLEWARNINGS = ""
+$     CC4DISABLEWARNINGS = ""
+$   ENDIF
+$   CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
+$!
+$!  Show user the result
+$!
+$   WRITE SYS$OUTPUT "Main Compiling Command: ",CC
+$!
+$!  Else The User Entered An Invalid Arguement.
+$!
+$ ELSE
+$!
+$!  Tell The User We Don't Know What They Want.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The Option ",P3," Is Invalid.  The Valid Options Are:"
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "    VAXC  :  To Compile With VAX C."
+$   WRITE SYS$OUTPUT "    DECC  :  To Compile With DEC C."
+$   WRITE SYS$OUTPUT "    GNUC  :  To Compile With GNU C."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Time To EXIT.
+$!
+$   EXIT
+$ ENDIF
+$!
+$! Time to check the contents, and to make sure we get the correct library.
+$!
+$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX"
+$ THEN
+$!
+$!  Check to see if SOCKETSHR was chosen
+$!
+$   IF P4.EQS."SOCKETSHR"
+$   THEN
+$!
+$!    Set the library to use SOCKETSHR
+$!
+$     TCPIP_LIB = "[-.VMS]SOCKETSHR_SHR.OPT/OPT"
+$!
+$!    Done with SOCKETSHR
+$!
+$   ENDIF
+$!
+$!  Check to see if MULTINET was chosen
+$!
+$   IF P4.EQS."MULTINET"
+$   THEN
+$!
+$!    Set the library to use UXC emulation.
+$!
+$     P4 = "UCX"
+$!
+$!    Done with MULTINET
+$!
+$   ENDIF
+$!
+$!  Check to see if UCX was chosen
+$!
+$   IF P4.EQS."UCX"
+$   THEN
+$!
+$!    Set the library to use UCX.
+$!
+$     TCPIP_LIB = "[-.VMS]UCX_SHR_DECC.OPT/OPT"
+$     IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
+$     THEN
+$       TCPIP_LIB = "[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT"
+$     ELSE
+$       IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
+	  TCPIP_LIB = "[-.VMS]UCX_SHR_VAXC.OPT/OPT"
+$     ENDIF
+$!
+$!    Done with UCX
+$!
+$   ENDIF
+$!
+$!  Print info
+$!
+$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
+$!
+$!  Else The User Entered An Invalid Arguement.
+$!
+$ ELSE
+$!
+$!  Tell The User We Don't Know What They Want.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The Option ",P4," Is Invalid.  The Valid Options Are:"
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "    SOCKETSHR  :  To link with SOCKETSHR TCP/IP library."
+$   WRITE SYS$OUTPUT "    UCX        :  To link with UCX TCP/IP library."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Time To EXIT.
+$!
+$   EXIT
+$!
+$!  Done with TCP/IP libraries
+$!
+$ ENDIF
+$!
+$! Special Threads For OpenVMS v7.1 Or Later
+$!
+$! Written By:  Richard Levitte
+$!              richard@levitte.org
+$!
+$!
+$! Check To See If We Have A Option For P5.
+$!
+$ IF (P5.EQS."")
+$ THEN
+$!
+$!  Get The Version Of VMS We Are Using.
+$!
+$   ISSEVEN :=
+$   TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION")))
+$   TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))
+$!
+$!  Check To See If The VMS Version Is v7.1 Or Later.
+$!
+$   IF (TMP.GE.71)
+$   THEN
+$!
+$!    We Have OpenVMS v7.1 Or Later, So Use The Special Threads.
+$!
+$     ISSEVEN := ,PTHREAD_USE_D4
+$!
+$!  End The VMS Version Check.
+$!
+$   ENDIF
+$!
+$! End The P5 Check.
+$!
+$ ENDIF
+$!
+$!  Time To RETURN...
+$!
+$ RETURN
+$!
+$ INITIALISE:
+$!
+$! Save old value of the logical name OPENSSL
+$!
+$ __SAVE_OPENSSL = F$TRNLNM("OPENSSL","LNM$PROCESS_TABLE")
+$!
+$! Save directory information
+$!
+$ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;"
+$ __TOP = __HERE - "TEST]"
+$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
+$!
+$! Set up the logical name OPENSSL to point at the include directory
+$!
+$ DEFINE OPENSSL/NOLOG '__INCLUDE'
+$!
+$! Done
+$!
+$ RETURN
+$!
+$ CLEANUP:
+$!
+$! Restore the logical name OPENSSL if it had a value
+$!
+$ IF __SAVE_OPENSSL .EQS. ""
+$ THEN
+$   DEASSIGN OPENSSL
+$ ELSE
+$   DEFINE/NOLOG OPENSSL '__SAVE_OPENSSL'
+$ ENDIF
+$!
+$! Done
+$!
+$ RETURN
diff --git a/lib/libssl/src/test/methtest.c b/lib/libssl/src/test/methtest.c
index 630d29dc918..06ccb3b3108 100644
--- a/lib/libssl/src/test/methtest.c
+++ b/lib/libssl/src/test/methtest.c
@@ -58,10 +58,10 @@
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "rsa.h"
-#include "x509.h"
+#include <openssl/rsa.h>
+#include <openssl/x509.h>
 #include "meth.h"
-#include "err.h"
+#include <openssl/err.h>
 
 int main(argc,argv)
 int argc;
diff --git a/lib/libssl/src/test/p b/lib/libssl/src/test/p
deleted file mode 100644
index b3de76751e1..00000000000
--- a/lib/libssl/src/test/p
+++ /dev/null
@@ -1,294 +0,0 @@
-#
-# test/Makefile.ssl
-#
-
-DIR=		test
-TOP=		..
-CC=		cc
-INCLUDES=	-I../include
-CFLAG=		-g
-INSTALLTOP=	/usr/local/ssl
-MAKEFILE=	Makefile.ssl
-MAKE=		make -f $(MAKEFILE)
-MAKEDEPEND=	makedepend -f$(MAKEFILE)
-
-PEX_LIBS=
-EX_LIBS= #-lnsl -lsocket
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile.ssl
-
-DLIBCRYPTO= ../libcrypto.a
-DLIBSSL= ../libssl.a
-LIBCRYPTO= -L.. -lcrypto
-LIBSSL= -L.. -lssl
-
-BNTEST=		bntest
-EXPTEST=	exptest
-IDEATEST=	ideatest
-SHATEST=	shatest
-SHA1TEST=	sha1test
-MDC2TEST=	mdc2test
-RMDTEST=	rmdtest
-MD2TEST=	md2test
-MD5TEST=	md5test
-HMACTEST=	hmactest
-RC2TEST=	rc2test
-RC4TEST=	rc4test
-RC5TEST=	rc5test
-BFTEST=		bftest
-CASTTEST=	casttest
-DESTEST=	destest
-RANDTEST=	randtest
-DHTEST=		dhtest
-DSATEST=	dsatest
-METHTEST=	methtest
-SSLTEST=	ssltest
-
-EXE=	$(BNTEST) $(IDEATEST) $(MD2TEST)  $(MD5TEST) $(HMACTEST) \
-	$(RC2TEST) $(RC4TEST) $(RC5TEST) \
-	$(DESTEST) $(SHATEST) $(SHA1TEST) $(MDC2TEST) $(RMDTEST) \
-	$(RANDTEST) $(DHTEST) \
-	$(BFTEST) $(CASTTEST) $(SSLTEST) $(EXPTEST) $(DSATEST)
-
-# $(METHTEST)
-
-OBJ=	$(BNTEST).o $(IDEATEST).o $(MD2TEST).o  $(MD5TEST).o $(HMACTEST).o \
-	$(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \
-	$(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(MDC2TEST).o $(RMDTEST).o \
-	$(RANDTEST).o $(DHTEST).o $(CASTTEST).o \
-	$(BFTEST).o  $(SSLTEST).o  $(DSATEST).o  $(EXPTEST).o
-SRC=	$(BNTEST).c $(IDEATEST).c $(MD2TEST).c  $(MD5TEST).c  $(HMACTEST).c \
-	$(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \
-	$(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \
-	$(RANDTEST).c $(DHTEST).c $(CASTTEST).c \
-	$(BFTEST).c  $(SSLTEST).c $(DSATEST).c   $(EXPTEST).c
-
-EXHEADER= 
-HEADER=	$(EXHEADER)
-
-ALL=    $(GENERAL) $(SRC) $(HEADER)
-
-top:
-	(cd ..; $(MAKE) DIRS=$(DIR) all)
-
-all:	exe
-
-exe:	$(EXE)
-
-files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
-
-links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-
-errors:
-
-install:
-
-tags:
-	ctags $(SRC)
-
-tests:	exe apps \
-	test_des test_idea test_sha test_md5 test_hmac test_md2 test_mdc2 \
-	test_rc2 test_rc4 test_rc5 test_bf test_cast \
-	test_rand test_enc test_x509 test_rsa test_crl test_sid test_req \
-	test_pkcs7 test_bn test_verify test_dh test_dsa test_reqgen \
-	test_ss test_ssl test_ca
-
-apps:
-	@(cd ../apps; $(MAKE)  CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' all)
-
-test_des:
-	#./$(DESTEST)
-
-test_idea:
-	./$(IDEATEST)
-
-test_sha:
-	./$(SHATEST)
-	./$(SHA1TEST)
-
-test_mdc2:
-	./$(MDC2TEST)
-
-test_md5:
-	./$(MD5TEST)
-
-test_hmac:
-	./$(HMACTEST)
-
-test_md2:
-	./$(MD2TEST)
-
-test_rmd:
-	./$(RMDTEST)
-
-test_bf:
-	./$(BFTEST)
-
-test_cast:
-	./$(CASTTEST)
-
-test_rc2:
-	./$(RC2TEST)
-
-test_rc4:
-	./$(RC4TEST)
-
-test_rc5:
-	./$(RC5TEST)
-
-test_rand:
-	./$(RANDTEST)
-
-test_enc:
-	@sh ./testenc
-
-test_x509:
-	echo test normal x509v1 certificate
-	sh ./tx509 2>/dev/null
-	echo test first x509v3 certificate
-	sh ./tx509 v3-cert1.pem 2>/dev/null
-	echo test second x509v3 certificate
-	sh ./tx509 v3-cert2.pem 2>/dev/null
-
-test_rsa:
-	@sh ./trsa 2>/dev/null
-
-test_crl:
-	@sh ./tcrl 2>/dev/null
-
-test_sid:
-	@sh ./tsid 2>/dev/null
-
-test_req:
-	@sh ./treq 2>/dev/null
-	@sh ./treq testreq2.pem 2>/dev/null
-
-test_pkcs7:
-	@sh ./tpkcs7 2>/dev/null
-	@sh ./tpkcs7d 2>/dev/null
-
-test_bn:
-	@echo 'test a^b%c implementations'
-	./$(EXPTEST)
-	@echo starting big number library test, could take a while...
-	@(./$(BNTEST)|bc) | awk '{ \
-if ($$0 != "0") {print "error"; exit(1); } \
-if (((NR+1)%64) == 0) print NR+1," tests done"; }'
-
-test_verify:
-	@echo "The following command should have some OK's and some failures"
-	@echo "There are definitly a few expired certificates"
-	../apps/ssleay verify -CApath ../certs ../certs/*.pem
-
-test_dh:
-	@echo "Generate as set of DH parameters"
-	./$(DHTEST)
-
-test_dsa:
-	@echo "Generate as set of DSA parameters"
-	./$(DSATEST)
-
-test_reqgen:
-	@echo "Generate and verify a certificate request"
-	@sh ./testgen
-
-test_ss:
-	@echo "Generate and certify a test certificate"
-	@sh ./testss
-
-test_ssl:
-	@echo "test SSL protocol"
-	@sh ./testssl
-
-test_ca:
-	@echo "Generate and certify a test certificate via the 'ca' program"
-	@sh ./testca
-
-lint:
-	lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(SRC)
-
-dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
-	mv -f Makefile.new $(MAKEFILE)
-
-clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss log
-
-$(DLIBSSL):
-	(cd ../ssl; $(MAKE))
-
-$(DLIBCRYPTO):
-	(cd ../crypto; $(MAKE))
-
-$(BNTEST): $(BNTEST).o $(DLIBCRYPTO)
-	$(CC) -o $(BNTEST) $(CFLAGS) $(BNTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
-
-$(EXPTEST): $(EXPTEST).o $(DLIBCRYPTO)
-	$(CC) -o $(EXPTEST) $(CFLAGS) $(EXPTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
-
-$(IDEATEST): $(IDEATEST).o $(DLIBCRYPTO)
-	$(CC) -o $(IDEATEST) $(CFLAGS) $(IDEATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
-
-$(MD2TEST): $(MD2TEST).o $(DLIBCRYPTO)
-	$(CC) -o $(MD2TEST) $(CFLAGS) $(MD2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
-
-$(SHATEST): $(SHATEST).o $(DLIBCRYPTO)
-	$(CC) -o $(SHATEST) $(CFLAGS) $(SHATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
-
-$(SHA1TEST): $(SHA1TEST).o $(DLIBCRYPTO)
-	$(CC) -o $(SHA1TEST) $(CFLAGS) $(SHA1TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
-
-$(RMDTEST): $(RMDTEST).o $(DLIBCRYPTO)
-	$(CC) -o $(RMDTEST) $(CFLAGS) $(RMDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
-
-$(MDC2TEST): $(MDC2TEST).o $(DLIBCRYPTO)
-	$(CC) -o $(MDC2TEST) $(CFLAGS) $(MDC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
-
-$(MD5TEST): $(MD5TEST).o $(DLIBCRYPTO)
-	$(CC) -o $(MD5TEST) $(CFLAGS) $(MD5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
-
-$(HMACTEST): $(HMACTEST).o $(DLIBCRYPTO)
-	$(CC) -o $(HMACTEST) $(CFLAGS) $(HMACTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
-
-$(RC2TEST): $(RC2TEST).o $(DLIBCRYPTO)
-	$(CC) -o $(RC2TEST) $(CFLAGS) $(RC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
-
-$(BFTEST): $(BFTEST).o $(DLIBCRYPTO)
-	$(CC) -o $(BFTEST) $(CFLAGS) $(BFTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
-
-$(CASTTEST): $(CASTTEST).o $(DLIBCRYPTO)
-	$(CC) -o $(CASTTEST) $(CFLAGS) $(CASTTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
-
-$(RC4TEST): $(RC4TEST).o $(DLIBCRYPTO)
-	$(CC) -o $(RC4TEST) $(CFLAGS) $(RC4TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
-
-$(RC5TEST): $(RC5TEST).o $(DLIBCRYPTO)
-	$(CC) -o $(RC5TEST) $(CFLAGS) $(RC5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
-
-$(DESTEST): $(DESTEST).o $(DLIBCRYPTO)
-	$(CC) -o $(DESTEST) $(CFLAGS) $(DESTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
-
-$(RANDTEST): $(RANDTEST).o $(DLIBCRYPTO)
-	$(CC) -o $(RANDTEST) $(CFLAGS) $(RANDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
-
-$(DHTEST): $(DHTEST).o $(DLIBCRYPTO)
-	$(CC) -o $(DHTEST) $(CFLAGS) $(DHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
-
-$(DSATEST): $(DSATEST).o $(DLIBCRYPTO)
-	$(CC) -o $(DSATEST) $(CFLAGS) $(DSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
-
-$(METHTEST): $(METHTEST).o $(DLIBCRYPTO)
-	$(CC) -o $(METHTEST) $(CFLAGS) $(METHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
-
-$(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
-	$(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/lib/libssl/src/test/riptest b/lib/libssl/src/test/riptest
deleted file mode 100644
index 8685d0ce53e..00000000000
--- a/lib/libssl/src/test/riptest
+++ /dev/null
diff --git a/lib/libssl/src/test/tcrl b/lib/libssl/src/test/tcrl
index 859fba452f5..acaf8f3c471 100644
--- a/lib/libssl/src/test/tcrl
+++ b/lib/libssl/src/test/tcrl
@@ -3,7 +3,7 @@
 PATH=../apps:$PATH
 export PATH
 
-cmd='../apps/ssleay crl'
+cmd='../apps/openssl crl'
 
 if [ "$1"x != "x" ]; then
 	t=$1
diff --git a/lib/libssl/src/test/tcrl.com b/lib/libssl/src/test/tcrl.com
new file mode 100644
index 00000000000..cef21467bb6
--- /dev/null
+++ b/lib/libssl/src/test/tcrl.com
@@ -0,0 +1,78 @@
+$! TCRL.COM  --  Tests crl keys
+$
+$	__arch := VAX
+$	if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$	cmd := mcr 'exe_dir'openssl crl
+$
+$	t := testcrl.pem
+$	if p1 .nes. "" then t = p1
+$
+$	write sys$output "testing CRL conversions"
+$	copy 't' fff.p
+$
+$	write sys$output "p -> d"
+$	'cmd' -in fff.p -inform p -outform d -out f.d
+$	if $severity .ne. 1 then exit 3
+$!	write sys$output "p -> t"
+$!	'cmd' -in fff.p -inform p -outform t -out f.t
+$!	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> p"
+$	'cmd' -in fff.p -inform p -outform p -out f.p
+$	if $severity .ne. 1 then exit 3
+$
+$	write sys$output "d -> d"
+$	'cmd' -in f.d -inform d -outform d -out ff.d1
+$	if $severity .ne. 1 then exit 3
+$!	write sys$output "t -> d"
+$!	'cmd' -in f.t -inform t -outform d -out ff.d2
+$!	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> d"
+$	'cmd' -in f.p -inform p -outform d -out ff.d3
+$	if $severity .ne. 1 then exit 3
+$
+$!	write sys$output "d -> t"
+$!	'cmd' -in f.d -inform d -outform t -out ff.t1
+$!	if $severity .ne. 1 then exit 3
+$!	write sys$output "t -> t"
+$!	'cmd' -in f.t -inform t -outform t -out ff.t2
+$!	if $severity .ne. 1 then exit 3
+$!	write sys$output "p -> t"
+$!	'cmd' -in f.p -inform p -outform t -out ff.t3
+$!	if $severity .ne. 1 then exit 3
+$
+$	write sys$output "d -> p"
+$	'cmd' -in f.d -inform d -outform p -out ff.p1
+$	if $severity .ne. 1 then exit 3
+$!	write sys$output "t -> p"
+$!	'cmd' -in f.t -inform t -outform p -out ff.p2
+$!	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> p"
+$	'cmd' -in f.p -inform p -outform p -out ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$	difference/output=nl: fff.p f.p
+$	if $severity .ne. 1 then exit 3
+$	difference/output=nl: fff.p ff.p1
+$	if $severity .ne. 1 then exit 3
+$!	difference/output=nl: fff.p ff.p2
+$!	if $severity .ne. 1 then exit 3
+$	difference/output=nl: fff.p ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$!	difference/output=nl: f.t ff.t1
+$!	if $severity .ne. 1 then exit 3
+$!	difference/output=nl: f.t ff.t2
+$!	if $severity .ne. 1 then exit 3
+$!	difference/output=nl: f.t ff.t3
+$!	if $severity .ne. 1 then exit 3
+$
+$	difference/output=nl: f.p ff.p1
+$	if $severity .ne. 1 then exit 3
+$!	difference/output=nl: f.p ff.p2
+$!	if $severity .ne. 1 then exit 3
+$	difference/output=nl: f.p ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$	delete f.*;*,ff.*;*,fff.*;*
diff --git a/lib/libssl/src/test/test.txt b/lib/libssl/src/test/test.txt
deleted file mode 100644
index c6d8d50ba9d..00000000000
--- a/lib/libssl/src/test/test.txt
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/bin/sh
-
-test=./test.txt
-
-cat $0 >$test;
-
-for i in rc4 des-cfb des-ofb des-ecb des-cbc des-ede des-ede3 \
-	des-cbc-ede des-cbc-ede3 idea-ecb idea-cfb idea-ofb idea-cbc 
-do
-	echo $i
-	../apps/ssleay $i -e -k test < $test > $test.$i.cipher
-	../apps/ssleay $i -d -k test < $test.$i.cipher >$test.$i.clear
-	cmp $test $test.$i.clear
-	if [ $? != 0 ]
-	then
-		exit 1
-	else
-		/bin/rm $test.$i.cipher $test.$i.clear
-	fi
-
-	echo $i base64
-	../apps/ssleay $i -a -e -k test < $test > $test.$i.cipher
-	../apps/ssleay $i -a -d -k test < $test.$i.cipher >$test.$i.clear
-	cmp $test $test.$i.clear
-	if [ $? != 0 ]
-	then
-		exit 1
-	else
-		/bin/rm $test.$i.cipher $test.$i.clear
-	fi
-done
diff --git a/lib/libssl/src/test/testca b/lib/libssl/src/test/testca
index a28402f9ca7..88c186b6ab8 100644
--- a/lib/libssl/src/test/testca
+++ b/lib/libssl/src/test/testca
@@ -23,7 +23,7 @@ if [ $? != 0 ]; then
 fi
 
 
-SSLEAY_CONFIG="-config ../apps/ssleay.cnf"
+SSLEAY_CONFIG="-config ../apps/openssl.cnf"
 export SSLEAY_CONFIG
 $SH ../apps/CA.sh -sign  <<EOF
 y
diff --git a/lib/libssl/src/test/testca.com b/lib/libssl/src/test/testca.com
new file mode 100644
index 00000000000..ea75479cd5a
--- /dev/null
+++ b/lib/libssl/src/test/testca.com
@@ -0,0 +1,76 @@
+$! TESTCA.COM
+$
+$	__arch := VAX
+$	if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$	openssl := mcr 'exe_dir'openssl
+$
+$	SSLEAY_CONFIG="-config ""CAss.cnf"""
+$
+$	set noon
+$	if f$search("demoCA.dir") .nes. ""
+$	then
+$	    call deltree [.demoCA]*.*
+$	    set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) demoCA.dir;*
+$	    delete demoCA.dir;*
+$	endif
+$	set on
+$	open/read sys$ca_input VMSca-response.1
+$	@[-.apps]CA.com -input sys$ca_input -newca
+$	close sys$ca_input
+$	if $severity .ne. 1 then exit 3
+$
+$
+$	SSLEAY_CONFIG="-config ""Uss.cnf"""
+$	@[-.apps]CA.com -newreq
+$	if $severity .ne. 1 then exit 3
+$
+$
+$	SSLEAY_CONFIG="-config [-.apps]openssl-vms.cnf"
+$	open/read sys$ca_input VMSca-response.2
+$	@[-.apps]CA.com -input sys$ca_input -sign
+$	close sys$ca_input
+$	if $severity .ne. 1 then exit 3
+$
+$
+$	@[-.apps]CA.com -verify newcert.pem
+$	if $severity .ne. 1 then exit 3
+$
+$	set noon
+$	call deltree [.demoCA]*.*
+$	set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) demoCA.dir;*
+$	delete demoCA.dir;*,newcert.pem;*,newreq.pem;*
+$	set on
+$!	#usage: CA -newcert|-newreq|-newca|-sign|-verify
+$
+$	exit
+$
+$ deltree: subroutine ! P1 is a name of a directory
+$	on control_y then goto dt_STOP
+$	on warning then goto dt_exit
+$	_dt_def = f$trnlnm("SYS$DISK")+f$directory()
+$	if f$parse(p1) .eqs. "" then exit
+$	set default 'f$parse(p1,,,"DEVICE")''f$parse(p1,,,"DIRECTORY")'
+$	p1 = f$parse(p1,,,"NAME") + f$parse(p1,,,"TYPE")
+$	_fp = f$parse(".DIR",p1)
+$ dt_loop:
+$	_f = f$search(_fp)
+$	if _f .eqs. "" then goto dt_loopend
+$	call deltree [.'f$parse(_f,,,"NAME")']*.*
+$	goto dt_loop
+$ dt_loopend:
+$	_fp = f$parse(p1,".;*")
+$	if f$search(_fp) .eqs. "" then goto dt_exit
+$	set noon
+$	set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) '_fp'
+$	set on
+$	delete/nolog '_fp'
+$ dt_exit:
+$	set default '_dt_def'
+$	exit
+$ dt_STOP:
+$	set default '_dt_def'
+$	stop/id=""
+$	exit
+$	endsubroutine
diff --git a/lib/libssl/src/test/testenc b/lib/libssl/src/test/testenc
index 42db56c2bea..0656c7f5254 100644
--- a/lib/libssl/src/test/testenc
+++ b/lib/libssl/src/test/testenc
@@ -2,7 +2,7 @@
 
 testsrc=Makefile.ssl
 test=./p
-cmd=../apps/ssleay
+cmd=../apps/openssl
 
 cat $testsrc >$test;
 
@@ -27,15 +27,7 @@ else
 	/bin/rm $test.cipher $test.clear
 fi
 
-for i in rc4 \
-	des-cfb des-ede-cfb des-ede3-cfb \
-	des-ofb des-ede-ofb des-ede3-ofb \
-	des-ecb des-ede des-ede3 desx \
-	des-cbc des-ede-cbc des-ede3-cbc \
-	idea-ecb idea-cfb idea-ofb idea-cbc \
-	rc2-ecb rc2-cfb rc2-ofb rc2-cbc \
-	bf-ecb bf-cfb bf-ofb bf-cbc rc4 \
-	cast5-ecb cast5-cfb cast5-ofb cast5-cbc
+for i in `$cmd list-cipher-commands`
 do
 	echo $i
 	$cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher
diff --git a/lib/libssl/src/test/testenc.com b/lib/libssl/src/test/testenc.com
new file mode 100644
index 00000000000..0756e8badaa
--- /dev/null
+++ b/lib/libssl/src/test/testenc.com
@@ -0,0 +1,50 @@
+$! TESTENC.COM  --  Test encoding and decoding
+$
+$	__arch := VAX
+$	if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$	testsrc := makefile.ssl
+$	test := p.txt
+$	cmd := mcr 'exe_dir'openssl
+$
+$	copy 'testsrc' 'test'
+$
+$	write sys$output "cat"
+$	'cmd' enc -in 'test' -out 'test'-cipher
+$	'cmd' enc -in 'test'-cipher -out 'test'-clear
+$	difference/output=nl: 'test' 'test'-clear
+$	if $severity .ne. 1 then exit 3
+$	delete 'test'-cipher;*,'test'-clear;*
+$
+$	write sys$output "base64"
+$	'cmd' enc -a -e -in 'test' -out 'test'-cipher
+$	'cmd' enc -a -d -in 'test'-cipher -out 'test'-clear
+$	difference/output=nl: 'test' 'test'-clear
+$	if $severity .ne. 1 then exit 3
+$	delete 'test'-cipher;*,'test'-clear;*
+$
+$	define/user sys$output 'test'-cipher-commands
+$	'cmd' list-cipher-commands
+$	open/read f 'test'-cipher-commands
+$ loop_cipher_commands:
+$	read/end=loop_cipher_commands_end f i
+$	write sys$output i
+$	'cmd' 'i' -bufsize 113 -e -k test -in 'test' -out 'test'-'i'-cipher
+$	'cmd' 'i' -bufsize 157 -d -k test -in 'test'-'i'-cipher -out 'test'-'i'-clear
+$	difference/output=nl: 'test' 'test'-'i'-clear
+$	if $severity .ne. 1 then exit 3
+$	delete 'test'-'i'-cipher;*,'test'-'i'-clear;*
+$
+$	write sys$output i," base64"
+$	'cmd' 'i' -bufsize 113 -a -e -k test -in 'test' -out 'test'-'i'-cipher
+$	'cmd' 'i' -bufsize 157 -a -d -k test -in 'test'-'i'-cipher -out 'test'-'i'-clear
+$	difference/output=nl: 'test' 'test'-'i'-clear
+$	if $severity .ne. 1 then exit 3
+$	delete 'test'-'i'-cipher;*,'test'-'i'-clear;*
+$
+$	goto loop_cipher_commands
+$ loop_cipher_commands_end:
+$	close f
+$	delete 'test'-cipher-commands;*
+$	delete 'test';*
diff --git a/lib/libssl/src/test/testgen b/lib/libssl/src/test/testgen
index 12a4ca4cea8..3534f5821f0 100644
--- a/lib/libssl/src/test/testgen
+++ b/lib/libssl/src/test/testgen
@@ -15,13 +15,13 @@ echo "There should be a 2 sequences of .'s and some +'s."
 echo "There should not be more that at most 80 per line"
 echo "This could take some time."
 
-../apps/ssleay req -config test.cnf -new -out testreq.pem
+../apps/openssl req -config test.cnf -new -out testreq.pem
 if [ $? != 0 ]; then
 echo problems creating request
 exit 1
 fi
 
-../apps/ssleay req -verify -in testreq.pem -noout
+../apps/openssl req -config test.cnf -verify -in testreq.pem -noout
 if [ $? != 0 ]; then
 echo signature on req is wrong
 exit 1
diff --git a/lib/libssl/src/test/testgen.com b/lib/libssl/src/test/testgen.com
new file mode 100644
index 00000000000..ec302f524a4
--- /dev/null
+++ b/lib/libssl/src/test/testgen.com
@@ -0,0 +1,35 @@
+$! TETSGEN.COM
+$
+$	__arch := VAX
+$	if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$	T := testcert
+$	KEY = 512
+$	CA := [-.certs]testca.pem
+$
+$	set noon
+$	if f$search(T+".1;*") .nes. "" then delete 'T'.1;*
+$	if f$search(T+".2;*") .nes. "" then delete 'T'.2;*
+$	if f$search(T+".key;*") .nes. "" then delete 'T'.key;*
+$	set on
+$
+$	write sys$output "generating certificate request"
+$
+$	write sys$output "There should be a 2 sequences of .'s and some +'s."
+$	write sys$output "There should not be more that at most 80 per line"
+$	write sys$output "This could take some time."
+$
+$	mcr 'exe_dir'openssl req -config test.cnf -new -out testreq.pem
+$	if $severity .ne. 1
+$	then
+$	    write sys$output "problems creating request"
+$	    exit 3
+$	endif
+$
+$	mcr 'exe_dir'openssl req -verify -in testreq.pem -noout
+$	if $severity .ne. 1
+$	then
+$	    write sys$output "signature on req is wrong"
+$	    exit 3
+$	endif
diff --git a/lib/libssl/src/test/testkey.pem b/lib/libssl/src/test/testkey.pem
deleted file mode 100644
index edd5a5773f6..00000000000
--- a/lib/libssl/src/test/testkey.pem
+++ /dev/null
@@ -1,2 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
------END RSA PRIVATE KEY-----
diff --git a/lib/libssl/src/test/testp7.pem b/lib/libssl/src/test/testp7.pem
index b3b6dba8303..6bba16f1376 100644
--- a/lib/libssl/src/test/testp7.pem
+++ b/lib/libssl/src/test/testp7.pem
@@ -33,14 +33,14 @@ AQEFAANLADBIAkEA7Fc6zYJw4WwCWa1ni3fYNbzGSQNluuw990024GusjLfhEk1h
 MsIUukTT/n8yxoO7rYp4x+LS+tHF2tBtuxg7CwIDAQABoyIwIDALBgNVHQ8EBAMC
 AQYwEQYJYIZIAYb4QgEBBAQDAgIEMA0GCSqGSIb3DQEBAgUAA0EAFKem0cJGg9nd
 TAbP5o1HIEyNn11ZlvLU5v1Hejs1MKQt72IMm4jjgOH+pjguXW8lB6yzrK4oVOO2
-UNCaNQ1H26GCAa0wgeYwgZEwDQYJKoZIhvcNAQECBQAwYjERMA8GA1UEBxMISW50
-ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2ln
-biBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyFw05NjA3MTcxNzU5
-MjlaFw05NzA3MTgwMDAwMDBaMA0GCSqGSIb3DQEBAgUAA0EAubVWYTsWsQmste9f
-+UgMw8BkjDlM25fwQLrCfmmnLxjewey10kSROypUaJLb+r4oRALc0fG9XfZsaiiI
-gotQHjCBwTBtMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVTMRcwFQYDVQQK
-Ew5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBDQRcNOTYwNzE3
-MTc0NDA5WhcNOTgwNzE3MDAwMDAwWjANBgkqhkiG9w0BAQIFAANBAHitA0/xAukC
-jHzeh1AMT/l2oC68N+yFb+aJPHBBMxc6gG2MaKjBNwb5hcXUllMlExONA3ju10f7
-owIq3s3wx10xAAAAAAA=
+UNCaNQ1H26GCAa0wgcEwbTANBgkqhkiG9w0BAQIFADA+MQswCQYDVQQGEwJVUzEX
+MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xFjAUBgNVBAsTDVRFU1QgUm9vdCBQQ0EX
+DTk2MDcxNzE3NDQwOVoXDTk4MDcxNzAwMDAwMFowDQYJKoZIhvcNAQECBQADQQB4
+rQNP8QLpAox83odQDE/5dqAuvDfshW/miTxwQTMXOoBtjGiowTcG+YXF1JZTJRMT
+jQN47tdH+6MCKt7N8MddMIHmMIGRMA0GCSqGSIb3DQEBAgUAMGIxETAPBgNVBAcT
+CEludGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVy
+aVNpZ24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlchcNOTYwNzE3
+MTc1OTI5WhcNOTcwNzE4MDAwMDAwWjANBgkqhkiG9w0BAQIFAANBALm1VmE7FrEJ
+rLXvX/lIDMPAZIw5TNuX8EC6wn5ppy8Y3sHstdJEkTsqVGiS2/q+KEQC3NHxvV32
+bGooiIKLUB4xAAAAAAA=
 -----END PKCS7-----
diff --git a/lib/libssl/src/test/testreq.pem b/lib/libssl/src/test/testreq.pem
deleted file mode 100644
index 1311fa77854..00000000000
--- a/lib/libssl/src/test/testreq.pem
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIBQjCB7QIBADCBhzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx
-ETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0ZDET
-MBEGA1UEAxMKRXJpYyBZb3VuZzEfMB0GCSqGSIb3DQEJARYQZWF5QG1pbmNvbS5v
-ei5hdTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDVKdT5QB2ZojtNQGjA/9J7s2o4
-RNkuSq8l377uWLAyMljtdkcoRsvUy5lZ997UDHFTbVFA038ZBrmw7l5EyHeXAgMB
-AAGgADANBgkqhkiG9w0BAQQFAANBAKnaFr4u7PTdfmpjiX/H8Ho4UWGVRWUlvD2R
-/D9yoTj7TN3uODx2BD0drErVBe/Zjv81vhH6Yo3cJO/hRS3A7jw=
------END CERTIFICATE REQUEST-----
diff --git a/lib/libssl/src/test/tests.com b/lib/libssl/src/test/tests.com
new file mode 100644
index 00000000000..147b8aa8389
--- /dev/null
+++ b/lib/libssl/src/test/tests.com
@@ -0,0 +1,203 @@
+$! TESTS.COM  --  Performs the necessary tests
+$!
+$! P1	tests to be performed.  Empty means all.
+$
+$	__proc = f$element(0,";",f$environment("procedure"))
+$	__here = f$parse(f$parse("A.;",__proc) - "A.;","[]A.;") - "A.;"
+$	__save_default = f$environment("default")
+$	__arch := VAX
+$	if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$	texe_dir := sys$disk:[-.'__arch'.exe.test]
+$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$	set default '__here'
+$	on control_y then goto exit
+$	on error then goto exit
+$
+$	if p1 .nes. ""
+$	then
+$	    tests = p1
+$	else
+$	    tests := -
+	test_des,test_idea,test_sha,test_md5,test_hmac,test_md2,test_mdc2,-
+	test_rc2,test_rc4,test_rc5,test_bf,test_cast,-
+	test_rand,test_bn,test_enc,test_x509,test_rsa,test_crl,test_sid,-
+	test_reqgen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,-
+	test_ss,test_ssl,test_ca
+$	endif
+$	tests = f$edit(tests,"COLLAPSE")
+$
+$	BNTEST :=	bntest
+$	EXPTEST :=	exptest
+$	IDEATEST :=	ideatest
+$	SHATEST :=	shatest
+$	SHA1TEST :=	sha1test
+$	MDC2TEST :=	mdc2test
+$	RMDTEST :=	rmdtest
+$	MD2TEST :=	md2test
+$	MD5TEST :=	md5test
+$	HMACTEST :=	hmactest
+$	RC2TEST :=	rc2test
+$	RC4TEST :=	rc4test
+$	RC5TEST :=	rc5test
+$	BFTEST :=	bftest
+$	CASTTEST :=	casttest
+$	DESTEST :=	destest
+$	RANDTEST :=	randtest
+$	DHTEST :=	dhtest
+$	DSATEST :=	dsatest
+$	METHTEST :=	methtest
+$	SSLTEST :=	ssltest
+$	RSATEST :=	rsa_oaep_test
+$
+$	tests_i = 0
+$ loop_tests:
+$	tests_e = f$element(tests_i,",",tests)
+$	tests_i = tests_i + 1
+$	if tests_e .eqs. "," then goto exit
+$	goto 'tests_e'
+$
+$ test_des:
+$	mcr 'texe_dir''destest'
+$	goto loop_tests
+$ test_idea:
+$	mcr 'texe_dir''ideatest'
+$	goto loop_tests
+$ test_sha:
+$	mcr 'texe_dir''shatest'
+$	mcr 'texe_dir''sha1test'
+$	goto loop_tests
+$ test_mdc2:
+$	mcr 'texe_dir''mdc2test'
+$	goto loop_tests
+$ test_md5:
+$	mcr 'texe_dir''md5test'
+$	goto loop_tests
+$ test_hmac:
+$	mcr 'texe_dir''hmactest'
+$	goto loop_tests
+$ test_md2:
+$	mcr 'texe_dir''md2test'
+$	goto loop_tests
+$ test_rmd:
+$	mcr 'texe_dir''rmdtest'
+$	goto loop_tests
+$ test_bf:
+$	mcr 'texe_dir''bftest'
+$	goto loop_tests
+$ test_cast:
+$	mcr 'texe_dir''casttest'
+$	goto loop_tests
+$ test_rc2:
+$	mcr 'texe_dir''rc2test'
+$	goto loop_tests
+$ test_rc4:
+$	mcr 'texe_dir''rc4test'
+$	goto loop_tests
+$ test_rc5:
+$	mcr 'texe_dir''rc5test'
+$	goto loop_tests
+$ test_rand:
+$	mcr 'texe_dir''randtest'
+$	goto loop_tests
+$ test_enc:
+$	@testenc.com
+$	goto loop_tests
+$ test_x509:
+$	define sys$error nla0:
+$	write sys$output "test normal x509v1 certificate"
+$	@tx509.com
+$	write sys$output "test first x509v3 certificate"
+$	@tx509.com v3-cert1.pem
+$	write sys$output "test second x509v3 certificate"
+$	@tx509.com v3-cert2.pem
+$	deassign sys$error
+$	goto loop_tests
+$ test_rsa:
+$	define sys$error nla0:
+$	@trsa.com
+$	deassign sys$error
+$	mcr 'texe_dir''rsatest'
+$	goto loop_tests
+$ test_crl:
+$	define sys$error nla0:
+$	@tcrl.com
+$	deassign sys$error
+$	goto loop_tests
+$ test_sid:
+$	define sys$error nla0:
+$	@tsid.com
+$	deassign sys$error
+$	goto loop_tests
+$ test_req:
+$	define sys$error nla0:
+$	@treq.com
+$	@treq.com testreq2.pem
+$	deassign sys$error
+$	goto loop_tests
+$ test_pkcs7:
+$	define sys$error nla0:
+$	@tpkcs7.com
+$	@tpkcs7d.com
+$	deassign sys$error
+$	goto loop_tests
+$ test_bn:
+$	write sys$output "starting big number library test, could take a while..."
+$	create bntest-vms.fdl
+FILE
+	ORGANIZATION	sequential
+RECORD
+	FORMAT		stream_lf
+$	create/fdl=bntest-vms.fdl bntest-vms.sh
+$	open/append foo bntest-vms.sh
+$	type/output=foo: sys$input:
+<< __FOO__ bc | awk '{ \
+if ($$0 != "0") {print "error"; exit(1); } \
+if (((NR+1)%64) == 0) print NR+1," tests done"; }'
+$	define/user sys$output bntest-vms.tmp
+$	mcr 'texe_dir''bntest'
+$	copy bntest-vms.tmp foo:
+$	delete bntest-vms.tmp;*
+$	type/output=foo: sys$input:
+__FOO__
+$	close foo
+$	write sys$output "-- copy the [.test]bntest-vms.sh file to a Unix system and run it"
+$	write sys$output "-- through sh or bash to verify that the bignum operations went well."
+$	write sys$output ""
+$	write sys$output "test a^b%c implementations"
+$	mcr 'texe_dir''exptest'
+$	goto loop_tests
+$ test_verify:
+$	write sys$output "The following command should have some OK's and some failures"
+$	write sys$output "There are definitly a few expired certificates"
+$	@tverify.com
+$	goto loop_tests
+$ test_dh:
+$	write sys$output "Generate as set of DH parameters"
+$	mcr 'texe_dir''dhtest'
+$	goto loop_tests
+$ test_dsa:
+$	write sys$output "Generate as set of DSA parameters"
+$	mcr 'texe_dir''dsatest'
+$	goto loop_tests
+$ test_reqgen:
+$	write sys$output "Generate and verify a certificate request"
+$	@testgen.com
+$	goto loop_tests
+$ test_ss:
+$	write sys$output "Generate and certify a test certificate"
+$	@testss.com
+$	goto loop_tests
+$ test_ssl:
+$	write sys$output "test SSL protocol"
+$	@testssl.com
+$	goto loop_tests
+$ test_ca:
+$	write sys$output "Generate and certify a test certificate via the 'ca' program"
+$	@testca.com
+$	goto loop_tests
+$
+$
+$ exit:
+$	set default '__save_default'
+$	exit
diff --git a/lib/libssl/src/test/testsid.pem b/lib/libssl/src/test/testsid.pem
index cd8617be2e6..7ffd008f666 100644
--- a/lib/libssl/src/test/testsid.pem
+++ b/lib/libssl/src/test/testsid.pem
@@ -1,5 +1,5 @@
 -----BEGIN SSL SESSION PARAMETERS-----
-MIIBxwIBAQIBAgQDAQCABBCi11xa5qkOP8xrr02K/NQCBBBkIYQZM0Bt95W0EHNV
+MIIB1gIBAQIBAgQDAQCABBCi11xa5qkOP8xrr02K/NQCBBBkIYQZM0Bt95W0EHNV
 bA58oQYCBDIBr7WiBAICASyjggGGMIIBgjCCASwCAQMwDQYJKoZIhvcNAQEEBQAw
 ODELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3Jz
 YSB0ZXN0IENBMB4XDTk1MTAwOTIzMzEzNFoXDTk4MDcwNTIzMzEzNFowYDELMAkG
@@ -8,5 +8,5 @@ LjELMAkGA1UECxMCQ1MxGzAZBgNVBAMTElNTTGVheSBkZW1vIGNsaWVudDBcMA0G
 CSqGSIb3DQEBAQUAA0sAMEgCQQC4pcXEL1lgVA+B5Q3TcuW/O3LZHoA73IYm8oFD
 TezgCDhL2RTMn+seKWF36UtJKRIOBU9jZHCVVd0Me5ls6BEjAgMBAAEwDQYJKoZI
 hvcNAQEEBQADQQBoIpOcwUY1qlVF7j3ROSGvUsbvByOBFmYWkIBgsCqR+9qo1A7L
-CrWF5i8LWt/vLwAHaxWNx2YuBJMFyuK81fTv
+CrWF5i8LWt/vLwAHaxWNx2YuBJMFyuK81fTvpA0EC3Rlc3Rjb250ZXh0
 -----END SSL SESSION PARAMETERS-----
diff --git a/lib/libssl/src/test/testss b/lib/libssl/src/test/testss
index a5aecf4694d..da62997a5ff 100644
--- a/lib/libssl/src/test/testss
+++ b/lib/libssl/src/test/testss
@@ -1,9 +1,10 @@
 #!/bin/sh
 
 digest='-mdc2'
-reqcmd="../apps/ssleay req"
-x509cmd="../apps/ssleay x509 $digest"
-verifycmd="../apps/ssleay verify"
+reqcmd="../apps/openssl req"
+x509cmd="../apps/openssl x509 $digest"
+verifycmd="../apps/openssl verify"
+dummycnf="../apps/openssl.cnf"
 
 CAkey="keyCA.ss"
 CAcert="certCA.ss"
@@ -39,13 +40,13 @@ if [ $? != 0 ]; then
 	exit 1
 fi
 
-$reqcmd -verify -in $CAreq -noout
+$reqcmd -config $dummycnf -verify -in $CAreq -noout
 if [ $? != 0 ]; then
 	echo first generated request is invalid
 	exit 1
 fi
 
-$reqcmd -verify -in $CAreq2 -noout
+$reqcmd -config $dummycnf -verify -in $CAreq2 -noout
 if [ $? != 0 ]; then
 	echo second generated request is invalid
 	exit 1
diff --git a/lib/libssl/src/test/testss.com b/lib/libssl/src/test/testss.com
new file mode 100644
index 00000000000..ce2c4b43f66
--- /dev/null
+++ b/lib/libssl/src/test/testss.com
@@ -0,0 +1,105 @@
+$! TESTSS.COM
+$
+$	__arch := VAX
+$	if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$	digest="-mdc2"
+$	reqcmd := mcr 'exe_dir'openssl req
+$	x509cmd := mcr 'exe_dir'openssl x509 'digest'
+$	verifycmd := mcr 'exe_dir'openssl verify
+$	dummycnf := sys$disk:[-.apps]openssl-vms.cnf
+$
+$	CAkey="""keyCA.ss"""
+$	CAcert="""certCA.ss"""
+$	CAreq="""reqCA.ss"""
+$	CAconf="""CAss.cnf"""
+$	CAreq2="""req2CA.ss"""	! temp
+$
+$	Uconf="""Uss.cnf"""
+$	Ukey="""keyU.ss"""
+$	Ureq="""reqU.ss"""
+$	Ucert="""certU.ss"""
+$
+$	write sys$output ""
+$	write sys$output "make a certificate request using 'req'"
+$	'reqcmd' -config 'CAconf' -out 'CAreq' -keyout 'CAkey' -new ! -out err.ss
+$	if $severity .ne. 1
+$	then
+$		write sys$output "error using 'req' to generate a certificate request"
+$		exit 3
+$	endif
+$	write sys$output ""
+$	write sys$output "convert the certificate request into a self signed certificate using 'x509'"
+$	define /user sys$output err.ss
+$	'x509cmd' "-CAcreateserial" -in 'CAreq' -days 30 -req -out 'CAcert' -signkey 'CAkey'
+$	if $severity .ne. 1
+$	then
+$		write sys$output "error using 'x509' to self sign a certificate request"
+$		exit 3
+$	endif
+$
+$	write sys$output ""
+$	write sys$output "convert a certificate into a certificate request using 'x509'"
+$	define /user sys$output err.ss
+$	'x509cmd' -in 'CAcert' -x509toreq -signkey 'CAkey' -out 'CAreq2'
+$	if $severity .ne. 1
+$	then
+$		write sys$output "error using 'x509' convert a certificate to a certificate request"
+$		exit 3
+$	endif
+$
+$	'reqcmd' -config 'dummycnf' -verify -in 'CAreq' -noout
+$	if $severity .ne. 1
+$	then
+$		write sys$output "first generated request is invalid"
+$		exit 3
+$	endif
+$
+$	'reqcmd' -config 'dummycnf' -verify -in 'CAreq2' -noout
+$	if $severity .ne. 1
+$	then
+$		write sys$output "second generated request is invalid"
+$		exit 3
+$	endif
+$
+$	'verifycmd' "-CAfile" 'CAcert' 'CAcert'
+$	if $severity .ne. 1
+$	then
+$		write sys$output "first generated cert is invalid"
+$		exit 3
+$	endif
+$
+$	write sys$output ""
+$	write sys$output "make another certificate request using 'req'"
+$	define /user sys$output err.ss
+$	'reqcmd' -config 'Uconf' -out 'Ureq' -keyout 'Ukey' -new
+$	if $severity .ne. 1
+$	then
+$		write sys$output "error using 'req' to generate a certificate request"
+$		exit 3
+$	endif
+$
+$	write sys$output ""
+$	write sys$output "sign certificate request with the just created CA via 'x509'"
+$	define /user sys$output err.ss
+$	'x509cmd' "-CAcreateserial" -in 'Ureq' -days 30 -req -out 'Ucert' "-CA" 'CAcert' "-CAkey" 'CAkey'
+$	if $severity .ne. 1
+$	then
+$		write sys$output "error using 'x509' to sign a certificate request"
+$		exit 3
+$	endif
+$
+$	'verifycmd' "-CAfile" 'CAcert' 'Ucert'
+$	write sys$output ""
+$	write sys$output "Certificate details"
+$	'x509cmd' -subject -issuer -startdate -enddate -noout -in 'Ucert'
+$
+$	write sys$output ""
+$	write sys$output "The generated CA certificate is ",CAcert
+$	write sys$output "The generated CA private key is ",CAkey
+$
+$	write sys$output "The generated user certificate is ",Ucert
+$	write sys$output "The generated user private key is ",Ukey
+$
+$	if f$search("err.ss;*") .nes. "" then delete err.ss;*
diff --git a/lib/libssl/src/test/testssl b/lib/libssl/src/test/testssl
index f115adb8e11..255ae5e9768 100644
--- a/lib/libssl/src/test/testssl
+++ b/lib/libssl/src/test/testssl
@@ -36,5 +36,40 @@ echo test sslv2/sslv3 with client authentication
 echo test sslv2/sslv3 with both client and server authentication
 ./ssltest -server_auth -client_auth -CApath ../certs || exit 1
 
-exit 0
+echo test sslv2 via BIO pair
+./ssltest -bio_pair -ssl2 || exit 1
+
+echo test sslv2 with server authentication via BIO pair
+./ssltest -bio_pair -ssl2 -server_auth -CApath ../certs || exit 1
+
+echo test sslv2 with client authentication via BIO pair
+./ssltest -bio_pair -ssl2 -client_auth -CApath ../certs || exit 1
+
+echo test sslv2 with both client and server authentication via BIO pair
+./ssltest -bio_pair -ssl2 -server_auth -client_auth -CApath ../certs || exit 1
+
+echo test sslv3 via BIO pair
+./ssltest -bio_pair -ssl3 || exit 1
+
+echo test sslv3 with server authentication via BIO pair
+./ssltest -bio_pair -ssl3 -server_auth -CApath ../certs || exit 1
+
+echo test sslv3 with client authentication via BIO pair
+./ssltest -bio_pair -ssl3 -client_auth -CApath ../certs || exit 1
+
+echo test sslv3 with both client and server authentication via BIO pair
+./ssltest -bio_pair -ssl3 -server_auth -client_auth -CApath ../certs || exit 1
 
+echo test sslv2/sslv3 via BIO pair
+./ssltest || exit 1
+
+echo test sslv2/sslv3 with server authentication
+./ssltest -bio_pair -server_auth -CApath ../certs || exit 1
+
+echo test sslv2/sslv3 with client authentication via BIO pair
+./ssltest -bio_pair -client_auth -CApath ../certs || exit 1
+
+echo test sslv2/sslv3 with both client and server authentication via BIO pair
+./ssltest -bio_pair -server_auth -client_auth -CApath ../certs || exit 1
+
+exit 0
diff --git a/lib/libssl/src/test/testssl.com b/lib/libssl/src/test/testssl.com
new file mode 100644
index 00000000000..93a9aef8026
--- /dev/null
+++ b/lib/libssl/src/test/testssl.com
@@ -0,0 +1,111 @@
+$! TESTSSL.COM
+$
+$	__arch := VAX
+$	if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$	exe_dir := sys$disk:[-.'__arch'.exe.test]
+$
+$	copy/concatenate [-.certs]*.pem certs.tmp
+$
+$	write sys$output "test sslv2"
+$	mcr 'exe_dir'ssltest -ssl2
+$	if $severity .ne. 1 then goto exit3
+$
+$	write sys$output "test sslv2 with server authentication"
+$	mcr 'exe_dir'ssltest -ssl2 -server_auth "-CAfile" certs.tmp
+$	if $severity .ne. 1 then goto exit3
+$
+$	write sys$output "test sslv2 with client authentication"
+$	mcr 'exe_dir'ssltest -ssl2 -client_auth "-CAfile" certs.tmp
+$	if $severity .ne. 1 then goto exit3
+$
+$	write sys$output "test sslv2 with both client and server authentication"
+$	mcr 'exe_dir'ssltest -ssl2 -server_auth -client_auth "-CAfile" certs.tmp
+$	if $severity .ne. 1 then goto exit3
+$
+$	write sys$output "test sslv3"
+$	mcr 'exe_dir'ssltest -ssl3
+$	if $severity .ne. 1 then goto exit3
+$
+$	write sys$output "test sslv3 with server authentication"
+$	mcr 'exe_dir'ssltest -ssl3 -server_auth "-CAfile" certs.tmp
+$	if $severity .ne. 1 then goto exit3
+$
+$	write sys$output "test sslv3 with client authentication"
+$	mcr 'exe_dir'ssltest -ssl3 -client_auth "-CAfile" certs.tmp
+$	if $severity .ne. 1 then goto exit3
+$
+$	write sys$output "test sslv3 with both client and server authentication"
+$	mcr 'exe_dir'ssltest -ssl3 -server_auth -client_auth "-CAfile" certs.tmp
+$	if $severity .ne. 1 then goto exit3
+$
+$	write sys$output "test sslv2/sslv3"
+$	mcr 'exe_dir'ssltest
+$	if $severity .ne. 1 then goto exit3
+$
+$	write sys$output "test sslv2/sslv3 with server authentication"
+$	mcr 'exe_dir'ssltest -server_auth "-CAfile" certs.tmp
+$	if $severity .ne. 1 then goto exit3
+$
+$	write sys$output "test sslv2/sslv3 with client authentication"
+$	mcr 'exe_dir'ssltest -client_auth "-CAfile" certs.tmp
+$	if $severity .ne. 1 then goto exit3
+$
+$	write sys$output "test sslv2/sslv3 with both client and server authentication"
+$	mcr 'exe_dir'ssltest -server_auth -client_auth "-CAfile" certs.tmp
+$	if $severity .ne. 1 then goto exit3
+$
+$	write sys$output "test sslv2 via BIO pair"
+$	mcr 'exe_dir'ssltest -bio_pair -ssl2 
+$	if $severity .ne. 1 then goto exit3
+$
+$	write sys$output "test sslv2 with server authentication via BIO pair"
+$	mcr 'exe_dir'ssltest -bio_pair -ssl2 -server_auth "-CAfile" certs.tmp 
+$	if $severity .ne. 1 then goto exit3
+$
+$	write sys$output "test sslv2 with client authentication via BIO pair"
+$	mcr 'exe_dir'ssltest -bio_pair -ssl2 -client_auth "-CAfile" certs.tmp 
+$	if $severity .ne. 1 then goto exit3
+$
+$	write sys$output "test sslv2 with both client and server authentication via BIO pair"
+$	mcr 'exe_dir'ssltest -bio_pair -ssl2 -server_auth -client_auth "-CAfile" certs.tmp 
+$	if $severity .ne. 1 then goto exit3
+$
+$	write sys$output "test sslv3 via BIO pair"
+$	mcr 'exe_dir'ssltest -bio_pair -ssl3 
+$	if $severity .ne. 1 then goto exit3
+$
+$	write sys$output "test sslv3 with server authentication via BIO pair"
+$	mcr 'exe_dir'ssltest -bio_pair -ssl3 -server_auth "-CAfile" certs.tmp 
+$	if $severity .ne. 1 then goto exit3
+$
+$	write sys$output "test sslv3 with client authentication via BIO pair"
+$	mcr 'exe_dir'ssltest -bio_pair -ssl3 -client_auth "-CAfile" certs.tmp 
+$	if $severity .ne. 1 then goto exit3
+ 
+$	write sys$output "test sslv3 with both client and server authentication via BIO pair"
+$	mcr 'exe_dir'ssltest -bio_pair -ssl3 -server_auth -client_auth "-CAfile" certs.tmp 
+$	if $severity .ne. 1 then goto exit3
+$
+$	write sys$output "test sslv2/sslv3 via BIO pair"
+$	mcr 'exe_dir'ssltest 
+$	if $severity .ne. 1 then goto exit3
+$
+$	write sys$output "test sslv2/sslv3 with server authentication"
+$	mcr 'exe_dir'ssltest -bio_pair -server_auth "-CAfile" certs.tmp 
+$	if $severity .ne. 1 then goto exit3
+$
+$	write sys$output "test sslv2/sslv3 with client authentication via BIO pair"
+$	mcr 'exe_dir'ssltest -bio_pair -client_auth "-CAfile" certs.tmp 
+$	if $severity .ne. 1 then goto exit3
+$
+$	write sys$output "test sslv2/sslv3 with both client and server authentication via BIO pair"
+$	mcr 'exe_dir'ssltest -bio_pair -server_auth -client_auth "-CAfile" certs.tmp 
+$	if $severity .ne. 1 then goto exit3
+$
+$	RET = 1
+$	goto exit
+$ exit3:
+$	RET = 3
+$ exit:
+$	delete certs.tmp;*
+$	exit 'RET'
diff --git a/lib/libssl/src/test/tpkcs7 b/lib/libssl/src/test/tpkcs7
index ea1f005dacf..15bbba42c05 100644
--- a/lib/libssl/src/test/tpkcs7
+++ b/lib/libssl/src/test/tpkcs7
@@ -3,7 +3,7 @@
 PATH=../apps:$PATH
 export PATH
 
-cmd='../apps/ssleay pkcs7'
+cmd='../apps/openssl pkcs7'
 
 if [ "$1"x != "x" ]; then
 	t=$1
diff --git a/lib/libssl/src/test/tpkcs7.com b/lib/libssl/src/test/tpkcs7.com
new file mode 100644
index 00000000000..5ed920ac345
--- /dev/null
+++ b/lib/libssl/src/test/tpkcs7.com
@@ -0,0 +1,49 @@
+$! TPKCS7.COM  --  Tests pkcs7 keys
+$
+$	__arch := VAX
+$	if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$	cmd := mcr 'exe_dir'openssl pkcs7
+$
+$	t := testp7.pem
+$	if p1 .nes. "" then t = p1
+$
+$	write sys$output "testing PKCS7 conversions"
+$	copy 't' fff.p
+$
+$	write sys$output "p -> d"
+$	'cmd' -in fff.p -inform p -outform d -out f.d
+$	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> p"
+$	'cmd' -in fff.p -inform p -outform p -out f.p
+$	if $severity .ne. 1 then exit 3
+$
+$	write sys$output "d -> d"
+$	'cmd' -in f.d -inform d -outform d -out ff.d1
+$	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> d"
+$	'cmd' -in f.p -inform p -outform d -out ff.d3
+$	if $severity .ne. 1 then exit 3
+$
+$
+$	write sys$output "d -> p"
+$	'cmd' -in f.d -inform d -outform p -out ff.p1
+$	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> p"
+$	'cmd' -in f.p -inform p -outform p -out ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$	difference/output=nl: fff.p f.p
+$	if $severity .ne. 1 then exit 3
+$	difference/output=nl: fff.p ff.p1
+$	if $severity .ne. 1 then exit 3
+$	difference/output=nl: fff.p ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$	difference/output=nl: f.p ff.p1
+$	if $severity .ne. 1 then exit 3
+$	difference/output=nl: f.p ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$	delete f.*;*,ff.*;*,fff.*;*
diff --git a/lib/libssl/src/test/tpkcs7d b/lib/libssl/src/test/tpkcs7d
index c8f18fb09c1..46e5aa2bd6e 100644
--- a/lib/libssl/src/test/tpkcs7d
+++ b/lib/libssl/src/test/tpkcs7d
@@ -3,7 +3,7 @@
 PATH=../apps:$PATH
 export PATH
 
-cmd='../apps/ssleay pkcs7'
+cmd='../apps/openssl pkcs7'
 
 if [ "$1"x != "x" ]; then
 	t=$1
@@ -11,7 +11,7 @@ else
 	t=pkcs7-1.pem
 fi
 
-echo testing pkcs7 conversions
+echo "testing pkcs7 conversions (2)"
 cp $t fff.p
 
 echo "p -> d"
diff --git a/lib/libssl/src/test/tpkcs7d.com b/lib/libssl/src/test/tpkcs7d.com
new file mode 100644
index 00000000000..08d33eaa690
--- /dev/null
+++ b/lib/libssl/src/test/tpkcs7d.com
@@ -0,0 +1,42 @@
+$! TPKCS7.COM  --  Tests pkcs7 keys
+$
+$	__arch := VAX
+$	if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$	cmd := mcr 'exe_dir'openssl pkcs7
+$
+$	t := pkcs7-1.pem
+$	if p1 .nes. "" then t = p1
+$
+$	write sys$output "testing PKCS7 conversions (2)"
+$	copy 't' fff.p
+$
+$	write sys$output "p -> d"
+$	'cmd' -in fff.p -inform p -outform d -out f.d
+$	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> p"
+$	'cmd' -in fff.p -inform p -outform p -out f.p
+$	if $severity .ne. 1 then exit 3
+$
+$	write sys$output "d -> d"
+$	'cmd' -in f.d -inform d -outform d -out ff.d1
+$	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> d"
+$	'cmd' -in f.p -inform p -outform d -out ff.d3
+$	if $severity .ne. 1 then exit 3
+$
+$
+$	write sys$output "d -> p"
+$	'cmd' -in f.d -inform d -outform p -out ff.p1
+$	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> p"
+$	'cmd' -in f.p -inform p -outform p -out ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$	difference/output=nl: f.p ff.p1
+$	if $severity .ne. 1 then exit 3
+$	difference/output=nl: f.p ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$	delete f.*;*,ff.*;*,fff.*;*
diff --git a/lib/libssl/src/test/treq b/lib/libssl/src/test/treq
index e5f1d8cc41f..0464c9d902f 100644
--- a/lib/libssl/src/test/treq
+++ b/lib/libssl/src/test/treq
@@ -3,7 +3,7 @@
 PATH=../apps:$PATH
 export PATH
 
-cmd='../apps/ssleay req'
+cmd='../apps/openssl req -config ../apps/openssl.cnf'
 
 if [ "$1"x != "x" ]; then
 	t=$1
diff --git a/lib/libssl/src/test/treq.com b/lib/libssl/src/test/treq.com
new file mode 100644
index 00000000000..9eb1d26f6e3
--- /dev/null
+++ b/lib/libssl/src/test/treq.com
@@ -0,0 +1,78 @@
+$! TREQ.COM  --  Tests req keys
+$
+$	__arch := VAX
+$	if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$	cmd := mcr 'exe_dir'openssl req -config [-.apps]openssl-vms.cnf
+$
+$	t := testreq.pem
+$	if p1 .nes. "" then t = p1
+$
+$	write sys$output "testing req conversions"
+$	copy 't' fff.p
+$
+$	write sys$output "p -> d"
+$	'cmd' -in fff.p -inform p -outform d -out f.d
+$	if $severity .ne. 1 then exit 3
+$!	write sys$output "p -> t"
+$!	'cmd' -in fff.p -inform p -outform t -out f.t
+$!	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> p"
+$	'cmd' -in fff.p -inform p -outform p -out f.p
+$	if $severity .ne. 1 then exit 3
+$
+$	write sys$output "d -> d"
+$	'cmd' -verify -in f.d -inform d -outform d -out ff.d1
+$	if $severity .ne. 1 then exit 3
+$!	write sys$output "t -> d"
+$!	'cmd' -verify -in f.t -inform t -outform d -out ff.d2
+$!	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> d"
+$	'cmd' -verify -in f.p -inform p -outform d -out ff.d3
+$	if $severity .ne. 1 then exit 3
+$
+$!	write sys$output "d -> t"
+$!	'cmd' -in f.d -inform d -outform t -out ff.t1
+$!	if $severity .ne. 1 then exit 3
+$!	write sys$output "t -> t"
+$!	'cmd' -in f.t -inform t -outform t -out ff.t2
+$!	if $severity .ne. 1 then exit 3
+$!	write sys$output "p -> t"
+$!	'cmd' -in f.p -inform p -outform t -out ff.t3
+$!	if $severity .ne. 1 then exit 3
+$
+$	write sys$output "d -> p"
+$	'cmd' -in f.d -inform d -outform p -out ff.p1
+$	if $severity .ne. 1 then exit 3
+$!	write sys$output "t -> p"
+$!	'cmd' -in f.t -inform t -outform p -out ff.p2
+$!	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> p"
+$	'cmd' -in f.p -inform p -outform p -out ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$	difference/output=nl: fff.p f.p
+$	if $severity .ne. 1 then exit 3
+$	difference/output=nl: fff.p ff.p1
+$	if $severity .ne. 1 then exit 3
+$!	difference/output=nl: fff.p ff.p2
+$!	if $severity .ne. 1 then exit 3
+$	difference/output=nl: fff.p ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$!	difference/output=nl: f.t ff.t1
+$!	if $severity .ne. 1 then exit 3
+$!	difference/output=nl: f.t ff.t2
+$!	if $severity .ne. 1 then exit 3
+$!	difference/output=nl: f.t ff.t3
+$!	if $severity .ne. 1 then exit 3
+$
+$	difference/output=nl: f.p ff.p1
+$	if $severity .ne. 1 then exit 3
+$!	difference/output=nl: f.p ff.p2
+$!	if $severity .ne. 1 then exit 3
+$	difference/output=nl: f.p ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$	delete f.*;*,ff.*;*,fff.*;*
diff --git a/lib/libssl/src/test/trsa b/lib/libssl/src/test/trsa
index e5b8fe0448e..d6a4dd826d7 100644
--- a/lib/libssl/src/test/trsa
+++ b/lib/libssl/src/test/trsa
@@ -3,7 +3,7 @@
 PATH=../apps:$PATH
 export PATH
 
-cmd='../apps/ssleay rsa'
+cmd='../apps/openssl rsa'
 
 if [ "$1"x != "x" ]; then
 	t=$1
diff --git a/lib/libssl/src/test/trsa.com b/lib/libssl/src/test/trsa.com
new file mode 100644
index 00000000000..9c9083d02b8
--- /dev/null
+++ b/lib/libssl/src/test/trsa.com
@@ -0,0 +1,78 @@
+$! TRSA.COM  --  Tests rsa keys
+$
+$	__arch := VAX
+$	if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$	cmd := mcr 'exe_dir'openssl rsa
+$
+$	t := testrsa.pem
+$	if p1 .nes. "" then t = p1
+$
+$	write sys$output "testing RSA conversions"
+$	copy 't' fff.p
+$
+$	write sys$output "p -> d"
+$	'cmd' -in fff.p -inform p -outform d -out f.d
+$	if $severity .ne. 1 then exit 3
+$!	write sys$output "p -> t"
+$!	'cmd' -in fff.p -inform p -outform t -out f.t
+$!	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> p"
+$	'cmd' -in fff.p -inform p -outform p -out f.p
+$	if $severity .ne. 1 then exit 3
+$
+$	write sys$output "d -> d"
+$	'cmd' -in f.d -inform d -outform d -out ff.d1
+$	if $severity .ne. 1 then exit 3
+$!	write sys$output "t -> d"
+$!	'cmd' -in f.t -inform t -outform d -out ff.d2
+$!	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> d"
+$	'cmd' -in f.p -inform p -outform d -out ff.d3
+$	if $severity .ne. 1 then exit 3
+$
+$!	write sys$output "d -> t"
+$!	'cmd' -in f.d -inform d -outform t -out ff.t1
+$!	if $severity .ne. 1 then exit 3
+$!	write sys$output "t -> t"
+$!	'cmd' -in f.t -inform t -outform t -out ff.t2
+$!	if $severity .ne. 1 then exit 3
+$!	write sys$output "p -> t"
+$!	'cmd' -in f.p -inform p -outform t -out ff.t3
+$!	if $severity .ne. 1 then exit 3
+$
+$	write sys$output "d -> p"
+$	'cmd' -in f.d -inform d -outform p -out ff.p1
+$	if $severity .ne. 1 then exit 3
+$!	write sys$output "t -> p"
+$!	'cmd' -in f.t -inform t -outform p -out ff.p2
+$!	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> p"
+$	'cmd' -in f.p -inform p -outform p -out ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$	difference/output=nl: fff.p f.p
+$	if $severity .ne. 1 then exit 3
+$	difference/output=nl: fff.p ff.p1
+$	if $severity .ne. 1 then exit 3
+$!	difference/output=nl: fff.p ff.p2
+$!	if $severity .ne. 1 then exit 3
+$	difference/output=nl: fff.p ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$!	difference/output=nl: f.t ff.t1
+$!	if $severity .ne. 1 then exit 3
+$!	difference/output=nl: f.t ff.t2
+$!	if $severity .ne. 1 then exit 3
+$!	difference/output=nl: f.t ff.t3
+$!	if $severity .ne. 1 then exit 3
+$
+$	difference/output=nl: f.p ff.p1
+$	if $severity .ne. 1 then exit 3
+$!	difference/output=nl: f.p ff.p2
+$!	if $severity .ne. 1 then exit 3
+$	difference/output=nl: f.p ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$	delete f.*;*,ff.*;*,fff.*;*
diff --git a/lib/libssl/src/test/tsid b/lib/libssl/src/test/tsid
index 8c7e9b1387b..9e0854516ca 100644
--- a/lib/libssl/src/test/tsid
+++ b/lib/libssl/src/test/tsid
@@ -3,7 +3,7 @@
 PATH=../apps:$PATH
 export PATH
 
-cmd='../apps/ssleay sess_id'
+cmd='../apps/openssl sess_id'
 
 if [ "$1"x != "x" ]; then
 	t=$1
diff --git a/lib/libssl/src/test/tsid.com b/lib/libssl/src/test/tsid.com
new file mode 100644
index 00000000000..28d83e5c4ed
--- /dev/null
+++ b/lib/libssl/src/test/tsid.com
@@ -0,0 +1,78 @@
+$! TSID.COM  --  Tests sid keys
+$
+$	__arch := VAX
+$	if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$	cmd := mcr 'exe_dir'openssl sess_id
+$
+$	t := testsid.pem
+$	if p1 .nes. "" then t = p1
+$
+$	write sys$output "testing session-id conversions"
+$	copy 't' fff.p
+$
+$	write sys$output "p -> d"
+$	'cmd' -in fff.p -inform p -outform d -out f.d
+$	if $severity .ne. 1 then exit 3
+$!	write sys$output "p -> t"
+$!	'cmd' -in fff.p -inform p -outform t -out f.t
+$!	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> p"
+$	'cmd' -in fff.p -inform p -outform p -out f.p
+$	if $severity .ne. 1 then exit 3
+$
+$	write sys$output "d -> d"
+$	'cmd' -in f.d -inform d -outform d -out ff.d1
+$	if $severity .ne. 1 then exit 3
+$!	write sys$output "t -> d"
+$!	'cmd' -in f.t -inform t -outform d -out ff.d2
+$!	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> d"
+$	'cmd' -in f.p -inform p -outform d -out ff.d3
+$	if $severity .ne. 1 then exit 3
+$
+$!	write sys$output "d -> t"
+$!	'cmd' -in f.d -inform d -outform t -out ff.t1
+$!	if $severity .ne. 1 then exit 3
+$!	write sys$output "t -> t"
+$!	'cmd' -in f.t -inform t -outform t -out ff.t2
+$!	if $severity .ne. 1 then exit 3
+$!	write sys$output "p -> t"
+$!	'cmd' -in f.p -inform p -outform t -out ff.t3
+$!	if $severity .ne. 1 then exit 3
+$
+$	write sys$output "d -> p"
+$	'cmd' -in f.d -inform d -outform p -out ff.p1
+$	if $severity .ne. 1 then exit 3
+$!	write sys$output "t -> p"
+$!	'cmd' -in f.t -inform t -outform p -out ff.p2
+$!	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> p"
+$	'cmd' -in f.p -inform p -outform p -out ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$	difference/output=nl: fff.p f.p
+$	if $severity .ne. 1 then exit 3
+$	difference/output=nl: fff.p ff.p1
+$	if $severity .ne. 1 then exit 3
+$!	difference/output=nl: fff.p ff.p2
+$!	if $severity .ne. 1 then exit 3
+$	difference/output=nl: fff.p ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$!	difference/output=nl: f.t ff.t1
+$!	if $severity .ne. 1 then exit 3
+$!	difference/output=nl: f.t ff.t2
+$!	if $severity .ne. 1 then exit 3
+$!	difference/output=nl: f.t ff.t3
+$!	if $severity .ne. 1 then exit 3
+$
+$	difference/output=nl: f.p ff.p1
+$	if $severity .ne. 1 then exit 3
+$!	difference/output=nl: f.p ff.p2
+$!	if $severity .ne. 1 then exit 3
+$	difference/output=nl: f.p ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$	delete f.*;*,ff.*;*,fff.*;*
diff --git a/lib/libssl/src/test/tverify.com b/lib/libssl/src/test/tverify.com
new file mode 100644
index 00000000000..f97e71478f0
--- /dev/null
+++ b/lib/libssl/src/test/tverify.com
@@ -0,0 +1,26 @@
+$! TVERIFY.COM
+$
+$	__arch := VAX
+$	if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$	copy/concatenate [-.certs]*.pem certs.tmp
+$
+$	old_f :=
+$ loop_certs:
+$	c := NO
+$	certs :=
+$ loop_certs2:
+$	f = f$search("[-.certs]*.pem")
+$	if f .nes. "" .and. f .nes. old_f
+$	then
+$	    certs = certs + " [-.certs]" + f$parse(f,,,"NAME") + ".pem"
+$	    if f$length(certs) .lt. 180 then goto loop_certs2
+$	    c := YES
+$	endif
+$	certs = certs - " "
+$
+$	mcr 'exe_dir'openssl verify "-CAfile" certs.tmp 'certs'
+$	if c then goto loop_certs
+$
+$	delete certs.tmp;*
diff --git a/lib/libssl/src/test/tx509 b/lib/libssl/src/test/tx509
index f8d1f82cdd2..35169f3a438 100644
--- a/lib/libssl/src/test/tx509
+++ b/lib/libssl/src/test/tx509
@@ -3,7 +3,7 @@
 PATH=../apps:$PATH
 export PATH
 
-cmd='../apps/ssleay x509'
+cmd='../apps/openssl x509'
 
 if [ "$1"x != "x" ]; then
 	t=$1
diff --git a/lib/libssl/src/test/tx509.com b/lib/libssl/src/test/tx509.com
new file mode 100644
index 00000000000..bbcf0a384b3
--- /dev/null
+++ b/lib/libssl/src/test/tx509.com
@@ -0,0 +1,78 @@
+$! TX509.COM  --  Tests x509 certificates
+$
+$	__arch := VAX
+$	if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$	cmd := mcr 'exe_dir'openssl x509
+$
+$	t := testx509.pem
+$	if p1 .nes. "" then t = p1
+$
+$	write sys$output "testing X509 conversions"
+$	copy 't' fff.p
+$
+$	write sys$output "p -> d"
+$	'cmd' -in fff.p -inform p -outform d -out f.d
+$	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> n"
+$	'cmd' -in fff.p -inform p -outform n -out f.n
+$	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> p"
+$	'cmd' -in fff.p -inform p -outform p -out f.p
+$	if $severity .ne. 1 then exit 3
+$
+$	write sys$output "d -> d"
+$	'cmd' -in f.d -inform d -outform d -out ff.d1
+$	if $severity .ne. 1 then exit 3
+$	write sys$output "n -> d"
+$	'cmd' -in f.n -inform n -outform d -out ff.d2
+$	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> d"
+$	'cmd' -in f.p -inform p -outform d -out ff.d3
+$	if $severity .ne. 1 then exit 3
+$
+$	write sys$output "d -> n"
+$	'cmd' -in f.d -inform d -outform n -out ff.n1
+$	if $severity .ne. 1 then exit 3
+$	write sys$output "n -> n"
+$	'cmd' -in f.n -inform n -outform n -out ff.n2
+$	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> n"
+$	'cmd' -in f.p -inform p -outform n -out ff.n3
+$	if $severity .ne. 1 then exit 3
+$
+$	write sys$output "d -> p"
+$	'cmd' -in f.d -inform d -outform p -out ff.p1
+$	if $severity .ne. 1 then exit 3
+$	write sys$output "n -> p"
+$	'cmd' -in f.n -inform n -outform p -out ff.p2
+$	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> p"
+$	'cmd' -in f.p -inform p -outform p -out ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$	difference/output=nl: fff.p f.p
+$	if $severity .ne. 1 then exit 3
+$	difference/output=nl: fff.p ff.p1
+$	if $severity .ne. 1 then exit 3
+$	difference/output=nl: fff.p ff.p2
+$	if $severity .ne. 1 then exit 3
+$	difference/output=nl: fff.p ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$	difference/output=nl: f.n ff.n1
+$	if $severity .ne. 1 then exit 3
+$	difference/output=nl: f.n ff.n2
+$	if $severity .ne. 1 then exit 3
+$	difference/output=nl: f.n ff.n3
+$	if $severity .ne. 1 then exit 3
+$
+$	difference/output=nl: f.p ff.p1
+$	if $severity .ne. 1 then exit 3
+$	difference/output=nl: f.p ff.p2
+$	if $severity .ne. 1 then exit 3
+$	difference/output=nl: f.p ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$	delete f.*;*,ff.*;*,fff.*;*
diff --git a/lib/libssl/src/times/x86/bfs.cpp b/lib/libssl/src/times/x86/bfs.cpp
index 272ed2f9780..d74c4577607 100644
--- a/lib/libssl/src/times/x86/bfs.cpp
+++ b/lib/libssl/src/times/x86/bfs.cpp
@@ -32,7 +32,7 @@ void GetTSC(unsigned long& tsc)
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "blowfish.h"
+#include <openssl/blowfish.h>
 
 void main(int argc,char *argv[])
 	{
diff --git a/lib/libssl/src/times/x86/casts.cpp b/lib/libssl/src/times/x86/casts.cpp
index 7f524da57bf..7661191acf5 100644
--- a/lib/libssl/src/times/x86/casts.cpp
+++ b/lib/libssl/src/times/x86/casts.cpp
@@ -32,7 +32,7 @@ void GetTSC(unsigned long& tsc)
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "cast.h"
+#include <openssl/cast.h>
 
 void main(int argc,char *argv[])
 	{
diff --git a/lib/libssl/src/times/x86/des3s.cpp b/lib/libssl/src/times/x86/des3s.cpp
index 9aff6494d98..02d527c057c 100644
--- a/lib/libssl/src/times/x86/des3s.cpp
+++ b/lib/libssl/src/times/x86/des3s.cpp
@@ -32,7 +32,7 @@ void GetTSC(unsigned long& tsc)
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "des.h"
+#include <openssl/des.h>
 
 void main(int argc,char *argv[])
 	{
diff --git a/lib/libssl/src/times/x86/dess.cpp b/lib/libssl/src/times/x86/dess.cpp
index 7fb59873142..753e67ad9be 100644
--- a/lib/libssl/src/times/x86/dess.cpp
+++ b/lib/libssl/src/times/x86/dess.cpp
@@ -32,7 +32,7 @@ void GetTSC(unsigned long& tsc)
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "des.h"
+#include <openssl/des.h>
 
 void main(int argc,char *argv[])
 	{
diff --git a/lib/libssl/src/times/x86/md5s.cpp b/lib/libssl/src/times/x86/md5s.cpp
index ef8e175df01..dd343fd4e6e 100644
--- a/lib/libssl/src/times/x86/md5s.cpp
+++ b/lib/libssl/src/times/x86/md5s.cpp
@@ -32,7 +32,7 @@ void GetTSC(unsigned long& tsc)
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "md5.h"
+#include <openssl/md5.h>
 
 extern "C" {
 void md5_block_x86(MD5_CTX *ctx, unsigned char *buffer,int num);
diff --git a/lib/libssl/src/times/x86/rc4s.cpp b/lib/libssl/src/times/x86/rc4s.cpp
index 39f1727dd3f..3814fde9972 100644
--- a/lib/libssl/src/times/x86/rc4s.cpp
+++ b/lib/libssl/src/times/x86/rc4s.cpp
@@ -32,7 +32,7 @@ void GetTSC(unsigned long& tsc)
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "rc4.h"
+#include <openssl/rc4.h>
 
 void main(int argc,char *argv[])
 	{
diff --git a/lib/libssl/src/times/x86/sha1s.cpp b/lib/libssl/src/times/x86/sha1s.cpp
index 0163377de69..3103e1871bb 100644
--- a/lib/libssl/src/times/x86/sha1s.cpp
+++ b/lib/libssl/src/times/x86/sha1s.cpp
@@ -32,7 +32,7 @@ void GetTSC(unsigned long& tsc)
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "sha.h"
+#include <openssl/sha.h>
 
 extern "C" {
 void sha1_block_x86(SHA_CTX *ctx, unsigned char *buffer,int num);
diff --git a/lib/libssl/src/tools/Makefile.ssl b/lib/libssl/src/tools/Makefile.ssl
index 537e97d268e..7e6285b9117 100644
--- a/lib/libssl/src/tools/Makefile.ssl
+++ b/lib/libssl/src/tools/Makefile.ssl
@@ -7,32 +7,39 @@ TOP=	..
 CC=	cc
 INCLUDES= -I.. -I../../include
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
 GENERAL=Makefile.ssl
 TEST=
-APPS= c_hash c_info c_issuer c_name c_rehash
+APPS= c_rehash
+MISC_APPS= c_hash c_info c_issuer c_name
 
 all:
 
 install:
 	@for i in $(APPS) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/bin/$$i; \
-	chmod 755 $(INSTALLTOP)/bin/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
+	chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
+	done;
+	@for i in $(MISC_APPS) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i; \
+	chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
 	done;
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
 
 lint:
 
@@ -43,11 +50,11 @@ errors:
 depend:
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 errors:
 
diff --git a/lib/libssl/src/tools/c_hash b/lib/libssl/src/tools/c_hash
index 54ff9d2cacc..5e0a9081755 100644
--- a/lib/libssl/src/tools/c_hash
+++ b/lib/libssl/src/tools/c_hash
@@ -4,6 +4,6 @@
 
 for i in $*
 do
-	h=`ssleay x509 -hash -noout -in $i`
+	h=`openssl x509 -hash -noout -in $i`
 	echo "$h.0 => $i"
 done
diff --git a/lib/libssl/src/tools/c_info b/lib/libssl/src/tools/c_info
index 5dd960b3a1e..0e1e633b6fb 100644
--- a/lib/libssl/src/tools/c_info
+++ b/lib/libssl/src/tools/c_info
@@ -5,7 +5,7 @@
 
 for i in $*
 do
-	n=`ssleay x509 -subject -issuer -enddate -noout -in $i`
+	n=`openssl x509 -subject -issuer -enddate -noout -in $i`
 	echo "$i"
 	echo "$n"
 	echo "--------"
diff --git a/lib/libssl/src/tools/c_issuer b/lib/libssl/src/tools/c_issuer
index a885b24b7ba..4c691201bb4 100644
--- a/lib/libssl/src/tools/c_issuer
+++ b/lib/libssl/src/tools/c_issuer
@@ -5,6 +5,6 @@
 
 for i in $*
 do
-	n=`ssleay x509 -issuer -noout -in $i`
+	n=`openssl x509 -issuer -noout -in $i`
 	echo "$i\t$n"
 done
diff --git a/lib/libssl/src/tools/c_name b/lib/libssl/src/tools/c_name
index 4b33e68c594..28800c0b30c 100644
--- a/lib/libssl/src/tools/c_name
+++ b/lib/libssl/src/tools/c_name
@@ -5,6 +5,6 @@
 
 for i in $*
 do
-	n=`ssleay x509 -subject -noout -in $i`
+	n=`openssl x509 -subject -noout -in $i`
 	echo "$i	$n"
 done
diff --git a/lib/libssl/src/tools/c_rehash b/lib/libssl/src/tools/c_rehash.in
index cbff15e48be..cc3b65871f0 100644
--- a/lib/libssl/src/tools/c_rehash
+++ b/lib/libssl/src/tools/c_rehash.in
@@ -4,13 +4,27 @@
 # on the command line.
 #
 
-if [ "$SSLEAY"x = "x" -o ! -x $SSLEAY ]; then
-	SSLEAY='ssleay'
-	export SSLEAY
+if [ "$OPENSSL"x = "x" -o ! -x "$OPENSSL" ]; then
+	OPENSSL='openssl'
+	export OPENSSL
 fi
-DIR=/usr/ssl
+DIR=/usr/local/ssl
 PATH=$DIR/bin:$PATH
 
+if [ ! -f "$OPENSSL" ]; then
+    found=0
+    for dir in . `echo $PATH | sed -e 's/:/ /g'`; do
+        if [ -f "$dir/$OPENSSL" ]; then
+            found=1
+            break
+        fi
+    done
+    if [ $found = 0 ]; then
+        echo "c_rehash: rehashing skipped ('openssl' program not available)" 1>&2
+        exit 0
+    fi
+fi
+
 SSL_DIR=$DIR/certs
 
 if [ "$*" = "" ]; then
@@ -30,7 +44,7 @@ do
     for i in *.pem
     do
       if [ $i != '*.pem' ]; then
-        h=`$SSLEAY x509 -hash -noout -in $i`
+        h=`$OPENSSL x509 -hash -noout -in $i`
 	if [ "x$h" = "x" ]; then
 	  echo $i does not contain a certificate
 	else
diff --git a/lib/libssl/src/util/add_cr.pl b/lib/libssl/src/util/add_cr.pl
index ddd6d61e2d4..c7b62c11ec9 100644
--- a/lib/libssl/src/util/add_cr.pl
+++ b/lib/libssl/src/util/add_cr.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 #
 # This adds a copyright message to a souce code file.
 # It also gets the file name correct.
diff --git a/lib/libssl/src/util/ck_errf.pl b/lib/libssl/src/util/ck_errf.pl
index c5764e40dfe..7a24d6c5a2e 100644
--- a/lib/libssl/src/util/ck_errf.pl
+++ b/lib/libssl/src/util/ck_errf.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 #
 # This is just a quick script to scan for cases where the 'error'
 # function name in a XXXerr() macro is wrong.
@@ -40,5 +40,6 @@ foreach $file (@ARGV)
 	#		print "$func:$1\n";
 			}
 		}
+	close(IN);
         }
 
diff --git a/lib/libssl/src/util/clean-depend.pl b/lib/libssl/src/util/clean-depend.pl
new file mode 100644
index 00000000000..af676af7514
--- /dev/null
+++ b/lib/libssl/src/util/clean-depend.pl
@@ -0,0 +1,38 @@
+#!/usr/local/bin/perl -w
+# Clean the dependency list in a makefile of standard includes...
+# Written by Ben Laurie <ben@algroup.co.uk> 19 Jan 1999
+
+use strict;
+
+while(<STDIN>) {
+    print;
+    last if /^# DO NOT DELETE THIS LINE/;
+}
+
+my %files;
+
+while(<STDIN>) {
+    my ($file,$deps)=/^(.*): (.*)$/;
+    next if !defined $deps;
+    my @deps=split ' ',$deps;
+    @deps=grep(!/^\/usr\/include/,@deps);
+    @deps=grep(!/^\/usr\/lib\/gcc-lib/,@deps);
+    push @{$files{$file}},@deps;
+}
+
+my $file;
+foreach $file (sort keys %files) {
+    my $len=0;
+    my $dep;
+    foreach $dep (sort @{$files{$file}}) {
+	$len=0 if $len+length($dep)+1 >= 80;
+	if($len == 0) {
+	    print "\n$file:";
+	    $len=length($file)+1;
+	}
+	print " $dep";
+	$len+=length($dep)+1;
+    }
+}
+
+print "\n";
diff --git a/lib/libssl/src/util/deleof.pl b/lib/libssl/src/util/deleof.pl
index 04f30f0e476..155acd88ff1 100644
--- a/lib/libssl/src/util/deleof.pl
+++ b/lib/libssl/src/util/deleof.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 
 while (<>)
 	{
diff --git a/lib/libssl/src/util/do_ms.sh b/lib/libssl/src/util/do_ms.sh
index f498d842b75..515b074cffb 100644
--- a/lib/libssl/src/util/do_ms.sh
+++ b/lib/libssl/src/util/do_ms.sh
@@ -5,11 +5,13 @@
 
 PATH=util:../util:$PATH
 
-# perl util/mk1mf.pl VC-MSDOS no-sock >ms/msdos.mak
+# perl util/mk1mf.pl no-sock VC-MSDOS >ms/msdos.mak
 # perl util/mk1mf.pl VC-W31-32 >ms/w31.mak
-perl util/mk1mf.pl VC-WIN16 dll >ms/w31dll.mak
+perl util/mk1mf.pl dll VC-WIN16 >ms/w31dll.mak
 # perl util/mk1mf.pl VC-WIN32 >ms/nt.mak
-perl util/mk1mf.pl VC-WIN32 dll >ms/ntdll.mak
+perl util/mk1mf.pl dll VC-WIN32 >ms/ntdll.mak
+perl util/mk1mf.pl Mingw32 >ms/mingw32.mak
+perl util/mk1mf.pl Mingw32-files >ms/mingw32f.mak
 
 perl util/mkdef.pl 16 libeay > ms/libeay16.def
 perl util/mkdef.pl 32 libeay > ms/libeay32.def
diff --git a/lib/libssl/src/util/domd b/lib/libssl/src/util/domd
new file mode 100644
index 00000000000..324051f60b2
--- /dev/null
+++ b/lib/libssl/src/util/domd
@@ -0,0 +1,11 @@
+#!/bin/sh
+# Do a makedepend, only leave out the standard headers
+# Written by Ben Laurie <ben@algroup.co.uk> 19 Jan 1999
+
+TOP=$1
+shift
+
+cp Makefile.ssl Makefile.save
+makedepend -f Makefile.ssl $@
+$TOP/util/clean-depend.pl < Makefile.ssl > Makefile.new
+mv Makefile.new Makefile.ssl
diff --git a/lib/libssl/src/util/err-ins.pl b/lib/libssl/src/util/err-ins.pl
index db1bb482756..31b70df8d0e 100644
--- a/lib/libssl/src/util/err-ins.pl
+++ b/lib/libssl/src/util/err-ins.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 #
 # tack error codes onto the end of a file
 #
diff --git a/lib/libssl/src/util/files.pl b/lib/libssl/src/util/files.pl
index bf3b7effdcc..41f033e3b9a 100644
--- a/lib/libssl/src/util/files.pl
+++ b/lib/libssl/src/util/files.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 #
 # used to generate the file MINFO for use by util/mk1mf.pl
 # It is basically a list of all variables from the passed makefile
diff --git a/lib/libssl/src/util/libeay.num b/lib/libssl/src/util/libeay.num
index fcaf2542872..59c2040a29d 100644
--- a/lib/libssl/src/util/libeay.num
+++ b/lib/libssl/src/util/libeay.num
@@ -580,7 +580,7 @@ X509_NAME_oneline			585
 X509_NAME_print				586
 X509_NAME_set				587
 X509_OBJECT_free_contents		588
-X509_OBJECT_retrive_by_subject		589
+X509_OBJECT_retrieve_by_subject		589
 X509_OBJECT_up_ref_count		590
 X509_PKEY_free				591
 X509_PKEY_new				592
@@ -695,12 +695,12 @@ a2i_ASN1_INTEGER			700
 a2i_ASN1_STRING				701
 asn1_Finish				702
 asn1_GetSequence			703
-bn_div64				704
+bn_div_words				704
 bn_expand2				705
 bn_mul_add_words			706
 bn_mul_words				707
-bn_qadd					708
-bn_qsub					709
+BN_uadd					708
+BN_usub					709
 bn_sqr_words				710
 crypt					711
 d2i_ASN1_BIT_STRING			712
@@ -1063,3 +1063,784 @@ EVP_rc5_32_12_16_cfb			1088
 EVP_rc5_32_12_16_ecb			1089
 EVP_rc5_32_12_16_ofb			1090
 asn1_add_error				1091
+d2i_ASN1_BMPSTRING			1092
+i2d_ASN1_BMPSTRING			1093
+BIO_f_ber				1094
+BN_init					1095
+COMP_CTX_new				1096
+COMP_CTX_free				1097
+COMP_CTX_compress_block			1098
+COMP_CTX_expand_block			1099
+X509_STORE_CTX_get_ex_new_index		1100
+OBJ_NAME_add				1101
+BIO_socket_nbio				1102
+EVP_rc2_64_cbc				1103
+OBJ_NAME_cleanup			1104
+OBJ_NAME_get				1105
+OBJ_NAME_init				1106
+OBJ_NAME_new_index			1107
+OBJ_NAME_remove				1108
+BN_MONT_CTX_copy			1109
+BIO_new_socks4a_connect			1110
+BIO_s_socks4a_connect			1111
+PROXY_set_connect_mode			1112
+RAND_SSLeay				1113
+RAND_set_rand_method			1114
+RSA_memory_lock				1115
+bn_sub_words				1116
+bn_mul_normal				1117
+bn_mul_comba8				1118
+bn_mul_comba4				1119
+bn_sqr_normal				1120
+bn_sqr_comba8				1121
+bn_sqr_comba4				1122
+bn_cmp_words				1123
+bn_mul_recursive			1124
+bn_mul_part_recursive			1125
+bn_sqr_recursive			1126
+bn_mul_low_normal			1127
+BN_RECP_CTX_init			1128
+BN_RECP_CTX_new				1129
+BN_RECP_CTX_free			1130
+BN_RECP_CTX_set				1131
+BN_mod_mul_reciprocal			1132
+BN_mod_exp_recp				1133
+BN_div_recp				1134
+BN_CTX_init				1135
+BN_MONT_CTX_init			1136
+RAND_get_rand_method			1137
+PKCS7_add_attribute			1138
+PKCS7_add_signed_attribute		1139
+PKCS7_digest_from_attributes		1140
+PKCS7_get_attribute			1141
+PKCS7_get_issuer_and_serial		1142
+PKCS7_get_signed_attribute		1143
+COMP_compress_block			1144
+COMP_expand_block			1145
+COMP_rle				1146
+COMP_zlib				1147
+ms_time_diff				1148
+ms_time_new				1149
+ms_time_free				1150
+ms_time_cmp				1151
+ms_time_get				1152
+PKCS7_set_attributes			1153
+PKCS7_set_signed_attributes		1154
+X509_ATTRIBUTE_create			1155
+X509_ATTRIBUTE_dup			1156
+ASN1_GENERALIZEDTIME_check		1157
+ASN1_GENERALIZEDTIME_print		1158
+ASN1_GENERALIZEDTIME_set		1159
+ASN1_GENERALIZEDTIME_set_string		1160
+ASN1_TIME_print				1161
+BASIC_CONSTRAINTS_free			1162
+BASIC_CONSTRAINTS_new			1163
+ERR_load_X509V3_strings			1164
+NETSCAPE_CERT_SEQUENCE_free		1165
+NETSCAPE_CERT_SEQUENCE_new		1166
+OBJ_txt2obj				1167
+PEM_read_NETSCAPE_CERT_SEQUENCE		1168
+PEM_read_bio_NETSCAPE_CERT_SEQUENCE	1169
+PEM_write_NETSCAPE_CERT_SEQUENCE	1170
+PEM_write_bio_NETSCAPE_CERT_SEQUENCE	1171
+X509V3_EXT_add				1172
+X509V3_EXT_add_alias			1173
+X509V3_EXT_add_conf			1174
+X509V3_EXT_cleanup			1175
+X509V3_EXT_conf				1176
+X509V3_EXT_conf_nid			1177
+X509V3_EXT_get				1178
+X509V3_EXT_get_nid			1179
+X509V3_EXT_print			1180
+X509V3_EXT_print_fp			1181
+X509V3_add_standard_extensions		1182
+X509V3_add_value			1183
+X509V3_add_value_bool			1184
+X509V3_add_value_int			1185
+X509V3_conf_free			1186
+X509V3_get_value_bool			1187
+X509V3_get_value_int			1188
+X509V3_parse_list			1189
+d2i_ASN1_GENERALIZEDTIME		1190
+d2i_ASN1_TIME				1191
+d2i_BASIC_CONSTRAINTS			1192
+d2i_NETSCAPE_CERT_SEQUENCE		1193
+d2i_ext_ku				1194
+ext_ku_free				1195
+ext_ku_new				1196
+i2d_ASN1_GENERALIZEDTIME		1197
+i2d_ASN1_TIME				1198
+i2d_BASIC_CONSTRAINTS			1199
+i2d_NETSCAPE_CERT_SEQUENCE		1200
+i2d_ext_ku				1201
+EVP_MD_CTX_copy				1202
+i2d_ASN1_ENUMERATED                     1203
+d2i_ASN1_ENUMERATED                     1204
+ASN1_ENUMERATED_set                     1205
+ASN1_ENUMERATED_get                     1206
+BN_to_ASN1_ENUMERATED                   1207
+ASN1_ENUMERATED_to_BN                   1208
+i2a_ASN1_ENUMERATED                     1209
+a2i_ASN1_ENUMERATED                     1210
+i2d_GENERAL_NAME                        1211
+d2i_GENERAL_NAME                        1212
+GENERAL_NAME_new                        1213
+GENERAL_NAME_free                       1214
+GENERAL_NAMES_new                       1215
+GENERAL_NAMES_free                      1216
+d2i_GENERAL_NAMES                       1217
+i2d_GENERAL_NAMES                       1218
+i2v_GENERAL_NAMES                       1219
+i2s_ASN1_OCTET_STRING                   1220
+s2i_ASN1_OCTET_STRING                   1221
+X509V3_EXT_check_conf                   1222
+hex_to_string                           1223
+string_to_hex                           1224
+des_ede3_cbcm_encrypt                   1225
+RSA_padding_add_PKCS1_OAEP              1226
+RSA_padding_check_PKCS1_OAEP            1227
+X509_CRL_print_fp                       1228
+X509_CRL_print                          1229
+i2v_GENERAL_NAME                        1230
+v2i_GENERAL_NAME                        1231
+i2d_PKEY_USAGE_PERIOD                   1232
+d2i_PKEY_USAGE_PERIOD                   1233
+PKEY_USAGE_PERIOD_new                   1234
+PKEY_USAGE_PERIOD_free                  1235
+v2i_GENERAL_NAMES                       1236
+i2s_ASN1_INTEGER                        1237
+X509V3_EXT_d2i                          1238
+name_cmp                                1239
+str_dup                                 1240
+i2s_ASN1_ENUMERATED                     1241
+i2s_ASN1_ENUMERATED_TABLE               1242
+BIO_s_log                               1243
+BIO_f_reliable                          1244
+PKCS7_dataFinal                         1245
+PKCS7_dataDecode                        1246
+X509V3_EXT_CRL_add_conf                 1247
+BN_set_params                           1248
+BN_get_params                           1249
+BIO_get_ex_num                          1250
+BIO_set_ex_free_func                    1251
+EVP_ripemd160                           1252
+ASN1_TIME_set                           1253
+i2d_AUTHORITY_KEYID                     1254
+d2i_AUTHORITY_KEYID                     1255
+AUTHORITY_KEYID_new                     1256
+AUTHORITY_KEYID_free                    1257
+ASN1_seq_unpack                         1258
+ASN1_seq_pack                           1259
+ASN1_unpack_string                      1260
+ASN1_pack_string                        1261
+PKCS12_pack_safebag                     1262
+PKCS12_MAKE_KEYBAG                      1263
+PKCS8_encrypt                           1264
+PKCS12_MAKE_SHKEYBAG                    1265
+PKCS12_pack_p7data                      1266
+PKCS12_pack_p7encdata                   1267
+PKCS12_add_localkeyid                   1268
+PKCS12_add_friendlyname_asc             1269
+PKCS12_add_friendlyname_uni             1270
+PKCS12_get_friendlyname                 1271
+PKCS12_pbe_crypt                        1272
+PKCS12_decrypt_d2i                      1273
+PKCS12_i2d_encrypt                      1274
+PKCS12_init                             1275
+PKCS12_key_gen_asc                      1276
+PKCS12_key_gen_uni                      1277
+PKCS12_gen_mac                          1278
+PKCS12_verify_mac                       1279
+PKCS12_set_mac                          1280
+PKCS12_setup_mac                        1281
+asc2uni                                 1282
+uni2asc                                 1283
+i2d_PKCS12_BAGS                         1284
+PKCS12_BAGS_new                         1285
+d2i_PKCS12_BAGS                         1286
+PKCS12_BAGS_free                        1287
+i2d_PKCS12                              1288
+d2i_PKCS12                              1289
+PKCS12_new                              1290
+PKCS12_free                             1291
+i2d_PKCS12_MAC_DATA                     1292
+PKCS12_MAC_DATA_new                     1293
+d2i_PKCS12_MAC_DATA                     1294
+PKCS12_MAC_DATA_free                    1295
+i2d_PKCS12_SAFEBAG                      1296
+PKCS12_SAFEBAG_new                      1297
+d2i_PKCS12_SAFEBAG                      1298
+PKCS12_SAFEBAG_free                     1299
+ERR_load_PKCS12_strings                 1300
+PKCS12_PBE_add                          1301
+PKCS8_add_keyusage                      1302
+PKCS12_get_attr_gen                     1303
+PKCS12_parse                            1304
+PKCS12_create                           1305
+i2d_PKCS12_bio                          1306
+i2d_PKCS12_fp                           1307
+d2i_PKCS12_bio                          1308
+d2i_PKCS12_fp                           1309
+i2d_PBEPARAM                            1310
+PBEPARAM_new                            1311
+d2i_PBEPARAM                            1312
+PBEPARAM_free                           1313
+i2d_PKCS8_PRIV_KEY_INFO                 1314
+PKCS8_PRIV_KEY_INFO_new                 1315
+d2i_PKCS8_PRIV_KEY_INFO                 1316
+PKCS8_PRIV_KEY_INFO_free                1317
+EVP_PKCS82PKEY                          1318
+EVP_PKEY2PKCS8                          1319
+PKCS8_set_broken                        1320
+EVP_PBE_ALGOR_CipherInit                1321
+EVP_PBE_alg_add                         1322
+PKCS5_pbe_set                           1323
+EVP_PBE_cleanup                         1324
+i2d_SXNET                               1325
+d2i_SXNET                               1326
+SXNET_new                               1327
+SXNET_free                              1328
+i2d_SXNETID                             1329
+d2i_SXNETID                             1330
+SXNETID_new                             1331
+SXNETID_free                            1332
+DSA_SIG_new								1333
+DSA_SIG_free							1334
+DSA_do_sign								1335
+DSA_do_verify							1336
+d2i_DSA_SIG								1337
+i2d_DSA_SIG								1338
+
+i2d_ASN1_VISIBLESTRING                  1339
+d2i_ASN1_VISIBLESTRING                  1340
+i2d_ASN1_UTF8STRING                     1341
+d2i_ASN1_UTF8STRING                     1342
+i2d_DIRECTORYSTRING                     1343
+d2i_DIRECTORYSTRING                     1344
+i2d_DISPLAYTEXT                         1345
+d2i_DISPLAYTEXT                         1346
+sk_X509_NAME_new                        1347
+sk_X509_NAME_new_null                   1348
+sk_X509_NAME_free                       1349
+sk_X509_NAME_num                        1350
+sk_X509_NAME_value                      1351
+sk_X509_NAME_set                        1352
+sk_X509_NAME_zero                       1353
+sk_X509_NAME_push                       1354
+sk_X509_NAME_pop                        1355
+sk_X509_NAME_find                       1356
+sk_X509_NAME_delete                     1357
+sk_X509_NAME_delete_ptr                 1358
+sk_X509_NAME_set_cmp_func               1359
+sk_X509_NAME_dup                        1360
+sk_X509_NAME_pop_free                   1361
+sk_X509_NAME_shift                      1362
+sk_X509_new                             1363
+sk_X509_new_null                        1364
+sk_X509_free                            1365
+sk_X509_num                             1366
+sk_X509_value                           1367
+sk_X509_set                             1368
+sk_X509_zero                            1369
+sk_X509_push                            1370
+sk_X509_pop                             1371
+sk_X509_find                            1372
+sk_X509_delete                          1373
+sk_X509_delete_ptr                      1374
+sk_X509_set_cmp_func                    1375
+sk_X509_dup                             1376
+sk_X509_pop_free                        1377
+sk_X509_shift                           1378
+d2i_ASN1_SET_OF_X509                    1379
+i2d_ASN1_SET_OF_X509                    1380
+sk_X509_ATTRIBUTE_new                   1381
+sk_X509_ATTRIBUTE_new_null              1382
+sk_X509_ATTRIBUTE_free                  1383
+sk_X509_ATTRIBUTE_num                   1384
+sk_X509_ATTRIBUTE_value                 1385
+sk_X509_ATTRIBUTE_set                   1386
+sk_X509_ATTRIBUTE_zero                  1387
+sk_X509_ATTRIBUTE_push                  1388
+sk_X509_ATTRIBUTE_pop                   1389
+sk_X509_ATTRIBUTE_find                  1390
+sk_X509_ATTRIBUTE_delete                1391
+sk_X509_ATTRIBUTE_delete_ptr            1392
+sk_X509_ATTRIBUTE_set_cmp_func          1393
+sk_X509_ATTRIBUTE_dup                   1394
+sk_X509_ATTRIBUTE_pop_free              1395
+sk_X509_ATTRIBUTE_shift                 1396
+i2d_PBKDF2PARAM                         1397
+PBKDF2PARAM_new                         1398
+d2i_PBKDF2PARAM                         1399
+PBKDF2PARAM_free                        1400
+i2d_PBE2PARAM                           1401
+PBE2PARAM_new                           1402
+d2i_PBE2PARAM                           1403
+PBE2PARAM_free                          1404
+sk_GENERAL_NAME_new                     1405
+sk_GENERAL_NAME_new_null                1406
+sk_GENERAL_NAME_free                    1407
+sk_GENERAL_NAME_num                     1408
+sk_GENERAL_NAME_value                   1409
+sk_GENERAL_NAME_set                     1410
+sk_GENERAL_NAME_zero                    1411
+sk_GENERAL_NAME_push                    1412
+sk_GENERAL_NAME_pop                     1413
+sk_GENERAL_NAME_find                    1414
+sk_GENERAL_NAME_delete                  1415
+sk_GENERAL_NAME_delete_ptr              1416
+sk_GENERAL_NAME_set_cmp_func            1417
+sk_GENERAL_NAME_dup                     1418
+sk_GENERAL_NAME_pop_free                1419
+sk_GENERAL_NAME_shift                   1420
+d2i_ASN1_SET_OF_GENERAL_NAME            1421
+i2d_ASN1_SET_OF_GENERAL_NAME            1422
+sk_SXNETID_new                          1423
+sk_SXNETID_new_null                     1424
+sk_SXNETID_free                         1425
+sk_SXNETID_num                          1426
+sk_SXNETID_value                        1427
+sk_SXNETID_set                          1428
+sk_SXNETID_zero                         1429
+sk_SXNETID_push                         1430
+sk_SXNETID_pop                          1431
+sk_SXNETID_find                         1432
+sk_SXNETID_delete                       1433
+sk_SXNETID_delete_ptr                   1434
+sk_SXNETID_set_cmp_func                 1435
+sk_SXNETID_dup                          1436
+sk_SXNETID_pop_free                     1437
+sk_SXNETID_shift                        1438
+d2i_ASN1_SET_OF_SXNETID                 1439
+i2d_ASN1_SET_OF_SXNETID                 1440
+sk_POLICYQUALINFO_new                   1441
+sk_POLICYQUALINFO_new_null              1442
+sk_POLICYQUALINFO_free                  1443
+sk_POLICYQUALINFO_num                   1444
+sk_POLICYQUALINFO_value                 1445
+sk_POLICYQUALINFO_set                   1446
+sk_POLICYQUALINFO_zero                  1447
+sk_POLICYQUALINFO_push                  1448
+sk_POLICYQUALINFO_pop                   1449
+sk_POLICYQUALINFO_find                  1450
+sk_POLICYQUALINFO_delete                1451
+sk_POLICYQUALINFO_delete_ptr            1452
+sk_POLICYQUALINFO_set_cmp_func          1453
+sk_POLICYQUALINFO_dup                   1454
+sk_POLICYQUALINFO_pop_free              1455
+sk_POLICYQUALINFO_shift                 1456
+d2i_ASN1_SET_OF_POLICYQUALINFO          1457
+i2d_ASN1_SET_OF_POLICYQUALINFO          1458
+sk_POLICYINFO_new                       1459
+sk_POLICYINFO_new_null                  1460
+sk_POLICYINFO_free                      1461
+sk_POLICYINFO_num                       1462
+sk_POLICYINFO_value                     1463
+sk_POLICYINFO_set                       1464
+sk_POLICYINFO_zero                      1465
+sk_POLICYINFO_push                      1466
+sk_POLICYINFO_pop                       1467
+sk_POLICYINFO_find                      1468
+sk_POLICYINFO_delete                    1469
+sk_POLICYINFO_delete_ptr                1470
+sk_POLICYINFO_set_cmp_func              1471
+sk_POLICYINFO_dup                       1472
+sk_POLICYINFO_pop_free                  1473
+sk_POLICYINFO_shift                     1474
+d2i_ASN1_SET_OF_POLICYINFO              1475
+i2d_ASN1_SET_OF_POLICYINFO              1476
+SXNET_add_id_asc                        1477
+SXNET_add_id_ulong                      1478
+SXNET_add_id_INTEGER                    1479
+SXNET_get_id_asc                        1480
+SXNET_get_id_ulong                      1481
+SXNET_get_id_INTEGER                    1482
+X509V3_set_conf_lhash                   1483
+i2d_CERTIFICATEPOLICIES                 1484
+CERTIFICATEPOLICIES_new                 1485
+CERTIFICATEPOLICIES_free                1486
+d2i_CERTIFICATEPOLICIES                 1487
+i2d_POLICYINFO                          1488
+POLICYINFO_new                          1489
+d2i_POLICYINFO                          1490
+POLICYINFO_free                         1491
+i2d_POLICYQUALINFO                      1492
+POLICYQUALINFO_new                      1493
+d2i_POLICYQUALINFO                      1494
+POLICYQUALINFO_free                     1495
+i2d_USERNOTICE                          1496
+USERNOTICE_new                          1497
+d2i_USERNOTICE                          1498
+USERNOTICE_free                         1499
+i2d_NOTICEREF                           1500
+NOTICEREF_new                           1501
+d2i_NOTICEREF                           1502
+NOTICEREF_free                          1503
+X509V3_get_string                       1504
+X509V3_get_section                      1505
+X509V3_string_free                      1506
+X509V3_section_free                     1507
+X509V3_set_ctx                          1508
+s2i_ASN1_INTEGER                        1509
+CRYPTO_set_locked_mem_functions         1510
+CRYPTO_get_locked_mem_functions         1511
+CRYPTO_malloc_locked                    1512
+CRYPTO_free_locked                      1513
+BN_mod_exp2_mont                        1514
+ERR_get_error_line_data                 1515
+ERR_peek_error_line_data                1516
+PKCS12_PBE_keyivgen                     1517
+X509_ALGOR_dup                          1518
+sk_DIST_POINT_new                       1519
+sk_DIST_POINT_new_null                  1520
+sk_DIST_POINT_free                      1521
+sk_DIST_POINT_num                       1522
+sk_DIST_POINT_value                     1523
+sk_DIST_POINT_set                       1524
+sk_DIST_POINT_zero                      1525
+sk_DIST_POINT_push                      1526
+sk_DIST_POINT_pop                       1527
+sk_DIST_POINT_find                      1528
+sk_DIST_POINT_delete                    1529
+sk_DIST_POINT_delete_ptr                1530
+sk_DIST_POINT_set_cmp_func              1531
+sk_DIST_POINT_dup                       1532
+sk_DIST_POINT_pop_free                  1533
+sk_DIST_POINT_shift                     1534
+d2i_ASN1_SET_OF_DIST_POINT              1535
+i2d_ASN1_SET_OF_DIST_POINT              1536
+i2d_CRL_DIST_POINTS                     1537
+CRL_DIST_POINTS_new                     1538
+CRL_DIST_POINTS_free                    1539
+d2i_CRL_DIST_POINTS                     1540
+i2d_DIST_POINT                          1541
+DIST_POINT_new                          1542
+d2i_DIST_POINT                          1543
+DIST_POINT_free                         1544
+i2d_DIST_POINT_NAME                     1545
+DIST_POINT_NAME_new                     1546
+DIST_POINT_NAME_free                    1547
+d2i_DIST_POINT_NAME                     1548
+X509V3_add_value_uchar                  1549
+sk_X509_INFO_new                        1550
+sk_X509_EXTENSION_new                   1551
+sk_X509_NAME_ENTRY_unshift              1552
+sk_ASN1_TYPE_value                      1553
+sk_X509_EXTENSION_find                  1554
+d2i_ASN1_SET_OF_X509_ATTRIBUTE          1555
+sk_ASN1_TYPE_pop                        1556
+sk_X509_EXTENSION_set_cmp_func          1557
+sk_ASN1_TYPE_new_null                   1558
+sk_X509_NAME_ENTRY_delete               1559
+i2d_ASN1_SET_OF_ASN1_TYPE               1560
+sk_X509_NAME_ENTRY_dup                  1561
+sk_X509_unshift                         1562
+sk_X509_NAME_unshift                    1563
+sk_ASN1_TYPE_num                        1564
+sk_X509_EXTENSION_new_null              1565
+sk_X509_INFO_value                      1566
+d2i_ASN1_SET_OF_X509_EXTENSION          1567
+sk_X509_INFO_delete_ptr                 1568
+sk_X509_NAME_ENTRY_new                  1569
+sk_DIST_POINT_insert                    1570
+sk_ASN1_TYPE_set_cmp_func               1571
+sk_X509_EXTENSION_value                 1572
+sk_DIST_POINT_unshift                   1573
+d2i_ASN1_SET_OF_X509_NAME_ENTRY         1574
+sk_X509_INFO_pop                        1575
+sk_X509_EXTENSION_pop                   1576
+sk_X509_NAME_ENTRY_shift                1577
+sk_X509_INFO_num                        1578
+sk_X509_EXTENSION_num                   1579
+sk_X509_INFO_pop_free                   1580
+sk_POLICYQUALINFO_unshift               1581
+sk_POLICYINFO_unshift                   1582
+sk_X509_NAME_ENTRY_new_null             1583
+sk_X509_NAME_ENTRY_pop                  1584
+sk_X509_ATTRIBUTE_unshift               1585
+sk_X509_NAME_ENTRY_num                  1586
+sk_GENERAL_NAME_unshift                 1587
+sk_X509_INFO_free                       1588
+d2i_ASN1_SET_OF_ASN1_TYPE               1589
+sk_X509_INFO_insert                     1590
+sk_X509_NAME_ENTRY_value                1591
+sk_POLICYQUALINFO_insert                1592
+sk_ASN1_TYPE_set                        1593
+sk_X509_EXTENSION_delete_ptr            1594
+sk_X509_INFO_unshift                    1595
+sk_ASN1_TYPE_unshift                    1596
+sk_ASN1_TYPE_free                       1597
+sk_ASN1_TYPE_delete_ptr                 1598
+sk_ASN1_TYPE_pop_free                   1599
+sk_X509_EXTENSION_unshift               1600
+sk_X509_EXTENSION_pop_free              1601
+sk_X509_NAME_ENTRY_set_cmp_func         1602
+sk_ASN1_TYPE_insert                     1603
+sk_X509_NAME_ENTRY_free                 1604
+sk_SXNETID_insert                       1605
+sk_X509_NAME_insert                     1606
+sk_X509_insert                          1607
+sk_X509_INFO_delete                     1608
+sk_X509_INFO_set_cmp_func               1609
+sk_X509_ATTRIBUTE_insert                1610
+sk_X509_INFO_zero                       1611
+sk_X509_INFO_set                        1612
+sk_X509_EXTENSION_set                   1613
+sk_X509_EXTENSION_free                  1614
+i2d_ASN1_SET_OF_X509_ATTRIBUTE          1615
+sk_SXNETID_unshift                      1616
+sk_X509_INFO_push                       1617
+sk_X509_EXTENSION_insert                1618
+sk_X509_INFO_new_null                   1619
+sk_ASN1_TYPE_dup                        1620
+sk_X509_INFO_find                       1621
+sk_POLICYINFO_insert                    1622
+sk_ASN1_TYPE_zero                       1623
+i2d_ASN1_SET_OF_X509_EXTENSION          1624
+sk_X509_NAME_ENTRY_set                  1625
+sk_ASN1_TYPE_push                       1626
+sk_X509_NAME_ENTRY_insert               1627
+sk_ASN1_TYPE_new                        1628
+sk_GENERAL_NAME_insert                  1629
+sk_ASN1_TYPE_shift                      1630
+sk_ASN1_TYPE_delete                     1631
+sk_X509_NAME_ENTRY_pop_free             1632
+i2d_ASN1_SET_OF_X509_NAME_ENTRY         1633
+sk_X509_NAME_ENTRY_zero                 1634
+sk_ASN1_TYPE_find                       1635
+sk_X509_NAME_ENTRY_delete_ptr           1636
+sk_X509_NAME_ENTRY_push                 1637
+sk_X509_EXTENSION_zero                  1638
+sk_X509_INFO_shift                      1639
+sk_X509_INFO_dup                        1640
+sk_X509_EXTENSION_dup                   1641
+sk_X509_EXTENSION_delete                1642
+sk_X509_EXTENSION_shift                 1643
+sk_X509_EXTENSION_push                  1644
+sk_X509_NAME_ENTRY_find                 1645
+X509V3_EXT_i2d                          1646
+X509V3_EXT_val_prn                      1647
+X509V3_EXT_add_list                     1648
+EVP_CIPHER_type                         1649
+EVP_PBE_CipherInit                      1650
+X509V3_add_value_bool_nf                1651
+d2i_ASN1_UINTEGER                       1652
+sk_value                                1653
+sk_num                                  1654
+sk_set                                  1655
+sk_X509_REVOKED_set_cmp_func            1656
+sk_X509_REVOKED_unshift                 1657
+sk_X509_REVOKED_dup                     1658
+sk_X509_REVOKED_free                    1659
+sk_X509_REVOKED_new                     1660
+i2d_ASN1_SET_OF_X509_REVOKED            1661
+sk_X509_REVOKED_shift                   1662
+sk_X509_REVOKED_delete_ptr              1663
+sk_X509_REVOKED_pop_free                1664
+sk_X509_REVOKED_insert                  1665
+sk_X509_REVOKED_zero                    1666
+sk_X509_REVOKED_pop                     1667
+sk_X509_REVOKED_value                   1668
+sk_X509_REVOKED_num                     1669
+sk_X509_REVOKED_push                    1670
+sk_sort                                 1671
+sk_X509_REVOKED_find                    1672
+sk_X509_REVOKED_delete                  1673
+d2i_ASN1_SET_OF_X509_REVOKED            1674
+sk_X509_REVOKED_new_null                1675
+sk_X509_REVOKED_set                     1676
+sk_X509_ALGOR_new                       1677
+sk_X509_CRL_set_cmp_func                1678
+sk_X509_CRL_set                         1679
+sk_X509_ALGOR_unshift                   1680
+sk_X509_CRL_free                        1681
+i2d_ASN1_SET_OF_X509_ALGOR              1682
+sk_X509_ALGOR_pop                       1683
+sk_X509_CRL_unshift                     1684
+i2d_ASN1_SET_OF_X509_CRL                1685
+sk_X509_ALGOR_num                       1686
+sk_X509_CRL_insert                      1687
+sk_X509_CRL_pop_free                    1688
+sk_X509_CRL_delete_ptr                  1689
+sk_X509_ALGOR_insert                    1690
+sk_X509_CRL_dup                         1691
+sk_X509_CRL_zero                        1692
+sk_X509_CRL_new                         1693
+sk_X509_CRL_push                        1694
+sk_X509_ALGOR_new_null                  1695
+d2i_ASN1_SET_OF_X509_ALGOR              1696
+sk_X509_CRL_shift                       1697
+sk_X509_CRL_find                        1698
+sk_X509_CRL_delete                      1699
+sk_X509_ALGOR_free                      1700
+sk_X509_ALGOR_delete                    1701
+d2i_ASN1_SET_OF_X509_CRL                1702
+sk_X509_ALGOR_delete_ptr                1703
+sk_X509_CRL_pop                         1704
+sk_X509_ALGOR_set                       1705
+sk_X509_CRL_num                         1706
+sk_X509_CRL_value                       1707
+sk_X509_ALGOR_shift                     1708
+sk_X509_ALGOR_zero                      1709
+sk_X509_CRL_new_null                    1710
+sk_X509_ALGOR_push                      1711
+sk_X509_ALGOR_value                     1712
+sk_X509_ALGOR_find                      1713
+sk_X509_ALGOR_set_cmp_func              1714
+sk_X509_ALGOR_dup                       1715
+sk_X509_ALGOR_pop_free                  1716
+sk_PKCS7_SIGNER_INFO_new                1717
+sk_PKCS7_SIGNER_INFO_zero               1718
+sk_PKCS7_SIGNER_INFO_unshift            1719
+sk_PKCS7_RECIP_INFO_dup                 1720
+sk_PKCS7_SIGNER_INFO_insert             1721
+sk_PKCS7_SIGNER_INFO_push               1722
+i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO       1723
+sk_PKCS7_RECIP_INFO_new                 1724
+sk_X509_LOOKUP_new_null                 1725
+sk_PKCS7_SIGNER_INFO_find               1726
+sk_PKCS7_SIGNER_INFO_set_cmp_func       1727
+sk_X509_LOOKUP_zero                     1728
+sk_PKCS7_RECIP_INFO_shift               1729
+sk_PKCS7_RECIP_INFO_new_null            1730
+sk_PKCS7_SIGNER_INFO_shift              1731
+sk_PKCS7_SIGNER_INFO_pop                1732
+sk_PKCS7_SIGNER_INFO_pop_free           1733
+sk_X509_LOOKUP_push                     1734
+sk_X509_LOOKUP_dup                      1735
+sk_PKCS7_SIGNER_INFO_num                1736
+sk_X509_LOOKUP_find                     1737
+i2d_ASN1_SET_OF_PKCS7_RECIP_INFO        1738
+sk_X509_LOOKUP_new                      1739
+sk_PKCS7_SIGNER_INFO_delete             1740
+sk_PKCS7_RECIP_INFO_set_cmp_func        1741
+sk_PKCS7_SIGNER_INFO_delete_ptr         1742
+sk_PKCS7_RECIP_INFO_pop                 1743
+sk_X509_LOOKUP_insert                   1744
+sk_PKCS7_RECIP_INFO_value               1745
+sk_PKCS7_RECIP_INFO_num                 1746
+sk_PKCS7_SIGNER_INFO_value              1747
+d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO       1748
+sk_X509_LOOKUP_pop                      1749
+sk_X509_LOOKUP_num                      1750
+sk_X509_LOOKUP_delete                   1751
+sk_PKCS7_RECIP_INFO_free                1752
+d2i_ASN1_SET_OF_PKCS7_RECIP_INFO        1753
+sk_PKCS7_SIGNER_INFO_set                1754
+sk_X509_LOOKUP_pop_free                 1755
+sk_X509_LOOKUP_shift                    1756
+sk_X509_LOOKUP_unshift                  1757
+sk_PKCS7_SIGNER_INFO_new_null           1758
+sk_PKCS7_RECIP_INFO_delete_ptr          1759
+sk_PKCS7_RECIP_INFO_pop_free            1760
+sk_PKCS7_RECIP_INFO_insert              1761
+sk_PKCS7_SIGNER_INFO_free               1762
+sk_PKCS7_RECIP_INFO_set                 1763
+sk_PKCS7_RECIP_INFO_zero                1764
+sk_X509_LOOKUP_value                    1765
+sk_PKCS7_RECIP_INFO_push                1766
+sk_PKCS7_RECIP_INFO_unshift             1767
+sk_X509_LOOKUP_set_cmp_func             1768
+sk_X509_LOOKUP_free                     1769
+sk_PKCS7_SIGNER_INFO_dup                1770
+sk_X509_LOOKUP_delete_ptr               1771
+sk_X509_LOOKUP_set                      1772
+sk_PKCS7_RECIP_INFO_find                1773
+sk_PKCS7_RECIP_INFO_delete              1774
+PKCS5_PBE_add                           1775
+PEM_write_bio_PKCS8                     1776
+i2d_PKCS8_fp                            1777
+PEM_read_bio_PKCS8_PRIV_KEY_INFO        1778
+d2i_PKCS8_bio                           1779
+d2i_PKCS8_PRIV_KEY_INFO_fp              1780
+PEM_write_bio_PKCS8_PRIV_KEY_INFO       1781
+PEM_read_PKCS8                          1782
+d2i_PKCS8_PRIV_KEY_INFO_bio             1783
+d2i_PKCS8_fp                            1784
+PEM_write_PKCS8                         1785
+PEM_read_PKCS8_PRIV_KEY_INFO            1786
+PEM_read_bio_PKCS8                      1787
+PEM_write_PKCS8_PRIV_KEY_INFO           1788
+PKCS5_PBE_keyivgen                      1789
+i2d_PKCS8_bio                           1790
+i2d_PKCS8_PRIV_KEY_INFO_fp              1791
+i2d_PKCS8_PRIV_KEY_INFO_bio             1792
+BIO_s_bio                               1793
+PKCS5_pbe2_set                          1794
+PKCS5_PBKDF2_HMAC_SHA1                  1795
+PKCS5_v2_PBE_keyivgen                   1796
+PEM_write_bio_PKCS8PrivateKey           1797
+PEM_write_PKCS8PrivateKey               1798
+BIO_ctrl_get_read_request               1799
+BIO_ctrl_pending                        1800
+BIO_ctrl_wpending                       1801
+BIO_new_bio_pair                        1802
+BIO_ctrl_get_write_guarantee            1803
+CRYPTO_num_locks                        1804
+CONF_load_bio                           1805
+CONF_load_fp                            1806
+sk_CONF_VALUE_delete                    1807
+sk_CONF_VALUE_pop                       1808
+sk_CONF_VALUE_num                       1809
+sk_CONF_VALUE_pop_free                  1810
+sk_CONF_VALUE_free                      1811
+sk_CONF_VALUE_shift                     1812
+sk_CONF_VALUE_unshift                   1813
+sk_CONF_VALUE_value                     1814
+sk_CONF_VALUE_set                       1815
+sk_CONF_VALUE_zero                      1816
+sk_CONF_VALUE_push                      1817
+sk_CONF_VALUE_delete_ptr                1818
+sk_CONF_VALUE_find                      1819
+sk_CONF_VALUE_set_cmp_func              1820
+sk_CONF_VALUE_new_null                  1821
+sk_CONF_VALUE_dup                       1822
+sk_CONF_VALUE_insert                    1823
+sk_CONF_VALUE_new                       1824
+sk_ASN1_OBJECT_find                     1825
+sk_ASN1_OBJECT_pop_free                 1826
+sk_ASN1_OBJECT_dup                      1827
+sk_ASN1_OBJECT_delete_ptr               1828
+sk_ASN1_OBJECT_new                      1829
+sk_ASN1_OBJECT_unshift                  1830
+sk_ASN1_OBJECT_delete                   1831
+sk_ASN1_OBJECT_shift                    1832
+sk_ASN1_OBJECT_pop                      1833
+sk_ASN1_OBJECT_num                      1834
+sk_ASN1_OBJECT_value                    1835
+sk_ASN1_OBJECT_new_null                 1836
+i2d_ASN1_SET_OF_ASN1_OBJECT             1837
+sk_ASN1_OBJECT_free                     1838
+sk_ASN1_OBJECT_set                      1839
+sk_ASN1_OBJECT_set_cmp_func             1840
+sk_ASN1_OBJECT_zero                     1841
+sk_ASN1_OBJECT_insert                   1842
+sk_ASN1_OBJECT_push                     1843
+d2i_ASN1_SET_OF_ASN1_OBJECT             1844
+PKCS7_signatureVerify                   1845
+RSA_set_method                          1846
+RSA_get_method                          1847
+RSA_get_default_method                  1848
+sk_CONF_VALUE_sort                      1849
+sk_X509_REVOKED_sort                    1850
+sk_X509_ATTRIBUTE_sort                  1851
+sk_X509_INFO_sort                       1852
+sk_POLICYINFO_sort                      1853
+sk_GENERAL_NAME_sort                    1854
+sk_X509_sort                            1855
+sk_X509_NAME_sort                       1856
+sk_ASN1_TYPE_sort                       1857
+sk_X509_ALGOR_sort                      1858
+sk_PKCS7_RECIP_INFO_sort                1859
+sk_X509_NAME_ENTRY_sort                 1860
+sk_X509_EXTENSION_sort                  1861
+sk_SXNETID_sort                         1862
+sk_ASN1_OBJECT_sort                     1863
+sk_PKCS7_SIGNER_INFO_sort               1864
+sk_X509_LOOKUP_sort                     1865
+sk_POLICYQUALINFO_sort                  1866
+sk_X509_CRL_sort                        1867
+sk_DIST_POINT_sort                      1868
+RSA_check_key                           1869
+OBJ_obj2txt                             1870
+DSA_dup_DH                              1871
diff --git a/lib/libssl/src/util/mk1mf.pl b/lib/libssl/src/util/mk1mf.pl
index 149a0f4f80e..6fbf3ceca6a 100644
--- a/lib/libssl/src/util/mk1mf.pl
+++ b/lib/libssl/src/util/mk1mf.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 # A bit of an evil hack but it post processes the file ../MINFO which
 # is generated by `make files` in the top directory.
 # This script outputs one mega makefile that has no shell stuff or any
@@ -6,82 +6,59 @@
 #
 
 $INSTALLTOP="/usr/local/ssl";
+$OPTIONS="";
+$ssl_version="";
+
+open(IN,"<Makefile.ssl") || die "unable to open Makefile.ssl!\n";
+while(<IN>) {
+    $ssl_version=$1 if (/^VERSION=(.*)$/);
+    $OPTIONS=$1 if (/^OPTIONS=(.*)$/);
+    $INSTALLTOP=$1 if (/^INSTALLTOP=(.*$)/);
+}
+close(IN);
 
-$ssl_version="0.8.2";
+die "Makefile.ssl is not the toplevel Makefile!\n" if $ssl_version eq "";
 
 $infile="MINFO";
 
 %ops=(
-	"VC-WIN32",   "Microsoft Visual C++ 4.[01] - Windows NT [34].x",
+	"VC-WIN32",   "Microsoft Visual C++ [4-6] - Windows NT or 9X",
+	"VC-NT",   "Microsoft Visual C++ [4-6] - Windows NT ONLY",
 	"VC-W31-16",  "Microsoft Visual C++ 1.52 - Windows 3.1 - 286",
 	"VC-WIN16",   "Alias for VC-W31-32",
 	"VC-W31-32",  "Microsoft Visual C++ 1.52 - Windows 3.1 - 386+",
 	"VC-MSDOS","Microsoft Visual C++ 1.52 - MSDOS",
-	"BC-NT",   "Borland C++ 4.5 - Windows NT  - PROBABLY NOT WORKING",
+	"Mingw32", "GNU C++ - Windows NT or 9x",
+	"Mingw32-files", "Create files with DOS copy ...",
+	"BC-NT",   "Borland C++ 4.5 - Windows NT",
 	"BC-W31",  "Borland C++ 4.5 - Windows 3.1 - PROBABLY NOT WORKING",
 	"BC-MSDOS","Borland C++ 4.5 - MSDOS",
 	"linux-elf","Linux elf",
+	"ultrix-mips","DEC mips ultrix",
 	"FreeBSD","FreeBSD distribution",
 	"default","cc under unix",
 	);
 
-$type="";
+$platform="";
 foreach (@ARGV)
 	{
-	if    (/^no-rc2$/)	{ $no_rc2=1; }
-	elsif (/^no-rc4$/)	{ $no_rc4=1; }
-	elsif (/^no-rc5$/)	{ $no_rc5=1; }
-	elsif (/^no-idea$/)	{ $no_idea=1; }
-	elsif (/^no-des$/)	{ $no_des=1; }
-	elsif (/^no-bf$/)	{ $no_bf=1; }
-	elsif (/^no-cast$/)	{ $no_cast=1; }
-	elsif (/^no-md2$/)  	{ $no_md2=1; }
-	elsif (/^no-md5$/)	{ $no_md5=1; }
-	elsif (/^no-sha$/)	{ $no_sha=1; }
-	elsif (/^no-sha1$/)	{ $no_sha1=1; }
-	elsif (/^no-rmd160$/)	{ $no_rmd160=1; }
-	elsif (/^no-mdc2$/)	{ $no_mdc2=1; }
-	elsif (/^no-patents$/)	{ $no_rc2=$no_rc4=$no_rc5=$no_idea=$no_rsa=1; }
-	elsif (/^no-rsa$/)	{ $no_rsa=1; }
-	elsif (/^no-dsa$/)	{ $no_dsa=1; }
-	elsif (/^no-dh$/)	{ $no_dh=1; }
-	elsif (/^no-asm$/)	{ $no_asm=1; }
-	elsif (/^no-ssl2$/)	{ $no_ssl2=1; }
-	elsif (/^no-ssl3$/)	{ $no_ssl3=1; }
-	elsif (/^no-err$/)	{ $no_err=1; }
-	elsif (/^no-sock$/)	{ $no_sock=1; }
-
-	elsif (/^just-ssl$/)	{ $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1;
-				  $no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1;
-				  $no_ssl2=$no_err=1; }
-
-	elsif (/^rsaref$/)	{ $rsaref=1; }
-	elsif (/^gcc$/)		{ $gcc=1; }
-	elsif (/^debug$/)	{ $debug=1; }
-	elsif (/^shlib$/)	{ $shlib=1; }
-	elsif (/^dll$/)		{ $shlib=1; }
-	elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; }
-	elsif (/^-[lL].*$/)	{ $l_flags.="$_ "; }
-	elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/)
-		{ $c_flags.="$_ "; }
-	else
+	if (!&read_options && !defined($ops{$_}))
 		{
-		if (!defined($ops{$_}))
-			{
-			print STDERR "unknown option - $_\n";
-			print STDERR "usage: perl mk1mf.pl [system] [options]\n";
-			print STDERR "\nwhere [system] can be one of the following\n";
-			foreach $i (sort keys %ops)
-				{ printf STDERR "\t%-10s\t%s\n",$i,$ops{$i}; }
-			print STDERR <<"EOF";
+		print STDERR "unknown option - $_\n";
+		print STDERR "usage: perl mk1mf.pl [options] [system]\n";
+		print STDERR "\nwhere [system] can be one of the following\n";
+		foreach $i (sort keys %ops)
+		{ printf STDERR "\t%-10s\t%s\n",$i,$ops{$i}; }
+		print STDERR <<"EOF";
 and [options] can be one of
-	no-md2 no-md5 no-sha no-sha1 no-mdc2 no-rmd160 - Skip this digest
+	no-md2 no-md5 no-sha no-mdc2 no-ripemd  - Skip this digest
 	no-rc2 no-rc4 no-idea no-des no-bf no-cast - Skip this symetric cipher
 	no-rc5
 	no-rsa no-dsa no-dh			- Skip this public key cipher
 	no-ssl2 no-ssl3				- Skip this version of SSL
 	just-ssl				- remove all non-ssl keys/digest
 	no-asm 					- No x86 asm
+	nasm 					- Use NASM for x86 asm
 	no-socks				- No socket code
 	no-err					- No error strings
 	dll/shlib				- Build shared libraries (MS)
@@ -96,15 +73,18 @@ TMP=tmpdir OUT=outdir SRC=srcdir BIN=binpath INC=header-outdir CC=C-compiler
 -<ex_cc_flags>					- extra 'cc' flags,
 						  added (MS), or replace (unix)
 EOF
-			exit(1);
-			}
-		$type=$_;
+		exit(1);
 		}
+	$platform=$_;
+	}
+foreach (split / /, $OPTIONS)
+	{
+	print STDERR "unknown option - $_\n" if !&read_options;
 	}
 
 $no_mdc2=1 if ($no_des);
 
-$no_ssl3=1 if ($no_md5 || $no_sha1);
+$no_ssl3=1 if ($no_md5 || $no_sha);
 $no_ssl3=1 if ($no_rsa && $no_dh);
 
 $no_ssl2=1 if ($no_md5 || $no_rsa);
@@ -114,6 +94,7 @@ $out_def="out";
 $inc_def="outinc";
 $tmp_def="tmp";
 
+$mkdir="mkdir";
 
 ($ssl,$crypto)=("ssl","crypto");
 $RSAglue="RSAglue";
@@ -125,62 +106,79 @@ $bin_dir=(defined($VARS{'BIN'}))?$VARS{'BIN'}:'';
 
 # $bin_dir.=$o causes a core dump on my sparc :-(
 
+$NT=0;
+
 push(@INC,"util/pl","pl");
-if ($type eq "VC-MSDOS")
+if ($platform eq "VC-MSDOS")
 	{
 	$asmbits=16;
 	$msdos=1;
 	require 'VC-16.pl';
 	}
-elsif ($type eq "VC-W31-16")
+elsif ($platform eq "VC-W31-16")
 	{
 	$asmbits=16;
 	$msdos=1; $win16=1;
 	require 'VC-16.pl';
 	}
-elsif (($type eq "VC-W31-32") || ($type eq "VC-WIN16"))
+elsif (($platform eq "VC-W31-32") || ($platform eq "VC-WIN16"))
 	{
 	$asmbits=32;
 	$msdos=1; $win16=1;
 	require 'VC-16.pl';
 	}
-elsif (($type eq "VC-WIN32") || ($type eq "VC-NT"))
+elsif (($platform eq "VC-WIN32") || ($platform eq "VC-NT"))
 	{
+	$NT = 1 if $platform eq "VC-NT";
 	require 'VC-32.pl';
 	}
-elsif ($type eq "BC-NT")
+elsif ($platform eq "Mingw32")
+	{
+	require 'Mingw32.pl';
+	}
+elsif ($platform eq "Mingw32-files")
+	{
+	require 'Mingw32f.pl';
+	}
+elsif ($platform eq "BC-NT")
 	{
 	$bc=1;
 	require 'BC-32.pl';
 	}
-elsif ($type eq "BC-W31")
+elsif ($platform eq "BC-W31")
 	{
 	$bc=1;
 	$msdos=1; $w16=1;
 	require 'BC-16.pl';
 	}
-elsif ($type eq "BC-Q16")
+elsif ($platform eq "BC-Q16")
 	{
 	$msdos=1; $w16=1; $shlib=0; $qw=1;
 	require 'BC-16.pl';
 	}
-elsif ($type eq "BC-MSDOS")
+elsif ($platform eq "BC-MSDOS")
 	{
 	$asmbits=16;
 	$msdos=1;
 	require 'BC-16.pl';
 	}
-elsif ($type eq "FreeBSD")
+elsif ($platform eq "FreeBSD")
 	{
 	require 'unix.pl';
 	$cflags='-DTERMIO -D_ANSI_SOURCE -O2 -fomit-frame-pointer';
 	}
-elsif ($type eq "linux-elf")
+elsif ($platform eq "linux-elf")
 	{
 	require "unix.pl";
 	require "linux.pl";
 	$unix=1;
 	}
+elsif ($platform eq "ultrix-mips")
+	{
+	require "unix.pl";
+	require "ultrix.pl";
+	$unix=1;
+	}
 else
 	{
 	require "unix.pl";
@@ -203,9 +201,9 @@ $cflags.=" -DNO_MD2"  if $no_md2;
 $cflags.=" -DNO_MD5"  if $no_md5;
 $cflags.=" -DNO_SHA"  if $no_sha;
 $cflags.=" -DNO_SHA1" if $no_sha1;
-$cflags.=" -DNO_RMD160" if $no_rmd160;
+$cflags.=" -DNO_RIPEMD" if $no_rmd160;
 $cflags.=" -DNO_MDC2" if $no_mdc2;
-$cflags.=" -DNO_BLOWFISH"  if $no_bf;
+$cflags.=" -DNO_BF"  if $no_bf;
 $cflags.=" -DNO_CAST" if $no_cast;
 $cflags.=" -DNO_DES"  if $no_des;
 $cflags.=" -DNO_RSA"  if $no_rsa;
@@ -223,14 +221,9 @@ else	{ $cflags="$c_flags$cflags" if ($c_flags ne ""); }
 
 $ex_libs="$l_flags$ex_libs" if ($l_flags ne "");
 
-if ($ranlib ne "")
-	{
-	$ranlib="\$(SRC_D)$o$ranlib";
-	}
-
 if ($msdos)
 	{
-	$banner ="\t\@echo Make sure you have run 'perl Configure $type' in the\n";
+	$banner ="\t\@echo Make sure you have run 'perl Configure $platform' in the\n";
 	$banner.="\t\@echo top level directory, if you don't have perl, you will\n";
 	$banner.="\t\@echo need to probably edit crypto/bn/bn.h, check the\n";
 	$banner.="\t\@echo documentation for details.\n";
@@ -242,8 +235,8 @@ $link="$bin_dir$link" if ($link !~ /^\$/);
 $INSTALLTOP =~ s|/|$o|g;
 
 $defs= <<"EOF";
-# This makefile has been automatically generated from the SSLeay distribution.
-# This single makefile will build the complete SSLeay distribution and
+# This makefile has been automatically generated from the OpenSSL distribution.
+# This single makefile will build the complete OpenSSL distribution and
 # by default leave the 'intertesting' output files in .${o}out and the stuff
 # that needs deleting in .${o}tmp.
 # The file was generated by running 'make makefile.one', which
@@ -258,6 +251,7 @@ $defs= <<"EOF";
 INSTALLTOP=$INSTALLTOP
 
 # Set your compiler options
+PLATFORM=$platform
 CC=$bin_dir${cc}
 CFLAG=$cflags
 APP_CFLAG=$app_cflag
@@ -269,18 +263,16 @@ SHLIB_EX_OBJ=$shlib_ex_obj
 # be added
 EX_LIBS=$ex_libs
 
-# The SSLeay directory
+# The OpenSSL directory
 SRC_D=$src_dir
 
 LINK=$link
 LFLAGS=$lflags
 
-BN_MULW_OBJ=$bn_mulw_obj
-BN_MULW_SRC=$bn_mulw_src
+BN_ASM_OBJ=$bn_asm_obj
+BN_ASM_SRC=$bn_asm_src
 DES_ENC_OBJ=$des_enc_obj
 DES_ENC_SRC=$des_enc_src
-DES_CRYPT_OBJ=$des_crypt_obj
-DES_CRYPT_SRC=$des_crypt_src
 BF_ENC_OBJ=$bf_enc_obj
 BF_ENC_SRC=$bf_enc_src
 CAST_ENC_OBJ=$cast_enc_obj
@@ -302,11 +294,12 @@ OUT_D=$out_dir
 TMP_D=$tmp_dir
 # The output directory for the header files
 INC_D=$inc_dir
+INCO_D=$inc_dir${o}openssl
 
 CP=$cp
 RM=$rm
 RANLIB=$ranlib
-MKDIR=mkdir
+MKDIR=$mkdir
 MKLIB=$bin_dir$mklib
 MLFLAGS=$mlflags
 ASM=$bin_dir$asm
@@ -315,7 +308,7 @@ ASM=$bin_dir$asm
 # You should not need to touch anything below this point
 ######################################################
 
-E_EXE=ssleay
+E_EXE=openssl
 SSL=$ssl
 CRYPTO=$crypto
 RSAGLUE=$RSAglue
@@ -323,6 +316,9 @@ RSAGLUE=$RSAglue
 # BIN_D  - Binary output directory
 # TEST_D - Binary test file output directory
 # LIB_D  - library output directory
+# Note: if you change these point to different directories then uncomment out
+# the lines around the 'NB' comment below.
+# 
 BIN_D=\$(OUT_D)
 TEST_D=\$(OUT_D)
 LIB_D=\$(OUT_D)
@@ -337,8 +333,8 @@ O_CRYPTO=  \$(LIB_D)$o$plib\$(CRYPTO)$shlibp
 O_RSAGLUE= \$(LIB_D)$o$plib\$(RSAGLUE)$libp
 SO_SSL=    $plib\$(SSL)$so_shlibp
 SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp
-L_SSL=     \$(LIB_D)$o\$(SSL)$libp
-L_CRYPTO=  \$(LIB_D)$o\$(CRYPTO)$libp
+L_SSL=     \$(LIB_D)$o$plib\$(SSL)$libp
+L_CRYPTO=  \$(LIB_D)$o$plib\$(CRYPTO)$libp
 
 L_LIBS= \$(L_SSL) \$(L_CRYPTO)
 #L_LIBS= \$(O_SSL) \$(O_RSAGLUE) -lrsaref \$(O_CRYPTO)
@@ -357,23 +353,26 @@ LIBS_DEP=\$(O_CRYPTO) \$(O_RSAGLUE) \$(O_SSL)
 EOF
 
 $rules=<<"EOF";
-all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INC_D) headers lib exe
+all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe
 
 banner:
 $banner
 
 \$(TMP_D):
 	\$(MKDIR) \$(TMP_D)
-
-\$(BIN_D):
-	\$(MKDIR) \$(BIN_D)
-
-\$(TEST_D):
-	\$(MKDIR) \$(TEST_D)
+# NB: uncomment out these lines if BIN_D, TEST_D and LIB_D are different
+#\$(BIN_D):
+#	\$(MKDIR) \$(BIN_D)
+#
+#\$(TEST_D):
+#	\$(MKDIR) \$(TEST_D)
 
 \$(LIB_D):
 	\$(MKDIR) \$(LIB_D)
 
+\$(INCO_D): \$(INC_D)
+	\$(MKDIR) \$(INCO_D)
+
 \$(INC_D):
 	\$(MKDIR) \$(INC_D)
 
@@ -387,8 +386,9 @@ install:
 	\$(MKDIR) \$(INSTALLTOP)
 	\$(MKDIR) \$(INSTALLTOP)${o}bin
 	\$(MKDIR) \$(INSTALLTOP)${o}include
+	\$(MKDIR) \$(INSTALLTOP)${o}include${o}openssl
 	\$(MKDIR) \$(INSTALLTOP)${o}lib
-	\$(CP) \$(INC_D)${o}*.\[ch\] \$(INSTALLTOP)${o}include
+	\$(CP) \$(INCO_D)${o}*.\[ch\] \$(INSTALLTOP)${o}include${o}openssl
 	\$(CP) \$(BIN_D)$o\$(E_EXE)$exep \$(INSTALLTOP)${o}bin
 	\$(CP) \$(O_SSL) \$(INSTALLTOP)${o}lib
 	\$(CP) \$(O_CRYPTO) \$(INSTALLTOP)${o}lib
@@ -401,6 +401,42 @@ vclean:
 	\$(RM) \$(OUT_D)$o*.*
 
 EOF
+    
+my $platform_cpp_symbol = "MK1MF_PLATFORM_$platform";
+$platform_cpp_symbol =~ s/-/_/g;
+if (open(IN,"crypto/buildinf.h"))
+	{
+	# Remove entry for this platform in existing file buildinf.h.
+
+	my $old_buildinf_h = "";
+	while (<IN>)
+		{
+		if (/^\#ifdef $platform_cpp_symbol$/)
+			{
+			while (<IN>) { last if (/^\#endif/); }
+			}
+		else
+			{
+			$old_buildinf_h .= $_;
+			}
+		}
+	close(IN);
+
+	open(OUT,">crypto/buildinf.h") || die "Can't open buildinf.h";
+	print OUT $old_buildinf_h;
+	close(OUT);
+	}
+
+open (OUT,">>crypto/buildinf.h") || die "Can't open buildinf.h";
+printf OUT <<EOF;
+#ifdef $platform_cpp_symbol
+  /* auto-generated/updated by util/mk1mf.pl for crypto/cversion.c */
+  #define CFLAGS "$cc $cflags"
+  #define PLATFORM "$platform"
+EOF
+printf OUT "  #define DATE \"%s\"\n", scalar gmtime();
+printf OUT "#endif\n";
+close(OUT);
 
 #############################################
 # We parse in input file and 'store' info for later printing.
@@ -468,8 +504,8 @@ chop($h); $header=$h;
 $defs.=&do_defs("HEADER",$header,"\$(INCL_D)",".h");
 $rules.=&do_copy_rule("\$(INCL_D)",$header,".h");
 
-$defs.=&do_defs("EXHEADER",$exheader,"\$(INC_D)",".h");
-$rules.=&do_copy_rule("\$(INC_D)",$exheader,".h");
+$defs.=&do_defs("EXHEADER",$exheader,"\$(INCO_D)",".h");
+$rules.=&do_copy_rule("\$(INCO_D)",$exheader,".h");
 
 $defs.=&do_defs("T_OBJ",$test,"\$(OBJ_D)",$obj);
 $rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)");
@@ -496,10 +532,10 @@ foreach (values %lib_nam)
 		next;
 		}
 
-	if (($bn_mulw_obj ne "") && ($_ eq "CRYPTO"))
+	if (($bn_asm_obj ne "") && ($_ eq "CRYPTO"))
 		{
-		$lib_obj =~ s/\s\S*\/bn_mulw\S*/ \$(BN_MULW_OBJ)/;
-		$rules.=&do_asm_rule($bn_mulw_obj,$bn_mulw_src);
+		$lib_obj =~ s/\s\S*\/bn_asm\S*/ \$(BN_ASM_OBJ)/;
+		$rules.=&do_asm_rule($bn_asm_obj,$bn_asm_src);
 		}
 	if (($des_enc_obj ne "") && ($_ eq "CRYPTO"))
 		{
@@ -615,6 +651,7 @@ sub var_add
 
 	@a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2;
 	@a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5;
+	@a=grep(!/(rmd)|(ripemd)/,@a) if $no_rmd160;
 
 	@a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa;
 	@a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa;
@@ -631,7 +668,7 @@ sub var_add
 	@a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
 	@a=grep(!/_mdc2$/,@a) if $no_mdc2;
 
-	@a=grep(!/(^rsa$)|(^genrsa$)|(^req$)|(^ca$)/,@a) if $no_rsa;
+	@a=grep(!/(^rsa$)|(^genrsa$)/,@a) if $no_rsa;
 	@a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa;
 	@a=grep(!/^gendsa$/,@a) if $no_sha1;
 	@a=grep(!/(^dh$)|(^gendh$)/,@a) if $no_dh;
@@ -677,7 +714,7 @@ sub do_defs
 		if (($_ =~ /bss_file/) && ($postfix eq ".h"))
 			{ $pf=".c"; }
 		else	{ $pf=$postfix; }
-		if ($_ =~ /BN_MULW/)	{ $t="$_ "; }
+		if ($_ =~ /BN_ASM/)	{ $t="$_ "; }
 		elsif ($_ =~ /DES_ENC/)	{ $t="$_ "; }
 		elsif ($_ =~ /BF_ENC/)	{ $t="$_ "; }
 		elsif ($_ =~ /CAST_ENC/){ $t="$_ "; }
@@ -704,23 +741,6 @@ sub bname
 	return($ret);
 	}
 
-# do a rule for each file that says 'copy' to new direcory on change
-sub do_copy_rule
-	{
-	local($to,$files,$p)=@_;
-	local($ret,$_,$n,$pp);
-	
-	$files =~ s/\//$o/g if $o ne '/';
-	foreach (split(/\s+/,$files))
-		{
-		$n=&bname($_);
-		if ($n =~ /bss_file/)
-			{ $pp=".c"; }
-		else	{ $pp=$p; }
-		$ret.="$to${o}$n$pp: \$(SRC_D)$o$_$pp\n\t\$(CP) \$(SRC_D)$o$_$pp $to${o}$n$pp\n\n";
-		}
-	return($ret);
-	}
 
 ##############################################################
 # do a rule for each file that says 'compile' to new direcory
@@ -746,8 +766,7 @@ sub cc_compile_target
 	local($target,$source,$ex_flags)=@_;
 	local($ret);
 	
-	# EAY EAY
-	$ex_flags.=' -DCFLAGS="\"$(CC) $(CFLAG)\""' if ($source =~ /cversion/);
+	$ex_flags.=" -DMK1MF_BUILD -D$platform_cpp_symbol" if ($source =~ /cversion/);
 	$target =~ s/\//$o/g if $o ne "/";
 	$source =~ s/\//$o/g if $o ne "/";
 	$ret ="$target: \$(SRC_D)$o$source\n\t";
@@ -791,3 +810,64 @@ sub do_shlib_rule
 	return($ret);
 	}
 
+# do a rule for each file that says 'copy' to new direcory on change
+sub do_copy_rule
+	{
+	local($to,$files,$p)=@_;
+	local($ret,$_,$n,$pp);
+	
+	$files =~ s/\//$o/g if $o ne '/';
+	foreach (split(/\s+/,$files))
+		{
+		$n=&bname($_);
+		if ($n =~ /bss_file/)
+			{ $pp=".c"; }
+		else	{ $pp=$p; }
+		$ret.="$to${o}$n$pp: \$(SRC_D)$o$_$pp\n\t\$(CP) \$(SRC_D)$o$_$pp $to${o}$n$pp\n\n";
+		}
+	return($ret);
+	}
+
+sub read_options
+	{
+	if    (/^no-rc2$/)	{ $no_rc2=1; }
+	elsif (/^no-rc4$/)	{ $no_rc4=1; }
+	elsif (/^no-rc5$/)	{ $no_rc5=1; }
+	elsif (/^no-idea$/)	{ $no_idea=1; }
+	elsif (/^no-des$/)	{ $no_des=1; }
+	elsif (/^no-bf$/)	{ $no_bf=1; }
+	elsif (/^no-cast$/)	{ $no_cast=1; }
+	elsif (/^no-md2$/)  	{ $no_md2=1; }
+	elsif (/^no-md5$/)	{ $no_md5=1; }
+	elsif (/^no-sha$/)	{ $no_sha=1; }
+	elsif (/^no-sha1$/)	{ $no_sha1=1; }
+	elsif (/^no-ripemd$/)	{ $no_ripemd=1; }
+	elsif (/^no-mdc2$/)	{ $no_mdc2=1; }
+	elsif (/^no-patents$/)	{ $no_rc2=$no_rc4=$no_rc5=$no_idea=$no_rsa=1; }
+	elsif (/^no-rsa$/)	{ $no_rsa=1; }
+	elsif (/^no-dsa$/)	{ $no_dsa=1; }
+	elsif (/^no-dh$/)	{ $no_dh=1; }
+	elsif (/^no-hmac$/)	{ $no_hmac=1; }
+	elsif (/^no-asm$/)	{ $no_asm=1; }
+	elsif (/^nasm$/)	{ $nasm=1; }
+	elsif (/^no-ssl2$/)	{ $no_ssl2=1; }
+	elsif (/^no-ssl3$/)	{ $no_ssl3=1; }
+	elsif (/^no-err$/)	{ $no_err=1; }
+	elsif (/^no-sock$/)	{ $no_sock=1; }
+
+	elsif (/^just-ssl$/)	{ $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1;
+				  $no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1;
+				  $no_ssl2=$no_err=$no_rmd160=$no_rc5=1; }
+
+	elsif (/^rsaref$/)	{ $rsaref=1; }
+	elsif (/^gcc$/)		{ $gcc=1; }
+	elsif (/^debug$/)	{ $debug=1; }
+	elsif (/^shlib$/)	{ $shlib=1; }
+	elsif (/^dll$/)		{ $shlib=1; }
+	elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; }
+	elsif (/^-[lL].*$/)	{ $l_flags.="$_ "; }
+	elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/)
+		{ $c_flags.="$_ "; }
+	else { return(0); }
+	return(1);
+	}
diff --git a/lib/libssl/src/util/mkdef.pl b/lib/libssl/src/util/mkdef.pl
index 8124f11292d..80384af325a 100644
--- a/lib/libssl/src/util/mkdef.pl
+++ b/lib/libssl/src/util/mkdef.pl
@@ -1,52 +1,96 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl -w
 #
 # generate a .def file
 #
 # It does this by parsing the header files and looking for the
-# non-prototyped functions.
+# prototyped functions: it then prunes the output.
 #
 
 $crypto_num="util/libeay.num";
 $ssl_num=   "util/ssleay.num";
 
-$NT=1;
-foreach (@ARGV)
+my $do_update = 0;
+my $do_crypto = 0;
+my $do_ssl = 0;
+$rsaref = 0;
+
+$W32=1;
+$NT=0;
+# Set this to make typesafe STACK definitions appear in DEF
+$safe_stack_def = 1;
+
+$options="";
+open(IN,"<Makefile.ssl") || die "unable to open Makefile.ssl!\n";
+while(<IN>) {
+    $options=$1 if (/^OPTIONS=(.*)$/);
+}
+close(IN);
+
+foreach (@ARGV, split(/ /, $options))
 	{
-	$NT=1 if $_ eq "32";
-	$NT=0 if $_ eq "16";
+	$W32=1 if $_ eq "32";
+	$W32=0 if $_ eq "16";
+	if($_ eq "NT") {
+		$W32 = 1;
+		$NT = 1;
+	}
 	$do_ssl=1 if $_ eq "ssleay";
+	$do_ssl=1 if $_ eq "ssl";
 	$do_crypto=1 if $_ eq "libeay";
+	$do_crypto=1 if $_ eq "crypto";
+	$do_update=1 if $_ eq "update";
+	$rsaref=1 if $_ eq "rsaref";
+
+	if    (/^no-rc2$/)      { $no_rc2=1; }
+	elsif (/^no-rc4$/)      { $no_rc4=1; }
+	elsif (/^no-rc5$/)      { $no_rc5=1; }
+	elsif (/^no-idea$/)     { $no_idea=1; }
+	elsif (/^no-des$/)      { $no_des=1; }
+	elsif (/^no-bf$/)       { $no_bf=1; }
+	elsif (/^no-cast$/)     { $no_cast=1; }
+	elsif (/^no-md2$/)      { $no_md2=1; }
+	elsif (/^no-md5$/)      { $no_md5=1; }
+	elsif (/^no-sha$/)      { $no_sha=1; }
+	elsif (/^no-ripemd$/)   { $no_ripemd=1; }
+	elsif (/^no-mdc2$/)     { $no_mdc2=1; }
+	elsif (/^no-rsa$/)      { $no_rsa=1; }
+	elsif (/^no-dsa$/)      { $no_dsa=1; }
+	elsif (/^no-dh$/)       { $no_dh=1; }
+	elsif (/^no-hmac$/)	{ $no_hmac=1; }
 	}
 
 if (!$do_ssl && !$do_crypto)
 	{
-	print STDERR "usage: $0 ( ssl | crypto ) [ 16 | 32 ]\n";
+	print STDERR "usage: $0 ( ssl | crypto ) [ 16 | 32 | NT ] [rsaref]\n";
 	exit(1);
 	}
 
 %ssl_list=&load_numbers($ssl_num);
+$max_ssl = $max_num;
 %crypto_list=&load_numbers($crypto_num);
+$max_crypto = $max_num;
 
 $ssl="ssl/ssl.h";
 
 $crypto ="crypto/crypto.h";
-$crypto.=" crypto/des/des.h";
-$crypto.=" crypto/idea/idea.h";
-$crypto.=" crypto/rc4/rc4.h";
-$crypto.=" crypto/rc5/rc5.h";
-$crypto.=" crypto/rc2/rc2.h";
-$crypto.=" crypto/bf/blowfish.h";
-$crypto.=" crypto/cast/cast.h";
-$crypto.=" crypto/md2/md2.h";
-$crypto.=" crypto/md5/md5.h";
-$crypto.=" crypto/mdc2/mdc2.h";
-$crypto.=" crypto/sha/sha.h";
-$crypto.=" crypto/ripemd/ripemd.h";
+$crypto.=" crypto/des/des.h" unless $no_des;
+$crypto.=" crypto/idea/idea.h" unless $no_idea;
+$crypto.=" crypto/rc4/rc4.h" unless $no_rc4;
+$crypto.=" crypto/rc5/rc5.h" unless $no_rc5;
+$crypto.=" crypto/rc2/rc2.h" unless $no_rc2;
+$crypto.=" crypto/bf/blowfish.h" unless $no_bf;
+$crypto.=" crypto/cast/cast.h" unless $no_cast;
+$crypto.=" crypto/md2/md2.h" unless $no_md2;
+$crypto.=" crypto/md5/md5.h" unless $no_md5;
+$crypto.=" crypto/mdc2/mdc2.h" unless $no_mdc2;
+$crypto.=" crypto/sha/sha.h" unless $no_sha;
+$crypto.=" crypto/ripemd/ripemd.h" unless $no_ripemd;
 
 $crypto.=" crypto/bn/bn.h";
-$crypto.=" crypto/rsa/rsa.h";
-$crypto.=" crypto/dsa/dsa.h";
-$crypto.=" crypto/dh/dh.h";
+$crypto.=" crypto/rsa/rsa.h" unless $no_rsa;
+$crypto.=" crypto/dsa/dsa.h" unless $no_dsa;
+$crypto.=" crypto/dh/dh.h" unless $no_dh;
+$crypto.=" crypto/hmac/hmac.h" unless $no_hmac;
 
 $crypto.=" crypto/stack/stack.h";
 $crypto.=" crypto/buffer/buffer.h";
@@ -63,182 +107,255 @@ $crypto.=" crypto/asn1/asn1.h";
 $crypto.=" crypto/asn1/asn1_mac.h";
 $crypto.=" crypto/err/err.h";
 $crypto.=" crypto/pkcs7/pkcs7.h";
+$crypto.=" crypto/pkcs12/pkcs12.h";
 $crypto.=" crypto/x509/x509.h";
 $crypto.=" crypto/x509/x509_vfy.h";
+$crypto.=" crypto/x509v3/x509v3.h";
 $crypto.=" crypto/rand/rand.h";
-$crypto.=" crypto/hmac/hmac.h";
+$crypto.=" crypto/comp/comp.h";
+$crypto.=" crypto/tmdiff.h";
+
+@ssl_func = &do_defs("SSLEAY", $ssl);
+@crypto_func = &do_defs("LIBEAY", $crypto);
+
+
+if ($do_update) {
+
+if ($do_ssl == 1) {
+	open(OUT, ">>$ssl_num");
+	&update_numbers(*OUT,"SSLEAY",*ssl_list,$max_ssl, @ssl_func);
+	close OUT;
+}
 
-$match{'NOPROTO'}=1;
-$match2{'PERL5'}=1;
+if($do_crypto == 1) {
+	open(OUT, ">>$crypto_num");
+	&update_numbers(*OUT,"LIBEAY",*crypto_list,$max_crypto, @crypto_func);
+	close OUT;
+}
 
-&print_def_file(*STDOUT,"SSLEAY",*ssl_list,&do_defs("SSLEAY",$ssl))
-	if $do_ssl == 1;
+} else {
+
+	&print_def_file(*STDOUT,"SSLEAY",*ssl_list,@ssl_func)
+		if $do_ssl == 1;
+
+	&print_def_file(*STDOUT,"LIBEAY",*crypto_list,@crypto_func)
+		if $do_crypto == 1;
+
+}
 
-&print_def_file(*STDOUT,"LIBEAY",*crypto_list,&do_defs("LIBEAY",$crypto))
-	if $do_crypto == 1;
 
 sub do_defs
-	{
-	local($name,$files)=@_;
-	local(@ret);
+{
+	my($name,$files)=@_;
+	my @ret;
+	my %funcs;
 
-	$off=-1;
 	foreach $file (split(/\s+/,$files))
 		{
-#		print STDERR "reading $file\n";
 		open(IN,"<$file") || die "unable to open $file:$!\n";
-		$depth=0;
-		$pr=-1;
-		@np="";
-		$/=undef;
-		$a=<IN>;
-		while (($i=index($a,"/*")) >= 0)
-			{
-			$j=index($a,"*/");
-			break unless ($j >= 0);
-			$a=substr($a,0,$i).substr($a,$j+2);
-		#	print "$i $j\n";
+
+		my $line = "", $def= "";
+		my %tag = (
+			FreeBSD		=> 0,
+			NOPROTO		=> 0,
+			WIN16		=> 0,
+			PERL5		=> 0,
+			_WINDLL		=> 0,
+			NO_FP_API	=> 0,
+			CONST_STRICT	=> 0,
+			TRUE		=> 1,
+		);
+		while(<IN>) {
+			last if (/BEGIN ERROR CODES/);
+			if ($line ne '') {
+				$_ = $line . $_;
+				$line = '';
 			}
-		foreach (split("\n",$a))
-			{
-			if (/^\#\s*ifndef (.*)/)
-				{
+
+			if (/\\$/) {
+				$line = $_;
+				next;
+			}
+
+	    		$cpp = 1 if /^#.*ifdef.*cplusplus/;
+			if ($cpp) {
+				$cpp = 0 if /^#.*endif/;
+				next;
+	    		}
+
+			s/\/\*.*?\*\///gs;                   # ignore comments
+			s/{[^{}]*}//gs;                      # ignore {} blocks
+			if (/^\#\s*ifndef (.*)/) {
 				push(@tag,$1);
 				$tag{$1}=-1;
 				next;
-				}
-			elsif (/^\#\s*if !defined\(([^\)]+)\)/)
-				{
+			} elsif (/^\#\s*if !defined\(([^\)]+)\)/) {
 				push(@tag,$1);
 				$tag{$1}=-1;
 				next;
-				}
-			elsif (/^\#\s*ifdef (.*)/)
-				{
+			} elsif (/^\#\s*ifdef (.*)/) {
 				push(@tag,$1);
 				$tag{$1}=1;
 				next;
-				}
-			elsif (/^\#\s*if defined(.*)/)
-				{
+			} elsif (/^\#\s*if defined(.*)/) {
 				push(@tag,$1);
 				$tag{$1}=1;
 				next;
-				}
-			elsif (/^\#\s*endif/)
-				{
+			} elsif (/^\#\s*endif/) {
 				$tag{$tag[$#tag]}=0;
 				pop(@tag);
 				next;
-				}
-			elsif (/^\#\s*else/)
-				{
-				$t=$tag[$#tag];
+			} elsif (/^\#\s*else/) {
+				my $t=$tag[$#tag];
 				$tag{$t}= -$tag{$t};
 				next;
+			} elsif (/^\#\s*if\s+1/) {
+				# Dummy tag
+				push(@tag,"TRUE");
+				$tag{"TRUE"}=1;
+				next;
+			} elsif (/^\#/) {
+				next;
+			}
+			if ($safe_stack_def &&
+				/^\s*DECLARE_STACK_OF\s*\(\s*(\w*)\s*\)/) {
+				$funcs{"sk_${1}_new"} = 1;
+				$funcs{"sk_${1}_new_null"} = 1;
+				$funcs{"sk_${1}_free"} = 1;
+				$funcs{"sk_${1}_num"} = 1;
+				$funcs{"sk_${1}_value"} = 1;
+				$funcs{"sk_${1}_set"} = 1;
+				$funcs{"sk_${1}_zero"} = 1;
+				$funcs{"sk_${1}_push"} = 1;
+				$funcs{"sk_${1}_unshift"} = 1;
+				$funcs{"sk_${1}_find"} = 1;
+				$funcs{"sk_${1}_delete"} = 1;
+				$funcs{"sk_${1}_delete_ptr"} = 1;
+				$funcs{"sk_${1}_insert"} = 1;
+				$funcs{"sk_${1}_set_cmp_func"} = 1;
+				$funcs{"sk_${1}_dup"} = 1;
+				$funcs{"sk_${1}_pop_free"} = 1;
+				$funcs{"sk_${1}_shift"} = 1;
+				$funcs{"sk_${1}_pop"} = 1;
+				$funcs{"sk_${1}_sort"} = 1;
+			} elsif ($safe_stack_def &&
+				/^\s*DECLARE_ASN1_SET_OF\s*\(\s*(\w*)\s*\)/) {
+				$funcs{"d2i_ASN1_SET_OF_${1}"} = 1;
+				$funcs{"i2d_ASN1_SET_OF_${1}"} = 1;
+			} elsif (/^DECLARE_PEM_rw\s*\(\s*(\w*)\s*,/ ||
+				     /^DECLARE_PEM_rw_cb\s*\(\s*(\w*)\s*,/ ) {
+				if($W32) {
+					$funcs{"PEM_read_${1}"} = 1;
+					$funcs{"PEM_write_${1}"} = 1;
 				}
-#printf STDERR "$_\n%2d %2d %2d %2d %2d $NT\n",
-#$tag{'NOPROTO'},$tag{'FreeBSD'},$tag{'WIN16'},$tag{'PERL5'},$tag{'NO_FP_API'};
-
-			$t=undef;
-			if (/^extern .*;$/)
-				{ $t=&do_extern($name,$_); }
-			elsif (	($tag{'NOPROTO'} == 1) &&
+				$funcs{"PEM_read_bio_${1}"} = 1;
+				$funcs{"PEM_write_bio_${1}"} = 1;
+			} elsif ( 
 				($tag{'FreeBSD'} != 1) &&
-				(($NT && ($tag{'WIN16'} != 1)) ||
-				 (!$NT && ($tag{'WIN16'} != -1))) &&
+				($tag{'CONST_STRICT'} != 1) &&
+				(($W32 && ($tag{'WIN16'} != 1)) ||
+				 (!$W32 && ($tag{'WIN16'} != -1))) &&
 				($tag{'PERL5'} != 1) &&
 #				($tag{'_WINDLL'} != -1) &&
-				((!$NT && $tag{'_WINDLL'} != -1) ||
-				 ($NT && $tag{'_WINDLL'} != 1)) &&
-				((($tag{'NO_FP_API'} != 1) && $NT) ||
-				 (($tag{'NO_FP_API'} != -1) && !$NT)))
-				{ $t=&do_line($name,$_); }
-			else
-				{ $t=undef; }
-			if (($t ne undef) && (!$done{$name,$t}))
+				((!$W32 && $tag{'_WINDLL'} != -1) ||
+				 ($W32 && $tag{'_WINDLL'} != 1)) &&
+				((($tag{'NO_FP_API'} != 1) && $W32) ||
+				 (($tag{'NO_FP_API'} != -1) && !$W32)))
 				{
-				$done{$name,$t}++;
-				push(@ret,$t);
-#printf STDERR "one:$t\n" if $t =~ /BIO_/;
+					if (/{|\/\*/) { # }
+						$line = $_;
+					} else {
+						$def .= $_;
+					}
 				}
 			}
 		close(IN);
+
+		foreach (split /;/, $def) {
+			s/^[\n\s]*//g;
+			s/[\n\s]*$//g;
+			next if(/typedef\W/);
+			next if(/EVP_bf/ and $no_bf);
+			next if(/EVP_cast/ and $no_cast);
+			next if(/EVP_des/ and $no_des);
+			next if(/EVP_dss/ and $no_dsa);
+			next if(/EVP_idea/ and $no_idea);
+			next if(/EVP_md2/ and $no_md2);
+			next if(/EVP_md5/ and $no_md5);
+			next if(/EVP_rc2/ and $no_rc2);
+			next if(/EVP_rc4/ and $no_rc4);
+			next if(/EVP_rc5/ and $no_rc5);
+			next if(/EVP_ripemd/ and $no_ripemd);
+			next if(/EVP_sha/ and $no_sha);
+			if (/\(\*(\w*)\([^\)]+/) {
+				$funcs{$1} = 1;
+			} elsif (/\w+\W+(\w+)\W*\(\s*\)$/s) {
+				# K&R C
+				next;
+			} elsif (/\w+\W+\w+\W*\(.*\)$/s) {
+				while (not /\(\)$/s) {
+					s/[^\(\)]*\)$/\)/s;
+					s/\([^\(\)]*\)\)$/\)/s;
+				}
+				s/\(void\)//;
+				/(\w+)\W*\(\)/s;
+				$funcs{$1} = 1;
+			} elsif (/\(/ and not (/=/)) {
+				print STDERR "File $file: cannot parse: $_;\n";
+			}
 		}
-	return(@ret);
 	}
 
-sub do_line
-	{
-	local($file,$_)=@_;
-	local($n);
-
-	return(undef) if /^$/;
-	return(undef) if /^\s/;
-#printf STDERR "two:$_\n" if $_ =~ /BIO_/;
-	if (/(CRYPTO_get_locking_callback)/)
-		{ return($1); }
-	elsif (/(CRYPTO_get_id_callback)/)
-		{ return($1); }
-	elsif (/(CRYPTO_get_add_lock_callback)/)
-		{ return($1); }
-	elsif (/(SSL_CTX_get_verify_callback)/)
-		{ return($1); }
-	elsif (/(SSL_get_info_callback)/)
-		{ return($1); }
-	elsif ((!$NT) && /(ERR_load_CRYPTO_strings)/)
-		{ return("ERR_load_CRYPTOlib_strings"); }
-	elsif (!$NT && /BIO_s_file/)
-		{ return(undef); }
-	elsif (!$NT && /BIO_new_file/)
-		{ return(undef); }
-	elsif (!$NT && /BIO_new_fp/)
-		{ return(undef); }
-	elsif ($NT && /BIO_s_file_internal/)
-		{ return(undef); }
-	elsif ($NT && /BIO_new_file_internal/)
-		{ return(undef); }
-	elsif ($NT && /BIO_new_fp_internal/)
-		{ return(undef); }
-	else
-		{
-		/\s\**(\S+)\s*\(/;
-		return($1);
+	# Prune the returned functions
+
+        delete $funcs{"SSL_add_dir_cert_subjects_to_stack"};
+        delete $funcs{"des_crypt"};
+        delete $funcs{"RSA_PKCS1_RSAref"} unless $rsaref;
+
+	if($W32) {
+		delete $funcs{"BIO_s_file_internal"};
+		delete $funcs{"BIO_new_file_internal"};
+		delete $funcs{"BIO_new_fp_internal"};
+	} else {
+		if(exists $funcs{"ERR_load_CRYPTO_strings"}) {
+			delete $funcs{"ERR_load_CRYPTO_strings"};
+			$funcs{"ERR_load_CRYPTOlib_strings"} = 1;
 		}
+		delete $funcs{"BIO_s_file"};
+		delete $funcs{"BIO_new_file"};
+		delete $funcs{"BIO_new_fp"};
+	}
+	if (!$NT) {
+		delete $funcs{"BIO_s_log"};
 	}
 
-sub do_extern
-	{
-	local($file,$_)=@_;
-	local($n);
+	push @ret, keys %funcs;
 
-	/\s\**(\S+);$/;
-	return($1);
-	}
+	return(@ret);
+}
 
 sub print_def_file
-	{
-	local(*OUT,$name,*nums,@functions)=@_;
-	local($n)=1;
+{
+	(*OUT,my $name,*nums,@functions)=@_;
+	my $n =1;
 
-	if ($NT)
+	if ($W32)
 		{ $name.="32"; }
 	else
 		{ $name.="16"; }
 
 	print OUT <<"EOF";
 ;
-; Definition file for the DDL version of the $name library from SSLeay
+; Definition file for the DLL version of the $name library from OpenSSL
 ;
 
 LIBRARY         $name
 
-DESCRIPTION     'SSLeay $name - eay\@cryptsoft.com'
+DESCRIPTION     'OpenSSL $name - http://www.openssl.org/'
 
 EOF
 
-	if (!$NT)
-		{
+	if (!$W32) {
 		print <<"EOF";
 CODE            PRELOAD MOVEABLE
 DATA            PRELOAD MOVEABLE SINGLE
@@ -249,7 +366,7 @@ HEAPSIZE	4096
 STACKSIZE	8192
 
 EOF
-		}
+	}
 
 	print "EXPORTS\n";
 
@@ -258,35 +375,52 @@ EOF
 	(@r)=grep(!/^SSLeay/,@functions);
 	@functions=((sort @e),(sort @r));
 
-	foreach $func (@functions)
-		{
-		if (!defined($nums{$func}))
-			{
-			printf STDERR "$func does not have a number assigned\n";
-			}
-		else
-			{
+	foreach $func (@functions) {
+		if (!defined($nums{$func})) {
+			printf STDERR "$func does not have a number assigned\n"
+					if(!$do_update);
+		} else {
 			$n=$nums{$func};
-			printf OUT "    %s%-35s@%d\n",($NT)?"":"_",$func,$n;
-			}
+			printf OUT "    %s%-40s@%d\n",($W32)?"":"_",$func,$n;
 		}
-	printf OUT "\n";
 	}
+	printf OUT "\n";
+}
 
 sub load_numbers
-	{
-	local($name)=@_;
-	local($j,@a,%ret);
+{
+	my($name)=@_;
+	my(@a,%ret);
+
+	$max_num = 0;
 
 	open(IN,"<$name") || die "unable to open $name:$!\n";
-	while (<IN>)
-		{
+	while (<IN>) {
 		chop;
 		s/#.*$//;
 		next if /^\s*$/;
 		@a=split;
 		$ret{$a[0]}=$a[1];
-		}
+		$max_num = $a[1] if $a[1] > $max_num;
+	}
 	close(IN);
 	return(%ret);
+}
+
+sub update_numbers
+{
+	(*OUT,$name,*nums,my $start_num, my @functions)=@_;
+	my $new_funcs = 0;
+	print STDERR "Updating $name\n";
+	foreach $func (@functions) {
+		if (!exists $nums{$func}) {
+			$new_funcs++;
+			printf OUT "%s%-40s%d\n","",$func, ++$start_num;
+		}
+	}
+	if($new_funcs) {
+		print STDERR "$new_funcs New Functions added\n";
+	} else {
+		print STDERR "No New Functions Added\n";
 	}
+}
diff --git a/lib/libssl/src/util/mkdir-p.pl b/lib/libssl/src/util/mkdir-p.pl
new file mode 100644
index 00000000000..6c69c2daa4d
--- /dev/null
+++ b/lib/libssl/src/util/mkdir-p.pl
@@ -0,0 +1,33 @@
+#!/usr/local/bin/perl
+
+# mkdir-p.pl
+
+# On some systems, the -p option to mkdir (= also create any missing parent
+# directories) is not available.
+
+my $arg;
+
+foreach $arg (@ARGV) {
+  &do_mkdir_p($arg);
+}
+
+
+sub do_mkdir_p {
+  local($dir) = @_;
+
+  $dir =~ s|/*\Z(?!\n)||s;
+
+  if (-d $dir) {
+    return;
+  }
+
+  if ($dir =~ m|[^/]/|s) {
+    local($parent) = $dir;
+    $parent =~ s|[^/]*\Z(?!\n)||s;
+
+    do_mkdir_p($parent);
+  }
+
+  mkdir($dir, 0777) || die "Cannot create directory $dir: $!\n";
+  print "created directory `$dir'\n";
+}
diff --git a/lib/libssl/src/util/mkerr.pl b/lib/libssl/src/util/mkerr.pl
new file mode 100644
index 00000000000..4b3bccb13e7
--- /dev/null
+++ b/lib/libssl/src/util/mkerr.pl
@@ -0,0 +1,503 @@
+#!/usr/local/bin/perl -w
+
+my $config = "crypto/err/openssl.ec";
+my $debug = 0;
+my $rebuild = 0;
+my $static = 1;
+my $recurse = 0;
+my $reindex = 0;
+my $dowrite = 0;
+
+
+while (@ARGV) {
+	my $arg = $ARGV[0];
+	if($arg eq "-conf") {
+		shift @ARGV;
+		$config = shift @ARGV;
+	} elsif($arg eq "-debug") {
+		$debug = 1;
+		shift @ARGV;
+	} elsif($arg eq "-rebuild") {
+		$rebuild = 1;
+		shift @ARGV;
+	} elsif($arg eq "-recurse") {
+		$recurse = 1;
+		shift @ARGV;
+	} elsif($arg eq "-reindex") {
+		$reindex = 1;
+		shift @ARGV;
+	} elsif($arg eq "-nostatic") {
+		$static = 0;
+		shift @ARGV;
+	} elsif($arg eq "-write") {
+		$dowrite = 1;
+		shift @ARGV;
+	} else {
+		last;
+	}
+}
+
+if($recurse) {
+	@source = (<crypto/*.c>, <crypto/*/*.c>, ,<rsaref/*.c>, <ssl/*.c>);
+} else {
+	@source = @ARGV;
+}
+
+# Read in the config file
+
+open(IN, "<$config") || die "Can't open config file $config";
+
+# Parse config file
+
+while(<IN>)
+{
+	if(/^L\s+(\S+)\s+(\S+)\s+(\S+)/) {
+		$hinc{$1} = $2;
+		$cskip{$3} = $1;
+		if($3 ne "NONE") {
+			$csrc{$1} = $3;
+			$fmax{$1} = 99;
+			$rmax{$1} = 99;
+			$fnew{$1} = 0;
+			$rnew{$1} = 0;
+		}
+	} elsif (/^F\s+(\S+)/) {
+	# Add extra function with $1
+	} elsif (/^R\s+(\S+)\s+(\S+)/) {
+		$rextra{$1} = $2;
+		$rcodes{$1} = $2;
+	}
+}
+
+close IN;
+
+# Scan each header file in turn and make a list of error codes
+# and function names
+
+while (($lib, $hdr) = each %hinc)
+{
+	next if($hdr eq "NONE");
+	print STDERR "Scanning header file $hdr\n" if $debug; 
+	open(IN, "<$hdr") || die "Can't open Header file $hdr\n";
+	my $line = "", $def= "";
+	while(<IN>) {
+	    last if(/BEGIN\s+ERROR\s+CODES/);
+	    if ($line ne '') {
+		$_ = $line . $_;
+		$line = '';
+	    }
+
+	    if (/\\$/) {
+		$line = $_;
+		next;
+	    }
+
+	    $cpp = 1 if /^#.*ifdef.*cplusplus/;  # skip "C" declaration
+	    if ($cpp) {
+		$cpp = 0 if /^#.*endif/;
+		next;
+	    }
+
+	    next if (/^#/);                      # skip preprocessor directives
+
+	    s/\/\*.*?\*\///gs;                   # ignore comments
+	    s/{[^{}]*}//gs;                      # ignore {} blocks
+
+	    if (/{|\/\*/) { # Add a } so editor works...
+		$line = $_;
+	    } else {
+		$def .= $_;
+	    }
+	}
+
+	foreach (split /;/, $def) {
+	    s/^[\n\s]*//g;
+	    s/[\n\s]*$//g;
+	    next if(/typedef\W/);
+	    if (/\(\*(\w*)\([^\)]+/) {
+		my $name = $1;
+		$name =~ tr/[a-z]/[A-Z]/;
+		$ftrans{$name} = $1;
+	    } elsif (/\w+\W+(\w+)\W*\(\s*\)$/s){
+		# K&R C
+		next ;
+	    } elsif (/\w+\W+\w+\W*\(.*\)$/s) {
+		while (not /\(\)$/s) {
+		    s/[^\(\)]*\)$/\)/s;
+		    s/\([^\(\)]*\)\)$/\)/s;
+		}
+		s/\(void\)//;
+		/(\w+)\W*\(\)/s;
+		my $name = $1;
+		$name =~ tr/[a-z]/[A-Z]/;
+		$ftrans{$name} = $1;
+	    } elsif (/\(/ and not (/=/ or /DECLARE_STACK/)) {
+		print STDERR "Header $hdr: cannot parse: $_;\n";
+	    }
+	}
+
+	next if $reindex;
+
+	# Scan function and reason codes and store them: keep a note of the
+	# maximum code used.
+
+	while(<IN>) {
+		if(/^#define\s+(\S+)\s+(\S+)/) {
+			$name = $1;
+			$code = $2;
+			unless($name =~ /^${lib}_([RF])_(\w+)$/) {
+				print STDERR "Invalid error code $name\n";
+				next;
+			}
+			if($1 eq "R") {
+				$rcodes{$name} = $code;
+				if(!(exists $rextra{$name}) &&
+					 ($code > $rmax{$lib}) ) {
+					$rmax{$lib} = $code;
+				}
+			} else {
+				if($code > $fmax{$lib}) {
+					$fmax{$lib} = $code;
+				}
+				$fcodes{$name} = $code;
+			}
+		}
+	}
+	close IN;
+}
+
+# Scan each C source file and look for function and reason codes
+# This is done by looking for strings that "look like" function or
+# reason codes: basically anything consisting of all upper case and
+# numerics which has _F_ or _R_ in it and which has the name of an
+# error library at the start. This seems to work fine except for the
+# oddly named structure BIO_F_CTX which needs to be ignored.
+# If a code doesn't exist in list compiled from headers then mark it
+# with the value "X" as a place holder to give it a value later.
+# Store all function and reason codes found in %ufcodes and %urcodes
+# so all those unreferenced can be printed out.
+
+
+foreach $file (@source) {
+	# Don't parse the error source file.
+	next if exists $cskip{$file};
+	open(IN, "<$file") || die "Can't open source file $file\n";
+	while(<IN>) {
+		if(/(([A-Z0-9]+)_F_([A-Z0-9_]+))/) {
+			next unless exists $csrc{$2};
+			next if($1 eq "BIO_F_BUFFER_CTX");
+			$ufcodes{$1} = 1;
+			if(!exists $fcodes{$1}) {
+				$fcodes{$1} = "X";
+				$fnew{$2}++;
+			}
+			$notrans{$1} = 1 unless exists $ftrans{$3};
+		}
+		if(/(([A-Z0-9]+)_R_[A-Z0-9_]+)/) {
+			next unless exists $csrc{$2};
+			$urcodes{$1} = 1;
+			if(!exists $rcodes{$1}) {
+				$rcodes{$1} = "X";
+				$rnew{$2}++;
+			}
+		} 
+	}
+	close IN;
+}
+
+# Now process each library in turn.
+
+foreach $lib (keys %csrc)
+{
+	my $hfile = $hinc{$lib};
+	my $cfile = $csrc{$lib};
+	if(!$fnew{$lib} && !$rnew{$lib}) {
+		print STDERR "$lib:\t\tNo new error codes\n";
+		next unless $rebuild;
+	} else {
+		print STDERR "$lib:\t\t$fnew{$lib} New Functions,";
+		print STDERR " $rnew{$lib} New Reasons.\n";
+		next unless $dowrite;
+	}
+
+	# If we get here then we have some new error codes so we
+	# need to rebuild the header file and C file.
+
+	# Make a sorted list of error and reason codes for later use.
+
+	my @function = sort grep(/^${lib}_/,keys %fcodes);
+	my @reasons = sort grep(/^${lib}_/,keys %rcodes);
+
+	# Rewrite the header file
+
+	open(IN, "<$hfile") || die "Can't Open Header File $hfile\n";
+
+	# Copy across the old file
+	while(<IN>) {
+		push @out, $_;
+		last if (/BEGIN ERROR CODES/);
+	}
+	close IN;
+
+	open (OUT, ">$hfile") || die "Can't Open File $hfile for writing\n";
+
+	print OUT @out;
+	undef @out;
+	print OUT <<"EOF";
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+/* Error codes for the $lib functions. */
+
+/* Function codes. */
+EOF
+
+	foreach $i (@function) {
+		$z=6-int(length($i)/8);
+		if($fcodes{$i} eq "X") {
+			$fcodes{$i} = ++$fmax{$lib};
+			print STDERR "New Function code $i\n" if $debug;
+		}
+		printf OUT "#define $i%s $fcodes{$i}\n","\t" x $z;
+	}
+
+	print OUT "\n/* Reason codes. */\n";
+
+	foreach $i (@reasons) {
+		$z=6-int(length($i)/8);
+		if($rcodes{$i} eq "X") {
+			$rcodes{$i} = ++$rmax{$lib};
+			print STDERR "New Reason code   $i\n" if $debug;
+		}
+		printf OUT "#define $i%s $rcodes{$i}\n","\t" x $z;
+	}
+	print OUT <<"EOF";
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
+EOF
+	close OUT;
+
+	# Rewrite the C source file containing the error details.
+
+	my $hincf;
+	if($static) {
+		$hfile =~ /([^\/]+)$/;
+		$hincf = "<openssl/$1>";
+	} else {
+		$hincf = "\"$hfile\"";
+	}
+
+
+	open (OUT,">$cfile") || die "Can't open $cfile for writing";
+
+	print OUT <<"EOF";
+/* $cfile */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core\@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay\@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh\@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include $hincf
+
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA ${lib}_str_functs[]=
+	{
+EOF
+	# Add each function code: if a function name is found then use it.
+	foreach $i (@function) {
+		my $fn;
+		$i =~ /^${lib}_F_(\S+)$/;
+		$fn = $1;
+		if(exists $ftrans{$fn}) {
+			$fn = $ftrans{$fn};
+		}
+		print OUT "{ERR_PACK(0,$i,0),\t\"$fn\"},\n";
+	}
+	print OUT <<"EOF";
+{0,NULL}
+	};
+
+static ERR_STRING_DATA ${lib}_str_reasons[]=
+	{
+EOF
+	# Add each reason code.
+	foreach $i (@reasons) {
+		my $rn;
+		my $nspc = 0;
+		$i =~ /^${lib}_R_(\S+)$/;
+		$rn = $1;
+		$rn =~ tr/_[A-Z]/ [a-z]/;
+		$nspc = 40 - length($i) unless length($i) > 40;
+		$nspc = " " x $nspc;
+		print OUT "{${i}${nspc},\"$rn\"},\n";
+	}
+if($static) {
+	print OUT <<"EOF";
+{0,NULL}
+	};
+
+#endif
+
+void ERR_load_${lib}_strings(void)
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+#ifndef NO_ERR
+		ERR_load_strings(ERR_LIB_${lib},${lib}_str_functs);
+		ERR_load_strings(ERR_LIB_${lib},${lib}_str_reasons);
+#endif
+
+		}
+	}
+EOF
+} else {
+	print OUT <<"EOF";
+{0,NULL}
+	};
+
+#endif
+
+#ifdef ${lib}_LIB_NAME
+static ERR_STRING_DATA ${lib}_lib_name[]=
+        {
+{0	,${lib}_LIB_NAME},
+{0,NULL}
+	};
+#endif
+
+
+int ${lib}_lib_error_code=0;
+
+void ERR_load_${lib}_strings(void)
+	{
+	static int init=1;
+
+	if (${lib}_lib_error_code == 0)
+		${lib}_lib_error_code=ERR_get_next_error_library();
+
+	if (init)
+		{
+		init=0;
+#ifndef NO_ERR
+		ERR_load_strings(${lib}_lib_error_code,${lib}_str_functs);
+		ERR_load_strings(${lib}_lib_error_code,${lib}_str_reasons);
+#endif
+
+#ifdef ${lib}_LIB_NAME
+		${lib}_lib_name->error = ERR_PACK(${lib}_lib_error_code,0,0);
+		ERR_load_strings(0,${lib}_lib_name);
+#endif;
+		}
+	}
+
+void ERR_${lib}_error(int function, int reason, char *file, int line)
+	{
+	if (${lib}_lib_error_code == 0)
+		${lib}_lib_error_code=ERR_get_next_error_library();
+	ERR_PUT_error(${lib}_lib_error_code,function,reason,file,line);
+	}
+EOF
+
+}
+
+	close OUT;
+
+}
+
+if($debug && defined(%notrans)) {
+	print STDERR "The following function codes were not translated:\n";
+	foreach(sort keys %notrans)
+	{
+		print STDERR "$_\n";
+	}
+}
+
+# Make a list of unreferenced function and reason codes
+
+foreach (keys %fcodes) {
+	push (@funref, $_) unless exists $ufcodes{$_};
+}
+
+foreach (keys %rcodes) {
+	push (@runref, $_) unless exists $urcodes{$_};
+}
+
+if($debug && defined(@funref) ) {
+	print STDERR "The following function codes were not referenced:\n";
+	foreach(sort @funref)
+	{
+		print STDERR "$_\n";
+	}
+}
+
+if($debug && defined(@runref) ) {
+	print STDERR "The following reason codes were not referenced:\n";
+	foreach(sort @runref)
+	{
+		print STDERR "$_\n";
+	}
+}
diff --git a/lib/libssl/src/util/mkfiles.pl b/lib/libssl/src/util/mkfiles.pl
new file mode 100644
index 00000000000..6fa424bd190
--- /dev/null
+++ b/lib/libssl/src/util/mkfiles.pl
@@ -0,0 +1,110 @@
+#!/usr/local/bin/perl
+#
+# This is a hacked version of files.pl for systems that can't do a 'make files'.
+# Do a perl util/mkminfo.pl >MINFO to build MINFO
+# Written by Steve Henson 1999.
+
+# List of directories to process
+
+my @dirs = (
+".",
+"crypto",
+"crypto/md2",
+"crypto/md5",
+"crypto/sha",
+"crypto/mdc2",
+"crypto/hmac",
+"crypto/ripemd",
+"crypto/des",
+"crypto/rc2",
+"crypto/rc4",
+"crypto/rc5",
+"crypto/idea",
+"crypto/bf",
+"crypto/cast",
+"crypto/bn",
+"crypto/rsa",
+"crypto/dsa",
+"crypto/dh",
+"crypto/buffer",
+"crypto/bio",
+"crypto/stack",
+"crypto/lhash",
+"crypto/rand",
+"crypto/err",
+"crypto/objects",
+"crypto/evp",
+"crypto/asn1",
+"crypto/pem",
+"crypto/x509",
+"crypto/x509v3",
+"crypto/conf",
+"crypto/txt_db",
+"crypto/pkcs7",
+"crypto/pkcs12",
+"crypto/comp",
+"ssl",
+"rsaref",
+"apps",
+"test",
+"tools"
+);
+
+foreach (@dirs) {
+	&files_dir ($_, "Makefile.ssl");
+}
+
+exit(0);
+
+sub files_dir
+{
+my ($dir, $makefile) = @_;
+
+my %sym;
+
+open (IN, "$dir/$makefile") || die "Can't open $dir/$makefile";
+
+my $s="";
+
+while (<IN>)
+	{
+	chop;
+	s/#.*//;
+	if (/^(\S+)\s*=\s*(.*)$/)
+		{
+		$o="";
+		($s,$b)=($1,$2);
+		for (;;)
+			{
+			if ($b =~ /\\$/)
+				{
+				chop($b);
+				$o.=$b." ";
+				$b=<IN>;
+				chop($b);
+				}
+			else
+				{
+				$o.=$b." ";
+				last;
+				}
+			}
+		$o =~ s/^\s+//;
+		$o =~ s/\s+$//;
+		$o =~ s/\s+/ /g;
+
+		$o =~ s/\$[({]([^)}]+)[)}]/$sym{$1}/g;
+		$sym{$s}=$o;
+		}
+	}
+
+print "RELATIVE_DIRECTORY=$dir\n";
+
+foreach (sort keys %sym)
+	{
+	print "$_=$sym{$_}\n";
+	}
+print "RELATIVE_DIRECTORY=\n";
+
+close (IN);
+}
diff --git a/lib/libssl/src/util/mklink.pl b/lib/libssl/src/util/mklink.pl
new file mode 100644
index 00000000000..de555820ec9
--- /dev/null
+++ b/lib/libssl/src/util/mklink.pl
@@ -0,0 +1,55 @@
+#!/usr/local/bin/perl
+
+# mklink.pl
+
+# The first command line argument is a non-empty relative path
+# specifying the "from" directory.
+# Each other argument is a file name not containing / and
+# names a file in the current directory.
+#
+# For each of these files, we create in the "from" directory a link
+# of the same name pointing to the local file.
+#
+# We assume that the directory structure is a tree, i.e. that it does
+# not contain symbolic links and that the parent of / is never referenced.
+# Apart from this, this script should be able to handle even the most
+# pathological cases.
+
+my $from = shift;
+my @files = @ARGV;
+
+my @from_path = split(/\//, $from);
+my $pwd = `pwd`;
+chop($pwd);
+my @pwd_path = split(/\//, $pwd);
+
+my @to_path = ();
+
+my $dirname;
+foreach $dirname (@from_path) {
+
+    # In this loop, @to_path always is a relative path from
+    # @pwd_path (interpreted is an absolute path) to the original pwd.
+
+    # At the end, @from_path (as a relative path from the original pwd)
+    # designates the same directory as the absolute path @pwd_path,
+    # which means that @to_path then is a path from there to the original pwd.
+
+    next if ($dirname eq "" || $dirname eq ".");
+
+    if ($dirname eq "..") {
+	@to_path = (pop(@pwd_path), @to_path);
+    } else {
+	@to_path = ("..", @to_path);
+	push(@pwd_path, $dirname);
+    }
+}
+
+my $to = join('/', @to_path);
+
+my $file;
+foreach $file (@files) {
+#    print "ln -s $to/$file $from/$file\n";
+    symlink("$to/$file", "$from/$file");
+    print $file . " => $from/$file\n";
+}
diff --git a/lib/libssl/src/util/mklink.sh b/lib/libssl/src/util/mklink.sh
deleted file mode 100644
index 1e052ed6ee7..00000000000
--- a/lib/libssl/src/util/mklink.sh
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/bin/sh
-#
-# A bit of an ugly shell script used to actually 'link' files.
-# Used by 'make links'
-#
-
-PATH=$PATH:.:util:../util:../../util
-export PATH
-
-from=$1
-shift
-
-here=`pwd`
-tmp=`dirname $from`
-while [ "$tmp"x != "x" -a "$tmp"x != ".x" ]
-do
-	t=`basename $here`
-	here=`dirname $here`
-	to="/$t$to"
-	tmp=`dirname $tmp`
-done
-to=..$to
-
-#echo from=$from
-#echo to  =$to
-#exit 1
-
-if [ "$*"x != "x" ]; then
-	for i in $*
-	do
-		/bin/rm -f $from/$i
-		point.sh $to/$i $from/$i
-	done
-fi
-exit 0;
diff --git a/lib/libssl/src/util/perlpath.pl b/lib/libssl/src/util/perlpath.pl
index 9e57e10ad4d..a1f236bd984 100644
--- a/lib/libssl/src/util/perlpath.pl
+++ b/lib/libssl/src/util/perlpath.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 #
 # modify the '#!/usr/local/bin/perl'
 # line in all scripts that rely on perl.
@@ -17,7 +17,12 @@ sub wanted
 	@a=<IN>;
 	close(IN);
 
-	$a[0]="#!$ARGV[0]/perl\n";
+	if (-d $ARGV[0]) {
+		$a[0]="#!$ARGV[0]/perl\n";
+	}
+	else {
+		$a[0]="#!$ARGV[0]\n";
+	}
 
 	# Playing it safe...
 	$new="$_.new";
diff --git a/lib/libssl/src/util/pl/BC-16.pl b/lib/libssl/src/util/pl/BC-16.pl
index 7c3fdb68f4d..6c6df4fe0ba 100644
--- a/lib/libssl/src/util/pl/BC-16.pl
+++ b/lib/libssl/src/util/pl/BC-16.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 # VCw16lib.pl - the file for Visual C++ 1.52b for windows, static libraries
 #
 
@@ -66,18 +66,18 @@ $asm='bcc -c -B -Tml';
 $afile='/o';
 if ($no_asm)
 	{
-	$bn_mulw_obj='';
-	$bn_mulw_src='';
+	$bn_asm_obj='';
+	$bn_asm_src='';
 	}
 elsif ($asmbits == 32)
 	{
-	$bn_mulw_obj='crypto\bn\asm\x86w32.obj';
-	$bn_mulw_src='crypto\bn\asm\x86w32.asm';
+	$bn_asm_obj='crypto\bn\asm\x86w32.obj';
+	$bn_asm_src='crypto\bn\asm\x86w32.asm';
 	}
 else
 	{
-	$bn_mulw_obj='crypto\bn\asm\x86w16.obj';
-	$bn_mulw_src='crypto\bn\asm\x86w16.asm';
+	$bn_asm_obj='crypto\bn\asm\x86w16.obj';
+	$bn_asm_src='crypto\bn\asm\x86w16.asm';
 	}
 
 sub do_lib_rule
diff --git a/lib/libssl/src/util/pl/BC-32.pl b/lib/libssl/src/util/pl/BC-32.pl
index 3898d16f614..09c45a21a6b 100644
--- a/lib/libssl/src/util/pl/BC-32.pl
+++ b/lib/libssl/src/util/pl/BC-32.pl
@@ -1,102 +1,121 @@
-#!/usr/bin/perl
-# VCw16lib.pl - the file for Visual C++ 1.52b for windows, static libraries
+#!/usr/local/bin/perl
+# Borland C++ builder 3 and 4 -- Janez Jere <jj@void.si>
 #
 
+$ssl=	"ssleay32";
+$crypto="libeay32";
+$RSAref="RSAref32";
+
 $o='\\';
 $cp='copy';
 $rm='del';
 
 # C compiler stuff
 $cc='bcc32';
-
+$lflags="-ap -Tpe -x -Gn ";
+$mlflags='';
+
+$out_def="out32";
+$tmp_def="tmp32";
+$inc_def="inc32";
+#enable max error messages, disable most common warnings
+$cflags="-DWIN32_LEAN_AND_MEAN -j255 -w-aus -w-par -w-inl  -c -tWC -tWM -DWINDOWS -DWIN32 -DL_ENDIAN ";
 if ($debug)
-	{ $op="-v "; }
-else	{ $op="-O "; }
-
-$cflags="-d $op -DL_ENDIAN ";
-# I add the stack opt
-$base_lflags="-c";
-$lflags="$base_lflags";
-
-$cflags.=" -DWINDOWS -DWIN32";
-$app_cflag="-WC";
-$lib_cflag="-WC";
-$lflags.=" -Tpe";
-
-if ($shlib)
-	{
-	$mlflags="$base_lflags -Tpe"; # stack if defined in .def file
-	$libs="libw ldllcew";
-	}
+{
+    $cflags.="-Od -y -v -vi- -D_DEBUG";
+    $mlflags.=' ';
+}
 else
-	{ $mlflags=''; }
+{
+    $cflags.="-O2 -ff -fp";
+}
 
 $obj='.obj';
 $ofile="-o";
 
 # EXE linking stuff
-$link="tlink32";
+$link="ilink32";
 $efile="";
 $exep='.exe';
-$ex_libs="CW32.LIB IMPORT32.LIB";
-$ex_libs.=$no_sock?"":" wsock32.lib";
-$shlib_ex_obj="" if $shlib;
-$app_ex_obj="C0X32.OBJ";
+if ($no_sock)
+	{ $ex_libs=""; }
+else	{ $ex_libs="cw32mt.lib import32.lib"; }
 
 # static library stuff
-$mklib='tlib';
+$mklib='tlib /P64';
 $ranlib='';
 $plib="";
 $libp=".lib";
 $shlibp=($shlib)?".dll":".lib";
 $lfile='';
 
-$asm='ml /Cp /c /Cx';
+$shlib_ex_obj="";
+$app_ex_obj="c0x32.obj"; 
+
+$asm='n_o_T_a_s_m';
+$asm.=" /Zi" if $debug;
 $afile='/Fo';
-if ($noasm)
+
+$bn_mulw_obj='';
+$bn_mulw_src='';
+$des_enc_obj='';
+$des_enc_src='';
+$bf_enc_obj='';
+$bf_enc_src='';
+
+if (!$no_asm)
 	{
-	$bn_mulw_obj='';
-	$bn_mulw_src='';
+	$bn_mulw_obj='crypto\bn\asm\bn-win32.obj';
+	$bn_mulw_src='crypto\bn\asm\bn-win32.asm';
+	$des_enc_obj='crypto\des\asm\d-win32.obj crypto\des\asm\y-win32.obj';
+	$des_enc_src='crypto\des\asm\d-win32.asm crypto\des\asm\y-win32.asm';
+	$bf_enc_obj='crypto\bf\asm\b-win32.obj';
+	$bf_enc_src='crypto\bf\asm\b-win32.asm';
+	$cast_enc_obj='crypto\cast\asm\c-win32.obj';
+	$cast_enc_src='crypto\cast\asm\c-win32.asm';
+	$rc4_enc_obj='crypto\rc4\asm\r4-win32.obj';
+	$rc4_enc_src='crypto\rc4\asm\r4-win32.asm';
+	$rc5_enc_obj='crypto\rc5\asm\r5-win32.obj';
+	$rc5_enc_src='crypto\rc5\asm\r5-win32.asm';
+	$md5_asm_obj='crypto\md5\asm\m5-win32.obj';
+	$md5_asm_src='crypto\md5\asm\m5-win32.asm';
+	$sha1_asm_obj='crypto\sha\asm\s1-win32.obj';
+	$sha1_asm_src='crypto\sha\asm\s1-win32.asm';
+	$rmd160_asm_obj='crypto\ripemd\asm\rm-win32.obj';
+	$rmd160_asm_src='crypto\ripemd\asm\rm-win32.asm';
+	$cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM";
 	}
-else
+
+if ($shlib)
 	{
-	$bn_mulw_obj='crypto\bn\asm\x86b32.obj';
-	$bn_mulw_src='crypto\bn\asm\x86m32.asm';
+	$mlflags.=" $lflags /dll";
+#	$cflags =~ s| /MD| /MT|;
+	$lib_cflag=" /GD -D_WINDLL -D_DLL";
+	$out_def="out32dll";
+	$tmp_def="tmp32dll";
 	}
 
 sub do_lib_rule
 	{
-	local($target,$name,$shlib)=@_;
+	local($objs,$target,$name,$shlib)=@_;
 	local($ret,$Name);
 
 	$taget =~ s/\//$o/g if $o ne '/';
 	($Name=$name) =~ tr/a-z/A-Z/;
 
-	$ret.="$target: \$(${Name}OBJ)\n";
-	$ret.="\t\$(RM) \$(O_$Name)\n";
-
-	# Due to a pathetic line length limit, I unwrap the args.
-	local($lib_names)="";
-	local($dll_names)="";
-	foreach $_ (sort split(/\s+/,$Vars{"${Name}OBJ"}))
-		{
-		$lib_names.="  +$_ &\n";
-		$dll_names.="  $_\n";
-		}
-
+#	$target="\$(LIB_D)$o$target";
+	$ret.="$target: $objs\n";
 	if (!$shlib)
 		{
-		$ret.="\t\$(MKLIB) $target & <<|\n$lib_names\n,\n|\n";
+		#		$ret.="\t\$(RM) \$(O_$Name)\n";
+		$ret.="\techo LIB $<\n";    
+		$ret.="\t\$(MKLIB) $lfile$target  \$(addprefix +, $objs)\n";
 		}
 	else
 		{
-		# $(SHLIB_EX_OBJ)
-		local($ex)=($Name eq "SSL")?' $(L_CRYPTO) winsock':"";
-		$ret.="\t\$(LINK) \$(MLFLAGS) @&&|\n";
-		$ret.=$dll_names;
-		$ret.="\n  $target\n\n  $ex $libs\nms$o${name}16.def;\n|\n";
-		($out_lib=$target) =~ s/O_/L_/;
-		$ret.="\timplib /nowep $out_lib $target\n\n";
+		local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
+		$ex.=' wsock32.lib gdi32.lib';
+		$ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n  \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
 		}
 	$ret.="\n";
 	return($ret);
@@ -105,30 +124,12 @@ sub do_lib_rule
 sub do_link_rule
 	{
 	local($target,$files,$dep_libs,$libs)=@_;
-	local($ret,$f,$_,@f);
+	local($ret,$_);
 	
 	$file =~ s/\//$o/g if $o ne '/';
 	$n=&bname($targer);
 	$ret.="$target: $files $dep_libs\n";
-	$ret.="  \$(LINK) @&&|";
-	
-	# Due to a pathetic line length limit, I have to unwrap the args.
-	$r="  \$(LFLAGS) ";
-	if ($files =~ /\(([^)]*)\)$/)
-		{
-		@a=('$(APP_EX_OBJ)');
-		push(@a,sort split(/\s+/,$Vars{$1}));
-		foreach $_ (@a)
-			{
-			$ret.="\n  $r $_ +";
-			$r="";
-			}
-		chop($ret);
-		$ret.="\n";
-		}
-	else
-		{ $ret.="\n $r \$(APP_EX_OBJ) $files\n"; }
-	$ret.="  $target\n\n  $libs\n\n|\n\n";
+	$ret.="\t\$(LINK) \$(LFLAGS) $files \$(APP_EX_OBJ), $target,, $libs\n\n";
 	return($ret);
 	}
 
diff --git a/lib/libssl/src/util/pl/Mingw32.pl b/lib/libssl/src/util/pl/Mingw32.pl
new file mode 100644
index 00000000000..84c2a22db30
--- /dev/null
+++ b/lib/libssl/src/util/pl/Mingw32.pl
@@ -0,0 +1,79 @@
+#!/usr/local/bin/perl
+#
+# Mingw32.pl -- Mingw32 with GNU cp (Mingw32f.pl uses DOS tools) 
+#
+
+$o='/';
+$cp='cp';
+$rm='rem'; # use 'rm -f' if using GNU file utilities
+$mkdir='gmkdir';
+
+# gcc wouldn't accept backslashes in paths
+#$o='\\';
+#$cp='copy';
+#$rm='del';
+
+# C compiler stuff
+
+$cc='gcc';
+if ($debug)
+	{ $cflags="-g2 -ggdb"; }
+else
+	{ $cflags="-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall"; }
+
+$obj='.o';
+$ofile='-o ';
+
+# EXE linking stuff
+$link='${CC}';
+$lflags='${CFLAGS}';
+$efile='-o ';
+$exep='';
+$ex_libs="-lwsock32 -lgdi32";
+
+# static library stuff
+$mklib='ar r';
+$mlflags='';
+$ranlib='ranlib';
+$plib='lib';
+$libp=".a";
+$shlibp=".a";
+$lfile='';
+
+$asm='as';
+$afile='-o ';
+$bn_asm_obj="";
+$bn_asm_src="";
+$des_enc_obj="";
+$des_enc_src="";
+$bf_enc_obj="";
+$bf_enc_src="";
+
+sub do_lib_rule
+	{
+	local($obj,$target,$name,$shlib)=@_;
+	local($ret,$_,$Name);
+
+	$target =~ s/\//$o/g if $o ne '/';
+	$target="$target";
+	($Name=$name) =~ tr/a-z/A-Z/;
+
+	$ret.="$target: \$(${Name}OBJ)\n";
+	$ret.="\t\$(RM) $target\n";
+	$ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n";
+	$ret.="\t\$(RANLIB) $target\n\n";
+	}
+
+sub do_link_rule
+	{
+	local($target,$files,$dep_libs,$libs)=@_;
+	local($ret,$_);
+	
+	$file =~ s/\//$o/g if $o ne '/';
+	$n=&bname($target);
+	$ret.="$target: $files $dep_libs\n";
+	$ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n";
+	return($ret);
+	}
+1;
+
diff --git a/lib/libssl/src/util/pl/Mingw32f.pl b/lib/libssl/src/util/pl/Mingw32f.pl
new file mode 100644
index 00000000000..a53c537646c
--- /dev/null
+++ b/lib/libssl/src/util/pl/Mingw32f.pl
@@ -0,0 +1,73 @@
+#!/usr/local/bin/perl
+#
+# Mingw32f.pl -- copy files; Mingw32.pl is needed to do the compiling. 
+#
+
+$o='\\';
+$cp='copy';
+$rm='del';
+
+# C compiler stuff
+
+$cc='gcc';
+if ($debug)
+	{ $cflags="-g2 -ggdb"; }
+else
+	{ $cflags="-O3 -fomit-frame-pointer"; }
+
+$obj='.o';
+$ofile='-o ';
+
+# EXE linking stuff
+$link='${CC}';
+$lflags='${CFLAGS}';
+$efile='-o ';
+$exep='';
+$ex_libs="-lwsock32 -lgdi32";
+
+# static library stuff
+$mklib='ar r';
+$mlflags='';
+$ranlib='ranlib';
+$plib='lib';
+$libp=".a";
+$shlibp=".a";
+$lfile='';
+
+$asm='as';
+$afile='-o ';
+$bn_asm_obj="";
+$bn_asm_src="";
+$des_enc_obj="";
+$des_enc_src="";
+$bf_enc_obj="";
+$bf_enc_src="";
+
+sub do_lib_rule
+	{
+	local($obj,$target,$name,$shlib)=@_;
+	local($ret,$_,$Name);
+
+	$target =~ s/\//$o/g if $o ne '/';
+	$target="$target";
+	($Name=$name) =~ tr/a-z/A-Z/;
+
+	$ret.="$target: \$(${Name}OBJ)\n";
+	$ret.="\t\$(RM) $target\n";
+	$ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n";
+	$ret.="\t\$(RANLIB) $target\n\n";
+	}
+
+sub do_link_rule
+	{
+	local($target,$files,$dep_libs,$libs)=@_;
+	local($ret,$_);
+	
+	$file =~ s/\//$o/g if $o ne '/';
+	$n=&bname($target);
+	$ret.="$target: $files $dep_libs\n";
+	$ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n";
+	return($ret);
+	}
+1;
+
diff --git a/lib/libssl/src/util/pl/VC-16.pl b/lib/libssl/src/util/pl/VC-16.pl
index a6e6c0241c5..a5079d4ca72 100644
--- a/lib/libssl/src/util/pl/VC-16.pl
+++ b/lib/libssl/src/util/pl/VC-16.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 # VCw16lib.pl - the file for Visual C++ 1.52b for windows, static libraries
 #
 
@@ -84,8 +84,8 @@ $lfile='';
 $asm='ml /Cp /c /Cx';
 $afile='/Fo';
 
-$bn_mulw_obj='';
-$bn_mulw_src='';
+$bn_asm_obj='';
+$bn_asm_src='';
 $des_enc_obj='';
 $des_enc_src='';
 $bf_enc_obj='';
@@ -95,13 +95,13 @@ if (!$no_asm)
 	{
 	if ($asmbits == 32)
 		{
-		$bn_mulw_obj='crypto\bn\asm\x86w32.obj';
-		$bn_mulw_src='crypto\bn\asm\x86w32.asm';
+		$bn_asm_obj='crypto\bn\asm\x86w32.obj';
+		$bn_asm_src='crypto\bn\asm\x86w32.asm';
 		}
 	else
 		{
-		$bn_mulw_obj='crypto\bn\asm\x86w16.obj';
-		$bn_mulw_src='crypto\bn\asm\x86w16.asm';
+		$bn_asm_obj='crypto\bn\asm\x86w16.obj';
+		$bn_asm_src='crypto\bn\asm\x86w16.asm';
 		}
 	}
 
diff --git a/lib/libssl/src/util/pl/VC-32.pl b/lib/libssl/src/util/pl/VC-32.pl
index 701e282c335..6db1c9fe237 100644
--- a/lib/libssl/src/util/pl/VC-32.pl
+++ b/lib/libssl/src/util/pl/VC-32.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 # VCw32lib.pl - the file for Visual C++ 4.[01] for windows NT, static libraries
 #
 
@@ -7,7 +7,7 @@ $crypto="libeay32";
 $RSAref="RSAref32";
 
 $o='\\';
-$cp='copy';
+$cp='copy nul+';	# Timestamps get stuffed otherwise
 $rm='del';
 
 # C compiler stuff
@@ -22,10 +22,11 @@ $inc_def="inc32";
 
 if ($debug)
 	{
-	$cflags=" /MDd /W3 /WX /Zi /Yd /Od /nologo -DWINDOWS -DWIN32 -D_DEBUG -DL_ENDIAN";
+	$cflags=" /MDd /W3 /WX /Zi /Yd /Od /nologo -DWINDOWS -DWIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG";
 	$lflags.=" /debug";
 	$mlflags.=' /debug';
 	}
+$cflags .= " -DWINNT" if $NT == 1;
 
 $obj='.obj';
 $ofile="/Fo";
@@ -48,13 +49,17 @@ $lfile='/out:';
 
 $shlib_ex_obj="";
 $app_ex_obj="setargv.obj";
-
-$asm='ml /Cp /coff /c /Cx';
-$asm.=" /Zi" if $debug;
-$afile='/Fo';
-
-$bn_mulw_obj='';
-$bn_mulw_src='';
+if ($nasm) {
+	$asm='nasmw -f win32';
+	$afile='-o ';
+} else {
+	$asm='ml /Cp /coff /c /Cx';
+	$asm.=" /Zi" if $debug;
+	$afile='/Fo';
+}
+
+$bn_asm_obj='';
+$bn_asm_src='';
 $des_enc_obj='';
 $des_enc_src='';
 $bf_enc_obj='';
@@ -62,8 +67,8 @@ $bf_enc_src='';
 
 if (!$no_asm)
 	{
-	$bn_mulw_obj='crypto\bn\asm\bn-win32.obj';
-	$bn_mulw_src='crypto\bn\asm\bn-win32.asm';
+	$bn_asm_obj='crypto\bn\asm\bn-win32.obj';
+	$bn_asm_src='crypto\bn\asm\bn-win32.asm';
 	$des_enc_obj='crypto\des\asm\d-win32.obj crypto\des\asm\y-win32.obj';
 	$des_enc_src='crypto\des\asm\d-win32.asm crypto\des\asm\y-win32.asm';
 	$bf_enc_obj='crypto\bf\asm\b-win32.obj';
@@ -92,6 +97,8 @@ if ($shlib)
 	$tmp_def="tmp32dll";
 	}
 
+$cflags.=" /Fd$out_def";
+
 sub do_lib_rule
 	{
 	local($objs,$target,$name,$shlib)=@_;
@@ -110,7 +117,7 @@ sub do_lib_rule
 	else
 		{
 		local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
-		$ex.=' wsock32.lib gdi32.lib';
+		$ex.=' wsock32.lib gdi32.lib advapi32.lib';
 		$ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n  \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
 		}
 	$ret.="\n";
diff --git a/lib/libssl/src/util/pl/linux.pl b/lib/libssl/src/util/pl/linux.pl
index 2b13da1bfc4..a8cfdc578ad 100644
--- a/lib/libssl/src/util/pl/linux.pl
+++ b/lib/libssl/src/util/pl/linux.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 #
 # linux.pl - the standard unix makefile stuff.
 #
@@ -17,8 +17,8 @@ else
 
 if (!$no_asm)
 	{
-	$bn_mulw_obj='$(OBJ_D)/bn86-elf.o';
-	$bn_mulw_src='crypto/bn/asm/bn86unix.cpp';
+	$bn_asm_obj='$(OBJ_D)/bn86-elf.o';
+	$bn_asm_src='crypto/bn/asm/bn86unix.cpp';
 	$des_enc_obj='$(OBJ_D)/dx86-elf.o $(OBJ_D)/yx86-elf.o';
 	$des_enc_src='crypto/des/asm/dx86unix.cpp crypto/des/asm/yx86unix.cpp';
 	$bf_enc_obj='$(OBJ_D)/bx86-elf.o';
@@ -27,8 +27,12 @@ if (!$no_asm)
 	$cast_enc_src='crypto/cast/asm/cx86unix.cpp';
 	$rc4_enc_obj='$(OBJ_D)/rx86-elf.o';
 	$rc4_enc_src='crypto/rc4/asm/rx86unix.cpp';
+	$rc5_enc_obj='$(OBJ_D)/r586-elf.o';
+	$rc5_enc_src='crypto/rc5/asm/r586unix.cpp';
 	$md5_asm_obj='$(OBJ_D)/mx86-elf.o';
 	$md5_asm_src='crypto/md5/asm/mx86unix.cpp';
+	$rmd160_asm_obj='$(OBJ_D)/rm86-elf.o';
+	$rmd160_asm_src='crypto/ripemd/asm/rm86unix.cpp';
 	$sha1_asm_obj='$(OBJ_D)/sx86-elf.o';
 	$sha1_asm_src='crypto/sha/asm/sx86unix.cpp';
 	$cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM";
@@ -51,9 +55,9 @@ sub do_shlib_rule
 	$target =~ s/\//$o/g if $o ne '/';
 	($Name=$name) =~ tr/a-z/A-Z/;
 
-	$ret.="\$(LIB_D)$o$target: \$(${Name}OBJ)\n";
-	$ret.="\t\$(RM) \$(LIB_D)$o$target\n";
-	$ret.="\tgcc \${CFLAGS} -shared -Wl,-soname,$target -o \$(LIB_D)$o$target \$(${Name}OBJ)\n";
+	$ret.="$target: \$(${Name}OBJ)\n";
+	$ret.="\t\$(RM) target\n";
+	$ret.="\tgcc \${CFLAGS} -shared -Wl,-soname,$target -o $target \$(${Name}OBJ)\n";
 	($t=$target) =~ s/(^.*)\/[^\/]*$/$1/;
 	if ($so_name ne "")
 		{
diff --git a/lib/libssl/src/util/pl/ultrix.pl b/lib/libssl/src/util/pl/ultrix.pl
new file mode 100644
index 00000000000..ea370c71f96
--- /dev/null
+++ b/lib/libssl/src/util/pl/ultrix.pl
@@ -0,0 +1,38 @@
+#!/usr/local/bin/perl
+#
+# linux.pl - the standard unix makefile stuff.
+#
+
+$o='/';
+$cp='/bin/cp';
+$rm='/bin/rm -f';
+
+# C compiler stuff
+
+$cc='cc';
+if ($debug)
+	{ $cflags="-g -DREF_CHECK -DCRYPTO_MDEBUG"; }
+else
+	{ $cflags="-O2"; }
+
+$cflags.=" -std1 -DL_ENDIAN";
+
+if (!$no_asm)
+	{
+	$bn_asm_obj='$(OBJ_D)/mips1.o';
+	$bn_asm_src='crypto/bn/asm/mips1.s';
+	}
+
+sub do_link_rule
+	{
+	local($target,$files,$dep_libs,$libs)=@_;
+	local($ret,$_);
+	
+	$file =~ s/\//$o/g if $o ne '/';
+	$n=&bname($target);
+	$ret.="$target: $files $dep_libs\n";
+	$ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n";
+	return($ret);
+	}
+
+1;
diff --git a/lib/libssl/src/util/pl/unix.pl b/lib/libssl/src/util/pl/unix.pl
index ab4978fd201..146611ad995 100644
--- a/lib/libssl/src/util/pl/unix.pl
+++ b/lib/libssl/src/util/pl/unix.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 #
 # unix.pl - the standard unix makefile stuff.
 #
@@ -38,7 +38,7 @@ $ex_libs="";
 # static library stuff
 $mklib='ar r';
 $mlflags='';
-$ranlib='util/ranlib.sh';
+$ranlib=&which("ranlib") or $ranlib="true";
 $plib='lib';
 $libp=".a";
 $shlibp=".a";
@@ -46,8 +46,8 @@ $lfile='';
 
 $asm='as';
 $afile='-o ';
-$bn_mulw_obj="";
-$bn_mulw_src="";
+$bn_asm_obj="";
+$bn_asm_src="";
 $des_enc_obj="";
 $des_enc_src="";
 $bf_enc_obj="";
@@ -59,7 +59,7 @@ sub do_lib_rule
 	local($ret,$_,$Name);
 
 	$target =~ s/\//$o/g if $o ne '/';
-	$target="\$(LIB_D)$o$target";
+	$target="$target";
 	($Name=$name) =~ tr/a-z/A-Z/;
 
 	$ret.="$target: \$(${Name}OBJ)\n";
@@ -80,4 +80,17 @@ sub do_link_rule
 	return($ret);
 	}
 
+sub which
+	{
+	my ($name)=@_;
+	my $path;
+	foreach $path (split /:/, $ENV{PATH})
+		{
+		if (-x "$path/$name")
+			{
+			return "$path/$name";
+			}
+		}
+	}
+
 1;
diff --git a/lib/libssl/src/util/point.sh b/lib/libssl/src/util/point.sh
index 92c12e82829..47543c88e26 100644
--- a/lib/libssl/src/util/point.sh
+++ b/lib/libssl/src/util/point.sh
@@ -1,4 +1,6 @@
 #!/bin/sh
 
-/bin/rm -f $2
+rm -f $2
 ln -s $1 $2
+echo "$2 => $1"
+
diff --git a/lib/libssl/src/util/ranlib.sh b/lib/libssl/src/util/ranlib.sh
deleted file mode 100644
index 543f712c6ba..00000000000
--- a/lib/libssl/src/util/ranlib.sh
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/bin/sh
-
-cwd=`pwd`
-cd /tmp
-
-if [ -s /bin/ranlib ] ; then 
-	RL=/bin/ranlib
-else if [ -s /usr/bin/ranlib ] ; then
-	RL=/usr/bin/ranlib
-fi
-fi
-
-if [ "x$RL" != "x" ]
-then
-	case "$1" in
-		/*)  
-		$RL "$1"
-		;;
-		*)
-		$RL "$cwd/$1"
-		;;
-	esac
-fi
diff --git a/lib/libssl/src/util/sep_lib.sh b/lib/libssl/src/util/sep_lib.sh
index 2348db874e7..34c2c9f8ba9 100644
--- a/lib/libssl/src/util/sep_lib.sh
+++ b/lib/libssl/src/util/sep_lib.sh
@@ -21,9 +21,6 @@ do
 	/bin/rm -f *.old
 	/bin/mv Makefile.uni Makefile
 
-	cp $cwd/util/ranlib.sh .
-	chmod +x ranlib.sh
-
 	if [ -d asm ]; then
 		mkdir asm/perlasm
 		cp $cwd/crypto/perlasm/*.pl asm/perlasm
diff --git a/lib/libssl/src/util/sp-diff.pl b/lib/libssl/src/util/sp-diff.pl
index 2c883368581..f81e50201b7 100644
--- a/lib/libssl/src/util/sp-diff.pl
+++ b/lib/libssl/src/util/sp-diff.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 #
 # This file takes as input, the files that have been output from
 # ssleay speed.
diff --git a/lib/libssl/src/util/src-dep.pl b/lib/libssl/src/util/src-dep.pl
index 91242f7bb6b..ad997e47468 100644
--- a/lib/libssl/src/util/src-dep.pl
+++ b/lib/libssl/src/util/src-dep.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 
 # we make up an array of
 # $file{function_name}=filename;
diff --git a/lib/libssl/src/util/ssldir.pl b/lib/libssl/src/util/ssldir.pl
deleted file mode 100644
index 10584686da5..00000000000
--- a/lib/libssl/src/util/ssldir.pl
+++ /dev/null
@@ -1,52 +0,0 @@
-#!/usr/bin/perl
-
-$#ARGV == 0 || die "usage: ssldir.pl /new/path\n";
-@files=('crypto/cryptlib.h',
-	'Makefile.ssl',
-	'tools/c_rehash',
-	'util/mk1mf.pl',
-	);
-
-%cryptlib=(
-	'\sX509_CERT_AREA\s',"#define X509_CERT_AREA\t\t".'"%s"',
-	'\sX509_CERT_DIR\s', "#define X509_CERT_DIR\t\t".'"%s/certs"',
-	'\sX509_CERT_FILE\s', "#define X509_CERT_FILE\t\t".'"%s/cert.pem"',
-	'\sX509_PRIVATE_DIR\s',"#define X509_PRIVATE_DIR\t".'"%s/private"',
-	);
-
-%Makefile_ssl=(
-	'^INSTALLTOP=','INSTALLTOP=%s',
-	);
-
-%c_rehash=(
-	'^DIR=',	'DIR=%s',
-	);
-
-%mk1mf=(
-	'^$INSTALLTOP=','$INSTALLTOP="%s";',
-	);
-
-&dofile("crypto/cryptlib.h",$ARGV[0],%cryptlib);
-&dofile("Makefile.ssl",$ARGV[0],%Makefile_ssl);
-&dofile("tools/c_rehash",$ARGV[0],%c_rehash);
-&dofile("util/mk1mf.pl",$ARGV[0],%mk1mf);
-
-sub dofile
-	{
-	($f,$p,%m)=@_;
-
-	open(IN,"<$f") || die "unable to open $f:$!\n";
-	@a=<IN>;
-	close(IN);
-	foreach $k (keys %m)
-		{
-		grep(/$k/ && ($_=sprintf($m{$k}."\n",$p)),@a);
-		}
-	($ff=$f) =~ s/\..*$//;
-	open(OUT,">$ff.new") || die "unable to open $f:$!\n";
-	print OUT @a;
-	close(OUT);
-	rename($f,"$ff.old") || die "unable to rename $f\n";
-	rename("$ff.new",$f) || die "unable to rename $ff.new\n";
-	}
-
diff --git a/lib/libssl/src/util/ssleay.num b/lib/libssl/src/util/ssleay.num
index 359fa15df1a..8121738bd67 100644
--- a/lib/libssl/src/util/ssleay.num
+++ b/lib/libssl/src/util/ssleay.num
@@ -154,3 +154,64 @@ TLSv1_server_method			171
 TLSv1_client_method			172
 BIO_new_buffer_ssl_connect		173
 BIO_new_ssl_connect			174
+SSL_get_ex_data_X509_STORE_CTX_idx	175
+SSL_CTX_set_tmp_dh_callback		176
+SSL_CTX_set_tmp_rsa_callback		177
+SSL_CTX_set_timeout                     178
+SSL_CTX_get_timeout                     179
+SSL_CTX_get_cert_store                  180
+SSL_CTX_set_cert_store                  181
+SSL_want                                182
+SSL_library_init                        183
+SSL_COMP_add_compression_method         184
+SSL_add_file_cert_subjects_to_stack     185
+SSL_set_tmp_rsa_callback                186
+SSL_set_tmp_dh_callback                 187
+SSL_add_dir_cert_subjects_to_stack      188
+SSL_set_session_id_context              189
+sk_SSL_CIPHER_new                       190
+sk_SSL_CIPHER_new_null                  191
+sk_SSL_CIPHER_free                      192
+sk_SSL_CIPHER_num                       193
+sk_SSL_CIPHER_value                     194
+sk_SSL_CIPHER_set                       195
+sk_SSL_CIPHER_zero                      196
+sk_SSL_CIPHER_push                      197
+sk_SSL_CIPHER_pop                       198
+sk_SSL_CIPHER_find                      199
+sk_SSL_CIPHER_delete                    200
+sk_SSL_CIPHER_delete_ptr                201
+sk_SSL_CIPHER_set_cmp_func              202
+sk_SSL_CIPHER_dup                       203
+sk_SSL_CIPHER_pop_free                  204
+sk_SSL_CIPHER_shift                     205
+sk_SSL_COMP_new                         206
+sk_SSL_COMP_new_null                    207
+sk_SSL_COMP_free                        208
+sk_SSL_COMP_num                         209
+sk_SSL_COMP_value                       210
+sk_SSL_COMP_set                         211
+sk_SSL_COMP_zero                        212
+sk_SSL_COMP_push                        213
+sk_SSL_COMP_pop                         214
+sk_SSL_COMP_find                        215
+sk_SSL_COMP_delete                      216
+sk_SSL_COMP_delete_ptr                  217
+sk_SSL_COMP_set_cmp_func                218
+sk_SSL_COMP_dup                         219
+sk_SSL_COMP_pop_free                    220
+sk_SSL_COMP_shift                       221
+SSL_CTX_use_certificate_chain_file      222
+sk_SSL_COMP_insert                      223
+sk_SSL_CIPHER_insert                    224
+SSL_CTX_set_verify_depth                225
+SSL_set_verify_depth                    226
+sk_SSL_CIPHER_unshift                   227
+SSL_CTX_get_verify_depth                228
+SSL_get_verify_depth                    229
+sk_SSL_COMP_unshift                     230
+SSL_CTX_set_session_id_context          231
+SSL_CTX_set_cert_verify_callback        232
+sk_SSL_COMP_sort                        233
+sk_SSL_CIPHER_sort                      234
+SSL_CTX_set_default_passwd_cb_userdata  235
diff --git a/lib/libssl/src/util/tab_num.pl b/lib/libssl/src/util/tab_num.pl
index 77b591d92fd..a81ed0edc24 100644
--- a/lib/libssl/src/util/tab_num.pl
+++ b/lib/libssl/src/util/tab_num.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/local/bin/perl
 
 $num=1;
 $width=40;
diff --git a/lib/libssl/src/util/up_ver.pl b/lib/libssl/src/util/up_ver.pl
deleted file mode 100644
index 32c086b2aa2..00000000000
--- a/lib/libssl/src/util/up_ver.pl
+++ /dev/null
@@ -1,79 +0,0 @@
-#!/usr/bin/perl
-#
-# Up the version numbers in the files.
-#
-
-@files=(
-	"crypto/crypto.h",
-	"crypto/des/ecb_enc.c",
-	"crypto/idea/i_ecb.c",
-	"crypto/lhash/lhash.c",
-	"crypto/conf/conf.c",
-	"crypto/md2/md2_dgst.c",
-	"crypto/md5/md5_dgst.c",
-	"crypto/ripemd/rmd_dgst.c",
-	"crypto/pem/pem_lib.c",
-	"crypto/bn/bn_lib.c",
-	"crypto/dh/dh_lib.c",
-	"crypto/rc2/rc2_ecb.c",
-	"crypto/rc4/rc4_skey.c",
-	"crypto/rc5/rc5_ecb.c",
-	"crypto/bf/bf_ecb.c",
-	"crypto/cast/c_ecb.c",
-	"crypto/rsa/rsa_lib.c",
-	"crypto/dsa/dsa_lib.c",
-	"crypto/sha/sha1dgst.c",
-	"crypto/sha/sha_dgst.c",
-	"crypto/asn1/asn1_lib.c",
-	"crypto/x509/x509_vfy.c",
-	"crypto/evp/evp_enc.c",
-	"crypto/rand/md_rand.c",
-	"crypto/stack/stack.c",
-	"crypto/txt_db/txt_db.c",
-	"crypto/cversion.c",
-	"ssl/ssl_lib.c",
-	"ssl/s2_lib.c",
-	"ssl/s3_lib.c",
-	"ssl/t1_lib.c",
-	"README",
-	);
-
-@month=('Jan','Feb','Mar','Apr','May','Jun',
-	'Jul','Aug','Sep','Oct','Nov','Dec');
-@a=localtime(time());
-$time=sprintf("%02d-%s-%04d",$a[3],$month[$a[4]],$a[5]+1900);
-
-$ver=$ARGV[0];
-($ver ne "") || die "no version number specified\n";
-($a,$b,$c,$d)=unpack('axaxac',$ver);
-$d=defined($d)?$d-96:0;
-$xver=sprintf("%x%x%x%x",$a,$b,$c,$d);
-
-foreach $file (@files)
-	{
-	open(IN,"<$file") || die "unable to open $file:$!\n";
-	open(OUT,">$file.new") || die "unable to open $file.new:$!\n";
-	$found=0;
-
-	print STDERR "$file:";
-
-	while (<IN>)
-		{
-		if ((s/SSLeay \d\.\d.\d[^"]*(\"|\s)/SSLeay $ver $time\1/) ||
-			s/^(\#define\s+SSLEAY_VERSION_NUMBER\s+0x)[0-9a-zA-Z]+(.*)$/$1$xver$2/)
-			{
-			print STDERR " Done";
-			$found++;
-			print OUT;
-			while (<IN>) { print OUT; }
-			last;
-			}
-		print OUT;
-		}
-	print STDERR "\n";
-	close(IN);
-	close(OUT);
-	(!$found) && die "unable to update the version number in $file\n";
-	rename($file,"$file.old") || die "unable to rename $file:$!\n";
-	rename("$file.new",$file) || die "unable to rename $file.new:$!\n";
-	}
diff --git a/lib/libssl/src/util/x86asm.sh b/lib/libssl/src/util/x86asm.sh
index 81d32898606..d2090a98493 100644
--- a/lib/libssl/src/util/x86asm.sh
+++ b/lib/libssl/src/util/x86asm.sh
@@ -2,8 +2,8 @@
 
 echo Generating x86 assember
 echo Bignum
-(cd crypto/bn/asm; perl bn-586.pl cpp > bn86unix.cpp)
-(cd crypto/bn/asm; perl bn-586.pl win32 > bn-win32.asm)
+(cd crypto/bn/asm; perl x86.pl cpp > bn86unix.cpp)
+(cd crypto/bn/asm; perl x86.pl win32 > bn-win32.asm)
 
 echo DES
 (cd crypto/des/asm; perl des-586.pl cpp > dx86unix.cpp)